| blob | 2135966ea615887a6f8fd0acbe536b4219fe5f2b |
1 tails (6.1) UNRELEASED; urgency=medium
3 * Dummy entry for next release.
5 -- anonym <anonym@riseup.net> Tue, 27 Feb 2024 16:58:21 +0100
7 tails (6.0) unstable; urgency=medium
9 * Disable Tracker (tails/tails!1423)
11 Closes issues:
12 - tracker-extract-3.service often fails to connect to filesystem miner (tails/tails#20220)
14 Commits:
15 - Disable the tracker services for all users
16 - Be consistent with how we mask systemd services
17 - Disable Tracker
19 * Upgrade Tor Browser to 13.0.10 (tails/tails!1418)
21 Closes issues:
22 - Upgrade to Tor Browser 13.0.10 based on ESR 115.8 (tails/tails#20210)
24 Commits:
25 - Fetch Tor Browser from our own archive
26 - Upgrade Tor Browser to 13.0.10
28 * Tails Cloner: don't attempt to unmount the target device twice
29 (tails/tails!1359)
31 Closes issues:
32 - tails-installer fails to install to already mounted devices (tails/tails#20139)
34 Commits:
35 - Tails Cloner: don't attempt to unmount the target device twice (refs:
36 tails/tails#20139)
38 * Install python3-pyqt5 to fix Electrum not starting (tails/tails!1357)
40 Closes issues:
41 - Electrum does not start in Tails 6.0 (tails/tails#20079)
43 Commits:
44 - Install python3-pyqt5 to fix Electrum not starting
46 * Test suite: Wait for notifications to disappear (tails/tails!1420)
48 Closes issues:
49 - Scenario "Persistent browser bookmarks" is fragile (tails/tails#20218)
51 Commits:
52 - Test suite: Wait for notifications to disappear
54 * Update call for testing template (tails/tails!1378)
56 Closes issues:
57 - Call for testing template is outdated (tails/tails#18909)
59 Commits:
60 - Update call for testing template
62 * tps: Handle psutil.NoSuchProcess exception (tails/tails!1421)
64 Closes issues:
65 - Check for conflicting apps breaks activating Persistent Storage feature (tails/tails#19434)
67 Commits:
68 - Fix Ruff UP035
69 - Fix Ruff UP004
70 - tps: Handle psutil.NoSuchProcess exception
72 * Make QT applications use the default GTK cursor size (tails/tails!1416)
74 Closes issues:
75 - Qt applications do not respect cursor size (tails/tails#20206)
77 Commits:
78 - Add shell directive to make shellcheck happy
79 - Fix Ruff PLW1510
80 - Fix Ruff RUF005
81 - Suppress Ruff S311
82 - Fix Ruff S607
83 - onionshare: Don't set QT_QPA_PLATFORM
84 - Make QT apps shipped in Tails use cursor size configured in GNOME
85 - Make QT applications use the default GTK cursor size
87 * Remove desktop icons (tails/tails!1415)
89 Closes issues:
90 - No spinner over desktop when starting an app (tails/tails#19920)
92 Commits:
93 - Test suite: remove obsolete code
94 - Drop handling of desktop icons
95 - Re-add Files to Favorites
96 - Drop the "Desktop Icons NG" GNOME Shell extension
97 - Test suite: remove unused images
98 - Test suite: remove unused images
100 * Fix Tails Installer (tails/tails!1414)
102 Closes issues:
103 - tails-installer fails to start (tails/tails#20207)
105 Commits:
106 - Fix Tails Installer
108 * re-introduce GDM error messages before Welcome Screen, and add Disk Failure
109 error message too (tails/tails!1412)
111 Closes issues:
112 - SquashFS errors during boot lead to false-positives on graphics card error reports (tails/tails#16030)
114 Commits:
115 - Test suite: order scenarios in chronological time of failure
116 - Test suite: split out unsupported hardware test from hardware failure feature
117 - Test suite: express goal in feature summary
118 - Test suite: be more specific
119 - Test suite: remove duplicate word
120 - Test suite: remove duplicate method definition
121 - Fix typos and links, make example more specific
122 - Test suite: make capitalization consistent
123 - Test suite: make spelling of "graphics card" consistent with user facing
124 strings and documentation
125 - rubocop --autocorrect
126 - fix automated test
127 - fix test picture
128 - Revert "delay error message reporting to desktop session"
129 - fix typo
130 - add picture for regression test
131 - retain plymouth's splash
132 - clarify the kind of error
133 - fix automated test
134 - fix typo
135 - Add test for a broken graphic card.
136 - Enable test about disk read failures before reaching the Welcome Screen again.
138 * Test suite: Enter path via Dogtail (tails/tails!1409)
140 Commits:
141 - Revert "VeraCrypt test suite (file container): robustness improvement (refs:
142 #14471, #15239)."
143 - Test suite: Add link to GTK issue
144 - Test suite: Enter path via Dogtail
146 * tails-iuk-generate-upgrade-description-files: only warn about missing
147 --previous_version (tails/tails!1408)
149 Closes issues:
150 - tails-iuk-generate-upgrade-description-files fails without any --previous_version (tails/tails#20197)
152 Commits:
153 - tails-iuk-generate-upgrade-description-files: only warn about missing
154 --previous_version
156 * Additional Software notify: Fix error exit code if no buttons specified
157 (tails/tails!1407)
159 Closes issues:
160 - Step 'I can open the Additional Software log file from the notification' is still fragile (tails/tails#20196)
162 Commits:
163 - Fix Ruff S607
164 - Fix Ruff UP004
165 - Additional Software: Fix error exit code if no buttons specified
166 - Additional Software: Log the error exit code
168 * Test suite: Fix flaky step 'And I can save the current page as "index.html" to
169 the <dir> GNOME bookmark' (tails/tails!1405)
171 Closes issues:
172 - "Scenario Outline: The default XDG directories are usable in Tor Browser" is fragile (tails/tails#20159)
174 Commits:
175 - Test suite: Fix flaky step 'And I can save the current page as "index.html" to
176 the <dir> GNOME bookmark'
178 * Don't install Bullseye backport of cryptsetup-bin in Bookworm images
179 (tails/tails!1404)
181 Closes issues:
182 - Bookworm images incorrectly include cryptsetup-bin package built for Bullseye (tails/tails#20193)
184 Commits:
185 - Revert "Temporarily pin our cryptsetup 2:2.6.1-4~deb11u1~tails1 backport"
187 * Make failure to add entry to cache fatal again, and provide guidance
188 (tails/tails!1403)
190 Closes issues:
191 - website-cache gc not good enough on jenkins (tails/tails#20150)
193 Commits:
194 - Improve phrasing
195 - Abort on failure to add website cache entry and provide guidance
196 - Make indentation consistent
197 - Log website cache inodes usage
199 * Upgrade to Bookworm 12.5 (tails/tails!1402)
201 Closes issues:
202 - Upgrade to Bookworm 12.5 (tails/tails#20153)
204 Commits:
205 - Upgrade to Bookworm 12.5
207 * Test suite: lower needed pattern coverage after filling the memory
208 (tails/tails!1401)
210 Closes issues:
211 - "Scenario Tails erases memory on DVD boot medium removal: vfat" very frequently fails (tails/tails#20156)
213 Commits:
214 - Test suite: lower needed pattern coverage after filling the memory
216 * Firewall: allow the amnesia user to connect to any local TCP port that's not
217 explicitly blocked (tails/tails!1400)
219 Closes issues:
220 - Audacity is slow to start in 6.0~rc1 due to incompatible plugins (tails/tails#20185)
222 Commits:
223 - Firewall: allow the amnesia user to connect to any local port that's not
224 explicitly blocked
225 - Drop some more "white-list"
226 - blacklist → blocklist
227 - whitelist → allowlist
229 * Fix dump-user-env (tails/tails!1399)
231 Commits:
232 - make code more understandable
233 - Fix dump-user-env
235 * Welcome Screen: Support unlock kernel parameter (tails/tails!1398)
237 Commits:
238 - Document unlock kernel parameter
239 - Fix Ruff UP004
240 - Suppress Ruff E402
241 - Fix Ruff EXE001
242 - Welcome Screen: Support unlock kernel parameter
244 * Welcome Screen: Disable check-alive feature (tails/tails!1397)
246 Closes issues:
247 - Disable "Window not responding" dialog in Welcome Screen (tails/tails#20190)
249 Commits:
250 - Welcome Screen: Disable check-alive feature
252 * Mention full file name in Step 5.2 of the installation doc (tails/tails!1395)
254 Closes issues:
255 - Mention full file name is Step 5.2 of installation instructions
256 (tails/tails#19180)
258 Commits:
259 - Simplify
260 - Mention full file name in Step 5.2
261 - Add snippets for current version
262 - Generate snippets for image file name
264 * Fix displaying notification of Additional Software installation failure
265 (tails/tails!1394)
267 Closes issues:
268 - Additional Software installation failure notification is not displayed (most of the time?) on Bookworm (tails/tails#20170)
270 Commits:
271 - 2 is an error exit code
272 - Fix displaying notification of Additional Software installation failure
274 * Re-install gstreamer1.0-plugins-bad (tails/tails!1393)
276 Closes issues:
277 - 6.0~rc1 does not include gstreamer1.0-plugins-bad (tails/tails#20178)
279 Commits:
280 - Remove obsolete and incomplete explanation
281 - Re-install gstreamer1.0-plugins-bad
283 * Prioritize Persistent Storage app in GNOME Shell search (tails/tails!1392)
285 Closes issues:
286 - Searching for "Persistent Storage" in the gnome-shell overview should show the Persistent Storage app before the backup app (tails/tails#20182)
288 Commits:
289 - Prioritze Persistent Storage app in GNOME Shell search
291 * tps-frontend: Fix race condition in handling of conflicting applications
292 (tails/tails!1391)
294 Closes issues:
295 - tps-frontend: Race condition in handling of conflicting applications (tails/tails#20164)
297 Commits:
298 - tps-frontend: Fix race
300 * Do not auto-mount TailsData partitions (tails/tails!1390)
302 Closes issues:
303 - The backup tool is interfered by GNOME's own passphrase prompt (tails/tails#20143)
305 Commits:
306 - Test suite: adapt scenarios to GNOME not auto-mounting TailsData partitions any
307 longer
308 - Do not auto-mount TailsData partitions
310 * Silence some error messages in the journal (tails/tails!1388)
312 Closes issues:
313 - Journal shows problem with gnome keyboard configuration (tails/tails#20172)
315 Commits:
316 - Silence error message
317 - Disable gnome-power-manager live-config hook
319 * decrease usage of short git commit IDs (tails/tails!1386)
321 Closes issues:
322 - Tails 6.0~rc1 not reproducible due to different lengths Git short commit ids (tails/tails#20165)
324 Commits:
325 - remove references to short ids
326 - minimum length for short id
328 * Enable Electrum's Jade Blockstream wallet support (tails/tails!1385)
330 Closes issues:
331 - Electrum does not support hardware wallet Jade Blockstream in Tails 6.0 (tails/tails#20137)
333 Commits:
334 - Enable Electrum's Jade Blockstream wallet support
336 * Reliably handle issuing shutdown command via remote shell (tails/tails!1384)
338 Closes issues:
339 - Reliably handle issuing shutdown command via remote shell (tails/tails#20160)
341 Commits:
342 - rubocop --autocorrect
343 - Test suite: let's be explicit that execute_successfully() + spawn doesn't mix
344 - Test suite: just use spawn() instead of execute(..., spawn: true)
345 - Test suite: fix instance where execute_successfully and spawn don't mix
346 - Test suite, remote shell: stop with the server ACK when spawning commands
348 * Lock the GNOME location services switch (tails/tails!1382)
350 Closes issues:
351 - Lock the GNOME location services switch (tails/tails#20071)
353 Commits:
354 - lock keyfile
355 - Update 00_Tails_defaults
357 * Use consistent capitalization of "Persistent Storage" (tails/tails!1380)
359 Commits:
360 - Ruff fix UP035
361 - Fix Ruff S607
362 - Fix Ruff UP032
363 - Fix Ruff ISC001
364 - Fix Ruff F841
365 - Fix Ruff B008
366 - Fix Ruff UP032
367 - Fix Ruff PLW1510
368 - Fix Ruff S607
369 - Fix Ruff ISC001
370 - Fix Ruff RUF015
371 - Remove unused imports
372 - Fix Ruff UP009
373 - Use consistent capitalization of "Persistent Storage"
375 * Build system: log the size of the Website cache entry we are about to add
376 (tails/tails!1379)
378 Commits:
379 - Fix the problem raised by shellcheck instead of silencing it
380 - Appease shellcheck
381 - Build system: log the size of the Website cache entry we are about to add
382 (refs: tails/tails#20150)
384 * Log website cache filesystem usage at relevant times (tails/tails!1376)
386 Commits:
387 - Log website cache filesystem usage at relevant times
389 * Install bullseye's onionshare 2.2 in Tails Bookworm (tails/tails!1375)
391 Closes issues:
392 - OnionShare stays open in the background and fails to reopen (tails/tails#20135)
394 Commits:
395 - Update pinning
396 - APT: add Bullseye -security and -updates sources (refs: tails/tails#20135)
397 - Do everything needed to install OnionShare 2.2 forward-ported from bullseye
398 (refs: tails/tails#20135)
400 * RM doc updates post-5.22 (tails/tails!1374)
402 Commits:
403 - use variable
404 - clarify expected result
405 - clarify: when the next major is in the next series
407 * UsePrivilegeSeparation is deprecated (tails/tails!1373)
409 Commits:
410 - UsePrivilegeSeparation is deprecated
412 * Fix failure when running multiple asp-post-apt hooks in parallel
413 (tails/tails!1371)
415 Closes issues:
416 - ASP: asp-post-apt hook fails if previous invocation is still running (tails/tails#20147)
418 Commits:
419 - Silence systemd-run in asp-post-apt hook
420 - Fix check for installed/removed packages
421 - Update Additional Software design doc
422 - Fix Additional Software design doc
423 - Additional Software: Ensure packages are only handled once
424 - Additional Software: Use lock file to avoid race conditions
425 - Avoid asp-post-apt hooks running forever in some cases
426 - Fix failure when running multiple asp-post-apt hooks in parallel
428 * Fix spawn_tps_frontend (tails/tails!1368)
430 Closes issues:
431 - tps-frontend disappears while setting up Persistent Storage for Additional Software (tails/tails#20141)
433 Commits:
434 - Fix inter-process communication based on non-zero exit codes
435 - Revert "Avoid asp-post-apt hooks running forever in some cases"
436 - Revert "Fix failure when running multiple asp-post-apt hooks in parallel"
437 - Sync' both Ruff configurations
438 - Sort
439 - Use long option name
440 - Use subprocess.check_call with gtk-launch instead of subprocess.Popen
441 - Additional Software: Fix app hanging if Persistent Storage is not created
442 - Use subprocess.check_call instead of subprocess.Popen
443 - Avoid asp-post-apt hooks running forever in some cases
444 - Reduce memory used by asp-post-apt hook
445 - Fix failure when running multiple asp-post-apt hooks in parallel
446 - Set SyslogIdentifier with systemd-run
447 - Ignore Ruff S603
448 - Fix Ruff PLW1510
449 - Run ruff --fix on modified files
450 - Fix spawn_tps_frontend
451 - Don't use stderr=subprocess.PIPE with subprocess.Popen
453 * Fix broken tests for feature/bookworm (tails/tails!1367)
455 Closes issues:
456 - Adjust Bookworm test suite to !1166 (tails/tails#19738)
458 Commits:
459 - Test suite: fixup incorrect suggestion that was applied
460 - Test suite: wait for GNOME authentication dialog to disappear
461 - Test suite: fix comment
462 - Test suite: use grabFocus() instead of worse code
463 - Test suite: refactor
464 - Appease RuboCop
465 - Test suite: deal with GNOME authentication prompt getting in the way
466 - Test suite: fix Nautilus vs our showingOnly default (refs: tails/tails#19738)
467 - Test suite: bump image for Bookworm
468 - Test suite: deal with GNOME authentication prompt getting in the way
469 - Test suite: improve step name
470 - Test suite: don't reinvent the wheel
471 - Test suite: don't use hardcoded passphrase
472 - Test suite: adapt a bunch of steps to GNOME auto-mounting removable media
473 (refs: tails/tails#15900)
474 - Test suite: add a handy mountpoint() method
475 - Test suite: support multiple mountpoints in parse_udisksctl_info()
476 - Test suite: use different method when filling storage devices until they are
477 full
478 - Test suite: be more precise when determining available space in mountpoint
480 * Remove friction to report errors (tails/tails!1363)
482 Closes issues:
483 - Remove friction to write to our support channels (tails/tails#19102)
485 Commits:
486 - Remove obsolete call to chmod that causes FTBFS
487 - Remove deleted file from l10n setup and .gitignore
488 - Use install(1) instead of cp + chmod
489 - De-duplicate tails-documentation.desktop.in
490 - Update 2 more references to renamed bug reporting page
491 - Add "set -u" flag
492 - Core pages: adjust to renamed page
493 - Stop ignoring deleted file
494 - Test suite: move scenario to more appropriate feature
495 - Test suite: improve scenario name
496 - Test suite: adapt scenario to #19102
497 - Test suite: split out and fix "open the Report an Error launcher" step
498 - Test suite: drop obsolete test
499 - Test suite: generalize step name
500 - Rename page
501 - Point directly to WhisperBack from the desktop (#19102)
502 - Shorten
503 - Rewrite instructions to send error reports
504 - Fix links
505 - Remove section about "Tails does not start"
507 * Fix Ruff policy violations in files modified on feature/bookworm, take 2
508 (tails/tails!1362)
510 Closes issues:
511 - Fix Ruff & Rubocop policy violations in files modified on feature/bookworm (tails/tails#20124)
513 Commits:
514 - Fix typo
515 - Lint
516 - Reformat with Black
517 - Trust our callers to not pass us untrusted input
518 - Accept manual handling of subprocess.run result
519 - Make check more generic
520 - Fix Ruff PLW2901
521 - Automatically fix Ruff UP031
522 - Automatically fix Ruff UP022
523 - Automatically fix Ruff PIE790
525 * Fix Ruff & Rubocop policy violations in files modified on feature/bookworm
526 (tails/tails!1360)
528 Closes issues:
529 - Fix Ruff & Rubocop policy violations in files modified on feature/bookworm (tails/tails#20124)
531 Commits:
532 - rubocop --autocorrect
533 - Silence Ruff false positive
534 - Silence Ruff false positive
535 - Remove dead code
536 - Automatically fix UP032 "Use f-string instead of `format` call"
537 - Automatically fix UP024 "Replace aliased errors with `OSError`"
539 * Use the Tails logo as the user icon (tails/tails!1358)
541 Closes issues:
542 - Add a user icon (tails/tails#20078)
544 Commits:
545 - Use our logo as the user icon
547 * Replace Gedit with GNOME Text Editor (tails/tails!1355)
549 Closes issues:
550 - Migrate from gedit to gnome-text-editor (tails/tails#19651)
552 Commits:
553 - Test suite: adapt to the migration from Gedit to GNOME Text editor
554 - Test suite: update example in comment
555 - Replace Gedit with GNOME Text Editor
557 * remove "custom" keyboard layout from greeter (tails/tails!1354)
559 Closes issues:
560 - Remove "A user-defined custom Layout" option as keyboard layout (tails/tails#20109)
562 Commits:
563 - Reformat with Black
564 - Fix Ruff E741
565 - Fix Ruff B904
566 - Ignore false positive
567 - remove "custom" keyboard layout from greeter
569 * Add full commit ID to /etc/os-release (tails/tails!1352)
571 Commits:
572 - Add full commit ID to /etc/os-release
574 * Add diceware word lists Catalan, Italian, and Spanish (tails/tails!1340)
576 Closes issues:
577 - Have diceware word lists for each of our tier-1 languages (tails/tails#20014)
579 Commits:
580 - Reformat with Black
581 - Add diceware word lists Catalan, Italian, and Spanish
583 * Detect SquashFS errors and alert the user about them (tails/tails!1334)
585 Closes issues:
586 - SquashFS errors during boot lead to false-positives on graphics card error reports (tails/tails#16030)
588 Commits:
589 - delay error message reporting to desktop session
590 - Update picture for Bookworm
591 - comment: how to test
592 - clarify which comment applies to what
593 - Add test for opening the documentation.
594 - Update reference image for Tails 6.0
595 - shellcheck-suggested fix
596 - Revert "Enable debug for gdm-wayland-session.tails"
597 - improve wording
598 - Revert "make shellcheck happy"
599 - fix quotes
600 - Improve journal reader
601 - Point to /ioerror that gives more context
602 - Draft /ioerror (#5856)
603 - Improve grammar
604 - Explain how to browse files as root
605 - Reference fsck instructions
606 - Rephrase
607 - Rescue → rename
608 - Use buttons in user error message.
609 - send ready signal after the file exists.
610 - review by boyska
611 - refresh translations
612 - make URL non-translatable
613 - make shellcheck happy
614 - fix typo
615 - add documentation about signal READY hack.
616 - Use wait_for_remote_shell in hardware_failure test.
617 - Use propper English in test suite.
618 - Add signal_ready cmd_type to remote shell
619 - Make it a systemd-notify daemon
620 - Split error message for small screens like our test suite.
621 - make detect-squashfs-errors.service start before gdm.
622 - fix typo
623 - Enable debug for gdm-wayland-session.tails
624 - try to fix test of eraly hardware failure message.
625 - Use other base image to test plymouth error message.
626 - make rubocop happy.
627 - Add test for plymouth Disk error message.
628 - fix typos.
629 - Add reference image.
630 - Make tails-report-squashfs-errors to work with Tails 5.X.
631 - Enable user unit.
632 - fix typos and make rubocop happy.
633 - Add features to test hardware failure.
634 - Add logic to read the user action.
635 - Add buttons to error message.
636 - Update notify-send message to sajolida's suggestion
637 - Update path for squashfs failures.
638 - Update error message to sajolida's suggestion.
639 - Add comments on tails-detect-squashfs-errors.
640 - also process old entries
641 - refactoring
642 - Simple UI to report errors when they happen
643 - Move to places where others files live too ;)
644 - Use /squashfs_failed as /run cannot be set via initramfs/early_patch.
645 - Use accepted return code.
646 - Do not start GDM, if we detect SQUASHFS errors.
647 - Add deamon to detect squashfs errors.
649 * Upgrade Vagrant basebox to Debian Bookworm (tails/tails!1323)
651 Closes issues:
652 - Upgrade Vagrant basebox to Bookworm (tails/tails#19562)
654 Commits:
655 - Build system: install po4a 0.62-1 from bullseye
656 - Build system: enable bookworm-{backports,updates}
657 - Build system: bump APT snapshots to ones containing
658 bookworm-{backports,updates}
659 - Build system: bump RAM to avoid OOM during mksquashfs (refs: tails/tails#20085)
660 - Build system: drop -backports and -updates APT sources from builder
661 - Build system: bump APT snapshots while migrating to Bookworm
662 - Build system: upgrade builder basebox to Debian Bookworm (refs:
663 tails/tails#19562)
665 * Fix Tails Cloner: Reset start button, link and labels when last drive removes
666 (#20069) (tails/tails!1313)
668 Closes issues:
669 - When the last drive is removed and it was a Tails USB the labels and buttons
670 should reset to the Install condition (tails/tails#20069)
672 Commits:
673 - don't return early if drive is None in `on_target_partitions_changed()`
675 * Improve Tails Cloner info bar and delete message text (tails/tails!1309)
677 Commits:
678 - Comply with style guide: Capitalize Persistent Storage in delete message text
679 - Remove 'or SD card' from infobar as SD cards are deprecated.
680 - Apply black formatting to "Plug in a USB stick" Update gui.py
681 - Comply with style guide: 'USB flash drive' to 'USB stick'
682 - Remove infobar text's 'Please' to comply with style guide
683 - Fix infobar text typo 'Plug' instead of 'Plug in' used elsewhere
685 * Add run-nosymfollow.mount (tails/tails!1247)
687 Closes issues:
688 - Create run-nosymfollow.mount (tails/tails#19487)
690 Commits:
691 - tps test suite: set up the nosymfollow mount like we now do in production
692 - Fix Ruff B007
693 - Fix Ruff A001
694 - Fix Ruff RUF005
695 - Fix Ruff RUF010
696 - Fix Ruff UP031
697 - Suppress Ruff B904
698 - Fix Ruff UP004
699 - Fix Ruff UP035
700 - Suppress Ruff T100
701 - Fix Ruff UP004
702 - Suppress Ruff PLW0603
703 - Fix Ruff S607
704 - Fix Ruff PLW1510
705 - Suppress Ruff E402
706 - tps test suite: update comment
707 - Add run-nosymfollow.mount
709 * Harden NetworkManager.service (tails/tails!1246)
711 Closes issues:
712 - Consider using systemd's security features in NetworkManager service files
713 (tails/tails#8608)
715 Commits:
716 - Restore read-write access to all kernel variables
717 - SystemCallError should be SystemCallErrorNumber
718 - Remove PrivateIPC (RemoveIPC is correct name)
719 - Harden NetworkManager.service
721 * Improve the tails-about dialog to easier identify nightly build
722 (tails/tails!1225)
724 Closes issues:
725 - Make it easier to identify which nightly build is running (tails/tails#17543)
727 Commits:
728 - tails-about: remove unused import
729 - tails-about: remove "Tails developers" noise to match design
730 - tails-about: fix grammar to match design
731 - fix indention to please rubocop.
732 - VERSION is not only a number.
733 - Use regex to get infos out of os-release.
734 - Unreleased versions don't have a release date.
735 - rename misleading functionname.
736 - Add reference image for Update to 6.3~testoverlayfs
737 - remove unsused entries in auto/config
738 - Add reference image for upgrade to 6.2~testoverlayfs.
739 - Test suite: make test file name & content match the version
740 - Fix version determine in os-release.
741 - Bump test iuk version as we now use os-release to get the Tails version.
742 - get_release_Date is a function.
743 - Revert changes on config/binary_rootfs/squashfs.sort
744 - Remove last occurence of /etc/amnesia/version
745 - make shellcheck happy.
746 - read TAILS_SOURCE_DATE_EPOCH from os-release to set minimum date.
747 - try to fix automatic_update test
748 - fix typo.
749 - Use built-in plattform.freedesktop_os_release to parse os_release.
750 - Next attempt to fix test suite.
751 - fix autotest suite.
752 - import needed Dict from typing.
753 - make tests to use os-release.
754 - fix wrong syntax in shell.
755 - Add deprecation waring to tails-version.
756 - Get rid of /etc/amnesia/version
757 - Improve the tails-about dialog to easier identify nighly build.
759 * Release process adapt for major version bumps (tails/tails!1192)
761 Closes issues:
762 - Clarify PREVIOUS_STABLE_VERSION when switching to new debian series
763 (tails/tails#18960)
765 Commits:
766 - Release process: migrate calculation to rm-config so we can automate some steps
767 - Release process: fix grammar now that there can be multiple test IUKs (refs:
768 18960)
769 - Automate
770 - Release process, QA: deal with which versions to test Incremental Upgrades from
771 (refs: #18960)
772 - Verify that the test UDFs we generate are correct before publishing.
773 - Release process: publish test UDFs for both previous stable version and (if
774 any) the last alpha/beta/RC when releasing a major version
776 * Simplify TCA start procedure (tails/tails!1175)
778 Closes issues:
779 - Simplify TCA start procedure (tails/tails#19720)
781 Commits:
782 - Fix comment
783 - Fix comment
784 - Improve usage message
785 - Move closefrom_override to separate file
786 - Fix Ruff RUF005
787 - Fix Ruff B904
788 - Fix Ruff E741
789 - Fix Ruff B006
790 - Fix Ruff UP031
791 - Fix Ruff UP035
792 - Fix Ruff EXE001
793 - Fix Ruff UP035
794 - Fix Ruff RUF005
795 - Fix Ruff UP035
796 - Fix Ruff PLW1510
797 - Fix Ruff EXE001
798 - Ignore Ruff S606
799 - Update PO files.
800 - Update comments
801 - netnsdrop: Remove unused argument env_file
802 - Rename connect-socket -> inherit-fd
803 - tca: Inline run-tca-in-netns in tca
804 - tca: Check Persistent Storage status in application.py
805 - Inline more wrapper scripts
806 - Rename run_in_netns -> run_in_netns_as_amnesia
807 - userenv: Allow passing TOR_BROWSER_SKIP_OFFLINE_WARNING
808 - tca: Close all file descriptors except for the ones we want to keep open
809 - Remove unnecessary env_keep statements from sudoers files
810 - userenv: Allow passing NOTIFY_SOCKET environment variable
811 - tca: Pass environment to child via a file
813 * systemd: Use both name and description in user unit status messages (Bookworm)
814 (tails/tails!1163)
816 Commits:
817 - systemd: Use both name and description in user unit status messages
819 * Upgrade to Debian 12 (Bookworm) (tails/tails!1119)
821 Closes issues:
822 - Tails 6.0 based on Debian 12 (Bookworm) (tails/tails#19477)
824 Commits:
825 - Fix inter-process communication based on non-zero exit codes
826 - Revert "Avoid asp-post-apt hooks running forever in some cases"
827 - Test suite: fixup incorrect suggestion that was applied
828 - Test suite: wait for GNOME authentication dialog to disappear
829 - Test suite: fix comment
830 - Revert "Fix failure when running multiple asp-post-apt hooks in parallel"
831 - Sync' both Ruff configurations
832 - Sort
833 - Use long option name
834 - Use subprocess.check_call with gtk-launch instead of subprocess.Popen
835 - Additional Software: Fix app hanging if Persistent Storage is not created
836 - Use subprocess.check_call instead of subprocess.Popen
837 - Avoid asp-post-apt hooks running forever in some cases
838 - Reduce memory used by asp-post-apt hook
839 - Fix failure when running multiple asp-post-apt hooks in parallel
840 - Set SyslogIdentifier with systemd-run
841 - Ignore Ruff S603
842 - Fix Ruff PLW1510
843 - Run ruff --fix on modified files
844 - Fix spawn_tps_frontend
845 - Don't use stderr=subprocess.PIPE with subprocess.Popen
846 - Test suite: use grabFocus() instead of worse code
847 - Test suite: refactor
848 - Appease RuboCop
849 - Test suite: deal with GNOME authentication prompt getting in the way
850 - Fix typo
851 - Test suite: fix Nautilus vs our showingOnly default (refs: tails/tails#19738)
852 - Test suite: bump image for Bookworm
853 - Test suite: deal with GNOME authentication prompt getting in the way
854 - Test suite: improve step name
855 - Reformat with Black
856 - Fix Ruff E741
857 - Fix Ruff B904
858 - Ignore false positive
859 - remove "custom" keyboard layout from greeter
860 - Lint
861 - Test suite: don't reinvent the wheel
862 - Test suite: don't use hardcoded passphrase
863 - Update to Bookworm
864 - Use our logo as the user icon
865 - Stop avertizing share.riseup.net
866 - Use consistent terminology and title capitalization
867 - Improve style of nested blocks
868 - Apply style guide
869 - Shorten anchors
870 - Use consistent terminology
871 - Explain better what is the Super key
872 - Document known issues
873 - Remove not-so-useful link
874 - Improve phrase and style guide
875 - Don't use 'your' when talking about public computers, mostly
876 - Replace encryption_and_privacy/virtual_keyboard by a note
877 - Add anchors
878 - Test suite: adapt a bunch of steps to GNOME auto-mounting removable media
879 (refs: tails/tails#15900)
880 - Test suite: add a handy mountpoint() method
881 - Test suite: support multiple mountpoints in parse_udisksctl_info()
882 - Test suite: use different method when filling storage devices until they are
883 full
884 - Reformat with Black
885 - Trust our callers to not pass us untrusted input
886 - Accept manual handling of subprocess.run result
887 - Make check more generic
888 - Fix Ruff PLW2901
889 - Automatically fix Ruff UP031
890 - Automatically fix Ruff UP022
891 - Automatically fix Ruff PIE790
892 - fix icon name
893 - fix typo
894 - remove duplicate word
895 - Remove useless if statement
896 - Test suite: be more precise when determining available space in mountpoint
897 - Test suite: adapt to the migration from Gedit to GNOME Text editor
898 - Test suite: update example in comment
899 - Replace Gedit with GNOME Text Editor
900 - rubocop --autocorrect
901 - Silence Ruff false positive
902 - Silence Ruff false positive
903 - Remove dead code
904 - Automatically fix UP032 "Use f-string instead of `format` call"
905 - Automatically fix UP024 "Replace aliased errors with `OSError`"
906 - Tails Cloner: don't attempt to unmount the target device twice (refs:
907 tails/tails#20139)
908 - Test suite: fix scenario where Nautilus misbehaves with our showingOnly default
909 (refs: tails/tails#19738)
910 - Gmail in Tails is easier now!
911 - Apply style guide
912 - Update to Bookworm
913 - Capitalize 'Lock Screen'
914 - Install python3-pyqt5 to fix Electrum not starting
915 - Test suite: bump image
916 - Install pipewire-media-session to repair GNOME's screen recording capability
917 (refs: tails/tails#19441)
918 - Simplify
919 - Mention OnionShare in faq#onion-service
920 - Update to OnionShare 2.6
921 - Cover the case when screeshots are too big
922 - Add full commit ID to /etc/os-release
923 - Document Dark Theme and Night Light modes
924 - Fix capitalization
925 - Update to #15900 and #15767
926 - Document the fix for the no-overview GNOME Shell extension
927 - Update icons
928 - Remove unused icon
929 - Update screenshots
930 - Fix icon reference
931 - Add CSS for Windows commands
932 - Add missing screenshot
933 - Update to 6.0
934 - Refresh
935 - Refresh and apply style guide
936 - Improve indentation
937 - Refresh and apply style guide
938 - Remove only h1
939 - Stop bothering people with Windows XP
940 - Help with platform compatibility
941 - Update to Bookworm and apply style guide
942 - Apply style guide
943 - Restructure summary and details
944 - APT: disable warning about the non-free/non-free-firmware split
945 - Remove duplicate bookworm-security source
946 - Fix incompatibility with no-overview and window-list GNOME shell extensions
947 - GNOME shell: add and enable no-overview extension version 13 (refs:
948 tails/tails#19656)
949 - Bookworm: don't install gnome-screenshot any more (refs: tails/tails#20116)
950 - Reformat with Black
951 - Add diceware word lists Catalan, Italian, and Spanish
952 - Allow images to overflow paragraphs
953 - Improve instructions for screenshots
954 - Update to the version of Disks in Bookworm
955 - Update all symbolic icons
956 - Update path to 'Show Hidden Files'
957 - Update to the removal of GtkHash (#20114)
958 - Update to the removal of the Files browser integration of mat2
959 - Update screenshot
960 - Update to Tails 6.0
961 - Update features apps and rewrite as flex
962 - Use title capitalization
963 - Update screenshot
964 - Add missing screenshot
965 - Remove not-so-helpful GNOME doc
966 - Stop mentioning dial-up modems as the future
967 - Fix indentation
968 - Update to new system menu
969 - Use more colored and contrasted icon
970 - Use title capitalization
971 - Refresh
972 - Differentiate system menu with and without Wi-Fi
973 - Improve structure
974 - Update insturctions to troubleshoot Wi-Fi
975 - Change our style guide regarding screenshots
976 - The Screen Reader now takes around 5 seconds to start
977 - Replace News section from homepage with something better
978 - Reorder
979 - Move FAQ to a better place
980 - Fix h4
981 - Shorten
982 - Reorder
983 - Point to more active and searchable channel
984 - Remove not-so-frequent questions
985 - Be more specific
986 - Link to future work
987 - Remove question that is answered in so many other ways
988 - Replace youtube-dl by its new fork in Debian
989 - Remove complicated advice
990 - Deduplicate FAQ with requirements
991 - Don't duplicate issues already documented elsewhere
992 - Upstream issues has been fixed in Linux 5.9
993 - Merge very similar issues
994 - Delete very old issues that are probably not useful anymore
995 - Reorder
996 - Delete unused images
997 - Present XMPP options like Pidgin does
998 - Remove very old migration instructions
999 - Be more explicit
1000 - Simplify code
1001 - Place image better on upgrade and clone scenarios
1002 - Apply Apple style guide
1003 - Fix formatting
1004 - Fix orthography
1005 - Remove not-so-useful icon
1006 - The Screen Reader now works in the Unsafe Browser
1007 - Merge and update screenshots
1008 - Update to 6.0
1009 - Be more helpful
1010 - KeePassXC now has a cool documentation
1011 - Move restart
1012 - Use absolute path
1013 - The auto-type feature is hidden by default now
1014 - Remove outdated link
1015 - Update to 6.0
1016 - Refresh
1017 - Update to 6.0
1018 - Apply style guide
1019 - Update stats
1020 - Add 'Status' column
1021 - Fix margin
1022 - Minimal update to 6.0
1023 - Refresh
1024 - Update to 6.0 and refresh language
1025 - Mention on /install as well
1026 - Update to Debian 12
1027 - Refresh
1028 - Improve placement of link
1029 - Refresh language and simplify
1030 - GitLab is the place to go
1031 - Explain better the real-world implications of cold boot attacks
1032 - Give example
1033 - It's not only about the source code
1034 - Link earlier
1035 - Shorten
1036 - Be more upfront
1037 - Simplify and improve language
1038 - Link to historical landmark
1039 - Small language, link, and formatting improvements
1040 - Use full HTML
1041 - Improve links
1042 - Build system: install po4a 0.62-1 from bullseye
1043 - Build system: enable bookworm-{backports,updates}
1044 - Build system: bump APT snapshots to ones containing
1045 bookworm-{backports,updates}
1046 - Revert "Merge /lib/firmware → /usr/lib/firmware (refs: tails/tails#20075)"
1047 - Build system: bump RAM to avoid OOM during mksquashfs (refs: tails/tails#20085)
1048 - Build system: drop -backports and -updates APT sources from builder
1049 - Build system: bump APT snapshots while migrating to Bookworm
1050 - Build system: upgrade builder basebox to Debian Bookworm (refs:
1051 tails/tails#19562)
1052 - Enable GNOME's auto-mounting of pluggable storage (refs: tails/tails#15900)
1053 - Remove dead page
1054 - Update to 2023
1055 - Remove old migration note
1056 - Fix vertical alignment
1057 - Simplify
1058 - Fix vertical alignment
1059 - Align first section title on the left
1060 - Reformat with black
1061 - tails-about: remove unused import
1062 - tails-about: remove "Tails developers" noise to match design
1063 - tails-about: fix grammar to match design
1064 - Remove duplicate Bookworm APT sources
1065 - fix indention to please rubocop.
1066 - Test suite: fix Rubocop violations
1067 - Reintroduce changes to feature/bookworm lost in merge conflict resolution vs
1068 devel
1069 - VERSION is not only a number.
1070 - Use regex to get infos out of os-release.
1071 - Unreleased versions don't have a release date.
1072 - rename misleading functionname.
1073 - Add reference image for Update to 6.3~testoverlayfs
1074 - Link to the upstream version that matches Bookworm's Golang
1075 - remove unsused entries in auto/config
1076 - Add reference image for upgrade to 6.2~testoverlayfs.
1077 - Test suite: make test file name & content match the version
1078 - Fix version determine in os-release.
1079 - Bump test iuk version as we now use os-release to get the Tails version.
1080 - get_release_Date is a function.
1081 - Revert changes on config/binary_rootfs/squashfs.sort
1082 - Remove last occurence of /etc/amnesia/version
1083 - make shellcheck happy.
1084 - read TAILS_SOURCE_DATE_EPOCH from os-release to set minimum date.
1085 - try to fix automatic_update test
1086 - fix typo.
1087 - Use built-in plattform.freedesktop_os_release to parse os_release.
1088 - Next attempt to fix test suite.
1089 - fix autotest suite.
1090 - import needed Dict from typing.
1091 - make tests to use os-release.
1092 - fix wrong syntax in shell.
1093 - Add deprecation waring to tails-version.
1094 - Get rid of /etc/amnesia/version
1095 - Improve the tails-about dialog to easier identify nighly build.
1096 - Revert "OnionShare: enable "public" mode by default"
1097 - Test suite: drop `showingOnly: true` parameters added in feature/bookworm
1098 - status-menu-helper Gnome Shell extension: port to Gnome 43 for Tails/Bookworm
1099 - Test suite: fix race condition
1100 - Test suite: fix race condition
1101 - usbguard: allow all devices that are already connected when the daemon starts
1102 - Replace busy-wait with proper systemd dependency, made possible by Bookworm
1103 - Reject new USB devices plugged while the screen is locked
1104 - GNOME Shell extensions: declare compatibility with Bookworm
1105 - Increase the chances we successfully unmount all the relevant filesystems on
1106 shutdown
1107 - Update mountpoint path for merged-/usr
1108 - Update live-build submodule
1109 - Test suite: fix fillram script for Bookworm
1110 - Test suite: update expected images
1111 - Test suite: update expected image
1112 - Update list of custom packages for Bookworm and bring back the check
1113 - Enable the feature-bookworm APT overlay
1114 - live-build: avoid deprecated "apt-key add", instead drop keys in
1115 /etc/apt/trusted.gpg.d
1116 - Test suite: update Backup feature for Bookworm
1117 - Test suite: allow specifying the polkit dialog title
1118 - Test suite: Bookworm's hwclock does not accept relative dates anymore
1119 - Fix buggy merge conflict resolution
1120 - AppArmor: add canonical merged-/usr path to HOMEDIRS variable
1121 - Test suite: start porting Pidgin tests to Bookworm
1122 - Test suite: update SFTP test for Bookworm
1123 - Test suite: port SSH tests to Dogtail
1124 - Test suite: update expected AppArmor denial messages for merged-/usr
1125 - Test suite: update default set of groups for Bookworm
1126 - Test suite: use Dogtail for Totem "not allowed to open"
1127 - Test suite: update expected images
1128 - Revert "Test suite: remove now unused code"
1129 - Update AppArmor policy for merged-/usr
1130 - Test suite: update most Evince tests for Bookworm and port them to Dogtail
1131 - Test suite: make method a tiny bit more generic
1132 - Test suite: remove obsolete tag
1133 - Test suite: update screenshot test for Bookworm
1134 - Test suite: update network connect/disconnect for Bookworm
1135 - Lint
1136 - Test suite: update VeraCrypt tests for Bookworm and port them to Dogtail
1137 - Test suite: add a couple Dogtail convenience methods
1138 - Test suite: factorize
1139 - Test suite: update expected image
1140 - Keep installing dbus-x11: needed to start the Root Terminal with pkexec
1141 - Update PolicyKit admin user configuration to new rules language
1142 - Test suite: use Dogtail for the PolicyKit prompt and to wait for GNOME Terminal
1143 - Test suite: use Dogtail to check zenity dialog
1144 - Test suite: use better Gherkin phrasing
1145 - Fix Unsafe Browser's name resolution
1146 - Test suite: use Dogtail to check the LAN web server message in the Unsafe
1147 Browser
1148 - Test suite: make a couple test methods compatible with the Unsafe Browser
1149 - Test suite: remove obsolete comment
1150 - Test suite: remove now unused code
1151 - Test suite: start the Unsafe Browser using "gio launch"
1152 - Test suite: Paste bridge via Dogtail
1153 - Test suite: update expected images
1154 - partitioning: ensure the system partition remains an ESP
1155 - partitioning: copy file needed by mlabel, that was split out on Bookworm
1156 - Test suite: update expected denial log message for merged-/usr
1157 - Test suite: update expected images
1158 - Test suite: update expected images
1159 - OnionShare: enable "public" mode by default
1160 - Revert "Temporarily revert "hotfix: refresh Thunderbird patch""
1161 - Update live-build submodule
1162 - OnionShare: use ~/Downloads as the "receive files" directory
1163 - OnionShare: update config file to 2.6, in particular to auto-connect to Tor
1164 - OnionShare: update onion-grater rules for 2.6
1165 - Make AppArmor logs a little bit less noisy
1166 - OnionShare: run as native Wayland
1167 - OnionShare: update AppArmor profile for Bookworm
1168 - Import OnionShare .desktop file and icon
1169 - Adjust to match renaming of OnionShare executables
1170 - Update the list of backends in the usr.sbin.cups AppArmor profile for Bookworm
1171 - Bump APT snapshots for the Vagrant box
1172 - Test suite: update expected pictures
1173 - Disable signing of DKMS modules
1174 - Drop hook that's obsolete on a merged-/usr system
1175 - Adjust for merged-/usr
1176 - live-build: fix breakage with merged-/usr
1177 - Switch to merged-/usr (aka. usrmerge)
1178 - Remove obsolete blocker
1179 - Keep installing xxd
1180 - Remove Debian logo in unlock screen
1181 - Desktop icons: don't display anything besides our shortcuts and the Trash
1182 - Display Desktop icons at standard size
1183 - Keep installing wpasupplicant
1184 - Drop fake obfs4proxy package: not needed anymore
1185 - Temporarily revert "hotfix: refresh Thunderbird patch"
1186 - Keep installing gnome-keyring
1187 - Remove obsolete pref
1188 - Adjust to gnome-shell-extension-desktop-icons-ng
1189 - Temporarily disable initramfs size check
1190 - Convert our polkit rules to the new JavaScript format
1191 - Update expected /etc/passwd and /etc/group
1192 - Make it easier to copy the new file
1193 - Fix error reporting
1194 - Update test suite & design doc: we don't ship dhclient since Tails 5.0
1195 - Temporarily disable custom packages check
1196 - Explicitly set hasOverview and showWelcomeDialog
1197 - Adjust to renamed GNOME Shell menu
1198 - systemd: Use both name and description in unit status messages
1199 - Drop support for reading encrypted DVDs
1200 - Upgrade the Linux kernel to 6.1.27-1 from Bookworm
1201 - Update for Bookworm
1202 - Adjust path for Bookworm
1203 - Fix UID & GID stability
1204 - Remove obsolete patch
1205 - Refresh and unfuzzy patches
1206 - Upgrade to Linux 6.1.25-1 (devel branch)
1207 - Revert "Workaround missing APT snapshots."
1208 - Revert "Test suite: disable bridge QR code automated tests"
1209 - Install the Linux kernel from Debian Bookworm
1210 - Refresh tails-000-standard.list packages list for Bookworm
1211 - Enable non-free-firmware APT component for the Bookworm APT sources
1212 - Follow package rename: gnomes-themes-standard → gnome-themes-extra
1213 - Replace exfat-fuse with in-kernel implementation + exfatprogs
1214 - Migrate to gnome-shell-extension-desktop-icons-ng
1215 - Don't try to install nautilus-gtkhash: not available in Bookworm
1216 - Don't try to install nautilus-wipe: not available in Bookworm
1217 - Don't try to install obsolete crda package
1218 - Workaround missing APT snapshots.
1219 - Rubocop: target Bookworm's Ruby version
1220 - pre-commit-translation: remove obsolete script
1221 - GitLab CI: use Debian Bookworm image by default
1222 - Support Bookworm host system to run our test suite
1223 - Require a Bullseye host system to build Tails
1224 - Reference issue that tracks this "XXX" comment
1225 - Persistent Storage: enable localized word lists included in Bookworm
1226 - Remove obsolete detail in comment
1227 - Upgrade to Debian 12 (Bookworm)
1228 - run_test_suite: run all tests on feature/bookworm
1230 -- Tails developers <tails@boum.org> Mon, 26 Feb 2024 16:11:09 +0100
1232 tails (6.0~rc1) unstable; urgency=medium
1234 * Tails Cloner: don't attempt to unmount the target device twice
1235 (tails/tails!1359)
1237 Closes issues:
1238 - tails-installer fails to install to already mounted devices (tails/tails#20139)
1240 Commits:
1241 - Tails Cloner: don't attempt to unmount the target device twice (refs:
1242 tails/tails#20139)
1244 * Install python3-pyqt5 to fix Electrum not starting (tails/tails!1357)
1246 Closes issues:
1247 - Electrum does not start in Tails 6.0 (tails/tails#20079)
1249 Commits:
1250 - Install python3-pyqt5 to fix Electrum not starting
1252 * Fix spawn_tps_frontend (tails/tails!1368)
1254 Closes issues:
1255 - tps-frontend disappears while setting up Persistent Storage for Additional Software (tails/tails#20141)
1257 Commits:
1258 - Fix inter-process communication based on non-zero exit codes
1259 - Revert "Avoid asp-post-apt hooks running forever in some cases"
1260 - Revert "Fix failure when running multiple asp-post-apt hooks in parallel"
1261 - Sync' both Ruff configurations
1262 - Sort
1263 - Use long option name
1264 - Use subprocess.check_call with gtk-launch instead of subprocess.Popen
1265 - Additional Software: Fix app hanging if Persistent Storage is not created
1266 - Use subprocess.check_call instead of subprocess.Popen
1267 - Avoid asp-post-apt hooks running forever in some cases
1268 - Reduce memory used by asp-post-apt hook
1269 - Fix failure when running multiple asp-post-apt hooks in parallel
1270 - Set SyslogIdentifier with systemd-run
1271 - Ignore Ruff S603
1272 - Fix Ruff PLW1510
1273 - Run ruff --fix on modified files
1274 - Fix spawn_tps_frontend
1275 - Don't use stderr=subprocess.PIPE with subprocess.Popen
1277 * Fix broken tests for feature/bookworm (tails/tails!1367)
1279 Closes issues:
1280 - Adjust Bookworm test suite to !1166 (tails/tails#19738)
1282 Commits:
1283 - Test suite: fixup incorrect suggestion that was applied
1284 - Test suite: wait for GNOME authentication dialog to disappear
1285 - Test suite: fix comment
1286 - Test suite: use grabFocus() instead of worse code
1287 - Test suite: refactor
1288 - Appease RuboCop
1289 - Test suite: deal with GNOME authentication prompt getting in the way
1290 - Test suite: fix Nautilus vs our showingOnly default (refs: tails/tails#19738)
1291 - Test suite: bump image for Bookworm
1292 - Test suite: deal with GNOME authentication prompt getting in the way
1293 - Test suite: improve step name
1294 - Test suite: don't reinvent the wheel
1295 - Test suite: don't use hardcoded passphrase
1296 - Test suite: adapt a bunch of steps to GNOME auto-mounting removable media
1297 (refs: tails/tails#15900)
1298 - Test suite: add a handy mountpoint() method
1299 - Test suite: support multiple mountpoints in parse_udisksctl_info()
1300 - Test suite: use different method when filling storage devices until they are
1301 full
1302 - Test suite: be more precise when determining available space in mountpoint
1304 * Fix Ruff policy violations in files modified on feature/bookworm, take 2
1305 (tails/tails!1362)
1307 Closes issues:
1308 - Fix Ruff & Rubocop policy violations in files modified on feature/bookworm (tails/tails#20124)
1310 Commits:
1311 - Fix typo
1312 - Lint
1313 - Reformat with Black
1314 - Trust our callers to not pass us untrusted input
1315 - Accept manual handling of subprocess.run result
1316 - Make check more generic
1317 - Fix Ruff PLW2901
1318 - Automatically fix Ruff UP031
1319 - Automatically fix Ruff UP022
1320 - Automatically fix Ruff PIE790
1322 * Fix Ruff & Rubocop policy violations in files modified on feature/bookworm
1323 (tails/tails!1360)
1325 Closes issues:
1326 - Fix Ruff & Rubocop policy violations in files modified on feature/bookworm (tails/tails#20124)
1328 Commits:
1329 - rubocop --autocorrect
1330 - Silence Ruff false positive
1331 - Silence Ruff false positive
1332 - Remove dead code
1333 - Automatically fix UP032 "Use f-string instead of `format` call"
1334 - Automatically fix UP024 "Replace aliased errors with `OSError`"
1336 * Use the Tails logo as the user icon (tails/tails!1358)
1338 Closes issues:
1339 - Add a user icon (tails/tails#20078)
1341 Commits:
1342 - Use our logo as the user icon
1344 * Replace Gedit with GNOME Text Editor (tails/tails!1355)
1346 Closes issues:
1347 - Migrate from gedit to gnome-text-editor (tails/tails#19651)
1349 Commits:
1350 - Test suite: adapt to the migration from Gedit to GNOME Text editor
1351 - Test suite: update example in comment
1352 - Replace Gedit with GNOME Text Editor
1354 * remove "custom" keyboard layout from greeter (tails/tails!1354)
1356 Closes issues:
1357 - Remove "A user-defined custom Layout" option as keyboard layout (tails/tails#20109)
1359 Commits:
1360 - Reformat with Black
1361 - Fix Ruff E741
1362 - Fix Ruff B904
1363 - Ignore false positive
1364 - remove "custom" keyboard layout from greeter
1366 * Add full commit ID to /etc/os-release (tails/tails!1352)
1368 Commits:
1369 - Add full commit ID to /etc/os-release
1371 * Add diceware word lists Catalan, Italian, and Spanish (tails/tails!1340)
1373 Closes issues:
1374 - Have diceware word lists for each of our tier-1 languages (tails/tails#20014)
1376 Commits:
1377 - Reformat with Black
1378 - Add diceware word lists Catalan, Italian, and Spanish
1380 * Upgrade Vagrant basebox to Debian Bookworm (tails/tails!1323)
1382 Closes issues:
1383 - Upgrade Vagrant basebox to Bookworm (tails/tails#19562)
1385 Commits:
1386 - Build system: install po4a 0.62-1 from bullseye
1387 - Build system: enable bookworm-{backports,updates}
1388 - Build system: bump APT snapshots to ones containing
1389 bookworm-{backports,updates}
1390 - Build system: bump RAM to avoid OOM during mksquashfs (refs: tails/tails#20085)
1391 - Build system: drop -backports and -updates APT sources from builder
1392 - Build system: bump APT snapshots while migrating to Bookworm
1393 - Build system: upgrade builder basebox to Debian Bookworm (refs:
1394 tails/tails#19562)
1396 * Improve the tails-about dialog to easier identify nightly build
1397 (tails/tails!1225)
1399 Closes issues:
1400 - Make it easier to identify which nightly build is running (tails/tails#17543)
1402 Commits:
1403 - tails-about: remove unused import
1404 - tails-about: remove "Tails developers" noise to match design
1405 - tails-about: fix grammar to match design
1406 - fix indention to please rubocop.
1407 - VERSION is not only a number.
1408 - Use regex to get infos out of os-release.
1409 - Unreleased versions don't have a release date.
1410 - rename misleading functionname.
1411 - Add reference image for Update to 6.3~testoverlayfs
1412 - remove unsused entries in auto/config
1413 - Add reference image for upgrade to 6.2~testoverlayfs.
1414 - Test suite: make test file name & content match the version
1415 - Fix version determine in os-release.
1416 - Bump test iuk version as we now use os-release to get the Tails version.
1417 - get_release_Date is a function.
1418 - Revert changes on config/binary_rootfs/squashfs.sort
1419 - Remove last occurence of /etc/amnesia/version
1420 - make shellcheck happy.
1421 - read TAILS_SOURCE_DATE_EPOCH from os-release to set minimum date.
1422 - try to fix automatic_update test
1423 - fix typo.
1424 - Use built-in plattform.freedesktop_os_release to parse os_release.
1425 - Next attempt to fix test suite.
1426 - fix autotest suite.
1427 - import needed Dict from typing.
1428 - make tests to use os-release.
1429 - fix wrong syntax in shell.
1430 - Add deprecation waring to tails-version.
1431 - Get rid of /etc/amnesia/version
1432 - Improve the tails-about dialog to easier identify nighly build.
1434 * Release process adapt for major version bumps (tails/tails!1192)
1436 Closes issues:
1437 - Clarify PREVIOUS_STABLE_VERSION when switching to new debian series
1438 (tails/tails#18960)
1440 Commits:
1441 - Release process: migrate calculation to rm-config so we can automate some steps
1442 - Release process: fix grammar now that there can be multiple test IUKs (refs:
1443 18960)
1444 - Automate
1445 - Release process, QA: deal with which versions to test Incremental Upgrades from
1446 (refs: #18960)
1447 - Verify that the test UDFs we generate are correct before publishing.
1448 - Release process: publish test UDFs for both previous stable version and (if
1449 any) the last alpha/beta/RC when releasing a major version
1451 * Upgrade to Debian 12 (Bookworm) (tails/tails!1119)
1453 Upgrades most packages
1455 Closes issues:
1456 - Tails 6.0 based on Debian 12 (Bookworm) (tails/tails#19477)
1458 Commits:
1459 - Fix inter-process communication based on non-zero exit codes
1460 - Revert "Avoid asp-post-apt hooks running forever in some cases"
1461 - Test suite: fixup incorrect suggestion that was applied
1462 - Test suite: wait for GNOME authentication dialog to disappear
1463 - Test suite: fix comment
1464 - Revert "Fix failure when running multiple asp-post-apt hooks in parallel"
1465 - Sync' both Ruff configurations
1466 - Sort
1467 - Use long option name
1468 - Use subprocess.check_call with gtk-launch instead of subprocess.Popen
1469 - Additional Software: Fix app hanging if Persistent Storage is not created
1470 - Use subprocess.check_call instead of subprocess.Popen
1471 - Avoid asp-post-apt hooks running forever in some cases
1472 - Reduce memory used by asp-post-apt hook
1473 - Fix failure when running multiple asp-post-apt hooks in parallel
1474 - Set SyslogIdentifier with systemd-run
1475 - Ignore Ruff S603
1476 - Fix Ruff PLW1510
1477 - Run ruff --fix on modified files
1478 - Fix spawn_tps_frontend
1479 - Don't use stderr=subprocess.PIPE with subprocess.Popen
1480 - Test suite: use grabFocus() instead of worse code
1481 - Test suite: refactor
1482 - Appease RuboCop
1483 - Test suite: deal with GNOME authentication prompt getting in the way
1484 - Fix typo
1485 - Test suite: fix Nautilus vs our showingOnly default (refs: tails/tails#19738)
1486 - Test suite: bump image for Bookworm
1487 - Test suite: deal with GNOME authentication prompt getting in the way
1488 - Test suite: improve step name
1489 - Reformat with Black
1490 - Fix Ruff E741
1491 - Fix Ruff B904
1492 - Ignore false positive
1493 - remove "custom" keyboard layout from greeter
1494 - Lint
1495 - Test suite: don't reinvent the wheel
1496 - Test suite: don't use hardcoded passphrase
1497 - Update to Bookworm
1498 - Use our logo as the user icon
1499 - Stop avertizing share.riseup.net
1500 - Use consistent terminology and title capitalization
1501 - Improve style of nested blocks
1502 - Apply style guide
1503 - Shorten anchors
1504 - Use consistent terminology
1505 - Explain better what is the Super key
1506 - Document known issues
1507 - Remove not-so-useful link
1508 - Improve phrase and style guide
1509 - Don't use 'your' when talking about public computers, mostly
1510 - Replace encryption_and_privacy/virtual_keyboard by a note
1511 - Add anchors
1512 - Test suite: adapt a bunch of steps to GNOME auto-mounting removable media
1513 (refs: tails/tails#15900)
1514 - Test suite: add a handy mountpoint() method
1515 - Test suite: support multiple mountpoints in parse_udisksctl_info()
1516 - Test suite: use different method when filling storage devices until they are
1517 full
1518 - Reformat with Black
1519 - Trust our callers to not pass us untrusted input
1520 - Accept manual handling of subprocess.run result
1521 - Make check more generic
1522 - Fix Ruff PLW2901
1523 - Automatically fix Ruff UP031
1524 - Automatically fix Ruff UP022
1525 - Automatically fix Ruff PIE790
1526 - fix icon name
1527 - fix typo
1528 - remove duplicate word
1529 - Remove useless if statement
1530 - Test suite: be more precise when determining available space in mountpoint
1531 - Test suite: adapt to the migration from Gedit to GNOME Text editor
1532 - Test suite: update example in comment
1533 - Replace Gedit with GNOME Text Editor
1534 - rubocop --autocorrect
1535 - Silence Ruff false positive
1536 - Silence Ruff false positive
1537 - Remove dead code
1538 - Automatically fix UP032 "Use f-string instead of `format` call"
1539 - Automatically fix UP024 "Replace aliased errors with `OSError`"
1540 - Tails Cloner: don't attempt to unmount the target device twice (refs:
1541 tails/tails#20139)
1542 - Test suite: fix scenario where Nautilus misbehaves with our showingOnly default
1543 (refs: tails/tails#19738)
1544 - Gmail in Tails is easier now!
1545 - Apply style guide
1546 - Update to Bookworm
1547 - Capitalize 'Lock Screen'
1548 - Install python3-pyqt5 to fix Electrum not starting
1549 - Test suite: bump image
1550 - Install pipewire-media-session to repair GNOME's screen recording capability
1551 (refs: tails/tails#19441)
1552 - Simplify
1553 - Mention OnionShare in faq#onion-service
1554 - Update to OnionShare 2.6
1555 - Cover the case when screeshots are too big
1556 - Add full commit ID to /etc/os-release
1557 - Document Dark Theme and Night Light modes
1558 - Fix capitalization
1559 - Update to #15900 and #15767
1560 - Document the fix for the no-overview GNOME Shell extension
1561 - Update icons
1562 - Remove unused icon
1563 - Update screenshots
1564 - Fix icon reference
1565 - Add CSS for Windows commands
1566 - Add missing screenshot
1567 - Update to 6.0
1568 - Refresh
1569 - Refresh and apply style guide
1570 - Improve indentation
1571 - Refresh and apply style guide
1572 - Remove only h1
1573 - Stop bothering people with Windows XP
1574 - Help with platform compatibility
1575 - Update to Bookworm and apply style guide
1576 - Apply style guide
1577 - Restructure summary and details
1578 - APT: disable warning about the non-free/non-free-firmware split
1579 - Remove duplicate bookworm-security source
1580 - Fix incompatibility with no-overview and window-list GNOME shell extensions
1581 - GNOME shell: add and enable no-overview extension version 13 (refs:
1582 tails/tails#19656)
1583 - Bookworm: don't install gnome-screenshot any more (refs: tails/tails#20116)
1584 - Reformat with Black
1585 - Add diceware word lists Catalan, Italian, and Spanish
1586 - Allow images to overflow paragraphs
1587 - Improve instructions for screenshots
1588 - Update to the version of Disks in Bookworm
1589 - Update all symbolic icons
1590 - Update path to 'Show Hidden Files'
1591 - Update to the removal of GtkHash (#20114)
1592 - Update to the removal of the Files browser integration of mat2
1593 - Update screenshot
1594 - Update to Tails 6.0
1595 - Update features apps and rewrite as flex
1596 - Use title capitalization
1597 - Update screenshot
1598 - Add missing screenshot
1599 - Remove not-so-helpful GNOME doc
1600 - Stop mentioning dial-up modems as the future
1601 - Fix indentation
1602 - Update to new system menu
1603 - Use more colored and contrasted icon
1604 - Use title capitalization
1605 - Refresh
1606 - Differentiate system menu with and without Wi-Fi
1607 - Improve structure
1608 - Update insturctions to troubleshoot Wi-Fi
1609 - Change our style guide regarding screenshots
1610 - The Screen Reader now takes around 5 seconds to start
1611 - Replace News section from homepage with something better
1612 - Reorder
1613 - Move FAQ to a better place
1614 - Fix h4
1615 - Shorten
1616 - Reorder
1617 - Point to more active and searchable channel
1618 - Remove not-so-frequent questions
1619 - Be more specific
1620 - Link to future work
1621 - Remove question that is answered in so many other ways
1622 - Replace youtube-dl by its new fork in Debian
1623 - Remove complicated advice
1624 - Deduplicate FAQ with requirements
1625 - Don't duplicate issues already documented elsewhere
1626 - Upstream issues has been fixed in Linux 5.9
1627 - Merge very similar issues
1628 - Delete very old issues that are probably not useful anymore
1629 - Reorder
1630 - Delete unused images
1631 - Present XMPP options like Pidgin does
1632 - Remove very old migration instructions
1633 - Be more explicit
1634 - Simplify code
1635 - Place image better on upgrade and clone scenarios
1636 - Apply Apple style guide
1637 - Fix formatting
1638 - Fix orthography
1639 - Remove not-so-useful icon
1640 - The Screen Reader now works in the Unsafe Browser
1641 - Merge and update screenshots
1642 - Update to 6.0
1643 - Be more helpful
1644 - KeePassXC now has a cool documentation
1645 - Move restart
1646 - Use absolute path
1647 - The auto-type feature is hidden by default now
1648 - Remove outdated link
1649 - Update to 6.0
1650 - Refresh
1651 - Update to 6.0
1652 - Apply style guide
1653 - Update stats
1654 - Add 'Status' column
1655 - Fix margin
1656 - Minimal update to 6.0
1657 - Refresh
1658 - Update to 6.0 and refresh language
1659 - Mention on /install as well
1660 - Update to Debian 12
1661 - Refresh
1662 - Improve placement of link
1663 - Refresh language and simplify
1664 - GitLab is the place to go
1665 - Explain better the real-world implications of cold boot attacks
1666 - Give example
1667 - It's not only about the source code
1668 - Link earlier
1669 - Shorten
1670 - Be more upfront
1671 - Simplify and improve language
1672 - Link to historical landmark
1673 - Small language, link, and formatting improvements
1674 - Use full HTML
1675 - Improve links
1676 - Build system: install po4a 0.62-1 from bullseye
1677 - Build system: enable bookworm-{backports,updates}
1678 - Build system: bump APT snapshots to ones containing
1679 bookworm-{backports,updates}
1680 - Revert "Merge /lib/firmware → /usr/lib/firmware (refs: tails/tails#20075)"
1681 - Build system: bump RAM to avoid OOM during mksquashfs (refs: tails/tails#20085)
1682 - Build system: drop -backports and -updates APT sources from builder
1683 - Build system: bump APT snapshots while migrating to Bookworm
1684 - Build system: upgrade builder basebox to Debian Bookworm (refs:
1685 tails/tails#19562)
1686 - Enable GNOME's auto-mounting of pluggable storage (refs: tails/tails#15900)
1687 - Remove dead page
1688 - Update to 2023
1689 - Remove old migration note
1690 - Fix vertical alignment
1691 - Simplify
1692 - Fix vertical alignment
1693 - Align first section title on the left
1694 - Reformat with black
1695 - tails-about: remove unused import
1696 - tails-about: remove "Tails developers" noise to match design
1697 - tails-about: fix grammar to match design
1698 - Remove duplicate Bookworm APT sources
1699 - fix indention to please rubocop.
1700 - Test suite: fix Rubocop violations
1701 - Reintroduce changes to feature/bookworm lost in merge conflict resolution vs
1702 devel
1703 - VERSION is not only a number.
1704 - Use regex to get infos out of os-release.
1705 - Unreleased versions don't have a release date.
1706 - rename misleading functionname.
1707 - Add reference image for Update to 6.3~testoverlayfs
1708 - Link to the upstream version that matches Bookworm's Golang
1709 - remove unsused entries in auto/config
1710 - Add reference image for upgrade to 6.2~testoverlayfs.
1711 - Test suite: make test file name & content match the version
1712 - Fix version determine in os-release.
1713 - Bump test iuk version as we now use os-release to get the Tails version.
1714 - get_release_Date is a function.
1715 - Revert changes on config/binary_rootfs/squashfs.sort
1716 - Remove last occurence of /etc/amnesia/version
1717 - make shellcheck happy.
1718 - read TAILS_SOURCE_DATE_EPOCH from os-release to set minimum date.
1719 - try to fix automatic_update test
1720 - fix typo.
1721 - Use built-in plattform.freedesktop_os_release to parse os_release.
1722 - Next attempt to fix test suite.
1723 - fix autotest suite.
1724 - import needed Dict from typing.
1725 - make tests to use os-release.
1726 - fix wrong syntax in shell.
1727 - Add deprecation waring to tails-version.
1728 - Get rid of /etc/amnesia/version
1729 - Improve the tails-about dialog to easier identify nighly build.
1730 - Revert "OnionShare: enable "public" mode by default"
1731 - Test suite: drop `showingOnly: true` parameters added in feature/bookworm
1732 - status-menu-helper Gnome Shell extension: port to Gnome 43 for Tails/Bookworm
1733 - Test suite: fix race condition
1734 - Test suite: fix race condition
1735 - usbguard: allow all devices that are already connected when the daemon starts
1736 - Replace busy-wait with proper systemd dependency, made possible by Bookworm
1737 - Reject new USB devices plugged while the screen is locked
1738 - GNOME Shell extensions: declare compatibility with Bookworm
1739 - Increase the chances we successfully unmount all the relevant filesystems on
1740 shutdown
1741 - Update mountpoint path for merged-/usr
1742 - Update live-build submodule
1743 - Test suite: fix fillram script for Bookworm
1744 - Test suite: update expected images
1745 - Test suite: update expected image
1746 - Update list of custom packages for Bookworm and bring back the check
1747 - Enable the feature-bookworm APT overlay
1748 - live-build: avoid deprecated "apt-key add", instead drop keys in
1749 /etc/apt/trusted.gpg.d
1750 - Test suite: update Backup feature for Bookworm
1751 - Test suite: allow specifying the polkit dialog title
1752 - Test suite: Bookworm's hwclock does not accept relative dates anymore
1753 - Fix buggy merge conflict resolution
1754 - AppArmor: add canonical merged-/usr path to HOMEDIRS variable
1755 - Test suite: start porting Pidgin tests to Bookworm
1756 - Test suite: update SFTP test for Bookworm
1757 - Test suite: port SSH tests to Dogtail
1758 - Test suite: update expected AppArmor denial messages for merged-/usr
1759 - Test suite: update default set of groups for Bookworm
1760 - Test suite: use Dogtail for Totem "not allowed to open"
1761 - Test suite: update expected images
1762 - Revert "Test suite: remove now unused code"
1763 - Update AppArmor policy for merged-/usr
1764 - Test suite: update most Evince tests for Bookworm and port them to Dogtail
1765 - Test suite: make method a tiny bit more generic
1766 - Test suite: remove obsolete tag
1767 - Test suite: update screenshot test for Bookworm
1768 - Test suite: update network connect/disconnect for Bookworm
1769 - Lint
1770 - Test suite: update VeraCrypt tests for Bookworm and port them to Dogtail
1771 - Test suite: add a couple Dogtail convenience methods
1772 - Test suite: factorize
1773 - Test suite: update expected image
1774 - Keep installing dbus-x11: needed to start the Root Terminal with pkexec
1775 - Update PolicyKit admin user configuration to new rules language
1776 - Test suite: use Dogtail for the PolicyKit prompt and to wait for GNOME Terminal
1777 - Test suite: use Dogtail to check zenity dialog
1778 - Test suite: use better Gherkin phrasing
1779 - Fix Unsafe Browser's name resolution
1780 - Test suite: use Dogtail to check the LAN web server message in the Unsafe
1781 Browser
1782 - Test suite: make a couple test methods compatible with the Unsafe Browser
1783 - Test suite: remove obsolete comment
1784 - Test suite: remove now unused code
1785 - Test suite: start the Unsafe Browser using "gio launch"
1786 - Test suite: Paste bridge via Dogtail
1787 - Test suite: update expected images
1788 - partitioning: ensure the system partition remains an ESP
1789 - partitioning: copy file needed by mlabel, that was split out on Bookworm
1790 - Test suite: update expected denial log message for merged-/usr
1791 - Test suite: update expected images
1792 - Test suite: update expected images
1793 - OnionShare: enable "public" mode by default
1794 - Revert "Temporarily revert "hotfix: refresh Thunderbird patch""
1795 - Update live-build submodule
1796 - OnionShare: use ~/Downloads as the "receive files" directory
1797 - OnionShare: update config file to 2.6, in particular to auto-connect to Tor
1798 - OnionShare: update onion-grater rules for 2.6
1799 - Make AppArmor logs a little bit less noisy
1800 - OnionShare: run as native Wayland
1801 - OnionShare: update AppArmor profile for Bookworm
1802 - Import OnionShare .desktop file and icon
1803 - Adjust to match renaming of OnionShare executables
1804 - Update the list of backends in the usr.sbin.cups AppArmor profile for Bookworm
1805 - Bump APT snapshots for the Vagrant box
1806 - Test suite: update expected pictures
1807 - Disable signing of DKMS modules
1808 - Drop hook that's obsolete on a merged-/usr system
1809 - Adjust for merged-/usr
1810 - live-build: fix breakage with merged-/usr
1811 - Switch to merged-/usr (aka. usrmerge)
1812 - Remove obsolete blocker
1813 - Keep installing xxd
1814 - Remove Debian logo in unlock screen
1815 - Desktop icons: don't display anything besides our shortcuts and the Trash
1816 - Display Desktop icons at standard size
1817 - Keep installing wpasupplicant
1818 - Drop fake obfs4proxy package: not needed anymore
1819 - Temporarily revert "hotfix: refresh Thunderbird patch"
1820 - Keep installing gnome-keyring
1821 - Remove obsolete pref
1822 - Adjust to gnome-shell-extension-desktop-icons-ng
1823 - Temporarily disable initramfs size check
1824 - Convert our polkit rules to the new JavaScript format
1825 - Update expected /etc/passwd and /etc/group
1826 - Make it easier to copy the new file
1827 - Fix error reporting
1828 - Update test suite & design doc: we don't ship dhclient since Tails 5.0
1829 - Temporarily disable custom packages check
1830 - Explicitly set hasOverview and showWelcomeDialog
1831 - Adjust to renamed GNOME Shell menu
1832 - systemd: Use both name and description in unit status messages
1833 - Drop support for reading encrypted DVDs
1834 - Upgrade the Linux kernel to 6.1.27-1 from Bookworm
1835 - Update for Bookworm
1836 - Adjust path for Bookworm
1837 - Fix UID & GID stability
1838 - Remove obsolete patch
1839 - Refresh and unfuzzy patches
1840 - Upgrade to Linux 6.1.25-1 (devel branch)
1841 - Revert "Workaround missing APT snapshots."
1842 - Revert "Test suite: disable bridge QR code automated tests"
1843 - Install the Linux kernel from Debian Bookworm
1844 - Refresh tails-000-standard.list packages list for Bookworm
1845 - Enable non-free-firmware APT component for the Bookworm APT sources
1846 - Follow package rename: gnomes-themes-standard → gnome-themes-extra
1847 - Replace exfat-fuse with in-kernel implementation + exfatprogs
1848 - Migrate to gnome-shell-extension-desktop-icons-ng
1849 - Don't try to install nautilus-gtkhash: not available in Bookworm
1850 - Don't try to install nautilus-wipe: not available in Bookworm
1851 - Don't try to install obsolete crda package
1852 - Workaround missing APT snapshots.
1853 - Rubocop: target Bookworm's Ruby version
1854 - pre-commit-translation: remove obsolete script
1855 - GitLab CI: use Debian Bookworm image by default
1856 - Support Bookworm host system to run our test suite
1857 - Require a Bullseye host system to build Tails
1858 - Reference issue that tracks this "XXX" comment
1859 - Persistent Storage: enable localized word lists included in Bookworm
1860 - Remove obsolete detail in comment
1861 - Upgrade to Debian 12 (Bookworm)
1862 - run_test_suite: run all tests on feature/bookworm
1864 -- Tails developers <tails@boum.org> Wed, 31 Jan 2024 20:56:28 +0100
1866 tails (5.22) unstable; urgency=medium
1868 * Resolve "Upgrade to Tor Browser based on ESR 115.7" (tails/tails!1366)
1870 Closes issues:
1871 - Upgrade to Tor Browser based on ESR 115.7 (tails/tails#20060)
1873 Commits:
1874 - Fetch Tor Browser from our own archive
1875 - Upgrade Tor Browser to 13.0.9
1877 * replace bookworm-updates with bookworm-security and upgrade kernel to 6.1.69
1878 (tails/tails!1343)
1880 Closes issues:
1881 - Re-enable bookworm-security APT source (tails/tails#20010)
1882 - Upgrade to Linux 6.1.69 (DSA 5593-1) (tails/tails#20121)
1884 Commits:
1885 - replace bookworm-updates with bookworm-security and update kernel
1887 * htpdate: privacyinternational.org -> securitylab.amnesty.org (tails/tails!1370)
1889 Closes issues:
1890 - https-get-expired failing for https://www.privacyinternational.org
1891 (tails/tails#20146)
1893 Commits:
1894 - black reformatting
1895 - refer to design in source code
1896 - htpdate: privacyinternational.org -> securitylab.amnesty.org
1898 * Don't try to create a Persistent Storage on a device that already has 2
1899 partitions (tails/tails!1348)
1901 Closes issues:
1902 - Don't try to create a Persistent Storage on a device that already has 2
1903 partitions (tails/tails#20000)
1905 Commits:
1906 - Disable error prone Ruff rule
1907 - Revert error prone linting
1908 - Fix Ruff G004
1909 - Bring back type annotation lost by linting
1910 - Make indentation consistent
1911 - Simplify
1912 - Reformat with black
1913 - Fix logging level
1914 - Fix check for too many partitions
1915 - Remove unused import
1916 - Linting prompted by, and done by, ruff
1917 - Linting prompted by the ruff-changed-files CI job
1918 - Document limitation
1919 - Reformat with black
1920 - Explain the user that we can't create a Persistent Storage on a device that
1921 already has 2 partitions
1922 - Improve name of widget
1923 - Don't try to create a Persistent Storage on a device that already has 2
1924 partitions
1925 - Fix buggy refactoring
1926 - Reformat with black
1927 - refactor InvalidBootDeviceErrorType
1928 - Convey reason why the boot device is not supported from the tps backend to the
1929 frontend
1931 * Check and attempt to safely repair the Persistent Storage filesystem before
1932 mounting it (tails/tails!1351)
1934 Commits:
1935 - Reformat with black
1936 - Check and safely attempt to repair Persistent Storage filesystem before
1937 mounting it
1939 * Bugfix: Additional Software was sometimes left unconfigured after creating
1940 Persistent Storage (tails/tails!1350)
1942 Closes issues:
1943 - Additional Software sometimes left unconfigured after creating Persistent
1944 Storage (tails/tails#19926)
1946 Commits:
1947 - Bugfix: Additional Software was sometimes left unconfigured after creating
1948 Persistent Storage
1950 * Don't try to unlock or delete a Persistent Storage that's on a read-only USB
1951 stick (tails/tails!1349)
1953 Closes issues:
1954 - tpsd should not try to unlock or delete a Persistent Storage that's on a read-
1955 only USB stick (tails/tails#20024)
1957 Commits:
1958 - Simplify code
1959 - Fix ordering of widgets
1960 - Reformat with black
1961 - Lint
1962 - Implement updated UI phrasing
1963 - Lint
1964 - Let Ruff fix the issues that it reported and can fix itself
1965 - Don't try to delete a Persistent Storage that's on a read-only USB stick
1966 - tpsd: expose whether the Persistent Storage can be deleted
1967 - Welcome Screen: link to help when we don't allow unlocking Persistent Storage
1968 on a read-only device
1969 - Save UI file with current Glade
1970 - Simplify
1971 - Reformat with black
1972 - Lint files changed by this MR
1973 - Add missing space in log message
1974 - Let Ruff fix the issues that it reported and can fix itself
1975 - Welcome Screen: don't allow unlocking Persistent Storage on a read-only device
1976 - tps: identify when the device is read-only and we should not try to unlock it
1977 - Remove unused imports
1979 * Resolve "Test suite often fails to grabFocus of the Persistent Storage
1980 passphrase entry" (tails/tails!1345)
1982 Closes issues:
1983 - Test suite often fails to grabFocus of the Persistent Storage passphrase entry
1984 (tails/tails#20054)
1986 Commits:
1987 - Test suite: log when applying workaround for #20054
1988 - Test suite: revolutionize code readability thanks to RuboCop
1989 - Test suite: appease RuboCop
1990 - Add forgotten closing parenthesis
1991 - Test suite: improve method name
1992 - Test suite: prefix #20054 logging to make all of it easier to grep from
1993 debug.log
1994 - Test suite: attempt to detect and work around tails/tails#20054
1995 - Move variable to where it is used
1997 * onion-grater: only log dropped stream/circ events when debugging is enabled...
1998 (tails/tails!1344)
2000 Closes issues:
2001 - onion-grater's "dropped restricted circuit event" is spammy and leaky
2002 (tails/tails#20126)
2004 Commits:
2005 - onion-grater: only log dropped stream/circ events when debugging is enabled
2006 (refs: tails/tails#20126)
2007 - onion-grater: fix typo
2009 * tor-browser uses local documentation (tails/tails!1341)
2011 Closes issues:
2012 - Tor Browser should open documentation links from local website when offline
2013 (tails/tails#20095)
2015 Commits:
2016 - ruff --fix + black
2017 - avoid tails.net.attack.er sneaking in
2018 - skip offline warning when url has been resolved
2019 - disable doctest
2020 - black reformatting
2021 - less globals, easier testing
2022 - urls we can't resolve are passed through
2023 - check if link is to tails website
2024 - sane defaults
2025 - fix argument parsing
2026 - FIX leftover shell interpolation
2027 - tor-browser uses local documentation
2028 - tor-browser reimplemented in Python3
2029 - refactor tails-documentation
2031 * ruff works for feature/bookworm, too (tails/tails!1339)
2033 Closes issues:
2034 - ruff-changed-files false positives in GitLab CI:
2035 origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?} is an unknown ref
2036 (tails/tails#20094)
2038 Commits:
2039 - make sure that the target branch is known
2041 * move actual URL outside of the translatable string (tails/tails!1337)
2043 Closes issues:
2044 - tails-report-disk-errors includes a translatable URLs to the Tails live website
2045 (tails/tails#20096)
2047 Commits:
2048 - Update POT file
2049 - move actual URL outside of the translatable string
2051 * Add wrote to device at speed MB/sec INFO log to `clone_persistent_storage`
2052 (tails/tails!1335)
2054 Closes issues:
2055 - Log wrote to device at MB/sec for clone Persistent Storage too
2056 (tails/tails#20092)
2058 Commits:
2059 - Only run `clone_persistent_storage()` method if requested. Fixes printing wrong
2060 write speed if Persistent Storage unlocked but unrequested.
2061 - Check `write_size` is not None or 0.0 before logging write speed.
2062 - refactor "wrote to device" into `@log_write_speed()` decorator
2063 - Rename `get_persistent_storage_backup_size` import and usage to match the new
2064 name from: https://gitlab.tails.boum.org/tails/tails/-
2065 /commit/8021cdae30af640537c4c234049b9d69b955f1cd?merge_request_iid=1335
2066 - fix wrong unit math should be Megabytes not Mebibytes
2067 - remove duplicated `PERSISTENCE_DIR` from config.py and import `from
2068 tailslib.persistence` instead.
2069 - rename: `get_persistent_storage_backup_size()` function to refer to the size of
2070 the backup / used space.
2071 - revert: "iff" was not a typo but an abbreviation that looks like one. Used full
2072 phrase for clarity.
2073 - switch to time.monotonic() which returns floating point seconds, remove unused
2074 datetime import
2075 - Move luks2 header size to function where it is used
2076 - Fix: use "s" as the symbol for "second" instead of "sec"
2077 - Add get_persistent_storage_size()
2078 - Add `luks2_header_size` and `persistence_mountpoint` keys
2079 - Add wrote to device at speed MB/sec INFO log to `clone_persistent_storage`
2081 * Allow Tor Browser to save files to Documents, Downloads, Music, Pictures,
2082 Videos and their subfolders (tails/tails!1333)
2084 Closes issues:
2085 - Allow Tor Browser to save files to Documents, Downloads, Music, Pictures,
2086 Videos and their subfolders (tails/tails#19255)
2088 Commits:
2089 - Make usages of "Bookmark" in the context unique.
2090 - Add set -u
2091 - Add set -u
2092 - Point submodule to the version with torbrowser-launcher!7 merged
2093 - fix paths to real binary.
2094 - Don't patch files if a simple hook is possible.
2095 - Make XDG dir tests passes.
2096 - make rubocop really happy.
2097 - Fix patches.
2098 - Run rubocop
2099 - Do file changes to xdg-user-dirs.desktop/user-dirs-update-gtk.desktop via
2100 patches.
2101 - The negative tests is failing, so removing it for the moment.
2102 - To select different desternation folders from bookmarks.
2103 - Make the tests for XDG User Dirs working.
2104 - Find the bookmarks an a German localized system.
2105 - Fix localized.feature tests.
2106 - don't ask the user to localize xdg user dirs.
2107 - Add autotests to make sure, we can use the XDG User Dirs correctly.
2108 - Make sure, that the xdg-user-dirs are not translated.
2109 - Update torbrowser-luncher Apparmor profile.
2111 * Fix Tails Cloner AttributeError: 'NoneType' object has no attribute 'props'
2112 (#18986) (tails/tails!1312)
2114 Closes issues:
2115 - Tails Cloner sometimes fails to format the newly created system partition
2116 (tails/tails#18986)
2118 Commits:
2119 - Remove useless @retry decorator
2120 - Fix typo
2121 - Remove retry decorator on non-idempotent method
2122 - Remove unused method
2123 - Remove unused method
2124 - Remove `get_system_partition` redundant for loop due to @retry decorator,
2125 remove some trailing white spaces
2126 - Change retry range from 10 to 11 so the last retry will be the 10th.
2127 - Fix: "No such interface" by adding @retry decorator function to problematic
2128 udisks methods closes #18986
2129 - Remove temporary debug print() statements
2130 - Set `_get_object` default prop='drive', use "block" arg for
2131 `try_getting_udisks_object`
2132 - add `props` param to `_get_object` so hasattr(obj, props) can be checked before
2133 return
2134 - Remove obsolete comment about 'NoneType' from old racy `_get_object`. New code
2135 raises exception.
2136 - Fix None object in unmount_device @ filesystem =
2137 self._get_object(udi).props.filesystem
2138 - Solves AttributeError: 'NoneType' object has no attribute 'props' (#18986)
2140 * Upgrade Thunderbird to 115.7
2142 -- Tails developers <tails@boum.org> Mon, 29 Jan 2024 13:04:11 +0100
2144 tails (5.21) unstable; urgency=medium
2146 * Upgrade to Tor Browser 13.0.7 based on Firefox 115.6 (tails/tails!1329)
2148 Closes issues:
2149 - Upgrade to Tor Browser based on Firefox 115.6 (tails/tails#20067)
2151 Commits:
2152 - Fetch Tor Browser from our own archive
2153 - Upgrade Tor Browser to 13.0.7-build1
2155 * Merge /lib/firmware → /usr/lib/firmware (tails/tails!1324)
2157 Closes issues:
2158 - Ensure Tails 5.x (Bullseye, non-/usr-merged) can load all the firmware we
2159 include (tails/tails#20075)
2161 Commits:
2162 - Merge /lib/firmware → /usr/lib/firmware (refs: tails/tails#20075)
2164 * upgrade kernel to 6.1.66 (tails/tails!1320)
2166 Commits:
2167 - upgrade kernel to 6.1.66
2169 * Upgrade Tor Browser to 13.0.6 (tails/tails!1316)
2171 Closes issues:
2172 - Tor Browser sometimes crashes when clicking the uBlock icon (tails/tails#20061)
2174 Commits:
2175 - Fetch Tor Browser from our own archive
2176 - Upgrade Tor Browser to 13.0.6
2178 * Help users when first-boot resizing fails and creates a semi-broken USB stick
2179 (tails/tails!1332)
2181 Closes issues:
2182 - Help users when first-boot resizing fails and creates a semi-broken USB stick
2183 (tails/tails#19912)
2185 Commits:
2186 - dialog text reflects our decision better
2187 - usrmerge won't break our code
2188 - set -o pipefail helps writing more robust code
2189 - rename utils for consistency
2190 - enable units (and rename them)
2191 - Apply 1 suggestion(s) to 1 file(s)
2192 - Actually send the report
2193 - Add forgotten report-disk-errors.pot to po/POTFILES.in
2194 - allow for report-disk-errors to be translated
2195 - break up text so it's easier to translate
2196 - better function name
2197 - show UI for partition resize errors
2198 - catch disk errors in flag file
2200 * enable bookworm-updates and switch to kernel 6.1.67 (tails/tails!1330)
2202 Closes issues:
2203 - Fix regressions introduced in Linux 6.1.66 (tails/tails#20086)
2204 - Upgrade to Linux 6.1.67 (tails/tails#20091)
2206 Commits:
2207 - enable bookworm-updates and switch to kernel 6.1.67
2209 * Localize the clock displayed in the GNOME top bar (tails/tails!1328)
2211 Closes issues:
2212 - Clock displayed by date@tails.boum.org is not localized (tails/tails#19895)
2214 Commits:
2215 - tails-get-date: sort import block
2216 - tails-get-date: reformat with Black
2217 - tails-get-date: Try LANG when LC_TIME is empty
2219 * Upgrade Linux to 6.1.66 on stable (tails/tails!1322)
2221 Closes issues:
2222 - Upgrade to Linux 6.1.66 (tails/tails#20072)
2224 Commits:
2225 - fixing line numbers in diff for #20033
2226 - fix prestera location
2227 - upgrade kernel to 6.1.66
2228 - Update the snapshot of the Debian archive to 2023121004
2230 * Resolve "Upgrade to tor 0.4.8.10" (tails/tails!1319)
2232 Closes issues:
2233 - Upgrade to tor 0.4.8.10 (tails/tails#20080)
2235 Commits:
2236 - upgrading tor to 0.4.8.10
2238 * fix prestera location (tails/tails!1314)
2240 Commits:
2241 - fix prestera location
2243 * Have CI enforce Ruff linting rules for files modified by MRs (tails/tails!1311)
2245 Closes issues:
2246 - Establish a coding standards baseline for our Python code base
2247 (tails/tails#19306)
2248 - Add Ruff configuration (tails/tails#20049)
2250 Commits:
2251 - Sort imports
2252 - refactor: plain text output is default
2253 - junit output for ruff CI test
2254 - explain differences
2255 - developers style guidelines for Python
2256 - apply CI suggestions
2257 - isort. check that CI finds problems in this file
2258 - fix references
2259 - resolve revisions to hash
2260 - more specific filtering
2261 - run ruff from CI
2263 * Fix incorrect check button label text when no target USB present
2264 (tails/tails!1308)
2266 Closes issues:
2267 - Starting Tails Cloner without target USB has wrong message (tails/tails#20063)
2269 Commits:
2270 - Resolve merge conflict of new formatting with changed `elif self.opts.partition
2271 or not self.get_selected_drive():` line.
2272 - Fix incorrect check button label text when no target USB present.
2274 * Make time synchronization more robust: replace unreliable web servers in
2275 htpdate pools (tails/tails!1307)
2277 Closes issues:
2278 - Some web servers in our htpdate pool return incorrect time (tails/tails#19923)
2280 Commits:
2281 - htpdate: replace www.thunderbird.net with www.gimp.org
2282 - htpdate: replace en.wikipedia.org with www.openpgp.org
2283 - htpdate: drop leap.se, replacing it with gnu.org, replacing it with
2284 nextcloud.com
2286 * tps error is in details, not in summary (tails/tails!1306)
2288 Closes issues:
2289 - Revisit how we prefill WhisperBack reports with information from tps
2290 (tails/tails#20048)
2292 Commits:
2293 - specify app that triggered the bug report
2294 - summary and details have separate headers
2296 * Tails Cloner: give more relevant "Backup Instructions" if clone Persistent
2297 Storage checked (tails/tails!1305)
2299 Commits:
2300 - Apply black formatting to `help_link.set_` lines in on_target_partition_changed
2301 - Removed incorrect white space after def
2302 on_check_button_clone_persistent_storage_toggled
2303 - Clone Persistent Storage Toggle should call `on_target_partitions_changed` with
2304 None argument since `combobox_target` parameter is unused.
2305 - Change misleading method name on_target_changed to on_target_partitions_changed
2306 - Show 'Backup Instructions' link if clone Persistent Storage checked
2308 * Fix Tails Cloner bug: button sensitivity or labels don't update if source or
2309 targets change #20042 (tails/tails!1302)
2311 Closes issues:
2312 - Tails Cloner: Upgrade stays sensitive if tick clone Persistent Storage then
2313 switch to a Tails target device (tails/tails#20042)
2315 Commits:
2316 - Fix Tails Cloner bug: button sensitivity or labels don't update if source or
2317 targets change #20042
2319 * Reformat Python code with Black and enforce via GitLab CI (tails/tails!1300)
2321 Commits:
2322 - Add typing
2323 - Use Optional[TYPE], more readable that Union[None, TYPE]
2324 - Document how to set up .git-blame-ignore-revs
2325 - Document .git-blame-ignore-revs a bit
2326 - Lint
2327 - Lint
2328 - More type hints fixes and modernization
2329 - Lint
2330 - Type hints don't have to be comments anymore
2331 - Move import to a type-checking block
2332 - Greeter: fix most type annotations and mypy errors
2333 - Lint
2334 - Add more revisions that git blame should ignore
2335 - Add .git-blame-ignore-revs, referencing the first reformatting with Black
2336 - Move "nosec blacklist" back where bandit honors it
2337 - GitLab CI: enforce Black formatting of Python code
2338 - Reformat with Black
2339 - Add Black configuration
2341 * Revert update to the Electrum incentive during our fundraiser
2342 (tails/tails!1284)
2344 Closes issues:
2345 - Update the language for Electrum incentive during the donation campaign
2346 (tails/tails#17822)
2348 Commits:
2349 - Revert "Update the Electrum incentive during our fundraiser"
2351 -- Tails developers <tails@boum.org> Thu, 21 Dec 2023 10:34:04 +0000
2353 tails (5.20) unstable; urgency=medium
2355 * Upgrade Thunderbird to 1:115.5.0-1~deb11u1
2357 * Upgrade Tor Browser to 13.0.4 (refs: tails/tails#20043) (tails/tails!1295)
2359 Closes issues:
2360 - Upgrade to Tor Browser 13.0.4 based on Firefox 115.5 (tails/tails#20043)
2362 Commits:
2363 - Upgrade Tor Browser to 13.0.4 (refs: tails/tails#20043)
2365 * fixing line numbers in diff for #20033 (tails/tails!1298)
2367 Commits:
2368 - fixing line numbers in diff for #20033
2370 * GitLab CI: ensure Rubocop compliance (tails/tails!1301)
2372 Closes issues:
2373 - Run Rubocop in GitLab CI (tails/tails#19307)
2375 Commits:
2376 - Fix regression introduced by partial renaming in
2377 5b46d28df4f40418cd6cde90b1fbbc9dd48b3c14
2378 - Test suite: remove duplicate step
2379 - Manually correct Rubocop offense
2380 - Test suite: simplifications prompted by Rubocop
2381 - Rubocop: replace obsolete parameters with their new names
2382 - Manually correct or disable Rubocop offenses
2383 - GitLab CI: test Rubocop compliance
2384 - rubocop --regenerate-todo
2385 - Manually correct or disable Rubocop offenses
2386 - Rubocop: relax a few limits
2387 - Manually correct or disable Rubocop offenses
2388 - rubocop --autocorrect--all
2389 - Rubocop: use 88 chars max line length
2390 - Rubocop: target Ruby 3.1 (Bookworm)
2391 - Test suite: work around the OSK not showing on new tabs
2392 - Rubocop: silence false positive
2393 - Test suite: fix more Rubocop offenses
2394 - Lint
2395 - Explain why we're retrying and future nicer workaround
2396 - Test suite: give some time when verifying that each action we took happened
2397 - Test suite: verify that ctrl+a selected all of the address bar
2398 - Test suite: don't focus the address bar in "open new tab" step
2399 - Test suite: make browser helper work for all browsers
2400 - Test suite: make Dogtail code work in all locales
2401 - Test suite: retry inputting the URL into the browser navigation bar if it
2402 failed (refs: tails/tails#20017)
2404 * Test suite: remove obsolete localization of UnsafeBrowserStartPage.png
2405 (tails/tails!1299)
2407 Closes issues:
2408 - Test suite: clean up obsolete localization of UnsafeBrowserStartPage.png
2409 (tails/tails#20038)
2411 Commits:
2412 - Test suite: remove obsolete localization of UnsafeBrowserStartPage.png
2414 * explain locale descriptions RM process (tails/tails!1297)
2416 Closes issues:
2417 - Explain how to inspect the locale-descriptions diff during the release process
2418 (tails/tails#20037)
2420 Commits:
2421 - clarify what to do when inspecting
2422 - Update PO files.
2423 - comment po-to-mozilla.toml
2424 - clarifies relationship between code and process
2426 * Draft: Resolve "devel branch FTBFS since the upgrade to uBlock 1.53"
2427 (tails/tails!1296)
2429 Commits:
2430 - Ensure tails-debugging-info does not crash in case lsblk returns a non-zero
2431 exit code
2432 - Include more information about the boot device partition and filesystem layout
2433 in WhisperBack reports
2434 - partitioning: always "set -x"
2435 - Include /var/log/boot.log in WhisperBack reports
2436 - automailer supports content-type: html
2437 - automailer: multiple x-attach fields
2438 - Test suite: give sysadmins a chance to update OpenPGP keys before we fail
2440 * tps: various bug fixes (tails/tails!1294)
2442 Closes issues:
2443 - tpsd: TypeError: exceptions must derive from BaseException (tails/tails#20011)
2445 Commits:
2446 - Simplify
2447 - tps: use logger object consistently
2448 - Remove now unused variable
2449 - tps: don't log exception object twice
2450 - tps: fix reporting of errors about refreshing state of features
2451 - tps: Fix "return" used instead of "raise"
2453 * Emacs: configure the perlnavigator Perl Language Server when used with the
2454 Eglot LSP client (tails/tails!1291)
2456 Commits:
2457 - Emacs: configure the perlnavigator Perl Language Server when used in
2458 combination with the Eglot LSP client
2460 * misc whisperback improvements (tails/tails!1290)
2462 Closes issues:
2463 - Whisperback is only displayed in English (tails/tails#20040)
2464 - Too many WhisperBack reports without description (tails/tails#19351)
2465 - tails-debugging-info is available to amnesia-level attacker (tails/tails#19997)
2467 Commits:
2468 - Fix what these comments are about
2469 - Remove useless comment
2470 - remove useless a11y code
2471 - sort import modules better with isort
2472 - Update comment
2473 - WhisperBack: remove useless shebangs on files that are not meant to be executed
2474 - Remove unused variable
2475 - Remove unused variable
2476 - WhisperBack: reformat with black
2477 - WhisperBack: remove useless inheritance from object class
2478 - WhisperBack: remove About dialog
2479 - Improve phrasing
2480 - Sort imports
2481 - hidden_msg → details
2482 - add a middle "technical details" frame
2483 - headers are not editable
2484 - remove dead code
2485 - remove useless instance variable
2486 - Test suite: fix typo in WhisperBack name, improve phrasing of scenarios and
2487 steps
2488 - put fields in bold, html markup only if needed
2489 - use whisperback css to clean padding
2490 - add trailing ellipsis
2491 - more space between textareas
2492 - ignore temporary files
2493 - improve python linting
2494 - don't maximize automatically
2495 - UI matches design more closely
2496 - report has more prefilled data
2497 - tps sends more informative reports
2498 - TPS sends prefill data to WhisperBack
2499 - whisperback supports being prefilled
2500 - redesign Whisperback UI
2501 - Test whisperback
2502 - automatic tests changed to reflect #19997
2503 - fix whisperback localization
2504 - only whisperback can read debug logs
2506 * Make WhisperBack reports quicker to triage and possibly more actionable wrt.
2507 unusual or buggy boot device partition topology (tails/tails!1289)
2509 Commits:
2510 - Ensure tails-debugging-info does not crash in case lsblk returns a non-zero
2511 exit code
2512 - Include more information about the boot device partition and filesystem layout
2513 in WhisperBack reports
2514 - partitioning: always "set -x"
2515 - Include /var/log/boot.log in WhisperBack reports
2517 * Ensure uBlock does not download and enable additional per-region/language
2518 blocklists (tails/tails!1287)
2520 Closes issues:
2521 - uBlock enables and downloads per-region/language additional blocklists
2522 (tails/tails#20022)
2524 Commits:
2525 - code slightly more readable
2526 - extra newline makes reading easier
2527 - Avoid fingerprinting by refreshing uBlock lists
2528 - Ensure uBlock does not download and enable additional per-region/language
2529 blocklists
2531 * automailer: more featuresss (tails/tails!1286)
2533 Commits:
2534 - automailer supports content-type: html
2535 - automailer: multiple x-attach fields
2537 * Update the Electrum incentive during our fundraiser (tails/tails!1283)
2539 Closes issues:
2540 - Update the language for Electrum incentive during the donation campaign
2541 (tails/tails#17822)
2543 Commits:
2544 - Make comment match updated frequency
2545 - Clarify test instructions
2546 - Document how to test the incentives
2547 - Update the Electrum incentive during our fundraiser
2549 * Fix IUK test suite and make it test what it was meant to (tails/tails!1282)
2551 Closes issues:
2552 - iuk test suite fails on sid: "A: constructing full path: invalid argument."
2553 (tails/tails#20029)
2555 Commits:
2556 - IUK test suite: fix the ownership test
2557 - IUK test suite: fix test for existence of file in SquashFS
2558 - IUK test suite: ensure we can read the files we're going to pack
2559 - IUK test suite: fix argument matching
2561 * Test suite: retry inputting the URL into the browser navigation bar if it
2562 failed (tails/tails!1277)
2564 Closes issues:
2565 - Make opening URLs in the browser in the test suite reliable again
2566 (tails/tails#20017)
2568 Commits:
2569 - Test suite: work around the OSK not showing on new tabs
2570 - Rubocop: silence false positive
2571 - Test suite: fix more Rubocop offenses
2572 - Lint
2573 - Explain why we're retrying and future nicer workaround
2574 - Test suite: give some time when verifying that each action we took happened
2575 - Test suite: verify that ctrl+a selected all of the address bar
2576 - Test suite: don't focus the address bar in "open new tab" step
2577 - Test suite: make browser helper work for all browsers
2578 - Test suite: make Dogtail code work in all locales
2579 - Test suite: retry inputting the URL into the browser navigation bar if it
2580 failed (refs: tails/tails#20017)
2582 * Test suite: give sysadmins a chance to update OpenPGP keys before failing
2583 (tails/tails!1275)
2585 Commits:
2586 - Test suite: give sysadmins a chance to update OpenPGP keys before we fail
2588 * Tor blog post: shift all headings 1 level further (tails/tails!1270)
2590 Commits:
2591 - Tor blog post: shift all headings 1 level further
2593 * Test suite: allow Thunderbird to connect to test email server even if it's
2594 within RFC1918 range (tails/tails!1268)
2596 Commits:
2597 - Test suite: allow Thunderbird to connect to test email server even if it's
2598 within RFC1918 range
2599 - Refactoring: extract code to method
2600 - Move method to a more appropriate location
2602 * Add script to recover lost translations (tails/tails!1263)
2604 Commits:
2605 - Improve script documentation
2606 - Do not try to recover obsolete translations
2607 - use wrapwidth also for parsing.
2608 - also copy msgstr.
2609 - simplyfy logic.
2610 - Use argparser and add width support.
2611 - merge does too much -> create a own copy method.
2612 - Add Recover-lost-translationy.py
2614 * simplify locale-descriptions update during RM (tails/tails!1187)
2616 Commits:
2617 - fix pipeline doctest dependencies
2618 - fix output
2619 - output is sanitized and checked
2620 - doctest
2621 - suggest mozilla-compatible locales
2622 - clarify doc
2623 - update locale descriptions
2624 - always show the second suggestion block
2625 - fix dependencies
2626 - documentation available to people that need to fix
2627 - integrate with Gitlab CI
2628 - more detailed process
2629 - non-copypastable suggestions are more exhaustive
2630 - separate generate and suggest usecases
2631 - map more languages using semi-automated tool
2632 - black reformatting
2633 - comments clarifying language
2634 - automatically get suggestions
2635 - refactor code
2636 - some languages needs to be added anyway
2637 - fix spanish
2638 - follow new process, new mozilla descriptions file
2639 - change approach: only partially automated
2640 - automatically generate locale list
2642 -- Tails developers <tails@boum.org> Mon, 27 Nov 2023 12:54:50 +0100
2644 tails (5.19.1) unstable; urgency=medium
2646 * Upgrade tor to 0.4.8.9 (tails/tails!1285)
2648 Closes issues:
2649 - Upgrade to tor 0.4.8.9 (tails/tails#20031)
2651 Commits:
2652 - Upgrade tor to 0.4.8.9 (refs: tails/tails#20031)
2654 * upgrade to tor 0.4.8.8 (tails/tails!1281)
2656 Closes issues:
2657 - Upgrade to tor 0.4.8.8 (tails/tails#20018)
2659 Commits:
2660 - upgrade to tor 0.4.8.8
2662 * Test suite: adapt to subtle UI change in Thunderbird 115.4.1 (tails/tails!1271)
2664 Closes issues:
2665 - Thunderbird test fails: can't find received test email in the UI while it's
2666 there (tails/tails#20008)
2668 Commits:
2669 - Test suite: adapt to subtle UI change in Thunderbird 115.4.1
2671 * Help the RM when we FTBFS during release process due to an unused APT source
2672 (tails/tails!1269)
2674 Closes issues:
2675 - FTBFS during release process when an unused APT source is configured
2676 (tails/tails#20009)
2678 Commits:
2679 - Use clearer grep --recursive instead of rgrep
2680 - Help the RM when we FTBFS during release process due to an unused APT source
2682 -- Tails developers <tails@boum.org> Tue, 14 Nov 2023 11:55:39 +0100
2684 tails (5.19) unstable; urgency=medium
2686 * Upgrade to Tor Browser 13.0.1 based on Firefox 115.4 (tails/tails!1265)
2688 Closes issues:
2689 - Upgrade to Tor Browser 13.0.1 based on Firefox 115.4 (tails/tails#19994)
2691 Commits:
2692 - Tor Browser release process: adjust one more thing to new tarball naming scheme
2693 - Upgrade Tor Browser to 13.0.1 (refs: tails/tails#19994)
2695 * Update to Thunderbird 115 and re-enable Thunderbird automated tests
2696 (tails/tails!1258)
2698 Closes issues:
2699 - Fix and re-enable "I can send emails, and receive emails over IMAP" automated
2700 test: Certificate handling on Jenkins needs updating for Thunderbird 102
2701 (tails/tails#19193)
2702 - Update to Thunderbird 115 (tails/tails#19885)
2704 Commits:
2705 - Test suite: remove unused step
2706 - Test suite: adapt steps for changes in Thunderbird 115 (refs:
2707 tails/tails#19885)
2708 - Test suite: dont import isotesters' snakeoil SSL cert anymore
2709 - Test suite: re-enable "I can send emails, and receive emails over IMAP" test
2710 - Update Thunderbird patches from
2711 tails/thunderbird@b8b54f4bb25b028171be3b7548f2b7d309d5b61d
2713 * Refresh Thunderbird patch (tails/tails!1257)
2715 Commits:
2716 - Refresh Thunderbird patch
2718 * Tor Browser 13 (tails/tails!1232)
2720 Closes issues:
2721 - Upgrade to Tor Browser 13 based on Firefox 115 (tails/tails#19478)
2723 Commits:
2724 - Test suite: adapt test to Tor Browser's download dialog having random roles
2725 - Browsers: hide the bookmark toolbar
2726 - Escape "." that's meant as a literal char, rather than a special regepx char
2727 - Test suite: don't assign an assignment :)
2728 - Test suite: add image due to new Italian translation
2729 - Test suite: move browser-related scenarios from common_steps.rb to browser.rb
2730 - Test suite: don't use translated string in Dogtail
2731 - Test suite: adapt scenario for Tor Browser's New Identity feature vs version
2732 13.0
2733 - Test suite: rename step
2734 - Fix indentation
2735 - Tor Browser: hide Tor donation campaign in about:tor
2736 - 10-tbb: don't create the profile directory outside of create_default_profile()
2737 - Test suite: make sure browser URL bar is focused and ready for interaction
2738 - Test suite: refactor
2739 - Simplify
2740 - Test suite: bump images for Tor Browser 13.0
2741 - Upgrade Tor Browser to final 13.0 (refs: tails/tails#19478)
2742 - Update (last time!) AppArmor policy for Tor Browser 13 (refs:
2743 tails/tails#19478)
2744 - onion-grater: log the rewrite of CIRC CLOSED events when tor-browser-mode is
2745 enabled
2746 - Update AppArmor policy for Tor Browser 13
2747 - onion-grater: make the circuit leak prevention compatible with Tor Browser 13
2748 - Upgrade Tor Browser to 13.0a6 (refs: tails/tails#19478)
2749 - Upgrade Tor Browser to 13.0a5-build1 (refs: tails/tails#19478)
2750 - Test suite: adapt test to Tor Browser 13.0a4's file download UX (refs:
2751 tails/tails#19478)
2752 - Upgrade Tor Browser to 13.0a4 (refs: tails/tails#19478)
2753 - Update (again) AppArmor policy for Tor Browser 13 (refs: tails/tails#19478)
2754 - Test suite: bump images
2755 - Test suite: optimize
2756 - Test suite: fix test where method names were mixed up
2757 - Test suite: German uses a new separator in Tor Browser 13
2758 - Adapt for new Tor Browser tarball naming scheme.
2759 - Upgrade Tor Browser to 13.0a3-build1 (refs: tails/tails#19478)
2760 - onion-grater: craft correct empty answers for `getinfo circuit-status`
2761 - Clean up unnecessary json data
2762 - Tor Browser: allow subscribing to CIRC events via onion-grater
2763 - Unsafe Browser: disable uBlock Origin
2764 - Update AppArmor policy for Tor Browser 13 (refs: tails/tails#19478)
2765 - Browsers: hide warning when downloading files
2766 - Test suite: revert from setting browser url with Dogtail's .text= to
2767 @screen.paste()
2768 - 10-tbb: sanity check that we migrated everything from TBB's profile
2769 - 10-tbb: clean up TorBrowser sub-dir properly
2770 - 10-tbb: remove potential residual file from inside omni.ja
2771 - 10-tbb: adapt for upgrade to Tor Browser 13 (refs: tails/tails#19478)
2772 - Upgrade Tor Browser to 13.0a2-build2
2774 * add image for new translation (tails/tails!1264)
2776 Closes issues:
2777 - Fix "Tails is localized for every tier-1 language, Examples (#6)"
2778 (tails/tails#20002)
2780 Commits:
2781 - add image for new translation
2783 * Upgrade to Linux 6.1.55-1 (tails/tails!1266)
2785 Closes issues:
2786 - Upgrade to Linux 6.1.55 (tails/tails#20004)
2788 Commits:
2789 - Upgrade to linux-image-6.1.0-13-amd64 (currently at version 6.1.55-1)
2791 * Avoid errors when publishing UDFs (tails/tails!1260)
2793 Commits:
2794 - run test from the right directory
2795 - fix: diff-index exit code
2796 - Apply 1 suggestion(s) to 1 file(s)
2797 - less git commit errors
2798 - manually check test udf
2799 - More checks where I do errors
2801 * Upgrade to Bullseye 11.8, tor 0.4.8.7, and OnionCircuits 0.8 (tails/tails!1259)
2803 Closes issues:
2804 - Onion Circuits: please allow copying relay information (tails/tails#12114)
2805 - OnionCircuits uses deprecated functions (tails/tails#19917)
2806 - Replicate Vidalia's ability to close arbitrary circuits (tails/tails#8927)
2807 - Release Onion Circuits 0.8 (tails/tails#19963)
2808 - Upgrade to tor 0.4.8.7 (tails/tails#19978)
2809 - Upgrade to Bullseye 11.8 (tails/tails#19957)
2811 Commits:
2812 - Add comment
2813 - onion-grater: allow OnionCircuits to close arbitrary circuits
2814 - Install OnionCircuits from sid (currently 0.8)
2815 - Upgrade to tor 0.4.8.7
2816 - Upgrade to Bullseye 11.8
2818 * post-5.18 release improvements (tails/tails!1254)
2820 Commits:
2821 - Apply 3 suggestion(s) to 2 file(s)
2822 - plan next RM shift
2823 - link URLs
2824 - locale-independent output for date
2825 - tests can be selected passing arguments
2826 - announce-and-seed-torrents a bit more idempotent
2827 - set -eu is nicer
2828 - clarify what to do in case of "no"
2829 - better merge-main-branch question
2830 - some tips on configuring automailer
2831 - some info on how to configure automailer
2832 - thunderbird command can be customized
2834 * Install sq-keyring-linter (tails/tails!1248)
2836 Closes issues:
2837 - Add sq-keyring-linter to Tails images (tails/tails#19970)
2839 Commits:
2840 - Install sq-keyring-linter
2842 * fix deprecation warning (tails/tails!1140)
2844 Closes issues:
2845 - date GNOME Shell extension uses deprecated JavaScript (tails/tails#19021)
2847 Commits:
2848 - usage of object.actor is deprecated
2849 - fix deprecation warning
2851 -- Tails developers <tails@boum.org> Mon, 30 Oct 2023 07:45:10 +0000
2853 tails (5.18) unstable; urgency=medium
2855 * Resolve "Upgrade Tor Browser to 12.5.6" (tails/tails!1253)
2857 Closes issues:
2858 - Upgrade Tor Browser to 12.5.6 (tails/tails#19983)
2860 Commits:
2861 - Fetch Tor Browser from our own archive
2862 - Upgrade Tor Browser to 12.5.6
2864 * Update tor to 0.4.8.6 (tails/tails!1252)
2866 Closes issues:
2867 - Upgrade to tor 0.4.8.6 (tails/tails#19977)
2869 Commits:
2870 - Update tor to 0.4.8.6
2872 * Upgrade to Linux linux-image-6.1.0-12-amd64 (currently version 6.1.52-1)
2873 (tails/tails!1250)
2875 Closes issues:
2876 - Upgrade to Linux 6.1.52 (DSA 5492-1) (tails/tails#19967)
2878 Commits:
2879 - Refresh webext-ublock-origin-firefox patch vs 1.51.0+dfsg-2
2880 - Update the snapshot of the Debian archive to 2023092602
2881 - Upgrade to Linux linux-image-6.1.0-12-amd64 (currently version 6.1.52-1)
2883 * Upgrade to Tor Browser 12.5.5 (tails/tails!1249)
2885 Closes issues:
2886 - Upgrade to Tor Browser 12.5.5 (tails/tails#19980)
2888 Commits:
2889 - Fetch Tor Browser from our own archive
2890 - Get ready for upcoming "git-annex sync" behavior change
2891 - Upgrade Tor Browser to 12.5.5
2893 * Fix cryptsetup backport (tails/tails!1240)
2895 Commits:
2896 - Clarify reason why we install our cryptsetup backport
2897 - Temporarily pin our cryptsetup 2:2.6.1-4~deb11u1~tails1 backport
2898 - Needed package update: add exception for cryptsetup
2899 - Enable the fix-cryptsetup-backport APT overlay
2901 * Test suite: ensure node is focused after node.grabFocus (tails/tails!1235)
2903 Commits:
2904 - Test suite: drop grabFocus workaround + simplify
2905 - Test suite: drop grabFocus workaround + simplify
2906 - Test suite: mechanically drop workaround that is now part of grabFocus
2907 - Test suite: ensure node is focused after node.grabFocus
2909 * Defer the chutney bootstrap check until we need Tor (tails/tails!1179)
2911 Commits:
2912 - keep-snapshots is better avoided for release
2913 - move script to its own file
2914 - waiting chutney starts *after* test suite started
2915 - test-rerun waits for chutney to be bootstrapped
2916 - Release process: document how to run `chutney wait_for_bootstrap`
2917 - Test suite: make --disable-chutney work again
2918 - Test suite: be more careful about when we require Chutney to have bootstrapped
2919 - Test suite: disable the network for the VM by default
2920 - Test suite: debug_log chutney events instead of puts:ing
2921 - Test suite: defer the chutney bootstrap check until we need Tor
2923 -- Tails developers <tails@boum.org> Mon, 02 Oct 2023 11:26:32 +0200
2925 tails (5.17.1) unstable; urgency=medium
2927 * Upgrade Tor Browser to 12.5.4 (tails/tails!1244)
2929 Closes issues:
2930 - Upgrade TorBrowser to 12.5.4 (tails/tails#19972)
2932 Commits:
2933 - Upgrade Tor Browser to 12.5.4 (refs: tails/tails#19972)
2935 * Update tor to 0.4.8.5 (tails/tails!1241)
2937 Closes issues:
2938 - Support conflux circuits (tails/tails#19879)
2939 - Upgrade to tor 0.4.8.x (tails/tails#19952)
2941 Commits:
2942 - Update tor to 0.4.8.5 (refs: tails/tails#19952)
2944 * Add $HOME/.local/bin to $PATH if it exists (tails/tails!1237)
2946 Commits:
2947 - Add $HOME/.local/bin to $PATH if it exists Update .profile
2949 -- Tails developers <tails@boum.org> Thu, 14 Sep 2023 20:06:20 +0200
2951 tails (5.17) unstable; urgency=medium
2953 * Upgrade Thunderbird to 1:102.15.0-1~deb11u1
2955 * tps: make is_upgraded() require a single upgraded keyslot (tails/tails!1209)
2957 Closes issues:
2958 - Upgrading Persistent Storage times out on some systems and displays an error in
2959 the Welcome Screen but succeeds in the background (tails/tails#19728)
2961 Commits:
2962 - tps: revert commented out code that was committed by mistake
2963 - Enable the 19728-tps-upgrade-check-vs-corrupt-keys APT overlay (refs:
2964 tails/tails#19728).
2965 - tps: drop parsing of luksDump and use JSON instead
2966 - Avoid variables named "match" which is a Python >= 3.10 keyword
2967 - tps: assign variable to regexp for readability
2968 - Update comment.
2969 - Welcome screen: bump timeout for activating persistence from 2m to 5m
2970 - Welcome Screen: drop timeout for upgrading the persistent storage
2971 - tps: redact sensitive information from luksDump in the logs
2972 - tps: use more redable re.MULTILINE instead of re.M alias
2973 - tps: make is_upgraded() require a single upgraded keyslot
2975 * Upgrade Tor Browser to 12.5.3 (tails/tails!1238)
2977 Closes issues:
2978 - Remove obsolete config/chroot_local-includes/usr/share/live/config/xserver-
2979 xorg/*.ids (tails/tails#19330)
2981 Commits:
2982 - Fetch Tor Browser from our own archive
2983 - Upgrade Tor Browser to 12.5.3-build1
2985 * Test suite: capture needed-package-updates's output by on failure
2986 (tails/tails!1236)
2988 Commits:
2989 - Tets suite: capture needed-package-updates's output by on failure
2991 * Enable all available printers. (tails/tails!1234)
2993 Commits:
2994 - Enable all available printers.
2996 * Test suite: make changing Persistent Storage passphrase, and deleting
2997 Persistent Storage, more robust (tails/tails!1231)
2999 Closes issues:
3000 - Flaky tests: Changing the Persistent Storage passphrase, deleting Persistent
3001 Storage (tails/tails#19950)
3003 Commits:
3004 - Add comment
3005 - Test suite: make deleting the Persistent Storage more robust
3006 - Test suite: make changing Persistent Storage passphrase more robust
3008 * Remove manual manipulation of env of start-systemd-desktop-target
3009 (tails/tails!1229)
3011 Closes issues:
3012 - Simplify start-systemd-desktop-target (tails/tails#16968)
3014 Commits:
3015 - Remove manual manipulation of env of start-systemd-desktop-target
3017 * Install printer-driver-brlaser (tails/tails!1228)
3019 Closes issues:
3020 - Install printer-driver-brlaser (tails/tails#18254)
3022 Commits:
3023 - Install printer-driver-brlaser
3025 * Remove the plymouth.ignore-udev hack (tails/tails!1224)
3027 Closes issues:
3028 - Check if we can get rid of the plymouth.ignore-udev hack in tails-gdm-failed-
3029 to-start.service (tails/tails#16964)
3031 Commits:
3032 - Remove the plymouth.ignore-udev hack.
3034 * Resolve "Document how to deal with virt-viewer's CSD" (tails/tails!1223)
3036 Closes issues:
3037 - Document how to deal with virt-viewer's CSD (tails/tails#19941)
3039 Commits:
3040 - Make sure Tails APT signing key is trusted
3041 - Update apt to ensure that apt-cache policy will present a candidate
3042 - Test suite: check that virt-viewer is not affected by tails/tails#19064
3043 - Set up automated test suite so it is not affected by tails/tails#19064
3045 * Display binary package names if not everything needs an update
3046 (tails/tails!1220)
3048 Closes issues:
3049 - Prevent version mismatches among binary packages from src:linux
3050 (tails/tails#16375)
3052 Commits:
3053 - fix loop over issues
3054 - Reformat with black
3055 - Display binary package names· if not everything needs an update tails#16375
3057 * Misc post-release fixes (tails/tails!1219)
3059 Closes issues:
3060 - Lack of regex support in Dogtail's child method breaks Thunderbird tests
3061 (tails/tails#19928)
3063 Commits:
3064 - Add comment
3065 - Rewrite regexp to fit in Dogtail syntax
3066 - test suite supports regexp
3067 - workaround test hidden in test suite
3068 - locale-independent output for date
3070 * RM doc updates (tails/tails!1218)
3072 Commits:
3073 - Apply 1 suggestion(s) to 1 file(s)
3074 - twitter credentials explained
3075 - expected timing updated
3076 - follow links!
3077 - list possible stages in rm-config help
3078 - explicitly say which stage we're in now
3079 - fix python strings
3080 - black reformatting
3081 - standardize locale
3083 * GitLab CI: allow forcing to run a pipeline by setting $CI_FORCE_RUN
3084 (tails/tails!1214)
3086 Commits:
3087 - GitLab CI: allow forcing to run a pipeline by setting $CI_FORCE_RUN
3089 * Rename Tails Installer as Tails Cloner (tails/tails!1200)
3091 Closes issues:
3092 - Rename Tails Installer as Tails Cloner (tails/tails#16907)
3094 Commits:
3095 - Rename Tails Installer as Tails Cloner
3097 * Add script to detect needed package updates from Debian (tails/tails!1155)
3099 Closes issues:
3100 - Prevent version mismatches among binary packages from src:linux
3101 (tails/tails#16375)
3102 - Track security updates during the Tails code freeze (tails/tails#14728)
3104 Commits:
3105 - Release process: add special mention for the needed package update test
3106 - Print error instead of trigger an exception.
3107 - Use highest package version if multiple are available.
3108 - Reformat with black
3109 - Test suite setup doc: update dependencies
3110 - Fix typo
3111 - Use the Ultimate Debian Database (UDD) directly.
3112 - Lint
3113 - Test suite: document new dependencies
3114 - Test suite: ensure frozen packages are up-to-date
3115 - Needed package update: add exception
3116 - APT: switch to pinning via source package when relevant
3117 - Fix logic to detect an issue correctly.
3118 - Reformat with black
3119 - Lint
3120 - make mypy happy again.
3121 - Fix logic to return errcode 0 if no issue is shown.
3122 - move SUITES into part of Madison.
3123 - make madison a local variable
3124 - More linting
3125 - Preserve type
3126 - Have default value be the correct type
3127 - Reformat with black
3128 - Use consistent terminology
3129 - Start linting new script
3130 - Sort imports
3131 - Remove unused import
3132 - Fix typo
3133 - Update comments
3134 - use qa.debian.org Madison API
3135 - restructure the config file to handle also distribution.
3136 - Simplify logic.
3137 - Fix type annotations.
3138 - Always query stable-security's version to and request update..
3139 - Query also stable-secuirty for updates.
3140 - We should first look for the source, as we have only query source package
3141 names.
3142 - Only add metadata, when available.
3143 - Add script to detect needed package updates from Debian
3145 -- Tails developers <tails@boum.org> Mon, 04 Sep 2023 09:10:16 +0000
3147 tails (5.16.1) unstable; urgency=medium
3149 * Mitigate Downfall and INCEPTION speculative-execution vulnerabilities
3150 (tails/tails!1215)
3152 Closes issues:
3153 - Fix Downfall and INCEPTION speculative-execution vulnerabilities
3154 (tails/tails#19937)
3156 Commits:
3157 - Update SquashFS sort file manually
3158 - Upgrade to Linux linux-image-6.1.0-11-amd64 (currently version 6.1.38-4)
3160 * onion-grater: deal with race condition in my_circuits() (tails/tails!1212)
3162 Closes issues:
3163 - Circuits view sometimes not displayed in Tor Browser, possibly related onion-
3164 grater exception and dropped restricted stream event (tails/tails#19897)
3166 Commits:
3167 - onion-grater: deal with race condition in my_circuits()
3169 * automailer.py: add support for notmuch (tails/tails!1213)
3171 Closes issues:
3172 - automailer.py: add support for notmuch (tails/tails#19932)
3174 Commits:
3175 - automailer: remove duplicate variable
3176 - automailer (notmuch): add support for attachments
3177 - Reformat with black
3178 - automailer: refactoring (extract code to function)
3179 - automailer: lint
3180 - automailer: name parameter instead of relying on position
3181 - automailer (notmuch): use the specified email body
3182 - automailer: simplify
3184 * Add options verification to Tails shell library (tails/tails!1211)
3186 Closes issues:
3187 - Tails shell library should verify that it is called set -e -u
3188 (tails/tails#6588)
3190 Commits:
3191 - Replace backticks with single quotes to prevent command substitution
3192 - Add another options verification to Tails shell library
3193 - Add options verification to Tails shell library
3195 * simplify and fix automailer parser config (tails/tails!1210)
3197 Closes issues:
3198 - generate-call-for-trusted-reproducer is broken: TypeError: add_parser_mailer()
3199 missing 1 required positional argument: 'config' (tails/tails#19929)
3201 Commits:
3202 - simplify and fix automailer parser config
3204 * create_box.sh: fix IMG_SIZE parsing on Debian Sid (tails/tails!1208)
3206 Closes issues:
3207 - Creating basebox broken on Debian Sid (tails/tails#19927)
3209 Commits:
3210 - create_box.sh: use jq for json parsing instead of awk
3211 - create_box.sh: fix IMG_SIZE parsing on Debian Sid
3213 * Test suite: make --view and --vnc-server-only compatible with Wayland without
3214 sudo (tails/tails!1203)
3216 Commits:
3217 - Make shellcheck happy
3218 - Test suite: send arbitrary options to x11vnc via the TAILS_X11VNC_OPTS
3219 environment variable
3220 - Test suite: make --view and --vnc-server-only compatible with Wayland
3222 * Initialize passphrase strength hint as blank, don't show 0%! (tails/tails!1202)
3224 Closes issues:
3225 - Passphrase strength meter initially shows 0% (tails/tails#19918)
3227 Commits:
3228 - Update passphrase_view.py to remove "0%" and display blank hint initially
3229 - Update passphrase_dialog.py to not display "0%" as strength hint before the
3230 user types anything
3231 - Update change_passphrase_dialog.py to have a blank default hint instead of "0%"
3232 until user types
3234 -- Tails developers <tails@boum.org> Mon, 14 Aug 2023 15:11:40 +0200
3236 tails (5.16) unstable; urgency=medium
3238 * Upgrade to Thunderbird 1:102.14.0-1~deb11u1
3240 * Upgrade to Linux 6.1.38-2
3242 * Upgrade to Tor Browser 12.5.2 (Firefox 102.14) (tails/tails!1207)
3244 Closes issues:
3245 - Upgrade to Tor Browser 12.5.2 (Firefox 102.14) (tails/tails#19889)
3247 Commits:
3248 - Fetch Tor Browser from our own archive
3249 - Upgrade Tor Browser to 12.5.2
3251 * Install amd64-microcode from Debian security (tails/tails!1204)
3253 Closes issues:
3254 - Upgrade to Linux 6.1.38 and amd64-microcode 3.20230719.1 (tails/tails#19888)
3256 Commits:
3257 - Install amd64-microcode from Debian security
3259 * Test suite: ensure tails-debugging-info does not crash (tails/tails!1206)
3261 Closes issues:
3262 - Automated tests for Whisperback (tails/tails#19881)
3264 Commits:
3265 - Remove obsolete justification
3266 - Update comment
3267 - Stop installing inotify-tools
3268 - Drop obsolete /run/tordate
3269 - WhisperBack: move huge "lsusb --verbose" below info that's more often used
3270 - Test suite: ensure tails-debugging-info does not crash
3272 * Test suite: ignore exception if LAN web server is kill():ed before we wait()
3273 (tails/tails!1199)
3275 Commits:
3276 - Test suite: ignore exception if LAN web server is kill():ed before we wait()
3278 * onion-grater: make my_circuits() handle unattached streams correctly
3279 (tails/tails!1198)
3281 Commits:
3282 - Compare to None with identity, not equality
3283 - onion-grater: make my_circuits() handle unattached streams correctly
3285 * Turn off capitalization to make passphrase suggestion easier to type.
3286 (tails/tails!1197)
3288 Commits:
3289 - Turn off capitalization to make passphrase suggestion easier to type.
3291 * Doc updates for 5.15 (tails/tails!1194)
3293 Closes issues:
3294 - More robust UDF signing (tails/tails#19665)
3296 Commits:
3297 - Re-add anchor
3298 - UDFs signature check
3299 - variables, not constants!
3300 - less bogus usages of cat
3301 - login cmdline option useful in testing again
3302 - more usages for automailer
3303 - fix rc/final check
3304 - automatic manual testing email
3305 - automailer supports attachments
3306 - kernel cmdline options make instructions simpler
3307 - black reformatting
3308 - automailer: set default in configuration file
3309 - more automailer
3310 - clarify what's inside the "If" statement
3311 - Update PO files takes longer than you think
3312 - let's remove useless sections early
3313 - more automailer
3314 - tbb upgrade: clarify norm vs exception
3315 - tbb upgrade: chdir in subshell
3316 - tbb upgrade: add ma1 repository
3318 -- Tails developers <tails@boum.org> Sun, 06 Aug 2023 10:32:57 +0000
3320 tails (5.15.1) unstable; urgency=medium
3322 * Emergency fix: fix whisperback reporting
3324 -- Tails developers <tails@boum.org> Tue, 11 Jul 2023 13:20:32 +0200
3326 tails (5.15) unstable; urgency=medium
3328 * Resolve "Upgrade Tor Browser to 12.5.1" (tails/tails!1195)
3330 Closes issues:
3331 - Upgrade Tor Browser to 12.5.1 (tails/tails#19724)
3333 Commits:
3334 - Fetch Tor Browser from our own archive
3335 - Upgrade Tor Browser to 12.5.1-build1
3337 * onion-grater: fix the stream ownership check (tails/tails!1184)
3339 Closes issues:
3340 - onion-grater stream ownership check is very buggy resulting in restrict-stream-
3341 events being broken (tails/tails#19741)
3343 Commits:
3344 - spare typing
3345 - turn on debug automatically based on cmdline
3346 - no stream belongs to pid-based matching
3347 - onion-grater: log events dropped by restrict-stream-events
3348 - onion-grater: only use address comparison for event ownership
3349 - Test suite: test that Tor Browser's circuit view is working
3350 - Upgrade Tor Browser to 12.5-build2
3351 - Test suite: wait longer for Unsafe Browser's zenity dialogs
3352 - Browsers: deal with another extension directory from TBB 12.5 (refs:
3353 tails/tails#19724)
3354 - Browsers: update to new fontconfig path for Tor Browser 12.5 (refs
3355 tails/tails#19742)
3356 - Test suite: remove useless torified_browsing.rb
3357 - Test suite: adapt test to Tor Browser's new file download UX (refs:
3358 tails/tails#19724)
3359 - Test suite: embed old image next to match in automatic image bumping mode
3360 - Defer lyrebird → obfs4proxy renaming
3361 - Upgrade Tor Browser to 12.5.0-build1 (refs: tails/tails#19724)
3362 - Browsers: add new locales supported by Tor Browser 12.5 (refs:
3363 tails/tails#19724)
3364 - Upgrade Tor Browser to 12.5a7 (refs: tails/tails#19724)
3365 - onion-grater: fix the stream ownership check (refs: tails/tails#19741)
3367 * Upgrade Tor Browser to 12.5 (tails/tails!1182)
3369 Commits:
3370 - Upgrade Tor Browser to 12.5-build2
3371 - Test suite: wait longer for Unsafe Browser's zenity dialogs
3372 - Browsers: deal with another extension directory from TBB 12.5 (refs:
3373 tails/tails#19724)
3374 - Browsers: update to new fontconfig path for Tor Browser 12.5 (refs
3375 tails/tails#19742)
3376 - Test suite: remove useless torified_browsing.rb
3377 - Test suite: adapt test to Tor Browser's new file download UX (refs:
3378 tails/tails#19724)
3379 - Test suite: embed old image next to match in automatic image bumping mode
3380 - Defer lyrebird → obfs4proxy renaming
3381 - Upgrade Tor Browser to 12.5.0-build1 (refs: tails/tails#19724)
3382 - Browsers: add new locales supported by Tor Browser 12.5 (refs:
3383 tails/tails#19724)
3384 - Upgrade Tor Browser to 12.5a7 (refs: tails/tails#19724)
3386 * Test suite: avoid writing to script while it may be executing
3387 (tails/tails!1189)
3389 Closes issues:
3390 - "Scenario: I can use a network with captive portal" frequently fails: OSError:
3391 [Errno 26] Text file busy: '/etc/NetworkManager/dispatcher.d/00-firewall.sh'
3392 (RemoteShell::ServerFailure) (tails/tails#19736)
3394 Commits:
3395 - Test suite: avoid writing to script while it may be executing
3397 * Release calendar available from website (tails/tails!1188)
3399 Commits:
3400 - Apply 2 suggestion(s) to 2 file(s)
3401 - update instructions for updating calendar
3402 - contribute/calendar points to actual calendar
3403 - Revert "Remove our public calendar"
3405 * tps: Fix LUKS upgraded each boot on some systems (tails/tails!1181)
3407 Closes issues:
3408 - Persistent Storage upgraded on every login (tails/tails#19734)
3410 Commits:
3411 - tps: add more debug logging for #19728 and #19734
3412 - tps: calculate available RAM just as cryptsetup does in is_upgraded()
3413 - reports memory and cpu, too
3414 - include information about disks
3415 - Whisperback: more usb information
3416 - decrease the argon2id minimum memory requirement
3417 - debug memory cost
3418 - make debug-for-5.15 expire automatically
3419 - Enable debug logging in the tps backend by default
3420 - tps: clarify the whole situation around create() using a lower PBDKF memory
3421 cost that we fix with an upgrade at next boot
3422 - tps: use constant instead of magic number
3423 - tps: also set --pbkdf-force-iterations when createing a new volume
3424 - tps: Fix LUKS upgraded each boot on some systems
3426 * Test suite: Fix flaky step "the displayed clock is less than (\d+) minutes
3427 incorrect" (tails/tails!1180)
3429 Closes issues:
3430 - Flaky test "the displayed clock is less than (\d+) minutes incorrect"
3431 (tails/tails#19727)
3433 Commits:
3434 - Run rubocop
3435 - Test suite: Fix flaky step "the displayed clock is less than (\d+) minutes
3436 incorrect"
3437 - Test suite: Fix usage of backslashes in arguments to Dogtail
3439 * Support authenticated v3 Onion Services in Tor Browser (tails/tails!1160)
3441 Closes issues:
3442 - Support authenticated v3 Onion Services in Tor Browser (tails/tails#17816)
3444 Commits:
3445 - Revert bits about persistent onion auth keys
3446 - Tor Browser: hide UI related to persisting onion auth keys
3447 - Tor Browser: also allow viewing and removing onion auth keys.
3448 - ONION_CLIENT_AUTH_ADD must take arguments.
3449 - Use upper case as we normally do.
3450 - Tor: enable ClientOnionAuthDir to be able to remember onion auth keys (refs:
3451 tails/tails#17816)
3452 - Onion Grater: update Tor Browser to allow onion authentication (refs:
3453 tails/tails#17816)
3454 - Tor: enable ExtendedErrors for Tor Browser's SocksPort
3456 * Welcome Screen: Bump UpgradeLUKS timeout to 240s (tails/tails!1190)
3458 Commits:
3459 - workaround for tails#19871
3460 - Welcome Screen: Bump UpgradeLUKS timeout to 240s
3462 * Upgrade to Linux 6.1.37-1 (tails/tails!1196)
3464 Closes issues:
3465 - Install the Linux kernel from Bookworm (tails/tails#19669)
3466 - Upgrade to Linux 6.1.37-1 (tails/tails#19670)
3468 Commits:
3469 - Document workaround
3470 - Fix heading level
3471 - Update the snapshot of the Debian archive to 2023070701
3472 - Upgrade to Linux 6.1.37-1 from bookworm-security
3473 - Stop tracking sid when we can get the package we want from Bookworm
3474 - APT: add fallback pinning for Debian-Security
3475 - APT: add Bookworm sources
3477 * automailer parsing fixed (tails/tails!1193)
3479 Commits:
3480 - simpler and more effective body parsing
3482 * tails-installer open wrong URI (tails/tails!1191)
3484 Closes issues:
3485 - Honor the "debug" kernel cmdline option in Tails Installer (tails/tails#12396)
3486 - Tails Installer open wrong documentation URI (tails/tails#19870)
3488 Commits:
3489 - rename function to reflect what it does
3490 - verbose is explicitly disabled
3491 - doctest clarifies
3492 - tails-documentation de-localize input links
3493 - tails-documentation supports URLs as arguments
3494 - tails-documentation --dry-run
3495 - tails-installer honors debug cmdline
3496 - refactor debug activation in tails installer
3498 * Fix gitlab-triage-post-release (tails/tails!1186)
3500 Closes issues:
3501 - Multiple failures in gitlab-triage-post-release (tails/tails#19723)
3503 Commits:
3504 - prevent running with unset variables
3505 - let's ignore milestone.due_date
3506 - expand yaml alias
3508 * onion-grater: fix getinfo circuit-status leak (tails/tails!1185)
3510 Closes issues:
3511 - onion-grater leaks info about unassociated circuits to Tor Browser
3512 (tails/tails#19740)
3514 Commits:
3515 - onion-grater: refactor
3516 - onion-grater: add comments per reviewer request
3517 - onion-grater: log events dropped by restrict-stream-events
3518 - onion-grater: only use address comparison for event ownership
3519 - Test suite: test that Tor Browser's circuit view is working
3520 - WIP fix for refs: tails/tails#19740
3521 - onion-grater: fix the stream ownership check (refs: tails/tails#19741)
3523 * TCA: Fix error not displayed after QR code scanning failure (tails/tails!1183)
3525 Closes issues:
3526 - Error not displayed after QR code scanning failure: "TypeError: 'dict' object
3527 is not callable" for "_" (tails/tails#19737)
3529 Commits:
3530 - TCA: Fix error not displayed after QR code scanning failure
3532 * Replace connect-drop executable (tails/tails!1177)
3534 Commits:
3535 - simplify --debug handling
3536 - fix: forward INHERIT_FD to tails-installer
3537 - get env var: raise if not present
3538 - fix: forward INHERIT_FD to tps-frontend
3539 - Fix python3-gi missing in test-tailslib job
3540 - connect-socket: Use parser default value for --debug option
3541 - Inline connect-drop-tails-installer in tails-installer
3542 - Inline connect-drop-tps in tails-persistent-storage
3543 - Replace connect-drop with connect-socket
3544 - run-tca-in-netns: Support setting logging level to debug
3545 - tps-frontend: Fix comment
3547 * Welcome Screen: Fix search (tails/tails!1176)
3549 Closes issues:
3550 - Improve search in language and keyboard selection widgets (tails/tails#19200)
3552 Commits:
3553 - Welcome Screen: Also search the language code
3554 - Welcome Screen: Support multiple search strings
3555 - Welcome Screen: Fix search
3557 * post-RM doc updates (tails/tails!1174)
3559 Commits:
3560 - use automailer at least once in the doc
3561 - notmuch supported
3562 - make sending emails easier multi-MUA
3563 - blog.torproject.org: link to old MR
3564 - let's validate using check-po-msgfmt, too
3565 - I just want to copy-paste
3566 - discard non-diff lines
3567 - more readable output
3569 * Rename tps executables (tails/tails!1172)
3571 Closes issues:
3572 - Rename tps to tpsd (tails/tails#19430)
3574 Commits:
3575 - Rename tps -> tpsd
3576 - Rename tps-frontend-wrapper -> tails-persistent-storage
3578 * tps: Rename mount -> binding (tails/tails!1171)
3580 Closes issues:
3581 - Use the term "binding" instead of "mount" in tps backend code
3582 (tails/tails#19721)
3584 Commits:
3585 - Update PO files.
3586 - tps: Rename mount -> binding
3588 * tps: Make sure that the header correctly unlocks the partition
3589 (tails/tails!1167)
3591 Closes issues:
3592 - Investigate LUKS header restore failure (tails/tails#19718)
3594 Commits:
3595 - tps: Fix error case in which LUKS header backup is not restored
3596 - tps: Fix comments
3597 - tps: Fix typo
3598 - tps: Remove unused imports
3599 - tps: Remove unused D-Bus method TestPassphrase
3600 - tps: Don't include UUID in LUKS header backup path
3601 - tps: Make sure that the header correctly unlocks the partition
3603 * Dogtail: re-enable showingOnly by default (tails/tails!1166)
3605 Closes issues:
3606 - Re-enable showingOnly by default in the test suite (tails/tails#19717)
3608 Commits:
3609 - Test suite: fix another Dogtail configuration issue
3610 - Test suite: simplify
3611 - Test suite: deal with test relying on showingOnly not being enabled
3612 - Test suite: drop useless require
3613 - Test suite: deal with test relying on showingOnly not being enabled
3614 - Test suite: actually "simulate" a failing connection during time sync
3615 - Test suite: drop all explicit `showingOnly: true` arguments
3616 - Dogtail: disable debugging output
3617 - Dogtail: enable showingOnly by default (refs: tails/tails#19771)
3619 * test: user can install w/o cloning (tails/tails!1165)
3621 Closes issues:
3622 - Tails Installer: test that the user can install without cloning
3623 (tails/tails#19716)
3625 Commits:
3626 - rename scenarios consistently
3627 - remove useless step
3628 - Apply 1 suggestion(s) to 1 file(s)
3629 - test: user can install w/o cloning
3631 * Upgrade Linux on devel branch to 6.1.27-1 (tails/tails!1151)
3633 Commits:
3634 - Upgrade to Linux 6.1.27-1 (devel branch)
3636 * Display the Tails version in the boot loader entry (tails/tails!1137)
3638 Closes issues:
3639 - Display the Tails version number during boot (Boot Loader Menu or Welcome
3640 Screen) (tails/tails#16796)
3642 Commits:
3643 - Display the Tails version number in all GRUB menu entries
3644 - Add comment
3645 - Display the Tails version in the boot loader entry
3647 -- Tails developers <tails@boum.org> Mon, 10 Jul 2023 12:04:32 +0200
3649 tails (5.14) unstable; urgency=medium
3651 * tailslib: Fix spawn_tps_frontend (tails/tails!1168)
3653 Commits:
3654 - tailslib: Fix spawn_tps_frontend
3655 - run-with-user-env: Support the --systemd-run option
3656 - userenv.py: Allow passing the DEBUG environment variable
3658 * Upgrade Tor Browser to 12.0.7 (tails/tails!1159)
3660 Closes issues:
3661 - Upgrade Tor Browser to 12.0.7 (tails/tails#19662)
3663 Commits:
3664 - Fetch Tor Browser from our own archive
3665 - Upgrade Tor Browser to 12.0.7
3667 * Upgrade to Bullseye 11.7 and Linux 6.1.25-1 (stable branch) (tails/tails!1121)
3669 Closes issues:
3670 - Switch to open-ath9k-htc-firmware (tails/tails#19625)
3671 - Consider allowing initramfs size > 32 MiB (tails/tails#19663)
3672 - Upgrade to Bullseye 11.7 (tails/tails#19555)
3673 - Upgrade to Linux 6.1.25-1 (tails/tails#19608)
3675 Commits:
3676 - Upgrade to Bullseye 11.7 and Linux 6.1.25-1 (stable branch)
3677 - Allow initramfs size larger than 32 MiB
3678 - Revert "initramfs: remove amdgpu and nvidia drivers"
3679 - initramfs: remove amdgpu and nvidia drivers
3680 - Install the free firmware firmware-ath9k-htc
3682 * Test suite: Fix flaky low-memory test (tails/tails!1161)
3684 Closes issues:
3685 - Cannot create Persistent Storage when the system is low on memory on Bookworm
3686 (tails/tails#19706)
3688 Commits:
3689 - Run rubocop
3690 - Test suite: Fix flaky low-memory test
3692 * Test suite: Paste bridge via Dogtail (tails/tails!1156)
3694 Commits:
3695 - Test suite: Paste bridge via Dogtail
3697 * Test suite: make --image-bumping-mode work with find_any() (tails/tails!1154)
3699 Closes issues:
3700 - `run_test_suite --image-bumping-mode` fails sometimes: 'NoneType' object has no
3701 attribute 'shape' (tails/tails#19055)
3703 Commits:
3704 - Test suite: simplify the return value for the *_any() methods
3705 - Test suite: make --image-bumping-mode work with find_any()
3707 * Test suite: fix corruption in the OpenCV helper script output
3708 (tails/tails!1153)
3710 Closes issues:
3711 - run_test_suite --image-bumping-mode fails: wrong number of arguments (given 13,
3712 expected 6) (ArgumentError) (tails/tails#19243)
3714 Commits:
3715 - Test suite: add assertion
3716 - Test suite: deal with OpenCV errors more reliably
3717 - Test suite: properly separate stdout and stderr in OpenCV helper script
3719 * Welcome Screen: Replace "Create Persistent Storage" button with switch
3720 (tails/tails!1152)
3722 Closes issues:
3723 - Confusing UX of Persistent Storage onboarding in Welcome Screen
3724 (tails/tails#19673)
3726 Commits:
3727 - Welcome Screen: Replace "Create Persistent Storage" button with switch
3729 * Test suite: Use Dogtail to shut down / reboot the system (tails/tails!1150)
3731 Commits:
3732 - Test suite: Use Dogtail to shut down / reboot the system
3734 * Mention Kleopatra in the name of the Persistent Storage features
3735 (tails/tails!1149)
3737 Closes issues:
3738 - Mention Kleopatra in Persistent Storage settings (tails/tails#19675)
3740 Commits:
3741 - Mention Kleotra in Persistent Storage settings
3743 * Improve labels while creating Persistent Storage (tails/tails!1148)
3745 Closes issues:
3746 - Improve labels during creation of Persistent Storage (tails/tails#19674)
3748 Commits:
3749 - Update PO files
3750 - Integrate tps Python files into our l10n framework
3751 - Improve labels while creating Persistent Storage
3753 * Test suite: Use Dogtail to open additional settings dialog (tails/tails!1146)
3755 Commits:
3756 - Test suite: remove images that are not used anymore
3757 - Test suite: Use Dogtail to open additional settings dialog
3759 * Replace 'tails.boum.org' by 'tails.net' (except for wiki/src)
3760 (tails/tails!1145)
3762 Commits:
3763 - Use the new domain when checking for invalid hosts
3764 - Keep checking for translatable URLs using the old domain
3765 - Fix expected length for GPU-related error message
3766 - Replace 'tails.boum.org' by 'tails.net' (except for wiki/src)
3768 * tps: Avoid triggering OOM killer (tails/tails!1144)
3770 Closes issues:
3771 - Creating Persistent Storage can cause OOM killer to kill gnome-shell
3772 (tails/tails#19667)
3774 Commits:
3775 - Test suite: Test creating Persistent Storage with low memory
3776 - tps: Avoid triggering OOM killer
3778 * Test suite: Use dogtail in step 'I (dis)?connect the network through GNOME'
3779 (tails/tails!1141)
3781 Commits:
3782 - Test suite: Use dogtail in step 'I (dis)?connect the network through GNOME'
3784 * Whisperback warning (tails/tails!1133)
3786 Commits:
3787 - reformat with black
3788 - Fix SyntaxWarning in whisperback
3790 * Persistent Storage feature descriptions (tails/tails!1131)
3792 Closes issues:
3793 - Implement missing descriptions of Persistent Storage features
3794 (tails/tails#19642)
3796 Commits:
3797 - tps-frontend: Fix label style context "error" not reset
3798 - tps-frontend: Improve subtitle of Persistent Folder
3799 - tps-frontend: Add subtitle for Persistent Folder
3800 - tps-frontend: Fix subtitles not shown
3802 * tps: Hide mounts from the desktop environment (tails/tails!1130)
3804 Closes issues:
3805 - The Persistent Folder should not appear as an external device in the Files
3806 browser (tails/tails#19646)
3808 Commits:
3809 - tps: Hide mounts from the desktop environment
3811 * Test suite: Replace more usages of fragile @screen.paste (tails/tails!1127)
3813 Commits:
3814 - Test suite: Replace more usages of fragile @screen.paste
3816 * Electrum: Ask for donations in 1/20 of cases (tails/tails!1117)
3818 Closes issues:
3819 - Have an incentive to donate to Tails from Electrum in Tails (tails/tails#18023)
3821 Commits:
3822 - Remove unused import
3823 - electrum: Fix dialog not closed when process exits
3824 - electrum: Use different donation addresses
3825 - Store Bitcoin addresses for Electrum incentive
3826 - Implement changes proposed by segfault and bokonon
3827 - Electrum: Change effect of the ELECTRUM_DONATION_MESSAGE variable
3828 - Add link to our donation page
3829 - Customize icon
3830 - Improve notification message
3831 - Add vertical space
3832 - Add default description for transfer
3833 - Electrum: Ask for donations in 1/20 of cases
3834 - Electrum: Don't show message dialog if called with arguments
3836 * Use argon2id and support upgrading to LUKS2 and argon2id (tails/tails!1116)
3838 Commits:
3839 - tps: Explain why we use the UUID in the backup file name
3840 - Test suite: Add comment
3841 - Run rubocop
3842 - Welcome Screen: Upgrade Persistent Storage explicitly
3843 - tps: Also restore backup LUKS header if the UUID can't be read
3844 - tps: Test the backup header before upgrading the original header
3845 - tps: Always use shred to delete backup LUKS header
3846 - Test suite: Fix flaky scenario "Feature activation fails"
3847 - Test suite: Test automatically upgrading LUKS header
3848 - Welcome Screen: Set label back to "Unlock Encryption"
3849 - Test suite: Fix step 'I enable persistence' returning early
3850 - Test suite: Fix usage of Gherkin keyword
3851 - tps: Add note about wear leveling to UpgradeLUKS docstring
3852 - tps: Use shred to delete backup LUKS header
3853 - tps: Also update memory cost of Argon2id
3854 - tps: Add type hint
3855 - tps: Rename the Partition class to TPSPartition
3856 - tps: Fix stacklevel of log functions
3857 - tps: Automatically upgrade LUKS header when unlocking
3858 - tps: Support upgrading to LUKS2 and argon2id
3860 * Detect captive portals (tails/tails!1107)
3862 Closes issues:
3863 - use iptables --wait in test suite (tails/tails#19698)
3864 - tails-get-network-time sets different User-Agent than NetworkManager
3865 (tails/tails#19650)
3866 - Bring the Tor Connection user story to a state where it should not be our top
3867 priority anymore (tails/tails#19473)
3868 - Detect captive portals (tails/tails#5785)
3870 Commits:
3871 - iptables waits for lock
3872 - Run rubocop
3873 - Test suite: Replace some usages of "Tor is ready"
3874 - Test suite: Check time sync headers
3875 - Test suite: Change how we imitate a captive portal
3876 - Test suite: Replace httpbin.org with our own web server
3877 - Test suite: Catch errors when copying Chutney data
3878 - Revert "while at it, remove all usages of "Tor is ready""
3879 - Test suite: Replace usage of httpbin.org
3880 - Test suite: Check that TCA knows when a portal was detected
3881 - tails-get-network-time: Restructure
3882 - tails-get-network-time: Fix case that not enough data was received
3883 - tails-get-network-time: Print curl debug output in debug mode
3884 - tails-get-network-time: Support config file
3885 - tails-get-network-time: Don't fail if response code is other than 200 and 204
3886 - tails-get-network-time: Fix handling of extra bytes after expected response
3887 - tails-get-network-time: Fix handling of empty body
3888 - tails-get-network-time: Fix typo
3889 - tails-get-network-time: Remove unused variable
3890 - tails-get-network-time: Remove unreachable code
3891 - tails-get-network-time: Ignore case of X-NetworkManager-Status value
3892 - keep the comment near to relevant code block
3893 - Apply 1 suggestion(s) to 1 file(s)
3894 - debug leftover
3895 - while at it, remove all usages of "Tor is ready"
3896 - use the non-deprecated step
3897 - captive portal automated test
3898 - More generic error, because we're not sure
3899 - User-visible captive portal detection
3900 - actually detect captive portal
3901 - type hint for callbacks
3902 - pass additional data in case of errors
3903 - fix error response code
3904 - override for GetNetworkTimeCommand
3905 - Refactor code to allow per-command override
3906 - define shared constant in module
3907 - tails-get-network-time: Don't set any User-Agent
3909 -- Tails developers <tails@boum.org> Mon, 12 Jun 2023 14:53:26 +0200
3911 tails (5.13) unstable; urgency=medium
3913 * Resolve "Upgrade Tor Browser to 12.0.6, based on Firefox 102.11"
3914 (tails/tails!1134)
3916 Closes issues:
3917 - Upgrade Tor Browser to 12.0.6, based on Firefox 102.11 (tails/tails#19621)
3919 Commits:
3920 - Fetch Tor Browser from our own archive
3921 - Upgrade Tor Browser to 12.0.6-build1
3923 * unsafe-browser: Explain why our use of flock is not vulnerable
3924 (tails/tails!1113)
3926 Closes issues:
3927 - Unsafe Browser - Local Privilege Escalation (LPE) via symlink - Arbitrary File
3928 Content Delete (tails/tails#19616)
3930 Commits:
3931 - Use /run/lock instead of /var/lock
3932 - unsafe-browser: Explain why our use of flock is not vulnerable
3934 * Make curl use Tor (tails/tails!1123)
3936 Closes issues:
3937 - Make curl work out of the box (tails/tails#19488)
3939 Commits:
3940 - test that curl works out of the box
3941 - Make curl use Tor
3943 * udisks2: Use LUKS2 by default (tails/tails!1115)
3945 Closes issues:
3946 - Persistent Storage: Use LUKS2 (tails/tails#15450)
3948 Commits:
3949 - Test suite: Increase timeout for changing the LUKS passphrase
3950 - Test suite: Check that Persistent Storage uses LUKS2
3951 - Test suite: record old version when installing one to disk
3952 - Test suite: move step definition to a more suitable place
3953 - udisks2: Use LUKS2 by default
3955 * tails-documentation: Check that joined path is below website path
3956 (tails/tails!1132)
3958 Closes issues:
3959 - tails-documentation - Limited Path Traversal (tails/tails#19576)
3961 Commits:
3962 - tails-documentation: Check that joined path is below website path
3964 * Test suite: Don't check for "Display output is not active" screen
3965 (tails/tails!1126)
3967 Closes issues:
3968 - Tests sometimes fail with "Display output is not active" after clicking login
3969 button in Welcome Screen (tails/tails#19639)
3971 Commits:
3972 - Test suite: Don't check for "Display output is not active" screen
3973 - Test suite: Print step status
3974 - Welcome Screen: Make error message more useful
3976 * Remove our public calendar (tails/tails!1125)
3978 Commits:
3979 - Add missing word
3980 - Fix broken links
3981 - Remove our public calendar
3983 * tps: Use argon2id (tails/tails!1120)
3985 Closes issues:
3986 - Persistent Storage: Use argon2id (tails/tails#19633)
3988 Commits:
3989 - Test suite: Check that Persistent Storage uses argon2id
3990 - tps: Reduce the number of triggered udev events
3991 - tps: Fix creation sometimes failing because udisks object is not ready
3992 - tps: Fix `udevadm trigger --settle` sometimes blocking forever
3993 - tps-frontend: Fix first job update sometimes ignored
3994 - tps: Send only one PropertiesChanged signal per job update
3995 - tps: Don't restrict CPU usage during Persistent Storage creation
3996 - tps: Keep the system responsive while creating Persistent Storage
3997 - tps: Use argon2id
3999 * tps: Fix stderr of failed commands not printed (tails/tails!1118)
4001 Commits:
4002 - tps: Fix stderr of failed commands not printed
4004 * Test suite: Avoid TCA scenario failing if the error panel is briefly shown
4005 (tails/tails!1114)
4007 Closes issues:
4008 - Fix "Scenario: The same Tor configuration is applied when the network is
4009 reconnected" failing (tails/tails#19591)
4011 Commits:
4012 - Test suite: Avoid TCA scenario failing if the error panel is briefly shown
4014 * tps: Fix InvalidBootDeviceError raised in finally block (tails/tails!1103)
4016 Closes issues:
4017 - "Persistent Greeter options" test suite scenario always fails
4018 (tails/tails#19558)
4019 - tps reports the need for "USB stick installed with a USB image or Tails
4020 Installer" in unrelated failure modes (tails/tails#19588)
4022 Commits:
4023 - tps: Fix InvalidBootDeviceError raised in finally block
4024 - tps: Remove unused exception
4026 -- Tails developers <tails@boum.org> Mon, 15 May 2023 12:22:05 +0200
4028 tails (5.12) unstable; urgency=medium
4030 * Test suite: Try to catch another case of "Display output is not active"
4031 (tails/tails!1106)
4033 Closes issues:
4034 - Test suite breakage when restoring an old Bullseye snapshot: "Guest disabled
4035 display", "Display output is not active" (tails/tails#18953)
4037 Commits:
4038 - Test suite: Try to catch another case of "Display output is not active"
4040 * Test suite: Press escape to wake up the display (tails/tails!1089)
4042 Closes issues:
4043 - Test suite breakage when restoring an old Bullseye snapshot: "Guest disabled
4044 display", "Display output is not active" (tails/tails#18953)
4046 Commits:
4047 - Test suite: Retry restoring snapshot 3 times
4048 - Test suite: Press escape up wake up the display
4050 * Upgrade to Linux 6.1.20-1 (stable branch) (tails/tails!1080)
4052 Closes issues:
4053 - Upgrade to Linux 6.1.15 (tails/tails#19484)
4054 - Upgrade to Linux 6.1.20+ (tails/tails#19556)
4056 Commits:
4057 - Upgrade to Linux 6.1.20-1 from sid
4059 * Upgrade to Linux 6.1.20-1 from sid (devel branch) (tails/tails!1079)
4061 Commits:
4062 - Upgrade to Linux 6.1.20-1 from sid
4064 * Add icon for tails-backup (tails/tails!1111)
4066 Closes issues:
4067 - Have an icon for the backup utility (tails/tails#19363)
4069 Commits:
4070 - Update icon for Persistent Storage settings
4071 - Add icon for tails-backup
4073 * Additional Software: Fix launched apps not accessible via Dogtail
4074 (tails/tails!1092)
4076 Closes issues:
4077 - tca-portal, tails-additional-software: don't run apps as amnesia under the
4078 scope of the (root) systemd service (tails/tails#19131)
4079 - Additional Software is in English when launched from a notification
4080 (tails/tails#17365)
4081 - tails-additional-software-config and gedit started from a notification are not
4082 accessible ⇒ breaks test suite (tails/tails#19233)
4084 Commits:
4085 - Additional Software: Make tails-additional-software-config D-Bus activatable
4086 - Additional Software: Launch apps with gtk-launch
4088 * Resolve "myspace.com has become incompatible with our htpdate setup"
4089 (tails/tails!1085)
4091 Closes issues:
4092 - myspace.com has become incompatible with our htpdate setup (tails/tails#19561)
4094 Commits:
4095 - test-iuk: list 1 package per line, for nicer future diffs
4096 - test-iuk: make it breathe
4097 - test-iuk: refuse running unless in a throw-away container
4098 - convert shell script to set -eu
4099 - move test-iuk to its own file
4100 - refactor: put in its own file
4101 - retry on failures
4102 - replace myspace.com with facebook.com
4104 * Test suite: Fix step "persistent Greeter options were restored"
4105 (tails/tails!1084)
4107 Closes issues:
4108 - "Persistent Greeter options" test suite scenario always fails
4109 (tails/tails#19558)
4111 Commits:
4112 - Test suite: Avoid an unnecessary reboot
4113 - Test suite: Make clicking "Connect to Tor" button more robust
4114 - Test suite: Add alternative persian comma image
4115 - Test suite: Fix step "persistent Greeter options were restored"
4116 - Test suite: Translate Dogtail args to $lang_code
4117 - Remote shell: Support setting environment variables in remote commands
4118 - Test suite: Support configuring chutney start time
4120 * tps: Fix hook execution with --profiling option (tails/tails!1112)
4122 Commits:
4123 - tps: Fix hook execution with --profiling option
4125 * Shell library: Validate LANG before using it (tails/tails!1110)
4127 Closes issues:
4128 - Validate LANG in localization.sh (tails/tails#19576)
4130 Commits:
4131 - Shell library: Validate LANG before using it
4133 * Remove obsolete disabling of nf_conntrack_helper (tails/tails!1109)
4135 Closes issues:
4136 - Update disabling of netfilter's automatic conntrack helper assignment
4137 (tails/tails#19557)
4139 Commits:
4140 - Remove obsolete disabling of nf_conntrack_helper
4142 * Test suite: Fix Electrum test (tails/tails!1105)
4144 Closes issues:
4145 - Electrum test suite broken by !1010 (tails/tails#19589)
4147 Commits:
4148 - Test suite: Fix Electrum test
4150 * Test suite: Fix additional software scenario (tails/tails!1102)
4152 Closes issues:
4153 - Test suite: Scenario "Recovering in offline mode after Additional Software
4154 previously failed to upgrade and then succeed to upgrade when online" fails
4155 (tails/tails#19574)
4157 Commits:
4158 - Remove @fragile tags that were only justified by #19233, which was solved via
4159 !1092
4160 - Test suite: Fix additional software scenario
4162 * Additional Software: Use valid D-Bus name as app name (tails/tails!1099)
4164 Closes issues:
4165 - `gtk-launch org.boum.tails.additional-software-config.desktop` is broken
4166 (tails/tails#19584)
4168 Commits:
4169 - Design doc: update path
4170 - Additional Software: Use valid D-Bus name as app name
4172 * Test suite: allow the pattern to cover slightly less of the write cache
4173 (tails/tails!1098)
4175 Closes issues:
4176 - Test Suite: Feature "System memory erasure on shutdown" is fragile
4177 (tails/tails#19583)
4179 Commits:
4180 - Test suite: allow the pattern to cover even less of the write cache
4181 - Test suite: allow the pattern to cover slightly less of the write cache
4183 * Upgrade Tor Browser to 12.0.5 (tails/tails!1097)
4185 Closes issues:
4186 - Upgrade to Tor Browser 12.0.5, based on Firefox 102.10 (tails/tails#19559)
4188 Commits:
4189 - Fetch Tor Browser from our own archive
4190 - Upgrade Tor Browser to 12.0.5-build2
4191 - Upgrade Tor Browser to 12.0.5-build1
4193 * tps: Fix "python.UnknownError" returned for builtin errors (tails/tails!1095)
4195 Closes issues:
4196 - Buggy error handling in tps: OSError is not a valid D-Bus name
4197 (tails/tails#19578)
4199 Commits:
4200 - tps: Fix "python.UnknownError" returned for builtin errors
4202 * Welcome Screen: Support login kernel command-line option (tails/tails!1093)
4204 Commits:
4205 - Welcome Screen: Support login kernel command-line option
4207 * Welcome Screen: Don't allow unlocking with empty passphrase by pressing Enter
4208 (tails/tails!1091)
4210 Closes issues:
4211 - Welcome Screen: Don't allow unlocking with empty passphrase by pressing Enter
4212 (tails/tails#19570)
4214 Commits:
4215 - Welcome Screen: Don't allow unlocking with empty passphrase by pressing Enter
4217 * systemd: Use name in unit status messages (tails/tails!1088)
4219 Closes issues:
4220 - systemd: Use name instead of description in unit status messages
4221 (tails/tails#19568)
4223 Commits:
4224 - systemd: Use both name and description in unit status messages
4226 * Display a diceware suggestion when creating the Persistent Storage
4227 (tails/tails!1087)
4229 Closes issues:
4230 - Display a diceware suggestion when creating the Persistent Storage
4231 (tails/tails#18148)
4233 Commits:
4234 - tps-frontend: Move passphrase suggestion code to passphrase_view.py
4235 - tps-frontend: Fix local variable 'passphrase' might be referenced before
4236 assignment
4237 - tps-frontend: Increase spacing between suggested passphrase and refresh button
4238 - tps-frontend: Add missing space to error message
4239 - tps-frontend: Fix indentation
4240 - tps-frontend: hide relevant UI elements when diceware fails
4241 - tps-frontend: give attribute an expressive name
4242 - Wait Bookworm to use the non-English wordlists
4243 - Determine passphrase suggestion width automatically
4244 - tps-frontend: Remove default passphrase suggestion
4245 - tps-frontend: refactoring
4246 - tps-frontend: hide 'for example' label when diceware suggestion fails
4247 - tps-frontend: don't break when wordlist directory doesn't exist
4248 - tps-frontend: Use a method to set a new passphrase hint
4249 - tps-frontend: Log the exceptions caused by diceware suggestion
4250 - tps-frontend: print stderr when diceware fails
4251 - tps-frontend: use a wordlist in the currently configured language when
4252 available
4253 - tps-frontend: adjust passphrase view UI
4254 - Display a diceware suggestion when creating the Persistent Storage
4256 * Fix race when starting tails-ibus-proxy.service (tails/tails!1086)
4258 Commits:
4259 - tails-dbus-proxy: Add missing PIDFile= property to systemd services
4260 - tails-ibus-proxy: Busy wait on ibus-daemon
4261 - tails-ibus-proxy: Fix missing whitespace (PEP-8)
4262 - Fix race when starting tails-ibus-proxy.service
4264 * Don't translate "known security vulnerabilities" (tails/tails!1081)
4266 Commits:
4267 - Don't translate "known security vulnerabilities"
4269 * Fix progress information inconsistencies when resuming an automatic upgrade
4270 download (tails/tails!1071)
4272 Closes issues:
4273 - Upgrader sometimes fails: Negative number not allowed in format_bytes at
4274 /usr/local/share/perl/5.32.1/Tails/IUK/Role/FormatByte.pm line 45 (Fix progress
4275 information inconsistencies when resuming an automatic upgrade download)
4276 (tails/tails#18435)
4278 Commits:
4279 - Revert "Upgrader: Avoid display the progress dialog initial text"
4280 - Untabify
4281 - Make code style more consistent
4282 - Add comment
4283 - Upgrader: Avoid display the progress dialog initial text
4284 - Tails::IUK::LWP::UserAgent::WithProgress: check if the temp file exists
4285 - Tails::IUK::LWP::UserAgent::WithProgress: always display the total amount of
4286 data downloaded
4288 * Persistent Storage design docs (tails/tails!1035)
4290 Closes issues:
4291 - Persistent Storage: Update design doc (tails/tails#19223)
4293 Commits:
4294 - Remove XXX comments
4295 - Remove glossary entry for tails-persistence-setup
4296 - Link to contribute/Persistent_Storage in contribute.mdwn
4297 - Persistent Storage design doc: Don't link to line numbers
4298 - Revert "Rename persistence.mdwn -> Persistent_Storage.mdwn"
4299 - Follow style guide
4300 - Fix sentence
4301 - Fix typo
4302 - Improve Persistent Storage contribute doc
4303 - Rename persistence.mdwn -> Persistent_Storage.mdwn
4304 - Move persistent-storage/HACKING.md to website
4305 - Update Additional Software design doc
4306 - Persistent Storage design doc: Add section on symlink attacks
4307 - Improve Persistent Storage design doc
4308 - better draft of Persistent Storage design docs
4310 * tps: Fix activation of feature in inconsistent state (tails/tails!1010)
4312 Closes issues:
4313 - Consider sync'ing data to disk after copying it to Persistent Storage when
4314 activating a feature (tails/tails#19368)
4315 - Seemingly spurious tps.configuration.mount.IsActiveException when deactivating
4316 a Persistent Storage feature (tails/tails#19331)
4317 - Delete corresponding data when a feature of the Persistent Storage is turned
4318 off in the settings (tails/tails#8447)
4319 - Switches of the new Persistent Storage are too slow to respond on some USB
4320 sticks (tails/tails#19291)
4321 - tps: Fix activation failing when in inconsistent state (tails/tails#19376)
4323 Commits:
4324 - Test suite: Update string
4325 - less ambiguous variable name
4326 - libtps.sh: Print JSON output
4327 - Apply 1 suggestion(s) to 1 file(s)
4328 - libtps.sh: Describe format returned by tps_get_features()
4329 - Apply 1 suggestion(s) to 1 file(s)
4330 - Make code easier to review
4331 - tps-frontend: Check if action row is defined
4332 - Fix comment
4333 - Explain stacklevel option
4334 - Use normal string instead of f-string
4335 - Fix comment
4336 - Update PO files.
4337 - Update to !1010
4338 - tps: Delete feature data via `rm -rf`
4339 - tps: Set HasData to True if we can't figure it out
4340 - tps-frontend: Ensure that the delete data button has the correct visibility
4341 - tps-frontend: Fix feature deactivated when IsActive changes to False
4342 - tps: Ensure that all feature properties are refreshed
4343 - Welcome Screen: Improve error message
4344 - Test suite: Use tpscli instead of parsing persistence.conf
4345 - Test suite: Fix "Given" used instead of "Then"
4346 - Test suite: Improve scenario "Feature activation fails"
4347 - Test suite: Use consistent wording
4348 - tps: Support reloading the service
4349 - Test suite: Improve comment and variable names
4350 - Test suite: Add another check that tps feature is deactivated immediately
4351 - Test suite: Use "active" instead of "enabled" for Persistent Storage
4352 - Test suite: Add scenario "Feature activation fails"
4353 - Welcome Screen: Show unlocked message when features failed to activate
4354 - Integrate tps-frontend Python files into our l10n framework
4355 - tps: Don't return an error in Unlock when features have unexpected state
4356 - Improve strings
4357 - tps-frontend: Don't insert hyphens when breaking lines in the error message
4358 - Test suite: Add scenario "Deleting data of a Persistent Storage feature"
4359 - tps-frontend: Remove unused imports
4360 - tps-frontend: Add accessible name to delete data button
4361 - tps-frontend: Make title of error dialogs bold
4362 - tps: Print stderr of failed commands in error messages
4363 - Test suite: Improve Gherkin of "Activating and deactivating Persistent Storage
4364 features" scenario
4365 - tps: Strip the "GDBus.Error:" prefix from errors displayed to users
4366 - tps: Check that enabling/disabling feature worked
4367 - tps: Fix ActivationFailedError raised instead of DeactivationFailedError
4368 - tps: Fix incorrect PropertiesChanged signal
4369 - tps: Add behave test for deleting feature
4370 - tps: Fix behave tests failing
4371 - tps: Fix no PropertiesChanged emitted for HasData
4372 - tps: Remove Error property
4373 - tps-frontend: Use IsEnabled property
4374 - tps: Don't raise AlreadyActivatedError and NotActivatedError
4375 - tps: Fix race condition when adding/removing features from config file
4376 - tps: Add new property Feature.IsEnabled
4377 - Welcome Screen: Mention which features failed to activate
4378 - tps-frontend: Move delete data button into first row
4379 - tps-frontend: Remove separator between first and second row
4380 - Welcome Screen: Document GtkInspector
4381 - Fix terminology
4382 - tps: Sync data copied to Persistent Storage
4383 - tps: Improve error in Welcome Screen when features failed to activate
4384 - tps-frontend: Show warning for features which failed to activate
4385 - tps: Remove features which failed to activate
4386 - tps: Store errors during service activation
4387 - tps: Make error message label selectable
4388 - tps-frontend: Use … instead of ... in button labels
4389 - tps-frontend: Confirm data deletion
4390 - tps: Treat Persistent directory with empty "Tor Browser" directory as empty
4391 - tps: Fix "return" used instead of "raise"
4392 - Add expander
4393 - tps: Support deleting data
4394 - tps-frontend: Show a spinner while activating/deactivating features
4395 - tps-frontend: Hide persistent folder button when feature is inactive
4396 - Also make on-deactived hooks work when run twice
4397 - tps behave-tests: Test deactivating feature with inconsistent state
4398 - tps: Make on-activated hooks work when run twice
4399 - Fix shellcheck source comments
4400 - tps: Fix deactivation of feature in inconsistent state
4401 - tps behave-tests: Test activating feature with inconsistent state
4402 - Revert "Don't try (and fail) to refresh features' IsActive when unlocking"
4403 - tps: Fix activation of feature in inconsistent state
4405 -- Tails developers <tails@boum.org> Tue, 18 Apr 2023 16:54:56 +0000
4407 tails (5.11) unstable; urgency=medium
4409 * Upgrade Thunderbird to 102.9.0-1~deb11u1
4411 * Upgrade Tor Browser to 12.0.4-build2 (tails/tails!1082)
4413 Closes issues:
4414 - Upgrade to Tor Browser 12.0.4 based on Firefox 102.9 (tails/tails#19450)
4416 Commits:
4417 - Fetch Tor Browser from our own archive
4418 - Upgrade Tor Browser to 12.0.4-build2
4420 * Upgrade Tor Browser to 12.0.4-build1 (tails/tails!1078)
4422 Closes issues:
4423 - Upgrade to Tor Browser 12.0.4 based on Firefox 102.9 (tails/tails#19450)
4425 Commits:
4426 - workaround failure
4427 - Fetch Tor Browser from our own archive
4428 - Upgrade Tor Browser to 12.0.4-build1
4430 * Fix root exporting unsafe env (tails/tails!1067)
4432 Closes issues:
4433 - LPE via Environment Key Injection (tails/tails#19464)
4435 Commits:
4436 - remove inaccurate type hint
4437 - Revert "tails-additional-software: Fix string returned instead of int"
4438 - tails-additional-software: Fix logging command
4439 - tails-additional-software: Fix string returned instead of int
4440 - tails-additional-software: Log stderr of the executed command to Journal
4441 - tails-additional-software: Fix _ (gettext.gettext) not defined
4442 - tails-additional-software: Add type hints
4443 - tails-additional-software: Print logs of apt hooks to journal
4444 - Remote shell: Don't capture stderr of "sh_spawn" commands
4445 - tailslib: Make code easier to read
4446 - Start tails-dump-user-env.service automatically again
4447 - Revert "workaround failure"
4448 - 10-tor.sh: Remove obsolete wait loops
4449 - run-with-user-env: Depend on tails-dump-user-env.service
4450 - run-with-env: Fix current environment not passed to the command
4451 - tails-additional-software: Log stderr of the executed command
4452 - let's use standard logging methods
4453 - Remote shell: Fix some log output not printed to stderr
4454 - Apply 1 suggestion(s) to 1 file(s)
4455 - Rename exec-with-env -> run-with-env
4456 - INHERIT_FD is needed for connect-drop to work
4457 - port exec-with-env to argparse
4458 - fix allowed_env
4459 - Use exec in some places
4460 - tails-dump-user-env.service: Be explicit about which users the service should
4461 run for
4462 - userenv.py: Don't use current env in read_allowed_env_vars_from_file
4463 - dump-user-env: Use logging module
4464 - userenv.py: Fix all env vars from the current env passed
4465 - exec-with-env: Move read_allowed_env_vars_from_file() to userenv.py
4466 - exec-with-env: Only export allow-listed environment variables
4467 - tailslib: Move NOSYMFOLLOW_MOUNTPOINT back to tps package
4468 - exec-with-env: Fix error message
4469 - dump-user-env: Fix error message
4470 - dump-user-env: Don't set $EUID
4471 - userenv.py: Log invalid environment variables
4472 - dump-user-env: Only dump specific environment variables
4473 - Remote shell: Remove unused imports
4474 - Test Suite: Use "systemctl poweroff" instead of "poweroff"
4475 - Remote shell: Don't fail if user env is not found
4476 - Remote shell: Use user env in commands executed as root
4477 - refactor: Rename loadenv-exec -> exec-with-env
4478 - Run tails-additional-software-notify as amnesia with user env
4479 - exec-with-user-env: Fix comment and add usage message
4480 - refactor: Rename launch_x_application -> run_with_user_env
4481 - refactor: Rename gnome-env -> user-env
4482 - dump-user-env: Print error message when required variables could not be set
4483 - tps-frontend-wrapper: Pass current user environment
4484 - Reimplement loadenv-exec in Python
4485 - Replace most usages of gnome_env in Python scripts
4486 - netnsdrop.py: Remove unused argument user
4487 - tails-additional-software-notify: Fix error when printing usage message
4488 - tails-additional-software-notify: Fix unresolved reference '_'
4489 - Replace systemctl-user with exec-in-gnome-env
4490 - Avoid exporting gnome environment file in privileged processes
4491 - Dump gnome-shell env as amnesia
4492 - tails-notify-user: Use consistent indentation
4493 - 20-time.sh: Don't export amnesia-controlled gnome env
4494 - tailslib: Don't export gnome env
4495 - Test suite: Fix unset environment variables evaluating to true
4496 - tca-portal: Support setting debug log level via environment and kernel cmdline
4498 * Sanitize input (tails/tails!1058)
4500 Closes issues:
4501 - LPE via Environment Key Injection (tails/tails#19464)
4503 Commits:
4504 - sanitize WAYLAND_DISPLAY
4505 - Sanitize input
4507 * Test new tps functionality (tails/tails!1052)
4509 Closes issues:
4510 - Ensure Cucumber tests cover new tps functionality (tails/tails#19225)
4512 Commits:
4513 - Quote variable used in shell command
4514 - rubocop --auto-correct
4515 - Test Suite: Improve Gherkin of "Creating a Persistent Storage" scenario
4516 - Test Suite: Add scenario "Changing the Persistent Storage passphrase"
4517 - Test Suite: Add scenario "Activating and deactivating Persistent Storage
4518 features"
4519 - Test Suite: Add scenario "Creating a Persistent Storage"
4521 * Test suite: Fix step "the clearnet user has not sent packets out to the
4522 Internet" (tails/tails!1074)
4524 Closes issues:
4525 - Test suite step "the clearnet user has not sent packets out to the Internet" is
4526 now irrelevant to Unsafe Browser (tails/tails#19370)
4528 Commits:
4529 - fix step name
4530 - Test suite: Add anti test for packets sent by the Unsafe Browser
4531 - Test suite: Fix step "the clearnet user has not sent packets out to the
4532 Internet"
4534 * Remove custom window-center extension (tails/tails!1072)
4536 Closes issues:
4537 - Consider replacing our custom window-center GNOME Shell extension with the
4538 center-new-windows Mutter option (tails/tails#19489)
4540 Commits:
4541 - Remove custom window-center extension
4543 * 10-tor.sh: Add log output (tails/tails!1070)
4545 Commits:
4546 - Remote shell: Improve log output
4547 - 10-tor.sh: Add log output
4549 * Use zram (tails/tails!1064)
4551 Closes issues:
4552 - Consider using zram (tails/tails#5740)
4554 Commits:
4555 - remove unused variable
4556 - chdir / makes paths more predictable
4557 - move swapon.tails in its own file
4558 - 05-replace_swapon: Use exec to run the original swapon
4559 - 05-replace_swapon: Improve device check
4560 - 05-replace_swapon: Fail if any argument contains non-zram device
4561 - Use zram
4562 - Replace swapon
4564 * Welcome Screen: UI changes (tails/tails!1063)
4566 Commits:
4567 - Help new users understand better the encryption model (#18732)
4568 - Test suite: Make output easier to search for
4569 - Remote Shell: Automatically restart service when it fails
4570 - Test Suite: Use Dogtail to check if the Greeter has started
4571 - Test Suite: Avoid spamming log with stacktrace of the same error
4572 - Test Suite: Fix failure because of outdated screenshot
4573 - Test Suite: Use Dogtail to open GNOME Shell menus
4574 - Test Suite: Use Dogtail for some Greeter steps
4575 - Welcome Screen: Fix excessive height
4576 - Welcome Screen: Replace passphrase entry placeholder with a label
4577 - Welcome Screen: Align section header icons / link buttons
4578 - Welcome Screen: Remove unnecessary GtkBox
4579 - Welcome Screen: Update label
4580 - Welcome Screen: Update string shown when Persistent Storage is unlocked
4582 * Upgrade to Linux 6.1.12-1 from sid (stable branch) (tails/tails!1062)
4584 Closes issues:
4585 - Upgrade Linux kernel to 6.1.7+ (tails/tails#19444)
4587 Commits:
4588 - Test suite: disable bridge QR code automated tests
4589 - Upgrade to Linux 6.1.12-1 from sid
4591 * Welcome Screen: Don't allow unlocking with empty passphrase (tails/tails!1059)
4593 Closes issues:
4594 - Disable "Unlock" button until a passphrase has been entered (tails/tails#19357)
4596 Commits:
4597 - Welcome Screen: Don't allow unlocking with empty passphrase
4599 * Upgrade to Linux 6.1.12-1 from sid (devel branch) (tails/tails!1055)
4601 Commits:
4602 - Test suite: relax timeout
4603 - Test suite: disable bridge QR code automated tests
4604 - Upgrade to Linux 6.1.12-1 from sid
4606 * tps: Fix strings not translatable (tails/tails!1053)
4608 Closes issues:
4609 - Missing translations of UI strings about Persistent Storage (tails/tails#19415)
4611 Commits:
4612 - tails-backup: Fix strings not translatable
4613 - tps: Fix strings not translatable
4615 * Set screencast feature to never stop automatically (#12723) (tails/tails!1049)
4617 Commits:
4618 - Set screencast feature to never stop automatically (#12723)
4620 * Avoid double negation (tails/tails!1048)
4622 Commits:
4623 - Be more explicit
4624 - Avoid double negation
4626 * Unlock VeraCrypt Volumes: Use Gtk.show_uri_on_window to open directories
4627 (tails/tails!1045)
4629 Closes issues:
4630 - Opening VeraCrypt volume spawns zombie process (tails/tails#19423)
4632 Commits:
4633 - Unlock VeraCrypt Volumes: Use Gtk.show_uri_on_window to open directories
4635 * Enable non-free-firmware archive area for distributions that support it
4636 (tails/tails!1036)
4638 Closes issues:
4639 - devel FTBFS (tails/tails#19456)
4640 - devel branch FTBFS: uBlock diff (tails/tails#19398)
4641 - Enable non-free-firmware APT component (tails/tails#19411)
4643 Commits:
4644 - fix FTBFS: patch wasnt applying
4645 - Fix FTBFS by installing b43-fwcutter from bullseye instead of sid
4646 - Bump the debian APT snapshot to one that supports the non-free-firmware archive
4647 area
4648 - Enable non-free-firmware archive area for distributions that support it
4650 -- Tails developers <tails@boum.org> Sat, 18 Mar 2023 15:21:33 +0000
4652 tails (5.10) unstable; urgency=medium
4654 * Upgrade Tor Browser to 12.0.3-build1 (tails/tails!1046)
4656 Closes issues:
4657 - Upgrade to Tor Browser based on Firefox 102.8 (tails/tails#19412)
4659 Commits:
4660 - Fetch Tor Browser from our own archive
4661 - Upgrade Tor Browser to 12.0.3-build1
4663 * Avoid symlink attack when writing amnesia owned file as root (tails/tails!1038)
4665 Dennis Brinkrolf discovered a privilege escalation in Tails 5.9:
4666 an adversary, who can already run arbitrary code as the amnesia user,
4667 could escalate their privileges to reading arbitrary files on the
4668 system. It might be possible to use this as part of an exploit chain
4669 to gain full root privileges.
4671 Closes issues:
4672 - Privilege escalation via Dotfiles, sudo, and gnome-shell-save-environment
4673 (tails/tails#19424)
4675 Commits:
4676 - clarify/acknowledge security limitations
4677 - Update comments
4678 - Avoid symlink attack when writing amnesia owned file as root
4680 * Stop some dbus proxies when they are unneeded (tails/tails!1019)
4682 Closes issues:
4683 - Keyboard input sometimes not working in Tor Connection and Tor Browser
4684 (tails/tails#18485)
4686 Commits:
4687 - Rewrite dbus proxy code
4688 - Only run Tor Browser dbus proxy services when needed
4689 - Only run Onion Circuits dbus proxy service when needed
4690 - Automatically start dbus proxy service when Onion Circuits is started
4691 - Automatically start dbus proxy service when Tor Browser is started
4693 * tps: Treat unmounted partition as locked (tails/tails!1043)
4695 Closes issues:
4696 - tps-frontend lets user activate features when the Persistent Storage LUKS was
4697 not fully set up (tails/tails#19352)
4699 Commits:
4700 - tps: Treat unmounted partition as locked
4702 * Upgrader: don't crash when a download is interrupted and then resumed
4703 (tails/tails!1040)
4705 Commits:
4706 - Upgrader: don't crash when a download is interrupted and then resumed
4708 * tps: Bump the unlocking timeout to 120 seconds (tails/tails!1039)
4710 Closes issues:
4711 - Persistent Storage fails to unlock: timeout (tails/tails#19432)
4713 Commits:
4714 - tps: Bump the unlocking timeout to 120 seconds
4716 * Test suite: adjust to updated Tor Browser localization in German
4717 (tails/tails!1034)
4719 Closes issues:
4720 - Test suite step "the support documentation page opens in Tor Browser" is broken
4721 in German (tails/tails#19419)
4723 Commits:
4724 - Test suite: relax our expectations, again
4725 - Test suite: adjust to updated Tor Browser localization in German
4727 * Small fixes on Persistent Storage UI (tails/tails!1032)
4729 Commits:
4730 - Fix grammar
4731 - Add missing verb
4732 - Update doc-source-relationships.yml
4733 - Replace: 'doc/first_steps/persistence' with 'doc/persistent_storage'
4734 - Fix grammar
4735 - Avoid confusing future tense
4736 - Fix typography
4737 - Fix URL
4738 - Fix typography
4739 - Nitpick
4740 - Improve error message
4741 - Be more helpful in UI
4743 * GitLab CI: remove lint-latest-po job (tails/tails!1031)
4745 Closes issues:
4746 - Fix lint-latest-po (tails/tails#19378)
4748 Commits:
4749 - GitLab CI: remove lint-latest-po job
4751 * Welcome Screen: Avoid starting Persistent Storage app on each login
4752 (tails/tails!1028)
4754 Closes issues:
4755 - Remove Welcome Screen persistent settings hack (tails/tails#19062)
4756 - Persistent Storage settings always opened after login (tails/tails#19410)
4758 Commits:
4759 - still renaming directories
4760 - Improve comment documenting Welcome Screen settings design
4761 - Rename Welcome Screen settings directories
4762 - document Welcome Screen settings design
4763 - Remove workaround for persistent Welcome Screen settings directory
4764 - Welcome Screen: Avoid starting Persistent Storage app on each login
4766 * Update our doc to the new Persistent Storage (tails/tails!1024)
4768 Commits:
4769 - Update PO file
4770 - Remove old issue and work around
4771 - Nitpick
4772 - Add a bit more doubt
4773 - Add dummy changelog entry for 5.10.
4774 - Remove UDFs for versions we'll never release
4775 - Update PO files
4776 - Nitpick
4777 - Update core pages
4778 - This file is not about persistence anymore
4779 - Update cross-references
4780 - Add missing page
4781 - Answer FAQ
4782 - Update cross-references
4783 - Explain change
4784 - Give more visibility
4785 - Reorder by importance
4786 - No more warnings!
4787 - Integrate FAQ into doc
4788 - Fix Markdown
4789 - Remove Persistent Storage from installation doc
4790 - Move last warning to a better place
4791 - Fix broken links
4792 - Remove useless warning
4793 - Integrate warning in doc
4794 - Improve style
4795 - Remove screenshots
4796 - Layer the information
4797 - Remove CSS classes
4798 - Complete procedure
4799 - Update list of features
4800 - Rewrite in Markdown and improve style
4801 - Use full HTML
4802 - Update to new Persistent Storage
4803 - Move instructions to use the Persistent Storage to a dedicated page
4804 - Simplify anchors
4805 - Update icons
4806 - Add subsections and TOC
4807 - Reorder features as in new interface
4808 - Update to new Persistent Storage
4809 - Update to new Persistent Storage
4810 - Rename as Markdown file
4811 - Deduplicate content
4812 - Add icon
4813 - Add missing alt tags
4814 - Update to new Persistent Storage
4815 - Update doc to #19338
4816 - Add missing alt tags
4817 - Use more consistent terminology
4818 - Remove CSS
4819 - Fix broken links
4820 - Remove unused page
4821 - Fix broken links
4822 - Rename more pages and images
4823 - Merge inline in the only place where it was used
4824 - Create a dedicated doc section about the Persistent Storage
4825 - Deactivate trail plugin
4826 - Remove CSS about traillink
4827 - Remove traillink from templates
4828 - Remove HTML tags in Markdown
4829 - Remove traillink directives (#18951)
4830 - Explain better how to exchange with another Linux
4831 - Move long warning and FAQ to a dedicated page
4832 - Improve warning on opening from another OS
4833 - Remove unactionable warning
4834 - Update to 5.8
4835 - Improve style guide
4836 - Apply style guide
4837 - Lower importance
4838 - Improve intro
4839 - Split Persistent Storage creation and configuration
4841 * FIX Persistent Greeter options scenario (tails/tails!1021)
4843 Closes issues:
4844 - "Persistent Greeter options" test case is broken (tails/tails#19397)
4846 Commits:
4847 - clarify comment
4848 - login button in german, too
4849 - fix more images for German greeter
4850 - Fix test suite regexp
4851 - new images for persistent language
4852 - FIX Persistent Greeter options scenario
4854 * No predictable names in /tmp (tails/tails!1018)
4856 Closes issues:
4857 - Don't use predictable names in /tmp (tails/tails#19389)
4859 Commits:
4860 - Don't use predictable names in /tmp
4861 - Use service name without variables
4863 * tps: Ask for confirmation when Persistent Storage exists but is not unlocked
4864 (tails/tails!1011)
4866 Closes issues:
4867 - Confirm when starting without unlocking the Persistent Storage
4868 (tails/tails#15573)
4870 Commits:
4871 - Test Suite: Check if the confirmation dialog is displayed
4872 - Test suite: Fix "I log in to a new session" step failing
4873 - tps: Ask for confirmation when Persistent Storage exists but is not unlocked
4875 -- Tails developers <tails@boum.org> Wed, 15 Feb 2023 09:44:33 +0000
4877 tails (5.9) unstable; urgency=medium
4879 * Update tor to 0.4.7.13 (tails/tails!1013)
4881 Closes issues:
4882 - Upgrade to Tor 0.4.7.13 (tails/tails#19377)
4884 Commits:
4885 - Update tor to 0.4.7.13
4887 * Resolve "Upgrade to Tor Browser based on Firefox 102.7" (tails/tails!1012)
4889 Closes issues:
4890 - Upgrade to Tor Browser based on Firefox 102.7 (tails/tails#19360)
4892 Commits:
4893 - Fetch Tor Browser from our own archive
4894 - Upgrade Tor Browser to 12.0.2-build1
4896 * tps: Increase timeout of activate call (tails/tails!1006)
4898 Closes issues:
4899 - tps logs passphrase in cleartext in debug mode (tails/tails#19350)
4900 - Persistent Storage fails to activate: timeout (tails/tails#19347)
4902 Commits:
4903 - tps: Don't print status of NetworkManager.service to stdout
4904 - tps: Bump the activation timeout to 120 seconds
4905 - tps: Add log messages
4906 - tps: Log line which called executil helper functions
4908 * Troubleshooting mode: stop passing options that can only break stuff
4909 (tails/tails!999)
4911 Closes issues:
4912 - Reconsider Troubleshooting Mode kernel command line wrt. Wayland
4913 (tails/tails#19321)
4915 Commits:
4916 - Troubleshooting mode (syslinux): stop passing options that can only break stuff
4917 - Troubleshooting mode (EFI): stop passing options that can only break stuff
4919 * Upgrade to Linux 6.0 (tails/tails!996)
4921 Closes issues:
4922 - Add randomize_kstack_offset=1 to boot parameters (tails/tails#19023)
4923 - Enable BPF JIT hardening (tails/tails#19345)
4924 - Upgrade to Linux 6.0 (tails/tails#18467)
4926 Commits:
4927 - Test suite: allow the pattern to cover slightly less of the write cache
4928 - Revert renaming of /etc/amnesia/version to /etc/tails/version
4929 - Move "set -eu" to a better location
4930 - Test suite: remove dead code
4931 - Test suite: drop check about tails-version output
4932 - Upgrade to Linux 6.0.12-1~bpo11+1
4933 - early_patch: implement the initramfs-tools' "prereqs" interface
4934 - initramfs: stop including SCSI drivers
4935 - initramfs: bring back including all DRM modules
4936 - Always log the size of the initramfs
4937 - initramfs: remove support for AFS and CIFS
4938 - initramfs: remove support for PCMCIA and parallel port
4939 - initramfs: don't include firmware for drivers we removed
4940 - initramfs: remove sunrpc support
4941 - initramfs: remove a bunch more SCSI drivers
4942 - Add set -u
4943 - Drop set -x
4944 - Include fewer modules in the initramfs
4945 - Compress the initramfs with the most space-efficient XZ compression level
4946 - Simplify how we set initramfs compression algorithm
4947 - Hardening: turn on BPF JIT hardening, if the JIT is enabled.
4948 - Fix headings levels
4949 - Hardening: randomize kernel stack offset on syscall entry
4950 - initrd: install privacy screen provider drivers
4951 - Upgrade to Linux 6.0.3-1~bpo11+1 from bullseye-backports
4952 - Enable bullseye-backports APT source
4953 - Rename config/amnesia to config/variables
4954 - Rename /etc/amnesia to /etc/tails
4955 - Deprecate /usr/share/doc/amnesia/
4956 - The thing is called Tails
4957 - Drop support for config/amnesia.local
4958 - Update comment
4959 - Rename $AMNESIA_* variables
4960 - Remove unused variables
4962 * Tor Connection: Hide "Fix clock", "Proxy", and "Captive Portal" when time sync
4963 was successful already (tails/tails!986)
4965 Closes issues:
4966 - Add label to bridge line on the error screen (tails/tails#19332)
4967 - Hide "Fix clock", "Proxy", and "Captive Portal" when time sync was successful
4968 already (tails/tails#19171)
4970 Commits:
4971 - Make it easier to reason about state transitions
4972 - Tor Connection: simplify test
4973 - Tor Connection: improve phrasing
4974 - Tor Connection: make phrasing consistent
4975 - Tor Connection: tell the user when we know their network is blocking access to
4976 Tor
4977 - Tor Connection: explain what bridges are on the error screen
4978 - Tor Connection: rename "Bridge by email" section on the error screen
4979 - Tor Connection: add label to bridge line on the error screen too
4980 - Tor Connection: fix alignment of "Send an empty email" string
4981 - Tor Connection: Hide "Fix clock", "Proxy", and "Captive Portal" when time sync
4982 was successful already
4983 - Name widgets so we can act on them
4984 - Tor Connection: make log message somewhat clearer
4985 - Tor Connection: remember the result of tails-get-network-time
4987 * tps: Fix handling of symlink bindings (tails/tails!1009)
4989 Closes issues:
4990 - Persistent Storage sometimes fails to activate Dotfiles (tails/tails#19346)
4992 Commits:
4993 - tps behave-tests: Support passing flags to behave
4994 - tps behave-tests: Test source directory with symlink
4995 - tps behave-tests: Add README
4996 - tps: Fix BEHAVE_DEBUG_ON_ERROR feature of the behave tests
4997 - tps: Improve log messages
4998 - tps-frontend: Improve log and error messages
4999 - tps-frontend: Fix log level of message
5000 - tps: Fix activation of symlink bindings failing
5001 - tps: Fix log message
5002 - tps: Improve error message
5003 - tps: Fix Activate call failing with spurious error
5004 - tps: More useful error message
5006 * tps: Don't log parameters which can contain secrets (tails/tails!1005)
5008 Closes issues:
5009 - tps logs passphrase in cleartext in debug mode (tails/tails#19350)
5011 Commits:
5012 - tps: Don't log parameters which can contain secrets
5014 * Do not hide the GTK3 “application menu” button in title bars (tails/tails!1004)
5016 Closes issues:
5017 - Cannot access GTK3 application menus in Tails 5.8 / Wayland (tails/tails#19371)
5019 Commits:
5020 - Do not hide the GTK3 “application menu” button in title bars
5022 * Fix Tor Browser homepage localization when started from Tor Connection
5023 (tails/tails!1003)
5025 Closes issues:
5026 - Tor Browser homepage is not localized when started from Tor Connection
5027 (tails/tails#19369)
5029 Commits:
5030 - Simplify f-string
5031 - Lint
5032 - Fix Tor Browser homepage localization when started from Tor Connection
5034 * Update tails@ key (tails/tails!1001)
5036 Commits:
5037 - Test suite: ensure OpenPGP keys test is run when the only change on the branch
5038 is updating a key
5039 - Update tails@ key
5041 * Pull non-website PO files from Weblate (tails/tails!1000)
5043 Closes issues:
5044 - Pull non-website PO files from Weblate (tails/tails#19322)
5046 Commits:
5047 - import-translations: remove obsolete reference to Transifex
5048 - import-translations: drop support for excluding languages
5049 - generate-languages-list: workaround the fact we can't distinguish reviewed
5050 translations from non-reviewed ones
5051 - Pull non-website PO files from Weblate
5053 * Make a few user-facing strings localizable (tails/tails!998)
5055 Closes issues:
5056 - Not localized (internationalized) strings (tails/tails#19349)
5058 Commits:
5059 - Integrate the Welcome Screen's main_window.py into our l10n framework
5060 - Lint
5061 - Make a few user-facing strings localizable
5063 * Autocorrect Rubocop violations (tails/tails!997)
5065 Commits:
5066 - Test suite: lint
5067 - Test suite: run rubocop --autocorrect
5069 * Improve wording of backup utility (tails/tails!995)
5071 Closes issues:
5072 - Improve wording of backup utility (tails/tails#19348)
5074 Commits:
5075 - Test suite: adjust to new UI wording
5076 - Use more consistent wording
5077 - Fix typography
5078 - Improve wording
5080 * Fix newly discovered shellcheck violations (tails/tails!994)
5082 Commits:
5083 - Fix "lb build" exit code reporting
5084 - Add missing quotes
5086 * Remove scrollbar in Favorites (tails/tails!992)
5088 Closes issues:
5089 - Need to scroll to see all Favorites (tails/tails#19338)
5091 Commits:
5092 - Apply 1 suggestion(s) to 1 file(s)
5093 - Test suite: fix "the screen keyboard works in Tor Browser"
5094 - Lint
5095 - Test suite: remove dead code
5096 - Test suite: retry opening new tab
5097 - Test suite: ensure Tor Browser has loaded the home page before we continue
5098 - Test suite: spam Tor Browser less intensively
5099 - Test suite: remove unused code
5100 - Test suite: start Tor Browser and Thunderbird by typing their name
5101 - Test suite: fix typo in comment
5102 - Remove scrollbar in Favorites
5104 * Remove dead code about TAILS_WIKI_SUPPORTED_LANGUAGES (tails/tails!991)
5106 Commits:
5107 - WhisperBack: don't try to include non-existing tails-greeter.errors file
5108 - WhisperBack: don't try to include non-existing xorg.conf
5109 - Remove l10n plumbing for WhisperBack configuration file
5110 - Remove obsolete .xsessionrc
5111 - Lint
5112 - WhisperBack config: remove dead code
5114 * Test suite: fix Unsafe Browser localization test in French (tails/tails!988)
5116 Commits:
5117 - Test suite: fix Unsafe Browser localization test in French
5119 * Revert "Run Qt applications as native Wayland by default" (tails/tails!987)
5121 Closes issues:
5122 - Remove obsolete config/chroot_local-includes/usr/share/live/config/xserver-
5123 xorg/*.ids (tails/tails#19330)
5124 - Qt AppImages broken on Tails 5.8 (tails/tails#19326)
5125 - Clipboard encryption/decryption with Kleopatra is broken on Wayland
5126 (tails/tails#19329)
5127 - can't paste into unlock password field in KeepassXC in Tails 5.8
5128 (tails/tails#19327)
5130 Commits:
5131 - Remove obsolete per-device X.Org driver override via live-config
5132 - Revert "Don't run OnionShare as a native Wayland app"
5133 - Revert "Run Qt applications as native Wayland by default"
5135 * Remove the warning dialog when starting the Unsafe Browser (tails/tails!985)
5137 Closes issues:
5138 - Explain better the Unsafe Browser from Tor Connection (tails/tails#19168)
5140 Commits:
5141 - Test suite: adjust to removed warning dialog
5142 - Remove the warning dialog when starting the Unsafe Browser
5144 * Make the Upgrader use the mirror redirector (tails/tails!983)
5146 Commits:
5147 - Upgrader: use dedicated SocksPort with no stream isolation
5148 - Test suite: remove test whose cost/benefit has become very high
5149 - Test suite: apply user-facing terminology
5150 - Design doc: remove outdated details
5151 - Remove now unused mirror-pool-dispatcher submodule
5152 - Design doc: update what the fallback DNS pool is used for
5153 - Drop dead code, obsolete dependencies, and obsolete tweaks
5154 - Upgrader: Drop the "replace URL with a random one from the mirror pool JSON"
5155 and "fallback to DNS pool" mechanisms
5156 - Upgrader: bring back explanation when impossible to do an incremental upgrade
5157 - IUK test suite: adjust to 888b78811bcd156284d01a063d448f6bd693db22
5158 - Design doc: use new download URI in example UDFs
5159 - Generate UDFs that point to the mirror redirector for ISO and IUK downloads
5161 * Welcome Screen: restore ability to login with default settings by pressing
5162 "Enter" (tails/tails!982)
5164 Closes issues:
5165 - Login with default settings now requires pressing "Enter" twice in the Welcome
5166 Screen (tails/tails#19323)
5168 Commits:
5169 - Welcome Screen: restore ability to login with default settings by pressing
5170 "Enter"
5172 * switch Persistent Storage icon to SVG (tails/tails!980)
5174 Closes issues:
5175 - Replace Persistent Storage icon with SVG version (tails/tails#19316)
5177 Commits:
5178 - Also use the SVG icon in the Welcome Screen
5179 - Switch Persistent Storage icon to SVG
5181 -- Tails developers <tails@boum.org> Mon, 23 Jan 2023 11:53:31 +0100
5183 tails (5.8) unstable; urgency=medium
5185 * Upgrade Thunderbird to 102.6.0-1~deb11u1
5187 * Fix FTBFS: refresh patch (tails/tails!965)
5189 Closes #19297
5191 Commits:
5192 - Fix FTBFS: refresh patch
5194 * Update tor browser to 12.0.1 (tails/tails!979)
5196 Closes #19313
5198 Commits:
5199 - Fetch Tor Browser from our own archive
5200 - Upgrade Tor Browser to 12.0.1-build1
5202 * Enable bullseye-proposed-updates (to test Bullseye 11.6 before it's released),
5203 upgrade to Linux 5.10.158 (tails/tails!975)
5205 Closes #19301, #19293
5207 Commits:
5208 - After disabling the Tor Configuration persistence feature, only start Tor
5209 Connection if we're connected to a local network
5210 - Also consider the Linux kernel from bullseye-updates
5211 - Install the Linux kernel from bullseye-proposed-updates, if that suite is
5212 enabled
5213 - Test suite: remove unused image
5214 - Upgrade to Linux 5.10.158-1
5215 - Enable bullseye-proposed-updates, to test Bullseye 11.6 before it's released
5216 - Bump snapshot of the Debian archive to 2022121302, so we can use proposed-
5217 updates for Bullseye 11.6
5219 * Test suite: make keyboard input more reliable (tails/tails!971)
5221 Commits:
5222 - Test suite: increase sleep time at the end of Screen#type
5223 - Test suite: correct comment
5224 - Test suite: keep keys pressed for 40 ms
5225 - Test suite: improve comment
5226 - Test suite: keep keys pressed for 20 ms instead of 10 ms
5227 - Test suite: update comment
5229 * Fix Dotfiles access for non-root users (tails/tails!968)
5231 Closes #19278
5233 Commits:
5234 - Fix dotfiles access for non-root users
5236 * Adapt to Wayland our error reporting mechanism when GDM fails to start
5237 (tails/tails!951)
5239 Closes #19227
5241 Commits:
5242 - resorting to X.Org → crash → better UX!
5243 - Adapt to Wayland our error reporting mechanism when GDM fails to start
5245 * Switch from bullseye-proposed-updates to Bullseye 11.6 (tails/tails!978)
5247 Closes #19315
5249 Commits:
5250 - Revert "Enable bullseye-proposed-updates, to test Bullseye 11.6 before it's
5251 released"
5252 - Bump APT snapshots
5254 * Tor Connection UI improvements (tails/tails!977)
5256 Closes #19238, #19256, #19169, #19172
5258 Commits:
5259 - Tor Connection: fix window size
5260 - Fix links from Tor Connection to the offline documentation
5261 - Tor Connection: fix typo in string
5262 - Tor Connection: display QR code scanning error below the scanning button
5263 - Add label to bridge line
5265 * Persistent Storage: use new icon (tails/tails!976)
5267 Commits:
5268 - Use the new Persistent Storage icon on the Welcome Screen when the Persistent
5269 Storage does not exist yet
5270 - Persistent Storage: use new icon
5272 * Allow persisting bridge scanned from QR code, take 1 (tails/tails!973)
5274 Closes #19281
5276 Commits:
5277 - Allow persisting bridge scanned from QR code, take 1
5279 * Update tor to 0.4.7.12 (tails/tails!972)
5281 Closes #19310
5283 Commits:
5284 - Update tor to 0.4.7.12
5286 * fix window centering (tails/tails!970)
5288 Closes #19045
5290 Commits:
5291 - Ensure extension description matches what it actually does
5292 - gdm-tails is a GDM session, with extension support
5293 - more comments to clarify subtleties
5294 - check which session we're in is more to the point
5295 - not really needed
5296 - Apply 1 suggestion(s) to 1 file(s)
5297 - stop "when it's done" , not predefined time
5298 - window-centering only runs in GDM
5299 - increase timeout
5300 - rounding is needed to avoid false moves
5301 - better comments and log messages
5302 - Revert "avoid useless CPU work"
5303 - avoid useless CPU work
5304 - extensions are disabled in GDM: workaround
5305 - window centering in Greeter
5307 * Remove static suggestion of diceware passphrase (tails/tails!969)
5309 Closes #19305
5311 Commits:
5312 - Remove static suggestion of diceware passphrase
5314 * Allow disabling the Unsafe Browser (tails/tails!967)
5316 Closes #19289
5318 Commits:
5319 - fix "I disable the Unsafe Browser" in corner cases
5320 - adapt Greeter options persistence
5321 - fix test suite for new wording
5322 - Adjust to the Unsafe Browser being disabled by default
5323 - Update tests
5324 - Enable Unsafe Browser by default
5325 - Revert "Welcome Screen: always enable the Unsafe Browser and make the setting
5326 obsolete"
5328 * Misc Persistent Storage fixes for 5.8 (tails/tails!966)
5330 Closes #19220, #19279, #19280, #19148, #19294
5332 Commits:
5333 - Don't run OnionShare as a native Wayland app
5334 - Run Qt applications as native Wayland by default
5335 - Allow running Qt applications as native Wayland
5336 - Remove Dasher (broken on Wayland)
5337 - Tell the user what's going on while deleting Persistent Storage
5338 - When Persistent Storage is unlocked, instruct how to delete it
5339 - Persistent Storage: add missing link to doc on the features screen
5341 * FIX --disable-chutney (tails/tails!961)
5343 Commits:
5344 - FIX --disable-chutney
5346 * Tor Connection: select "Ask for a bridge by email" by default when "Hiding"
5347 (tails/tails!957)
5349 Closes #19167
5351 Commits:
5352 - Make it easier to scan a QR code
5353 - Tor Connection: select "Ask for a bridge by email" by default when "Hiding"
5355 * Tor Connection: display percentage on the connection progress bar
5356 (tails/tails!955)
5358 Commits:
5359 - Tor Connection: display percentage on the connection progress bar
5361 * TPS explanation strings, and more (tails/tails!947)
5363 Closes #18759
5365 Commits:
5366 - remove vague comment
5367 - remove dead code
5368 - remove dead code
5369 - explanation strings for relevant TPS features
5371 * Additional Software: ensure APT is not broken after being interrupted
5372 (tails/tails!946)
5374 Closes #18657
5376 Commits:
5377 - Additional Software: ensure APT is not broken after being interrupted
5379 * Test suite: relax our expectations for coverage of the known pattern in memory
5380 (tails/tails!944)
5382 Commits:
5383 - Test suite: relax our expectations for coverage of the known pattern in memory
5385 * create persistent storage from the greeter (tails/tails!922)
5387 Closes #15586
5389 Commits:
5390 - change wording following the new style
5391 - comment to explain flag files
5392 - tabs → spaces
5393 - Apply 3 suggestion(s) to 3 file(s)
5394 - Fix labels
5395 - greeter test suite code refactor
5396 - checking early is useless and ineffective
5397 - FIX look at the actual value
5398 - big code refactoring
5399 - actually handle button
5400 - better size and margins for padlock
5401 - make label the same in glade and python
5402 - remove suggested-action
5403 - Reorder in greeter
5404 - Better real estate use
5405 - draft: automated tests
5406 - "don't create" is not a suggested-action
5407 - Clearer state management in UI
5408 - actually start persistent storage setup
5409 - draft: create persistent storage from greeter
5411 * Upgrade Tor Browser to 12.0 (tails/tails!921)
5413 Closes #19135, #19085
5415 Commits:
5416 - Test suite: bump timeout
5417 - Make code more readable
5418 - Fetch Tor Browser from our own archive
5419 - Upgrade Tor Browser to 12.0
5420 - Test suite: fix "Downloading files with the Tor Browser" scenario with Tor
5421 Browser 12 on Wayland
5422 - Test suite: improve comment phrasing
5423 - Test suite: only compute keymap once in Screen#press
5424 - Test suite (mouse_location): remove unused method parameters
5425 - Fix buggy (invisible) conflict resolution from rebase
5426 - Turn off shellcheck false positive
5427 - Drop obsolete mentions of $TBB_EXT
5428 - Drop import of library that's not needed anymore
5429 - Update handling of Tor Browser locales
5430 - Fix location for Burmese
5431 - Declare newly added Tor Browser locales
5432 - Don't try to install non-existing langpacks
5433 - Tor Browser update process: there's no langpacks anymore
5434 - Fetch Tor Browser from our own archive
5435 - Upgrade Tor Browser to 12.0a5
5436 - Upgrade Tor Browser to nightly.2022.11.22
5437 - Thunderbird: avoid proxy bypass, same as Tor Browser
5438 - Test suite: Unsafe Browser has no bookmarks at all anymore
5439 - Unsafe Browser: delete default bookmarks
5440 - Test suite: update expected images
5441 - Test suite: update expected images
5442 - Upgrade Tor Browser to 12.0a4
5443 - Thunderbird: replace network.security.ports.banned pref with
5444 network.proxy.allow_hijacking_localhost
5445 - Tor Browser: remove network.security.ports.banned pref, which does more harm
5446 than good
5447 - Update AppArmor policy for Tor Browser 12
5448 - Test suite: update expected images for Tor Browser 12
5449 - Test suite: update expected Unsafe Browser images for Tor Browser 12
5450 - Lint
5451 - Remove unused variable
5452 - Test suite: update expected images for Tor Browser 12
5453 - Test suite: remove obsolete complexity
5454 - Test suite: update for new "New Identity" UX in Tor Browser 12
5455 - Test suite: spam Tor Browser less intensively
5456 - Test suite: refactoring (DRY)
5457 - Test suite: update expected image
5458 - Test suite: spam Tor Browser less intensively
5459 - Test suite: add support for Tor Browser nightly builds
5460 - Clarify comment
5461 - Fix indentation
5462 - Drop unused flexibility
5463 - Remove obsolete variable
5464 - Adjust to multilingual Tor Browser tarball
5465 - Adjust to script being renamed upstream
5466 - Upgrade Tor Browser to nightly.2022.10.19
5467 - Tor Browser upgrade doc: support nightly builds, assume multilingual tarball
5468 - Upgrade Tor Browser to 12.0a3
5469 - Unsafe Browser: also apply branding to brand.properties
5470 - Fix grammar in comment
5471 - Unsafe Browser: don't ask confirmation when quitting with CTRL+q
5472 - Test suite: update Unsafe Browser images
5473 - Test suite: add expected unused Tor Browser library
5474 - Test suite: adjust to Tor Browser 12's (Firefox 102) new download flow
5475 - Upgrade Tor Browser to 12.0a2
5476 - Clarify wording
5478 -- Tails developers <tails@boum.org> Mon, 19 Dec 2022 09:43:26 +0000
5480 tails (5.8~beta1) unstable; urgency=medium
5482 * Rewrite the Persistent Storage settings in Python (tails/tails!897)
5484 Closes: #17803, #15142, #11529, #15827, #7002, #18008, #17331, #7503, #19130, #16061, #15313
5486 Commits:
5487 - Change test case to reflect what we wanted
5488 - Really disable broken Thunderbird test
5489 - fix reload-connections hook during greeter
5490 - clarify Mount.__str__ from persistence.conf format
5491 - one more type hint
5492 - remove a (never used) systemd alias
5493 - symlink_to ignores the second argument.
5494 - sort hook execution
5495 - Point to issue
5496 - Update comment
5497 - Reset Tor configuration when deactivating the corresponding Persistent Storage
5498 feature
5499 - Don't install/upgrade Additional Software unless the corresponding persistent
5500 directories are mounted
5501 - Don't try to create Persistent Storage when the system partition is not called
5502 "Tails"
5503 - Don't try to create Persistent Storage on non-GPT device
5504 - Persistent Storage creation: use UI strings from the design
5505 - Add ssh as a conflict app for the SSH client feature
5506 - Move "Tor Browser Bookmarks" to Applications section of Persistent Storage
5507 settings
5508 - Save with Glade 3.40.0
5509 - Reload NetworkManager connections when activating/deactivating the
5510 corresponding Persistent Storage feature
5511 - tps-frontend: fix icons path
5512 - Stop setting custom permissions on /var/lib/live/config
5513 - WhisperBack: don't include obsolete file in the attached technical info
5514 - CUPS: update configuration files as soon as possible
5515 - Restart CUPS after enabling/disabling the Printers persistent storage feature
5516 - Remove incorrect comment
5517 - Remove function that's not used anymore
5518 - tails-additional-software-config: adjust to new Persistent Storage
5519 implementation
5520 - Refactoring: move method to library
5521 - Revert "Test suite: workaround regression in Additional Software"
5522 - tails-additional-software: don't wait for tps-frontend to complete before
5523 writing contents to live-additional-software.conf
5524 - Add docstring
5525 - launch_x_application: drop feature we don't need anymore
5526 - Add exceptions for Bandit false positives
5527 - Use long option name
5528 - Harden sudo configuration
5529 - Revert "Test suite: add temporary workaround for tps buggy user story wrt.
5530 dotfiles"
5531 - Fix the user story for Dotfiles
5532 - Lint
5533 - tps: document behavior that can be surprising
5534 - TCA: fix setup of persistent bridge switch widget
5535 - Remove unused script and service
5536 - Test suite: remove obsolete workaround
5537 - TCA: drop useless code
5538 - TCA: fix localization of window title
5539 - Remove unused copied'n'pasted constant
5540 - TCA: mediate reading/writing from/to tca.conf via tca-portal
5541 - Update logger's name: "tor-launcher" does not mean anything in this context
5542 anymore
5543 - Remove unused import
5544 - TCA: remove unused import
5545 - TCA: fix type of argument
5546 - Don't allow deleting an unlocked Persistent Storage
5547 - Drop incomplete attempt to support unlocking Persistent Storage after login
5548 - Unsafe Browser: adjust to the removal of persistence_is_enabled in tails-
5549 greeter.sh
5550 - Lint
5551 - Remove useless customization
5552 - Fix typo in docstring
5553 - Add Synaptic, apt-get, and dpkg as conflicting apps for the Additional Software
5554 persistent storage feature
5555 - Remove "XXX" comment: this is about further improving a feature that was not
5556 even planned in the design
5557 - Remove "XXX" comment: already tracked on the issue
5558 - Lint
5559 - Remove "XXX" comment: moved to the issue
5560 - Lint
5561 - Fix variable type mismatch
5562 - Remove "XXX" comment: moved to the issue
5563 - Remove "XXX" comment
5564 - Add check
5565 - Remove "XXX" comment: let's not translate stuff that the user has no chance to
5566 ever see
5567 - Remove "XXX" comment: moved to the issue
5568 - Test suite: fix Gherkin When/Then semantics
5569 - Test suite: fix backup scenario
5570 - Remove unused import
5571 - Test suite: refactoring (extract code to method)
5572 - Revert "Test suite: adjust for increased TimeoutStopsec= (refs: #17278)"
5573 - Test suite: check earlier that Additional Software is correctly configured
5574 - Test suite: workaround regression in Additional Software
5575 - Test suite: minor refactoring
5576 - Additional Software: add more accurate wait loop
5577 - Update comment
5578 - Additional Software: don't run tps a second time
5579 - Additional Software: drop unsupported and now useless options
5580 - mypy: enable a few more checks
5581 - mypy: ignore gi and gi.repository
5582 - Help mypy discover our Python libraries
5583 - Lint
5584 - Fix comment phrasing
5585 - Fix activating Additional Software with an unlocked persistent storage
5586 - Test suite: use shortcut
5587 - Test suite: continue adapting to new UI
5588 - Remove obsolete scripts
5589 - Test suite: drop the Persistent Storage configuration file unit tests
5590 - Fix indentation
5591 - Ignore flake8 false positives
5592 - tps test suite: make config_file_test support the case when udisks is not
5593 running
5594 - Fix typo in comment
5595 - GitLab CI: drop test-persistent-storage-behave
5596 - Fix tps behave tests when a dedicated filesystem is mounted on /tmp
5597 - Add support for debug output without a debugger installed
5598 - Lint
5599 - Fix type mismatch
5600 - Lint
5601 - Test suite: finish adapting "I delete the persistent partition" to new UI
5602 - Use string from the design
5603 - Fix inverted boolean logic
5604 - Fix typo in comment
5605 - Make it possible to run config_file_test.py without a tails-persistent-storage
5606 user
5607 - Revert "tps: Change owner of persistence.conf to root"
5608 - Move class docstring where it belongs
5609 - Fix typo in comment
5610 - Test suite: don't test for persistence.conf.bak existence
5611 - Test suite: run the persistence storage behave and config file unit tests
5612 - GitLab CI: add missing dependencies
5613 - GitLab CI: run persistent storage tests in separate jobs
5614 - tps test suite: use larger filesystem to that mke2fs can create a Journal
5615 - Fix typo in comment
5616 - Declare mount flags used by the tps test suite
5617 - tps test suite: use the same mount flags as production
5618 - Sort ExecStartPre before ExecStart, just like their execution order
5619 - Maintain directories with systemd-tmpfiles
5620 - Forbid usage as non-amnesia: this would break stuff
5621 - Simplify code and make bookmark removal an atomic operation
5622 - Do all GNOME bookmarks changes as the amnesia user
5623 - Use canonical directory location
5624 - Protect grep command against special regexp chars
5625 - Revert incomplete split of the Welcome Screen persistence feature
5626 - Welcome Screen: don't allow login until we're fully done activating the
5627 Persistent Storage
5628 - Remove unused import
5629 - Welcome Screen: point to new issue that tracks a cleanup that's now possible
5630 - Remove unused imports
5631 - Lint
5632 - Remove unused import
5633 - Don't let tempfile try to delete file that we just renamed
5634 - Don't try (and fail) to refresh features' IsActive when unlocking
5635 - Use different variables names when we're using them to store different data
5636 types
5637 - Fix comment grammar and clarify
5638 - Test suite: add temporary workaround for tps buggy user story wrt. dotfiles
5639 - Add shellcheck exception
5640 - Test suite: actually enable all persistence presets.
5641 - tps: Remove config file backup functionality
5642 - tps: Make writes to the configuration file atomic
5643 - tps: Fix "invalid boot device" message not shown
5644 - tps: Fix state handling
5645 - tps: Handle expected error that deletion fails because device is busy
5646 - tps: Don't unmount with force
5647 - Remove unused IncorrectOwnerException and IncorrectOwnerError
5648 - Rename test directory
5649 - tps: Remove the obsolete mount test
5650 - GitLab CI: Run the tps config file test
5651 - tps: Fix config file test
5652 - tps: Change owner of persistence.conf to root
5653 - tps: Deactivate features before deleting
5654 - Test suite: start porting to new implementation of Persistent Storage
5655 - Test suite: update referenced class name
5656 - tps: Don't make the tps service exit when closing the app
5657 - tps: Add button to open tails-additional-software-config
5658 - tps: Add labelled-by property to list boxes in features_view.ui
5659 - tps: Fix test
5660 - tps: Print debug log messages when running behave tests
5661 - tps: Make features view accessible to screen readers
5662 - tps: Format features_view.ui with glade
5663 - tps: Use connect-drop
5664 - connect-drop: Avoid opening an additional file descriptor
5665 - actually authenticate to dbus
5666 - Test suite: remove obsolete images
5667 - Persistent Storage frontend: add accessibility relationships
5668 - connect-drop: fix style
5669 - connect-drop: --dbus has help line
5670 - connect-drop: option groups
5671 - connect-drop --env-keep
5672 - connect-drop is now DBus-aware
5673 - WIP: Update Persistent Storage design document
5674 - Update Persistent Storage design document
5675 - tps: Add basic support for custom features
5676 - Clarify branded names
5677 - tps: Add some accessibility information
5678 - tps: Improve layout
5679 - Set executable bit on unlock-veracrypt-volumes
5680 - tps: Use tails-documentation to open doc links
5681 - tps: Add a HACKING.md
5682 - tps: Try again using get_block_for_dev
5683 - tps: Add Tor Configuration feature
5684 - tps: Remove Language and Region feature
5685 - tps: Start implementing language and region feature
5686 - Rewrite Persistent Storage settings in Python (refs: #17803)
5688 * Tor bridges QR code scanning (tails/tails!874)
5690 Closes: #18219
5692 Commits:
5693 - match labels between code and tests
5694 - do whatever dogtail wants
5695 - fix labeling in tca
5696 - Test suite: update to new string
5697 - Apply GNOME style guide
5698 - Implement sajolida's new design for bridges input on the error screen
5699 - Polish new bridge input UI
5700 - infobar works in error page, too
5701 - infobar moved up
5702 - MessageDialog → InfoBar
5703 - scanning QR from error page is tested, too
5704 - test suite refactoring
5705 - adapt QR code automated test to new mockup
5706 - using QR code sets state
5707 - the new mockup now seems to behave
5708 - scan qrcode: new mockup
5709 - change wording for QR code errors
5710 - Test suite: ensure we see the QR code on the screen
5711 - run_test_suite: check recently added dependencies
5712 - WIP: Test suite: add test for QR code scanning feature in Tor Connection
5713 - Reference issue that has more details instead of a commit that lacks context
5714 - Don't load library that we don't use anymore
5715 - show no dialog if the user closes zbarcam
5716 - Ignore zbarcam output if it arrives too late
5717 - Add the v4l2loopback kernel module
5718 - improve labels before UX does :)
5719 - Tor Connection: disable the "Scan a QR code" button until "Enter a bridge that
5720 you already know" is selected
5721 - gettext for dialog
5722 - implement Scan QR code from error step, too
5723 - better error handling
5724 - QR code content is parsed/validated
5725 - doctests for parse_qr_content
5726 - Convert the contents of the QR code into bridge lines
5727 - clicking on "Scan QR code" does something...
5728 - glade: clicked callback + naming convention
5729 - Tor Connection: add button to scan QR code
5730 - scanning Tor bridges QR codes: building blocks
5732 * Migrate from X.Org to Wayland (tails/tails!838)
5734 Closes: #12213, #19042, #14623, #15635, #19008, #16795, #18020, #17284, #5422, #9767, #7502, #18339
5736 Commits:
5737 - Test suite: don't expect the application title seen on the accessibility bus to
5738 be localized
5739 - Glade: AtkObject::accessible-role properties should not be translatable
5740 - Test suite: fix clearing notifications
5741 - FIX sandbox check for some parts of the test suite
5742 - Test suite: simplify
5743 - workaround an a11y bug preventing test suite
5744 - one more test suite fix
5745 - Test suite: migrate to input techniques that work on Wayland
5746 - TPS is on Wayland, a11y, ibus...
5747 - remove unused import
5748 - Update path
5749 - more explicit block clearnet → internal services
5750 - FIX proxy test for unsafebrowser
5751 - Really disable broken Thunderbird test
5752 - no incoming connections to UnsafeBrowser
5753 - tails-add-session-firewall-rune work without --apply
5754 - typo
5755 - Test suite: make test work in non-English locales
5756 - Test suite: rename step to match what it currently checks
5757 - Fix typos in comment
5758 - Test suite: remove workaround
5759 - Test suite: fix race condition
5760 - Test suite: add missing space between words in error message
5761 - Extract Python code to an external script
5762 - Simplify
5763 - Drop unnecessary /g regexp modifiers
5764 - Use extended regexps
5765 - Don't install unneeded systemd-container
5766 - Update comment
5767 - Remove obsolete comment
5768 - Fix typo in comment
5769 - Update comment
5770 - Improve user-facing string
5771 - Use install(1) instead of mkdir + chown
5772 - Make variable name correctly reflect its value
5773 - Make variable name correctly reflect its value
5774 - Add missing word in error message
5775 - Test suite: drop unnecessary step
5776 - Test suite: move and warn about xdotool using code
5777 - Fix a bunch of issues identified by shellcheck
5778 - Unsafe Browser: drop workarounds.
5779 - Test suite: clarify/simplify code
5780 - Test suite: fix recovery
5781 - Test suite: fix robustness issue
5782 - Test suite: verify that browser address bar images exist
5783 - Test suite: adjust path
5784 - Test suite: fix sanity check
5785 - Test suite: drop comment
5786 - Unsafe Browser: move code
5787 - Unsafe Browser: drop unnecessary mount for container
5788 - Test suite: adapt firewall sanity check to the clearnet network namespace
5789 - Test suite: adapt test after dropping the greeter's Unsafe Browser setting
5790 - Test suite: adapt regex to new command line
5791 - Test suite: deal with Unsafe Browser permission error
5792 - Test suite: export Unsafe Browser bookmarks into an accessible directory
5793 - Unsafe Browser: allow access to /etc/hosts in AppArmor profile
5794 - Test suite: use correct step
5795 - Welcome Screen: really hide the "Add" button for obsolete settings
5796 - Welcome Screen: always enable the Unsafe Browser and make the setting obsolete
5797 - Revert "Unsafe Browser: prevent accidental/malicious operation under Xorg"
5798 - Unsafe Browser: further isolate from the root filesystem
5799 - Unsafe Browser: drop duplicated mount
5800 - Fix incorrect merge conflict resolution.
5801 - Unsafe Browser: expose the real /home
5802 - Unsafe Browser: confine with AppArmor
5803 - Unsafe Browser: prevent accidental/malicious operation under Xorg
5804 - Unsafe Browser: work around issue with ibus/a11y proxy stopping
5805 - Make necessary firewall rules in tails-create-netns persist throughout the
5806 session.
5807 - Unsafe Browser: migrate to tails-create-netns
5808 - Unsafe Browser: run as native Wayland application
5809 - Unsafe Browser: start with tailslib.netnsdrop.run_in_netns()
5810 - Add missing double quotes
5811 - Use $() to get a command's output, not backticks
5812 - Add missing double quotes
5813 - Drop unused argument
5814 - Disable shellcheck false positive
5815 - Test suite: work around the Screen Keyboard not appearing as it should on
5816 Wayland
5817 - Patch Thunderbird AppArmor profile so it works in Wayland.
5818 - Thunderbird: enable Wayland support
5819 - Test suite: fix a bunch of incorrect/buggy Dogtail click actions
5820 - Tor Browser: enable Wayland support
5821 - Test suite: fix a bunch of incorrect Dogtail "click" actions
5822 - Test suite: make test more robust.
5823 - Unsafe Browser: enable ibus and accessibility!
5824 - Test suite: actually disable TOR_TRANSPROXY for the Unsafe Browser
5825 - Test suite: optimization
5826 - Test suite: fix chroot vs pmap mismatch.
5827 - Test suite: fix Dogtail for non-amneisia users
5828 - Test suite vs Wayland: fix another issue when clicking crashes accessibility
5829 - Remote shell: get the GNOME environment from the python library instead
5830 - Fix environment so accessibility is working with launch_x_application()
5831 - Test suite vs Wayland: deal with several issues when installing packages in
5832 synaptic
5833 - Test suite: deal with XWayland vs Dogtail issue for synaptic run as root
5834 - Test suite: enable the accessibility toolkit for the root user
5835 - Remote shell: set XAUTHORITY, which isn't set by export_gnome_env() any more
5836 - Wayland vs export_gnome_env(): drop variables not dumped into /run/gnome-shell-
5837 environment/environ
5838 - Test suite: deal with Wayland vs Dogtail issue
5839 - Test suite: deal with GNOME notification buttons being unclickable through
5840 Dogtail
5841 - Test suite: work around another instance where Dogtail breaks after clicking a
5842 button
5843 - Test suite: use correct activation for some particular push buttons.
5844 - Test suite: deal with Wayland vs Dogtail issue.
5845 - Test suite: some radio buttons want 'click', some want 'select'.
5846 - Test suite: work around AT-SPI action bug
5847 - Test suite: apparently some buttons want "click" while others want "press"
5848 - Test suite: fix Electrum test vs Wayland migration.
5849 - Test suite: use appropriate Dogtail actions for push/radio buttons.
5850 - Test suite: use better image when waiting for snapshots to be restored fully.
5851 - Unsafe Browser: hook zenity dialogs to at-spi bus.
5852 - stop installing xorg packages
5853 - Test suite: handle Unsafe Browser exiting with an error code after being
5854 killed.
5855 - Test suite: adapt Unsafe Browser tests since migrating to Wayland.
5856 - Test suite: adapt to Wayland
5857 - Test suite: adapt to Wayland
5858 - Revert "Remove unused exec_unconfined_firefox()."
5859 - Update GNOME Shell user service name for Wayland
5860 - Test suite: migrate more tests to input techniques that work on Wayland
5861 - Remote shell: ensure $DISPLAY is set
5862 - Test suite: don't import dogtail.rawinput that can't work on Wayland
5863 - Test suite: generate methods with meta-programming
5864 - Test suite: migrate to input techniques that work on Wayland
5865 - Test suite: remove X.Org-specific workaround
5866 - Fix typo in comment
5867 - Test suite: click in a way that works on Wayland
5868 - Test suite: remove unused method that's broken on Wayland
5869 - Unsafe Browser: set up networking via a new namespace.
5870 - Revert "Unsafe Browser: crappy attempt to sort of get networking up."
5871 - Unsafe Browser: crappy attempt to sort of get networking up.
5872 - Unsafe Browser: bind-mount resolv.conf as read-only.
5873 - Unsafe Browser: experiment for running as the amnesia user.
5874 - Stop disabling Wayland in GDM (refs: #12213).
5875 - Revert "Use X.Org in amnesia's GNOME session (refs: #12213)."
5877 -- Tails developers <tails@boum.org> Wed, 02 Nov 2022 09:47:35 +0000
5879 tails (5.7) unstable; urgency=medium
5881 * fix FTBFS: don't remove, just hold (tails/tails!960)
5883 Closes issues:
5884 - Tails FTBFS: grub-pc is not configured (tails/tails#19290)
5886 Commits:
5887 - don't remove, just hold
5889 * Resolve "Upgrade to Tor Browser 11.5.8" (tails/tails!962)
5891 Closes issues:
5892 - Upgrade to Tor Browser 11.5.8 (tails/tails#19295)
5894 Commits:
5895 - Fetch Tor Browser from our own archive
5896 - Upgrade Tor Browser to 11.5.8-build1
5898 * Add Metadata Cleaner (#18101) (tails/tails!959)
5900 Closes issues:
5901 - Mention MAT and metadata on /about (tails/tails#19206)
5902 - Add Metadata Cleaner (tails/tails#18101)
5904 Commits:
5905 - Mention Metadata Cleaner from /about (#19206)
5906 - Document Metadata Cleaner (#18101)
5907 - Add Metadata Cleaner (#18101)
5909 * WhisperBack debugging info: have df ignore filesystems of type fuse.portal
5910 (tails/tails!958)
5912 Closes issues:
5913 - Can't start WhisperBack when /root/.cache/doc is mounted (tails/tails#19282)
5915 Commits:
5916 - WhisperBack debugging info: have df ignore filesystems of type fuse.portal
5918 * Update htpdate pool: secure.flickr.com → flickr.com (tails/tails!954)
5920 Commits:
5921 - Update htpdate pool: secure.flickr.com → flickr.com
5923 * Update tor to 0.4.7.11 (tails/tails!953)
5925 Closes issues:
5926 - Upgrade to tor 0.4.7.11 (tails/tails#19276)
5928 Commits:
5929 - Update tor to 0.4.7.11
5931 * Remove broken pdf-redact-tools (tails/tails!950)
5933 Closes issues:
5934 - pdf-redact-tools broken (tails/tails#19250)
5936 Commits:
5937 - Remove broken pdf-redact-tools
5939 * Resolve "Explain better the Unsafe Browser from Tor Connection"
5940 (tails/tails!949)
5942 Commits:
5943 - Test suite: update wrt. new UI strings
5944 - Insist on signing in, then closing (#19168)
5945 - Be more clear (#19168)
5947 * Remove (easier) and (safer) label from consent question (#19166)
5948 (tails/tails!948)
5950 Closes issues:
5951 - Remove (easier) and (safer) label from consent question (tails/tails#19166)
5953 Commits:
5954 - Test suite: update wrt. new UI strings
5955 - Remove (easier) and (safer) label from consent question (#19166)
5957 * fix snakeoil certificates in Thunderbird test suite (tails/tails!943)
5959 Closes issues:
5960 - Fix and re-enable "I can send emails, and receive emails over IMAP" automated
5961 test: Certificate handling on Jenkins needs updating for Thunderbird 102
5962 (tails/tails#19193)
5964 Commits:
5965 - add snakeoil to thunderbird using certutil
5966 - reneable test by default
5967 - Revert "Really disable broken Thunderbird test"
5969 * extend validity time check for OpenPGP keys (tails/tails!939)
5971 Closes issues:
5972 - Extend period for "The included OpenPGP keys are up-to-date"
5973 (tails/tails#19219)
5975 Commits:
5976 - extend validity time check for OpenPGP keys
5978 * Fetch Tor Browser from our own archive (tails/tails!938)
5980 Commits:
5981 - Fetch Tor Browser from our own archive
5983 -- Tails developers <tails@boum.org> Mon, 21 Nov 2022 11:13:06 +0100
5985 tails (5.6) unstable; urgency=medium
5987 * Upgrade Linux to 5.10.149 (tails/tails!935)
5989 Closes issues:
5990 - Fix beacown (tails/tails#19210)
5992 Commits:
5993 - Release process: bring back test that we can run locally, but not on Jenkins
5994 - Really disable broken Thunderbird test
5995 - Upgrade Linux to 5.10.149-1
5997 * Disable broken Thunderbird test (tails/tails!934)
5999 Commits:
6000 - Disable broken Thunderbird test
6002 * Upgrade Tor Browser to 11.5.5 (tails/tails!936)
6004 Closes issues:
6005 - Upgrade to Tor Browser 11.5.5 (ESR 91.13 + ESR 102.4 backports)
6006 (tails/tails#19178)
6008 Commits:
6009 - Upgrade Tor Browser to 11.5.5
6011 * post-release misc updates (tails/tails!932)
6013 Commits:
6014 - easier transmission-remote instructions
6015 - avoid re-downloading if restarting
6016 - better instructions for automated test suite
6018 * Thunderbird: remove obsolete oauth2 pref (tails/tails!929)
6020 Commits:
6021 - Thunderbird: remove obsolete oauth2 pref
6023 * Upgrader: when a manual upgrade is needed, point to the news & manual upgrade
6024 doc without specifying a (probably incorrect) version (tails/tails!915)
6026 Closes issues:
6027 - Tails Upgrader recommends manual upgrades to deprecated versions
6028 (tails/tails#17069)
6030 Commits:
6031 - Make /latest inline the translated version of the release notes
6032 - Rewrite in Markdown
6033 - Move latest release notes out of /news
6034 - Improve phrasing
6035 - Point to release notes of latest version only
6036 - Upgrader: when a manual upgrade is needed, point to the news & manual upgrade
6037 doc without specifying a version
6039 -- Tails developers <tails@boum.org> Mon, 24 Oct 2022 08:06:36 +0000
6041 tails (5.5) unstable; urgency=medium
6043 * Upgrade to Tor Browser 11.5.4 (ESR 91.13 + ESR 102.3 backports)
6044 (tails/tails!930)
6046 Closes issues:
6047 - Upgrade to Tor Browser 11.5.4 (ESR 91.13 + ESR 102.3 backports)
6048 (tails/tails#19125)
6050 Commits:
6051 - Fetch Tor Browser from our own archive
6052 - Upgrade Tor Browser to 11.5.4-build2
6054 * Upgrade to Thunderbird 102 (tails/tails!928)
6056 Closes issues:
6057 - Upgrade to Thunderbird 102 (tails/tails#19156)
6059 Commits:
6060 - adapt test suite to new UI
6061 - JS hardening in Thunderbird
6062 - Enable OAuth2
6063 - Update Thunderbird patches from
6064 tails/thunderbird@4efe2ce285c552c1808120d54a11f4be9e57527f
6065 - Update Thunderbird patches from
6066 tails/thunderbird@4efe2ce285c552c1808120d54a11f4be9e57527f
6067 - Thunderbird patches update doc: update examples
6068 - Thunderbird patches update doc: push upstream tags too
6069 - Thunderbird patches update doc: document how to verify
6070 - Thunderbird patches update doc: add missing commit and push steps
6071 - Thunderbird patches update doc: don't suggest we're still trying to upstream
6072 patches
6073 - Thunderbird patches update doc: adjust to Bullseye
6074 - Drop useless step
6076 * import-translations: use new remote (tails/tails!927)
6078 Closes issues:
6079 - App translations supported by Tor Project moving from Transifex to weblate
6080 (tails/tails#19150)
6082 Commits:
6083 - import-translations: drop support for standalone WhisperBack project
6084 - import-translations: use new remote
6086 * GitLab CI: ensure all website core pages exist (tails/tails!926)
6088 Commits:
6089 - Make code more readable
6090 - GitLab CI: ensure all website core pages exist
6092 * GitLab CI: build our website on master and branches targeting master
6093 (tails/tails!924)
6095 Commits:
6096 - GitLab CI: build our website on master and branches targeting master
6097 - build-website: remove check now done in GitLab CI
6099 * Test suite: remove Cucumber test scenarios and build website checks that are
6100 now covered by GitLab CI (tails/tails!923)
6102 Closes issues:
6103 - Remove Cucumber test scenarios that are now covered by GitLab CI
6104 (tails/tails#17992)
6106 Commits:
6107 - build-website: remove check now done in GitLab CI
6108 - Test suite: remove Cucumber test scenarios that are now covered by GitLab CI
6110 * Upgrade to Bullseye 11.5 and Linux 5.10.140 (tails/tails!920)
6112 Closes issues:
6113 - Upgrade Linux to 5.10.140 (tails/tails#19127)
6114 - Upgrade to Bullseye 11.5 (tails/tails#19082)
6116 Commits:
6117 - Test suite: relax timeouts
6118 - Test suite: bump timeout
6119 - Refresh patch
6120 - Upgrade to Bullseye 11.5 and Linux 5.10.140
6122 * Test suite: fix virt-viewer active?() check to work with all versions
6123 (tails/tails!919)
6125 Closes issues:
6126 - virt-viewer 11.0 breaks our test suite (tails/tails#19064)
6128 Commits:
6129 - Test suite: fix virt-viewer active?() check to work with all versions
6131 * Fix screen lock keyboard shortcut (tails/tails!918)
6133 Closes issues:
6134 - Super+L sometimes starts the screensaver when it should ask for a screen lock
6135 password (tails/tails#19090)
6137 Commits:
6138 - Fix screen lock keyboard shortcut
6140 * Test suite: make localized Unsafe Browser tests faster and easier to maintain
6141 (tails/tails!917)
6143 Closes issues:
6144 - Localized Unsafe Browser tests are slow and hard to maintain
6145 (tails/tails#19041)
6147 Commits:
6148 - Test suite: add comment
6149 - Make Gherkin scenario outline placeholder more descriptive
6150 - Test suite: make localized Unsafe Browser tests faster and easier to maintain
6151 - Test suite: remove dead code
6153 * Add standard fields to /etc/os-release (tails/tails!914)
6155 Commits:
6156 - Add standard fields to /etc/os-release
6158 * Build system: make our website cache volume smaller (tails/tails!913)
6160 Commits:
6161 - Build system: make our website cache volume smaller
6163 * Use "torsocks --isolate" everywhere we use torsocks (tails/tails!912)
6165 Commits:
6166 - Use "torsocks --isolate" everywhere we use torsocks
6168 * Fix devel FTBFS with uBlock 1.44.0+dfsg-1 (tails/tails!910)
6170 Commits:
6171 - Refresh patch
6173 * Post-release doc updates (tails/tails!907)
6175 Commits:
6176 - call for testers has meaningful date
6177 - warning: tb-build-05 not serving files over HTTP
6178 - cleanup script that waits for new TBB release
6180 * GitLab CI: run the Bandit security oriented static analyzer for Python
6181 (tails/tails!904)
6183 Commits:
6184 - Check re.match's return value in a way that always returns a boolean
6185 - Add typing information
6186 - GitLab CI: also check shell and Python files that have no shebang
6187 - GitLab CI: run the Bandit security oriented static analyzer for Python
6188 - Lint comments format
6189 - Ignore Bandit false positives
6190 - Remove obsolete Emacs "coding: UTF-8" configuration
6191 - WhisperBack: only load global configuration file
6192 - Add configuration for the Bandit security oriented static analyzer for Python
6194 * Make it easy to re-run failed test suite scenarios (tails/tails!901)
6196 Closes issues:
6197 - run_test_suite wrapper that retries failed tests (tails/tails#19072)
6199 Commits:
6200 - RM tip: run all test scenarios
6201 - RM tip: multiple test suite runs overnight
6202 - set rerun file from ruby
6204 -- Tails developers <tails@boum.org> Thu, 13 Oct 2022 11:55:08 +0200
6206 tails (5.4) unstable; urgency=medium
6208 * Upgrade Tor Browser to 11.5.2 (tails/tails!908)
6210 Closes issues:
6211 - Upgrade to Tor Browser based on 91.13 (tails/tails#19073)
6213 Commits:
6214 - automatic redirect to HTTPS, here we meet again
6215 - Upgrade Tor Browser to UNVERIFIED 11.5.2-build1
6217 * Upgrade Linux packages to 5.10.0-17, currently at version 5.10.136
6218 (tails/tails!900)
6220 Closes issues:
6221 - Handle CVE-2022-2585 (POSIX CPU timer UAF) (tails/tails#19081)
6223 Commits:
6224 - Upgrade Linux packages to 5.10.0-17, currnetly at version 5.10.136
6226 * Disable HTTPS-only mode in Unsafe Browser (tails/tails!906)
6228 Closes issues:
6229 - Disable HTTPS-only mode in Unsafe Browser (tails/tails#19095)
6231 Commits:
6232 - disable HTTPS-only mode for unsafe browser
6234 * Upgrade tor to 0.4.7.10 (tails/tails!903)
6236 Closes issues:
6237 - Upgrade to tor 0.4.7.10 (tails/tails#19083)
6239 Commits:
6240 - Don't mention irrelevant implementation detail
6241 - Avoid initially pushed branch failing its pipeline
6242 - Drop obsolete step
6243 - Upgrade tor to 0.4.7.10
6245 * Resolve "Some time sync related automated tests fail when run on a system whose
6246 system clock is not in UTC" (tails/tails!902)
6248 Closes issues:
6249 - Some time sync related automated tests fail when run on a system whose system
6250 clock is not in UTC (tails/tails#19070)
6252 Commits:
6253 - uses UTC time even on non-UTC systems
6255 * Misc kernel hardening (tails/tails!899)
6257 Closes issues:
6258 - Kernel hardening: restricts loading TTY line disciplines (tails/tails#18302)
6259 - Enable page allocator freelist randomization (tails/tails#18886)
6260 - Consider dropping slub_debug=P and page_poison=1 options and let init_on_free
6261 wipe slab and page allocations (tails/tails#18858)
6263 Commits:
6264 - Kernel hardening: restricts loading TTY line disciplines
6265 - Kernel: enable page allocator freelist randomization
6266 - Remove obsolete kernel command line options
6268 * Actually stop NetworkManager before applying an upgrade (tails/tails!896)
6270 Commits:
6271 - Remove obsolete comment
6272 - Use systemctl(1) instead of service(8)
6273 - Actually stop NetworkManager before applying an upgrade
6275 * Test suite: fix Unsafe Browser localization tests (tails/tails!867)
6277 Commits:
6278 - testing unsafebrowser is more deterministic
6279 - add spanish start page image for unsafe browser
6280 - add portuguese start page image for unsafe browser
6281 - debug unsafe browser errors
6283 -- Tails developers <tails@boum.org> Wed, 24 Aug 2022 13:18:27 +0200
6285 tails (5.3.1) unstable; urgency=medium
6287 * Upgrade Linux to 5.10.127-2 (DSA-5191)
6288 * Upgrade Thunderbird to 91.12.0 (DSA-5195)
6290 -- Tails developers <tails@boum.org> Mon, 01 Aug 2022 23:19:49 +0000
6292 tails (5.3) unstable; urgency=medium
6294 * Upgrade to Tor Browser 11.5.1, bring back uBlock, and fix the Unsafe Browser's
6295 window title (tails/tails!894)
6297 Closes issues:
6298 - uBlock is not enabled in Tor Browser (tails/tails#19059)
6299 - Upgrade to Tor Browser based on ESR 91.12 (tails/tails#19058)
6300 - Window title of Unsafe Browser reads "Tor Browser" (tails/tails#18603)
6302 Commits:
6303 - Tor Browser: use the system's libstdc++.so.6 like upstream would on a Bullseye
6304 system
6305 - update-acng-config: get ready for 6.x
6306 - Remove hack that's not needed on Bullseye anymore
6307 - Update comments
6308 - Make cp behavior deterministic
6309 - htpdate pool 2: replace fragile thepiratebay.org with www.gnome.org
6310 - Bring back code needed to install uBlock
6311 - Create directory before copying into it
6312 - Browsers: also pass --name to Firefox
6313 - Reformat code: make room for more options and nicer Git diffs
6314 - Unsafe Browser: also set brandProductName to "Unsafe Browser", for consistency
6315 - Unsafe Browser: set the branding in the file that's actually used in current
6316 Tor Browser
6317 - Fetch Tor Browser from our own archive
6318 - Upgrade Tor Browser to 11.5.1-build1
6320 * Test suite: misc. improvements (tails/tails!892)
6322 Closes issues:
6323 - Test suite sometimes fails to find a picture (e.g. TailsGreeterLoginButton.png)
6324 while it's present on screen (tails/tails#19044)
6326 Commits:
6327 - Test suite: also display stdout on vmcommand failure
6328 - Test suite: bump timeout
6329 - Test suite: fix typo in comment
6330 - Welcome Screen: remove unused import
6331 - Test suite: point to relevant issue
6332 - Test suite: wait more for some images
6333 - Test suite: have Screen#find wait longer
6334 - Test suite: add debug logging to investigate #19044
6335 - Test suite: fix variable name
6336 - Test suite: give some time to the persistence passphrase widget to get focus
6337 - Use named constants instead of magic numbers
6338 - Don't catch unrelated IndexError exceptions
6339 - Lint
6340 - Remove unused import
6341 - Test suite: fix, improve, and update comments
6342 - Test suite: set the time in the guest using timedatectl
6343 - Make host_to_guest_time_sync raise an exception on failure
6344 - Lint
6346 * Upgrade to Debian Bullseye 11.4, Linux 5.10.127, and Network Manager 1.30.6
6347 (tails/tails!891)
6349 Closes issues:
6350 - Upgrade to Debian Bullseye 11.4 (tails/tails#19046)
6352 Commits:
6353 - Refresh patch
6354 - Update Vagrant box to Debian Bullseye 11.4
6355 - Enable the 19046-bullseye-11.4-force-all-tests APT overlay (refs: #19046).
6356 - Upgrade to Linux 5.10.0-16 (currently at 5.10.127-1)
6357 - Upgrade to Debian Bullseye 11.4
6359 * Upgrade mat2 to 0.12.1-2+deb11u1
6361 -- Tails developers <tails@boum.org> Mon, 25 Jul 2022 13:45:07 +0200
6363 tails (5.2) unstable; urgency=medium
6365 * Upgrade Thunderbird to 91.11.0
6367 * Upgrade Tor Browser to 11.5 (tails/tails!889)
6369 Closes issues:
6370 - Upgrade to Tor Browser based on Firefox 91.11 (tails/tails#19029)
6372 Commits:
6373 - more bumping tor browser
6374 - bump torbrowser images
6375 - autobump
6376 - manual bump TorBrowserOverviewIcon.png
6377 - some more image bumping
6378 - l10n screenshot updated
6379 - bump duckduckgo prompt image
6380 - adapt tor browser screenshot
6381 - Fetch Tor Browser from our own archive
6382 - Upgrade Tor Browser to 11.5
6383 - Revert "NIGHTLY ONLY! REMOVE ME!"
6384 - clean nightly dirt
6385 - install langpacks for nightlies, too (if possible)
6386 - NIGHTLY ONLY! REMOVE ME!
6387 - Revert "disable OnionAliases for Unsafe Browser"
6388 - use new TBB setting to disable onionrewrites altogether
6389 - take tbb 11.5 from nightlies
6390 - disable OnionAliases for Unsafe Browser
6391 - Upgrade Tor Browser to 11.5a13-build2
6393 * Adapt release process to new Tor blog platform (tails/tails!887)
6395 Closes issues:
6396 - Change release process details for blog.torproject.org (tails/tails#18963)
6398 Commits:
6399 - Be explicit
6400 - Release process: suggest publishing a Tor blog even for bugfix releases
6401 - Release process: improve Tor blog post instructions
6402 - generate-Tor-blog-post: use actual template and also generate the Lektor header
6403 - generate-Tor-blog-post: refactor (extract code to function)
6404 - generate-Tor-blog-post: remove inline images too
6405 - Release process: adapt the Tor blog post process to Lektor
6406 - generate-Tor-blog-post: fix ikiwiki command
6408 * GitLab CI: clean up and refactor https-get-expired jobs (tails/tails!884)
6410 Commits:
6411 - GitLab CI: force running jobs when updating .gitlab-ci.yml
6412 - GitLab CI: factorize
6413 - GitLab CI: install golang in the same way we do during a Tails build
6414 - GitLab CI: remove duplicate call to "apt-get update"
6415 - GitLab CI: drop obsolete pinning to Buster
6417 * Git: ignore the early_patch= (aka. --early-patch) hook (tails/tails!882)
6419 Commits:
6420 - Git: ignore the early_patch= (aka. --early-patch) hook
6422 * Resolve "IUK test suite: features/frontend is broken (tails-transform-mirror-
6423 url fails)" (tails/tails!880)
6425 Closes issues:
6426 - IUK test suite: features/frontend is broken (tails-transform-mirror-url fails)
6427 (tails/tails#18661)
6429 Commits:
6430 - IUk test suite: Set Torsocks to allow outbound connections to the loopback
6431 interface
6432 - IUK test suite: Add test file
6433 - IUK test suite: disable certificate verification
6435 * Test suite: fix copying a new directory with late patch (tails/tails!877)
6437 Commits:
6438 - Test suite: fix copying a new directory with late patch
6440 * Resolve "Test "The included APT repository keys are up-to-date" does not check
6441 subkeys" (tails/tails!876)
6443 Closes issues:
6444 - Test "The included APT repository keys are up-to-date" does not check subkeys
6445 (tails/tails#19047)
6447 Commits:
6448 - check we have at least one *relevant* subkey
6449 - gpg checks deeper: both master keys and subkeys
6450 - consistent naming
6451 - Revert "Revert "check APT subkeys, too""
6453 * Test suite: misc bugfixes (tails/tails!872)
6455 Commits:
6456 - Test suite: also set the guest's time when connected to the LAN but not to Tor
6457 - Test suite: move sleep where it was supposed to be
6459 * workaround persistent Tor bridges bug (tails/tails!870)
6461 Closes issues:
6462 - Tor Bridges persistence sometimes fails to save bridges during initial setup on
6463 Bullseye, at least in our test suite (tails/tails#18926)
6465 Commits:
6466 - workaround for bug only present in test suite
6468 * check APT subkeys, too (tails/tails!869)
6470 Closes issues:
6471 - Test "The included APT repository keys are up-to-date" does not check subkeys
6472 (tails/tails#19047)
6474 Commits:
6475 - check APT subkeys, too
6477 * Set Samba workgroup used by GTK applications to "localhost" (tails/tails!865)
6479 Closes issues:
6480 - Several applications ask Tor to resolve the "workgroup" hostname
6481 (tails/tails#19030)
6483 Commits:
6484 - Set Samba workgroup used by GTK applications to "localhost"
6486 -- Tails developers <tails@boum.org> Mon, 11 Jul 2022 08:13:08 +0000
6488 tails (5.1.1) unstable; urgency=medium
6490 * Upgrade Linux to 5.10.120-1 and tor to 0.4.7.8 (tails/tails!863)
6492 Closes issues:
6493 - Upgrade to tor 0.4.7.8 (tails/tails#19035)
6494 - Upgrade Linux to 5.10.120-1 (tails/tails#19036)
6496 Commits:
6497 - Upgrade Linux kernel packages to 5.10.0-15 (currently at version 5.10.120-1)
6498 - Upgrade to tor 0.4.7.8
6500 * Upgrade to Thunderbird 91.10.0
6502 * Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
6503 (tails/tails!864)
6505 Closes issues:
6506 - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
6507 (tails/tails#19020)
6509 Commits:
6510 - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
6512 * Test suite: update the set of @fragile tags (tails/tails!862)
6514 Closes issues:
6515 - "Persistent browser bookmarks" is fragile (tails/tails#11585)
6516 - "The persistent Tor Browser directory is usable" test suite scenario is fragile
6517 (tails/tails#15336)
6518 - The "is properly stream isolated" test suite mechanism is fragile
6519 (tails/tails#17013)
6520 - Step "a screenshot is saved to the live user's Pictures directory" is fragile
6521 (tails/tails#13458)
6522 - "I can view and print a PDF file" scenarios are fragile (tails/tails#10994)
6523 - Memory erasure on boot medium removal is fragile (tails/tails#13462)
6524 - Test suite: update the set of @fragile tags (tails/tails#19007)
6526 Commits:
6527 - add @fragile tags when it's useful
6528 - Remove many @feature tags
6530 * follow up again on tca audit: clarify comments (tails/tails!860)
6532 Closes issues:
6533 - Audit tca-portal (tails/tails#18374)
6535 Commits:
6536 - acknowledge jvoisin's comments
6538 * Test suite: exercise the screen keyboard with a key that won't auto-complete
6539 (tails/tails!857)
6541 Closes issues:
6542 - "the screen keyboard works in Tor Browser" fails in Arabic (tails/tails#19013)
6544 Commits:
6545 - Test suite: exercise the screen keyboard with a key that won't auto-complete
6547 * GitLab CI: improve jobs rules (tails/tails!856)
6549 Commits:
6550 - GitLab CI: don't run code tests on the master branch
6551 - GitLab CI: also run https-get-expired* jobs when we modify our htpdate
6552 configuration
6553 - GitLab CI: only run https-get-expired when relevant
6555 * Inline strtobool function (tails/tails!855)
6557 Commits:
6558 - Inline strtobool function
6560 * Test suite: improve robustness (tails/tails!851)
6562 Closes issues:
6563 - Developers need to apply workaround in order to build Tails during the release
6564 process (tails/tails#18998)
6565 - Test scenario "htpdate is using the Tails-specific SocksPort" is broken
6566 (tails/tails#19003)
6568 Commits:
6569 - Test suite: avoid missed clicks retry when opening the calendar & notifications
6570 menu
6571 - Test suite: give the Upgrader time to fill the zenity dialog
6572 - Test suite: give the Greeter some time to re-enable the login button
6573 - Fix building from dev branches during the release process
6574 - Test suite: don't reset virtual X display between clients
6575 - Test suite: hopefully increase chances we catch the process we want
6576 - Lint
6577 - Test suite: ensure we write every line extracted from "ss -taupen" as soon as
6578 we have it
6579 - Test suite: migrate from service(8) to directly using systemctl
6580 - Test suite: adapt to new HTTPS client used by htpdate
6581 - Test suite: make setting up a Pidgin account more robust
6582 - Test suite: make interaction with GNOME Disks title bar buttons more robust
6583 - Test suite: make copying'n'pasting into a Terminal more robust
6585 * Have a better footer (tails/tails!756)
6587 Commits:
6588 - Translate a couple strings to check sidebar2 vs. PO plugin
6589 - Update PO files
6590 - Update PO files
6591 - Link to accessibility from footer
6592 - Rescue translations
6593 - Update PO files
6594 - Fix very old bug
6595 - Use sidebar2 to replace translation hacks in templates
6596 - Integrate sidebar2 in the local build
6597 - Add missing ARIA label
6598 - Make the label bold
6599 - Improve the appeal to the newsletter (#16888)
6600 - Translate footer into Spanish
6601 - Update PO files
6602 - Move jobs from top navigation to footer
6603 - Use more consistent margin system
6604 - Have a better footer (#17699)
6605 - Create dedicated page for testimonials
6606 - Don't use all capitals (#16137)
6608 * early-patch: live-patch at initramfs's time (tails/tails!696)
6610 Commits:
6611 - Fix formatting
6612 - Fix documentation wrt. the name of the option actually passed
6613 - Document --late-patch
6614 - more documentation
6615 - works even if hook fails
6616 - early_patch from test suite umounts immediately
6617 - pass 9p fs to TailsToaster: --early-patch works
6618 - live-patch → late-patch
6619 - early-live-patch → early-patch
6620 - Test suite: make EARLY_LIVE_PATCH a boolean
6621 - Disable obsolete shellcheck override
6622 - Don't enable live_patch by default
6623 - Make headings levels consistent with the rest of our website
6624 - Add a TOC
6625 - Apply 4 suggestion(s) to 1 file(s)
6626 - run_test_suite --early-live-patch
6627 - developer documentation for live_patch
6628 - live_patch: early-patching system
6630 -- Tails developers <tails@boum.org> Wed, 22 Jun 2022 11:31:52 +0000
6632 tails (5.1) unstable; urgency=medium
6634 * Upgrade to Thunderbird 91.9.0
6636 * Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails!852)
6638 Closes issues:
6639 - Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails#18979)
6641 Commits:
6642 - htpdate: replace tachanka.org with www.autistici.org
6643 - Mark security advisory against 5.0 as fixed
6644 - Fetch Tor Browser from our own archive
6645 - Upgrade Tor Browser to 11.0.14-build1
6647 * Resolve "displayed_time_str fails in test suite" (tails/tails!839)
6649 Closes issues:
6650 - displayed_time_str fails in test suite (tails/tails#18991)
6652 Commits:
6653 - Ignore advisories when looking for displayed time
6654 - help debug
6656 * FIX Clock disappearing when the user sets UTC as their local timezone
6657 (tails/tails!841)
6659 Closes issues:
6660 - Clock disappears from the GNOME top bar after "Fix the clock" and choosing UTC
6661 timezone (tails/tails#18993)
6663 Commits:
6664 - safety net for future problems
6665 - handle UTC special-case
6667 * Test suite: workaround lost and duplicate key presses by pasting long strings
6668 instead of typing them (tails/tails!821)
6670 Commits:
6671 - Test suite: merge step used only by another step into its caller
6672 - Test suite: paste long strings instead of typing them
6673 - Test suite: drop useless step
6674 - Test suite: refactor (extract code to method)
6676 * Test suite: Make opening GNOME menus more robust (tails/tails!816)
6678 Closes issues:
6679 - Opening GNOME menus in the test suite on Bullseye is very fragile
6680 (tails/tails#18930)
6682 Commits:
6683 - Test suite: try harder to open GNOME menus
6684 - Test suite: drop unnecessary delay
6685 - Test suite: use Dogtail to check presence of GNOME bookmarks
6686 - Test suite: use Dogtail to open the GNOME menus
6687 - Test suite: wait for the desktop to be visible before we interact with it after
6688 restoring a snapshot
6689 - Lint.
6691 * Upgrade to Linux 5.10.113-1 (DSA 5127-1) (tails/tails!813)
6693 Closes issues:
6694 - Upgrade Linux to 5.10.113-1 (DSA 5127-1) (tails/tails#18962)
6696 Commits:
6697 - Upgrade to Linux 5.10.113-1 (DSA 5127-1)
6699 * Make console-setup.service startup non-racy (tails/tails!811)
6701 Closes issues:
6702 - console-setup.service fails sometimes, which breaks "Tor is ready" in test
6703 suite (tails/tails#18636)
6705 Commits:
6706 - Make console-setup.service startup non-racy
6708 * Test suite: support running on Ruby 3.0 (tails/tails!810)
6710 Closes issues:
6711 - Test suite misbehaves on Ruby 3.0, e.g. "the Tor Connection Assistant connects
6712 to Tor" step always incorrectly fails (tails/tails#18904)
6714 Commits:
6715 - Test suite: ensure we don't try to click the "Restore Disk Image" button before
6716 it's visible
6717 - Test suite: support Bookworm host system's improved UEFI graphics
6718 - Test suite: enable Ruby deprecation warnings
6719 - Test suite: adjust to separation of positional and keyword arguments in Ruby
6720 3.0
6721 - Test suite: update button label for Bullseye
6722 - Remove duplicate word in comment
6723 - Test suite: drop workaround for Ruby < 2.7
6724 - Test suite: migrate from deprecated luks_open and luks_close to
6725 cryptsetup_{open,close}
6727 * test https-get-expired with sid's Go (tails/tails!849)
6729 Commits:
6730 - GitLab CI: only run https-get-expired-sid job when relevant
6731 - GitLab CI: factorize
6732 - GitLab CI: test https-get-expired with sid's Go on a sid image
6733 - also test https-get-expired with sid's golang
6735 * Vagrant: install ikiwiki that fixes #18992 (tails/tails!847)
6737 Closes issues:
6738 - ikiwiki generates buggy PO files with po4a 0.62 (tails/tails#18992)
6740 Commits:
6741 - Vagrant: stop using the obsolete builder-jessie APT suite
6742 - Vagrant: install ikiwiki that fixes #18992
6744 * tca-portal: stricter validation (tails/tails!846)
6746 Commits:
6747 - test: right length, valid for date(1), but invalid format
6748 - drop test case for "minutes" timespec
6749 - be more explicit about the format we want
6750 - seconds always included
6751 - stricter validation for SetTimeCommand
6753 * ignore advisories + better debug (tails/tails!845)
6755 Commits:
6756 - ignore advisory
6757 - FIX error message
6759 * Test suite: fix regression when testing Tor Connection in non-English locale
6760 (tails/tails!843)
6762 Commits:
6763 - Test suite: fix regression when testing Tor Connection in non-English locale
6765 * FIX sharing via onionshare from nautilus (tails/tails!840)
6767 Closes issues:
6768 - "Share via OnionShare" does nothing (tails/tails#18990)
6770 Commits:
6771 - FIX sharing via onionshare from nautilus
6773 * lint_po: ignore unknown-message-flag errors (tails/tails!836)
6775 Commits:
6776 - lint_po: ignore unknown-message-flag errors
6778 * Don't enable "configure a bridge" just because the user looked at the hide mode
6779 (tails/tails!835)
6781 Closes issues:
6782 - “Configure a Bridge” is enabled when rolling back from hiding Tor
6783 (tails/tails#18546)
6785 Commits:
6786 - regression test for #18546
6787 - enable easymode-bridges only in easy mode
6789 * Vagrant build box: upgrade to po4a 0.62-1 (tails/tails!834)
6791 Commits:
6792 - Vagrant build box: drop APT configuration for Buster
6793 - Vagrant build box: upgrade to po4a 0.62-1
6795 * Installer: create system partition 2 MiB from the beginning of the drive
6796 (tails/tails!832)
6798 Commits:
6799 - Installer: create system partition 2 MiB from the beginning of the drive
6801 * Various Tor Connection UX improvements (tails/tails!831)
6803 Closes issues:
6804 - Tor Connection: Give the same instructions on both bridge screens
6805 (tails/tails#18596)
6806 - Always tell whether bridges are used in the success screen (tails/tails#18547)
6808 Commits:
6809 - Clarify docstring
6810 - Test suite: update expected images
6811 - Make phrasing consistent
6812 - Test suite: DRY
6813 - refactor: properties allow our code to be clearer
6814 - bridges: same instructions on both screens
6815 - Success message conditional to bridges
6817 * Rewrite the home pages of the Unsafe Browser + Have different homes for the
6818 Unsafe Browser depending on whether we're connected to Tor already
6819 (tails/tails!829)
6821 Closes issues:
6822 - Have different homes for the Unsafe Browser depending on whether we're
6823 connected to Tor already (tails/tails#18601)
6824 - Rewrite the home pages of the Unsafe Browser (tails/tails#18602)
6826 Commits:
6827 - Apply style guide
6828 - Improve sentence
6829 - Improve grammar
6830 - Improve grammar
6831 - Improve grammar
6832 - Be more clear
6833 - Add illustration by Andrés
6834 - Test suite: remove obsolete localized images
6835 - Test suite: update expected image
6836 - Test suite: add missing @doc tag
6837 - FIX wrong path was checked
6838 - Clarify that the image is an example
6839 - Clarify use of CSS (Take 2)
6840 - Unsafe browser: home page if non connected to Tor
6841 - Clarify use of CSS
6842 - Rework CSS
6843 - Improve structure
6844 - Write a dedicated page for captive portals
6845 - Improve instructions
6846 - Give examples of websites to use
6847 - Use our own image and remove the login and password
6848 - Shorten
6850 * Test suite: misc. robustness improvements (tails/tails!827)
6852 Closes issues:
6853 - Tests for backup are fragile (tails/tails#18727)
6855 Commits:
6856 - Test suite: add localized expected image for Unsafe Browser start page in pt_BR
6857 - Test suite: enable debug logging for Screen#wait
6858 - Test suite: Fix frequent "cannot find TailsGreeterLoginButton.png" failures
6859 - Test suite: update expected image for Bullseye
6860 - Test suite: give the XMPP server some time to create the room
6861 - Test suite: update expected Pidgin images
6862 - Test suite: fix error message
6863 - Test suite: Improve error reporting
6864 - Test suite: Fix clock upper bound calculation
6865 - Test suite: refactoring (save value to variable)
6866 - Test suite: Drop most debugging info for issue that does not happen anymore
6867 - Test suite: Drop spurious verb in debug log
6868 - Revert "Mark test scenario as fragile"
6869 - Test suite (backup): Wait for Zenity to have filled its widgets with the
6870 expected text
6872 * Upgrade apt-cacher-ng to bullseye-backports - fixes issue #18931
6873 (tails/tails!825)
6875 Closes issues:
6876 - rake build fails - apt-get works erratically ( 502 connection closed
6877 [IP:127.0.0.1:3142] ) - No build artifacts were found! (tails/tails#18931)
6879 Commits:
6880 - Upgrade apt-cacher-ng to bullseye-backports.
6882 * Disable search providers in the Activities Overview: Calculator, Nautilus,
6883 Terminal (tails/tails!824)
6885 Closes issues:
6886 - Disable some GNOME Overview search providers (tails/tails#18952)
6888 Commits:
6889 - Disable search providers in the Activities Overview: Calculator, Contacts,
6890 Documents, Nautilus, Terminal
6892 * Test suite: ignore failures to destroy a stopped domain (tails/tails!822)
6894 Closes issues:
6895 - Scenario: "Upgrading an old Tails USB installation from another Tails USB
6896 drive" after-hook is racy (tails/tails#18972)
6898 Commits:
6899 - Test suite: ignore failures to destroy a stopped domain
6901 * Associate OpenPGP-encrypted files with Kleopatra (tails/tails!820)
6903 Closes issues:
6904 - Tails 5 does not decrypt .gpg files when double-clicking them
6905 (tails/tails#18967)
6907 Commits:
6908 - Associate OpenPGP-encrypted files with Kleopatra
6910 * safely get gnome_env_vars (tails/tails!819)
6912 Commits:
6913 - clarify about which environment is being dumped
6914 - Clarify comment
6915 - Fix typo in comment
6916 - comments clarify why we think we are safe
6917 - fix systemd path
6918 - gnome_env_vars look at the gnome-shell env dump
6919 - gnome-shell dumps its conf in a root-owned file
6921 * Avoid user confusion wrt. name of the default KeePassXC database
6922 (tails/tails!818)
6924 Closes issues:
6925 - KeePassXC offers to rename the default database on non-English locales
6926 (tails/tails#18966)
6928 Commits:
6929 - Silence false positive
6930 - Drop obsolete reason
6931 - Don't allow translating Passwords.kdbx
6933 * Use Bullseye debootstrap configuration (tails/tails!817)
6935 Commits:
6936 - Use Bullseye debootstrap configuration
6938 * FIX IUK verification when we have 2 series at the same time (tails/tails!815)
6940 Closes issues:
6941 - bin/copy-iuks-to-rsync-server-and-verify failing because of old releases
6942 (tails/tails#18959)
6944 Commits:
6945 - Apply 1 suggestion(s) to 1 file(s)
6946 - document how the RM should use this command
6947 - don't fail when 404s have been ignored
6948 - proper exit code on failure
6949 - refactor --ignore-404
6950 - refactor run()
6951 - fix leftover
6952 - 404s found -> non-zero exit code
6953 - --ignore-404 and --dry-run
6955 * Fix FTBFS with uBlock 1.42 (tails/tails!814)
6957 Commits:
6958 - Unfuzzy patch
6960 * Upgrade to tor 0.4.7.7 (tails/tails!812)
6962 Closes issues:
6963 - Upgrade to tor 0.4.7.x (tails/tails#18932)
6965 Commits:
6966 - Upgrade to tor 0.4.7.7
6968 * Add translation files for Qt5 (#18958) (tails/tails!808)
6970 Closes issues:
6971 - Translations of basic Qt5 strings are missing (tails/tails#18958)
6973 Commits:
6974 - Add translation files for Qt
6976 * Make news/version_3* non-translatable (#16758) (tails/tails!805)
6978 Commits:
6979 - Make news/version_3* non-translatable (#16758)
6981 * Add Kleopatra to the Favorites (tails/tails!802)
6983 Commits:
6984 - Test suite: make expected image a tiny bit smaller
6985 - Add Kleopatra to the Favorites submenu
6987 * Test suite: drop pre-Bullseye compatibility (tails/tails!789)
6989 Commits:
6990 - Test suite: drop workaround for Ruby < 2.7
6991 - Test suite: migrate from deprecated luks_open and luks_close to
6992 cryptsetup_{open,close}
6994 * Add to confirm before restarting (#18912) (tails/tails!782)
6996 Closes issues:
6997 - New dialog when Unsafe Browser is not enabled makes it too easy to lose work
6998 (tails/tails#18912)
7000 Commits:
7001 - Make code more readable
7002 - Make function's responsibility tighter to simplify its code
7003 - Handle new code branch that was forgotten
7004 - Fix local variables declaration
7005 - Use 'Cancel' as default button (#18912)
7006 - 'Cancel' is more standard
7007 - Add to confirm before restarting (#18912)
7009 * Display time in the timezone that the user has chosen in Tor Connection
7010 (tails/tails!751)
7012 Closes issues:
7013 - Display time in the timezone that the user has chosen in Tor Connection
7014 (tails/tails#6284)
7016 Commits:
7017 - Design doc: Explain security trade-off
7018 - Test suite: Explain that Asia/Shanghai == +08:00
7019 - tails-get-date: use Python instead of date(1)
7020 - Fix typo in error message
7021 - Test suite: ensure the displayed clock is in the user's timezone
7022 - Test suite: remove workaround
7023 - Test suite: refactor (extract code do method)
7024 - Test suite: be more defensive to give better error output
7025 - Test suite: send debug info to the debug log
7026 - Test suite: make step name clearer
7027 - Design doc: mention timezone status and plans
7028 - Apply 1 suggestion(s) to 1 file(s)
7029 - Fix typo in comment
7030 - Improve grammar
7031 - Improve grammar
7032 - Remove unnecessary comma
7033 - try to fix the vertical misalignment
7034 - Update to #6284
7035 - Link back to main page
7036 - https://www.merriam-webster.com/dictionary/time%20zone
7037 - Move FAQ to a dedicated page
7038 - Shorten path
7039 - Don't potentially overwrite TZ key in dict with environment's value.
7040 - Cleanup dead code, fix formatting.
7041 - Consistently display GMT instead of UTC.
7042 - Use the same time format as GNOME's clock.
7043 - use date to format the date
7044 - date@ extension does The Right Thing
7045 - DRAFT: display time in local timezone
7047 * Follow-up on "Audit tca-portal" (tails/tails!723)
7049 Commits:
7050 - useless shellcheck directive
7051 - Apply 2 suggestion(s) to 2 file(s)
7052 - Fix typo in comment
7053 - clarify how we believe pgrep --ns 1 will help us
7054 - PersistenceSetupCommand: gnome_env_vars not needed
7055 - export_gnome_env hardening
7056 - some more validation when setting system time
7057 - gnome.py executes later; required for testing
7058 - add some doctests to tca-portal
7059 - more tuples, less lists
7060 - clarify: we are fine with the TOCTOU
7061 - --systemd-socket is exclusive with --listen
7062 - be more explicit about stdout/stderr handling
7063 - clarify handle_* comments
7064 - clarify what is the role of handle_line
7065 - anchor SetTimeCommand regexp
7066 - clarify comment about validate_args
7067 - use full path to commands whenever possible
7069 * Automatic time sync before connecting to Tor in automatic mode
7070 (tails/tails!681)
7072 Closes issues:
7073 - Mitigate attack by active network adversary on automated time sync + replayed
7074 Tor consensus (tails/tails#18830)
7075 - Automatic time sync before connecting to Tor in automatic mode
7076 (tails/tails#18717)
7078 Commits:
7079 - Test suite: rename step to make it closer to what a user would do
7080 - use the non-deprecated version of "Tor is ready"
7081 - Use less jargon
7082 - Add missing word in comment
7083 - Update comment: this now build reproducibly
7084 - Clarify comment
7085 - fix undefined local variable
7086 - tails-get-network-time better syslog
7087 - tails-get-network-time has timeout
7088 - refactor old test case based on new functions
7089 - new test: time sync times out
7090 - tor connection runs even if timesync fails
7091 - python style
7092 - some info is shown during network time sync
7093 - comments
7094 - wait for time to be retrieved before starting Tor
7095 - use APT preferences, not --target-release
7096 - gitlab tests run with the correct Go version
7097 - public key type check
7098 - Explain why these if statements don't apply to us
7099 - Fix typo
7100 - Design doc: 2 out of 3 is enough since we're using the median
7101 - ignore redirects
7102 - test all urls in htpdate.pools
7103 - https-get-expired gets more testing
7104 - https-get-expired: explain how this compares to Go implementation
7105 - Test suite: explain why scenarios pass in a somewhat surprisingly manner
7106 - Lint
7107 - Lint
7108 - Design doc: explain why we accept a risk
7109 - Design doc: improve phrasing
7110 - Design doc: drop conditional
7111 - Design doc: explain why we're protected
7112 - Design doc: clarify phrasing
7113 - Update design doc: this is not a problem anymore
7114 - reproducibility: clean cache after compiling
7115 - fix spelling
7116 - htpdate performs the median
7117 - design doc: explain https-get-expired
7118 - Lint: gofmt
7119 - Pick Go from buster-backports
7120 - try to make go build reproducible: -trimpath
7121 - Test suite: mark fragile scenario as such
7122 - https-get-expired: CI tests now
7123 - test https-get-expired building
7124 - https-get-expired gains -proxy option
7125 - port htpdate to https-get-expired
7126 - https-get-expired: more similar to htpdate's curl
7127 - https-get-expired output headers, not body
7128 - fix go compilation
7129 - add https-get-expired: will need for time sync
7130 - "date in past" check is more robust
7131 - sanity check: the new date cannot be in the past
7132 - unsafe browser is checked for tor leaks
7133 - UnsafeBrowser correctly detects if we're online
7134 - checking DisableNetowrk is #18293-aware
7135 - Merge the new scenario with the old one
7136 - FIX restore: some snapshot has network but no Tor
7137 - UnsafeBrowser tests don't need Tor; scenarios--
7138 - FIX we don't even need to check Tor
7139 - Test suite: clarify what we're actually testing
7140 - Improve grammar
7141 - Fix typo
7142 - Fix typo
7143 - Update doc to automatic time sync (#18717)
7144 - Improve structure of design doc
7145 - Avoid jargon
7146 - Design doc: copy more detailed explanation from the blueprint
7147 - Design doc: improve structure
7148 - Design doc: document new automatic time sync mechanism
7149 - Remove very old explanation
7150 - wording: we're looking for unneeded *exceptions*
7151 - Apply 5 suggestion(s) to 2 file(s)
7152 - FIX test case: allow it to use time sync
7153 - "flow through" supports fake connectivity check
7154 - FIX globally setting allowed DNS queries
7155 - refactor check for leaks
7156 - debugging leaks is easier
7157 - fix DNS query for easy mode
7158 - test suite self-correction warning
7159 - dns queries are allowed only when needed
7160 - +debug "traffic has only flowed through"
7161 - break the "Tor is ready" step in two
7162 - rubocop
7163 - easy-mode allowed_hosts are set in tca_configure
7164 - explicitly allow connectivity check in many tests
7165 - fix time sync error simulation
7166 - fix exception wording
7167 - use DNS inspection to check for leaks
7168 - the FirewallHelper is DNS-aware
7169 - one more check
7170 - test "traffic only flows through" supports timesync
7171 - Add tests for time sync before Tor connects
7172 - Improve TCA test suite code
7173 - add vm script to upload/download files
7174 - tails-get-network-time: don't assume anything about body encoding
7175 - Raise exception instance, not class
7176 - Clean up code
7177 - tails-get-network-time: emulate NetworkManager's behavior more closely
7178 - Move hard-coded string to constant
7179 - Blacken
7180 - tails-get-network-time: refactor
7181 - Add more typing
7182 - tails-get-network-time: migrate to pycurl, to make our fingerprint closer to
7183 NetworkManager's
7184 - Store the network time server in a configuration file
7185 - Move code to main() function
7186 - Test suite: adjust to new automatic time sync feature
7187 - Test suite: drop workaround
7188 - Tor Connection: in automatic mode, set the system time from the network
7189 - tca-portal: implement a new get-network-time command
7190 - tca-portal: include stdout in responses
7192 -- Tails developers <tails@boum.org> Sat, 04 Jun 2022 08:11:47 +0000
7194 tails (5.0) unstable; urgency=medium
7196 * Upgrade Thunderbird to 91.8
7198 * Upgrade Tor Browser to 11.0.11 (based on esr91.9) (tails/tails!804)
7200 Commits:
7201 - Test suite: update expected image
7202 - Test suite: update expected web page title
7203 - Fetch Tor Browser from our own archive
7204 - Upgrade Tor Browser to 11.0.11-build1
7206 * Fix Additional Software test suite on Bullseye (tails/tails!794)
7208 Commits:
7209 - Test suite: use popularity-contest as a test package instead of sslh
7211 * Fix devel branch FTBFS (tails/tails!773)
7213 Commits:
7214 - Preserve UIDs/GIDs stability
7215 - Refresh list of standard packages
7217 * Drop obsolete patch (tails/tails!690)
7219 Commits:
7220 - Drop obsolete patch
7222 * all languages are listed (tails/tails!683)
7224 Commits:
7225 - all formats are shown
7226 - translations appear again in Greeter
7227 - when native l10n is not available, use english
7228 - all languages are listed
7230 * Fix the Tails Installer in bullseye (tails/tails!679)
7232 Commits:
7233 - retry has shorter sleep times
7234 - FIX self.sleep never existed
7235 - retry getting udisks object upon failure
7236 - don't rescan devices: we already know!
7237 - partition_device returns a UDI
7238 - refactor detect_supported_drives
7239 - retrying getting system partition helps
7240 - race conditions? let's increase sleep time!
7242 * Document Kleopatra (tails/tails!803)
7244 Commits:
7245 - Be more clear
7246 - Improve grammar
7247 - Be more clear
7248 - Improve grammar
7249 - Fix typo
7250 - Fix broken links
7251 - Mention Kleopatra in the Persistent Storage settings
7252 - Remove not-so-useful note
7253 - Document Kleopatra (Closes: #18933)
7254 - Remove Seahorse from the doc
7255 - Remove screenshots that need updating
7256 - Remove OpenPGP Applet from the doc
7257 - Patch screenshots for the removal of the OpenPGP Applet
7259 * Fix opening links and attachments from Thunderbird, disable LibreOffice tip of
7260 the day (tails/tails!793)
7262 Commits:
7263 - AppArmor Thunderbird profile: allow executing /bin/dash with inherited policy
7264 - Disable LibreOffice's tip of the day
7266 * fix whisperback sending error (tails/tails!787)
7268 Commits:
7269 - Thread.isAlive -> is_alive
7271 * Fix Scenario: Upgrading an old Tails USB installation from another Tails USB
7272 drive (tails/tails!765)
7274 Commits:
7275 - apparently fix tails/tails#18840
7276 - send tails installer log to syslog
7278 * Additional Software: synchronize APT data when needed directly from t-p-s
7279 (tails/tails!764)
7281 Commits:
7282 - Test suite: restart Tails in the same way we expect the user to
7283 - Test suite: don't exit the persistence wizard once done, make saving settings
7284 explicit
7285 - Test suite: refactoring (convert step to method)
7286 - Additional Software: synchronize APT data when needed directly from t-p-s
7287 - Remove XXX:Bullseye: this is not going to happen
7289 * Persistence: enable Additional Software by default (tails/tails!800)
7291 Commits:
7292 - Persistence Setup: adjust test suite to Additional Software being enabled by
7293 default
7294 - Persistence: enable Additional Software by default
7296 * Let the user know they should wait while we are copying Additional Software to
7297 a new Persistent Storage (tails/tails!799)
7299 Commits:
7300 - Use phrasing proposed by sajolida
7301 - t-p-s: ensure the GUI is updated while we synchronize data to the new
7302 Persistent Storage
7303 - Persistence setup: forbid clicking "Restart Now" twice in a row
7304 - Test suite: save a file listing of /var/cache/apt when a Additional Software
7305 scenario fails
7306 - Let the user know they should wait while we are copying Additional Software
7307 data to a new Persistent Storage
7309 * htpdate.service is always started (tails/tails!796)
7311 Commits:
7312 - be more explicit about what we are testing
7313 - htpdate is started every time
7314 - some tests can be excluded from feature branches
7315 - add regression test for #18868
7316 - start htpdate.service earlier
7318 * Replace Seahorse and OpenPGP Applet with Kleopatra (tails/tails!792)
7320 Commits:
7321 - Ensure Seahorse icons are present when running the persistence-setup test suite
7322 - Persistent Storage: re-add custom icons for the GnuPG and SSH Client features
7323 - FT role definition: remove seahorse-nautilus
7324 - Contributors & design doc: drop OpenPGP Applet
7325 - Remove the topIcons GNOME Shell extension
7326 - Test suite: remove OpenPGP Applet tests, and the code & images they used
7327 - Re-add and update explanation for disabling ssh-agent
7328 - Remove broken patch
7329 - Remove Gettext stuff for Seahorse
7330 - Remove hooks about Seahorse and OpenPGP Applet
7331 - Replace our PGP tools with Kleopatra
7333 * Fix Bullseye-based Tails booting 20% slower than 4.x (tails/tails!791)
7335 Commits:
7336 - Freeze the AppArmor kernel feature set too
7338 * Stop trusting our old APT signing key (tails/tails!788)
7340 Commits:
7341 - Bump APT snapshots to versions signed with our new key
7342 - Test suite: stop ignoring our old APT key
7343 - Stop trusting our old APT signing key
7345 * Update live-build to include the local packages fix. (tails/tails!776)
7347 Commits:
7348 - Update live-build to include the local packages fix.
7350 * Tails Installer: retry getting partition table (tails/tails!767)
7352 Commits:
7353 - retry getting partition table
7355 * Update gdm-tails.json for Bullseye (tails/tails!689)
7357 Commits:
7358 - Add pointer accessibility support to gdm-tails.json
7359 - gdm-tails.json: remove panelStyle
7361 * Update VeraCrypt test suite for Bullseye (tails/tails!686)
7363 Commits:
7364 - Test suite: trim expected image to account for GNOME mounted volume
7365 notification
7366 - Give exchange USB drive more space
7367 - Test suite: update to new GNOME Disks UI
7368 - Test suite: update Nautilus application name
7369 - Test suite: update expected picture
7371 -- Tails developers <tails@boum.org> Mon, 02 May 2022 12:03:37 +0200
7373 tails (5.0~beta1) unstable; urgency=medium
7375 * Upgrade to Debian 11 (Bullseye).
7376 - Fixes opening a Veracrypt volume with a long passphrase (tails#17474)
7377 - NetworkManager now uses its internal DHCP client
7378 - Removes python2
7379 - Software upgrades:
7380 - GNOME 3.38
7381 - Audacity 2.4.2
7382 - bookletimposer 0.3
7383 - GIMP 2.20.22
7384 - Inkscape 1.0.2
7385 - LibreOffice 7.0.4
7386 - NetworkManager 1.30.0
7387 - OnionCircuits 0.7
7388 - Pidgin 2.14.1
7389 - Thunderbird 91.7.0-2~deb11u1
7390 - X.Org 1.20.11
7392 * Upgrade Tor Browser to 11.0.10-build1 (tails#777)
7394 * Enable driverless printing and scanning (tails#18521)
7396 * Fix locales translation in the Welcome Screen (tails#18199, tails/tails!683)
7398 Commits:
7399 - all formats are shown
7400 - translations appear again in Greeter
7401 - when native l10n is not available, use english
7402 - all languages are listed
7404 * Drop hack to kill GDM on login, not necessary anymore on Bullseye (tails#17952)
7406 * Have tor log to the Journal (tails#18842)
7408 * Have NetworkManager and MAC spoofing ignore veth* network interfaces (tails#18443)
7410 * Drop deprecated printer-driver-hpijs (tails#18225)
7412 * Fix devel branch FTBFS (tails/tails!773)
7414 Commits:
7415 - Preserve UIDs/GIDs stability
7416 - Refresh list of standard packages
7418 * Drop obsolete patch (tails/tails!690)
7420 Commits:
7421 - Drop obsolete patch
7423 * Fix the Tails Installer in bullseye (tails/tails!679)
7425 Commits:
7426 - retry has shorter sleep times
7427 - FIX self.sleep never existed
7428 - retry getting udisks object upon failure
7429 - don't rescan devices: we already know!
7430 - partition_device returns a UDI
7431 - refactor detect_supported_drives
7432 - retrying getting system partition helps
7433 - race conditions? let's increase sleep time!
7435 * Fix Scenario: Upgrading an old Tails USB installation from another Tails USB
7436 drive (tails/tails!765)
7438 Commits:
7439 - apparently fix tails/tails#18840
7440 - send tails installer log to syslog
7442 * Additional Software: synchronize APT data when needed directly from t-p-s
7443 (tails/tails!764)
7445 Commits:
7446 - Test suite: restart Tails in the same way we expect the user to
7447 - Test suite: don't exit the persistence wizard once done, make saving settings
7448 explicit
7449 - Test suite: refactoring (convert step to method)
7450 - Additional Software: synchronize APT data when needed directly from t-p-s
7451 - Remove XXX:Bullseye: this is not going to happen
7453 * Update gdm-tails.json for Bullseye (tails/tails!689)
7455 Commits:
7456 - Add pointer accessibility support to gdm-tails.json
7457 - gdm-tails.json: remove panelStyle
7459 * Update VeraCrypt test suite for Bullseye (tails/tails!686)
7461 Commits:
7462 - Test suite: trim expected image to account for GNOME mounted volume
7463 notification
7464 - Give exchange USB drive more space
7465 - Test suite: update to new GNOME Disks UI
7466 - Test suite: update Nautilus application name
7467 - Test suite: update expected picture
7469 -- Tails developers <tails@boum.org> Mon, 04 Apr 2022 09:25:25 +0000
7471 tails (4.29) unstable; urgency=medium
7473 * Upgrade to Tor Browser 11.0.x based on Firefox 91.8 (tails/tails!777)
7475 Closes issues:
7476 - Upgrade to Tor Browser 11.0.x based on Firefox 91.8 (tails/tails#18874)
7478 Commits:
7479 - Fetch Tor Browser from our own archive
7480 - Upgrade Tor Browser to 11.0.10-build1
7482 * Upgrade Thunderbird to 91.7
7484 * Upgrade to obfs4proxy 0.0.12 (Elligator2 bug) (tails/tails!728)
7486 Closes issues:
7487 - Fix bug in obfs4proxy (Elligator2), upgrading to 0.0.12+ (tails/tails#18800)
7489 Commits:
7490 - Revert "Downgrade obfs4proxy to 0.0.12-dev from the Tor Browser 11.0.4 tarball"
7492 * htpdate: log to stdout even when a log file is specified (tails/tails!772)
7494 Closes issues:
7495 - htpdate: also log to the Journal (tails/tails#18895)
7497 Commits:
7498 - htpdate: log to stdout even when a log file is specified
7500 * Upgrade to Buster 10.12 and Linux 5.10.103-1 (tails/tails!771)
7502 Closes issues:
7503 - Upgrade to Buster 10.12 (tails/tails#18885)
7504 - Upgrade Linux to 5.10.103-1 (DSA-5095-1) (tails/tails#18877)
7506 Commits:
7507 - Drop unused KERNEL_SOURCE_VERSION variable
7508 - Upgrade to Buster 10.12 and Linux 5.10.106-1
7510 * Test suite: drop OTR tests (tails/tails!769)
7512 Closes issues:
7513 - "Pidgin automatically generates an OTR key" test suite step fails when host
7514 system is Bullseye (tails/tails#18866)
7516 Commits:
7517 - Test suite: rename otr-bot to xmpp-bot
7518 - Test suite: drop support for OTR
7519 - Test suite: drop OTR tests
7521 * Provide HTTPS link when JavaScript is disabled (#18559) (tails/tails!755)
7523 Commits:
7524 - Update release process
7525 - Improve comment
7526 - Provide HTTPS link when JavaScript is disabled (#18559)
7528 * Clarify purpose and timeline (tails/tails!744)
7530 Commits:
7531 - Add link to release notes on GitLab
7532 - Include technical writers in the procedure
7533 - Fix Markdown
7534 - Clarify where
7535 - Remember Technical Writers where to find the latest stable
7536 - Clarify purpose and timeline
7538 * Upgrade zlib1g to 1:1.2.11.dfsg-1+deb10u1 (DSA-5111-1)
7541 * doc updates after releasing 4.28 (tails/tails!742)
7543 Commits:
7544 - Use expected location of release notes
7545 - Easier technical-writers notification
7546 - clean RCs from rsync.lizard: command
7547 - twitter: less brain usage, more commands
7548 - clicking links is easier than thinking
7549 - RM: please communicate before clocking off
7550 - more parallelization: do tests while IUKs are building
7551 - lesson learned: read DSA mailing list
7552 - be sure you are on the right branch
7553 - importing PO often fails: let's explain why
7554 - check iuks/v2 exists: scripted
7556 -- Tails developers <tails@boum.org> Mon, 04 Apr 2022 13:21:09 +0200
7558 tails (4.28) unstable; urgency=medium
7560 * Upgrade to Tor Browser 11.0.7-build2 based on Firefox 91.7 (tails/tails!741)
7562 Closes issues:
7563 - Upgrade to Tor Browser 11.0.7 based on Firefox 91.7 (tails/tails#18853)
7565 Commits:
7566 - Fetch Tor Browser from our own archive
7567 - Upgrade Tor Browser to 11.0.7-build2
7569 * Upgrade to Thunderbird 91.6.1
7571 * Upgrade to tor 0.4.6.10 (tails/tails!737)
7573 Closes issues:
7574 - Upgrade to tor 0.4.6.10 (tails/tails#18835)
7576 Commits:
7577 - Upgrade to tor 0.4.6.10 (Closes #18835)
7579 * Enable obfs4proxy logging (tails/tails!734)
7581 Commits:
7582 - save obfs4proxy logs into artifacts
7583 - enable obfs4proxy debug logging
7584 - "obfs4proxy managed" is an option from the past
7586 * minor fixes to custom-apt-cruft-check (tails/tails!733)
7588 Commits:
7589 - custom-apt-cruft-check: output nicer Markdown
7590 - Give method a name closer to what it wraps
7591 - ordered list
7592 - fix wrong variable name
7593 - markdown-ish
7594 - we obey rubocop
7596 * Test suite: collect logs of tor & friends when we timed out waiting for TCA to
7597 connect (tails/tails!732)
7599 Closes issues:
7600 - Test suite does not save tor log on "Timed out while waiting for TCA to connect
7601 to Tor (Timeout::Error)" (tails/tails#18850)
7603 Commits:
7604 - Apply 2 suggestion(s) to 1 file(s)
7605 - Test suite: collect logs of tor & friends when we timed out waiting for TCA to
7606 connect
7608 * Test suite: ignore old APT repository signing key (tails/tails!731)
7610 Closes issues:
7611 - Test suite: ignore expiration date of 221F9A3C6FA3E09E182E060BC7988EA7A358D82E
7612 (tails/tails#18836)
7614 Commits:
7615 - Test suite: ignore old APT repository signing key
7617 * Test suite can test on the real Tor network (tails/tails!725)
7619 Closes issues:
7620 - Test behavior on the real Tor network (tails/tails#18847)
7622 Commits:
7623 - move Jenkins-only code in the appropriate section
7624 - better debug message
7625 - shell oneliner converted to ruby
7626 - Configure simulated Tor network: step -> function
7627 - rubocop is happier
7628 - Test suite: don't try to save chutney data when it does not exist
7629 - add at least one relevant scenario
7630 - if +real-Tor, select relevant scenarios
7631 - test suite runs with real Tor, if +real-Tor
7632 - "default bridges" honors --disable-chutney
7633 - Check adapted to --disable-chutney
7634 - run_test_suite --disable-chutney
7635 - chutney-specific conf moved into appropriate step
7637 -- Tails developers <tails@boum.org> Mon, 07 Mar 2022 18:16:01 +0100
7639 tails (4.27) unstable; urgency=medium
7641 * Upgrade Tor Browser to 11.0.6-build1, based on Firefox 91.6 (tails!724)
7643 Closes issues: tails#18799
7645 This upgrades obfs4proxy to the version shipped with Tor Browser 11.0.4
7646 (0.0.11 + a few commits).
7648 * Upgrade to Linux 5.10.92 (tails/tails!721)
7650 Closes issues:
7651 - devel branch FTBFS with webext-ublock-origin-firefox 1.39.0+dfsg-2
7652 (tails/tails#18722)
7653 - Upgrade Linux to 5.10.92+ (DSA 5050-1) (tails/tails#18805)
7655 Commits:
7656 - Refresh uBlock Origin patch
7657 - Dropping VirtualBox guest support for now
7658 - Bump APT snapshot of the Debian archive to 2022012801
7659 - Upgrade to Linux 5.10.0-11 (currently at version 5.10.92-1)
7661 * Upgrade to Thunderbird 91 (tails/tails!720)
7663 Closes issues:
7664 - Upgrade to Thunderbird 91 (tails/tails#18069)
7666 Commits:
7667 - Test suite: update expected images for Thunderbird 91
7668 - Test suite: adjust to Thunderbird 91 UI
7669 - Test suite: drop dead code
7670 - Test suite: lint (thanks Rubocop)
7671 - Test suite: refactor (extract code to method) to solve Rubocop error
7672 - Make patch apply
7673 - Update path mangling in Thunderbird patches for v91
7674 - Update Thunderbird patches from
7675 tails/thunderbird@bef716a60762b743dce1f48c37a64a99a0707b21
7676 - Upgrade to Thunderbird 91
7678 * Insist on Tor Browser being offline (#18584) (tails/tails!711)
7680 Closes issues:
7681 - Change buttons to [Start Tor Browser Offline] [Open Tor Connection] when
7682 starting Tor Browser while not connected to tor (tails/tails#18584)
7684 Commits:
7685 - Insist on Tor Browser being offline (#18584)
7687 * Install obfs4proxy from the Tor Browser tarball (tails/tails!716)
7689 Commits:
7690 - Briefly document what config/equivs is for
7691 - Install our dummy obfs4proxy package
7692 - Enable the 18800-obfs4proxy-from-tor-browser-tarball APT overlay (refs:
7693 #18800).
7694 - Add equivs configuration for our new obfs4proxy dummy package
7695 - AppArmor: allow access that obfs4proxy 0.0.11 needs
7696 - Install obfs4proxy from the Tor Browser tarball
7697 - Simplify
7699 * Test suite: update expected button label (tails/tails!718)
7701 Commits:
7702 - Test suite: update expected button label
7704 * Re-generate our test IUKs using gensquashfs (tails/tails!715)
7706 Closes issues:
7707 - Re-generate our test IUKs using gensquashfs (tails/tails#18654)
7709 Commits:
7710 - Test suite: use test IUKs generated with gensquashfs
7711 - Release process: never delete test IUKs generated with gensquashfs
7712 - Give new, unique names to test IUKs generated with gensquashfs
7714 * Add generated tails-backup.desktop to .gitignore (tails/tails!714)
7716 Commits:
7717 - Add generated tails-backup.desktop to .gitignore
7719 * simplify workflow when adding an APT overlay (tails/tails!708)
7721 Commits:
7722 - waiting now uses a proper tool
7723 - add-APT-overlay can wait for suite creation
7725 * Resolve "Tests for backup are fragile" (tails/tails!706)
7727 Closes issues:
7728 - Tests for backup are fragile (tails/tails#18727)
7730 Commits:
7731 - try to make backup tool test more resilient
7733 * fix wi-fi settings from Tor Connection (tails/tails!692)
7735 Closes issues:
7736 - Fix Wi-Fi settings when open from Tor Connection (tails/tails#18587)
7738 Commits:
7739 - Fix Wi-Fi settings from Tor Connection
7741 -- Tails developers <tails@boum.org> Mon, 07 Feb 2022 13:50:41 +0000
7743 tails (4.26) unstable; urgency=medium
7745 * Resolve "All branches FTBFS since Thunderbird 91 was uploaded"
7746 (tails/tails!707)
7748 Closes issues:
7749 - All branches FTBFS since Thunderbird 91 was uploaded (tails/tails#18789)
7751 Commits:
7752 - pin thunderbird l10n packages, too
7753 - Add freeze exceptions for 4.26
7754 - Enable the 18789-fix-ftbfs-thunderbird-91 APT overlay (refs: #18789).
7756 * Upgrade Tor Browser to 11.0.4-build2 (tails/tails!710)
7758 Closes issues:
7759 - Upgrade to Tor Browser 11.0. … 4? (tails/tails#18795)
7761 Commits:
7762 - Fetch Tor Browser from our own archive
7763 - Upgrade Tor Browser to 11.0.4-build2
7765 * Resolve "Change buttons to [Start Tor Browser Offline] [Open Tor Connection]
7766 when starting Tor Browser while not connected to tor" (tails/tails!704)
7768 Closes issues:
7769 - Change buttons to [Start Tor Browser Offline] [Open Tor Connection] when
7770 starting Tor Browser while not connected to tor (tails/tails#18584)
7772 Commits:
7773 - open TorBrowser when offline →opens Tor Connection
7775 * Use DuckDuckGo for search queries on our website (tails/tails!498)
7777 Commits:
7778 - Don't search on staging.tails.boum.org
7779 - Shorten
7780 - Translate searchbox placeholder
7781 - Factorize the CSS translation hack
7782 - Remove useless template
7783 - Improve search box
7784 - Align better the heart and the label
7785 - Use DuckDuckGo on news as well
7786 - Prevent Search and Donate from touching on small screen
7787 - Fix contrast to WCAG AA
7788 - Use DuckDuckGo for search queries (#17652)
7790 -- Tails developers <tails@boum.org> Mon, 10 Jan 2022 13:15:16 +0100
7792 tails (4.25) unstable; urgency=medium
7794 * Upgrade Tor Browser to 11.0.2-build3 (tails/tails!684)
7796 Closes issues:
7797 - Upgrade to Tor Browser 11.0.2 based on Firefox 91.4esr (tails/tails#18726)
7799 Commits:
7800 - Fetch Tor Browser from our own archive
7801 - FIX sha256sums for TorBrowser
7802 - Upgrade Tor Browser to 11.0.2-build3
7804 * Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10
7805 (tails/tails!656)
7807 Closes issues:
7808 - Buggy GUI in Unsafe Browser after upgrade to Tor Browser 11.0a10
7809 (tails/tails#18668)
7811 Commits:
7812 - Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10.
7814 * IUK generation: stop using the "extreme" extra compression option
7815 (tails/tails!663)
7817 Closes issues:
7818 - squashfs-tools-ng is slow (tails/tails#18675)
7820 Commits:
7821 - IUK generation: stop using the "extreme" extra compression option
7823 * Fix devel FTBFS by dropping VirtualBox guest support for now (tails/tails!652)
7825 Commits:
7826 - Test suite: the live user is no longer a member of vboxsf.
7827 - Fix FTBFS by dropping VirtualBox for now (Closes #18643)
7829 * APT: trust the new signing key for our APT repositories (tails/tails!682)
7831 Commits:
7832 - APT: trust the new signing key for our APT repositories (tails/sysadmin#17810)
7834 * Resolve ""I can listen to an Ogg audio track in Tor Browser" test suite step
7835 sometimes fails" (tails/tails!680)
7837 Closes issues:
7838 - "I can listen to an Ogg audio track in Tor Browser" test suite step sometimes
7839 fails (tails/tails#18716)
7841 Commits:
7842 - Test suite: make audio in browser test more robust
7843 - Test suite: simplify
7845 * Refresh uBlock origin patch to fix devel FTBFS (tails/tails!678)
7847 Commits:
7848 - Refresh uBlock Origin patch
7850 * Fix shellcheck CI job (tails/tails!677)
7852 Commits:
7853 - Replace unsupported braces expansion with list
7854 - Add missing quotes
7855 - Update shellcheck exclusion for newer shellcheck
7857 * Drop feature/tor-nightly-master branch (tails/tails!676)
7859 Closes issues:
7860 - APT time-based snapshots fail: tor-nightly-master-buster suite does not exist
7861 anymore (tails/tails#17877)
7863 Commits:
7864 - Drop feature/tor-nightly-master branch
7866 * Upgrade Tor Browser to 11.0.1-build1 (tails/tails!675)
7868 Closes issues:
7869 - Upgrade to Tor Browser 11.0.1 (based on Firefox 91.3esr) (tails/tails#18641)
7871 Commits:
7872 - Revert "Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10."
7873 - Upgrade Tor Browser to 11.0.1-build1
7875 * run_test_suite --live-patch (and more!) (tails/tails!674)
7877 Commits:
7878 - one-line if can be made more compact
7879 - enjoy some File module goodness
7880 - avoid using shell, let's Find.find with ruby
7881 - Apply 1 suggestion(s) to 1 file(s)
7882 - correctly handle invocations without --live-patch
7883 - refactoring: live_patch is a VM method
7884 - --live-patch is more powerful
7885 - --live-patch (draft)
7886 - run_test_suite --view-interact
7887 - test suite debug: easier to copy files in the VM
7889 * Test suite: remove unused step definition and the corresponding image
7890 (tails/tails!673)
7892 Commits:
7893 - Test suite: remove unused step definition and the corresponding image
7895 * Test suite: fix reporting of hostname leaks via DHCP (tails/tails!671)
7897 Commits:
7898 - Test suite: fix reporting of hostname leaks via DHCP
7900 * Fix some GitLab CI tests (tails/tails!669)
7902 Commits:
7903 - Add missing dependencies
7904 - Add missing dependency
7905 - Maintain the list of Tor Connection dependencies in a single place
7907 * Resolve "Compute years range dynamically in Tor Connection's time setting
7908 dialog" (tails/tails!668)
7910 Closes issues:
7911 - Compute years range dynamically in Tor Connection's time setting dialog
7912 (tails/tails#18512)
7914 Commits:
7915 - Tor Connection year range derives from build time
7917 * add comments to connect-drop after security audit (tails/tails!666)
7919 Commits:
7920 - add comments to connect-drop after security audit
7922 * Add a "Tails (External Hard Disk)" boot menu option (tails/tails!665)
7924 Commits:
7925 - Add a "Tails (External Hard Disk)" option that removes live-media=removable
7927 * Vagrant build box: have hostname resolve to 127.0.0.1 (tails/tails!661)
7929 Commits:
7930 - Vagrant build box: have hostname resolve to 127.0.0.1
7932 * Test suite: give GNOME Overview more time to process our search
7933 (tails/tails!654)
7935 Commits:
7936 - Test suite: give GNOME Overview more time to process our search
7938 * Upgrade Vagrant build box to Bullseye (tails/tails!653)
7940 Closes issues:
7941 - Upgrade Vagrant build box to Bullseye (tails/tails#18660)
7943 Commits:
7944 - Vagrant: add more debug output
7945 - build-tails: fix submodule initialization
7946 - Use long option name
7947 - Vagrant build box provisioning: don't assume the "debian" and "debian-security"
7948 snapshots have the same serial
7949 - Document when we can drop a workaround
7950 - Upgrade Vagrant build box to Bullseye
7951 - Vagrant build box: bump all APT snapshots
7953 * create-usb-image-from-iso: detect syslinux installation failure
7954 (tails/tails!651)
7956 Closes issues:
7957 - Builds succeeds even if syslinux failed to install in create-usb-image-from-iso
7958 (tails/tails#18664)
7960 Commits:
7961 - Add comment
7962 - create-usb-image-from-iso: remove obsolete comments
7963 - create-usb-image-from-iso: remove obsolete workaround
7964 - create-usb-image-from-iso: detect syslinux installation failure
7966 * Tor Connection: Add link to Troubleshooting doc (tails/tails!650)
7968 Closes issues:
7969 - Link to the Tor connection troubleshooting doc from the error screen
7970 (tails/tails#18549)
7972 Commits:
7973 - apply UX tip: move link to bottom
7974 - Tor Connection: Add link to Troubleshooting doc
7976 * Trim down SquashFS exclusions: remove obsolete ones, move as much as possible
7977 to chroot_local-hooks (tails/tails!649)
7979 Commits:
7980 - leading slashes are clearer
7981 - Trim down SquashFS exclusions: remove obsolete ones, move as much as possible
7982 to chroot_local-hooks
7984 * Upgrade to tor 0.4.6.8 (tails/tails!647)
7986 Closes issues:
7987 - Upgrade tor to 0.4.6 (tails/tails#18310)
7989 Commits:
7990 - Upgrade to tor 0.4.6.8, by bumping the snapshot of the torproject APT
7991 repository to 2021110301
7993 * Improve dialog when Unsafe Browser is not enabled (tails/tails!628)
7995 Closes issues:
7996 - Improve dialog when Unsafe Browser is not enabled (tails/tails#18598)
7998 Commits:
7999 - Fix HTML
8000 - Update anchor
8001 - Apply 1 suggestion(s) to 1 file(s)
8002 - Make the link for the Unsafe Browser documentation translatable
8003 - Use a named anchor (refs: #18598)
8004 - Include link for the Unsafe Browser documentation
8005 - Associate text/html with tor-browser (refs: #18598)
8006 - Apply 1 suggestion(s) to 1 file(s)
8007 - Improve dialog when Unsafe Browser is not enabled
8009 * Basic GUI to backup a Persistent Storage to another one (tails/tails!596)
8011 Closes issues:
8012 - Retry updating the backup if only mounting the backup Tails is missing
8013 (tails/tails#18720)
8014 - Basic GUI to backup a Persistent Storage to another one (tails/tails#18504)
8016 Commits:
8017 - Test suite: improve readability
8018 - Test suite: test that the backup is identical to the source
8019 - Adjust to a04204cba2
8020 - Adjust to 6161e4f823
8021 - Adjust to a77c2425f3
8022 - Adjust to cb7b877fda
8023 - Test suite: use deprecated GuestFS luks_* functions
8024 - Nitpick on copy
8025 - Avoid ampersand
8026 - tails-backup: avoid issue in non-English locales
8027 - Shellcheck: disable excessive rule
8028 - Test suite: detect disks being plugged using udisks
8029 - Test suite: add elementary scenario for tails-backup.
8030 - tails-backup: implement pinentry retries and cancel
8031 - tails-backup: handle unlocked but unmounted TailsData
8032 - tails-backup: suppress bilibop's message
8033 - tails-backup: detect if rsync fails through pipefail
8034 - Expand rsync short options.
8035 - tails-backup-rsync: defensively check that we copy between mountpoints
8036 - tails-backup: make shellcheck happy
8037 - tails-backup: don't try to unlock and already unlocked and mounted volume
8038 - tails-backup: drop need for admin password
8039 - tails-backup: drop unused parameters
8040 - tails-backup: add back progress bar that doesn't hide rsync's output
8041 - tails-backup: fix up on "Always display the 1st screen"
8042 - Fix typo
8043 - Improve feedback (for now)
8044 - Be more specific
8045 - Always display the 1st screen if there's any error (#18720)
8046 - Use consistent quotes
8047 - Put the most meaningful word first
8048 - Move together with the other Persistent Storage utilities
8049 - tails-backup: drop unused variables
8050 - tails-backup: use consistent indentation
8051 - tails-backup: unlock and mount the drive automatically
8052 - tails-backup: show pulsating progress while copying
8053 - tails-backup: try to eject automatically
8054 - tails-backup: fix quoting.
8055 - Make tails-backup executable.
8056 - Fix launcher
8057 - Advice to upgrade from the backup utility
8058 - Update doc to Persistent Storage Backup utility
8059 - Shorten
8060 - Rework interactions and copy
8061 - fix typo in .desktop file
8062 - update to latest version of the script
8063 - tails-backup
8065 * Improve robustness of new TCA automated tests (tails/tails!525)
8067 Commits:
8068 - Test suite: drop unused step.
8069 - Test suite: correctly use "is None" in python script.
8070 - Remove usage of tor.sh's tor_is_working
8071 - Drop most of the tor shell library.
8072 - tor_is_working is stem-based, too
8073 - refactor bash+py stem wrapper into py script
8074 - python ♥ equality to None should use `is` keyword
8075 - python ♥ let's PEP8 everything
8076 - python ♥ remove useless imports
8077 - python ♥ proper argument parser
8078 - python ♥ main function
8079 - Fix indentation.
8080 - Drop unused variable.
8081 - Catch correct exception.
8082 - Extract script.
8083 - Rewrite tor_wait_until_bootstrapped() to be more robust.
8084 - Extreme Nitpicking™
8085 - Make tor_wait_until_bootstrapped() handle tor restarts.
8086 - Improve debugging.
8087 - Avoid spamming new python interpreters while waiting for Tor to bootstrap.
8088 - Allow multiline code blocks in tor_control_stem_wrapper().
8089 - Target the 4.22 code base
8090 - XXX debugging for test/18293-improve-tca-test-robustness
8091 - Test suite: adapt to removal of tor_control_send().
8092 - Test suite: test that tor's control port is open for real.
8093 - Tor shell library: improve error handling when the Tor control port is
8094 unavailable.
8095 - Remove mention of unused import.
8096 - Tor shell library: re-implement control interaction with Python and stem.
8097 - Tor shell library: improve parsing and error handling of getinfo/getconf.
8098 - Add missing shell quoting.
8099 - Add forgotten local variables.
8100 - Add proper error handling to the shell library's control port interaction.
8101 - Test suite: wait for tor's ControlPort before using it (refs: #18293).
8103 -- Tails developers <tails@boum.org> Mon, 06 Dec 2021 16:03:22 +0100
8105 tails (4.24) unstable; urgency=medium
8107 * Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails!639)
8109 Closes issues:
8110 - Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails#18261)
8112 Commits:
8113 - Unsafe Browser: disable more "phone home" features
8114 - Unsafe Browser: disable services.settings.server
8115 - Test suite: search for element more widely.
8116 - Test suite: Firefox' Print dialog is now a panel (refs #18261)
8117 - Update the Tor Browser AppArmor policy for Tor Browser 11 (Firefox 91)
8118 - Test suite: lint
8119 - Test suite: make Gherkin test description more honest
8120 - Rubocop: disable a pattern we use all over the place
8121 - Test suite: update expected images and drop obsolete special-case for Chinese
8122 - Test suite: account for different separator used in German
8123 - Lint.
8124 - Test suite: update comment
8125 - Fix typo in comment
8126 - Test suite: adjust to new Firefox print dialog
8127 - Test suite: update expected windows titles
8128 - Test suite: update expected images
8129 - Upgrade Tor Browser to 11.0a9
8131 * Test suite: make "Unsafe Browser has only Firefox's default bookmarks
8132 configured" step more robust (tails/tails!646)
8134 Closes issues:
8135 - Fragile test since the upgrade to Tor Browser 11: "Unsafe Browser has only
8136 Firefox's default bookmarks configured" (tails/tails#18658)
8138 Commits:
8139 - Test suite: wait for menu to really open before looking for menu entry
8140 - Test suite: update expected picture
8142 * APT sources: add Bullseye security (stable) (tails/tails!637)
8144 Closes issues:
8145 - APT sources: add Bullseye security (tails/tails#18492)
8147 Commits:
8148 - APT pinning: ensure we get security updates for the packages we pull from
8149 Bullseye
8150 - APT sources: add Bullseye security repo
8152 * Move tca developer doc to more appropriate places (tails/tails!636)
8154 Closes issues:
8155 - Update "Tor network configuration" design doc (tails/tails#18360)
8157 Commits:
8158 - tips to develop Tor Connection are reachable
8159 - tca doc behavior.md moved to Gherkin
8160 - move tca/HACKING.md to website
8162 * APT sources: add Bullseye security (tails/tails!626)
8164 Commits:
8165 - APT pinning: ensure we get security updates for the packages we pull from
8166 Bullseye
8167 - APT sources: add Bullseye security repo
8169 * Upgrade kernel to 5.10.46-5 in stable (tails/tails!625)
8171 Closes issues:
8172 - Upgrade Linux to 5.10.46-5 (DSA 4978-1) (tails/tails#18613)
8173 - Upgrade to Buster 10.11 (tails/tails#18608)
8175 Commits:
8176 - Pull libzstd1 from Bullseye: needed by updated squashfs-tools
8177 - Install squashfs-tools from bullseye.
8178 - FIX uBlock patch
8179 - to get a new kernel in stable, bump debian/serial
8180 - change pinning to get kernel from bullseye
8181 - bump kernel to 5.10.46-5
8183 * Upgrade kernel to 5.10.46-5 in devel (tails/tails!622)
8185 Commits:
8186 - Pull libzstd1 from Bullseye: needed by updated squashfs-tools
8187 - change pinning to get kernel from bullseye
8188 - bump kernel to 5.10.46-5
8190 * update Tor network configuration design doc (tails/tails!606)
8192 Commits:
8193 - TCA is not a Tor Launcher wrapper.
8194 - Apply intrigeri's proofreading suggestions.
8195 - explain why tca-portal runs as root
8196 - Document connect-drop security model
8197 - update Tor network configuration design doc
8199 * TCA: clean leftovers (tails/tails!604)
8201 Closes issues:
8202 - TCA clean leftovers (tails/tails#18273)
8204 Commits:
8205 - systemd-notify: move to better way
8206 - we considered this implementation good enough
8207 - remove dead code
8208 - move XXX to #18610
8209 - clarify comment after tails/tails!567
8210 - remove code that was never used and never tested
8211 - comment moved to #18609
8213 * Upgrade Tor Browser to 11.0a10-build1 (tails/tails!655)
8215 Commits:
8216 - Upgrade Tor Browser to 11.0a10-build1
8218 * Remove obsolete freeze exception (tails/tails!648)
8220 Commits:
8221 - Remove obsolete freeze exception
8223 * Port the iuk test suite from squashfs-tools to squashfs-tools-ng
8224 (tails/tails!644)
8226 Closes issues:
8227 - Port the iuk test suite from squashfs-tools to squashfs-tools-ng
8228 (tails/tails#18653)
8230 Commits:
8231 - IUK test suite: support file names with spaces
8232 - IUK test suite: take into account gensquashfs behavior wrt. SOURCE_DATE_EPOCH
8233 - IUK test suite: add missing import
8234 - IUK test suite: port from squashfs-tools to squashfs-tools-ng
8235 - IUK generation: add assertion
8236 - Upgrader: use apparent size to compute space needed to install an IUK
8238 * Switch to zstd for SquashFS compression in development ISO/USB images
8239 (tails/tails!643)
8241 Commits:
8242 - Switch to zstd for SquashFS compression in development ISO/USB images
8244 * Switch to squashfs-tools-ng to build IUKs (tails/tails!640)
8246 Closes issues:
8247 - Switch to squashfs-tools-ng to fix IUKs build reproducibly (tails/tails#18577)
8248 - Failure reproducing IUKs for 4.22~rc1 (tails/tails#18536)
8249 - Failure reproducing IUKs for 4.23 (tails/tails#18627)
8251 Commits:
8252 - GitLab CI: avoid confusing error message
8253 - Release process: use only the isobuilders that have squashfs-tools-ng
8254 - Switch to squashfs-tools-ng to generate our IUKs
8255 - Update release process requirements for building IUKs
8257 * Resolve "Tor Connection bridge tests fail" (tails/tails!621)
8259 Closes issues:
8260 - Tor Connection bridge tests fail (tails/tails#18634)
8262 Commits:
8263 - FIX tests for 84e047ebd39e too
8264 - fix tests after 68b0e77119e
8266 * Upgrader: avoid high cpu usage when getting download progress info
8267 (tails/tails!619)
8269 Closes issues:
8270 - tails-upgrade-frontend causes very high CPU load when downloading upgrade
8271 (tails/tails#18632)
8273 Commits:
8274 - Upgrader: avoid high cpu usage when getting download progress info
8276 * Explain better how to type a bridge (#18597) (tails/tails!617)
8278 Closes issues:
8279 - Explain better "type in a bridge" (tails/tails#18597)
8281 Commits:
8282 - Fix grammar
8283 - Use singular as much as possible
8284 - Use 'bridge' in singular as much as possible
8285 - Fix broken link
8286 - Explain better how to type a bridge (#18597)
8287 - Style guide: not everybody types
8289 * Don't mention local network in Unsafe Browser confirmation (tails/tails!615)
8291 Closes issues:
8292 - Don't mention local network in Unsafe Browser confirmation (tails/tails#18600)
8294 Commits:
8295 - Simplify
8297 * Rephrase intro of Fix Clock dialog (tails/tails!614)
8299 Closes issues:
8300 - Rephrase intro of Fix Clock dialog (tails/tails#18572)
8302 Commits:
8303 - Be consistent with /doc/about/warnings/identity
8304 - Simply
8305 - Remove duplicate text
8306 - Simplify and be more correct
8308 * Improve time zone selection UX (tails/tails!595)
8310 Closes issues:
8311 - Improve time zone selection UX (tails/tails#18514)
8313 Commits:
8314 - the test suite correctly handles UTC/GMT
8315 - UTC can be selected, too
8316 - test suite enjoys better UX, too
8317 - pressing enter selects topmost entry
8318 - tca gtk errors are logged immediately
8319 - test suite waits for filtering to be applied
8320 - Test suite: replace usage of non-existing Screen.pressKey with Screen.press
8321 - revamp the time selection dialog
8322 - fix logging
8323 - test suite updated for new timezone selection
8324 - FIX matching (lets hope so)
8325 - better UX for timezone selection
8326 - proper logging in asyncutils
8328 * Installer: make the confirmation dialog more scary (tails/tails!593)
8330 Closes issues:
8331 - Make the confirmation more scary when reinstalling a USB stick that has a
8332 Persistent Storage (tails/tails#18301)
8334 Commits:
8335 - Test suite: adjust confirmation label when reinstalling over a usb with a
8336 persistent volume
8337 - Test suite: adjust confirmation dialog label in Installer (refs #18301)
8338 - Installer: inform when there is no target available
8339 - Installer: enforce Persistent Storage detection
8340 - Installer: display if the target device has a Persistence Storage
8341 - Make the confirmation more scary when reinstalling a USB stick that has a
8342 Persistent Storage (refs: #18301)
8344 * TCA: Fix "AttributeError: no attribute persistence_config_failed"
8345 (tails/tails!590)
8347 Commits:
8348 - FIX condition
8349 - make the diff smaller
8350 - TCA: Fix "AttributeError: no attribute persistence_config_failed"
8352 -- Tails developers <tails@boum.org> Thu, 04 Nov 2021 14:25:18 +0100
8354 tails (4.23) unstable; urgency=medium
8356 * Upgrade Tor Browser to 10.5.8-build2 (tails/tails!611)
8358 Closes issues:
8359 - Upgrade to Tor Browser 10.5.8 (based on Firefox 78.15.0esr) (tails/tails#18623)
8361 Commits:
8362 - Fetch Tor Browser from our own archive
8363 - Upgrade Tor Browser to 10.5.8-build2
8365 * FIX #18568: wait after killing TBB (tails/tails!607)
8367 Closes issues:
8368 - "Tails is localized for every tier-1 language" test fails on iguana
8369 (tails/tails#18568)
8371 Commits:
8372 - FIX #18568: wait after killing TBB
8374 * Fix devel FTBFS (tails/tails!601)
8376 Commits:
8377 - Install squashfs-tools from bullseye.
8378 - Refresh uBlock patch vs version 1.37.0+dfsg-1 (fixes: #18537)
8380 * copy-iuks-to-rsync-server-and-verify: handle arbitrary build agents
8381 (tails/tails!597)
8383 Closes issues:
8384 - copy-iuks-to-rsync-server-and-verify: needs adjustment for changing isobuilder
8385 names (tails/tails#18574)
8387 Commits:
8388 - copy-iuks-to-rsync-server-and-verify: handle arbitrary build agents.
8390 -- Tails developers <tails@boum.org> Tue, 05 Oct 2021 08:20:24 +0200
8392 tails (4.22) unstable; urgency=medium
8394 * Upgrade Thunderbird to 78.13.0-1~deb10u1
8396 * Upgrade to Tor Browser 10.5.6 (78.14.0esr) (tails/tails!594)
8398 Commits:
8399 - Upgrade Tor Browser to 10.5.6-build2 (fixes: #18566)
8401 * Remove Prestera firmware, that's useless in the context of Tails
8402 (tails/tails!572)
8404 Commits:
8405 - Stop setting up a kernel module build environment during the images build
8406 - Remove Prestera firmware, that's useless in the context of Tails
8408 * Only allow typing 1 bridge (tails/tails!587)
8410 Commits:
8411 - Only allow typing 1 bridge
8413 * Don't pretend tor has bootstrapped when tor@default.service failed to start
8414 (tails/tails!585)
8416 Commits:
8417 - Don't pretend tor has bootstrapped when tor@default.service failed to start
8419 * Upgrade firmware-amd-graphics to 20210818-1 (tails/tails!582)
8421 Commits:
8422 - Install version 20210818-1 of packages built from src:firmware-nonfree
8423 - Enable the 18556-amd-gpu-firmware APT overlay (refs: #18556).
8425 * Ensure we use a working mirror to download automatic upgrades (tails/tails!581)
8427 Commits:
8428 - Update mirror-pool-dispatcher submodule
8429 - Allow the Upgrader to use tor, now needed by tails-transform-mirror-url for
8430 testing mirrors
8431 - many improvements to mirror-pool-dispatcher
8432 - FIX dependency for tails-transform-mirror-url
8433 - apply suggestion from mirror-pool-dispatcher!2
8434 - mirror-pool-dispatcher tests mirrors
8436 * Test suite: fix Pidgin scenarios with XMPP accounts on a server that requires
8437 going through the "Create New Room" UI (tails/tails!580)
8439 Closes issues:
8440 - Some Pidgin test suite scenarios fail when using XMPP accounts on a server that
8441 requires going through the "Create New Room" UI (tails/tails#18560)
8443 Commits:
8444 - Test suite: update expected Pidgin images
8446 * Test suite: fail if tor reports that DisableNetwork is an empty string
8447 (tails/tails!573)
8449 Commits:
8450 - Test suite: log and fail if tor reports that DisableNetwork is an empty string
8452 * Persistent Bridges, iteration 4: integrate bridges persistence in Tor
8453 Connection (tails/tails!543)
8455 Commits:
8456 - Tor Connection: remove visible border around scrolled window
8457 - Drop unneeded grep option
8458 - Test suite: be more defensive when interacting with toggle buttons
8459 - Test suite: disable step that does not reflect the current implementation
8460 - Roadmap--
8461 - Mention alternate implementation idea in comment
8462 - Fix typo in comment
8463 - Make checks closer to our needs
8464 - Move shell code from tca-portal to helper script
8465 - Make tca-portal helper script more generic
8466 - Tor Connection: when pre-filling bridges, adjust the verb from "Type in" to
8467 "Use"
8468 - Test suite: explain what labelee is
8469 - Test suite: adjust to current UI
8470 - TCA: fix display on low-height screen resolutions
8471 - Test suite: update expected UI text to match current implementation
8472 - TCA: correctly set the bridges persistence switch's initial state
8473 - TCA: adapt to new tca-portal API
8474 - TCA: remove unused imports
8475 - TCA: display error when enabling/disabling persistence failed
8476 - TCA: check success/failure of portal call when enabling/disabling persistence
8477 - Test suite: lint
8478 - Test suite: adjust strings to match current implementation
8479 - TCA: lock the UI and display a spinner while enabling/disabling persistence
8480 - TCA: add another keyboard accelerator
8481 - TCA: when toggling bridges persistence, wait the portal call to return a
8482 response
8483 - TCA: remove unused import
8484 - Change usages of call_async to new API
8485 - TCA: remove incorrect signal handling
8486 - TCA: actually enable/disable Tor bridges persistence when the user asks us to
8487 - TCA: display vertical scrollbar when contents does not fit
8488 - TCA: hide Network Monitor launcher
8489 - Test suite: use the Tor Connection UI to enable bridges persistence
8490 - TCA: add skeleton implementation for toggling bridges persistence on/off
8491 - TCA: draft bridges Glade UI
8492 - TCA: improve keyboard navigation
8493 - TCA: add accessibility relationships between a bunch of widgets
8494 - TCA: add debug output
8495 - TCA: move persistence detection to the wrapper script
8496 - TCA: avoid throwing an (invisible) KeyError exception on first launch
8497 - Lint.
8499 * Persistent Bridges, iteration 3: allow persisting bridges (tails/tails!539)
8501 Commits:
8502 - Test suite: lint, again
8503 - Test suite: adjust expected owner to actual implementation
8504 - TCA: check and save persistence status on startup
8505 - tca-portal: add commands to enable/disable persistence of Tor configuration
8506 - Test suite: mock functionality that's not implemented yet
8507 - Test suite: add step implementation
8508 - Test suite: disable incorrect step definition
8509 - Test suite: implement steps
8510 - Test suite: adjust to expected permissions of /var/lib/tca
8511 - Persistence setup: add support for disabling a preset non-interactively
8512 - Persistence setup: add a "Tor Bridges" feature
8513 - On shutdown, copy to Persistent Storage the Tor configuration that should now
8514 persist
8515 - Test suite: implement "I accept Tor Connection's offer to use my persistent
8516 bridges" step.
8517 - Test suite: implement "I choose to connect to Tor automatically" step.
8518 - Test suite: extend step to handle configuring persistent bridges.
8519 - TDD: add (unimplemented) steps for Tor bridges persistence
8520 - Test suite: simplify feature name
8522 * Persistent Bridges, iteration 2: use settings from tca.conf on first start
8523 (tails/tails!538)
8525 Commits:
8526 - Revert "Test suite: cope with current actual behavior"
8527 - TCA: rename method to reflect what it now does
8528 - TCA: on first run, pre-seed bridges UI state from configuration
8529 - TCA: add debug logging to help understand what configuration we've loaded
8530 - TCA: add debug output to help figure out whether we loaded tca.conf
8531 - TCA: fix loading an empty or invalid configuration file
8532 - TCA: on first start, load Tor connection configuration from tca.conf
8534 * Persistent Bridges, iteration 1: split transient / potentially persistent state
8535 (tails/tails!533)
8537 Commits:
8538 - Test suite: cope with current actual behavior
8539 - Test suite: adjust to actual implementation
8540 - TCA: don't save the default bridges to tca.conf
8541 - Test suite: fix buggy "tca.conf is empty" test
8542 - Make method name clearer and consistent with read_tca_state()
8543 - TCA: Rename method
8544 - Fix typo
8545 - TCA: Migrate transient state information to a dedicated file
8546 - TCA: Rename method
8547 - TCA: Refactoring (extract code to functions)
8548 - Test suite: Implement new steps
8549 - Test suite: lint
8550 - TDD: add (unimplemented) steps for the contents of tca.conf
8551 - TCA: Disable loading proxy settings from the configuration file
8552 - TCA: Set up, pass through, and inherit a new state file
8553 - TCA: Remove unused import
8554 - TCA: Drop unneeded call to expanduser()
8555 - TCA: Only save known-working Tor configuration to tca.conf
8556 - TCA: Minor refactoring (avoid having to reason about double-negations)
8557 - TCA: Make methods names more specific
8559 * Always start tor@default.service at boot, don't restart it after closing the
8560 Unsafe Browser (tails/tails!584)
8562 Commits:
8563 - Test suite: adjust to the fact tor@default.service is started during boot
8564 - Don't restart tor after exiting the Unsafe Browser
8565 - Always start tor@default.service at boot
8567 * Unsafe Browser: Only mention the Persistent Storage when there is one
8568 (tails/tails!583)
8570 Commits:
8571 - Unsafe Browser: Only mention the Persistent Storage when there is one
8573 * Fix running the test suite on sid (tails/tails!579)
8575 Commits:
8576 - Drop another instance of the obsolete which(1)
8577 - Test suite: migrate away from obsolete which(1)
8578 - Test suite: switch to virtio graphics
8580 * FIX run_test_suite usage of tor --version for corner-cases (tails/tails!575)
8582 Commits:
8583 - FIX run_test_suite for corner-cases
8585 * Installer: fix combobox freezes (tails/tails!571)
8587 Commits:
8588 - Installer: fix combobox freezes (refs: #18531)
8590 * Update Tor Browser AppArmor policy (tails/tails!568)
8592 Commits:
8593 - Update Tor Browser AppArmor policy
8595 * Tor Connection: decrease "sign of life" timeout, increase bootstrap timeout
8596 (tails/tails!567)
8598 Commits:
8599 - Test suite: DRY clicking "Connect to Tor"
8600 - Test suite: drop obsolete workaround
8601 - Fix typo
8602 - Tor Connection: allow the user to retry connecting to Tor from the error screen
8603 with the same settings
8604 - TCA hacking: use numbers that we have a chance to somewhat support
8605 - TCA hacking: drop buggy option
8606 - Add dummy entry for next release
8607 - Tor Connection: decrease "sign of life" timeout, increase bootstrap timeout
8609 * Test suite: use new XMPP chat rooms (tails/tails!566)
8611 Closes issues:
8612 - Deal with xmpp.riseup.net going away (tails/tails#17956)
8614 Commits:
8615 - Test suite: remove dead code
8616 - Test suite: rename argument to match its current usage
8617 - Test suite: use new XMPP chat rooms
8619 * Resolve "TCA does not connect with default bridges when it should"
8620 (tails/tails!563)
8622 Commits:
8623 - Let's use user-centric (first person) phrasing whenever possible
8624 - Always set variables
8625 - better variable names
8626 - test suite: support using bridges w/o needing them
8627 - Gherkin for #18462
8628 - preserve user's choice of using default bridges
8630 * Stop trying to connect to Tor when we reach the Tor Connection error screen
8631 (tails/tails!559)
8633 Commits:
8634 - TCA hacking: add missing sudo
8635 - TCA hacking: make test firewall rule not depend on already having connected to
8636 tor
8637 - TCA hacking: make test firewall rule more accurate
8638 - Test suite: adjust to the new, fixed situation
8639 - Revert "let's wait for the Fix Clock dialog to show up"
8640 - let's wait for the Fix Clock dialog to show up
8641 - state machine docstring
8642 - minor cleaning use of variables
8643 - FIX state machine wrt DisableNetwork
8644 - refactor _decide_right_step
8645 - remove hopefully-obsolete todo comments
8646 - stop trying to connect after timeout
8648 * Move wait_for_working_tor logic from NetworkManager to systemd
8649 (tails/tails!558)
8651 Commits:
8652 - Update links in comment
8653 - Drop useless logging
8654 - Allow NM to start htpdate again if it failed last time
8655 - Clean up implementation of "Does not run htpdate again after success"
8656 - Update comment
8657 - sw upgrade should only run when tor is ready
8658 - waiting for readiness sounds like a pre-command
8659 - Does not run htpdate again after success
8660 - let's use the flag file, instead of asking tor
8661 - systemd-controlled htpdate
8663 * Add Russian to the bundled offline documentation (tails/tails!552)
8665 Commits:
8666 - enable Russian on our website. will-fix:
8667 https://gitlab.tails.boum.org/tails/tails/-/issues/18454
8669 * vagrant/lib/tails_build_settings.rb: use --no-signature with git log
8670 (tails/tails!548)
8672 Commits:
8673 - vagrant/lib/tails_build_settings.rb: use --no-signature with git log
8674 - .gitignore: ignore vmdb2.log
8676 * GJsonRpcClient.call_async can set a callback (tails/tails!544)
8678 Commits:
8679 - tca-portal: add missing sentence bits
8680 - Apply 3 suggestion(s) to 1 file(s)
8681 - GJsonRpcClient response handler fix
8682 - tca-portal is now fully asynchronous
8683 - change previous usages of call_async to new API
8684 - call_async can set callbacks
8686 * drop tordate (tails/tails!542)
8688 Commits:
8689 - ooops, that wasn't useless!
8690 - Tor Connection: make GtkSpinButton's UI consistent
8691 - Tor Connection: add keyboard accelerators
8692 - Tor Connection: use "Wrong clock" instead of "Wrong time" terminology
8693 - Tor Connection: use "Fix Clock" instead of "Set Time" terminology
8694 - Test suite: lint
8695 - Test suite: simplify
8696 - Test suite: use higher-level predicate
8697 - Test suite: remove obsolete exception
8698 - htpdate: increase timeout for working tor
8699 - drop useless stuff from 10-time.sh
8700 - 20-time imports: update comments, fix shellcheck
8701 - remove confusing log line
8702 - htpdate works successfully after manual time set
8703 - tca sends stderr to journal
8704 - no reason to delete the tor log anymore
8705 - testing for tordate in test suite is now useless
8706 - stop mentioning tordate in website
8707 - update time syncing design doc
8708 - remove unused code from 20-time.sh
8709 - be bold: let's drop @fragile from tor bridges!
8710 - drop tordate
8712 * Re-enable the tor sandbox when no PTs are used (tails/tails!535)
8714 Commits:
8715 - Use variable name more readable than $1
8716 - Add missing "set -eu"
8717 - Test suite: fix typo in not-enabled-yet code
8718 - Test suite: prepare sandbox test for when #18470 is fixed
8719 - Test suite: adjust to tor sandbox being disabled when falling back to default
8720 bridges
8721 - Remove unused attribute
8722 - Revamp management of the Tor Sandbox configuration option
8723 - Lint.
8724 - Use consistent and less confusing names for attribute and method
8725 - Adjust to new call_async API
8726 - Tor Connection: disable caching of information retrieved from tor by Stem
8727 - Wait for side-effects of async call to complete.
8728 - Improve encapsulation.
8729 - Rename tor-sandbox-helper → tor-pt-configuration-helper.
8730 - Be defensive about arguments.
8731 - Give base-class a better name.
8732 - Drop useless re-definition of method in subclass.
8733 - Be more Pythonic.
8734 - Apply 1 suggestion(s) to 1 file(s)
8735 - Test suite: re-enable tor sandbox sanity check (refs: #18237).
8736 - Drop unused, out-of-date main() used for testing a library.
8737 - Re-enable the tor sandbox when no PTs are used (refs: #18237)
8739 * TCA: Allow the user to manually set time (tails/tails!531)
8741 Commits:
8742 - time dialog: spacing + follow mockups better
8743 - reference to how a problem might be solved
8744 - Set time test scenario uses snapshots
8745 - stricter date validation
8746 - Test suite: lint
8747 - Test suite re-introduce linting lost by merge conflict resolution
8748 - FIX date format
8749 - more bringing back from devel
8750 - Tor Connection: translate 1 string to test l10n
8751 - Update POT and PO files
8752 - bring back lost changes to tor.rb
8753 - fix datestring validation
8754 - Test suite: revert indentation regression
8755 - Test suite: use user-facing terminology in Gherkin
8756 - fix test suite about time dialog
8757 - loggers are better than prints
8758 - tca remembers user timezone
8759 - bring back "unsuccessfully configure" step
8760 - reorder fixes in the error screen
8761 - set-system-time has early input validation
8762 - tca-portal can validate arguments
8763 - set-system-time errors are handled
8764 - less noisy logging
8765 - tails-set-date cleaned a bit
8766 - tails-set-date checks if the date is valid early
8767 - wait for set time window to be closed
8768 - rewrite Gherkin using more user-centric language
8769 - fix "Apply suggestion"
8770 - Apply 1 suggestion(s) to 1 file(s)
8771 - tca test: combo box faster and cleaner
8772 - Tooltip for combo box
8773 - tca-portal is a bit more verbose
8774 - when changing the time, tor must be restarted
8775 - Test "set the time in tca" does what it says
8776 - FIX time dialog
8777 - FIX: missing .ui file translation support
8778 - Connect to Tor can be clicked
8779 - TCA: adds a dialog to Set Time
8780 - tca-portal allows setting time
8781 - Separate the anti-test from the fix
8782 - reword: "I try to" actually check failure
8783 - 15548 implementation is "simulated"
8784 - test suite: hw clock can be set to relative time
8785 - test: cmd_helper modernized
8786 - DRAFT: Add a Scenario for #15548
8788 * Allow running our test suite on modern AMD CPUs (tails/tails!406)
8790 Commits:
8791 - document LIBVIRT_CPUMODEL
8792 - amd hack: convert to config file
8793 - modern AMD CPUs apparently benefit from this fix
8795 -- Tails developers <tails@boum.org> Mon, 06 Sep 2021 15:14:57 +0200
8797 tails (4.21) unstable; urgency=medium
8799 * Upgrade to Linux 5.10.46-3 (tails/tails!549)
8801 Closes issues:
8802 - Upgrade to Linux 5.10.46-2+ (CVE-2021-33909) (tails/tails#18489)
8804 Commits:
8805 - Update /etc/group's expected lines ordering
8806 - Ensure UIDs/GIDs don't change
8807 - Remove obsolete dkms logs cleanup
8808 - Don't (attempt to) build VirtualBox guest modules anymore
8809 - Upgrade snapshot of the Debian archive to 2021080201
8811 * Upgrade Thunderbird to 78.12.0-1~deb10u1
8813 * Don't (attempt to) build VirtualBox guest modules anymore (tails/tails!537)
8815 Commits:
8816 - Update /etc/group's expected lines ordering
8817 - Ensure UIDs/GIDs don't change
8818 - Remove obsolete dkms logs cleanup
8819 - Don't (attempt to) build VirtualBox guest modules anymore
8821 * Installer: allow choose Upgrade option when reinstall is cancelled
8822 (tails/tails!553)
8824 Closes issues:
8825 - Choosing "Upgrade" option in Tails Installer can delete persistent volume
8826 (tails/tails#18494)
8828 Commits:
8829 - Installer: allow choose Upgrade option when reinstall is cancelled
8831 * Upgrade to Tor Browser 10.5.4 (based on Firefox 78.13esr) (tails/tails!555)
8833 Closes issues:
8834 - Upgrade to Tor Browser 10.5.4 (based on Firefox 78.13esr) (tails/tails#18479)
8836 Commits:
8837 - Fetch Tor Browser from our own archive
8838 - Upgrade Tor Browser to 10.5.4-build1
8840 * Clean up code and pre-TCA leftovers (tails/tails!541)
8842 Closes issues:
8843 - Clean up pre-TCA leftovers (tails/tails#18365)
8844 - Rename a11y-proxy-netns: it's now used for ibus as well (tails/tails#18366)
8846 Commits:
8847 - Give function the name we use
8848 - Rename a11y-proxy-netns → netns-bus-proxy.
8849 - Rename TCA's torlaunch network namespace from torlaunch to tca.
8850 - Update comment.
8851 - Test suite: drop obsolete workaround.
8852 - Drop already done TODO comment.
8853 - Fix outdated references to Tor Launcher.
8854 - Drop unneeded workaround.
8855 - Test suite: drop code used to support --old-iso for 4.20 release.
8856 - Remove unused exec_unconfined_firefox().
8858 * Refactor and consolidate how we explicitly check for Tor leaks in the automated
8859 test suite (tails/tails!540)
8861 Closes issues:
8862 - "all Internet traffic has only flowed through Tor" sometimes fails: does not
8863 allow for varying behavior (fallback to default bridges, or not)
8864 (tails/tails#18493)
8866 Commits:
8867 - Test suite: refactor and consolidate how we explicitly check for Tor leaks.
8868 - Revert "Test suite: temporarily disable failing step in scenario."
8870 * Post-RM: doc improvements (tails/tails!528)
8872 Commits:
8873 - clarify release types
8874 - after releasing: give more guidance
8875 - one less bashism
8876 - rm doc: give manual testers the signatures
8877 - some parts are not related to freeze
8878 - refresh-translations explains that it failed
8879 - rm doc: clarify what to do with the package diff
8880 - rm doc: clarify freezing
8882 * Fix usage of mutable default arguments in Python (tails/tails!527)
8884 Commits:
8885 - Fix usage of mutable default arguments in Python
8887 * More automated testing of TCA for Sponsor08/10 (tails/tails!435)
8889 Commits:
8890 - Refactor.
8891 - Clarify.
8892 - Clarify.
8893 - Test suite: wait longer for the TCA to report errors.
8894 - Test suite: test that TCA reports an error when reconnecting to a network where
8895 Tor is blocked.
8896 - Test suite: drop unnecessary step.
8897 - Test suite: make blocking Tor survive reconnections.
8898 - Test suite: monitor Tor leaks.
8899 - Fix erroneous camel casing in translation.
8900 - Test suite: test explicitly selecting default bridges in TCA.
8901 - Test suite: test that the same Tor config is applied if TCA reconnects.
8902 - Test suite: test that TCA disallows normal bridges in hide mode.
8904 -- Tails developers <tails@boum.org> Mon, 09 Aug 2021 07:55:57 +0000
8906 tails (4.20) unstable; urgency=medium
8908 * Upgrade Thunderbird to 78.11.0-1~deb10u1
8910 * Upgrade KeePassXC to 2.6.2+dfsg.1-1~bpo10+1
8912 * 20-time.sh: actually abort if Tor has failed to bootstrap (tails/tails!514)
8914 Commits:
8915 - 20-time.sh: temporarily workaround buggy check
8916 - 20-time.sh: fix success and error handling
8917 - 20-time.sh: simplify control flow
8918 - Lint.
8919 - 20-time.sh: actually abort if Tor has failed to bootstrap
8921 * Resolve "TCA sometimes fails to start: "bwrap: Can't find source path
8922 /tmp/netns-specific/torlaunch: No such file or directory"" (tails/tails!489)
8924 Commits:
8925 - tails-ibus-proxy-netns@.service: remove now unneeded NotifyAccess=all
8926 - a11y: systemd-notify -> import systemd.daemon
8927 - silence useless information to syslog
8928 - avoid errors when started directly
8929 - clean systemd unit
8930 - more timeout on a11y-proxy-netns
8931 - FIX gnome.sh search for exact name gnome-shell
8932 - drop tca watchdog
8933 - safer watchdog
8934 - wait for user systemd session to be ready
8935 - FIX systemctl path
8936 - remove testing leftover
8937 - a11y/ibus proxy wait socket to signal readiness
8938 - tca-related proxies only active when unneeded
8939 - tails-tor-launcher not needed anymore
8940 - a11y/ibus proxies for TCA only started with TCA
8941 - FIX: call systemctl --user
8942 - tentatively setting TCA as a systemd service
8944 * Resolve "TCA asks consent question when changing network" (tails/tails!460)
8946 Commits:
8947 - FIX: switching to progress, not success, on connection
8948 - small code cleaning
8949 - FIX #18336 again
8950 - tca: FIX success-error-retry
8951 - tca reacts to DisableNetwork changes
8952 - reduce stem logging noise
8953 - tca application monitors DisableNetwork
8955 * tca-portal service (tails/tails!422)
8957 Commits:
8958 - start tca-portal at boot
8959 - restrict access to tca-portal.socket!
8960 - tca-portal: add open-documentation + refactoring
8961 - FIX FTBFS on tca-portal.service
8962 - gnome-system-monitor opens at network tab
8963 - ooops: enable tca-portal unit
8964 - tca-portal opens onioncircuits
8965 - tca-portal (sic!) has systemd socket-activation
8966 - tca can talk to its portal
8967 - tca-connection-helper based on tinyrpc
8968 - draft of a tor-connection-helper service
8970 * Resolve "TCA: buggy window detection logic on app startup" (tails/tails!457)
8972 Commits:
8973 - TCA sends startup notification to DE
8975 * Resolve "The amnesia user might have too much power over TCA's configuration
8976 directory" (tails/tails!442)
8978 Commits:
8979 - change documentation wrt to tca.conf
8980 - tca.conf path changed to /var/lib/tca/
8982 * Install Linux 5.10.46 and upgrade shim (tails/tails!521)
8984 Commits:
8985 - Update shim* to the version from sid
8986 - Update Linux to 5.10.46
8988 * Don't run a useless IBus proxy for OnionCircuits (tails/tails!510)
8990 Commits:
8991 - Don't run a useless IBus proxy for OnionCircuits
8993 * Rakefile: actually build with the base branch merged (tails/tails!504)
8995 Closes issues:
8996 - Merging the base branch is not effective ⇒ different Git state between
8997 isobuilders and isotesters (tails/tails#18441)
8999 Commits:
9000 - Rakefile: actually build with the base branch merged
9002 * Rewrite notification when closing TCA on progress bar (tails/tails!496)
9004 Commits:
9005 - Rewrite notification when closing TCA on progress bar (#18362)
9007 * Implement "Connect to Tor" button in error screen (tails/tails!494)
9009 Commits:
9010 - Revert "avoid errors when started directly"
9011 - step error correctly indicates that bridges are on
9012 - better textarea alignment
9013 - put the current bridges in the textarea
9014 - keeps more state about bridge configuration
9015 - avoid errors when started directly
9016 - error: step proxy now goes back to error screen
9017 - connect to tor actually does something
9018 - bridges + "connect to tor" on error
9019 - DRAFT of better error screen
9021 * Tor Connection Assistant (tails/tails!375)
9023 Commits:
9024 - open unsafe-browser (if configured)
9025 - Test suite: properly tear down after cloding TCA.
9026 - Test suite: add some extra error handling.
9027 - Test suite: pass showingOnly even though it should not be needed.
9028 - Test suite: add error message.
9029 - Test suite: fix bad syntax.
9030 - Test suite: add delay between tries in override_child().
9031 - Test suite: add optional delay between retry_action() tries.
9032 - Make is_tor_working() more accurate.
9033 - Test suite: only set default bridges when relevant.
9034 - design change: Tor Launcher is just removed.
9035 - document tca behaviour
9036 - bootstrap/phase may include WARN, too
9037 - Test suite: work around closing TCA too fast.
9038 - more logging to debug test suite
9039 - remove leftover commit
9040 - proper place for hacking tips
9041 - Add icon for the Tor Connection assistant
9042 - Generate the list of default bridges at build time.
9043 - Test suite: drop workaround.
9044 - success indication and fallback to default bridges
9045 - more hacking tips to test tca
9046 - cover corner cases better
9047 - NetworkManager state: signal instead of polling
9048 - tca calls NM immediately
9049 - tca reacts to nm state changes
9050 - Test suite: save Tor journal if TCA fails to start.
9051 - Test suite: bump image.
9052 - Test suite: TCA has a new internal name.
9053 - Test suite: attempt to make try_for() more robust.
9054 - Test suite: adapt to TCA UI change.
9055 - Test suite: fix retring for child() with regexp matching.
9056 - TCA: move to Gtk.Application style
9057 - progress bar get data from bootstrap-phase
9058 - TCA: drop debugging.
9059 - Test suite: convert potentially endless loop to try_for() with timeout.
9060 - Persistent Welcome Screen settings: migrate obsolete network setting to new
9061 offline mode setting.
9062 - Test suite: optimize upgrade check.
9063 - smoother progress bar
9064 - connect-drop: clean unnecessary hacks
9065 - s/amnesia/LIVE_USERNAME/
9066 - drop tor-sandbox-helper: not used right now
9067 - FIX proxy not working
9068 - document tca wrappers
9069 - some css rule to style TCA a bit
9070 - refactoring: utils -> torutils
9071 - more user freedom: consent question can be changed
9072 - current Tor state is observed when filling bridges
9073 - SAVECONF
9074 - resize window on every change_box
9075 - FIX GAsyncSpawn 100% CPU
9076 - no internet probe anymore: also fix 100% CPU bug
9077 - Welcome Screen: use "airplane mode" icon for Offline mode.
9078 - Test suite: add scenario testing that TCA can connect after an initial
9079 connection failure.
9080 - Test suite: make function usable in more contexts.
9081 - Test suite: also make it possible to block default bridges.
9082 - Test suite: detect TCA errors and fail early.
9083 - Test suite: add scenario testing that TCA falls back to default bridges if Tor
9084 is blocked.
9085 - Test suite: run a dedicated default bridge.
9086 - Test suite: refactor.
9087 - Test suite: adapt to another changed label.
9088 - FIX doc about how to check for non-working Tor
9089 - improve display size detection
9090 - FIX layout
9091 - Test suite: refer to the correct variable.
9092 - Test suite: adapt to changed label.
9093 - Test suite: fix syntax error.
9094 - Rephrase warning
9095 - Improve user-visible strings
9096 - Test suite: improve names.
9097 - Test suite: use TCA's "hide Tor usage" path when testing PTs.
9098 - Disable launcher buttons: broken because of netns
9099 - use the 3 images + better layout
9100 - normal bridges are not accepted in Hide Mode
9101 - Bridge validation + better handle IPv6
9102 - Always obfs4 + bridge documentation link
9103 - GitLab CI: tails-documentation
9104 - tails-documentation gains --force-local
9105 - document tips&tricks for tca
9106 - don't kill TCA on network reconnection
9107 - syslog logging really has identity set
9108 - lots of logging to understand bridge bug
9109 - put doctests in gitlab in shape again
9110 - FIX IBus connection for onion-circuits
9111 - more debug about bridge-connection part
9112 - Port TCA to onion-grater-over-netns magic
9113 - TCA will honor debug flag
9114 - more logging
9115 - a bit less noise for translatable mixin
9116 - TCA logs to syslog/stderr automagically
9117 - gitlab-ci: TCA doctest dependency
9118 - FIX .gitlab-ci.yml (syntax error)
9119 - normal bridges were to be stripped, not expanded
9120 - default bridges imported
9121 - FIX: bridges have ip-port, not only IP!
9122 - put TCA testing in gitlab-ci
9123 - bridges doctests
9124 - reformatting
9125 - Revert "Test suite: add workaround for TCA not sanitizing bridge input
9126 properly."
9127 - Decent validation for bridge lines
9128 - rewrite tca wrapper in python
9129 - Test suite: reorder steps to avoid TCA blocking the desktop.
9130 - Revert "Test suite: wait for TCA's GUI to be available before using it."
9131 - Test suite: work around lost click around TCA start.
9132 - Test suite: refactor.
9133 - Test suite: add workaround for TCA not sanitizing bridge input properly.
9134 - Test suite: wait for TCA's GUI to be available before using it.
9135 - Test suite: add timeout.
9136 - Test suite: work around Ruby <2.7 args vs keywords handling.
9137 - Test suite: fix exception message.
9138 - Test suite: adapt scenario for new "Offline Mode" Greeter setting.
9139 - Welcome Screen: obsolete "Network Connection" and add new "Offline Mode"
9140 setting.
9141 - Test suite: rewrite Tor Launcher tests for Tor Connection Assistant.
9142 - Test suite: allow regexp matching in Dogtail's child() method.
9143 - Test suite: drop unnecessary methods from subclass.
9144 - ignore main.ui
9145 - tca: state saved, still to little use
9146 - tca: don't run two times
9147 - minor UI changes
9148 - tca: side icon will be added from Python
9149 - Temporarily add pluggable transport config to torrc.
9150 - Convert Tor Launcher .desktop file to one for TCA.
9151 - Remove Tor Launcher, for real!
9152 - tca: small text improvement
9153 - connect-drop works fine without environment
9154 - Revert "Remove Tor Launcher"
9155 - tails-tor-launcher actually runs tca
9156 - Remove Tor Launcher
9157 - another workaround for #18123
9158 - onion-grater: quoting matters
9159 - Move very context-specific script out of root's PATH.
9160 - onion-grater: options are case insensitive
9161 - adapt profile to onion-grater's case-sensitiveness
9162 - Temporarily workaround tor bug by always disabling the seccomp sandbox.
9163 - FIX onion-grater tca profile
9164 - run `tca` and it will auto-sudo
9165 - tca can connect to onion-grater
9166 - translations refreshed for TCA
9167 - FIX connect-drop
9168 - add tca .ui file to POTFILES.in for l10n
9169 - Test suite: delete obsolete scenario.
9170 - Improve comment.
9171 - Test suite: use correct bridge/PT terminology.
9172 - Test suite: fix tor seccomp check in the normal bridge case.
9173 - Improve comment.
9174 - Fix assertion failure message.
9175 - Let's settle for 'normal' bridge when no PT is used.
9176 - Add Tor Launcher to GNOME favorite applications.
9177 - Tor Launcher: allow amnesia to start and add suitable .desktop file.
9178 - Tor Launcher: kill old instances when starting.
9179 - Remove the "Tor is ready" notification.
9180 - side image
9181 - small TorConnectionProxy fixes
9182 - step proxy
9183 - tca: --debug-statefile for better simulation
9184 - error page + early proxy config
9185 - back button
9186 - main workflows work!
9187 - Step forwards for bridge configuration
9188 - bridge selection: beginning
9189 - easy Tor configuration works!
9190 - sudo tca will do; start Tor integration
9191 - more steps in Tor launcher UI
9192 - GUI: first step implemented (more or less)
9193 - a first attempt at a GUI
9194 - Test suite: always verify that Tor's Sandbox setting.
9195 - Handle multiline GETCONF responses.
9196 - Welcome Screen: add note about the missing bridge mode option.
9197 - Test suite: fix tor Seccomp verification.
9198 - Tor Launcher: enable tor's Seccomp sandbox when not using pluggable transports.
9199 - tor-launcher: repair the --force-net-config feature.
9200 - Drop now unused restart-tor script.
9201 - Unsafe Browser: don't restart tor with restart-tor.
9202 - Drop ugly hook killing Tor Launcher.
9203 - onion-grater: transparently recover lost tor controller connections.
9204 - Work around event handling bug in stem?
9205 - Make dynamic configuration we always do static.
9206 - Test suite: another attempt to deal with lost key press.
9207 - Test suite: deal with lost key press.
9208 - Test suite: adapt to Tor Launcher always starting (refs: #17330)
9209 - small refactoring
9210 - tor launcher: set *every* option
9211 - tor-launcher supports proxy authentication
9212 - detect Tor bootstrapping status
9213 - Tor Launcher some more implementation
9214 - WIP: a first attempt at rewriting Tor Launcher
9215 - onion-grater: fix error handling.
9216 - onion-grater: workaround tor bug by switch from control socket to control port.
9217 - Always start Tor Launcher (refs: #17330).
9218 - onion-grater: connect to control socket without control port fallback.
9219 - Improve check by verifying at least one "nameserver" line.
9220 - Drop unused imports.
9222 * Upgrade Tor Browser to 10.5.2 (tails/tails!524)
9224 Commits:
9225 - Fetch Tor Browser from our own archive
9226 - Tor Browser upgrade process: adjust branch name
9227 - Upgrade Tor Browser to 10.5.2-build1
9228 - Tor Browser upgrade process: adjust instructions to new file names
9229 - Factorize export of TOR_USE_LEGACY_LAUNCHER (fixes: #18459)
9231 * Fix feature branch commit encoded into the artifacts' names (fixes: #18468)
9232 (tails/tails!522)
9234 Closes issues:
9235 - Built images encode incorrect topic branch commit (tails/tails#18468)
9237 Commits:
9238 - Fix feature branch commit encoded into the artifacts' names (fixes: #18468)
9240 * Update the jenkins-tools submodule, to fix po.feature (tails/tails!520)
9242 Commits:
9243 - Update the jenkins-tools submodule, to fix po.feature
9245 * Upgrader: more robust upgrade download and verification failure detection
9246 (tails/tails!519)
9248 Closes issues:
9249 - Upgrader: confusing download failure but upgrade still applied
9250 (tails/tails#18162)
9252 Commits:
9253 - tails-iuk-cancel-download: return exit code as-is if it's neither 0 nor 1
9254 - tails-iuk-cancel-download: fix shell syntax errors
9255 - Avoid that the Upgrader breaks if pgrep won't match any process
9256 - Upgrader: cancell the IUK download if an error appears
9257 - Upgrader: more defensive programming
9258 - Upgrader: ensure we fail closed on download and verification errors
9260 * Test suite: consistently save artifacts for various Tor connection failures
9261 (tails/tails!517)
9263 Commits:
9264 - Test suite: handle case where the htpdate logs do not exist.
9265 - Test suite: add headings to output in Tor failure artifacts.
9266 - Test suite: make save_tor_journal() possible to run without Tor logs.
9267 - Revert "Revert "Test suite: consistently save artifacts for various Tor
9268 connection failures.""
9270 * Upgrade to OnionShare 2.2 (tails/tails!515)
9272 Commits:
9273 - OnionShare: use ~/Downloads/ as the upload directory in "Receive Files" mode
9274 - AppArmor: allow a few more things that OnionShare v2 needs
9275 - OnionShare config: use the same indentation as what the app saves
9276 - OnionShare config: import new settings
9277 - onion-grater: update rules for OnionShare v2
9278 - OnionShare: hide Tor settings
9279 - Install OnionShare from Bullseye
9281 * Upgrade Tor Browser to 10.5a17 (tails/tails!513)
9283 Commits:
9284 - Test suite: update expected image
9285 - Unsafe Browser: Disable Tor Browser's tor bootstrapping mechanism
9286 - Test suite: add support for testing Tor Browser alpha versions
9287 - Fetch Tor Browser from our own archive.
9288 - Disable Tor Browser's tor bootstrapping UI
9289 - Upgrade Tor Browser to 10.5a17.
9291 * WhisperBack: set lower expectations for handling of error reports
9292 (tails/tails!511)
9294 Closes issues:
9295 - Temporarily set low expectations for handling of error reports, via our website
9296 and/or in WhisperBack (tails/tails#18427)
9298 Commits:
9299 - WhisperBack: set lower expectations
9301 * Fix issues in testing's test suite (tails/tails!509)
9303 Commits:
9304 - Revert "Test suite: consistently save artifacts for various Tor connection
9305 failures."
9306 - Test suite: consistently save artifacts for various Tor connection failures.
9307 - Test suite: work around the desktop icons being obscured by TCA.
9308 - Nitpick.
9309 - Test suite: correctly identify supported Tor Browser locales (fixes #18319)
9310 - Test suite: drop unknown keyword parameters from translate().
9311 - Test suite: rework translate() to not always use the tails domain (fixes:
9312 #18447).
9314 * onion-grater: fix support for restrict-stream-events for namespace matched
9315 profiles (tails/tails!508)
9317 Commits:
9318 - Lint.
9319 - Move hard-coded network address to constant
9320 - onion-grater: fix remote connection check.
9321 - Untangle if-statements a bit.
9322 - onion-grater: fix support for restrict-stream-events for namespace matched
9323 profiles (closes: #18417).
9325 * Upgrade Linux to 5.10.40 (tails/tails!507)
9327 Commits:
9328 - Upgrade Linux to 5.10.40 (5.10.0-0.bpo.7)
9330 * Upgrade to Debian Buster 10.10 (tails/tails!506)
9332 Commits:
9333 - Upgrade to Debian Buster 10.10 by bumping APT snapshot of the Debian archive to
9334 2021062201
9335 - Test suite: don't break if there are multiple Firefox processes
9336 - lint_po: ignore torbrowser-launcher's PO files
9337 - generate-build-manifest: support builds that used no source package
9338 - Switch to a simpler way to maintain our Tor Browser AppArmor profile delta
9339 - Rebase AppArmor profile for Tor Browser on top of torbrowser-launcher 0.3.3-5
9341 * Upgrade Tor to 0.4.5.9 (tails/tails!505)
9343 Closes issues:
9344 - Upgrade tor to 0.4.5.9 (tails/tails#18309)
9346 Commits:
9347 - Upgrade Tor to 0.4.5.9
9349 * build-tails: fix bugs that prevent local submodules from being used
9350 (tails/tails!503)
9352 Commits:
9353 - build-tails: fix resetting the submodules' origin
9354 - build-tails: fix syntax error
9356 * Installer: Make "Reinstall" option not disappear when coming back from
9357 confirmation dialog (tails/tails!502)
9359 Closes issues:
9360 - "Reinstall" option disappears when coming back from Upgrade confirmation
9361 (tails/tails#18300)
9362 - Disable Tails Installer options when there is no target USB stick available
9363 (tails/tails#18346)
9365 Commits:
9366 - Installer: disable widgets when there is no target available
9367 - Make "Reinstall" option not disappear when coming back from confirmation dialog
9369 * always start tor (except offline mode) (tails/tails!497)
9371 Commits:
9372 - FIX comment explaining how we user tor@ units
9373 - always start tor (except offline mode)
9375 * Fix build vmdb2 without http proxy (tails/tails!490)
9377 Commits:
9378 - variables are better than hardcoded names!
9379 - logs are preserved in case of error
9380 - cleaner temporary files handling
9381 - FIX building without a http_proxy
9383 * Resolve "Run tails-*-proxy-netns@.service only for the amnesia user"
9384 (tails/tails!487)
9386 Commits:
9387 - a11y/ibus: description includes netns name
9388 - a11y/ibus proxy are only enabled for amnesia user
9390 * Jenkins lib: support extracting issue number at the beginning of the branch
9391 name (tails/tails!482)
9393 Commits:
9394 - adds doctests to ActiveBranches
9395 - Jenkins lib: support extracting issue number at the beginning of the branch
9396 name
9398 * Resolve "TCA: Implement screen when not connected to a local network"
9399 (tails/tails!481)
9401 Commits:
9402 - open the _real_ wifi settings page
9403 - wording follows wireframe design
9404 - gnome env: add XDG_CURRENT_DESKTOP
9405 - tca can open wi-fi config window
9407 * Test suite: drop low-value tests, add Cucumber tags, improve wording a little
9408 (tails/tails!479)
9410 Commits:
9411 - Test suite: try harder not to click a button before it's active
9412 - Test suite: remove a few low-value USB installation, upgrade, and boot tests
9413 - Test suite: remove wget plaintext http:// test
9414 - fixup! Test suite: remove whois(1) tests
9415 - Test suite: give generic method a more generic name
9416 - Test suite: remove whois(1) tests
9417 - Test suite: merge closely related scenarios to improve performance
9418 - Test suite: use an existing snapshot instead of booting a fresh Tails
9419 - Test suite: improve wording of scenarios and steps
9420 - Test suite: remove Pidgin custom certificates tests
9421 - Test suite: remove basic AppArmor test
9422 - Test suite: remove GnuPG keyserver test
9423 - Test suite: remove browser plugins tests
9424 - Test suite: add @slow and @not_release_blockers Cucumber tags
9425 - Test suite: remove definition for unused step
9426 - Test suite: remove VirtualBox test
9428 * Generate the Vagrant base boxes using vmdb2 instead of vmdebootstrap
9429 (tails/tails!478)
9431 Commits:
9432 - Add shellcheck exception.
9433 - Drop insane backticks.
9434 - Re-introduce some comments that were lost when migrating to vmdb2.
9435 - Build doc: remove obsolete instructions
9436 - vmdb2: remove no-op duplicated mirror parameters
9437 - Fix copy-paste mistakes.
9438 - Use grub.d instead of fighting with sed/perl escaping.
9439 - vmdb2: disable caching
9440 - Drop duplicated work.
9441 - Update docs and instructions for migration from vmdebootstrap to vmdb2.
9442 - Let's stop claiming Tails can be built from Stretch.
9443 - Escape \ in here doc.
9444 - Vagrant: work around Debian#951257.
9445 - Vagrant: abort when the proxy is invalid.
9446 - Vagrant: use IP address for internal proxy.
9447 - Drop leftovers from when we used vmdeboostrap to generate Vagrant boxes.
9448 - Apply policy-rc.d trick to workaround Debian bug when installing udisks2 in a
9449 chroot.
9450 - tails-builder: install missing udisks2 deps.
9451 - Workaround the fact subshells don't inherit set -e
9452 - Drop debugging.
9453 - Include the .qcow2, not raw image, in the Vagrant box.
9454 - Bump tails-builder image back to 20G.
9455 - More clean up.
9456 - Switch to vmdb2-based Vagrant box creation (refs: #15349)
9457 - Split long command over multiple lines.
9458 - Generate .box file.
9459 - Add back --rootfs-tarball argument to vmdb2.
9460 - Use correct sed syntax in replacement to refer to matched groups.
9461 - Use variables in place of hard-coded strings.
9462 - Shell quoting++
9463 - Drop unnecessary `touch`.
9464 - Clean up before and after calling vmdb2.
9465 - Generate image name dynamically.
9466 - Set APT serials dynamically.
9467 - Use mktemp for temporary file.
9468 - Drop unused stuff for generating container images.
9469 - Do `set -u` in script.
9470 - vmdb2: append newline at the end of authorized_keys entry
9471 - vmdb2: add HTTP proxy support
9472 - WIP: Vagrant: script for generating tails-builder images using vmdb2 instead of
9473 vmdebootstrap (refs: #15349)
9475 * Drop obsolete workaround for Jenkins passing mergebasebranch (tails/tails!475)
9477 Commits:
9478 - Revert "Rakefile: handle jenkins passing the now obsolete mergebasebranch."
9480 * custom-apt-cruft-check: indentify used binary packages where we lack the source
9481 (tails/tails!473)
9483 Commits:
9484 - custom-apt-cruft-check: add support for the testing suite
9485 - custom-apt-cruft-check: indentify used binary packages where we lack the
9486 source.
9488 * GitLab CI (test-tca): add missing python3-dbus dependency (tails/tails!472)
9490 Commits:
9491 - GitLab CI (test-tca): add missing python3-dbus dependency
9493 * Disable shellcheck false positive (tails/tails!471)
9495 Commits:
9496 - Disable shellcheck false positive
9498 * Fix the dependencies of tca-portal.service and tca-portal.socket
9499 (tails/tails!461)
9501 Commits:
9502 - Fix tca-portl.{socket,service} dependencies
9503 - Let tca-portal.service be started via systemd socket activation
9505 * Resolve "No spinner when starting Tor Browser from TCA" (tails/tails!459)
9507 Commits:
9508 - offline step now follows wording from our design
9509 - FIX: going offline should not display error step
9510 - tca-portal open applications using gtk stuff
9512 * Drop monkeysphere configuration (tails/tails!454)
9514 Commits:
9515 - Drop monkeysphere configuration
9517 * Use v3 Onion Service for the deb.torproject.org APT repository
9518 (tails/tails!453)
9520 Commits:
9521 - Use v3 Onion Service for the deb.torproject.org APT repository
9523 * Test suite: drop Seahorse tests (tails/tails!451)
9525 Commits:
9526 - Test suite: drop now useless background
9527 - Test suite: update rationale for workaround
9528 - Test suite: drop support for running v2 Onion services in Chutney
9529 - Test suite: drop Seahorse tests
9531 * Maintain our Tor Browser AppArmor profile delta in a simpler way
9532 (tails/tails!449)
9534 Commits:
9535 - Test suite: don't break if there are multiple Firefox processes
9536 - lint_po: ignore torbrowser-launcher's PO files
9537 - generate-build-manifest: support builds that used no source package
9538 - Switch to a simpler way to maintain our Tor Browser AppArmor profile delta
9539 - Rebase AppArmor profile for Tor Browser on top of torbrowser-launcher 0.3.3-5
9541 * Recover TCA fix + test suite work from now defunct !431 (tails/tails!447)
9543 Commits:
9544 - Test suite: fix racy test.
9545 - Test suite: avoid using regex matching since we can.
9546 - Test suite: drop escaping we already deal with.
9547 - Test suite: implement proper dropping of markup.
9548 - Test suite: escape single-quotes in generated Python strings.
9549 - Test suite: drop markup from translated strings.
9550 - Test suite: make Dogtail automatically translate strings.
9551 - TCA: fix tor crashing when falling back to default bridges.
9553 * TCA asks for confirmation if you close it during progress (tails/tails!446)
9555 Commits:
9556 - Apply 1 suggestion(s) to 1 file(s)
9557 - asks confirmation on quit during progress
9559 * TCA: explain the autoconfig better and implement designed behavior for
9560 displaying help (tails/tails!445)
9562 Commits:
9563 - TCA: hide bridge help by default
9564 - TCA: use the designed toggle instead of a link near "Configure a Tor bridge" in
9565 consent question
9566 - TCA: Explain more about the implications of the autoconfig of Tor
9568 * Resolve "TCA connects with default bridges when it shouldn't" (tails/tails!444)
9570 Commits:
9571 - TCA always saves configuration
9573 * Resolve "TCA status does not reflect the current status of the connection to
9574 Tor" (tails/tails!443)
9576 Commits:
9577 - tca reacts to /run/tor-has-bootstrapped/done
9578 - tca monitors /run/tor-has-bootstrapped/done
9580 * Improve Tor Connection GUI (tails/tails!438)
9582 Commits:
9583 - Test suite: adapt to UI changes in TCA.
9584 - Fix shellcheck regressions
9585 - TCA: add title to proxy configuration window
9586 - TCA: add link to doc in consent question
9587 - TCA: make status messages consistently include "to Tor"
9588 - TCA: define margin in 1 single place
9589 - TCA: make the bridges config screen breathe
9590 - TCA: implement designed link to the bridges doc
9591 - TCA: remove icons on proxy port & pasword entries
9592 - TCA: make the "Connecting" progress screen breathe
9593 - TCA: make proxy configuration visual layout linear
9594 - TCA: basic visual layout for the "Error connecting to Tor" screen
9595 - TCA: reorganize container/child structure to fix vertical text alignment
9596 - TCA: Fix vertical text alignment
9597 - TCA: Fix vertical text alignment
9598 - TCA: make "Connected to Tor successfully" a progress-box-heading
9599 - TCA: add standard spacing between label and progress bar
9600 - TCA: make "Connecting to Tor…" a progress-box-heading
9601 - TCA: move progress-box-heading styling to CSS
9602 - TCA: make it breathe
9603 - TCA: drop duplicate margin
9604 - TCA: improve vertical alignment of success icon
9605 - TCA: hide percentage
9606 - fixup! TCA: use Unicode ellipsis char
9607 - TCA: use correct Unicode char
9608 - TCA: hide non-functional "Reset Tor Connection" button
9609 - TCA: explicitly declare translation domain in Glade UI file
9610 - TCA: style step titles via CSS, make them larger
9611 - TCA: make layout more GNOME HIG compliant
9612 - TCA: use non-deprecated margin properties, make them multiples of 6px
9613 - TCA: make the "Start Tor Browser button" fill the dialog width as designed
9614 - TCA: drop custom font size
9615 - TCA: use standard GNOME HIG spacing
9616 - TCA: improve visual layout
9617 - TCA: fix alignment
9618 - TCA: improve visual layout
9619 - TCA: simplify CSS
9620 - TCA: port CSS to pixels and start making it a bit more GNOME HIG compliant
9621 - TCA: give widget a name so it can be styled with CSS
9622 - WIP: save with glade/sid
9623 - Git, please ignore Glade backup files for TCA
9624 - TCA Glade UI: require the GTK version we're shipping in Tails 4.x
9626 * Resolve "Confusing behavior of Tor Connection in offline mode"
9627 (tails/tails!436)
9629 Commits:
9630 - better function naming
9631 - offline mode error strings changed
9632 - FIX ci dependencies for tca
9633 - update gettext strings
9634 - tca offline mode errors are translatable
9635 - TCA give clear error message in Offline Mode
9636 - tailslib has doctests
9637 - tailslib: can check greeter variables
9639 * Resolve "Ensure WhisperBack still tells us how successful connections to Tor
9640 were made" (tails/tails!434)
9642 Commits:
9643 - whisperback includes tca details
9645 * TCA UI improvements (tails/tails!428)
9647 Commits:
9648 - Test suite: don't throw TCAConnectionFailure on try_for() timeout.
9649 - Test suite: adapt for recent UI changes in TCA.
9650 - explain bridge requirements in hide mode
9651 - smaller image in TCA
9652 - Improvements to TCA GUI
9653 - doc: how to tweak tca GUI
9654 - corner case about bridge validation
9655 - FIX resize problems through GtkStack
9656 - tca UI improvements
9657 - changing to default bridges is honored
9658 - tca ui more consistent
9660 * TCA reports an error in case of slow connection (tails/tails!426)
9662 Commits:
9663 - progress bar was very slow; + more testing
9664 - tca timeout understands "sign-of-life" UX concept
9665 - quick & dirty: increase timeout
9667 * Display an error message when upgrader fails to check for available upgrades
9668 (tails/tails!412)
9670 Closes issues:
9671 - Display an error message when the Upgrader fails to check for available
9672 upgrades (tails/tails#18238)
9674 Commits:
9675 - Display a dialog if an error happens when getting the UDF
9676 - Make debugging_info parameter optional
9677 - Display an error dialog when the Upgrader fails to check for available upgrades
9679 * Rename "MAC address spoofing" as "MAC address anonymization" (tails/tails!411)
9681 Commits:
9682 - Be more helpful
9683 - Avoid in-page link
9684 - Rewrite
9685 - Rename "MAC address spoofing" as "MAC address anonymization" (#18286)
9687 * Upgrade Linux to 5.10.24 (tails/tails!409)
9689 Commits:
9690 - Upgrade Linux to 5.10.24
9691 - Revert "Install linux-compiler-* linux-kbuild-* from our custom APT repository"
9693 * Fix shellcheck error (tails/tails!394)
9695 Commits:
9696 - Fix shellcheck error
9698 * Establish a coding standards baseline on our shell code base (tails/tails!190)
9700 Commits:
9701 - GitLab CI: install "file" for the shellcheck test
9702 - Lint
9703 - Lint
9704 - GitLab CI: use Unit test reports for shellcheck
9705 - shellcheck-tree: drop unused import
9706 - shellcheck-tree: drop obsolete comment
9707 - GitLab CI: check shell scripts
9708 - ShellCheck: fix remaining offenses
9709 - ShellCheck: fix remaining SC2086 offenses
9710 - shellcheck-tree: skip built website
9711 - Drop unused variables
9712 - ShellCheck: make exceptions where warranted
9713 - Misc. linting suggested by ShellCheck
9714 - shellcheck-tree: new script, that runs shellcheck on all shell scripts
9715 - Misc. linting suggested by ShellCheck
9716 - ShellCheck: make exceptions where warranted
9717 - Drop $ in arithmetic variables
9718 - Drop useless calls to cat
9719 - ShellCheck: fix offenses
9720 - ShellCheck: fix SC2155 offenses
9721 - ShellCheck: backticks → $()
9722 - auto/config: fix stderr redirection
9723 - Factorize
9724 - ShellCheck: make exceptions where warranted
9725 - ShellCheck: add missing quoting
9726 - branch_name_to_suite: fix bug in tr call
9727 - ShellCheck: disable false positive
9728 - unsafe-browser: use $* when our intent is to concatenate
9729 - keepassxc wrapper: fix behavior in case 2+ arguments are passed
9730 - live-persist: fix usage message
9731 - ShellCheck: fix SC2162 offense
9732 - ShellCheck: make exceptions where warranted
9733 - ShellCheck: add missing quoting
9734 - ShellCheck: fix SC2006 offenses
9735 - ShellCheck: fix SC2155 offenses
9736 - Drop useless "echo"
9737 - ShellCheck: make exceptions where warranted
9738 - ShellCheck: fix SC2006 offenses
9739 - ShellCheck: replace deprecated tempfile with mktemp (SC2186)
9740 - ShellCheck: add missing quoting
9741 - Replace antiquated use of expr
9742 - Drop unused variables
9743 - ShellCheck: fix SC2155 offenses
9744 - ShellCheck: disable check that generates mostly false positives
9745 - Simplify
9746 - Drop unused variables
9747 - ShellCheck: add missing quoting
9748 - Drop unused variable
9749 - ShellCheck: fix SC2059 offense
9750 - Ensure here-doc text is not subject to parameter expansion, command
9751 substitution, and arithmetic expansion, unless we do need it
9752 - ShellCheck: fix SC2162 offenses
9753 - chroot_local-hooks: consistently set the executable bit
9754 - Simplify
9755 - Make for loop more robust
9756 - Ensure filenames that start with '-' are not interpreted as switches
9757 - Ensure glob is not expanded by the shell interpreter
9758 - 10-tbb: fix typo in variable name
9759 - ShellCheck: lint
9760 - ShellCheck: make exceptions where warranted
9761 - ShellCheck: disable false positive
9762 - ShellCheck: disable following included source files
9764 -- Tails developers <tails@boum.org> Mon, 12 Jul 2021 13:50:41 +0200
9766 tails (4.19) unstable; urgency=medium
9768 * Upgrade Tor Browser to 10.0.17-build1 (tails/tails!468)
9770 Closes issues:
9771 - Upgrade to Tor Browser based on Firefox 78.11 (tails/tails#18284)
9773 Commits:
9774 - Fetch Tor Browser from our own archive.
9775 - Upgrade Tor Browser to 10.0.17-build1.
9777 * Upgrade Thunderbird to 1:78.10.0-1~deb10u1
9779 * run_test_suite: fix tor version check with recent tor (tails/tails!450)
9781 Commits:
9782 - Chutney: fix tor version check with recent tor
9783 - run_test_suite: fix tor version check with recent tor
9785 * Upgrader, tails-security-check: drop CA pinning (tails/tails!448)
9787 Closes issues:
9788 - TLS certificate issue prevents tails-upgrade-frontend to check for updates :
9789 Error while downloading the signing key (tails/tails#18324)
9791 Commits:
9792 - Design doc: update tense
9793 - Remove unused Let's Encrypt certificates
9794 - Upgrader, tails-security-check: drop CA pinning
9795 - Design doc: drop overly optimistic future improvement idea
9796 - Design doc: mirrors used by the Upgrader are all HTTPS nowadays
9798 * gitlab-triage: migrate from Docker to podman (tails/tails!440)
9800 Commits:
9801 - gitlab-triage: migrate from Docker to podman
9803 * Add password feedback for sudo (refs: #18355) (tails/tails!439)
9805 Commits:
9806 - Add password feedback for sudo (refs: #18355)
9808 * Remove ikiwiki-cgi.setup (tails/tails!405)
9810 Commits:
9811 - Document how to test changes to the banner locally
9812 - Deduplicate content
9813 - Don't disable plugins that are not enabled by default
9814 - Remove ikiwiki-cgi.setup and references to it
9816 -- Tails developers <tails@boum.org> Mon, 31 May 2021 09:19:03 +0000
9818 tails (4.18) unstable; urgency=medium
9820 * Upgrade Thunderbird to 78.9.0-1~deb10u1
9822 * Upgrade Tor Browser to 10.0.16 (tails/tails!400)
9824 Closes issues:
9825 - Upgrade to Tor Browser based on Firefox 78.10 (tails/tails#18252)
9827 Commits:
9828 - Fetch Tor Browser from our own archive.
9829 - Upgrade Tor Browser to 10.0.15.
9831 * Upgrade Intel microcodes to 3.20210216.1~deb10u1
9833 * Upgrade firmware-linux-nonfree to 20210315-2
9835 * Remove Poedit (#18236) (tails/tails!395)
9837 Commits:
9838 - Remove Poedit (#18236)
9840 * Display an error message when the Upgrader fails to download the signing key
9841 (tails/tails!390)
9843 Closes issues:
9844 - Display an error message when the Upgrader fails to check for available
9845 upgrades (tails/tails#18238)
9847 Commits:
9848 - Display an error message when the Upgrader fails to download the signing key
9850 * Remove clock sync notification (tails/tails!389)
9852 Closes issues:
9853 - Remove the "clock synchronization" notification (tails/tails#7439)
9855 Commits:
9856 - tails-htp-notify-user only notifies if $problems
9858 * Bump snapshots of the Debian APT archive to 2021033101 (tails/tails!388)
9860 Commits:
9861 - Bump snapshots of the Debian APT archive to 2021033101
9863 * APT: use non-onion HTTPS sources for Debian repositories (tails/tails!383)
9865 Closes issues:
9866 - Fix failures with Debian's APT repository onion service (tails/tails#17993)
9868 Commits:
9869 - APT: use non-onion HTTPS sources for Debian repositories
9871 * Merge base branch earlier (tails/tails!381)
9873 Closes issues:
9874 - The mergebasebranch option merges the base branch too late (tails/tails#12557)
9876 Commits:
9877 - Document that faketime is needed on the host to build Tails.
9878 - Vagrant: don't install faketime any more.
9879 - Drop useless version part from development build filenames.
9880 - Build system: only add base branch info to image names when relevant.
9881 - Build system: make development images' names more consistent.
9882 - Build system: move around logic to reduce ENV state.
9883 - Build system: re-run rake after merging base branch (#12557)
9884 - Rakefile: handle jenkins passing the now obsolete mergebasebranch.
9885 - Build system: by default, merge the base branch early when building (#12557)
9887 -- Tails developers <tails@boum.org> Mon, 19 Apr 2021 14:19:38 +0000
9889 tails (4.17) unstable; urgency=medium
9891 * Upgrade Thunderbird to 78.8.0-1~deb10u1
9893 * Upgrade Tor Browser to 10.0.14-build1 (tails/tails!382)
9895 Commits:
9896 - Upgrade Tor Browser to 10.0.14-build1.
9898 * Upgrade tor to 0.4.5.7 (tails/tails!380)
9900 Closes issues:
9901 - Upgrade tor to 0.4.5.7 (tails/tails#18244)
9903 Commits:
9904 - Upgrade tor to 0.4.5.7
9906 * Retry failed upgrade downloads, reusing the previously downloaded data, and
9907 fallback to the DNS mirror pool (tails/tails!379)
9909 Closes issues:
9910 - Make it possible to resume an automatic upgrade download (tails/tails#15875)
9911 - Make Tails Upgrader resilient to broken mirrors (tails/tails#17615)
9913 Commits:
9914 - Tails::IUK::TargetFile::Download: always disable exponential backoff when
9915 running tests
9916 - Tails::IUK::LWP::UserAgent::WithProgress: display correct progress status when
9917 resuming a previously failed download
9918 - Give Tails::IUK::LWP::UserAgent::WithProgress information that it'll need
9919 - Refactoring: make temp_file an attribute
9920 - Refactoring: use more meaningful variable name and document what value it holds
9921 - GitLab CI: disable test that now requires systemd
9922 - Retry failed upgrade downloads, reusing the previously downloaded data, and
9923 fallback to the DNS mirror pool
9924 - Upgrader hardening: comment out sudo env_keep settings that are not needed in
9925 production
9926 - Tails::Download::HTTPS hardening: drop support for SSL_NO_VERIFY
9927 - Upgrader test suite: remove useless Win32 support code
9929 * Repair the filesystem on the system partition and avoid breaking it in the
9930 first place (tails/tails!374)
9932 Closes issues:
9933 - Deleted obsolete automatic upgrades still occupy disk space ⇒ no automatic
9934 upgrade possible after a while (tails/tails#17902)
9936 Commits:
9937 - On boot, repair the filesystem on the system partition
9938 - Refactoring: move repartitioning code to a function
9939 - Unmount the system partition on shutdown
9941 * Upgrade GRUB2 to 2.04-16+ (tails/tails!372)
9943 Closes issues:
9944 - Upgrade GRUB2 to 2.04-16+ (tails/tails#18227)
9945 - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)
9947 Commits:
9948 - Bump snapshots of the Debian APT archive to 2021030401
9950 * Upgrade non-free Linux firmware to 20210208-3 (tails/tails!371)
9952 Closes issues:
9953 - Upgrade non-free Linux firmware to 20210208-3+ (tails/tails#18226)
9954 - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)
9956 Commits:
9957 - Revert "Temporarily install the kernel from Bullseye"
9958 - Refresh uBlock patch
9959 - Bump snapshots of the Debian APT archive to 2021030101
9961 * Test suite: relax delay for OpenPGP future expiration date (tails/tails!370)
9963 Commits:
9964 - Test suite: relax delay for OpenPGP future expiration date
9966 * Improve security advisory since they don't list vulnerabilities anymore
9967 (tails/tails!369)
9969 Commits:
9970 - Help people find the information on their own (#18221)
9971 - Remove not-so-helpful TOC
9972 - Simplify and reuse the same wording
9973 - Don't make people click for nothing (#18221)
9975 * Clarify error message when starting the Unsafe Browser while offline
9976 (tails/tails!367)
9978 Closes issues:
9979 - Clarify error message when the Unsafe Browser was launched without network
9980 connection (tails/tails#12251)
9982 Commits:
9983 - Test suite: update to match UI change
9984 - Clarify error message when starting offline (#12251)
9986 * Release process: add po4a version sanity checks (tails/tails!364)
9988 Commits:
9989 - Release process: ensure the RM has the correct version of po4a
9991 * Upgrade our production and test-only tor configuration (tails/tails!363)
9993 Closes issues:
9994 - Upgrade our production and test-only tor configuration (tails/tails#18216)
9996 Commits:
9997 - Test suite: bump PathsNeededToBuildCircuits to 0.67, like Chutney
9998 - Test suite: drop "TestingBridgeDownloadInitialDelay" customization
9999 - Test suite: drop "DownloadInitialDelay" testing options that we set to their
10000 default value
10001 - Test suite: drop unused second argument for the "DownloadInitialDelay" tor
10002 testing options
10003 - Test suite: use the new "DownloadInitialDelay" names for the "DownloadSchedule"
10004 tor testing options
10005 - torrc: drop obsolete WarnUnsafeSocks setting
10006 - torrc: migrate from deprecated {Control,Trans}ListenAddress to
10007 {Control,Trans}Port address syntax
10009 * Upgrade tor to 0.4.5.6 (tails/tails!361)
10011 Commits:
10012 - run_test_suite: abort if the host system's tor is too old
10013 - Test suite setup doc: ensure we have a recent enough tor
10014 - Test suite setup doc: update APT pinning to support current QEMU backport
10015 - Upgrade tor to 0.4.5.6 final
10017 * Update uBlock Origin patch (tails/tails!354)
10019 Commits:
10020 - Refresh uBlock patch
10022 * Resolve "onion-grater race condition" (tails/tails!345)
10024 Closes issues:
10025 - onion-grater race condition (tails/tails#18123)
10027 Commits:
10028 - whitespace
10029 - onioncircuits: longer options are more readable
10030 - tails-create-netns: more consistent style
10031 - tails-create-netns: avoid bashisms
10032 - a11y-proxy-netns: explain behavior with comments
10033 - review tips: is_veth_nic is more readable
10034 - review tips: clearer behaviour
10035 - Remove another remain from the reverted TBB experiment.
10036 - veth exclusion: log to debug
10037 - don't spoof veth interfaces
10038 - a11y proxy now can be passed to the right netns
10039 - onioncircuits is accessible!
10040 - small cleanup to tailslib.gnome
10041 - really: let's forget about TBB and its netns
10042 - Let's forget about TBB in its netns
10043 - get_all_ethernet_nics behave even if no real eth
10044 - update design doc for netns improvements
10045 - test: tor can bind a non-127.0.0.1 port
10046 - FIX helper lib to recognize veth appropriately
10047 - better wording
10048 - tails-documentation: fixed when Tor is not ready
10049 - sudo tor-browser allowed
10050 - FIX service: run before network.target
10051 - we need veth: don't blacklist it, it's harmless
10052 - /stop tails-create-netns service can stop
10053 - FIX tails-create-netns.service
10054 - TBB: changed onion-grater
10055 - TBB works + port 9150 drop
10056 - netns: firewall configuration moved to ferm
10057 - configure tor and ferm for TBB netns address
10058 - tails-create-netns is a systemd.service
10059 - onion-grater whitelisted in sane_defaults
10060 - onioncircuits profile adapted to netns
10061 - onioncircuits wrapper to use netns
10062 - still a draft, but at least tidier
10063 - DRAFT of network namespace support
10065 * Test suite: disable sound forwarding to host (tails/tails!333)
10067 Closes issues:
10068 - Test suite: consider disabling SPICE audio (tails/tails#18122)
10070 Commits:
10071 - Test suite: disable sound forwarding to host (Closes: #18122)
10073 -- Tails developers <tails@boum.org> Mon, 22 Mar 2021 08:11:53 +0000
10075 tails (4.15.1) unstable; urgency=medium
10077 * Upgrade sudo to 1.8.27-1+deb10u3 due to CVE-2021-3156 ("Baron
10078 Samedit").
10080 -- Tails developers <tails@boum.org> Wed, 27 Jan 2021 19:33:08 +0100
10082 tails (4.15) unstable; urgency=medium
10084 * Upgrade Thunderbird to 1:78.6.0-1~deb10u1
10086 * Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails!331)
10088 Closes issues:
10089 - Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails#18100)
10091 Commits:
10092 - Fetch Tor Browser from our own archive.
10093 - Upgrade Tor Browser to 10.0.9-build2.
10095 * Test suite: support path of tcpdump in current sid (tails/tails!328)
10097 Closes issues:
10098 - Test suite broken on current sid: "No such file or directory -
10099 /usr/sbin/tcpdump" (tails/tails#18126)
10101 Commits:
10102 - Test suite: support path of tcpdump in current sid
10104 * Update CAs trusted to connect to our website (tails/tails!327)
10106 Closes issues:
10107 - Upgrader fails to check upgrades: CA changed for our website
10108 (tails/tails#18127)
10109 - Remove AddTrust_External_Root.pem from our website CA bundle
10110 (tails/tails#11811)
10112 Commits:
10113 - Fix shell syntax
10114 - Reference issue and add another related XXX
10115 - Don't ship individual Let's Encrypt intermediate certificates files in the
10116 image
10117 - Move Let's Encrypt intermediate certificates outside of the system-wide CA
10118 store
10119 - Upgrader: trust current and upcoming Let's Encrypt intermediate certificates
10120 - Add current and upcoming Let's Encrypt intermediate certificates
10121 - Remove AddTrust_External_Root.pem from our website CA bundle (refs: #11811).
10123 * Upgrade Linux to 5.9.15-1~bpo10+1 (stable branch) (tails/tails!325)
10125 Closes issues:
10126 - Upgrade to Linux 5.9.15 (tails/tails#18104)
10127 - Install Intel SOF Firmware and Topology binaries from Debian
10128 (tails/tails#18096)
10129 - USB tethering is broken with iOS 14 => Need kernel upgrade (tails/tails#18097)
10131 Commits:
10132 - Refresh uBlock patch
10133 - Install Intel SOF Firmware and Topology binaries from Debian
10134 - Upgrade Linux to 5.9.15-1~bpo10+1
10135 - Update APT snapshot for the "debian" archive to 2021011501
10137 * Upgrade firmware-linux to 20201218-1
10139 * Migrate blueprints to GitLab wiki (tails/tails!323)
10141 * Fix stream isolation test suite after !306 (tails/tails!319)
10143 Closes issues:
10144 - Test suite: update wrt. recent htpdate changes (tails/tails#18095)
10146 Commits:
10147 - fix stream isolation test suite after !306
10149 * Refresh uBlock patch to fix devel branch FTBFS (tails/tails!318)
10151 Commits:
10152 - Refresh uBlock patch
10154 * Test suite: improve error reporting for GuestFS problems and user mistakes
10155 (tails/tails!317)
10157 Commits:
10158 - Test suite: error out early if images to be tested are directories
10159 - Test suite: log all guestfs events, not only "trace" level messages
10161 * Make 'Upgrading the system' dialog appear faster (tails/tails!316)
10163 Closes issues:
10164 - Make "Upgrading the system" dialog appear faster (tails/tails#18051)
10166 Commits:
10167 - Upgrader test suite: adjust to match UI changes
10168 - Warn in advance about the network connection being disabled (#18051)
10169 - Avoid ambiguous future tense
10170 - Lint.
10171 - Upgrader: don't declare variable in conditional statement
10172 - Upgrader: adjust test suite to user interaction changes
10173 - Fix typo
10174 - Make 'Upgrading the system' dialog appear faster
10176 * Make writing Tails.module more robust (tails/tails!315)
10178 Closes issues:
10179 - Make writing Tails.module more robust (tails/tails#17906)
10181 Commits:
10182 - Make writing Tails.module more robust
10184 * Fix support for Ledger hardware wallet, by upgrading python3-btchip
10185 (tails/tails!313)
10187 Closes issues:
10188 - "No hardware device detected" with Ledger Nano S wallet in Electrum
10189 (tails/tails#18080)
10191 Commits:
10192 - Fix support for Ledger hardware wallet, by upgrading python3-btchip
10194 * Test expiration date for all keys trusted by APT (tails/tails!310)
10196 Closes issues:
10197 - Test expiration date for all keys trusted by APT (tails/tails#18094)
10199 Commits:
10200 - Test suite: improve Gherkin phrasing
10201 - Test suite: check expiration date for all trusted APT keys
10203 * Log more info upon curl failure in htpdate (tails/tails!306)
10205 Commits:
10206 - htpdate: make output more useful on name resolution errors
10207 - htpdate: include stdout and stderr of curl(1) upon failure
10208 - htpdate: remove misleading comment
10210 * Clarify that this message is about the size of the USB stick (#18073)
10211 (tails/tails!305)
10213 Closes issues:
10214 - Improve error message when the USB stick is too small (tails/tails#18073)
10216 Commits:
10217 - Add comment to explain the unit being used
10218 - Display too small boot device size in GB, not GiB
10219 - Display too small boot device size with 1 digit of precision after the decimal
10220 point
10221 - Make displayed number and unit match
10222 - Only use variable after we've assigned it a value
10223 - Clarify that this message is about the size of the USB stick (#18073)
10225 * Thunderbird: drop obsolete patch. (tails/tails!304)
10227 Commits:
10228 - Thunderbird: drop obsolete patch.
10230 * Make build reproducibility verification easier (tails/tails!303)
10232 Commits:
10233 - Don't trust any random key that has a UID which contains "deb.tails.boum.org"
10234 - Make formatting consistent with other command lines
10235 - Minor rephrasing
10236 - Fix typo
10237 - Use numbered list: order matters
10238 - Reorder instructions to avoid a step essentially depend on the next one
10239 - contribute/build.mdwn: add instruction for importing deb.tails.boum.org key
10240 - release_process/test/reproducibility.mdwn: add -p to mkdir
10241 - Rakefile: add option to scp to disable agent
10243 * Test suite: differentiate between tordate and htpdate errors (tails/tails!295)
10245 Commits:
10246 - Test suite: split exception.
10247 - Test suite: use more specific exception.
10248 - We can have TimeSyncingError due to tordate, so no htpdate log exists.
10249 - Rename variable and rearrange code to fix scoping issues.
10250 - Test suite: differentiate between tordate and htpdate errors.
10252 * Add "Don't Show Again" button to the notification when starting Tails in a VM
10253 (tails/tails!284)
10255 Closes issues:
10256 - Add "Don't Show Again" button to notifications where appropriate
10257 (tails/tails#10553)
10259 Commits:
10260 - swap buttons in tails-virt-notify-user
10261 - Refresh translations.
10262 - tails-documentation: drop yelp dependency.
10263 - Revert "Patch libdesktop-notify-perl to accept an array ref for actions."
10264 - tails-documentation: let Gnome start Tor Browser so it can quit.
10265 - tails-virt-notify-user: port form Perl to Python.
10266 - Simply
10267 - Improve button labels
10268 - Apply 1 suggestion(s) to 1 file(s)
10269 - Apply 1 suggestion(s) to 1 file(s)
10270 - tails-virt-notify-user: make action IDs globally unique again.
10271 - Simplify.
10272 - tails-virt-notify-user: make action buttons ordering deterministic.
10273 - Patch libdesktop-notify-perl to accept an array ref for actions.
10274 - live-persist: always enable support for "Don't ask again" (refs: #10553).
10275 - tails-virt-notify-user: only show "Don't ask again" if feature is available
10276 (refs: #10553).
10277 - tails-virt-notify-user: add "Don't ask again" button PoC (refs: #10553).
10278 - Add tooling for "Don't ask me again" feature for notifications etc.
10280 -- Tails developers <tails@boum.org> Mon, 25 Jan 2021 08:23:10 +0000
10282 tails (4.14) unstable; urgency=medium
10284 * Grant the user read access to external Persistent Storage (tails/tails!300)
10286 Closes issues:
10287 - Nautilus cannot open a plugged Tails Persistent Storage anymore
10288 (tails/tails#18050)
10290 Commits:
10291 - Make *external* TailsData's root user-readable when mounted (closes: #18050)
10293 * Upgrade Tor Browser to 10.0.7 (tails/tails!297)
10295 Closes issues:
10296 - Upgrade Tor Browser to 10.0.7 (tails/tails#18058)
10298 Commits:
10299 - Fetch Tor Browser from our own archive.
10300 - Upgrade Tor Browser to 10.0.7-build1.
10302 * Add a script to help updating our UX debt spreadsheet (tails/tails!292)
10304 Commits:
10305 - ux-debt-changes: list issues that had the UX:debt label removed
10306 - ux-debt-changes: list issues that had the UX:debt label added
10307 - ux-debt-changes: allow running only some of the supported reports
10308 - ux-debt-changes: cache GitLab API responses
10309 - ux-debt-changes initial version: lists solved or rejected UX:debt issues since
10310 a date
10312 * Upgrade to Linux 5.9 and to Buster 10.7 (tails/tails!288)
10314 Closes issues:
10315 - Upgrade Linux to 5.9 (tails/tails#17973)
10316 - Upgrade to Buster 10.7 (tails/tails#17995)
10318 Commits:
10319 - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1
10320 - Install the kernel from buster-backports
10321 - Upgrade Tails and the Vagrant build box to Debian Buster 10.7
10323 * Test suite: make evince "Print to File" test more robust (tails/tails!287)
10325 Commits:
10326 - Test suite: update and fix comment
10327 - Test suite: make evince "Print to File" test more robust
10329 * Upgrade Linux to 5.9 (devel branch) (tails/tails!285)
10331 Commits:
10332 - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1
10334 * Don't include URLs pointing to our live website in translatable strings
10335 (tails/tails!283)
10337 Commits:
10338 - Upgrader: don't use non-existent debug method
10339 - GitLab CI: ensure we don't re-add translatable URLs to our live website
10340 - Update POT and PO files
10341 - Don't include URLs pointing to our live website in translatable strings
10342 - Lint
10344 * Test suite: bump timeout for the Greeter's GUI to update after language change.
10345 (tails/tails!279)
10347 Commits:
10348 - Revert "Test suite: switch from sleep() to more robust approach."
10349 - Test suite: switch from sleep() to more robust approach.
10350 - Test suite: bump timeout for the Greeter's GUI to update after language change.
10352 * Port otr-bot to Python 3 and migrate to slixmpp (tails/tails!278)
10354 Closes issues:
10355 - Test suite's otr-bot.py has obsolete dependencies (tails/tails#17031)
10357 Commits:
10358 - Test suite doc: update dependencies
10359 - Make otr-bot quiet.
10360 - otr-bot: linting.
10361 - Improve variable names.
10362 - otr-bot: port to python3 and migrate from jabberbot to slixmpp.
10364 * Detect corrupt GnuPG public keyring and restore its backup (tails/tails!275)
10366 Closes issues:
10367 - Automate fix for "GnuPG keys missing" problem (tails/tails#17807)
10369 Commits:
10370 - Try to detect corrupt GnuPG pubring.kbx and restore any backup (refs: #17807)
10372 * Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter
10373 (tails/tails!274)
10375 Commits:
10376 - Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter
10378 * Install the kernel from buster-backports (tails/tails!273)
10380 Commits:
10381 - Install the kernel from buster-backports
10383 * Enable Electrum's Ledger hardware wallet support (tails/tails!272)
10385 Closes issues:
10386 - Ledger Nano S hardware wallet is not recognized due to wrong udev rules
10387 (tails/tails#15353)
10389 Commits:
10390 - Enable Electrum's Ledger hardware wallet support
10392 * Test suite: update expected title of the GitLab page we use (tails/tails!271)
10394 Commits:
10395 - Test suite: update expected title of the GitLab page we use
10397 * Port Tails Installer to Python 3 (tails/tails!270)
10399 Closes issues:
10400 - Port Tails Installer to Python 3 (tails/tails#10085)
10401 - Installer: get rid of workaround for udisks bug#418 in SetFlags()
10402 (tails/tails#15010)
10404 Commits:
10405 - Update POT and PO files
10406 - Also undo mistaken changes to Tails 3.0 release note PO files.
10407 - Installer: get rid of workaround for udisks#418 in SetFlags()
10408 - Installer: update URL (Redmine → GitLab)
10409 - Installer: drop obsolete comment
10410 - Installer: don't make user-facing URLs translatable
10411 - Undo mistaken change to Tails 3.0 release notes.
10412 - Tails Installer: fix incorrect function/variable names.
10413 - Update installer's deps after porting to Python 3 (refs: #10085)
10414 - Apply 1 suggestion(s) to 1 file(s)
10415 - Tails Installer: don't show install/cancel buttons on warning prompts.
10416 - Tails Installer: delay deletion of parents until all drives have been examined.
10417 - Tails Installer: update PO/POT files after migration to Python 3.
10418 - Tails Installer: move into Python 3's dist-packages.
10419 - Tails Installer: revive _set_liberal_perms_recursive().
10420 - Tails Installer: pass argument list to subprocess.Popen().
10421 - Tails Installer: port to Python 3 based on saschamarkus's patches (refs:
10422 #10085).
10424 * Update deb.torproject.org's APT key (tails/tails!269)
10426 Closes issues:
10427 - Outdated APT key for deb.torproject.org (tails/tails#18042)
10429 Commits:
10430 - Stop installing deb.torproject.org-keyring
10431 - Update deb.torproject.org's APT key
10433 * Release process: drop dependency on parallel_collect_IUKs (tails/tails!267)
10435 Commits:
10436 - Lint
10437 - Release process: don't pass --debug to copy-iuks-to-rsync-server-and-verify
10438 - Release process: drop dependency on parallel_collect_IUKs
10439 - Lint
10441 * Allow users to change persisted admin password option (tails/tails!266)
10443 Closes issues:
10444 - Allow users to change persisted admin password option (tails/tails#18018)
10446 Commits:
10447 - Fix not being able to delete a once persisted admin password
10449 * Upgrade Thunderbird to 1:78.5.1-1~deb10u1, and accordingly update
10450 its patch series (tails/tails!264)
10452 Closes issues:
10453 - All branches FTBFS since Thunderbird 78.5.0 upload (tails/tails#18034)
10455 Commits:
10456 - Drop Thunderbird patch: applied in 78.5.0 upstream
10457 - Drop Thunderbird patch: applied in 78.5.0 upstream
10458 - patch-thunderbird: log which patch we're currently trying to apply
10459 - Lint
10461 * Stop installing the Unifont fonts (tails/tails!263)
10463 Commits:
10464 - Stop installing the Unifont fonts
10466 * Upgrade tor to 0.4.4.6 (tails/tails!259)
10468 Commits:
10469 - Upgrade tor to 0.4.4.6
10471 * Document python-gitlab setup needed for generate-changelog and generate-report
10472 (tails/tails!258)
10474 Commits:
10475 - Don't track testing forever
10476 - Make instructions work on sid
10477 - python3-gitlab from Buster doesn't work
10478 - Document torsocks for GitLab scripts
10479 - Improve readibility
10480 - generate-changelog, generate-report: point to documentation
10481 - Document how to configure python-gitlab
10483 * Test suite: use the qemu-xhci USB controller (tails/tails!255)
10485 Closes issues:
10486 - Use qemu-xhci for TailsToaster (tails/tails#15831)
10488 Commits:
10489 - Test suite: use the qemu-xhci USB controller
10491 * Require Buster or newer for running our test suite (tails/tails!254)
10493 Closes issues:
10494 - Require Buster or newer for running our test suite (tails/tails#17842)
10496 Commits:
10497 - Test suite: run a Q35 5.0 machine
10498 - Test suite: drop workarounds for running on Stretch
10499 - run_test_suite: drop support for Stretch
10500 - Test suite doc: drop support for Stretch
10502 -- Tails developers <tails@boum.org> Mon, 14 Dec 2020 08:56:31 +0000
10504 tails (4.13) unstable; urgency=medium
10506 * Tor Browser 10.0.5 (tails/tails!253)
10508 Closes issues:
10509 - Upgrade to Tor Browser 10.0.5 (tails/tails#18017)
10510 - Most Tor Browser scenarios fail (tails/tails#18016)
10511 - Only ship locale definitions that the user can select in the Welcome Screen
10512 (tails/tails#17139)
10514 Commits:
10515 - Mark security issue as fixed
10516 - Test suite: avoid wait_any() in error-prone situation.
10517 - Test suite: adapt image so it works for RTL locales too.
10518 - Upgrade Tor Browser to 10.0.5-build1.
10519 - Automate++
10521 * Browsers: drop el-GR from browser localization (tails/tails!252)
10523 Closes issues:
10524 - "The Unsafe Browser can be used in all languages supported in Tails" scenario
10525 fails in Greek (tails/tails#18015)
10527 Commits:
10528 - Browsers: drop el-GR from browser localization.
10530 * Test suite: wait for GNOME Overview launchers to be ready before interacting
10531 with them (tails/tails!251)
10533 Closes issues:
10534 - Most Tor Browser scenarios fail (tails/tails#18016)
10536 Commits:
10537 - Test suite: wait for GNOME Overview launchers to be ready before interacting
10538 with them (fixes: #18016).
10540 * Garbage collect website cache more aggressively (tails/tails!248)
10542 Closes issues:
10543 - Some builds fail on Jenkins due to lack of disk space to store cached built
10544 website (tails/tails#18010)
10546 Commits:
10547 - website-cache: don't delete lost+found directory
10548 - Lint
10549 - website-cache: garbage collect cache directories older than 20 days
10551 * generate-report: Buster compatibility, help the user install dependencies
10552 (tails/tails!247)
10554 Commits:
10555 - generate-report: add helpful message on missing Python modules
10556 - generate-changelog, generate-report: support Python 3.7
10558 * custom-apt-cruft-check: fix output when there's nothing to remove
10559 (tails/tails!246)
10561 Commits:
10562 - custom-apt-cruft-check: fix output when there's nothing to remove
10564 * Release process: streamline configuration and environment management
10565 (tails/tails!245)
10567 Commits:
10568 - Release process: rename variable to avoid confusion
10569 - Apply 1 suggestion(s) to 1 file(s)
10570 - Fix typo in suggestion
10571 - Apply 3 suggestion(s) to 3 file(s)
10572 - rm-config: workaround pylint false positives
10573 - remove-unused-udfs: lint
10574 - remove-unused-udfs: actually use passed before_version
10575 - rm-config: add mypy exceptions
10576 - rm-config: add docstrings
10577 - rm-config: lint
10578 - rm-config: drop unused import
10579 - rm-config: import generation of IUK_SOURCE_VERSIONS
10580 - Factorize
10581 - rm-config: import more configuration generation
10582 - rm-config: validate configuration
10583 - RM config template: quote "FIXME" as it should be in the manually-filled
10584 version
10585 - rm-config: fix generate-environment for non-string values
10586 - rm-config: log config before validating
10587 - rm-config: pass stage to Config()
10588 - rm-config: add validate-configuration action
10589 - Release process: consistently provide editor command-line
10590 - rm-config: ensure generated shell snippet has a trailing newline
10591 - Release process: move generation of derived values to rm-config
10592 - Lint
10593 - Release process: fully phrase the rm-config usage bits
10594 - Release process: bring all notes together
10595 - Release process: document how to get your own local.yml
10596 - Release process: convert example local.yml to YAML, move generated variable out
10597 of it
10598 - Add type hints
10599 - Lint
10600 - rm-config: generate boilerplate config, read config & export it as shell
10601 environment
10602 - Release process: ensure the configuration does not taint the next release
10603 process
10604 - Document config format
10605 - Ensure RM config snippets produce 1 single YAML document when concatenated
10606 - Release process: specify interface for new RM config management.
10608 * WhisperBack: include the output of lsusb in reports (tails/tails!244)
10610 Commits:
10611 - WhisperBack: include the output of lsusb in reports
10613 * Automate Tor Browser WebRTC tests (tails/tails!243)
10615 Closes issues:
10616 - Automate Tor Browser WebRTC tests (tails/tails#10264)
10618 Commits:
10619 - Test suite: automatically test that WebRTC is disabled in Tor Browser
10620 - Test suite: refactoring (extract code to function)
10622 * GitLab CI: only run the apt-snapshots-expiry job when relevant
10623 (tails/tails!242)
10625 Commits:
10626 - GitLab CI: only run the apt-snapshots-expiry job when relevant
10627 - GitLab CI: switch to "Pipelines for Merge Requests" mode
10629 * GitLab CI: check PO files that we did not import from Transifex yet, only run
10630 PO checks when relevant (tails/tails!241)
10632 Commits:
10633 - Lint
10634 - GitLab CI: lint
10635 - GitLab CI: only run check-po-msgfmt and lint-po when relevant
10636 - GitLab CI: check PO files that we did not import from Transifex yet
10638 * Add script that checks which packages in our custom APT repo are unused
10639 (tails/tails!240)
10641 Closes issues:
10642 - Remove cruft from our custom APT repository (2020Q4 edition)
10643 (tails/tails#17997)
10645 Commits:
10646 - custom-apt-cruft-check: look for custom package on the suite we're working on
10647 - custom-apt-cruft-check: update script description to match current usage
10648 - custom-apt-cruft-check: fix generated reprepro command
10649 - custom-apt-cruft-check: make output command line easier to copy'n'paste
10650 - custom-apt-cruft-check: use a command line argument to specify which suite to
10651 check
10652 - Revert overzealous linting
10653 - custom-apt-cruft-check: fix branch check
10654 - Lint
10655 - custom-apt-cruft-check: add helpful comment to error message
10656 - custom-apt-cruft-check: output require reprepro clean up command
10657 - custom-apt-cruft-check: fetch .build-manifest from Jenkins
10658 - custom-apt-cruft-check: change quoting so \n becomes an actual newline
10659 - custom-apt-cruft-check: also support the devel branch/APT suite
10660 - Lint
10661 - custom-apt-cruft-check: add support for Onion service
10662 - Add script that checks which packages in our custom APT repo that are unused.
10664 * Release process: automate removing unused UDFs (tails/tails!239)
10666 Commits:
10667 - Remove UDFs for versions we'll never release
10668 - remove-unused-udfs: avoid computing the list of tags multiple times
10669 - remove-unused-udfs: avoid using global variable.
10670 - Release process: automate removing unused UDFs
10671 - Release process: remove now-irrelevant case
10672 - Release process: move cleaning up Changelog to a smarter place
10673 - Release process: remove duplicate operation
10674 - Release process: bundle together actions on the devel branch
10676 * GitLab CI: check that no APT snapshot will expire within 1 month
10677 (tails/tails!238)
10679 Commits:
10680 - GitLab CI: give job a name that better reflects its, well, job
10681 - Cleanup
10682 - GitLab CI: check that no APT snapshot will expire within 1 month.
10683 - apt-snapshot-expiry: exit with error if any snapshot will expire within 1
10684 month.
10685 - Get rid of subshell.
10687 * Release process: automate generation of email to manual testers
10688 (tails/tails!237)
10690 Commits:
10691 - Release process: make the shell complain if setting PAD was forgotten.
10692 - Release process: de-duplicate
10693 - Release process: automate generating the call for manual testing
10695 * Release process: streamline APT repository operations (tails/tails!236)
10697 Commits:
10698 - Release process: only context switch to freeze exception management if needed
10699 - Release process: streamline thawing time-based APT snapshots
10700 - Release process: streamline bumping time-based APT snapshots expiration date
10701 - Fix Vagrant build box APT snapshots updating info
10702 - Release process: streamline freezing time-based APT snapshots
10703 - Release process: automate
10704 - Release process: streamline post-release operations
10705 - Release process: streamline initializing the versioned custom APT suite
10706 - Replace link to obsolete reprepro homepage with link to Tracker
10707 - Release process: automate
10708 - Release process: streamline merging base branches
10709 - Custom APT repo doc: move to a script merging a main branch
10710 - Release process: streamline resetting custom APT suites
10711 - Lint
10712 - Custom APT repo doc: move to a script resetting a suite
10713 - Release process: streamline merging APT overlays
10714 - Release process: be extra explicit about what "freeze time" means
10715 - Revert "Release process: be explicit about the required setting when merging"
10717 * Ensure that we install the required custom packages from our custom APT repo
10718 (tails/tails!235)
10720 Commits:
10721 - Release process: drop VeraCrypt reminder.
10722 - Build system: ensure we install the required custom packages from our custom
10723 APT repo.
10725 * Release process: move big code snippets to scripts (tails/tails!234)
10727 Commits:
10728 - Lint
10729 - Release process: move to a script preparing the included website
10730 - Release process: move to a script cleaning SquashFS sort file
10731 - Lint
10732 - Release process: move to a script generating images signatures and Torrents
10733 - Lint
10734 - Release process: move to a script publishing test UDFs
10735 - Lint
10736 - Release process: move to a script signing UDFs
10737 - Release process: move to a script updating the trace file
10738 - Lint
10739 - Release process: move to a script publishing IUKs
10740 - Lint
10741 - Release process: move to a script announcing and seeding the Torrents
10742 - Lint
10743 - Release process: move to a script copying release files to the website
10744 - Release process: move Tor blog post generation to a script
10746 * check-po-msgstr: Add option to sanitize .po files (tails#17661)
10747 (tails/tails!232)
10749 Commits:
10750 - check-po-msgstr: Add option to sanitize .po files (tails#17661)
10752 * GitLab CI: run the perl5lib, persistence-setup, and a subset of the upgrader
10753 test suites (tails/tails!228)
10755 Commits:
10756 - Upgrader test suite: drop noisy output
10757 - Add missing strictures
10758 - GitLab CI: run the subset of the iuk test suite that works in a Docker
10759 environment
10760 - GitLab CI: run the persistence-setup test suite
10761 - GitLab CI: run the perl5lib test suite
10762 - Skip chattr when running in a test environment
10763 - Perl program test suite doc: run tests in a UTF-8 locale
10764 - Perl program test suite doc: use command-line --all flag instead of environment
10765 variable
10766 - Perl program test suite doc: add missing dependency
10768 * GitLab CI: run unit tests for tails-gdm-error-message (tails/tails!224)
10770 Commits:
10771 - GitLab CI: run unit tests for tails-gdm-error-message
10773 * GitLab CI: run WhisperBack unit tests (tails/tails!222)
10775 Commits:
10776 - GitLab CI: run WhisperBack unit tests
10778 * GitLab CI: check PO files with lint_po, that calls i18nspector
10779 (tails/tails!221)
10781 Commits:
10782 - GitLab CI: use Debian testing for lint-po stage
10783 - GitLab CI: check PO files with lint_po, that calls i18nspector
10785 * Fix test suite robustness regression introduced by the upgrade of lizard
10786 isotesters to Buster (tails/tails!218)
10788 Closes issues:
10789 - Test suite robustness regressed since the lizard isotesters were upgraded to
10790 Buster (tails/tails#17985)
10792 Commits:
10793 - Test suite: don't let Screen#find mess with Screen#wait_vanish's timeout
10794 argument
10795 - Test suite: make @screen.find() @screen.wait() for 5 seconds
10797 * Fix Tails Installer in Turkish and in languages that have a translation for the
10798 "Clone the current Tails" string (tails/tails!217)
10800 Closes issues:
10801 - Tails Installer does not allow upgrade in languages that have a translation for
10802 the "Clone the current Tails" string (tails/tails#17982)
10803 - tails-installer fails to operate in Turkish (tails/tails#17576)
10805 Commits:
10806 - Fix Tails Installer in Turkish
10807 - Update POT and PO files
10808 - Installer: s/Live.?OS/Tails/
10809 - Installer: use translations for strings defined in Glade
10811 * Move wrap_test_suite cucumber args logic into run_test_suite (tails/tails!216)
10813 Commits:
10814 - run_test_suite: use variable consistently.
10815 - run_test_suite: don't use current Git state, but the one described by Jenkin's
10816 environment variables.
10817 - Fix comment.
10818 - Test suite: print which Cucumber tags are used on start.
10819 - Remove unused Rake 'test' task.
10820 - run_test_suite: make @doc tag handling independent of ~@fragile.
10821 - Simplify.
10822 - run_test_suite: move cucumber logic from wrap_test_suite in here (refs:
10823 tails/sysadmin#17772).
10825 * Test suite: automate a few manual tests (tails/tails!213)
10827 Closes issues:
10828 - Automatically test that we cannot login as root (tails/tails#10274)
10829 - Automate APT manual tests (tails/tails#17017)
10830 - Test that the correct keyboard layout is set (tails/tails#10261)
10831 - Test that DuckDuckGo is the default search engine in Tor Browser
10832 (tails/tails#10265)
10833 - Test that the on-screen keyboard works and its layout is correctly set
10834 (tails/tails#10263)
10836 Commits:
10837 - Test suite: fix regexp
10838 - Test suite: login using the button, not accelerators.
10839 - Test suite: implement find_any() with real_find().
10840 - Fix typo
10841 - Test suite: enable localization tests in Spanish and Turkish
10842 - Test suite: have #(exists|find|wait)_any return a hash instead of an array
10843 - run_test_suite: pass --expand to Cucumber
10844 - Test suite: handle the fact that the browser address bar is initialized lazily
10845 (Persian edition)
10846 - Test suite: make new tests not run by default
10847 - Test suite: automate the screen keyboard manual tests
10848 - Test suite: enable keyboard layout and browser search engine tests for Arabic
10849 - Test suite: automate testing that DuckDuckGo is the default search engine in
10850 all tier-1 languages
10851 - Test suite: automate testing that the correct keyboard layout is set
10852 - Test suite: automate manual /bin/su tests
10853 - Test suite: automate manual APT tests
10854 - Test suite: fix steps semantics
10855 - Test suite: don't bother logging in when not needed
10857 * Drop dead code for read-only persistence (tails/tails!211)
10859 Closes issues:
10860 - Drop dead code for read-only persistence (tails/tails#17972)
10862 Commits:
10863 - Drop dead code for read-only persistence
10865 * Make the root directory of the persistence non-world-readable (tails/tails!210)
10867 Closes issues:
10868 - Make the root directory of the persistence non-world-readable
10869 (tails/tails#7465)
10871 Commits:
10872 - Put first what matters most to the user
10873 - Document shortcut
10874 - Add period at the end of (imperative) sentences
10875 - Fix Markdown formatting
10876 - Add, and take benefit from, a GTK bookmark for the persistent Dotfiles source
10877 directory
10878 - Make the root directory of the persistence non-world-readable
10880 * Make udisks less verbose about "errors" to determine whether unused loop
10881 devices are encrypted (tails/tails!209)
10883 Commits:
10884 - Revert "Raise the maximum number of loop devices to 32 (refs: #12065)."
10886 * Allow raising sound volume above 100% (tails/tails!207)
10888 Closes issues:
10889 - Allow raising sound volume above 100% (tails/tails#17322)
10890 - Re-enable TCP timestamps (tails/tails#17491)
10892 Commits:
10893 - Allow raising sound volume above 100%
10895 * Re-enable TCP timestamps (tails/tails!206)
10897 Closes issues:
10898 - Re-enable TCP timestamps (tails/tails#17491)
10900 Commits:
10901 - Re-enable TCP timestamps
10903 * Add a button to restart Tails at the end of creating the Persistent Storage
10904 (tails/tails!205)
10906 Commits:
10907 - Drop unneeded sentence
10908 - Add a button to restart Tails at the end of creating the Persistent Storage
10910 * Only install usable locales and Tor Browser langpacks (tails/tails!204)
10912 Closes issues:
10913 - Only ship locale definitions that the user can select in the Welcome Screen
10914 (tails/tails#17139)
10915 - Test suite often fails on Jenkins due to lack of "disk" space in
10916 /tmp/TailsToaster/TailsToasterStorage (tails/tails#17984)
10918 Commits:
10919 - Test suite: calculate supported locales outside of loop.
10920 - Test suite: add expected image for the Unsafe Browser in Spanish
10921 - Test suite: don't use English as a way of testing localization of the Unsafe
10922 Browser
10923 - Test suite: adjust for the removal of locales-all
10924 - Avoid localepurge deleting ll_RR.utf8 locale variants
10925 - Build system: drop browser localization descriptions for languages not
10926 available in the Welcome Screen
10927 - Bring back localepurge, to delete unneeded localizations
10928 - Only ship Tor Browser langpacks for locales that the user can select in the
10929 Welcome Screen
10930 - Only ship locale definitions that the user can select in the Welcome Screen
10932 * Thunderbird 78 and Enigmail obsoletion (tails/tails!203)
10934 Closes issues:
10935 - Upgrade to Thunderbird 78 ESR (tails/tails#17148)
10936 - Migrate from Enigmail to Thunderbird 78's built-in OpenPGP support
10937 (tails/tails#17147)
10939 Commits:
10940 - Test suite: adjust tests for Thunderbird 78.
10941 - Test suite: make local.yml load before *.d dirs, as intended.
10942 - Apply 1 suggestion(s) to 1 file(s)
10943 - Apply 1 suggestion(s) to 1 file(s)
10944 - Add missing 'set -u' to build-time hook.
10945 - Apply 1 suggestion(s) to 1 file(s)
10946 - Explicit
10947 - Be more assertive
10948 - I'm not sure whether it's still the case
10949 - Update more references
10950 - Instruct to disable the GnuPG feature of the Persistent Storage
10951 - Document 'Require Encryption' by default
10952 - Rewrite anonym's draft
10953 - Improve grammar
10954 - Fix path
10955 - Simplify PO file
10956 - Remove outdated screenshot
10957 - Explain better the protection of the Master Password
10958 - Thunderbird: drop part of patch.
10959 - Thunderbird: don't automatically attach public key to signed messages.
10960 - Thunderbird: backport patch introducing pref for whether to automatically
10961 attach the public key.
10962 - Thunderbird: backport fix for OpenPGP dialog when sending to a recipient
10963 without key.
10964 - Create libresolv.so → libresolv-${version}.so symlink.
10965 - Thunderbird: use the "Require encryption by default" policy.
10966 - Thunderbird: apply patch fixing issue with default encryption policy.
10967 - Revert "Thunderbird: patch to disable protectHeaders AKA MemoryHole."
10968 - Revert "Thunderbird: set allow_external_gnupg = true."
10969 - Improve migration prompt
10970 - Help user know how old Tails 4.13 is
10971 - Update Persistent Storage UI and doc
10972 - Remove fuzzy duplicates in PO files.
10973 - Remove section that's too generic
10974 - Remove deprecated migration instructions
10975 - Add section to import private keys
10976 - Move shorter and more generic sections first
10977 - Use automatic TOC anchors
10978 - Merge inline with its only page
10979 - Add headings and make the instructions linear
10980 - Thunderbird: patch to disable protectHeaders AKA MemoryHole.
10981 - Apply 1 suggestion(s) to 1 file(s)
10982 - Apply 1 suggestion(s) to 1 file(s)
10983 - Apply 1 suggestion(s) to 1 file(s)
10984 - Apply 1 suggestion(s) to 1 file(s)
10985 - Apply 1 suggestion(s) to 1 file(s)
10986 - Apply 1 suggestion(s) to 1 file(s)
10987 - Apply 1 suggestion(s) to 1 file(s)
10988 - Hook thunderbird wrapper script into our translation infrastructure.
10989 - Thunderbird: notify user about Enigmail migration.
10990 - Update Thunderbird OpenPGP docs for version 78.
10991 - Drop everything related to Enigmail.
10992 - Thunderbird: set allow_external_gnupg = true.
10993 - Thunderbird: update renamed prefs from upstreamed patches.
10994 - Don't install Enigmail (refs: #17147).
10995 - Update Thunderbird patches from icedove.git at commit
10996 90184f927783370a65bfde271a67613d21372c9f
10997 - Fix indentation.
10998 - Revert "Install Thunderbird 68 until we're ready for 78"
11000 -- Tails developers <tails@boum.org> Mon, 16 Nov 2020 12:23:11 +0100
11002 tails (4.12) unstable; urgency=medium
11004 * Security fixes
11005 - Upgrade libx11 to 2:1.6.7-1+deb10u1
11007 * Hardware support
11008 - Upgrade firmware-linux-nonfree to 20200918-1
11010 * Upgrade to Tor Browser 10.0.2 (based on Firefox 78.4) (tails/tails!208)
11012 Closes issues:
11013 - Upgrade to Tor Browser 10.0.2 (based on Firefox 78.4) (tails/tails#17971)
11015 Commits:
11016 - Revert "Tor Browser: patch in prefs changes introduced in 10.0-build3."
11017 - Fetch Tor Browser from our own archive.
11018 - Upgrade Tor Browser to 10.0.2-build2.
11020 * Use v3 Onion service to connect to our custom APT repository (tails/tails!201)
11022 Closes issues:
11023 - Migrate deb.tails.boum.org APT source to v3 onion (tails/tails#17937)
11025 Commits:
11026 - Use v3 Onion service to connect to our custom APT repository
11028 * onion-grater: fix rate limiting of how often we try to connect to tor
11029 (tails/tails!199)
11031 Commits:
11032 - onion-grater: fix rate limiting of how often we try to connect to tor
11034 * Electrum & Upgrader wrappers: fix i18n support and use canonical URL for manual
11035 upgrade doc (tails/tails!198)
11037 Closes issues:
11038 - tails-upgrade-frontend-wrapper points users to a 404 URL for manual upgrades in
11039 French (tails/tails#17958)
11040 - Some Python scripts fail to set the gettext text domain correctly
11041 (tails/tails#17758)
11043 Commits:
11044 - Lint
11045 - Electrum & Upgrader wrappers: fix internationalization support, by setting the
11046 text domain correctly
11047 - Unfuzzy 2 translation strings
11048 - Update POT and PO files
11049 - tails-upgrade-frontend-wrapper: remove spurious double quotes surrounding error
11050 message
11051 - Update POT and PO files
11052 - tails-upgrade-frontend-wrapper: use canonical URLs for manual upgrade doc
11054 * Keep installing Thunderbird 68 until we're ready for 78 (tails/tails!197)
11056 Closes issues:
11057 - All branches FTBFS since Thunderbird 78 reached the Buster security repo
11058 (tails/tails#17962)
11060 Commits:
11061 - Install Thunderbird 68 until we're ready for 78
11063 * WhisperBack: sanitize HTTP(s) URLs (tails/tails!196)
11065 Closes issues:
11066 - Unscrubbed URL in WhisperBack reports (tails/tails#10695)
11068 Commits:
11069 - WhisperBack: sanitize HTTP(s) URLs
11071 * Avoid mirrors and rsync.lizard running out of disk space during the release
11072 process when upgrades to a beta/RC are present (tails/tails!195)
11074 Closes issues:
11075 - Avoid mirrors and rsync.lizard running out of disk space during the release
11076 process when upgrades to a beta/RC are present (tails/tails#17944)
11078 Commits:
11079 - Release process: delete beta/RC IUKs before uploading the IUKs for the final
11080 version
11081 - Call for testing: set a deadline for providing feedback (2 days before the
11082 final release)
11083 - Release process: automate generation of call for testing
11085 * Installer: fix various internationalization bugs (tails/tails!194)
11087 Closes issues:
11088 - Various internationalization bugs in the Installer (tails/tails#17961)
11090 Commits:
11091 - Update POT and PO files, to match translatable strings changes
11092 - Installer: allow translators to reorder string arguments in translations
11093 - Installer: fix translations being unused due to translatable string being
11094 computed at runtime
11096 * Upgrade Linux to 5.8 and Debian to 10.6 (tails/tails!188)
11098 Closes issues:
11099 - Upgrade Linux to 5.8 (tails/tails#17896)
11100 - Upgrade to Buster 10.6 (tails/tails#17930)
11101 - Regression with Intel Corporation [8086:22b0] and [8086:22b1] GPU since 4.9
11102 (tails/tails#17953)
11104 Commits:
11105 - Tor Browser AppArmor profile: allow access to DRI nodes
11106 - Tor Browser AppArmor profile: update patch to apply on top of 0.3.2-14
11107 - Update GNOME Shell to 3.30.2-11~deb10u2.0tails1
11108 - Update systemd to 241-7~deb10u4.0tails1
11109 - Refresh uBlock patch to apply cleanly on top of webext-ublock-origin-firefox
11110 1.30.0+dfsg-1
11111 - Adjust for webext-ublock-origin package split
11112 - Adjust fake linux-compiler-gcc-N-x86 hack to Linux 5.8's needs
11113 - Kernel command line: drop init_on_alloc=1, now set by default in Debian
11114 - Upgrade Linux to 5.8.0-2 (currently at version 5.8.10-1)
11115 - Bump snapshot of the Debian archive to 2020101002
11117 * Upgrade to tor 0.4.4.5 (tails/tails!187)
11119 Closes issues:
11120 - Upgrade to tor 0.4.4 (tails/tails#17932)
11122 Commits:
11123 - Bump APT snapshot of the "torproject" archive to 2020091901, that has tor
11124 0.4.4.x
11126 * Port Perl code to translatable strings format supported by GNU gettext
11127 (tails/tails!181)
11129 Closes issues:
11130 - Port Perl code to translatable strings format supported by GNU gettext
11131 (tails/tails#17928)
11133 Commits:
11134 - refresh-translations: check PO files while converting them to MO
11135 - Upgrader, Persistence wizard: set the UTF-8 flag on all strings returned by
11136 Locale::TextDomain
11137 - Re-add loading POSIX: we use it for more than setlocale
11138 - Upgrader, Persistence wizard: assume UTF-8 locale
11139 - Drop unneeded call to setlocale
11140 - Drop meaningless attempt at localization
11141 - Persistence setup: encode output when displaying errors on stdout
11142 - IUK creation: make saveas method benchmarking info honor its $outfile_name
11143 argument
11144 - Port Perl code to translatable strings format supported by GNU gettext
11146 * Import WhisperBack into our main Git repository (tails/tails!179)
11148 Closes issues:
11149 - Move WhisperBack source to our main Git repository (tails/tails#16936)
11151 Commits:
11152 - generate-changelog: don't consider obsolete tails/whisperback project
11153 - Integrate WhisperBack into our l10n setup
11154 - Import WhisperBack
11156 * Import Tails Installer into our main Git repository and delete its dead code
11157 (tails/tails!159)
11159 Closes issues:
11160 - Move Tails Installer to our main Git repository (tails/tails#17917)
11162 Commits:
11163 - generate-changelog: don't consider obsolete tails/installer project
11164 - Adjust tails-installer.desktop to l10n setup
11165 - Installer: adjust gettext files lookup
11166 - Installer: adjust data directory lookup
11167 - Update Transifex script & doc: most of our Transifex projects are obsolete
11168 - Adjust code and doc to the fact Tails Installer now lives in tails.git
11169 - Import Tails Installer
11171 * Add a button to cancel the upgrade while downloading (tails/tails!12)
11173 Closes issues:
11174 - Add a button to cancel the upgrade while it's downloading (tails/tails#17310)
11176 Commits:
11177 - Fix regression introduced by 26b9b1b83f3857232474dd2291889867e80a3b45
11178 - Upgrader: port code added in !12 to the l10n setup we switched to in !181
11179 - Lint
11180 - Convert tails-iuk-get-target-file | zenity pipeline to start / pump / finish
11181 - Untabify
11182 - Update design doc wrt. new tails-iuk-get-target-file permissions
11183 - Remove unnecessary exit code handling
11184 - Fix typo
11185 - Allow tails-upgrade-frontend to kill the download process
11186 - Set a signal handler to cancel the download when the zenity dialog is closed
11187 - Add a button to cancel the upgrade while it is downloading
11189 -- Tails developers <tails@boum.org> Mon, 19 Oct 2020 08:35:44 +0000
11191 tails (4.11) unstable; urgency=medium
11193 * Security fixes
11194 - Upgrade Linux kernel to 5.7.0-3 at 5.7.17-1 (#17895).
11195 - Upgrade Tor Browser to 10.0 (#17933).
11196 - Upgrade Thunderbird to 68.12.0-1~deb10u1.
11197 - Upgrade xorg-server to 1.20.4-1+deb10u1.
11198 - Upgrade openexr to 2.2.1-4.1+deb10u1.
11199 - Upgrade bind9 to 9.11.5.P4+dfsg-5.1+deb10u2.
11200 - Upgrade ghostscript to 9.27~dfsg-2+deb10u4.
11201 - Upgrade libzmq5 to 4.3.1-4+deb10u2.
11203 * Minor improvements and updates
11204 - Upgrade Electrum to 4.0.2-2.
11206 * Tor Browser 10.0 (tails/tails!189)
11208 Commits:
11209 - Tor Browser: patch in prefs changes introduced in 10.0-build3.
11210 - Test suite: make scenario titles consistently not end with period
11211 - Unsafe Browser: adjust disabling add-ons to Tor Browser 10
11212 - Unsafe Browser: add missing escaping
11213 - Upgrade Tor Browser to 10.0-build2 (refs: #17933).
11214 - Rename, refactor, reorganize.
11215 - Tor Browser: use new trick to avoid mandatory extension signing.
11216 - Upgrade Tor Browser to 10.0a7.
11218 * Test suite: use versioned python2 interpreter for otr-bot.py (tails/tails!186)
11220 Commits:
11221 - Test suite: use versioned python2 interpreter for otr-bot.py
11223 * Test suite: switch to virtio transport for the remote shell (tails/tails!185)
11225 Closes issues:
11226 - Improve the remote shell's performance by switching to a virtio channel
11227 (tails/tails#11888)
11229 Commits:
11230 - Test suite: make SocketReadTimeout inherit from RuntimeError
11231 - Lint.
11232 - Test suite: use factorized way to get and update the domain's XML definition
11233 - Fix Layout/EmptyLineAfterGuardClause Rubocop regression
11234 - Fix Style/StringLiterals Rubocop regression
11235 - Fix Naming/HeredocDelimiterNaming Rubocop regression
11236 - Rubocop: fix a Security/JSONLoad regression
11237 - tails-autotest-remote-shell: lint
11238 - tails-autotest-remote-shell: remove unused import
11239 - Remote shell: improve warning.
11240 - Test suite: log whenever remote_shell_is_up?() returns false.
11241 - Remote shell: use timed read() for virtio channel.
11242 - Remote shell: switch from serial to virtio transport (refs: #11888).
11244 * Release process: generate UDFs to non-final releases from any supported
11245 previous version (tails/tails!178)
11247 Closes issues:
11248 - UDF generation is broken for release candidates (tails/tails#17921)
11250 Commits:
11251 - Don't generate UDFs on the stable channel to point to a release candidate
11252 - Release process: generate UDFs to non-final releases from any supported
11253 previous version
11255 * Don't override Debian's system-wide Thunderbird configuration (tails/tails!177)
11257 Commits:
11258 - Adding comment explaining extensions.update.enabled Thunderbird pref (Refs:
11259 #16021)
11260 - Removing network.protocol-handler.app.http[s] Thunderbird preferences (Refs:
11261 #16021)
11262 - Removing intl.locale.requested Thunderbird preference (Refs: #16021)
11263 - Changing header in Thunderbird's prefs file indicating they are Tails' prefs
11264 (Refs: #16021)
11265 - aa_tails.js: Removing repeated thunderbird preferences
11266 - Moving local included thunderbird config to not overwrite debian default (Will-
11267 fix: #16021)
11269 * Clarify phrasing of KeePassXC database renaming dialog (tails/tails!175)
11271 Commits:
11272 - Explicit (#17286)
11273 - Explain that the change came from KeePassXC (#17286)
11275 * Test Thunderbird with local email server on Jenkins (tails/tails!172)
11277 Closes issues:
11278 - Checking credentials in Thunderbird autoconfig wizard sometimes fails in the
11279 test suite (tails/tails#11890)
11280 - Run our own email (IMAP/POP3/SMTP) server for automated tests run on lizard
11281 (tails/tails#12277)
11283 Commits:
11284 - Test suite: fix Rubocop offenses
11285 - Lint.
11286 - Test suite: add debug logging so we can tell whether we're installing the
11287 hosts' email server's snakeoil certificate
11288 - Test suite: add missing newline.
11289 - Test suite: set promiscuous trust for the certificate we import.
11290 - Test suite: import isotesters' snakoil SSL cert into Thunderbird.
11291 - Test suite: complete the switch from Icedove to Thunderbird namespace in
11292 configuration (refs: #12277)
11294 * Chutney docs and logging (tails/tails!167)
11296 Commits:
11297 - Test suite: improve logging message for initial Chutney cleanup.
11298 - Test suite: also log when Chutney is up and running.
11299 - Test suite: make Chutney logging visible without debug formatter.
11300 - Test suite: document our usage of Chutney (refs: #17801).
11302 * Install python3-trezor from buster-backports (tails/tails!165)
11304 Commits:
11305 - Install trezor packages from buster-backports
11307 * Fix “return to Greeter when clicking the Start Tails button” on Intel+AMD dual-
11308 GPU systems (tails/tails!163)
11310 Commits:
11311 - tails-unblock-network: skip most graphics-related devices when triggering udev
11313 * Round the download size in "Upgrade available" dialog (tails/tails!162)
11315 Commits:
11316 - Rounds the size of numbers displayed in stderr if is not possible to do an
11317 incremental upgrade because there is no free memory or disk space available
11318 - Round the download size in Upgrade available IUK dialog
11320 * Save KeePassXC database in persistent directory (tails/tails!161)
11322 Commits:
11323 - Adjust end-user documentation for new default KeePassXC database filename
11324 - Open Passwords.kdbx by default (#17286)
11325 - Install KeePassXC 2.5.4 from buster-backports (#17286)
11327 * Support audio on recent Intel platforms: Comet Lake, Whiskey Lake, etc.
11328 (tails/tails!157)
11330 Commits:
11331 - auto/build: enable the pipefail option
11332 - Add Intel SOF Firmware and Topology binaries as a submodule and install them
11333 - build-tails: give our build scripts access to submodules' refs
11334 - Make code fail hard if it becomes obsolete
11336 * "Synchronizing the system's clock" notification: hidden → onion services
11337 (tails/tails!156)
11339 Commits:
11340 - update hidden to onion services
11341 (https://gitlab.tails.boum.org/tails/tails/-/issues/15354)
11343 * Drop obsolete workaround for python3-qdarkstyle, fixing devel FTBFS
11344 (tails/tails!154)
11346 Commits:
11347 - Drop now unneeded APT pinning on helpdev and python3-qdarkstyle
11348 - Revert "Avoid installing python3-qdarkstyle by default"
11350 * Build the changelog from GitLab MRs rather than from Git commits
11351 (tails/tails!153)
11353 Commits:
11354 - generate-changelog: only list merged MRs
11355 - Changelog generation: support preparing a non-final (alpha, beta, RC) release
11356 - Update comment
11357 - Release process: update obsolete reference to Stretch
11358 - Release process: use HTTPS URIs
11359 - Remove obsolete "release" script
11360 - RM doc: drop obsolete process hack around painful changelog generation
11361 - Release process and release notes checklist: switch to automated changelog
11362 generation
11363 - changelog.jinja2: add newlines for nicer formatting if rendered as Markdown
11364 - generate-changelog: skip merge commits
11365 - Add PoC script that generates a changelog from GitLab MRs
11367 * Include "initially installed Tails version" info in WhisperBack reports
11368 (tails/tails!152)
11370 Commits:
11371 - Include "initially installed Tails version" in WhisperBack reports
11372 - Reorder debugging info: keep persistence-related info together
11374 * try_for() timeout is not honored (tails/tails!151)
11376 Closes issues:
11377 - Test suite: try_for timeout is not honored (tails/tails#17822)
11379 Commits:
11380 - Revert "Revert "Test suite: revert exception handling change in try_for""
11382 * Enable persistence for all Greeter settings (tails/tails!149)
11384 Commits:
11385 - Test suite: make sure Greeter settings are default when they should.
11386 - Test suite: add scenario testing persistent Greeter options (refs: #17136).
11387 - Test suite: support entering sudo/persistent password in German.
11388 - Test suite: simplify.
11389 - Test suite: refactor.
11390 - Test suite: restore $language after reboot during the same scenario.
11391 - Test suite: consistently wait for notifications after logging in.
11392 - Greeter: Explain in a comment why we need this ugly workaround
11393 - Greeter: expand persistence support to all settings.
11395 * Tor browser 10.0.x based on ESR78 (tails/tails!148)
11397 Commits:
11398 - Automate Tor Browser import branch name generation.
11399 - Tor Browser: disable update checks via Enterprise Policy mechanism.
11400 - Revert "Tor Browser: disable the update check with a hack."
11401 - Upgrade Tor Browser to 10.0a6.
11402 - Tor Browser: disable the update check with a hack.
11403 - Test Suite: bump image.
11404 - Test Suite: bump UnsafeBrowserStartPage.fa.png.
11405 - Unsafe Browser: enable userChrome.css.
11406 - Unsafe Browser: Fix pref → user_pref error.
11407 - Tor Browser: drop userChrome.css.
11408 - Unsafe Browsesr: make DNS resolution work.
11409 - Revert "Tor Browser: remove leftover .orig."
11410 - Revert "Tor Browser: delete all Namecoin stuff."
11411 - Revert "Tor Browser: temporarily disable all non-en_US locales."
11412 - Tor Browser: refresh extension hacks patches.
11413 - Upgrade Tor Browser to 10.0a5-build2.
11414 - Move variables.
11415 - Don't ignore grep failure.
11416 - Tor Browser: delete all Namecoin stuff.
11417 - Tor Browser: use the bundled libstdc++.so.6.
11418 - Tor Browser: remove leftover .orig.
11419 - Tor Browser: temporarily disable all non-en_US locales.
11420 - Upgrade Tor Browser to 10.x nightly build as of 2020-08-13.
11421 - Tor Browser: naming scheme for nightly builds has changed.
11423 * Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings
11424 (tails/tails!147)
11426 Commits:
11427 - Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings (#17887)
11429 * Upgrade Linux to 5.7.17-1, adjust for updated Electrum dependencies, support
11430 older TREZOR firmware (tails/tails!142)
11432 Commits:
11433 - Avoid installing python3-qdarkstyle by default
11434 - Install python3-hid, to support the HID version of TREZOR
11435 - Install python3-qdarkstyle from Bullseye: Electrum now depends on it (#17904)
11436 - Upgrade Linux to 5.7.0-3, currently at version 5.7.17-1 (#17895)
11437 - Revert "Install python3-cryptography, otherwise Electrum 4.0.2-0.1 won't start"
11438 - Install python3-construct from buster-backports: python3-trezor needs it
11439 (#17904)
11441 * Fix sorting Intel GPUs last in the "Error starting GDM" message
11442 (tails/tails!141)
11444 Closes issues:
11445 - Multiple GPUs are not sorted in the intended order in the "Error starting GDM"
11446 message (tails/tails#17903)
11448 Commits:
11449 - Fix sorting Intel GPUs last in the "Error starting GDM" message (#17903)
11451 * Include information about the contents of the system partition in WhisperBack
11452 reports (tails/tails!140)
11454 Commits:
11455 - tails-debugging-info: include information about the contents of the system
11456 partition
11457 - tails-debugging-info: add support for commands that need to go through a shell
11459 -- Tails developers <tails@boum.org> Mon, 21 Sep 2020 12:03:51 +0200
11461 tails (4.10) unstable; urgency=medium
11463 * Security fixes
11464 - Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
11465 - Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
11466 #17834).
11468 * Bugfixes
11469 - Make iPhone Tethering work by adding udev rule to disable MAC
11470 spoofing for it (Closes: #17820).
11471 - Remove broken Thunderbird protocol selection. This code has been
11472 a no-op in practice since at least Tails 4.0. We've decided to
11473 reject #17276 and investigate what the biggest problems are for
11474 email in Tails with slow/shitty Internet connections:
11475 default'ing to IMAP may, or may not, be part of these
11476 problems (Closes #17276).
11478 * Minor improvements and updates
11479 - Upgrade to Tor 0.4.3.6 (Closes: #17835).
11480 - Upgrade to Electrum 4.0.2 (Closes: #17828).
11481 - Hide Thunderbird welcome message: it is not relevant in the
11482 context of Tails. For example, it feels weird that we would
11483 encourage users to donate to Thunderbird about as loudly as we
11484 encourage them to donate to Tails. Besides, the default message
11485 is retrieved from the web when Thunderbird starts. We don't
11486 need this extra network activity.
11487 - import-translations: use *_release branches instead of
11488 *_completed branches. The new *_release branches contain exactly
11489 what we want, i.e. all reviewed translations from
11490 Transifex. While the *_completed branches only contain PO files
11491 for languages that are fully translated (Closes: #16774).
11493 * Build system
11494 - Upgrade snapshot of the Debian archive to 2020081601, including
11495 the 10.5 point release of Debian Buster (Closes: #17790).
11496 - On Bullseye and newer: use custom, fake, unversioned python
11497 packages. The unversioned python packages are not shipped in
11498 Bullseye/sid anymore, and even old versions are not installable
11499 anymore (Closes: #17858).
11500 - Import vagrant-libvirt's create_box.sh script. It's not included
11501 in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).
11503 * Test suite
11504 - Improve robustness for scenario "The Additional Software dpkg
11505 hook notices when persistence is locked down while installing a
11506 package".
11507 - Improve robustness for scenario "Use GNOME Disks to unlock a USB
11508 drive that has a basic VeraCrypt volume with a keyfile".
11509 - Improve robustness of cloning a Git repository.
11510 - Don't hammer resources of the system under test while
11511 installing/removing packages. I see every such dpkg|grep call
11512 takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
11513 default delay between checks, which I suspect is enough to slow
11514 down the package installation/removal we're exercising.
11515 - Update expected title of the GitLab page we use
11516 - Rubocop: target Ruby 2.5 (Buster).
11518 -- Tails developers <tails@boum.org> Mon, 24 Aug 2020 13:28:43 +0200
11520 tails (4.9) unstable; urgency=medium
11522 * Security fixes
11523 - Upgrade Tor Browser to 9.5.3-build1 (Closes: #17827).
11524 - Upgrade Thunderbird to 1:68.10.0-1~deb10u1 (DSA-4718).
11525 - Upgrade Linux to 5.7.0-1 at 5.7.6-1 (Closes: #17786).
11526 - Upgrade Evolution Data Server to 3.30.5-1+deb10u1 (DSA-4725).
11527 - Upgrade FFmpeg to 7:4.1.6-1~deb10u1 (DSA-4722).
11528 - Upgrade ImageMagick to 8:6.9.10.23+dfsg-2.1+deb10u1 (DSA-4712).
11529 - Upgrade NSS to 2:3.42.1-1+deb10u3 (DSA-4726).
11530 - Upgrade OpenMPT to 2:3.42.1-1+deb10u3 (DSA-4729).
11531 - Upgrade WebKitGTK to 2.28.3-2~deb10u1 (DSA-4724).
11533 * Bugfixes
11534 - Fix quoting issue triggering problems with some administration
11535 passwords (Closes: #17792).
11536 - Fix toram boot option by not starting the tails-shutdown-on-media-removal
11537 service unit in that case (Closes: #17800).
11538 - Fix keyboard setting handling in the greeter (Closes: #17794).
11539 - Make sure log messages can be displayed by Plymouth, which has strict
11540 limits, and improve parsing in tails-gdm-error-message (Closes: #17533).
11541 - Upgrade firmware-linux and firmware-nonfree to 20200421-1.
11543 * Minor improvements and updates
11544 - Ensure MAC spoofing messages are translated (Closes: #17783).
11545 - Improve failure handling for MAC spoofing (Closes: #17784).
11546 - Trigger MAC spoofing "panic" mode when the debug=test_mac_spoof_panic boot
11547 option is set.
11548 - Upgrade VirtualBox guest modules to 6.1.12-dfsg-5.
11550 * Build system
11551 - Automate post-release GitLab updates, using gitlab-triage (Closes: #17589).
11552 - Fix a lot of possible problems spotted by ShellCheck, thanks to Paul Wise.
11553 - Stop installing custom firmware: firmware-realtek 20200421-1 includes it
11554 (See: #17786, #17323).
11555 - Update Thunderbird patches (Closes: #6156, #17808).
11556 - Bump snapshot of the Debian archive to 2020071801 (Closes: #17786).
11558 * Test suite
11559 - Add shell-special chars to passwords (See: #17792).
11560 - Always test the Unsafe Browser in Farsi.
11561 - Fix support for symlinks (Closes: #17547).
11562 - Update persistence-setup test suite for a new preset in Welcome Screen
11563 settings.
11564 - Drop Thunderbird POP3 test.
11565 - Make the "the Tor Browser has started" step stricter.
11566 - Improve error output when the Unsafe Browser fails to start in some locale.
11568 -- Tails developers <tails@boum.org> Mon, 27 Jul 2020 09:03:10 +0200
11570 tails (4.8) unstable; urgency=medium
11572 * Major changes
11573 - Welcome Screen: after a large refactoring we now can persist
11574 settings (See: #17136)! Currently it is limited to the newly
11575 added option that controls whether the Unsafe Browser is allowed
11576 to start (#17085). In the next major release we'll support all
11577 options.
11579 * Security fixes
11580 - Allow to disable the Unsafe Browser in the Welcome Screen
11581 (Closes: #17085). The Unsafe Browser can be used by exploits to
11582 deanonymize the Tails user (for details, see: #15635).
11583 - Upgrade Tor Browser to 9.5.1-build2 (Closes: 17782).
11584 - Thunderbird:
11585 * Upgrade to Thunderbird 68.9.0 (DSA-4702).
11586 * Disable unsafe MX automatic configuration method (Closes:
11587 #17277).
11588 * Disable unsafe MS Exchange automatic configuration method
11589 (Closes: #17654).
11590 - Upgrade Linux kernel to linux-image-5.6.0-2 at 5.6.14-2 (Closes:
11591 #17611, #17620).
11592 - Upgrade gnutls28-based packages to 3.6.7-4+deb10u4 (DSA-4697).
11593 - Upgrade intel-microcode to 3.20200609.2~deb10u1 (DSA-4701).
11595 * Bugfixes
11596 - Trigger emergency shutdown on resume when the boot device was
11597 removed while suspended (Closes: #16787).
11598 - Thunderbird: make searching in messages (Find bar and Find in
11599 This Message) work again (Closes: #17328).
11600 - Ensure Mac Spoofing Panic messages will be correctly displayed
11601 (Closes: #17779). udev may close child processes when a process
11602 associated with a rule (/etc/udev/rules) terminates so we wait
11603 for those processes before exiting.
11604 - Wrap `seahorse-tool --import` so it is handled by `gpg --import`
11605 (Closes: #17183). This makes importing binary keys via GNOME
11606 Files integration possible again.
11608 * Minor improvements and updates
11609 - Upgrade to tor 0.4.3.5-1 (Closes: #17741).
11610 - Upgrade LibreOffice to 1:6.1.5-3+deb10u6.
11611 - Upgrade VirtualBox guest modules to 6.1.10-dfsg-1.
11612 - Append Unsafe Browser setting to WhisperBack debug info.
11614 * Build system
11615 - Upgrade snapshot of the Debian archive to 2020061003, including
11616 the 10.4 point release of Debian Buster (Closes: #17620).
11617 - Tor Browser AppArmor profile: update patch to apply on top of
11618 0.3.2-11 (Closes: #17612)
11619 - Thunderbird AppArmor profile: update patch to apply on top of
11620 68.9.0 (Closes: #17769).
11622 * Test suite
11623 - Establish a coding standards baseline on our Ruby code base
11624 using Rubocop (Closes: #17646). This *MASSIVE* change includes
11625 mainly stylistic fixes and linting but also a few bug fixes,
11626 some dead code removal and code simplifications/refactorings,
11627 spelling fixes, improved gherkin and even removal the of
11628 a few duplicated tests and merging of very similar tests.
11629 - Improve robustness of navigating the GRUB menu in UEFI mode, and
11630 consequently drop the @fragile tag on the UEFI boot scenario
11631 (Closes: #13459).
11632 - Allow configuring the number of vCPUs given to TailsToaster.
11633 Based on work done by kytv (♥) on #6729. On powerful hardware
11634 with many CPUs, Tails boots much faster with >2 vCPUs given to
11635 TailsToaster.
11636 - Disable desktop size and clipboard interference between the host
11637 system and the system under test when using --view.
11638 - Ensure we run post_snapshot_restore_hook every time it's needed.
11639 - Fix running with XDG_SESSION_TYPE unset (Closes: #17596).
11640 - Always test the localized start up page of the Unsafe Browser.
11641 - Add --keep-chutney option to keep Chutney data, but no
11642 snapshots, between runs.
11643 - Revert "Test suite: disable tests about notifications in case of
11644 MAC spoofing failure (refs: #10774)"
11645 - Verify that the Unsafe Browser is disabled by default.
11646 - Test suite: fix --image-bumping-mode.
11648 -- Tails developers <tails@boum.org> Mon, 29 Jun 2020 16:02:18 +0200
11650 tails (4.7) unstable; urgency=medium
11652 * Security fixes
11653 - Upgrade Tor Browser to 9.5-build2 (Closes: #17710).
11654 - Upgrade APT to 1.8.2.1 (DSA-4685).
11655 - Upgrade BIND to 1:9.11.5.P4+dfsg-5.1+deb10u1 (DSA-4689).
11656 - Upgrade WebKitGTK to 2.28.2-2~deb10u1 (DSA-4681).
11657 - Upgrade Thunderbird to 1:68.8.0-1~deb10u1 (DSA-4683).
11659 * Bugfixes
11660 - Improve Additional Software reliability (Closes: #17278): disable
11661 periodic APT operations entirely, adjust timeouts, force data
11662 synchronization, preserve file ownership.
11663 - Make memory erasure feature compatible with overlayfs (Closes: #15146).
11664 - Adjust various documentation for the new GitLab-based hosting.
11666 * Minor improvements and updates
11667 - Fix title of unlock-veracrypt-volume error dialog in case of incorrect
11668 password (Closes: #17668).
11669 - Clean up confusing torrc (Closes: #17706).
11671 * Build system
11672 - IUK creation: don't use extreme compression options for the outer
11673 SquashFS container refs.
11674 - IUK creation: add support for building several IUKs in parallel locally
11675 (Closes: #17657).
11676 - IUK verification: add support for fetching IUKs built in parallel on
11677 Jenkins (Closes: #17658).
11678 - Release process: generate UDFs on the alpha channel for previous
11679 non-final releases (Closes: #17614).
11680 - Remove aufs-based IUK generation code and doc (Closes: #17489).
11682 * Test suite
11683 - Adjust for augmented timeouts in Additional Software.
11684 - Adjust locale lookup to check several directories.
11685 - Speed up 'I fill a ... MiB file' step by 1000%.
11686 - Keep latest test suite screenshot (Closes: #17621).
11687 - Fix test suite breaking when the user connects to the VM via virt-viewer
11688 (Closes: #17623).
11689 - Adjust reference images and titles following the migration to GitLab
11690 (Closes: #17718, 17719).
11692 -- Tails developers <tails@boum.org> Mon, 01 Jun 2020 18:31:41 +0200
11694 tails (4.6) unstable; urgency=medium
11696 * Security fixes
11697 - Upgrade Tor Browser to 9.0.10-build2 (Closes: #17660).
11698 - Upgrade Thunderbird to 1:68.7.0-1~deb10u1 (MFSA-2020-14, DSA-4656).
11699 - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4657, DSA-4659).
11700 - Upgrade Node.js to 10.19.0~dfsg1-1 (DSA-4669).
11701 - Upgrade OpenLDAP to 2.4.47+dfsg-3+deb10u2 (DSA-4666).
11702 - Upgrade OpenSSL to 1.1.1d-0+deb10u3 (DSA-4661).
11703 - Upgrade ReportLab to 3.5.13-1+deb10u1 (DSA-4663).
11704 - Upgrade WebKitGTK to 2.26.4-1~deb10u3 (DSA-4658).
11706 * Bugfixes
11707 - Switch Japanese input method from Anthy to Mozc (Closes: #16719).
11708 - Install the libu2f-udev package, for U2F device support.
11709 - Update our list of 'Favorites' applications (Closes: #16990).
11711 * Build system
11712 - lint_po: support locales with "@" in their name, such as ru@petr1708
11713 (Closes: #17554).
11714 - perl5lib: declare missing test dependencies (Closes: #17591).
11715 - iuk: declare missing test dependencies (Closes: #17592).
11716 - Upgrade to po4a 0.55 for Tails images and Vagrant box (Closes: #17005).
11718 * Test suite
11719 - Print disk usage information when the test suite fails with “No
11720 space left” errors.
11721 - Ensure no zombie processes are left around, by cleaning subprocesses
11722 correctly (Closes: #17551).
11723 - Prevent webrick from becoming a zombie process.
11724 - Avoid test suite getting stuck due to a zero timeout.
11725 - Fix obsoletion warnings (Closes: #17552).
11726 - Add root check and --allow-non-root option (Closes: #17613). Let's
11727 make it clear running the test suite requires root privileges in
11728 the general case.
11730 -- Tails developers <tails@boum.org> Mon, 04 May 2020 18:43:38 +0200
11732 tails (4.5) unstable; urgency=medium
11734 * Security fixes
11735 - Upgrade Tor Browser to 9.0.9-build1 (Closes: #17594).
11736 - Upgrade BlueZ to 5.50-1.2~deb10u1 (DSA-4647).
11737 - Upgrade GnuTLS to 3.6.7-4+deb10u3 (DSA-4652).
11739 -- Tails developers <tails@boum.org> Mon, 06 Apr 2020 21:51:05 +0200
11741 tails (4.5~rc1) unstable; urgency=medium
11743 * Major changes
11744 - Migrate from aufs to overlayfs (Closes: #8415). This change touches
11745 many components which won't all be listed individually, but some
11746 highlights are listed below:
11747 ⋅ Adjust the build system to stop building the aufs kernel module.
11748 ⋅ Switch the kernel command line from union=aufs to union=overlayfs.
11749 ⋅ Adjust AppArmor profiles (Closes: #9045, #12112).
11750 . Adapt chroot-browsers (Closes: #12105).
11751 ⋅ Drop the aufs Git submodule.
11752 ⋅ Make memory erasure feature compatible with overlayfs
11753 (Closes: #15146).
11754 ⋅ Make Upgrader support and also generate overlayfs-based IUKs by
11755 default (Closes: #9373).
11756 - Use GRUB with Secure Boot support for x86_64 (Closes: #6560, #15806).
11757 This is also a large change, touching many components:
11758 ⋅ Install grub from bullseye.
11759 ⋅ Introduce a custom grub configuration file.
11760 ⋅ Use a custom background image.
11761 ⋅ Mimick Debian Installer's efi-image build script to handle all
11762 details in binary local hooks.
11763 ⋅ Add SYSLINUX in the syslinux bootloader menu, to make it easier to
11764 troubleshoot GRUB vs. syslinux issues (Closes: #17538).
11765 ⋅ Upgrader: Adjust to also handle files in EFI/debian when dealing
11766 with file removals.
11767 ⋅ Adjust test suite.
11768 - Migrate test suite from Sikuli to a combination of OpenCV (image
11769 matching), xdotool (mouse interaction), plus libvirt's send-key
11770 (keyboard interaction) (Closes: #15460). This is another major
11771 changes, allowing the test suite to run on Buster-based systems,
11772 touching various areas of the test suite, among which:
11773 ⋅ Add workaround for the Greeter when restoring snapshot.
11774 ⋅ Fix dependencies for Buster.
11775 ⋅ Replace some Sikuli-based options with some OpenCV-based ones
11776 (e.g. --retry-find → --image-bumping-mode).
11777 ⋅ Handle non-English keyboards.
11778 ⋅ Fix --capture on Buster and above.
11779 ⋅ Deal with Buster having migrated from avconv to ffmpeg.
11781 * Security fixes
11782 - Upgrade ICU to 63.1-6+deb10u1 (DSA-4646).
11784 * Minor improvements and updates
11785 - Refactor tails-documentation (Closes: #16903).
11787 * Build system
11788 - Freeze APT snapshots for 4.5~rc1.
11789 - Rakefile: always disable website caching when building from a tag
11790 (Closes: #17513).
11791 - Rakefile: fix recommended permissions (libvirt needs +r to share the
11792 source tree with the Vagrant box).
11793 - Import persistence-setup.git from its own repository into tails.git
11794 (Closes: #17526, #6487).
11795 - IUK: ensure rsync runtime dependency is installed.
11797 * Test suite
11798 - Adjust for the aufs → overlayfs migration (Closes: #12106, #17440,
11799 #17451).
11800 - run_test_suite: don't print usage on error.
11801 - run_test_suite: --view/--vnc-server-only are only supported on x11.
11802 - Optimize checking if file is empty.
11803 - Speed up some test failures to avoid resource starvation.
11804 - Check for tcplay dependency.
11805 - Increase chances chutney starts after unclean shutdown.
11806 - Make chutney log what it is doing.
11807 - Make opening Thunderbird's Extensions tab more robust.
11809 -- Tails developers <tails@boum.org> Thu, 26 Mar 2020 22:51:35 +0100
11811 tails (4.4.1) unstable; urgency=medium
11813 * Security fixes
11814 - Upgrade Tor Browser to 9.0.7-build1 (Closes: #17539).
11815 - Upgrade tor to 0.4.2.7 (Closes: #17531).
11816 - Upgrade Thunderbird to 1:68.6.0-1~deb10u1 (MFSA-2020-10, DSA-4642).
11817 - Upgrade WebKitGTK to 2.26.4-1~deb10u2 (DSA-4641).
11819 * Build system
11820 - lint_po: avoid race conditions when checking PO files (Closes: #17359).
11822 -- Tails developers <tails@boum.org> Sun, 22 Mar 2020 20:27:47 +0100
11824 tails (4.4) unstable; urgency=medium
11826 * Security fixes
11827 - Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
11828 - Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
11829 (Closes: #17477).
11830 - Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
11831 - Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
11832 - Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
11833 - Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
11834 - Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
11835 - Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).
11837 * Bugfixes
11838 - Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
11839 tails-workarounds provided firmwares until the firmware-realtek
11840 package is updated with the patch by Sjoerd Simons (Debian#935969).
11841 Note: This might not be sufficient to support those cards.
11843 * Minor improvements and updates
11844 - Upgrade dogtail to 0.9.11-6.
11845 - Upgrade virtualbox to 6.1.4-dfsg-1.
11847 * Build system
11848 - Vagrant build box: disable mitigation features for CPU
11849 vulnerabilities (Closes: #17386). Given the kind of things we do in
11850 our Vagrant build box, it seems very unlikely that vulnerabilities
11851 such as Spectre and Meltdown can be exploited in there. Let's
11852 reclaim some of the performance cost of the corresponding mitigation
11853 features.
11854 - Enable website caching by default, with a way option to disable it
11855 (Closes: #17439).
11856 - Key the website cache on debian/changelog too (Closes: #17511).
11857 - Update APT snapshot of the Debian archive to 2020030101.
11858 - Add support for the tails-workarounds submodule.
11860 -- Tails developers <tails@boum.org> Wed, 11 Mar 2020 10:59:10 +0100
11862 tails (4.3) unstable; urgency=medium
11864 * Security fixes
11865 - Upgrade Tor Browser to 9.0.5-build2 (Closes: #17469).
11866 - Update Linux kernel to linux-image-5.4.0-3-amd64, currently at
11867 5.4.13-1 (Closes: #17443).
11868 - Upgrade Thunderbird to 1:68.4.1-1~deb10u1
11869 - Upgrade WebKitGTK to 2.26.3-1~deb10u1 (DSA-4610).
11871 * Bugfixes
11872 - live-persist: don't backup empty configuration files (Closes:
11873 #17112). In some cases, the previous code would overwrite a
11874 non-empty backup file with an empty one, making it harder to
11875 recover from the already painful #10976.
11876 - create-usb-image-from-iso: Run syslinux within proper chroot
11877 (Closes: #17179). Previously we ran syslinux from the host,
11878 which can lead to bugs if its versions differs from the one
11879 inside the chroot (which is what Tails will use later). Thanks
11880 to Johan Blåbäck for the patch!
11881 - Tails Upgrader: Fix progress bar not pulsating and hide useless
11882 OK button (Closes: #16603).
11884 * Minor improvements and updates
11885 - Upgrade tor to 0.4.2.6 (Closes: #17059).
11886 - Install the trezor package, which adds a command-line (only)
11887 tool for managing Trezor devices (Closes: #17463). Thanks to
11888 Pavol Rusnak for the patch!
11889 - As a consequence of the Linux kernel upgrade we also:
11890 * Upgrade aufs to 5.4.3 20200127.
11891 * Install VirtualBox guest tools and kernel modules from sid.
11893 * Build system
11894 - Upgrade snapshot of the Debian archive to 2020020302, including
11895 the 10.3 point release of Debian Buster (Closes: #17458).
11896 - Add opt-in caching of the wiki (Closes: #15342).
11897 - Use mksquashfs' -no-exports option even when the fastcomp build
11898 option is set. "fastcomp" is supposed to only tweak SquashFS
11899 compression settings, but so far it was also disabling the
11900 -no-exports option that we set for our release builds.
11901 - Drop a bunch of packages installed for ikiwiki for various
11902 (obsoloete) resons:
11903 * libfile-chdir-perl, libyaml-perl and libxml-simple-perl which
11904 was needed back when we built our own ikiwiki from Git… a
11905 looong time ago.
11906 * libtext-multimarkdown-perl used multimarkdown ikiwiki which
11907 its doubtful we ever will use.
11908 * libhtml-scrubber-perl, libhtml-template-perl,
11909 libhtml-parser-perl, libyaml-libyaml-perl and liburi-perl
11910 which are already installed as ikiwiki dependencies.
11911 - Install libimage-magick-perl instead of the perlmagick
11912 transitional package.
11913 - Don't install obsolete dependencies whois and eatmydata.
11914 - Consistently validate individual build options as we parse them.
11915 This is consistent with how we handled "fastcomp" already. Only
11916 compatibility checks between multiple build options really need
11917 to happen later, once we've parsed all build options.
11918 - Remove 5 years old transition code
11919 - Fully provision the Vagrant box every time it starts, and
11920 partially re-provision it for every build.
11921 - Behave correctly when disabling a previously set "offline" or
11922 "vmproxy+extproxy" build option. Previously, setting one of
11923 these build options *once* would taint the Vagrant box forever
11924 with the resulting apt-cacher-ng configuration.
11925 - Shrink the apt-cacher-ng cache after a successful build too
11926 (Closes: #17288).
11927 - Set up infrastructure to retrieve log file from the VM even on
11928 build failure (Closes: #7749).
11929 - Always build from a fresh Git clone.
11930 - Set the permissions that Vagrant needs inside the source tree
11931 (Closes: #11411, #16607, #17289).
11933 * Test suite
11934 - Remove Seahorse key synchronization scenarios. These 2 scenarios
11935 never pass due to #17169, so currently:
11936 * They don't teach us anything new → no benefit.
11937 * Every time a developer looks at test suite results,
11938 they need to filter out this known problem, which takes time
11939 and trains us to ignore problems.
11941 -- Tails developers <tails@boum.org> Mon, 10 Feb 2020 14:08:59 +0100
11943 tails (4.2.2) unstable; urgency=medium
11945 * Major changes
11946 - Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)
11948 * Bugfixes
11949 - Avoid the Upgrader proposing to upgrade to the version
11950 that's already running (Closes: #17425)
11951 - Avoid 2 minutes delay while rebooting after applying an automatic
11952 upgrade (Closes: #17026)
11953 - Make Thunderbird support TLS 1.3 (Closes: #17333)
11955 * Build system
11956 - IUK generation: don't make all files in the SquashFS diff
11957 owned by root, otherwise an upgraded system cannot start
11958 (Closes: #17422)
11960 -- Tails developers <tails@boum.org> Mon, 13 Jan 2020 09:21:51 +0000
11962 tails (4.2) unstable; urgency=medium
11964 * Major changes
11965 - Switch to a redesigned upgrade system (Closes: #15281), which:
11966 - removes the need for manual upgrades caused by lack of disk space
11967 on the Tails device
11968 - uses less RAM
11969 - Bump snapshot of the Debian archive to 2019122802
11971 * Security fixes
11972 - Upgrade Tor Browser to 9.0.3 (Closes: #17402)
11973 - Upgrade Linux to 5.3.15-1 (Closes: #17332)
11974 and upgrade the aufs module to 5.3-20191223
11975 - Upgrade Thunderbird to 1:68.3.0-2~deb10u1
11976 - Upgrade libsasl2 to 2.1.27+dfsg-1+deb10u1
11977 - Upgrade python3-ecdsa to 0.13-3+deb10u1
11979 * Bugfixes
11980 - KeePassXC:
11981 - Open ~/Persistent/keepassx.kdbx by default again (Closes: #17212)
11982 - Open the database specified by the user on the command-line, if any
11983 - Fix database renaming prompt
11984 - Upgrader:
11985 - Ensure debugging info lands in the Journal before we refer to it
11986 - Catch more download errors
11987 - Upgrade amd64-microcode to 3.20191218.1, which removes firmware
11988 updates that cause issues
11990 * Minor improvements and updates
11991 - Add metadata analysis tools used by SecureDrop (Closes: #17178)
11992 - Refresh the signing key before checking for available upgrades
11993 (Closes: #15279)
11994 - Port the Upgrader and perl5lib to a set of dependencies that are
11995 faster and have a lower memory footprint (Closes: #17152)
11996 - Ensure IUKs don't include files of our website if their content
11997 has not changed (refs: #15290)
11998 - Zero heap memory at allocation time and at free time (Closes: #17236)
12000 * Build system
12001 - Import the Upgrader and perl5lib codebases into tails.git
12002 (part of #7036)
12003 - lint_po: ignore pre-existing rply cache file that can cause
12004 trouble if it's corrupted (Closes: #17359)
12005 - Move generate-languages-list to auto/scripts
12006 - import-translations: work around the lack of usable branches
12007 in Tor's translation.git (Closes: #17279)
12008 - Build released IUKs on Jenkins and verify that they match
12009 those built locally by the Release Manager (Closes: #15287)
12010 - Don't download every localized Tor Browser tarball: instead,
12011 use the new tarball that includes every langpacks (Closes: #17400)
12013 * Test suite
12014 - Adapt for the "one single SquashFS diff" upgrade scheme
12015 - Chutney: update to upstream 33cbff7fc73aa51a785197c5f4afa5a91d81de9c
12016 (Closes: #16792)
12017 - Fix tagging of Chutney exit relays and bridge authorities
12018 - Tag Chutney clients as such
12019 - Wait for all Chutney nodes to have bootstrapped before assuming
12020 the simulated Tor network is ready
12021 - Don't try to save tor control sockets as artifacts
12022 - Add a crude script to generate IUKs for our test suite
12024 -- Tails developers <tails@boum.org> Mon, 06 Jan 2020 16:25:22 +0000
12026 tails (4.1.1) unstable; urgency=medium
12028 * Bugfixes
12029 - Drop all network drivers from the initramfs to shrink its size
12030 drastically. Going over the 32 MiB mark might be the reason why so
12031 many Apple machines can't boot 4.1 while they could boot 4.0
12032 (Closes: #17320).
12033 - Only allow up to (but excluding) 32 MiB for initramfs accordingly.
12035 * Minor improvements and updates
12036 - Fix escape sequence in tails-gdm-failed-to-start.service, to avoid a
12037 warning message (Closes: #17166).
12039 -- Tails developers <tails@boum.org> Sun, 15 Dec 2019 23:51:25 +0100
12041 tails (4.1) unstable; urgency=medium
12043 * Major changes
12044 - Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
12045 (MFSA-2019-37).
12046 - Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).
12047 - Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.
12049 * Security fixes
12050 - Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).
12051 - Disable unprivileged userfaultfd syscall (Closes: #17196).
12052 - Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).
12053 - Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).
12054 - Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)
12055 - Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
12056 CVE-2019-0117).
12057 - Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).
12058 - Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).
12059 - Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).
12060 - Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
12061 CVE-2019-17595).
12062 - Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
12063 CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
12064 CVE-2019-9947).
12065 - Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).
12066 - Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).
12067 - Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).
12069 * Bugfixes
12070 - Remove TorBirdy (Closes: #17219, #17269).
12071 - Use keys.openpgp.org's Onion service as the default keyserver
12072 (Closes: #12689, #14770).
12073 - Fix ordering of GTK bookmarks setup vs. Tor Browser directories
12074 creation (Closes: #17206).
12075 - Bring back the "Show Passphrase" button in the Greeter
12076 (Closes: #17177).
12077 - Bring back "Open in Terminal" entry in the GNOME Files context menu
12078 (Closes: #17186).
12079 - Revert "Browsers: disable the Quantum Bar." (Closes: #17143).
12080 - Revert "Hide all Tor connection-related settings in
12081 about:preferences in all browsers" (Closes: #17214).
12082 - Wait until Tor has bootstrapped before we try to upgrade Additional
12083 Software (Closes: #17203).
12084 - Fix the "GDM failed to start" splash screen functionality
12085 (Closes: #17200).
12087 * Minor improvements and updates
12088 - htpdate: stop sending User-Agent that fakes Tor Browser
12089 (Closes: #12023).
12090 - HTP: replace encrypted.google.com with www.google.com.
12091 - Remove signal handler from Greeter UI file (Closes: #17240).
12092 - Upgrade AMD microcode to 3.20191021.1.
12093 - Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1
12094 (Debian#907999).
12096 * Build system
12097 - Update Vagrant box to Buster (Closes: #16868).
12098 - Adjust to timedatectl's output on Buster.
12099 - Adjust to Buster's debootstrap.
12100 - Vagrant: ensure the chroot has a /proc filesystem while running
12101 postinstall.sh
12102 - Vagrant: install po4a from Stretch in the basebox.
12103 - build-tails: wait for NTP to be disabled before setting the desired
12104 date.
12105 - Bump APT snapshot of the Debian archive to 2019111801, including the
12106 10.2 point release of Buster (Closes: #17124, #17021).
12107 - Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
12108 (Closes: #17161).
12110 * Test suite
12111 - Ensure we don't break tests by opening the Applications menu in
12112 post_vm_start_hook (Closes: #17164).
12113 - Improve GnuPG testing (Closes: #12689):
12114 · Switch to using sajolida's key.
12115 · Start adjusting for keys.openpgp.org.
12116 · Make the "GnuPG's dirmngr uses the configured keyserver" step
12117 actually test what it is meant to.
12118 · Make error strings better reflect what failure they are about.
12119 · Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
12120 infrastructure.
12121 - Ensure dirmngr picks up the changes we make to its configuration.
12122 - Switch backend keyservers (Closes: #14770).
12123 - Don't leave redir(1) processes behind (Closes: #14948).
12124 - Update image for Buster (Closes: #14770).
12125 - Update fragility status of Seahorse scenarios.
12126 - Avoid multiple instances of tcpdump writing to the same file,
12127 resulting in an unparsable network capture (Closes: #17102).
12128 - Update for Thunderbird 68 (Closes: #17269).
12130 * Documentation:
12131 - Remove or adapt mentions to Tails Installer as only installation
12132 method (Closes: #17204).
12133 - Add a warning about which Tails to run rsync from (Closes: #17197).
12135 -- Tails developers <tails@boum.org> Mon, 02 Dec 2019 22:23:35 +0100
12137 tails (4.0) unstable; urgency=medium
12139 * Major changes
12140 - Upgrade Tor Browser to 9.0-build2, based on Firefox ESR 68.2.
12142 * Security fixes
12143 - Upgrade IBus to 1.5.19-4+deb10u1.0tails1 (Closes: #17144)
12144 - Upgrade sudo to 1.8.27-1+deb10u1
12146 * Bugfixes
12147 - Fix regressions brought by the integration of Tor Browser 9.0:
12148 · Fix non-English spellchecking (Closes: #17150)
12149 · Unsafe Browser: don't enable private browsing mode, don't display
12150 Tor Browser icons, hide the new "New identity" toolbar button
12151 (Closes: #17142)
12152 · Hide all Tor connection-related settings in about:preferences
12153 (Closes: #17157)
12154 - Fix Stealth Onion services in OnionShare (Closes: #17162)
12155 - Upgrade OpenSSL to 1.1.1d-0+deb10u2
12157 * Minor improvements and updates
12158 - Don't include the locales package (Closes: #17132)
12159 - Update htpdate's User-Agent to match Tor Browser 9.0's
12161 * Test suite
12162 - Only partially fill memory for userspace processes (Closes: #17104)
12163 - Drop the "Unsafe Browser has no proxy configured" step, that's hard
12164 to update and adds little value
12165 - Various updates for Tor Browser 9.0 final
12166 - Make the "SSH is using the default SocksPort" scenario more robust
12167 (Closes: #17163)
12169 -- Tails developers <tails@boum.org> Mon, 21 Oct 2019 10:24:56 +0000
12171 tails (4.0~rc1) unstable; urgency=medium
12173 * Major changes
12174 - Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
12175 - Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
12176 Accordingly:
12177 · Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
12178 · Disable the update check (Closes: #15483).
12179 - Curate the list of languages in Tails Greeter (Closes: #16095).
12180 Only include languages which meet one of these conditions:
12181 · Have a PO file in tails.git (i.e. have at least one translated
12182 and reviewed string)
12183 · Are on our list of tier-1 supported languages.
12184 - Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
12185 - Bump APT snapshots of the 'debian' and 'torproject' archives
12186 to 2019100904. This includes the update to the Buster 10.1
12187 point-release.
12189 * Security fixes
12190 - Drop NoScript customization that makes our web fingerprint diverge
12191 from Tor Browser's (related to #5362).
12192 - Enable Buster security APT sources (Closes: #17119).
12193 - Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
12194 and more security fixes).
12195 - Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
12196 flooding attack.
12197 - Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
12198 - Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
12199 - Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
12200 - Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
12201 - Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
12202 - Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
12203 - Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
12204 - Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
12205 - Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
12206 CVE-2019-11729).
12207 - Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
12208 DSA-4483-1, and CVE-2019-9848).
12209 - Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
12210 - Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
12211 - Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
12212 CVE-2019-13118).
12213 - Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
12214 - Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
12215 - Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
12216 - Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).
12218 * Bugfixes
12219 - Ensure that tor-has-bootstrapped systemd units are stopped
12220 if tor@default.service stops; replace the tor-has-bootstrapped
12221 script with a tor_has_bootstrapped() function that checks the status
12222 of tails-tor-has-bootstrapped.target (Closes: #16664).
12223 - Fix MIME info data build reproducibility (Closes: #17023).
12224 - Fix missing GNOME bookmarks, by adding them earlier in the session
12225 login process (Closes: #17030).
12226 - Increase left dock width in GIMP's sessionrc (Closes: #16807).
12227 - Use hardware defaults for the touchpad click method (Closes: #17045).
12228 - Fix image thumbnails in GNOME Files (Closes: #17062).
12229 - Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
12230 (Closes: #17060).
12231 - Fix sdhci-pci support.
12232 - Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
12233 - Fix administration password not being applied in some cases
12234 (Closes: #13447).
12235 - Fix Greeter settings being applied when clicking "Cancel"
12236 (Closes: #17087).
12237 - Fix bridge information not always shown when the user selects
12238 bridge mode in the Greeter.
12239 - Fix path in whisperback's debugging info (Closes: #17109).
12240 - Fix Tor Browser functionality that was broken when it was started
12241 by clicking a link in Thunderbird (Closes: #17105).
12242 - Fix WhisperBack that was broken due to an expired X.509 certificate:
12243 stop using TLS (we already have end-to-end encryption via OpenPGP,
12244 plus end-to-end encryption and remote peer authentication via
12245 Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
12246 - Install Stretch's po4a (0.47-2) from our custom APT repository:
12247 the upgrade to Buster's version will need more work and coordination
12248 (Closes: #17127).
12249 - Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
12250 Regression introduced when we upgraded to Tor Browser based on Firefox
12251 ESR 60.
12252 - Mention USB images as a valid installation technique when trying
12253 to create a persistent volume on a device that can't have one
12254 (Closes: #17025).
12256 * Minor improvements and updates
12257 - Add iPhone USB tethering support (Closes: #16180).
12258 - Install Enigmail from Buster (Closes: #16978).
12259 - Disable GDM debug logs (Closes: #17011).
12260 - Hide less common keyboard layouts in the Greeter (Closes: #17084).
12261 - Major refactoring and cleanup of Tails Greeter (Closes: #17098).
12262 - Use a localized page for the Greeter help window, if available
12263 (Closes: #17101).
12264 - Separate Chinese into simplified and traditional scripts
12265 in the Greeter (Closes: #16094).
12266 - Allow the user to show the passphrase they're typing when creating
12267 a new persistent volume (Closes: #15102).
12268 - When saving persistence.conf or its backup, also run sync(1)
12269 on its parent directory (might help fix #10976).
12270 - Improve Tails Installer wording (Closes: #15564).
12271 - Update tor to 0.4.1.6-1~d10.buster+1.
12272 - Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.
12274 * Build system
12275 - SquashFS sort file: remove more noise.
12276 - Improve lint_po's UX (refs: #16864).
12277 - Import our pythonlib, previously included as a submodule (Closes: #16935).
12278 - Use a consistent, standard Python packages directory (Closes: #17082).
12280 * Test suite
12281 - Make various steps more robust:
12282 · "all notifications are disappeared" (Closes: #17012)
12283 · "Additional Software is correctly configured for package"
12284 · "I unlock and mount this VeraCrypt file container
12285 with Unlock VeraCrypt Volumes"
12286 · "I open the Unsafe Browser proxy settings dialog"
12287 · starting apps via the GNOME Activities Overview (Closes: #13469)
12288 · "I start the Tor Browser in offline mode"
12289 - Handle Guestfs::Error exceptions.
12290 - Provide guidance to fix problematic situation.
12291 - Update various reference images for Buster.
12292 - Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
12293 matching is enabled (Closes: #17029).
12294 - Dogtail'ify all interactions with gedit (Closes: #17028).
12295 - New test: ensure that no experimental APT suite is enabled
12296 for deb.torproject.org (Closes: #16931).
12297 - Remove dead IRC-related code and dependencies.
12298 - Take into account that Evince and Tor Browser's print-to-file dialogs
12299 are rendered in a subtly different manner.
12300 - Drop fragile tag for actual Tails bugs (#17007).
12301 - Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
12302 - Fix regression in the Persistent browser bookmarks scenario
12303 (Closes: #17125).
12305 -- Tails developers <tails@boum.org> Thu, 10 Oct 2019 11:23:53 +0000
12307 tails (4.0~beta2) unstable; urgency=medium
12309 * All changes included in Tails 3.16, see the corresponding changelog entry.
12311 * Major changes
12312 - Upgrade tor to 0.4.1.5 (Closes: #16986).
12314 * Security fixes
12315 - Upgrade the Linux kernel to 5.2.0-2 (Closes: #16942).
12316 This mitigates the Spectre v1 swapgs vulnerability (CVE-2019-1125).
12317 Accordingly, aufs to aufs5.2 20190805.
12318 - Install enigmail from Bullseye (Closes: #16738).
12319 This fixes CVE-2019-12269.
12321 * Bugfixes
12322 - tails-unblock-network: only sleep until all-net-blacklist.conf is gone,
12323 instead of unconditionally delaying the login process for 5 seconds
12324 (Closes: #16805).
12325 - Terminate GDM's GNOME session after the amnesia user logs in,
12326 to free 200-300 MiB of memory (Closes: #12092).
12327 Temporarily enable GDM debug logs so we get enough information to fix
12328 any issue this might cause.
12329 - Make our KeePassXC wrapper translatable (Closes: #16952).
12330 - Adjust boot-time backports APT pinning for Buster.
12331 - Ensure we don't install unwanted packages even if they become
12332 "Priority: standard" again (Closes: #16949).
12333 - Move some GNOME apps to different menu categories (Closes: #16981).
12334 - Update HTP pools: replace boum.org (invalid certificate) with puscii.nl,
12335 replace www.myspace.com with myspace.com (the former redirects to
12336 the latter).
12337 - AppArmor: allow OnionShare to open URLs with Tor Browser (Closes: #16914).
12338 - Make file transfers with Spice reliable.
12340 * Minor improvements and updates
12341 - Greeter: improve formatting of printed exceptions.
12342 - Use the same icon for Tails Documentation in the Applications menu
12343 as on te Desktop (Closes: #16800).
12344 - Drop migration path from GnuPG persistent configuration created
12345 in the Tails 2.x era.
12346 - Remove various hacks that we don't need on Buster anymore.
12347 - Stop installing libcaribou-gtk3-module (Closes: #16757).
12348 - Stop installing python-cairo: mat2 does not use it anymore.
12349 - tails-unblock-network: have udev reload the databases it uses.
12350 This should avoid our fix for #16805 introducing regressions.
12352 * Build system
12353 - Bump APT snapshot of the 'debian' and 'torproject' archives
12354 to 2019090202.
12355 - Import the Greeter codebase into tails.git (Closes: #16912).
12356 - Explicitly install gnome-shell to make the set of installed packages
12357 more deterministic (related to #16947).
12358 - Don't try to follow symlinks when normalizing timestamps on source files.
12359 - Add missing "set -u" to build-time hook.
12360 - Use consistent method to extract translatable strings from Glade files.
12361 - Create gdm-tails related files from the original GNOME files
12362 (Closes: #12551).
12363 - Stop installing libimage-exiftool-perl explicitly: mat2 depends on it
12364 already.
12365 - Rakefile: disable compression when retrieving artifacts via scp.
12366 This makes this build step faster on systems that have SSH compression
12367 enabled by default.
12368 - import-translations: use tails-misc_release for tails.git's PO files
12369 (i.e. the Tails part of #16774).
12370 - Use squashfs-tools from sid (Closes: #16637).
12371 - Lower VM_MEMORY_BASE to 1536M.
12372 - Remove unneeded package cleanup (Closes: #16950).
12374 * Test suite
12375 - New scenario: installing with GNOME Disks from a USB image
12376 (Closes: #16004).
12377 - New scenarios: VeraCrypt PIM support (Closes: #15946).
12378 - Revert timeout bump that's not needed anymore.
12379 - Add a showing method on Dogtail objects.
12380 - VeraCrypt: ensure the temporary keyfile file is not garbage collected
12381 while we still need it.
12382 - Remote shell: print traceback to stderr so we can see it.
12383 - Install Dogtail from Bullseye and run it with Python 3 (Closes: #16976).
12384 This gives us UTF-8 support. Accordingly, drop anonym's "showingOnly"
12385 patch that was merged upstream, and port some test suite code to Dogtail,
12386 which we could not do before it got UTF-8 support.
12387 - Dogtail'ify some steps.
12388 - Make "^the Tor Browser shows the "([^"]+)" error$" step more robust
12389 (Closes: #11592.
12390 - Make the "the support documentation page opens in Tor Browser" step more
12391 robust (Closes: #15321)
12392 - Remove a bunch of obsolete @fragile tags, update the reasons why
12393 the remaining ones are fragile, and add some missing @fragile tags.
12394 - Drop useless code based on wrong assumptions (refs: #13470).
12395 - Make the "I set an administration password" step more robust.
12397 -- Tails developers <tails@boum.org> Mon, 02 Sep 2019 19:55:24 +0000
12399 tails (4.0~beta1) unstable; urgency=medium
12401 * Major changes
12402 - Upgrade to a snapshot of Debian 10 (Buster) from 2018-08-06.
12404 * Removed features
12405 - Remove scribus completely (refs: 16290).
12406 - Remove LibreOffice Math (#16911).
12408 * Bugfixes
12409 - Fix Electrum wrapper's persistence check (Closes: #16821).
12410 - Remove pre-generated Pidgin accounts (Closes: #16744).
12411 - Hide the security level button in the unsafe browser (Closes:
12412 #16735).
12413 - Only hide unlocked TailsData partitions from the boot device
12414 (Closes: #16789).
12416 * Minor improvements and updates
12417 - Remove KeePassX and replace it with KeePassXC (Closes:
12418 #15297). As KeePassX was used around for a longer time, we don't
12419 need automatic upgrading cappability from old KeePass file
12420 format (Tails 2 times). The user can still import those old
12421 files, if they want to access it.
12422 - Ship a pre-compiled AppArmor policy to make boot faster (Closes:
12423 #16138).
12424 - Change the splash screen for Tails 4.0 (#16837). Add SVG source
12425 while we're at it!
12426 - Remove our predefined bookmarks and ship default upstream Tor
12427 Browser bookmarks instead (Closes: #15895).
12428 - Install bolt for improved Thunderbolt support (Closes: #5463).
12429 - Don't display the Home launcher on the desktop (Closes: #16799).
12430 Since the switch to the desktop-icons GNOME Shell extension, the
12431 nicer XDG-blah name ("Home" in English, translated in many
12432 languages) is not used to label this launcher anymore: instead,
12433 the name of the directory is displayed, in this case: "amnesia",
12434 which makes no sense to our users. Our other options to fix that
12435 are more costly and we've decided a while ago, when I proposed
12436 to remove the desktop icons, to keep them until they were too
12437 expensive to support. So this one goes: we have the Places menu
12438 already.
12439 - Add Files to favorite apps (Closes: #16799). This gives another
12440 entry point to the home folder, which partially mitigates any UX
12441 regression that might be caused by the previous changelog entry.
12442 - Explicitly install imagemagick. We ship it on purpose (see
12443 [[contribute/meetings/201707]]).
12444 - MAT:
12445 * Drop obsolete optional MAT dependencies it isn't using any
12446 more.
12447 * Stop explicitly installing MAT dependencies. The package
12448 depends on those so we don't need to pull them ourselves.
12449 - Move translations from root-terminal.desktop.in into own PO
12450 files (Closes: #15335).
12451 - Drop obsolete live-boot patch: the bug it workarounds only
12452 happens with CONFIG_AUFS_DEBUG enabled. We disable
12453 CONFIG_AUFS_DEBUG in config/chroot_local-hooks/13-aufs and the
12454 Debian package did it as well (Refs: Debian#886329).
12455 - Rename /usr/share/amnesia to /usr/share/tails.
12456 - Drop APT pinning for non-existing live.debian.net, that we
12457 haven't used since 2010.
12458 - Don't install the cryptsetup initramfs integration and startup
12459 scripts (Closes: #16264). We probably only need the binaries.
12460 Not installing the initramfs integration will get rid of some
12461 noise
12462 - Don't install full-blown cryptsetup, take 2 (refs: #15690). We've
12463 stopped installing it (#16264) but this branch independently
12464 reintroduced it.
12465 - Disable live-tools.service (Closes: #16324). This service is only
12466 useful to display the "Please remove the live-medium, close the
12467 tray (if any) and press ENTER to continue:" prompt on shutdown,
12468 that we don't want to display in Tails: shutdown and memory
12469 erasure should not require a confirmation once the user has
12470 triggered it. In Stretch this code was broken and we were
12471 relying on this. But the Buster upgrade of this code has
12472 repaired it, so I sometimes see that prompt. This might also
12473 explain some issues such as #16312.
12474 - AppArmor: allow cups-brf, driverless, and gutenprint53+usb
12475 printer backends (Closes: #15030). Technically, cups-brf and
12476 driverless are not third-party and should be confined more
12477 strictly with "ixr", under the cupsd profile. But I don't know
12478 how to to test these backends and confining them more strictly
12479 may break them. Anyway, that's an upstream matter: the purpose
12480 of our Tails-specific patch is to replace the third party
12481 backends /usr/lib/cups/backend/* catch all rule, that doesn't
12482 work for us, and not to keep the list of backends which come
12483 with CUPS up-to-date.
12484 - Make export_gnome_env() exit early if gnome-shell isn't running.
12485 Without this e.g. the automated test suite, which will call
12486 export_gnome_env() before gnome-shell is running, will have its
12487 journal polluted with errors about this. This is not the first
12488 time I see this and get worried and waste minutes investigating,
12489 so let's just fix it.
12491 * Build system
12492 - Bump VM_MEMORY_BASE to 2048M. With the previous 1024M setting,
12493 the squashfs preparation gets OOM-killed.
12494 - Limit the memory used by mksquashfs to 512M (Closes: #16177). By
12495 default mksquashfs will use 25% of the physical memory. So when
12496 we use the "ram" build option, build in a VM with 13GB of RAM,
12497 of which up to 12G is supposed to be used by the build tmpfs,
12498 mksquashfs will try using 13/4 = 3.25G of memory. And then it
12499 will get reaped by the OOM killer more or less occasionally
12500 depending on how much space is really used in the build tmpfs
12501 and how much memory the rest of the system is using. So let's
12502 limit the memory used by mksquashfs to 50% of the memory we
12503 allocate to the build VM, excluding the part of it that we
12504 expect tmpfs data to fill. In passing, the fact mksquashfs does
12505 not get killed every time suggests that our current
12506 BUILD_SPACE_REQUIREMENT value exceeds the real needs of a build:
12507 a value around 10 or 11G should be enough. But that will be for
12508 another commit.
12509 - Use xz with default settings to compress non-release SquashFS
12510 (refs: #16177). squashfs-tools 1:4.3-11, used to build
12511 feature/buster, does not consistently honor the value passed to
12512 -mem: the xz compressor does but at least the gzip and lzo ones
12513 don't. This makes the build often fail because mksquashfs gets
12514 reaped by the OOM-killer. Our only other option is currently to
12515 bump the build VM memory a lot, which is going to be painful on
12516 developers' systems and might not be an option on Jenkins. So
12517 let's fall back to xz with default settings (not the crazy slow
12518 but efficient we use at release time) when building non-release
12519 images.
12520 - Rename the "gzipcomp" build option to "fastcomp". What matters
12521 in the "user" interface is not the exact algorithm that's used,
12522 it's the fact it's supposed to be faster than the compression
12523 settings we use to build releases. We may have to changes these
12524 fast(er) settings occasionally, possibly to use a non-gzip
12525 algorithm. So let's keep supporting "gzipcomp" for backward
12526 compatibility but stop documenting it. Instead, support and
12527 document "fastcomp".
12528 - Add the vmproxy+extproxy build option. When enabled, use the
12529 vmproxy but configure it to in turn use the exproxy set via the
12530 http_proxy environment variable.
12531 - Support the case when we don't ship a custom AppArmor feature
12532 set. Let's keep this sanity check for the times when we do ship
12533 a custom feature set, but building an ISO without a custom one
12534 should remain supported. (Closes: #15149)
12535 - Don't remove packages whose deinstallation removes most of the
12536 system; don't explicitly remove packages that are taken care of
12537 by "apt-get autoremove" already. On Buster, removing dpkg-dev
12538 or make deinstalls python3, gnome-shell and more.
12539 - Install all "Priority: standard" packages via an explicit
12540 packages list instead of via --tasks (Closes: #15690). This will
12541 make it easier to remove some of these packages from the list of
12542 those that should be installed in the first place, as opposed to
12543 letting them be installed by tasksel only to uninstall them
12544 later. I've seeded tails-000-standard.list with the output of:
12545 tasksel --task-packages standard | sort … run on a clean Buster
12546 system. Also:
12547 * live-build forcibly translates --packages-lists="standard"
12548 into "tasksel install standard", so to make this change
12549 effective we also need to switch to "--packages-lists
12550 minimal" or "--packages-lists none". The former has
12551 problematic side-effects so let's use the latter.
12552 * Add to tails-common.list some of the packages that were
12553 previously installed automatically, e.g. via live-build's
12554 lists/standard → lists/minimal.
12556 * Test suite
12557 - Tons of tiny updates for the Stretch → Buster transition, mainly
12558 updated reference images, but also a few other trivial changes
12559 (e.g. close with Alt+F4 instead of menu, or vice versa) due to
12560 changes in applications.
12561 - Drop test case about migrating from a Jessie-area persistent
12562 volume. If our code happens to support Tails 2.x → 4.x upgrades
12563 without going through 3.x, fine. But let's not spend cycles in
12564 our CI to guarantee this.
12565 - Revert "Test suite: add backward compatibility with redir <
12566 3.0." We don't support running the test suite on Jessie anymore.
12567 - Adjust dhclient listening address for Buster.
12568 - Bump timeout for poweroff from 3 to 10 minutes (Refs: #16312).
12569 - Adjust dogtail patterns for gobby test (Closes: #16335). With the
12570 gobby upgrade from 0.5.0 to 0.6.0 pre-series, the case changed a
12571 little for a menu item and the window it leads to.
12572 - Update key shortcut to close seahorse's Preferences window
12573 (Closes: #16341). The “Close” button is gone from the
12574 Preferences window in the buster version of the seahorse
12575 package, making it impossible to close that window. Switch to
12576 sending ESC instead of Alt-C.
12577 - Update MAT test case for MAT2 (Closes: #16623).
12578 - Add debug logging for when we call Sikuli. When following a
12579 (debug) log live (through `--format debug`) I find this change
12580 useful to know what is going on *right now* since Sikuli only
12581 reports what it has done after it is done.
12582 - Be more careful when finding ASP notifications. For some reason
12583 both the label and button has a "weird" invisible (despite
12584 `showingOnly`) twin located just below the Applications
12585 menu. So let's make some extra effort to actually find the real
12586 notification, and then look for the label and button among its
12587 children.
12588 - Remove obsolete method. Display::take_screenshot() hasn't
12589 existed for years.
12590 - Remove workaround "Desktop icons are sometimes not shown" (Refs:
12591 #13461)
12592 - Wait longer between search steps in the GNOME Overview. On
12593 jenkins.lizard — which was under high load at that time — I've
12594 seen failures while starting GNOME Terminal from the Overview,
12595 where:
12596 - The debug log claims we did type "c", waited 1 second, then
12597 typed "ommandline", then slept another 1 second, then pressed
12598 Enter. I.e. just as the code says.
12599 - The video shows that GNOME Shell did pick up "c", which
12600 selected the first search result ("Configure Persistent
12601 Volume"), but then there's no trace of typing "ommandline".
12602 So I suspect that "ommandline" was lost because GNOME Shell
12603 was still busy, somehow. Let's sleep a bit longer before
12604 these steps, to give GNOME Shell a better chance to recover
12605 and notice keyboard input.
12606 - Log exceptions thrown in generated (i.e. snapshot) steps (Refs:
12607 #16747). Hopefully this will help us track down these elusive
12608 exceptions.
12609 - Extend waiting time for additional software to be installed.
12610 - Sometimes we need more more time to load a page over tor.
12611 - Remove useless TailsUpgraderApplyingUpgrade.png. The "progress
12612 prompt" it was used for just flashes by and can easily be
12613 missed. There is no reason at all to wait for it since the only
12614 two final outcomes are success or failure, which we already look
12615 for.
12616 - debug_log() when we save/restore snapshots. These actions can
12617 take a long time (especially saving snapshots on a system under
12618 load) and can make it appear like if the test suite has gotten
12619 stuck for those following the debug log.
12620 - Don't rely on mtimes from Debian packages we download, to
12621 indicate which one has the biggest version (Closes: #16819).
12622 These mtimes are copied from the HTTP server where APT downloads
12623 packages from, which contradicts our assumption that the newest
12624 file must be the one with the biggest version. Instead we use ls
12625 to sort by version number, to pick the biggest version.
12626 - Only send TAB every second to get the syslinux kernel
12627 command-line (Closes: #16820). Our syslinux has a timeout of 5s so
12628 sending TAB every second should be enough to guarantee we do
12629 open the kernel command line. As anonym reported, "the spammer
12630 makes the splash show for significantly longer: I've seen >10x,
12631 so the boot splash never managed to appear, which is worrying".
12632 - Drop workaround to make the TAB spammer compatible with the UEFI
12633 firmware (Closes: #16820). As reported by anonym on #16820, and
12634 confirmed by my testing, pressing TAB doesn't seem to open the
12635 UEFI configuration, so the very reason why we had this
12636 workaround is gone.
12638 * Adjustments for Debian 10 (Buster) with no or very little user-visible impact
12639 - Adjust APT sources and pinning for Buster.
12640 - Refresh and unfuzzy patches for Buster.
12641 - Pass --ellipsize to zenity (refs: #16286). This fixes dialog
12642 width and height on Buster.
12643 - Update expected /etc/passwd and /etc/group for Buster.
12644 - Display TopIcons systray on the left of the system menu (Refs:
12645 #14796).
12646 - Remove apparmor-adjust-freedesktop-abstraction.diff patch,
12647 merged upstream in apparmor. The
12648 9d8b6f4dbd8a04470490ae2bfd52044906abd7f6 commit (first appeared
12649 upstream in apparmor v2.13.1) implements this change in a
12650 generic way.
12651 - Adjust hook to the fact the Dovecot AppArmor profiles are not
12652 shipped in /etc anymore.
12653 - Import iuk.git's feature/buster branch at commit 919335e
12654 (Closes: #16286).
12655 - Enable desktop-icons gnome-shell extension (Closes: #16283).
12656 - Add autostart script to have gnome-shell trust desktop icons
12657 (Closes: #16283). Various conditions must be met for gnome-shell
12658 to make desktop icons launchable, including file
12659 permissions. But the GIO metadata::trusted setting is also
12660 needed, and can apparently only be set from an opened session,
12661 so let's set the right things with an autostart script.
12662 - Drop code that sets the cursor to "WATCH" (hourglass) after
12663 logging in (Closes: #16305) This fixes "GDM's GNOME Shell floods
12664 the Journal with XFIXES/cursor issues on Buster" by importing
12665 the relevant bits of greeter:feature/buster's commit abad17b6.
12666 - Remove 8 development packages that are not part of Tails 3.11 so
12667 we probably don't need to ship them in Tails 4.0 either (Closes:
12668 #16272).
12669 - Completely get rid of Qt4 (Closes: #15182).
12670 - SSH client: remove obsolete CompressionLevel setting (Closes:
12671 #16320).
12672 - Removing /usr/share/live/config/xserver-xorg/intel.ids (Closes:
12673 #14991). Let's hope the graphics hardware issues we fixed via
12674 that file is fixed no.
12675 - Adjust Onion Grater and AppArmor configuration for OnionShare
12676 1.3 (Closes: #16306).
12677 - Have OnionShare 1.3 connect to the system Tor via Onion Grater
12678 for the control port (Closes: #16306). By default, OnionShare
12679 1.3 will start its own tor process, which can't possibly work on
12680 Tails.
12681 - Don't install binutils-* (Closes: #16272). It wasn't in Tails 3.x
12682 and we have no reason to ship it in 4.0.
12683 - Install mat2 instead of the transitional mat package.
12684 - Don't suspend automatically (Closes: #16624)
12685 - tails-additional-software: Adjust arguments to
12686 tails-persistence-setup (Closes: #16622). It seems like the perl
12687 library which previously nicely handled the tps command-line
12688 arguments now doesn't support taking dashes instead of
12689 underscores anymore.
12690 - Start tails-unblock-network in a blocking way (Closes: #16620)
12691 This reverts commit 59e99c51f15ab9e756e287acb03b4d3a91ca1dd2 in
12692 greeter.git. NetworkManager starting at the same time as GNOME
12693 Shell makes things racy: the Wi-Fi password prompt is sometimes
12694 not displayed (unreproduce on Debian Buster Live).
12695 - Patch ibus to fix an issue that prevented the on-screen keyboard
12696 from displaying in Tails Greeter (Closes: #16291).
12697 - oniongrater: give onioncircuits empty STATUS_SERVER events.
12698 Connection to STATUS_SERVER events is required by stem 1.7
12699 connect() function, but we actually don't need them, so let's
12700 suppress them (Closes: #16626).
12701 - Fix GNOME bookmarks file for Buster (Closes: #16629).
12702 - Build VeraCrypt packages with our patches applied for Buster
12703 (Closes: #16634).
12704 - Avoid new "render" group stealing a GID we have already
12705 statically allocated to another group (Closes: #16649) With the
12706 systemd 241-1~bpo9+1 → 241-3~bpo9+1 upgrade, udev.postinst now
12707 creates a "render" system group, which shifts GIDs and makes our
12708 devel branch FTBFS.
12709 - update-acng-config: add support for 4.x and 5.x, drop 2.x. We
12710 won't build 2.x releases anymore but we'll start building 4.x
12711 from this branch soon.
12712 - Restore Plymouth theme to "text" (Closes: #16743). The default
12713 theme in Buster ("futureprototype") is Debian-branded and thus
12714 unsuitable for Tails. Let's revert to the one we use in Tails
12715 3.x.
12716 - Stop installing caribou and libcaribou*: they're not used by
12717 GNOME Shell in Buster anymore (Closes: #16628)
12718 - Allow read access to /etc/machine-id in the AppArmor profile for
12719 Thunderbird (Closes: #16756). It breaks access to the D-Bus
12720 service where the GNOME on-screen keyboard listens on Buster.
12721 - Fix screen locker not working in Buster (Closes: #16763).
12722 - Hide lstopo in the Applications menu (Closes: #16797). It's
12723 pulled as a dependency by aircrack-ng but is probably not useful
12724 to the vast majority of Tails users.
12725 - Hide nm-connection-editor in the Applications menu (Closes:
12726 #16798). We still need the network-manager-gnome package that
12727 installs this .desktop file (for details, see
12728 commit:40290be3651eaa6f08346231aef80eddd8b33c64), but there's no
12729 reason to expose it directly to users.
12730 - TorStatus: call our custom destructor to avoid a use-after-free
12731 crashing GNOME Shell (Closes: #16791). It was ported to an ES6
12732 class in the process.
12733 - Copy dmidecode to initramfs (Closes: #16857). On Buster,
12734 partprobe complains if dmidecode is missing. It's not clear what
12735 the consequences are, at least it doesn't cause partprobe to
12736 exit with an error status code - but it's cheap to just copy
12737 dmidecode to the initramfs.
12738 - Adjust path for webext-ublock-origin 1.19.0+dfsg-2 (Closes:
12739 #16858).
12740 - Update Tor Browser AppArmor profile to take into account new
12741 uBlock installation path (Closes: #16858).
12742 - Disable the uBlock logger sidebar. This brings back
12743 the hack we had before we removed it in #16206. Without this,
12744 the uBlock logger sidebar is displayed.
12745 - Reintroduce the same APT pinning as we use in 3.x for uBlock.
12746 Granted, the version from Buster should probably be sufficient
12747 right now, but it probably won't be once Tor Browser gets
12748 updated to a future major Firefox ESR. And in the meantime,
12749 this pinning discrepancy between devel and feature/buster makes
12750 it harder to maintain our patch against
12751 /usr/share/webext/ublock-origin/js/background.js.
12752 - Drop obsolete libdesktop-notify-perl patches: they were merged
12753 upstream.
12754 - Use X.Org in amnesia's GNOME session (Closes: #12213). Since a
12755 few months gdm3 defaults to Wayland in Debian testing/sid, just
12756 like upstream. But we're not ready yet.
12757 - Adjust Greeter's gdm-tails.session for Buster (Closes:
12758 #12551). This should ultimately be applied in greeter.git, but
12759 let's deal with it as a patch for now to avoid having to
12760 maintain two parallel branches of the Greeter.
12761 - Patch udisks2 and libblockdev and fix Tails Installer to repair
12762 USB boot on Buster (Closes: #14809).
12763 - Install gnome-user-docs directly instead of the gnome-user-guide
12764 transitional package.
12765 - Install the "crypto" libblockdev plugin (Closes: #14816). It's
12766 needed by recent udisks to do crypto operations.
12767 - Use ConditionUser=1000 instead of manually testing the output of
12768 `id -u' in some of our systemd services.
12769 - Have debootstrap install gnupg when setting up the chroot.
12770 Otherwise the build fails after debootstrap has done its job and
12771 live-build tries to use apt-key.
12772 - Don't try to install the obsolete gnome-search-tool package.
12773 It's been removed from testing/sid by its maintainers:
12774 https://bugs.debian.org/885975
12775 - Don't try to retrieve syslinux.exe from the syslinux source
12776 package. Since syslinux 3:6.03+dfsg1-1 this file is (rightfully)
12777 not included anymore in the Debian source package. This commit
12778 is meant to fix the feature/buster ISO build. We of course need
12779 to find a proper solution, which is what #15178 is about.
12780 - Drop our pinned AppArmor feature set (Closes: #15149). On current
12781 Buster the AppArmor package pins to the Linux 4.14.13-1 feature
12782 set and I expect it'll keep pinning something that should work
12783 with the policy shipped in Buster.
12784 - Drop Stretch-specific workaround. This essentially workarounds
12785 4f8b50afb10a1ce1faf7645971bc020d2eb5d7dd,
12786 3e2d8a6a025b86f8191d125783ad507c57171bad and
12787 d56633a3089e5b177e07c2888442745557772f42.
12788 - Disable the usr.bin.man AppArmor profile. On Buster it breaks
12789 apparmor.service due to "profile has merged rule with
12790 conflicting x modifiers" that's most likely caused by the "/**
12791 mrixwlk" rule vs. our tweaks for aufs support.
12792 - Import files (from gksu 2.0.2-9+b1) needed for the Root Terminal
12793 into Git instead of fetching the package and extracting them at
12794 build time.
12795 - Use orca's current package name instead of pre-Buster
12796 transitional one.
12797 - Stop explicitly installing gstreamer1.0-pulseaudio. This was
12798 needed on Jessie due to Debian#852870 which was fixed in
12799 Stretch.
12800 - Drop adwaita-qt4: it was removed from Debian sid and won't be in
12801 Buster.
12802 - Disable man-db.timer on Buster (Closes: #16631)
12803 - Fix invalid seq range in update-acng-config so we geberate proper
12804 rules for Tails 4.x and 5.x.
12806 -- Tails developers <tails@boum.org> Wed, 07 Aug 2019 20:30:15 +0200
12808 tails (3.16) unstable; urgency=medium
12810 * Major changes
12811 - Upgrade Tor Browser to 8.5.5 (Closes: #16692).
12813 * Security fixes
12814 - Install Linux kernel from the Buster security repository (Closes: #16970).
12815 The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
12816 in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
12817 release. Let's instead track Buster (+ security) for the time being.
12818 - Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
12819 - Upgrade Thunderbird to 60.8 (DSA-4482-1).
12820 - Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
12821 - Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
12822 - Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).
12824 * Bugfixes
12825 - Additional software: Improve/fix support for translations (Closes: #16601).
12826 - Rework the implementation for hiding TailsData partitions (Closes: #16789).
12827 - Adjust how tordate determines whether the clock is in a valid range,
12828 fixing issues with obfs4 (Closes: #16972).
12830 * Minor improvements and updates
12831 - Ship default upstream Tor Browser bookmarks, and remove our predefined
12832 bookmarks (Closes: #15895).
12833 - Hide the security level button in the unsafe browser (Closes: #16735).
12834 - Remove pre-generated Pidgin accounts (Closes: #16744).
12835 - Remove LibreOffice Math (Closes: #16911).
12836 - Website: Make sandbox page translatable (Closes: #16873).
12837 - Website: Only scrub HTML on blueprints (Closes: #16901).
12838 - Website: Point history & diff URLs to Salsa.
12840 * Build system
12841 - Bump APT snapshot of the torproject archive to 2019073103, and drop
12842 tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
12843 - Bump APT snapshot of the Debian archive to 2019080801 to get fixed
12844 firmware packages from sid instead of sticking to those from
12845 stretch-backports (Closes: #16728).
12846 - Enable the buster APT repository and install some packages from there:
12847 hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
12848 - Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
12849 Browser AppArmor profile accordingly (Closes: #16858).
12850 - Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
12851 0.3.2-1 (Closes: #16941).
12853 * Test suite
12854 - Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
12855 - Adjust both locale handling and reference pictures for the Unsafe
12856 Browser homepage (Closes: #17004).
12857 - Fix "Watching a WebM video over HTTPS" scenario on Jenkins
12858 (Closes: #10442).
12859 - Tag "Watching a WebM video" as fragile.
12860 - Make @check_tor_leaks more verbose (See: #10442).
12861 - Remove broken Electrum scenario since Electrum support is currently
12862 missing (Closes: #16421).
12864 -- Tails developers <tails@boum.org> Tue, 03 Sep 2019 20:30:14 +0200
12866 tails (3.15) unstable; urgency=medium
12868 * Major changes
12869 - Upgrade Tor Browser to 8.5.4 (Closes: #16691).
12870 - Upgrade Thunderbird to 60.7.2 (Closes: #16834).
12872 * Security fixes
12873 - Upgrade Expat to 2.2.0-2+deb9u2 (DSA-4472-1).
12874 - Upgrade OpenSSL 1.0 to 1.0.2s-1~deb9u1 (DSA-4475-1).
12875 - Upgrade OpenSSL to 1.1.0k-1~deb9u1 (DSA-4475-1).
12876 - Upgrade Vim to 2:8.0.0197-4+deb9u3 (DSA-4467-1).
12878 * Bugfixes
12879 - Recompute CHS values for the hybrid MBR after first-boot
12880 repartitioning (Closes: #16389). Some legacy BIOS systems won't boot
12881 otherwise.
12882 - Strip debug symbols from the aufs kernel module smaller (refs: #16818).
12883 The primary target was getting the initramfs down under 32MB, hoping
12884 to repair boot of feature/buster on MacBookPro 8,1. In any cases,
12885 the user experience should be improved due to a faster boot for
12886 every user, and a shortened “black screen” duration (between the
12887 bootloader and the Plymouth splash screen).
12889 * Minor improvements and updates
12890 - Make “Unlock VeraCrypt Volumes” show an error message if locking
12891 fails (Closes: #15794).
12892 - Add support for booting Tails from a read only sdcard (fromiso),
12893 through Heads, allowing for measured boot on some tamper-evident
12894 hardware (https://github.com/osresearch/heads/issues/581).
12896 * Build system
12897 - Patch Thunderbird packages from Debian when building Tails images
12898 (Closes: #6156).
12899 - Improve tooling to maintain and update PO files (Closes: #15403),
12900 rewriting some tools and moving code to the jenkins-tools submodule.
12901 - Implement preliminary steps needed to make the ikiwiki PO plugin
12902 able to update PO files for languages that are disabled on the
12903 website (refs: #15355).
12905 -- Tails developers <tails@boum.org> Tue, 09 Jul 2019 02:50:09 +0200
12907 tails (3.14.2) unstable; urgency=medium
12909 * Security fixes
12910 - Upgrade Tor Browser to 8.5.3 (Closes: #16835).
12912 * Bugfixes
12913 - tails-screen-locker: Don't use dim-label style class
12914 (Closes: #16802).
12916 -- Tails developers <tails@boum.org> Sun, 23 Jun 2019 11:52:49 +0200
12918 tails (3.14.1) unstable; urgency=medium
12920 * Security fixes
12921 - Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
12922 - Upgrade Thunderbird to 60.7.0 (Closes: #16742).
12923 - Upgraded Linux to 4.19.37-4 (Closes: #16823).
12925 * Bugfixes
12926 - Only probe for partitions on the boot device when setting up
12927 TailsData. Without arguments partprobe will scan all devices,
12928 and if it encounters a device it doesn't support (e.g. fake
12929 raid-0 arrays) it will return non-zero, thus aborting Tails'
12930 partitioning script, resulting in an unbootable install
12931 (Details: #16389).
12933 * Minor improvements and updates
12934 - Upgrade tor to 0.4.0.5-1~d90.stretch+1, the first stable
12935 candidate in the 0.4.0.x series (Closes: #16687).
12936 - Completely disable IPv6 except for the loopback interface. We
12937 attempt to completely block it on the netfilter level but we
12938 have seen ICMPv6 "leaks" any way (related to Router
12939 Solicitation, see: #16148) so let's just disable it. We keep
12940 enabled on the loopback interface since some services depends on
12941 ::1 being up.
12942 - create-usb-image-from-iso: Use syslinux from chroot. We used the
12943 syslinux from the vagrant box before, which caused issues with
12944 when building Tails/Buster with a Stretch vagrant box and then
12945 cloning the image via Tails Installer with syslinux from Buster
12946 (Closes: #16748).
12947 - Set Tor Browser's homepage to https://tails.boum.org/home/testing/
12948 if building anything but a stable release. This page explains the
12949 dangers of using a non-stable release. (Closes: #12003)
12951 * Build system
12952 - auto/{build,config}:
12953 * consistently use fatal() to error out, and prefix its message
12954 with "E: " to help distinguish them from the noise produced by
12955 tools we call etc.
12956 * Similarly, also prefix informational message with "I: ".
12957 * drop support for GnuPG 1.x.
12958 * clone more build output to the log file.
12959 * Drop obsolete check for syslinux version. This version
12960 requirement is satisfied by Jessie and it is doubtful Tails
12961 would build in anything older.
12962 * auto/build: drop a few checks for conditions that are already
12963 satisfied in the supported build environments.
12964 - Revert "Build system: try to be smart again by fetching only the
12965 refs we need." This optimization overrides the trick we have on
12966 Jenkins (set_origin_base_branch_head in
12967 jenkins-jobs:macros/builders.yaml),
12968 that ensures that a reproducibly_build_Tails_ISO_* job builds
12969 from the commit used by the first build. (Closes: #16730)
12971 * Test suite
12972 - Fix mistake with execute() vs spawn() when starting the upgrader.
12973 - Don't filter during pcap capture, instead let's just apply the
12974 same filtering when we are inspecting the pcap files. This way
12975 any pcap file saved on failure will include the full capture,
12976 and not just the packets sent by the system under testing, which
12977 sometimes makes it hard to understand what is going on.
12978 - Also include the content of /var/log/tor/log in $scenario.tor
12979 when tor failed to bootstrap (refs: #16793)
12980 - Don't flood the debug logger with tor@default's journal
12981 contents.
12982 - Power off system under testing after scenario. Until now we have
12983 relied on either one of the generated "snapshot restore" steps
12984 or the "[Given] a computer" step to implicitly stop the old VM
12985 when we move on to a new scenario. That meant the old VM was
12986 still running during the new scenarios @Before@ hooks. If the
12987 new scenario is tagged @check_tor_leaks that means we start its
12988 sniffer while the old VM is still running, possibly sending
12989 packets that then affect the new scenario. That would explain
12990 some myserious "Unexpected connections were made" failures we
12991 have seen (Closes: #11521).
12992 - Only accept IP(v6)/ARP during DHCP check.
12994 -- Tails developers <tails@boum.org> Wed, 19 Jun 2019 15:29:07 +0200
12996 tails (3.14) unstable; urgency=medium
12998 * Security fixes
12999 - Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
13000 - Enable all available mitigations for the Microarchitectural Data
13001 Sampling (MDS) attacks and disable SMT on vulnerable CPUs
13002 (Closes: #16720).
13003 - Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).
13005 * Bugfixes
13006 - Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
13007 The version in sid now displays a warning and exits, while 3.2.3-1 is
13008 still usable, in the rare cases when it manages to connect to the
13009 network, despite being affected by problematic phishing attacks which
13010 will only be solved once the package in Debian is updated to a newer
13011 upstream version.
13013 * Build system
13014 - Bump APT snapshot of the 'debian' archive to 2019051601, needed for
13015 the MDS mitigations.
13016 - Don't install the firmware-linux and firmware-linux-nonfree
13017 metapackages, as packages they pulled are already listed explicitly
13018 and one might run into version-related issues (Closes: #16708).
13020 * Minor improvements and updates
13021 - Remove some packages from the Tails image as their use is not
13022 widespread while consuming space for everyone. They can still be
13023 installed and upgraded through Additional Software (Closes: #15291).
13024 This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
13025 keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
13026 pdf-redact-tools, pwgen, traverso, and ssss.
13027 - Fix missing translations in the Greeter (Closes: #13438).
13028 - Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
13029 - Port fillram to Python 3 (Closes: #15845).
13030 - Enable localization for new locales introduced in Tor Browser 8.5
13031 (Closes: #16637).
13032 - Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
13033 - Improve internationalization of the Unlock VeraCrypt Volumes
13034 component (Closes: #16602).
13036 * Test suite
13037 - Make tails-security-check's SOCKS port test work when there's a live
13038 security advisory (Closes: #16701).
13039 - Make terminology more consistent.
13041 -- Tails developers <tails@boum.org> Mon, 20 May 2019 18:52:04 +0200
13043 tails (3.13.2) unstable; urgency=medium
13045 * Major changes
13046 - Replace all locale-specific fonts and standard X.Org fonts with
13047 the Noto fonts collection (Closes: #9956).
13048 - Install localization support packages for all tier-1 supported languages,
13049 and only those (Closes: #15807). Current tier-1 supported languages are:
13050 Arabic, German, English, Spanish, Farsi, French, Italian, Portuguese
13051 (Brazil), Russian, Turkish, Simplified Chinese, Hindi, Indonesian.
13052 - Disable the TopIcons GNOME Shell extension (Closes: #16608).
13053 This extension causes crashes (#11188), does not work on Wayland
13054 (#8309, #12213) so long-term, we need to remove it anyway.
13055 In order to learn how much our users rely on this extension and
13056 on OpenPGP Applet, let's disable this extension for one Tails release.
13057 While TopIcons is disabled (by default):
13058 · Users can still use OpenPGP Applet via the system tray in the bottom
13059 left corner of the desktop.
13060 · Users who do need TopIcons for other reasons can enable it again
13061 with 1 command line.
13063 * Security fixes
13064 - Upgrade Tor Browser to 8.0.9 (Closes: #16694).
13065 - Upgrade to Debian Stretch 9.9 (Closes: #16670).
13066 - Upgrade Thunderbird to 60.6.1 (Closes: #16641).
13068 * Bugfixes
13069 - Fix Thunderbird account setup wizard (Closes: #16573).
13070 - Display poweroff and reboot buttons even when locked (Closes: #15640).
13071 - Disable emergency shutdown during suspend (Closes: #11729).
13072 - Provide feedback while starting Onion Circuits (Closes: #16350).
13073 - Associate .key files with Seahorse (Closes: #15213).
13074 This partially fixes importing OpenPGP keys from GNOME Files.
13075 - Don't show spurious notification about "TailsData" while setting
13076 up a persistent volume (Closes: #16632).
13078 * Minor improvements and updates
13079 - Add a suspend button to status-menu-helper (Closes: #14556).
13080 - status-menu-helper: clean up and refactor.
13081 - Drop CSS hacks for the uBlock log window (Closes: #16206).
13082 - Polish 04-change-gids-and-uids code style (Closes: #16322).
13083 - Create persistence.conf backup in a more robust manner (Closes: #16568).
13084 - Make the WhisperBack .desktop file translatable in Transifex
13085 (Closes: #6486).
13087 * Build system
13088 - Don't fail the build if Tor Browser supports new locales that we don't ship
13089 a spellchecking dictionary for (#15807).
13090 - Fix apt-cacher-ng cache shrinking (Closes: #16020).
13091 - Remove obsolete usr.bin.onioncircuits AppArmor profile (Closes: #12170).
13092 All Tails current branches now install onioncircuits 0.6-0.0tails1,
13093 which ships a more current AppArmor profile than the one we
13094 have in our own Git tree.
13095 - Install Electrum from sid (Closes: #16642).
13096 - Avoid new "render" group stealing a GID we have already statically
13097 allocated to another group (Closes: #16649).
13099 * Test suite
13100 - Disable tests about notifications in case of MAC spoofing failure:
13101 we have a well-known bug here and these tests do nothing but confirm
13102 it again and again, which brings no value and has a cost (#10774).
13103 - Clarify what WebM scenarios are fragile (#10442).
13104 - Avoid zombies by waiting for killed child processes to exit (#14948).
13106 -- Tails developers <tails@boum.org> Sun, 05 May 2019 19:32:22 +0000
13108 tails (3.13.1) unstable; urgency=medium
13110 * Security fixes
13111 - Upgrade Tor Browser to 8.0.8 (Closes: #16606, MFSA-2019-10).
13112 - Upgrade NTFS-3G to 1:2016.2.22AR.1+dfsg-1+deb9u1 (DSA-4413-1).
13114 -- Tails developers <tails@boum.org> Fri, 22 Mar 2019 20:54:03 +0000
13116 tails (3.13) unstable; urgency=medium
13118 * Major changes
13119 - Upgrade Linux to 4.19.28-1 (Closes: #16390, #16469, #16552).
13120 - Upgrade Tor Browser to 8.0.7 (Closes: #16559).
13121 - Upgrade Thunderbird to 65.1.0 (Closes: #16422).
13123 * Security fixes
13124 - Upgrade LDB to 2:1.1.27-1+deb9u1 (DSA-4397-1).
13125 - Upgrade OpenJPEG to 2.1.2-1.1+deb9u3 (DSA-4405-1).
13126 - Upgrade OpenSSL 1.0 to 1.0.2r-1~deb9u1 (DSA-4400-1).
13127 - Upgrade OpenSSH to 1:7.4p1-10+deb9u6 (DSA-4387-2).
13129 * Bugfixes
13130 - Upgrade tor to 0.3.5.8-1~d90.stretch+1 (Closes: #16348).
13131 - Ensure Additional Software doesn't try to download packages that are
13132 in persistent cache (Closes: #15957).
13133 - Improve chances of recovering a lost persistence configuration
13134 (Closes: #10976).
13135 - Tor Launcher: add langpacks to enable localization again
13136 (Closes: #16338).
13137 - Migrate away from buggy Chinese input method: switch from ibus-pinyin
13138 to ibus-libpinyin + ibus-chewing (Closes: #11292).
13139 - Fix crash in Whisperback when additional persistent APT repositories
13140 are configured (Closes: #16563).
13141 - Give visual feedback while starting Whisperback (Closes: #16333).
13143 * Minor improvements and updates
13144 - Add feedback when opening VeraCrypt Mounter (Closes: #16334).
13145 - Improve consistency in Additional Software's accessibility
13146 (Closes: #16110).
13147 - Fix missing accessibility support when opening a browser from a
13148 notification (Closes: #16475).
13149 - Refresh ublock-origin patch to apply cleanly on top of 1.18.4+dfsg-1
13150 (Closes: #16451)
13151 - Upgrade intel-microcode to 3.20180807a.2~deb9u1.
13152 Fixes CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-3639,
13153 CVE-2018-3640, CVE-2017-5753, CVE-2017-5754.
13155 * Build system
13156 - Lower memory requirements when building Tails by limiting the memory
13157 used by mksquashfs to 512M (Closes: #16177).
13158 - Remove obsolete check on Thunderbird addons (Closes: #16045).
13159 - Update Tails' APT GnuPG key expiration (Closes: #16420).
13160 - Optimize Git operations (share resources, fetch only the needed
13161 objects).
13162 - Clone submodules from the host's local repositories (Closes: #16476).
13163 - Drop useless manual initramfs update (Closes: #16452).
13164 - Add a sanity check on the size of the initramfs (Closes: #16452).
13166 * Test suite
13167 - Add automated tests for Additional Software GUI (Closes: #14576,
13168 #14596).
13169 - Add automated tests on the backup persistence configuration
13170 (Closes: #16461).
13171 - Adjust test for Thunderbird 60.5.1 (Closes: #16555).
13173 -- Tails developers <tails@boum.org> Mon, 18 Mar 2019 23:40:50 +0100
13175 tails (3.12.1) unstable; urgency=medium
13177 * Security fixes
13178 - Upgrade Tor Browser to 8.0.6 (MFSA-2019-05; Closes: #16437).
13179 - Upgrade LibreOffice to 1:5.2.7-1+deb9u5 (DSA-4381).
13180 - Upgrade cURL to 7.52.1-5+deb9u9 (DSA-4386).
13181 - Upgrade Qt 5 to 5.7.1+dfsg-3+deb9u1 (DSA-4374).
13182 - Upgrade OpenSSH to 1:7.4p1-10+deb9u5 (DSA-4387).
13184 -- Tails developers <tails@boum.org> Tue, 12 Feb 2019 21:25:14 +0100
13186 tails (3.12) unstable; urgency=medium
13188 * Major changes
13189 - Make the USB image the main supported way to install Tails (refs: #15292).
13190 On first boot, grow the system partition to a size that's a factor
13191 of the size of the boot medium and randomize GUIDs (Closes: #15319).
13192 - Upgrade Linux to 4.19, version 4.19.13-1 (Closes: #16073, #16224).
13193 Fixes CVE-2018-19985, CVE-2018-19406, CVE-2018-16862, CVE-2018-18397,
13194 CVE-2018-18397, CVE-2018-18397, CVE-2018-18397, CVE-2018-19824,
13195 CVE-2018-14625.
13196 - Remove Liferea (Closes: #11082, #15776).
13197 - Upgrade to the Debian Stretch 9.6 point-release.
13199 * Security fixes
13200 - Upgrade Tor Browser to 8.0.5 (MFSA-2019-02; Closes: #16388).
13201 - Upgrade Thunderbird to 60.4.0 (DSA-4362-1; Closes: #16261).
13202 - Upgrade OpenSSL to 1.0.2q-1~deb9u1 (DSA-4355-1).
13203 - Upgrade libarchive to 3.2.2-2+deb9u1 (DSA-4360-1).
13204 - Upgrade GnuTLS to 3.5.8-5+deb9u4 (CVE-2018-10844, CVE-2018-10845).
13205 - Upgrade libgd3 to 2.2.4-2+deb9u3 (CVE-2018-1000222, CVE-2018-5711).
13206 - Upgrade libmspack to 0.5-1+deb9u3 (CVE-2018-18584, CVE-2018-18585).
13207 - Upgrade libopenmpt to 0.2.7386~beta20.3-3+deb9u3 (CVE-2018-10017).
13208 - Upgrade libx11 to 2:1.6.4-3+deb9u1 (CVE-2018-14598, CVE-2018-14599,
13209 CVE-2018-14600).
13210 - Upgrade libxcursor to 1:1.1.14-1+deb9u2 (CVE-2015-9262).
13211 - Upgrade NetworkManager to 1.6.2-3+deb9u2+0.tails1 (CVE-2018-15688).
13212 - Upgrade wpa to 2:2.4-1+deb9u2 (CVE-2018-14526).
13213 - Upgrade zeromq3 to 4.2.1-4+deb9u1 (CVE-2019-6250).
13214 - Upgrade APT to 1.4.9 (DSA-4371-1).
13215 - Upgrade GhostScript to 9.26a~dfsg-0+deb9u1 (DSA-4372-1).
13217 * Bugfixes
13218 - Fix Totem's access to the Internet when it's started from the Applications
13219 menu.
13220 - Rename HTP pools to avoid confusion (Closes: #15428).
13221 - Fix memory erasure on shutdown with systemd v239+, by mounting
13222 a dedicated tmpfs on /run/initramfs instead of trying to remount /run
13223 with the "exec" option (Closes: #16097).
13224 - Make the KeePassX wrapper dialog translatable.
13225 - Fix detection of first Thunderbird run.
13227 * Minor improvements and updates
13228 - Upgrade tor to 0.3.4.9-1~d90.stretch+1.
13229 - Upgrade Mesa to 18.2.6-1~bpo9+1, libdrm to 2.4.95-1~bpo9+1,
13230 and libglvnd to 1.1.0-1~bpo9+1.
13231 - Upgrade firmware-linux and firmware-nonfree to 20190114-1.
13232 - Upgrade amd64-microcode to 3.20181128.1.
13233 - Upgrade intel-microcode to 3.20180807a.2~bpo9+1.
13234 - Remove the boot readahead feature (Closes: #15915).
13235 In most supported use cases, it did not improve boot time anymore,
13236 or even increases it.
13237 - Require TLS 1.2 in our Upgrader and tails-security-check (Closes: 11815).
13238 - Enable O_CREAT restriction in /tmp directories for FIFOs and regular
13239 files (Closes: #16072).
13240 - Upgrade systemd to 240-4~bpo9+0tails1 (Closes: #16352).
13241 Fixes CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866.
13242 - Upgrade Enigmail to 2.0.8-5~deb9u1 (Closes: #15657).
13243 - Upgrade Torbirdy to 0.2.6-1~bpo9+1 (Closes: #15661).
13244 - Modify Torbirdy configuration in a way that's easier to maintain.
13245 - Tell the user they need to use sudo when they attempt to use su
13246 (Closes: #15583).
13248 * Build system
13249 - Make the build of the USB image reproducible (Closes: #15985).
13250 - Allow specifying which set of APT snapshots shall be used during
13251 the build, with the APT_SNAPSHOTS_SERIALS build option (Closes: #15107).
13252 - Fix more GIDs and display more information when changing UIDs or GIDs
13253 fails (Closes: #16036).
13254 - Remove obsolete patches, refresh remaining ones to apply on top
13255 of currently installed packages version.
13256 - Disable irrelevant recurring jobs in Vagrant build box (refs: #16177)
13257 that increase the chance of FTBFS due to mksquashfs being reaped
13258 by the OOM killer.
13259 - Adjust for recent GnuPG error'ing out when it has no controlling terminal.
13261 * Test suite
13262 - Adjust test suite for USB image:
13263 - Add tests that exercise behavior on first boot from a device
13264 installed using the USB image (Closes: #16003).
13265 - Drop tests for use cases we don't support anymore with the introduction
13266 of the USB image (refs: #16004).
13267 - Adjust remaining tests to focus on main supported use cases,
13268 i.e. Tails installed from a USB image (refs: #16004.
13269 - In scenarios where we simulate MAC spoofing failure, test safety-critical
13270 properties even if the desktop notification is buggy (refs: #10774).
13271 - Update expected title for our Redmine (Closes: #16237).
13272 - Update expected image for OpenPGP key search.
13274 -- Tails developers <tails@boum.org> Mon, 28 Jan 2019 13:26:26 +0100
13276 tails (3.11) unstable; urgency=medium
13278 * Security fixes
13279 - Upgrade Tor Browser to 8.0.4-build2 (Closes: #16193).
13280 - Upgrade Thunderbird to 60.3.0-1~deb9u1.0tails1 (Closes: #16118).
13281 - Thunderbird: unconditionally disable Autocrypt, as it is not safe in
13282 its current state (See: #15923, Closes: #16186).
13283 - Upgrade Linux to 4.18.20 and aufs to 4.18.11+-20181119
13284 (Closes: #16145).
13285 - Upgrade cURL to 7.52.1-5+deb9u8 (DSA-4331).
13286 - Upgrade Ghostscript to 9.26~dfsg-0+deb9u1 (DSA-4336, DSA-4346).
13287 - Upgrade Perl to 5.24.1-3+deb9u5 (DSA-4347).
13288 - Upgrade Policykit to 0.105-18+deb9u1 (DSA-4350).
13289 - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u4 (DSA-4345).
13290 - Upgrade OpenSSL to 1.1.0j-1~deb9u1 (DSA-4348).
13291 - Upgrade libtiff to 4.0.8-2+deb9u4 (DSA-4349).
13293 * Bugfixes
13294 - Tails Upgrader:
13295 · Improve support for incremental upgrades to avoid issues with
13296 partially applied upgrades (Closes: #14754).
13297 · Add a prompt after the IUK has been downloaded so the user can
13298 control when the network will be disabled; previously this was
13299 done without users having a say, possibly leading to confusion and
13300 lost work (Closes: #15282).
13301 - Thunderbird: always set locale according to environment (Closes: #16113).
13303 * Minor improvements and updates
13304 - Remove packages which were needed for getTorBrowserUserAgent
13305 (Closes: #16024).
13306 - Fix persistence configuration window opening on full screen
13307 (Closes: #15894).
13308 - Time sync: don't temporarily increase tor's log level when using
13309 bridges/PTs (Closes: #15743).
13310 - Warn about non-free software depending on the host operating system
13311 and/or virtualization stack (Closes: #16195).
13313 * Build system
13314 - Create USB image after building the ISO, and include it in build
13315 artifacts (Closes: #15984, #15985, #15990).
13316 - Release process: adapt to IDF v2 (Closes: #16171).
13318 * Test suite
13319 - Add new Using "VeraCrypt encrypted volumes" feature, with scenarios
13320 split into two parts: "Unlock VeraCrypt Volumes" and "GNOME Disks"
13321 (Closes: #14469, #14471, #15238, #15239).
13322 - Reintroduce "Clock is one day in the future in bridge mode" test
13323 (Closes: #15743).
13324 - Make starting apps via GNOME Activities Overview more robust
13325 (Closes: #13469).
13326 - Check for "Upgrading the system" and adjust to "Upgrade successfully
13327 downloaded" new UI (See: #14754, #15282).
13329 -- Tails developers <tails@boum.org> Mon, 10 Dec 2018 20:37:06 +0100
13331 tails (3.10.1) unstable; urgency=medium
13333 * Declare that Enigmail is compatible with Thunderbird 60.*.
13335 -- Tails developers <tails@boum.org> Tue, 23 Oct 2018 01:30:00 +0200
13337 tails (3.10) unstable; urgency=medium
13339 * Security fixes
13340 - Harden sudo config to avoid potential future privilege escalation
13341 (Closes: #15829).
13342 - Upgrade Linux to 4.18 and aufs to 4.18-20181008 (Closes: #15936).
13343 - Upgrade the snapshot of the Debian archive to 2018100901 accordingly.
13344 - Upgrade Tor Browser to 8.0.3-build1 (Closes: #16067).
13345 - Upgrade Thunderbird to 60.2.1 (Closes: #16037).
13347 * Bugfixes
13348 - Fix installation of mesa/stretch-backports by installing libwayland*
13349 from stretch-backports (Closes: #15846).
13350 - Tor Browser AppArmor profile patch: update to apply cleanly on top
13351 of torbrowser-launcher 0.2.9-5.
13352 - Additional Software: fix issues spotted during the code review
13353 (Closes: #15838).
13354 - Additional Software: make sure to offer persistence only for newly
13355 installed packages, avoiding inconsistency (Closes: #15983).
13356 - Improve button labels in confirmation dialogs of the Tails installer
13357 (Closes: #11501).
13358 - Hardcode User Agent in htpdate.user-agent (Closes: #15912), as the
13359 Tor Browser doesn't expose it anymore.
13360 - Fix encoding-related crashes in Tails Installer (Closes: #15166).
13361 - Set the Firefox preferences to spoof English, to avoid leaking
13362 information about locale settings (Closes: #16029).
13363 - VeraCrypt: Hide PIM entries in GNOME Shell and Disks, since a newer
13364 cryptsetup would be needed (Closes: #16031).
13365 - VeraCrypt: Fix support for multiple encryption, by iterating over
13366 all children in the device-mapper tree (Closes: #15967).
13367 - Update translations.
13369 * Minor improvements and updates
13370 - Add dmsetup and losetup output in WhisperBack reports to help debug
13371 VeraCrypt-related issues (Closes: #15966).
13372 - Let AppArmor allow access to /usr/local/share/mime, reducing noise
13373 in logs due to many DENIED entries (Closes: #15965).
13374 - Use proper stem.connection module in onion-grater instead of trying
13375 to read the auth cookie manually: that's fragile and breaks some use
13376 cases (e.g. custom auth cookie).
13377 - Unlock VeraCrypt Volumes: Improve internationalization support.
13379 * Test suite
13380 - Ensure the test suite doesn't break when changing the headline of
13381 /home (Closes: #12156).
13382 - Update test suite for updated button labels in confirmation dialogs
13383 of the Tails installer (Closes: #11501).
13385 -- Tails developers <tails@boum.org> Tue, 23 Oct 2018 01:30:00 +0200
13387 tails (3.9.1) unstable; urgency=medium
13389 * Security fixes
13390 - Upgrade Tor Browser to 8.0.2, based on Firefox 60.2.1 (Closes: #16017).
13391 - Upgrade Thunderbird to 60.0-3~deb9u1.0tails2 (Closes: #15959). Also
13392 imported the same security fixes that caused Tor Browser 8.0.2.
13393 - Upgrade curl to 7.52.1-5+deb9u7 (DSA-4286).
13394 - Upgrade Ghostscript to 9.20~dfsg-3.2+deb9u5 (DSA-4294).
13395 - Upgrade libarchive-zip-perl to 1.59-1+deb9u1 (DSA-4300).
13396 - Upgrade libkpathsea6 to 2016.20160513.41080.dfsg-2+deb9u1 (DSA-4299).
13397 - Upgrade LittleCMS 2, aka. liblcms2-2, to 2.8-4+deb9u1 (DSA-4284).
13398 - Upgrade Python 2.7 to 2.7.13-2+deb9u3 (DSA-4306).
13399 - Upgrade Python 3.5 to 3.5.3-1+deb9u1 (DSA-4307).
13401 * Bugfixes
13402 - Make Thunderbird translated in non-English locales via
13403 intl.locale.requested, which works correctly since 60.0-3
13404 (Closes: #15942).
13405 - Totem: backport AppArmor profile fix to allow opening the help
13406 (Closes: #15841)
13407 - Remove mutt, that was accidentally installed in 3.9 (Closes: #15904).
13408 - Fix VeraCrypt volumes not being opened in GNOME Files (Closes: #15954).
13409 - Fix displaying the "General" section in the Tor Browser preferences
13410 (Closes: #15917).
13411 - Fix APT pinning at Tails runtime for our custom APT repository
13412 and for Debian backports (Closes: #15837, #15973).
13414 * Minor improvements and updates
13415 - Upgrade tor to 0.3.4.8-1~d90.stretch+1 (Closes: #15889).
13417 -- Tails developers <tails@boum.org> Wed, 03 Oct 2018 12:12:33 +0200
13419 tails (3.9) unstable; urgency=medium
13421 * Major changes
13422 - Upgrade Tor Browser to 8.0 (Closes: #15803, #15907).
13423 Notable user-visible changes and relevant details:
13424 · Adjust to the fact Tor Browser 8.0a10 replaces firefox with a wrapper.
13425 · Don't use the bundled copy of libstdc++.so.6, ours is recent enough.
13426 · Drop obsolete Torbutton prefs (Closes: #15706).
13427 · Switch back to 128px icons (Closes: #15081).
13428 · AppArmor profile: take into account new Firefox binary path.
13429 - Upgrade Thunderbird to 60.0 (Closes: #15792).
13430 Notable user-visible changes and relevant details:
13431 · AppArmor profile: patch to avoid conflicting x modifiers for ps(1).
13432 - Upgrade tor to 0.3.4.7-rc (Closes: #15772).
13434 * Security fixes
13435 - Upgrade Linux to 4.17.17-1 and intel-microcode to 3.20180807a.1
13436 This fixes CVE-2018-3620 aka. Foreshadow aka. L1 Terminal Fault
13437 (Closes: #15796).
13438 - Upgrade OpenSSH to 1:7.4p1-10+deb9u4 (DSA-4280).
13440 * Bugfixes
13441 - Fix Totem on Intel graphics cards by inlining the backported mesa
13442 and dri-enumerate abstractions into its AppArmor profile: they are needed
13443 with recent Mesa and libdrm (Closes: #15821). Regression introduced
13444 in 3.9~rc1.
13445 - Fix unlocking "hidden" TrueCrypt/VeraCrypt volumes via GNOME Shell
13446 (Closes: #15843).
13447 - Fix confusing error message when unlocking TrueCrypt/VeraCrypt volumes
13448 (Closes: #15733).
13449 - Revert to Stretch's X.Org nouveau video driver (Closes: #15833).
13450 It seems that the regression brought by the upgraded one
13451 is worse than the improvements reported after our call for testing.
13452 Regression introduced in 3.9~rc1.
13453 - Use the intel X.Org driver for Intel Corporation UHD Graphics 620.
13454 - Fix regressions introduced in 3.9~rc1 in/by Additional Software Packages:
13455 · Don't break new empty persistence configuration files creation when
13456 permissions are incorrect (Closes: #15802).
13457 · Fix UX when the user has specified a distribution or version
13458 for a given package in their live-additional-software.conf
13459 (Closes: #15822).
13460 · Don't show installation notifications on upgrade (Closes: #15879).
13461 - Make more Additional Software Packages strings translatable in the
13462 configuration dialog and PolicyKit messages.
13464 * Minor improvements and updates
13465 - Upgrade firmware-nonfree to 20180825-1.
13466 - Update the deb.torproject.org APT repository signing key.
13467 - Unlock VeraCrypt Volumes: add disclaimer (Closes: #15849).
13469 * Test suite
13470 - Update Thunderbird test suite for 60.0 (Closes: #15791).
13471 - Fix various robustness issues.
13472 - Make the Chutney nodes use a higher V3AuthVotingInterval to make client
13473 bootstrap more robust (Closes: #15799).
13474 - Update the Tor Launcher binary path.
13475 - Adjust to the fact "New Circuit for this Site" is now in the site
13476 information and not under the Torbutton anymore.
13477 - Delete unused images.
13479 -- Tails developers <tails@boum.org> Tue, 04 Sep 2018 12:15:43 +0000
13481 tails (3.9~rc1) unstable; urgency=medium
13483 * Major changes
13484 - Integrate the Additional Software Packages feature into the desktop
13485 and revamp the interface of "Configure Persistent Volume".
13486 - Support TrueCrypt/VeraCrypt encrypted volumes on the desktop.
13487 - Upgrade Tor Browser to 8.0a9, based on Firefox 60 ESR (Closes: #15023).
13488 Notable user-visible changes and relevant details:
13489 · Drop search engine customization and stick to Tor Browser's defaults.
13490 · Upgrade uBlock Origin to its WebExtension version and now rely
13491 on the filter lists shipped in the Debian package.
13492 · Tweak the number of web content processes to work better with 2 GiB
13493 of RAM (Closes: #15716).
13494 · Revamp how we're handling our custom prefs, drop obsolete ones,
13495 reduce our delta with pristine Tor Browser.
13496 - Upgrade Thunderbird to 60.0b10 (Closes: #15091). Notable details:
13497 · Install Torbirdy 0.2.5 from stretch-backports and drop our patches
13498 that were merged upstream.
13499 · Enable the optional part of the fixes for EFAIL (Closes: #15602).
13500 - Upgrade Linux to 4.17 (Closes: #15763).
13501 - Upgrade tor to 0.3.4.6-rc (Closes: #15770).
13502 - Upgrade to Debian Stretch 9.5.
13504 * Security fixes
13505 - Upgrade CUPS to 2.2.1-8+deb9u2 (DSA-4243).
13506 - Upgrade Exiv2 to 0.25-3.1+deb9u1 (DSA-4238).
13507 - Upgrade FUSE to 2.9.7-1+deb9u1 (DSA-4257).
13508 - Upgrade GDM to 3.22.3-3+deb9u2 (DSA-4270).
13509 - Upgrade libsoup to 2.56.0-2+deb9u2 (DSA-4241).
13510 - Upgrade Imagemagick to 8:6.9.7.4+dfsg-11+deb9u5 (DSA-4245).
13511 - Upgrade ffmpeg to 7:3.2.12-1~deb9u1 (DSA-4258, DSA-4249).
13512 - Upgrade libmspack to 0.5-1+deb9u2 (DSA-4260).
13513 - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u3 (DSA-4271).
13514 - Upgrade the Apache XML Security for C++ library to 1.7.3-4+deb9u1
13515 (DSA-4265).
13517 * Bugfixes
13518 - Don't display the Enigmail configuration wizard in every Tails session
13519 (Closes: #15693, #15746). Fix against Tails 3.8.
13520 - Make the torstatus GNOME Shell extension actually translatable
13521 (Closes: #15715). Fix against the first Tails release that included
13522 this extension.
13523 - Drop Icedove → Thunderbird migration code which started causing trouble.
13524 - Tails Installer:
13525 · Link to upgrade documentation when upgrading (Closes: #7904).
13526 · Show the reinstall option only when the device is big enough to make
13527 a full reinstallation (Closes: #14810).
13528 · Make the main window fit in a 600px-high screen (Closes: #14849).
13529 · Show the correct device size in the reinstall confirmation dialog
13530 (Closes: #15590).
13531 - Tails Greeter: don't display file:/// URLs to users (Closes: #15582).
13533 * Minor improvements and updates
13534 - Install Mesa and libdrm* from stretch-backports and upgrade the Nouveau
13535 X.Org video driver to 1.0.15. This improves support for some graphics
13536 cards such as NVIDIA Pascal series (Closes: #14910)
13537 - htpdate: improve diagnostics output when the date header can't be fetched.
13538 - Onion Grater: support named AppArmor profiles.
13539 - Update Onion Grater's config for new Tor Browser AppArmor profile name.
13540 - Enable e10s in the Unsafe Browser.
13541 - Delete all search plugins for the Unsafe Browser (Closes: #15708).
13542 - Display a deprecation warning when starting Liferea (#11082).
13543 - Upgrade VirtualBox guest modules to 5.2.16-dfsg-3~bpo9+2.
13544 - Use Tor Browser for browsing the documentation even when offline
13545 (Closes: #15720).
13546 - Provide feedback while Tor Browser, "Tails documentation"
13547 or "Report an error" are starting (Closes: #15101).
13548 - WhisperBack: remove the right pane (Closes: #7180).
13549 - tails-debugging-info: return machine-readable, structured data.
13550 Adjust WhisperBack accordingly (Closes: #8514). This paves the way
13551 towards more usable bug reports (#8722).
13552 - Port lots of our Perl code to more lightweight libraries.
13553 This decreases the amount of memory used by the persistence
13554 configuration interface.
13555 - Do not hide applications that require an admin password (Closes: #11013).
13556 - Try unlocking every persistent volume when multiple ones are
13557 available (Closes: #15653).
13558 - Upgrade Electrum to 3.1.3-1~bpo9+1.
13559 - Upgrade most firmware to 20180518-1.
13560 - Upgrade Intel microcode to 3.20180703.2~bpo9+1.
13561 - Upgrade AMD microcode to 3.20180524.1.
13563 * Build system
13564 - Drop AppArmor feature set pinning: this is now done in Debian Stretch
13565 (Closes: #15341).
13566 - Remove the now unused deb.torproject.org sid APT source (Closes: #15638).
13567 - Install OnionShare from our custom APT repo instead of from sid.
13568 We've mistakenly tracked sid for a while and it has become a problem,
13569 so stick to the version that works for us until Tails 4.0.
13570 - Fix building the ISO on zfs by dropping the cache=none setting for
13571 vmproxy's storage (Closes: #14404).
13572 - Update the Vagrant basebox for any change under vagrant/.
13573 Previously, some relevant changes were not effective until something under
13574 vagrant/definitions/tails-builder/ was changed.
13575 - Make intltool ignore .py files: `intltool-update --maintain` seems to be
13576 buggy with .py files.
13577 - Refresh our CUPS AppArmor profile patch to apply on 2.2.1-8+deb9u2.
13578 - Make it more obvious that the .orig file check is fatal (Closes: #15727).
13579 - Delete baseboxes once they're 6 months old instead of 4.
13580 This is more in line with the delay between our major releases these days.
13581 - Rename /usr/share/amnesia to /usr/share/tails. It was about time.
13582 - Abort the build if /etc/{passwd,group} has changed (Closes: #15419).
13583 Such changes can break Tails after an automatic upgrade was applied
13584 so let's detect it ASAP. Consequently, ensure a few GIDs — that wanted
13585 to play musical chairs — are the same as in Tails 3.8 (Closes: #15695).
13586 - Don't fail the build if the APT lists don't include any package
13587 whose name matches ^geoclue.
13589 * Test suite
13590 - Adjust to the new tails-persistence-setup API.
13591 - Update the Tor Browser's AppArmor profile name.
13592 - Re-enable the "I can print the current page […]" test.
13593 - Update tests wrt. the fact tails-upgrade-frontend-wrapper was ported
13594 to Python (Closes: #15379).
13595 - Make a test more robust by waiting for the page to have loaded.
13596 - Adjust to the fact the WhisperBack debugging info is now configured
13597 in a machine-readable file.
13598 - Remove test for tails-debugging-info, that has been a no-op for a while.
13599 - Adjust for Tor Browser 8.
13600 - Make the "I open the address" step more robust and accordingly
13601 stop marking the tests that use it in the Unsafe Browser
13602 as fragile (refs: #14771).
13603 - De-duplicate a number of images of standard GTK+ 3 widgets.
13604 - Make the audio and WebM tests more robust.
13605 - Make the "I start the Tor Browser in offline mode" step more robust.
13606 - Make the "AppArmor has (not )? denied" step more robust.
13607 - Don't try and use XVFB_PID if it's not set (Closes: #15730).
13608 - Adjust Pidgin test to use a certificate that's still in Debian
13609 (Closes: #15762).
13610 - Use a hopefully more reliable public GnuPG key and make tests
13611 more robust against new subkeys being added (Closes: #15771).
13612 - Stop hard-coding the list of RTL Tor Browser locales.
13613 - Fix the "Unsafe Browser can be used in all languages supported in Tails"
13614 test for locales that have a translated homepage (Closes: #11711).
13615 - Take into account that apt(8) won't return when run in the remote shell
13616 with the ASP hooks enabled.
13618 -- Tails developers <tails@boum.org> Thu, 16 Aug 2018 18:37:47 +0000
13620 tails (3.8) unstable; urgency=medium
13622 * Security fixes
13623 - Upgrade Tor Browser to 7.5.6 (MFSA 2018-17; Closes: #15683).
13624 - Upgrade Enigmail to 2.0.7 (partly fixes #15602 aka. EFAIL).
13625 - Upgrade libgcrypt to 1.7.6-2+deb9u3 (DSA-4231-1).
13626 - Upgrade perl to 5.24.1-3+deb9u4 (DSA-4226-1).
13628 * Bugfixes
13629 - Thunderbird: fix importing public OpenPGP keys from email attachments
13630 (Closes: #15610).
13631 - Make the Unsafe Browser home page translatable again (Closes: #15461).
13633 * Minor improvements
13634 - Don't display the "Know your rights" message on Thunderbird first run.
13635 - Move Thunderbird's default userChrome.css to /etc/thunderbird, just like
13636 we do for Tor Browser, for easier upgrade handling.
13638 -- Tails developers <tails@boum.org> Mon, 25 Jun 2018 09:59:22 +0000
13640 tails (3.7.1) unstable; urgency=medium
13642 * Security fixes
13643 - Upgrade Tor Browser to 7.5.5 (MFSA 2018-14; closes: #15643).
13644 - Upgrade Thunderbird to 52.8.0 (DSA-4209-1; Closes: #15607).
13645 - Partially fixes EFAIL.
13646 - Fixes importing OpenPGP keys from keyservers with Enigmail.
13647 - Accordingly refresh our Thunderbird AppArmor profile patch.
13648 - Upgrade cURL to 7.52.1-5+deb9u6 (DSA-4202-1).
13649 - Upgrade GnuPG (modern) 2.1.18-8~deb9u2 (DSA-4222-1).
13650 - Upgrade GnuPG (legacy) to 1.4.21-4+deb9u1 (DSA-4223-1).
13651 - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4212-1).
13652 - Upgrade PackageKit to 1.1.5-2+deb9u1 (DSA-4207-1).
13653 - Upgrade procps to 2:3.3.12-3+deb9u1 (DSA-4208-1).
13654 - Upgrade wavpack to 5.0.0-2+deb9u2 (DSA-4197-1).
13655 - Upgrade wget to 1.18-5+deb9u2 (DSA-4195-1).
13656 - Upgrade xdg-utils to 1.1.1-1+deb9u1 (DSA-4211-1).
13658 * Bugfixes
13659 - Fix setting a screen locker password with non-ASCII characters
13660 (Closes: #15636).
13661 - WhisperBack:
13662 - Rename the WhisperBack launcher to "WhisperBack Error Reporting"
13663 so that users have a better chance to understand what it does
13664 (Closes: #6432)
13665 - Ensure debugging info in Whisperback reports don't contain email
13666 signature markers so that email clients forward it in full
13667 (Closes: #15468).
13668 - Wrap text written by the user to 70 chars (Closes: #11689).
13670 * Minor improvements
13671 - The "Tails documentation" desktop launcher now opens /doc instead of
13672 the aging /getting_started that confused people during user testing
13673 (Closes: #15575).
13675 * Test suite
13676 - Update to match "Tails documentation" behaviour change.
13678 -- Tails developers <tails@boum.org> Sat, 09 Jun 2018 19:53:51 +0000
13680 tails (3.7) unstable; urgency=medium
13682 * Security fixes
13683 - Upgrade Tor Browser to 7.5.4 (MFSA 2018-12, Closes: #15588).
13684 - Upgrade OpenSSL to 1.1.0f-3+deb9u2 (DSA-4157).
13685 - Upgrade Perl to 5.24.1-3+deb9u3 (DSA-4172).
13686 - Upgrade Libre Office to 1:5.2.7-1+deb9u4 (DSA-4178).
13687 - Upgrade libmad to 0.15.1b-8+deb9u1 (DSA-4192).
13689 * Bugfixes
13690 - Enable the removal of OpenPGP keyblock in Whisperback (closes: #7797).
13691 - Show the logo in Whisperback's About menu (closes: #13198).
13692 - Use the same font in all the Whisperback report (Closes: #11272).
13693 - Update tails-bugs@tails.boum OpenPGP key (Closes: #15534).
13695 * Minor improvements
13696 - Stop installing python-qt4 and python-trezor (Closes: #15391).
13697 - Make WhisperBack easier to find in the GNOME Overview (Closes: #13299).
13699 -- Tails developers <tails@boum.org> Tue, 08 May 2018 01:47:22 +0200
13701 tails (3.6.2) unstable; urgency=medium
13703 * Security fixes
13704 - Upgrade Tor Browser to 7.5.3 (MFSA 2018-10, Closes: #15459).
13705 - Upgrade Thunderbird to 1:52.7.0-1~deb9u1.0tails1 (DSA-4155,
13706 Closes: #15471).
13707 - Upgrade libicu to 57.1-6+deb9u2 (DSA-4150).
13708 - Upgrade intel-microcode to 3.20180312.1~bpo9+1. Implements
13709 IBRS/IBPB/STIPB support, Spectre-v2 mitigation for: Sandybridge,
13710 Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake
13711 (Closes: #15173).
13713 * Bugfixes
13714 - Tor Browser AppArmor profile:
13715 * Grant the main Firefox process access to machine-id: needed for
13716 IBus support (Closes: #15437).
13717 * Allow access to extensions installed by the user such as Tails
13718 Verification (Closes: #15434).
13719 - Remove packages needed to support Video Acceleration API
13720 (VA-API) because they breaks opening GNOME Settings and Totem in
13721 Tails 3.6 on some computers (only NVIDIA for now but perhaps
13722 other hardware is affected). (Closes: #15433, #15449)
13723 - Upgrade Linux to 4.15.11-1 and bump the aufs submodule (Closes:
13724 #15456, #15457).
13725 - tails-documentation script:
13726 * open translated documentation page in Tor Browser when online
13727 (Closes: #15371).
13728 * use documented syntax for os.execv (Refs: #15332)
13729 * re-add support for passing a HTML anchor as the second
13730 argument.
13731 - Fix issue where the tails-persistence-setup user's guid would be
13732 changed when it was the uid that was intended (Closes: #15422).
13734 -- Tails developers <tails@boum.org> Thu, 29 Mar 2018 17:49:42 +0200
13736 tails (3.6.1) unstable; urgency=medium
13738 * Security fixes
13739 - Upgrade Tor Browser to 7.5.2 (MFSA 2018-08 i.e. CVE-2018-5146).
13740 - Upgrade libvorbis to 1.3.5-4+deb9u2 (DSA 4140-1 aka. CVE-2018-5146).
13741 - Upgrade curl to 7.52.1-5+deb9u5 (DSA 4136-1).
13742 - Upgrade samba to 2:4.5.12+dfsg-2+deb9u2 (DSA 4135-1).
13744 * Bugfixes
13745 - Fix ISO build reproducibility (Closes: #15400)
13746 - Disable Selfrando: Tor Browser upstream currently enables it only
13747 in non-release builds
13748 (https://trac.torproject.org/projects/tor/ticket/24912#comment:8).
13750 -- Tails developers <tails@boum.org> Fri, 16 Mar 2018 22:42:00 +0000
13752 tails (3.6) unstable; urgency=medium
13754 * Major changes
13755 - Upgrade Tor Browser to 7.5.1.
13756 - Upgrade Tor to 0.3.2.10. (Closes: #15158)
13757 - Add ability to lock the screen. (Closes: #5684)
13758 - Add initial support for Meek bridges. (Closes: #8243)
13759 - Upgrade to Thunderbird 52.6.0. (Closes: #15298)
13760 - Enable Thunderbird AppArmor profile. (Closes: 11973)
13761 - Upgrade Linux to 4.15.0-1. (Closes: #15309).
13762 - Upgrade systemd to 237.
13763 - Upgrade Electrum to 3.0.6. (Closes: #15022)
13764 - Upgrade the base system to the Debian Stretch 9.4 point-release
13765 (Closes: #15341)
13766 - Port a few shell scripts to Python thanks to GoodCrypto. (Closes: #11198)
13768 * Security fixes
13769 - Upgrade Intel processor microcode firmware. (Closes: #15173).
13770 - Upgrade poppler to 0.48.0-2+deb9u1. (CVE-2017-14929, CVE-2017-1000456)
13771 - Upgrade tiff to 4.0.8-2+deb9u2 (CVE-2017-9935, CVE-2017-11335,
13772 CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013)
13773 - Upgrade ffmpeg to 7:3.2.10-1~deb9u1. (CVE-2017-17081)
13774 - Upgrade libtasn1-6 to 4.10-1.1+deb9u1. (CVE-2017-10790, CVE-2018-6003)
13775 - Upgrade Libre Office to 1:5.2.7-1+deb9u2. (CVE-2018-6871)
13776 - Upgrade libvorbis to 1.3.5-4+deb9u1. (CVE-2017-14632, CVE-2017-14633)
13777 - Upgrade gcc to 6.3.0-18+deb9u1.
13778 - Upgrade util-linux to 2.29.2-1+deb9u1. (CVE-2018-7738)
13779 - Upgrade isc-dhcp to 4.3.5-3+deb9u1 (CVE-2017-3144, CVE-2018-5732,
13780 CVE-2018-5733)
13782 * Minor improvements
13783 - Avoid noisy warning at boot time by creating tails-upgrade-frontend's
13784 trusted GnuPG homedir with stricter permissions, then making it looser.
13785 (Closes: #7037)
13786 - Drop (broken) Thunderbird dedicated SocksPort. (Closes: #12460)
13787 - Drop customized update-ca-certificates.service. (Closes: #14756)
13788 - Update AppArmor cupsd profile. (Closes: #15029)
13789 - Improve UX when GDM does not start. (Closes: #14521)
13790 - Install packages needed to support Video Acceleration API.
13791 (Closes: #14580)
13792 - Upgrade aufs-dkms for Linux 4.15. (Closes: #15132).
13793 - Ship pdf-redact-tools, thanks to dachary <loic@dachary.org>.
13794 (Closes: #15052)
13795 - Additional Software Packages: convert to python3 and PEP-8.
13796 (Closes: #15198)
13797 - Additional Software Packages: do not check for updates every time the
13798 network gets reconnected. (Closes: #9819)
13799 - Revert to xorg-xserver from Stretch. (Closes: #15232)
13800 - Open Tails documentation in Tor Browser when online. (Closes: #15332)
13801 - Disable Enigmail's Memory Hole feature. (Closes: #15201)
13802 - Persistence Setup: stop depending on Synaptic. (Closes: #15263)
13804 * Bugfixes
13805 - Additional Software Packages: fix the "incomplete online upgrade
13806 process" bug in offline mode (Closes: #14570)
13807 - Additional Software Packages: do not block Desktop opening.
13808 (Closes: #9059)
13809 - Install OpenPGP Applet 1.1. (Closes: #6398).
13810 - Repair rng-tools using a real start-stop-daemon program.
13811 (Closes: #15344)
13812 - Tails installer: fix bug with unicode status messages. (Closes: #15254)
13814 * Build system
13815 - Abort if tails-custom-apt-sources failed.
13816 - Abort the ISO build when DKMS modules are not built. (Closes: #14789).
13817 - Improve how we track dependencies in build hooks. (Closes: #14818)
13818 - Fix (potential) rare race condition during build.
13819 - Ensure the SquashFS has /etc/hostname properly configured.
13820 (Closes: #15322)
13821 - Bump builder VM's RAM. (Closes: #15310)
13823 * Test suite
13824 - Log the list of systemd jobs when systemctl is-system-running fails.
13825 (Closes: #14772).
13826 - Allow more time for 'systemctl is-system-running' to succeed.
13827 - Only support SikuliX, not Sikuli.
13828 - Disable SPICE clipboard sharing.
13829 - Don't flood the debug logger with the journal contents.
13830 - Rescue exception.
13831 - Enter a name into the Thunderbird account configuration.
13832 (Closes: #11256)
13833 - Fix the "I do not see ..." step's case. (Closes: #14929)
13834 - Mark scenarios that use the "The Report an Error launcher will…" step
13835 as fragile (Closes: #15321)
13836 - Test that Tor Browser opens docs when online. (Closes: #15332)
13837 - Adapt test after warning moved to after Unsafe Browser verification
13838 dialog. (Closes: #8775)
13839 - Dogtailify electrum.feature.
13840 - Add additional software packages feature. (Closes: #14572)
13841 - Disable test that is broken due to a Tor Browser bug. (refs: #15336)
13843 -- Tails developers <tails@boum.org> Mon, 12 Mar 2018 21:28:29 +0100
13845 tails (3.5) unstable; urgency=medium
13847 * Security fixes
13848 - Upgrade amd64-microcode to 3.20171205.1, for the mitigation
13849 against Spectre (CVE-2017-5715) (Closes: #15148).
13850 - Upgrade Tor Browser to 7.5-build3 (Closes: #15197).
13851 - Upgrade Thunderbird to 1:52.5.2-2~deb9u1.0tails1 (Closes: #15033)
13852 - Upgrade gdk-pixbuf to 2.36.5-2+deb9u2.0tails1 (Closes: #15177).
13853 - Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u4.
13854 - Upgrade libxml2 to 2.9.4+dfsg1-2.2+deb9u2.
13856 * Minor improvements
13857 - Upgrade Linux to 4.14.13, which is the first kernel that has the
13858 "[x86] microcode/AMD: Add support for fam17h microcode loading"
13859 commit, that's needed to load the AMD fam17h microcode for
13860 mitigating the Spectre vulnerability (CVE-2017-5715).
13862 * Bugfixes
13863 - Drop Claws Mail persistence setting migration. Whenever
13864 persistent Claws Mail setting is enabled, this creates an empty
13865 ~/.icedove/ directory, that prevents Thunderbird from starting
13866 (Closes: #12734).
13867 - Don't prevent the GNOME Applications button from opening its menu if
13868 time syncing resulted in a shift back in time (Closes: #14250).
13869 - Tails Installer: when cloning Tails to another USB drive, check
13870 if the target device has enough space *before* any destructive
13871 actions are made (Closes: #14622).
13872 - Tor Browser: make "Print to file" work again, for all locales
13873 (Closes: #13403, #15024).
13875 * Build system
13876 - Fix option passed to cmp: -q is not supported but --quiet is.
13877 Spotted on feature/buster that's the first branch that exercises
13878 this code, but there's no reason to fix it only there.
13880 * Test suite
13881 - Adapt tests for Tor Launcher 0.2.14.3, i.e. the one shipped with
13882 Tor Browser 7.5 in Tails 3.5 (Closes: #15064).
13883 - Add support for creating arbitrarily sized partitions.
13884 - Add a "Try cloning Tails to a too small partition" scenario
13885 (regression test for #14622).
13887 -- Tails developers <tails@boum.org> Tue, 23 Jan 2018 00:57:58 +0100
13889 tails (3.4) unstable; urgency=medium
13891 * Security fixes
13892 - Install Linux 4.14.0-3 from sid (Closes: #14976). This enables
13893 the kernel-side mitigations for Meltdown.
13894 - Upgrade curl to 7.52.1-5+deb9u3.
13895 - Upgrade enigmail to 2:1.9.9-1~deb9u1.
13896 - Upgrade gimp to 2.8.18-1+deb9u1.
13897 - Upgrade imagemagick to 8:6.9.7.4+dfsg-11+deb9u4.
13898 - Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
13899 - Upgrade libxcursor to 1:1.1.14-1+deb9u1.
13900 - Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
13901 - Upgrade poppler to 0.48.0-2+deb9u1.
13902 - Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
13903 - Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
13904 - Upgrade sensible-utils to 0.0.9+deb9u1.
13905 - Upgrade tor to 0.3.1.9-1~d90.stretch+1.
13907 * Minor improvements
13908 - Display TopIcons systray on the left of the system menu. This
13909 fixes #14796 (on Buster, it is displayed in the middle of the
13910 screen, on the left of the clock) and an annoying UX problem we
13911 have on Stretch: OpenPGP applet is in the middle of icons that
13912 share the exact same (modern, GNOME Shell-like) behaviour, which
13913 is disturbing when opening one of the modern menus and moving
13914 the mouse left/right to the others, because in the middle one
13915 icon won't react as expected, and the nice blue bottom border
13916 continuity is broken.
13917 - Use the "intel" X.Org driver for integrated graphics in Intel
13918 i5-7300HQ (Closes: #14990).
13919 - Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
13920 Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
13921 for good reasons, let's not revert to the upstream default.
13922 - Pin the AppArmor feature set to the Stretch's kernel one. Linux
13923 4.14 brings new AppArmor mediation features and the policy
13924 shipped in Stretch may not be ready for it. So let's disable
13925 these new features to avoid breaking stuff: it's too hard to
13926 check if all the policy for apps we ship (and that users install
13927 themselves) has the right rules to cope with these new mediation
13928 features.
13930 * Bugfixes
13931 - Don't delete downloaded debs after install (Closes: #10958).
13932 - Install xul-ext-ublock-origin from sid to make the dashboard
13933 work again(Closes: #14993). Thanks to cacahuatl
13934 <cacahuatl@autistici.org> for the patch!
13935 - Additional software feature: use debconf priority critical to
13936 prevent failure when installing packages otherwise requiring
13937 manual configuration (Closes: #6038)
13938 - Don't include anything under /lib/live/mount/medium/ in the
13939 readahead list (Closes: #14964). This fixes the boot time
13940 regression introduced in Tails 3.3.
13942 * Build system
13943 - Display a more helpful error message when the 'origin' remote
13944 does not point to the official Tails Git repository. This task
13945 calls git_base_branch_head() which relies on the fact 'origin'
13946 points to our official repo.
13947 - Vagrant: never build the wiki early. This has caused several
13948 issues throughout the years, the lastest instance being the
13949 reopening of #14933. (Closes: #14933)
13950 - Install libelf-dev during the time we need it for building DKMS modules.
13951 - Make the DKMS build hook verbose, and display DKMS modules build
13952 logs on failure. This hook is a recurring cause of headaches,
13953 let's simplify debugging.
13954 - Remove obsolete duplicate build of the virtualbox-guest DKMS
13955 module.
13957 * Test suite
13958 - Log the list of systemd jobs when systemctl is-system-running
13959 fails (Closes: #14772). Listing the units is not enough: in most
13960 cases I've seen, is-system-running returns "starting" which
13961 means the job queue is not empty, and to debug that we need the
13962 list of jobs.
13963 - Only support SikuliX; drop support for Sikuli.
13964 - Disable SPICE clipboard sharing in the guest. It could only mess
13965 things up, and in fact has confused me by suddenly setting my
13966 *host's* clipboard to "ATTACK AT DAWN"... :)
13967 - Decode Base64.decode64 return value appropriately; it returns
13968 strings encoded in ASCII-8bit.
13969 - Don't flood the debug logger with the journal contents.
13970 - Handle case where $vm is undefined during an extremely early
13971 scenario failure.
13972 - Allow more time for 'systemctl is-system-running' to
13973 succeed. (Refs: #14772)
13974 - Make Sikuli attempt to find replacements on FindFailed by
13975 employing fuzz, or "lowering the similarity factor". The
13976 replacements (if found) are saved among the artifacts, and
13977 serves as potential drop-in-replacements for outdated
13978 images. The main use case for this is when the font
13979 configuration in Tails changes, which normally invalidates a
13980 large part of our images given that our default high similarity
13981 factor. We also add the `--fuzzy-image-matching` where the
13982 replacements are used in case of FindFailed, so the tests can
13983 proceed beyond the first FindFailed. The idea is that a full
13984 test suite run will produce replacements for potentially *all*
13985 outdated images.
13986 - Fix our findAny() vs findfailed_hook. For findAny() it might be
13987 expected that some images won't be found, so we shouldn't use
13988 our findfailed_hook, which is about dealing with the situation
13989 where images need to be updated.
13990 - Make sure Pidgin's D-Bus policy changes are applied (Closes:
13991 #15007). Without the HUP there's a race that we sometimes lose.
13992 - Nump the Unsafe Browser's start page image (Closes: #15006).
13993 - Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
13994 since the latter is not detected on Sid (Closes: #14819).
13996 -- Tails developers <tails@boum.org> Mon, 08 Jan 2018 16:57:07 +0100
13998 tails (3.3) unstable; urgency=medium
14000 * Major changes
14001 - Upgrade the base system to the Debian Stretch 9.2 point-release
14002 which gives us tons of bugfixes (Closes: #14714).
14003 - Install Linux 4.13.0-1 (Closes: #14789).
14005 * Security fixes
14006 - Upgrade Thunderbird to 52.4.0 (Closes: #14963).
14007 - Upgrade Tor Browser to 7.0.10 (Closes: #14940).
14008 - Upgrade gdk-pixbuf to 2.36.5-2+deb9u1.0tails1 (Closes: #14729).
14010 * Minor improvements
14011 - Upgrade to Tor 0.3.1.8-2~d90.stretch+1, a new stable Tor series.
14012 - tails-documentation: rewrite in Python + use WebKit for display
14013 instead of the Tor Browser. Since Tor Browser 7.0.8 rendering of
14014 local pages (like our docs) fail (#14962) so this is probably a
14015 temporary workaround of that.
14016 - Replace the Unsafe Browser's warning pages with static,
14017 pure-HTML versions. This is truly a *temporary* workaround for
14018 #14962.
14019 - Update deb.tails.boum.org APT repo key (Closes: #14927)
14020 - Refresh Tor Browser AppArmor profile patch to apply on top of
14021 torbrowser-launcher 0.2.8-4's (Closes: #14923).
14022 - Drop obsolete manual enabling of AppArmor on the kernel
14023 command-line: it's now enabled by default, so the (Tails -
14024 Debian) delta gets smaller. :)
14026 * Bugfixes
14027 - Install Tails Installer 5.0.2. Fixes:
14028 * Most notably, fix an issue preventing Tails Installer from
14029 installing to drives containing a non-Tails partition that
14030 (obviously) has affected a lot of users. (Closes: #14755).
14031 * Fix an issue that made the resulting installations unbootable
14032 if Tails Installer was using a too recent udisks2, e.g. the
14033 one currently in Debian Sid (Closes: #14809).
14034 * Code clean-ups (Closes: #14721, #14722, #14723).
14035 - Fix UEFI boot for USB sticks installed with Universal USB
14036 Installer (Closes: #8992).
14037 - Force Tor Browser and Thunderbird to enable accessibility
14038 support even if no a11y feature is enabled in GNOME yet (Closes:
14039 #14752, #9260).
14040 - Mark our custom Desktop launchers as trusted (Closes: #14793,
14041 Refs: 14584).
14042 - Add a systemd --user target for bits of GNOME
14043 EarlyInitialization managed by systemd, and make the keyboard
14044 layout configuration as part of it. This fixes an issue where
14045 the layout chosen in the Greeter sometimes wasn't applied in the
14046 GNOME session (Closes: #12543).
14048 * Build system
14049 - auto/{build,clean,config}: run with `set -eu`.
14050 - Add script to sanity check the website. Currently it ensures all
14051 blog posts and security advisories have valid Ikiwiki 'meta
14052 date' directives, since we depend on it for reproducibility.
14053 Also make passing this sanity check a pre-condition for building
14054 the website (Closes: #12726, #14767).
14055 - Abort the ISO build when DKMS modules were not built.
14056 - Take into account where DKMS modules get installed nowadays.
14057 - auto/build: normalize file timestamps in wiki/src before
14058 building. The copy of the website included in the ISO image has
14059 "Posted" timestamps that apparently match when we cloned the Git
14060 repository, which affects reproducibility. (Closes: #14933).
14061 - Fix reproducibility of builds of topic branches that lag behind
14062 their base branch with the mergebasebranch build option enabled.
14063 Two otherwise identical merge commits done at different times
14064 get different IDs, and we happen to embed in the ISO the ID of
14065 the commit we're building from. (Closes: #14946)
14067 * Test suite
14068 - Bump timeout for "I can save the current page as", otherwise the
14069 "The Tor Browser directory is usable" scenario fails randomly
14070 when the system is under load.
14071 - New scenario: installing Tails to an eligible drive with an
14072 existing filesystem. This is a regression test for #14755.
14073 - New scenario: re-installing over an existing Tails installation.
14075 -- Tails developers <tails@boum.org> Tue, 14 Nov 2017 04:53:27 +0100
14077 tails (3.2) unstable; urgency=medium
14079 * Major changes
14080 - Upgrade Linux packages to the Debian kernel 4.12.0-2, based on
14081 mainline Linux 4.12.12 (Closes: #11831, #12732, #14673).
14083 * Security fixes
14084 - Upgrade Tor Browser to 7.0.6-build3 (Closes: #14696).
14085 - Upgrade to Thunderbird 52.3.0 (Closes: #12639).
14086 - Deny access to Pidgin's D-Bus service (Closes: #14612). That D-Bus
14087 interface is dangerous because it allows _any_ application running
14088 as `amnesia' that has access to the session bus to extract
14089 basically any information from Pidgin and to reconfigure it:
14090 https://developer.pidgin.im/wiki/DbusHowto
14091 - Block loading of Bluetooth kernel modules (Closes: #14655) and
14092 block Bluetooth devices with rfkill (Closes: #14655).
14093 - Add localhost.localdomain to the hosts file to prevent loopback
14094 leaks to Tor circuits (Closes: #13574). Thanks to tailshark for
14095 the patch!
14097 * Minor improvements
14098 - Upgrade to Tails Installer 5.0.1 (Closes: #8859, #8860, #12707). This
14099 version gets rid of the splash screen, detects when Tails is already
14100 installed on the target device (and then proposes to upgrade),
14101 and generally improves the UX. It also increases the Tails partition
14102 size and refuses to install to devices smaller than 8 GB.
14103 - Deprecate Thunderbird's preferences/0000tails.js (Closes: #12680).
14104 - Install the BookletImposer PDF imposition toolkit (Closes: #12686).
14105 - Tor Browser:
14106 * Fallback to ~/Tor Browser for uploads (Closes: #8917).
14107 * Silence some common operations that always are denied and
14108 otherwise would spam the journal (Closes: #14606)
14109 - Shell library: remove now unused functions (Closes: #12685).
14110 - Add pppoe to the installed packages (Closes #13463). Thanks to geb
14111 for the patch!
14112 - Replace syslinux:i386 with syslinux:amd64 in the ISO9660
14113 filesystem (Closes: #13513).
14114 - htpdate: fix date header regexp (Closes: #10495). It seems that
14115 some servers (sometimes) do not send their headers with first
14116 letter uppercased, hence a lot of failures to find the date in it.
14117 - Install aufs-dkms from Debian unstable (Closes: #12732).
14118 - Install vim-tiny instead of vim-nox (Closes: #12687). On Stretch,
14119 vim-nox started pulling ruby and rake in the ISO. I think vim-tiny
14120 would be good enough, and would save a few MiB in the ISO. Those
14121 who use vim more intensively and want another flavour of vim are
14122 likely to need persistence anyway, and can thus install a more
14123 featureful vim with the additional software packages feature.
14124 - Remove gksu and its and gconf's dependencies (Closes: #12738). We
14125 use pkexec instead of gksudo. gksu is unmaintained, buggy
14126 (e.g. #12000), and it is the only reason we ship GConf, which we
14127 want to remove. The other removals are:
14128 * libgnomevfs2-extra, which was previously used for SSH/FTP support in
14129 Nautilus, but isn't needed for that any more.
14130 * libgnome2-bin which provides gnome-open, which isn't required by
14131 any application in Tails (as far as we know).
14132 * Configurations and scripts that become obsolete because of these
14133 removals.
14134 - Refresh torbrowser-AppArmor-profile.patch to apply cleanly on top
14135 of torbrowser-launcher 0.2.8-1 (Closes: #14602).
14136 - Switch from Florence to GNOME's on-screen keyboard (Closes: #8281)
14137 and incidentally improve accessibility in GTK+ 2.0 and Qt
14138 applications. This drops Florence and the corresponding GNOME
14139 Shell extension.
14140 - Make ./HACKING.mdwn a symlink again (Closes: #13600).
14141 - Implement refresh-translations --force .
14142 - Rework how we handle the individual POT files of our applications.
14143 Comparing the new temporary POT files we generate with the
14144 temporary POT files we generated last time (if ever, and if we
14145 did, for which branch?) is not relevant; these POT files are only
14146 used for merging into a new tails.pot and *that* one is relevant
14147 to diff against the old tails.pot.
14148 - Update the Tails signing key. (Closes: #11747)
14149 - Reproducibility:
14150 * Ensure reproducible permissions for /etc/hostname (Closes:
14151 #13623).
14152 * Patch desktop-file-utils to make its mimeinfo.cache reproducible
14153 (Closes: #13439).
14154 * Patch glib2.0 to make its giomodule.cache reproducible (Closes:
14155 #13441).
14156 * Patch gdk-pixbuf to make its loaders.cache reproducible (Closes:
14157 #13442).
14158 * Patch gtk2.0 and gtk3.0 to make their immodules.cache
14159 reproducible (Closes: #13440).
14160 * Remove GCconf: it is a source of non-determinism in the
14161 filesystem (element order in /var/lib/gconf/defaults/%gconf-tree-*.xml)
14162 which made Tails unreproducible.
14163 * Ignore comment updates in POT files, which was a source of
14164 non-determinism and therefore prevented Tails from being
14165 reproducible (Closes: #12641).
14166 - Kernel hardening:
14167 * Increase mmap randomization to the maximum supported value
14168 (Closes: #11840). This improves ASLR effectiveness, and makes
14169 address-space fragmentation a bit worse.
14170 * Stop explicitly enabling kaslr: it's enabled by default in
14171 Debian, and this kernel parameter is not supported anymore.
14172 * Disable kexec, to make our attack surface a bit smaller.
14174 * Bugfixes
14175 - Start Nautilus silently in the background when run as root
14176 (Closes: #12034). Otherwise, after closing Nautilus one gets the
14177 prompt back only after 5-15 seconds, which confuses users and makes
14178 our doc more complicated than it should.
14179 - Ensure pinentry-gtk2 run by Seahorse has the correct $DISPLAY set
14180 (Closes: #12733).
14182 * Build system
14183 - build-manifest-extra-packages.yml: remove squashfs-tools version
14184 we don't use anymore (Closes: #12684). Apparently our
14185 apt-get/debootstrap wrapper tricks are enough to detect the
14186 version of squashfs-tools we actually install and use.
14187 - Merge base branch earlier, i.e. in auto/config instead of
14188 auto/build (Closes: #14459). Previously, a given build from a topic
14189 branch would mix inconsistent versions of things.
14190 - Fail builds started before SOURCE_DATE_EPOCH (Closes:
14191 #12352). Such builds would not be reproducible, and this is an
14192 assumption (a reasonable one!) that we do all over the place, so
14193 let's fail early. While we're at it, let's fail if
14194 SOURCE_DATE_EPOCH is not set as well. Actually we would fail any
14195 way if that was the case when reaching our
14196 99-zzzzzz_reproducible-builds-post-processing build hook, but
14197 let's fail early.
14199 * Test suite
14200 - Test the GNOME Root Terminal.
14201 - Take into account that Tails Installer 5.0.1 refuses to install
14202 Tails to devices smaller than 8 GiB. It'll still allow *upgrading*
14203 such sticks though.
14204 - Use 7200 MiB virtual USB drives when we really mean 8 GiB. In the
14205 real world, USB sticks labeled "8 GB" can be much smaller, so
14206 Tails Installer will accept anything that's at least 7200 MiB.
14207 This commit makes us exercise something closer to what happens in
14208 the real world, and incidentally it'll save storage space on our
14209 isotesters and improve test suite performance a bit. :)
14210 - Have unclutter poll every 0.1s instead of continuously. On current
14211 sid, virt-viewer eats a full CPU and doesn't do its job when
14212 "unclutter -idle 0" is running.
14213 - Adapt tests for Tails Installer 5.0.1.
14214 - Workaround Pidgin's DBus interface being blocked since we actually
14215 depend on it for some tests.
14216 - Test that Pidgin's DBus interface is blocked.
14217 - Save more data on test suite failures (Refs: #13541):
14218 * When Tor fails to bootstrap, save Tor logs and chutney nodes
14219 data.
14220 * When Htpdate fails to synchronize the clock, save its logs.
14221 * Always save the systemd journal on failure.
14222 - When testing emergency shutdown, wait longer for Tails to tell
14223 us it has finished wiping the memory. The goal here is to help
14224 us understand whether (Refs: #13462) is a bug in the emergency
14225 shutdown feature or in our test suite.
14226 - Restart nautilus-desktop if Desktop icons are not visible
14227 (Closes: #13461).
14228 - Test suite: fix assert_raise() when using ruby-test-unit >=
14229 3.2.5 (Closes: #14654). ruby-test-unit 3.2.5 added native Java
14230 exception support for JRuby. The fact we defined the :Java
14231 constant was enough to trigger that JRuby-specific code, which
14232 failed.
14233 - Test suite: take into account that click-to-play is not required
14234 anymore for WebM videos in Tor Browser (Closes: #14586).
14236 -- Tails developers <tails@boum.org> Mon, 25 Sep 2017 22:23:01 +0200
14238 tails (3.1) unstable; urgency=medium
14240 * Security fixes
14241 - Upgrade Tor Browser to 7.0.4-build1 (Closes: #13577).
14242 - Upgrade Linux to 4.9.30-2+deb9u3.
14243 - Upgrade libtiff to 4.0.8-2+deb9u1.
14244 - Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u2.
14245 - Upgrate evince to 3.22.1-3+deb9u1.
14246 - Upgrade imagemagick 8:6.9.7.4+dfsg-11+deb9u1.
14247 - Ensure Thunderbird cleans its temporary directory. (Closes: #13340).
14249 * Minor improvements
14250 - Patch gconf to produce reproducible XML output (refs: #12738). This is
14251 the temporary solution for #12738 in Tails 3.1 which will be reverted
14252 (and fixed permanently by removing gconf) in Tails 3.2.
14253 - Apply Debian bts patch to cracklib to produce reproducible dictionnaries
14254 (Closes: #12909).
14255 - Upgrade to Debian 9.1 (Closes: #13178).
14257 * Bugfixes
14258 - Replace faulty URL in htpdate neutral pool (Closes: #13472).
14259 - Keep installing a version of Enigmail compatible with Thunderbird 45.x
14260 (Closes: #13530).
14261 - Fix the time syncing and Tor notifications translations (Closes: #13437).
14263 * Build system
14264 - Upgrade the Vagrant basebox for building ISO images to Stretch
14265 (Closes: #11738).
14266 - Fix on-disk build by bumping Vagrant build VM memory to 768M
14267 (Closes: #13480).
14268 - Fix rescue build option by exporting TAILS_BUILD_FAILURE_RESCUE
14269 (Closes: #13476).
14271 * Test suite
14272 - mark gnome screenshot scenario as fragile (refs: #13458)
14273 - mark UEFI scenario as fragile (refs: #13459).
14275 -- Tails developers <tails@boum.org> Sat, 05 Aug 2017 15:25:51 +0200
14277 tails (3.0.1) unstable; urgency=medium
14279 * Security fixes
14280 - Upgrade tor to 0.3.0.9-1~d90.stretch+1 (Closes: #13253).
14281 - Upgrade Linux to 4.9.30-2+deb9u2.
14282 - Upgrade libc to 2.24-11+deb9u1.
14283 - Upgrade libexpat1 to 2.2.0-2+deb9u1.
14284 - Upgrade libgcrypt20 to 1.7.6-2+deb9u1.
14285 - Upgrade libgnutls30 to 3.5.8-5+deb9u1.
14286 - Enable Debian security APT sources (Closes: #12309).
14288 * Minor improvements
14289 - Use a higher resolution image in Tails persistence setup
14290 (Closes: #12510).
14292 * Bugfixes
14293 - Forcibly set $SSH_AUTH_SOCK before starting GNOME
14294 Shell. Apparently, due to a race condition, GNOME keyring
14295 sometimes fails to tell the session manager about the correct
14296 SSH_AUTH_SOCK, and thus GNOME Terminal hasn't this variable set
14297 and any ssh process started in there won't use the (perfectly
14298 working) SSH agent (Closes: #12481).
14299 - Fix issue that made Tails Installer rejects working USB drives,
14300 pretending they're not "removable" (Closes: #12696).
14301 - Make behavior of the power button and lid close actions in the Greeter
14302 consistent with the regular GNOME session (Closes: #13000).
14304 * Build system
14305 - Track the latest debian-security archive for the corresponding
14306 APT sources, and not for the unrelated jessie-updates (Closes:
14307 #12829).
14308 - Print APT sources used in the build VM, to help debugging issues
14309 such as #12829.
14311 -- Tails developers <tails@boum.org> Tue, 04 Jul 2017 15:59:18 +0200
14313 tails (3.0) unstable; urgency=medium
14315 * Major changes
14316 - Upgrade Tor Browser to 7.0.1 (Closes: #12635, #12657).
14317 - Upgrade to a new snapshot of the Debian and Torproject
14318 APT repositories: respectively 2017060904 and 2017060903
14319 (Closes: #12609).
14321 * Minor improvements
14322 - Tor Browser: enable Electrolysis (e10s), i.e. render content in a separate
14323 child process, which will allow to improve performance and security
14324 further along the road. This required us to drop our branding add-on
14325 and re-implement its functionality in our Tor Browser wrapper
14326 (Closes: #12569).
14327 - Clean obsolete cached packages when using the Additional Software Packages
14328 feature (Closes: #12400).
14329 - Improve KeePassX database migration handling (Closes: #12375).
14330 - Upgrade OnionShare to 0.9.2, from Debian sid as it has been removed
14331 from Stretch (Closes: #12610).
14332 - Upgrade Tor to 0.3.0.8 (Closes: #12656).
14333 - Drop obsolete bilibop patch, that was applied in 0.5.2.1.
14334 - Include disk space usage information in the WhisperBack bug reports.
14335 - Reorder technical details in WhisperBack bug reports in way that makes
14336 more sense when reading them.
14337 - Convert lc.py to Python 3.
14338 - Simplify some Python code thanks to subprocess.check_ouput.
14339 - Set the initial keyboard focus on the "Start Tails" button
14340 in Tails Greeter (Closes: #12509).
14341 - Convert Tails Greeter's Debian packaging to current best practices.
14343 * Bugfixes
14344 - Fix persistent Thunderbird configuration migration when there is
14345 a mimeTypes.rdf, that doesn't contain any associations to "icedove"
14346 or "/usr/bin/iceweasel" (Closes: #12580).
14347 - Fix persistent browser bookmarks, by generating them from an sqlite dump
14348 (Closes: #12568).
14349 - Use the "intel" X.Org driver for Intel Atom/Celeron/Pentium Processor
14350 x5-E8000/J3xxx/N3xxx Integrated Graphics Controller.
14351 - `exec' from our Thunderbird wrapper so it doesn't remain running.
14352 - Tails Installer: don't allow installing on non-removable drives
14353 (Closes: #10731).
14354 - Fetch the torbrowser-launcher sources from Debian sid:
14355 it's been removed from Debian testing.
14356 Refresh torbrowser-AppArmor-profile.patch accordingly.
14357 - Unsafe Browser: remove the search bar, that's currently buggy
14358 and its presence only encourages unsupported usage (Closes: #12573).
14359 - Unsafe Browser: disable searching in the address bar. It can result
14360 in leaking hostnames and credentials to the default search
14361 engine operator (Closes: #12540).
14362 - Make our omni.ja modifications reproducible (Closes: #12620).
14363 - Generate the fontconfig cache in a reproducible manner (Closes: #12567).
14364 - Don't include torrents/rss.html in the ISO. It's not generated
14365 in a deterministic manner and is worthless in the ISO (Closes: #12619).
14366 - Improve the language → default keyboard layout mapping
14367 in Tails Greeter (Closes: #12547).
14368 - Don't close Tails Greeter's main window when Alt-F4 is pressed
14369 (Closes: #12462).
14371 * Test suite
14372 - Run emergency_shutdown.feature after usb_*.feature, to reduce disk
14373 space requirements (Closes: #12565).
14374 - Deal with server messages in Pidgin.
14375 - Improve Pidgin connectivity check robustness.
14376 - Flag the Synaptic test as fragile (i.e. #12586).
14377 - Optimization: only test once that Tails, booted on DVD, eventually
14378 shuts down after wiping memory.
14379 - Move tests about the shutdown applet to a dedicated feature,
14380 as they have nothing to do with Tails' "emergency" shutdown feature.
14381 - Adapt the network connectivity check to Stretch, and improve it to check
14382 both link and IP connectivity (Closes: #12602).
14383 - Apply a fix from upstream Git to mutter, to fix some of its interactions
14384 with dogtail (Closes: #11718).
14385 - Mark "Scenario: Watching a WebM video" as fragile (i.e. #10442).
14387 * Build system
14388 - Set create_box -e, to make the vagrant box generation a bit more robust.
14389 (Closes: #12578).
14390 - Install kernel from backports and Tails build deps before performing
14391 APT upgrade, to avoid useless bandwidth usage (Closes: #12529).
14392 - Update submodules after merging the base branch (Closes: #12556).
14393 - Rakefile: fix date comparison in basebox:clean_old (Closes: #12575).
14394 - Rakefile: have basebox:clean_old delete baseboxes more than 4 months old
14395 (refs: #12576).
14396 - Also check for fuzzy patches' .orig files at the end of our build hooks,
14397 so we detect any fuzzy patches applied by hooks (Closes: #12617).
14398 - Remove .orig files for patches we allow to be fuzzy.
14399 - Don't pre-build the wiki when mergebasebranch is enabled.
14400 When pre-building the wiki, we modify the PO files which results in a
14401 conflict from the base branch merge in case it modifies the same
14402 files, which breaks the build (Closes: #12611).
14403 - Rakefile: add a task that removes all tails-builder-* libvirt volumes
14404 (Closes: #12599).
14406 -- Tails developers <tails@boum.org> Sat, 10 Jun 2017 14:39:10 +0000
14408 tails (3.0~rc1) unstable; urgency=medium
14410 * Major changes
14411 - Install Thunderbird 1:45.8.0-3+tails2 and handle the Icedove → Thunderbird
14412 migration, including wrt. persistent data (Closes: #11712, #12242).
14413 This package also has the patch from
14414 https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 applied,
14415 to ease future integration of the Thunderbird AppArmor profile.
14416 Also, drop the Claws → Icedove migration path.
14417 - Upgrade to a new snapshot of the Debian and Torproject
14418 APT repositories: 2017051803 (Closes: #12554).
14419 - Upgrade Linux packages to the Debian kernel 4.9.0-3, based on
14420 mainline Linux 4.9.25.
14421 - Replace the kexec-based memory erasure feature with the Linux kernel's
14422 memory poisoning (Closes: #12354, #12428). The kexec-based implementation
14423 was not reliable enough and provided a poor UX. Instead, we now return
14424 to the initramfs on shutdown and unmount all filesystems there, so their
14425 content and corresponding caches are erased.
14426 - Upgrade Tor Browser to 7.0a4 based on Firefox 52.1.1esr (Closes:
14427 #12115, #12464):
14428 * Unfortunately e10s (multi-process Firefox) is disabled (#12569).
14429 * Unfortunately persistent bookmarks created for the first time
14430 in Tails 3.0~rc1 is broken (#12568).
14431 * Adds exceptions for the extensions Tails installs on top of
14432 the vanilla Tor Browser (Closes: #11419).
14433 - Upgrade tor to 0.3.0.7-1 (Closes: #12485) and log both to the
14434 usual file and the journal (Closes: #12412).
14435 - Merge the code that makes Tails almost build reproducibly (Refs:
14436 #5630); we still have issues with the fontconfig cache (Refs:
14437 #12567).
14439 * Minor improvements
14440 - Add a HACKING document for new code contributors (Closes:
14441 #12164).
14442 - Rename tor-controlport-filter to onion-grater (Closes: #12394)
14443 and import patches killing the delta against Whonix version
14444 (Closes: #12173).
14445 - Improve onion-grater; thanks to Joy SN <joysn1980@yahoo.com>
14446 for the original patches (Closes: #12173):
14447 · add --listen-interface
14448 · make stdout/stderr unbuffered to ensure Python exceptions are logged
14449 · use yaml.safe_load()
14450 - Improve KeePassX database migration handling (refs: #12375).
14451 - Electrum: set coin selection strategy to 'Privacy' (Closes: #12177).
14452 - Allow Onion Circuits to access /proc/pid/status.
14453 - Make gdm-shell-tails.desktop more similar to the one shipped
14454 in gnome-shell 3.22.3-3 (refs: #12364).
14455 - Greeter: have the help window point to updated documentation,
14456 use WebKit2 instead of the deprecated WebKit, and hide the sidebar
14457 and banner.
14458 - Use exec to start KeePassX, i.e. avoid leaving the wrapper running.
14460 * Bugfixes
14461 - Install xserver-xorg-legacy, to fix support for various graphics
14462 adapters that still don't work with rootless X.Org (Closes: #12542).
14463 - Use the "intel" X.Org driver for Intel Q35 and Intel Atom
14464 D4xx/D5xx/N4xx/N5xx graphics controllers (refs: #12219).
14465 - Give UEFI bootloaders upper-case filenames (Closes: #12511).
14466 Some UEFI firmware, such as the one in the ThinkPad X220, only recognize
14467 them if they have an upper-case name.
14468 - KeePassX: enable "Automatically save after each change" again,
14469 like we did in Tails 2.x (fixes a regression introduced
14470 in 3.0~beta3).
14471 - Install packages needed by the "Test speakers" functionality
14472 (Closes: #12549).
14473 - Fix automatic upgrades when one is already applied (Closed:
14474 #12501).
14475 - When generating the network device blacklist, also blacklist
14476 network drivers from the staging directory (Closes: #12362).
14477 - htpdate pool: replace www.sarava.org with leap.se. The former
14478 has been down for a while and it's not clear when it's going to
14479 be stable again. The latter should be reliable.
14481 * Test suite
14482 - Check that dirmngr used the configured keyserver (Closes: #12371).
14483 - Sanity check that Chutney starts all nodes in the network.
14484 - Disable the Sandbox option for all nodes, until Tor#21943
14485 is fixed (Closes: #12512).
14486 - Wait for the desktop icons to be displayed in the "Tails desktop is ready"
14487 step. Let's not try interacting with the desktop earlier.
14488 - Add tests for memory erasure on "normal" shutdown (refs: #12428).
14489 - Add tests for memory erasure on "emergency" shutdown, and run some
14490 with network enabled (refs: #12354).
14491 - Have eject_cdrom run eject(1) like it used to do in the past.
14492 Otherwise the machine is immediately halted and we cannot test
14493 whether memory has been erased.
14494 - Pass mount_USB_drive structured data instead of free-form text.
14495 - Test that MAC spoofing and "Disable network" works for
14496 hotplugged networking devices (Refs: #12362).
14498 * Build system
14499 - Generate the Vagrant base box locally as part of the build process,
14500 instead of downloading it: one less binary blob as input in the build
14501 process (refs: #12409).
14502 - Use Vagrant for builds on Jenkins too (Closes: #11972).
14503 - Tell build script to be more verbose.
14504 - Respect the 'ARTIFACTS' environment variable if set.
14505 - Add a second disk to handle the apt-cacher-ng cache, and store
14506 the corresponding logs in there (Closes: #11979).
14507 - Use APT snapshots in Vagrant build VMs, create/use a basebox that matches
14508 the branch/tag/commit being tested, and provision a new VM for each build
14509 (Closes: #11980, #11981).
14510 - Ship all build dependencies in the Vagrant basebox, to save some
14511 time when building ISOs.
14512 - Make basebox generation compatible with both GnuPG 1.x and 2.x.
14513 - Set LC_ALL=C, mostly to suppress some warnings.
14514 - Support forcing VM cleanup before/after build.
14515 - Add tasks for cleaning up old or all base boxes (refs: #12409).
14516 - Add build option useful for debugging build failures.
14517 - Remove obsolete build options.
14518 - Make auto/scripts/utils.sh more reusable, use it in Rakefile,
14519 auto/build and setup-tails-builder.
14520 - Add an option controlling whether to merge the base branch.
14521 - Add "rake test" target and import logics from puppet-tails'
14522 wrap_test_suite script.
14523 - Build Tails as a release simply when HEAD is tagged, i.e. we do not
14524 require building from a detached head any more.
14525 - Sanity check compression choice when building a release.
14526 - Use the host's resolv.conf when building the Vagrant base box.
14527 Since systemd-networkd is used to manage resolv.conf inside the base box,
14528 and it hasn't been initialized yet (we are not booting it, just chrooting
14529 into it) DNS is broken otherwise.
14530 - Release process: "release" a new base box when freezing.
14531 - Chown/scp artifacts with a single command to limit overhead and warnings
14532 noise caused by repeated SSH calls.
14533 - Add a build options to use a custom CPU model, and custom
14534 machine type, for reproducibility testing (refs: #12345).
14535 - Add support for installing Tor Browser nightly builds.
14537 -- Tails developers <tails@boum.org> Sat, 20 May 2017 16:48:45 +0200
14539 tails (3.0~beta4) unstable; urgency=medium
14541 * Major changes
14542 - All changes brought by Tails 2.12.
14543 - Upgrade to a new snapshot of the Debian and Torproject
14544 APT repositories (2017041704).
14546 * Security improvements
14547 - Enable the buddy page allocator free poisoning (Closes: #12089).
14548 - Enable slub/slab allocator free poisoning (Closes: #12090).
14549 - Create IUKs (automatic upgrades) in a reproducible manner
14550 (Closes: #11974).
14552 * Minor improvements
14553 - Firewall: forbid the _apt user to talk to DNS ports. APT works very well
14554 without DNS access since we only have Onion APT sources, so let's silence
14555 the logs.
14556 - Replace Pidgin's "systray" icon with the guifications plugin
14557 (Closes: #11741). We're trying to remove as much as we can from
14558 the set of icons managed by TopIcons extension flavours, in the hope
14559 it's enough to cancel the problems we've seen with them (#10576, #11737).
14560 - Disable apt-daily.timer, that can only cause problems in our context
14561 (Closes: #12390).
14562 - Do not let pppd-dns manage /etc/resolv.conf (Closes: #12401).
14563 - Ensure rootless X.Org can access /dev/fb0 when started by GDM.
14564 - Include the amdgpu module in the initramfs (refs: #12218).
14565 - Tails Greeter: don't mention 'firewall' anymore (#12382).
14566 - Tails Greeter: avoid the popover menu for Formats being cut,
14567 in most cases (Closes: #12249).
14568 - Tails Greeter: disable the screensaver (Closes: #12370).
14569 - Tails Greeter: fix behavior when pressing Enter in the language selection
14570 menu (Closes: #12359).
14572 * Bugfixes
14573 - Install speech-dispatcher-espeak-ng to fix the Orca screen reader
14574 (Closes: #12389).
14575 - Install xserver-xorg-video-intel and use it on a few graphics adapters
14576 that are not supported correctly by the modesetting driver (refs: #12219).
14577 More PCI IDs will be added as new affected hardware is reported.
14579 * Test suite
14580 - Run on a Q35 2.8 machine (Closes: #11605).
14581 - Deprecate xtightvncviewer in favor of tigervnc-viewer.
14582 - Test the Unsafe Browser in 3 random supported languages, not all.
14583 This should be enough to identify most future regressions in this area,
14584 and will be much faster than testing them all.
14585 - Pidgin tests: switch to an image that doesn't depend on the
14586 topic of tails@conference.riseup.net.
14587 - Fix a problematic use of try_for.
14588 - Fix VM.select_virtual_desktop() and VM.do_focus().
14589 - Random Gherkin improvements.
14590 - Fix a focus issue for GNOME Terminal vs. Tails Installer.
14591 - Adjust to kernel memory poisoning being enabled, which breaks the way
14592 we used to test memory erasure (refs: #12354):
14593 · Drop "no memory erasure" and "memory erasure" tests, that can't work
14594 anymore.
14595 · Test erasure of memory freed by a killed userspace process.
14596 · Test that memory poisoning applies to unmounted tmpfs.
14597 · Test that memory poisoning applies to read and write cache
14598 for unmounted vfat and LUKS-encrypted ext4.
14599 · Run erase_memory a bit later, it requires less disk space nowadays.
14601 -- Tails developers <tails@boum.org> Tue, 18 Apr 2017 13:01:25 +0000
14603 tails (2.12) unstable; urgency=medium
14605 * Major changes
14606 - Completely remove I2P. :( We have decided to remove I2P (see
14607 #11276) due to our failure of finding someone interested in
14608 maintaining it in Tails (Closes: #12263).
14609 - Upgrade the Linux kernel to 4.9.13-1~bpo8+1 (Closes: #12122).
14611 * Security fixes
14612 - Upgrade Tor Browser to 6.5.2 based on Firefox 45.9. (Closes:
14613 #12444)
14614 - Mount a dedicated filesystem on /var/tmp, to mitigate the
14615 hardlinks permissions open by the user-tmp abstraction. See
14616 https://labs.riseup.net/code/issues/9949#note-23 for details
14617 (Closes: #12125).
14618 - Protect against CVE-2017-2636 by disabling the n-hdlc kernel
14619 module (Closes: #12315).
14620 - Ensure /etc/resolv.conf is owned by root:root in the SquashFS.
14621 lb_chroot_resolv will "cp -a" it from the source tree, so it
14622 inherits its ownership from the whoever cloned the Git
14623 repository. This has two problems. First, this results in unsafe
14624 permissions on this file (e.g. a Vagrant build results in the
14625 'amnesia' user having write access to it).
14626 - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u3
14627 - Upgrade gstreamer and its plugins to 1.4.4-2+deb8u1.
14628 - Upgrade eject to 2.1.5+deb1+cvs20081104-13.1+deb8u1.
14629 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u8.
14630 - Upgrade pidgin to 2.11.0-0+deb8u2.
14631 - Upgrade samba to 2:4.2.14+dfsg-0+deb8u5.
14634 * Minor improvements
14635 - Don't add the live user to the "audio" group. This should not be
14636 needed on a modern Linux desktop system anymore (Closes:
14637 #12209).
14638 - Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT
14639 repository (Closes: #12307).
14640 - Install virtualbox-guest-* from sid. The version currently in
14641 jessie-backports is not compatible with Linux 4.9, and there's
14642 basically no chance that it gets updated (the maintainer asked
14643 for them to be *removed* from jessie-backports) (Closes:
14644 #12298).
14645 - Pull ttdnsd from our custom APT repository. It's gone from the
14646 TorProject one. We removed ttdnsd on feature/stretch already, so
14647 we'll need to pull it from our custom APT repository only for
14648 the next 3 months.
14649 - Clean up libdvd-pkg build files, again. This cleanup operation
14650 was mistakenly removed in commit c4e8744 (Closes: #11273).
14651 - Install gnome-sound-recorder (Closes #10950). Thanks to Austin
14652 English <austinenglish@gmail.com> for the patch!
14653 - Stop restarting tor if bootstrapping stalls. It seems tor might
14654 have fixed the issues we used (see: #10238, #9516) to experience
14655 with the bootstrap process stalling and requiring a restart to
14656 kickstart it (Closes: #12411).
14657 - tor.sh: communicate via the UNIX socket instead of TCP port.
14658 This makes the library usable when run inside systemd units that
14659 have `PrivateNetwork=yes` set.
14660 - Get tor's bootstrap progress via GETINFO instead of log
14661 grep:ing.
14662 - Upgrade tor to 0.2.9.10-1~d80.jessie+1
14664 * Bugfixes
14665 - mirror-pool-dispatcher: bump maximum expected mirrors.json size
14666 to 32 KiB. This fixes an error where Tails Upgrader would
14667 complain with "cannot choose a download server" (Closes:
14668 #11735).
14670 * Build system
14671 - Retry curl and APT operations up to 20 times to make the ISO
14672 build more robust wrt. unreliable Internet connectivity. Thanks
14673 to Arnaud <arnaud@preev.io> for the patch!
14674 - Install ikiwiki from jessie-backports, instead of our patched
14675 one. Our changes were merged in 3.20161219, and jessie-backports
14676 now has 3.20170111~bpo8+1 (Closes: #12051).
14677 - Fix FTBFS when installing a .deb via config/chroot_local-packages
14678 by being more flexible when matching local packages in the apt
14679 list file (Closes: #12374). Thanks to Arnaud <arnaud@preev.io>
14680 for the patch!
14681 - auto/build: support Stretch's GnuPG v2 keyring filename.
14683 * Test suite
14684 - Try possible fix for #11508. IPv6Packet:s' source is accessed by
14685 `.ipv6_saddr`, not `ip_saddr` (that's for IPv4Packet). So, let's
14686 just try and see which one of the two each packet has, because
14687 one of them must be there! Also, given that UDPPacket can be
14688 either IPv4 or IPv6 it seems safest to try to parse each packet
14689 as IPv6Packet first -- that way we keep looking at transport
14690 layer protocols for IPv4 only, and treat everything IPv6 as the
14691 same, which makes sense, since we should block all IPv6, so
14692 everything should be treated the same at all times.
14693 - Changes due to #12411:
14694 * Raise special exception for Tor bootstrap failures.
14695 * Remove obsolete debug logging now that we don't log anything
14696 interesting for `restart-tor` any more.
14698 -- Tails developers <tails@boum.org> Tue, 18 Apr 2017 17:41:46 +0200
14700 tails (3.0~beta3) unstable; urgency=medium
14702 * Major new features and changes
14703 - Make the "Formats" settings in Tails Greeter take effect (Closes: #12079,
14704 new feature that was broken since it was introduced in 3.0~alpha1).
14705 - Upgrade to a new snapshot of the Debian and Torproject
14706 APT repositories (2017031702).
14708 * Removed features
14709 - Stop including I2P: we decided (#11276) to remove I2P, due to our failure
14710 at finding someone to maintain it in Tails (Closes: #12263).
14712 * Security fixes
14713 - Upgrade MAT to 0.6.1-4: fixes silent failure of the Nautilus
14714 contextual menu extension.
14715 - Ensure /etc/resolv.conf is owned by root:root in the SquashFS
14716 (Closes: #12343).
14717 - Protect against CVE-2017-2636 by disabling the n-hdlc kernel module
14718 (Closes: #12315).
14720 * Minor improvements
14721 - Reintroduce the X11 guest utilities for VirtualBox (regression
14722 introduced in 3.0~beta2).
14723 - Upgrade X.Org server and the modesetting driver (hopefully helps
14724 fixing #12219).
14725 - Automate the migration from KeePassX databases generated on Tails 2.x
14726 to the format required by KeePassX 2.0.x (Closes: #10956, #12369).
14727 - Add keyboard shortcuts in Tails Greeter (Closes: #12186, #12063).
14728 - Install dbus-user-session (regression introduced in 3.0~beta2).
14729 - Manage temporary directories in a declarative way (tmpfiles.d).
14730 - Replace references to the /var/run compatibility symlink
14731 with the canonical /run.
14732 - Update our Torbirdy patchset to the latest one sent upstream.
14733 - Install mesa-utils, so that Qt 5 can detect whether software based
14734 rendering is needed.
14735 - Have Tails Greeter honor the "debug" kernel command-line option,
14736 for easier debugging (Closes: #12373).
14737 - Refactor Tails Greeter to reduce code duplication (Closes: #12247).
14739 * Bugfixes
14740 - Fix sizing of zenity dialogs (Closes: #12313, regression introduced
14741 in 3.0~alpha1).
14742 - Fix confusing, spurious error messages in command-line applications
14743 wrapped with torsocks:
14744 · Ship a /etc/mailname file with content "localhost".
14745 Otherwise something (Git? libc6?) tries to resolve the "amnesia" host
14746 name, which fails, and a confusing error message is displayed
14747 (Closes: #12205, regression introduced in 3.0~alpha1).
14748 · Have torsocks allow UDP connections to the loopback interface,
14749 with AllowOutboundLocalhost 2 (Closes: #11736).
14751 * Test suite
14752 - Improve debugging info logging for PacketFu parsing issues,
14753 and implement a plausible fix (refs: #11508).
14754 - Try to make "double-click on desktop launcher" more reliable.
14755 - Fix selection of ISO in Tails Installer.
14756 - Re-enable the GnuPG tests that require a keyserver, pointing them
14757 to an Onion service we run on Chutney, that redirects all TCP traffic
14758 to a real, clearnet keyserver (Closes: #12211).
14759 - Implement a workaround for checking the configured keyserver in GnuPG,
14760 until a better fix is implemented (refs: #12371).
14761 - Fix the "Report an Error launcher" scenario in German.
14763 * Build system
14764 - Retry curl and APT operations up to 20 times to make the ISO build
14765 more robust wrt. unreliable Internet connectivity.
14766 Thanks to Arnaud <arnaud@preev.io> for the patch!
14767 - Install ikiwiki from jessie-backports, instead of our patched one
14768 (Closes: #12051).
14769 - Clean up libdvd-pkg build files, again (Closes: #11273).
14770 - Rakefile: fix TAILS_OFFLINE_BUILD exported variable name.
14771 - Adjust apt-mirror to support branches based on feature/stretch
14772 that don't use frozen APT snapshots.
14774 -- Tails developers <tails@boum.org> Sun, 19 Mar 2017 15:10:28 +0100
14776 tails (3.0~beta2) unstable; urgency=medium
14778 * All changes brought by Tails 2.11, except:
14779 - the test suite changes, that are not all compatible with this branch;
14780 - the "Tails 3.0 will require a 64-bit processor" notification:
14781 this advance warning is not useful on a release series
14782 that's 64-bit only.
14784 * Major new features and changes
14785 - Upgrade to a new snapshot of the Debian APT repositories (2017030802),
14786 and of the Torproject ones (2017030801).
14787 - Upgrade Linux to 4.9.0-2 (version 4.9.13-1).
14789 * Minor improvements
14790 - Improve GNOME Shell Window List styling. (Closes: #12233)
14792 * Bugfixes
14793 - Make it possible to start graphical applications in the Root Terminal.
14794 (part of #12000)
14796 * Test suite
14797 - Improve robustness when dealing with notifications. (Closes: #11464)
14798 - Bump timeout when waiting for 'Tor is ready' notification.
14799 - Fix the incremental upgrade test.
14800 - Drop a few obsolete test cases, update a number of images.
14801 - Adapt firewall leak test to new DHCP source IP address.
14802 - Adjust Seahorse and Enigmail tests to the keyserver that is now used.
14804 -- Tails developers <tails@boum.org> Wed, 08 Mar 2017 16:29:44 +0000
14806 tails (2.11) unstable; urgency=medium
14808 * Security fixes
14809 - Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
14810 #12283)
14811 - Fix CVE-2017-6074 (local root privilege escalation) by disabling
14812 the 'dccp' module. (Closes: #12280)
14813 - Disable kernel modules for some uncommon network protocol. These
14814 are the ones recommended by CIS. (Part of: #6457)
14815 - Disable modules we blacklist for security reasons. Blacklisted
14816 (via `blacklist MODULENAME`) modules are only blocked from being
14817 loaded during the boot process, but are still loadable with an
14818 explicit `modprobe MODULENAME`, and (worse!) via kernel module
14819 auto-loading.
14820 - Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
14821 - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
14822 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u7.
14823 - Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
14824 - Upgrade libgd3 to 2.1.0-5+deb8u9.
14825 - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
14826 - Upgrade liblcms2-2 to 2.6-3+deb8u1.
14827 - Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
14828 - Upgrade login to 1:4.2-3+deb8u3.
14829 - Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
14830 - Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
14831 - Upgrade openssl to 1.0.1t-1+deb8u6.
14832 - Upgrade tcpdump to 4.9.0-1~deb8u1.
14833 - Upgrade vim to 2:7.4.488-7+deb8u2.
14834 - Upgrade libreoffice to 1:4.3.3-2+deb8u6.
14836 * Minor improvements
14837 - import-translations: also import PO files for French from
14838 Transifex. The translation team for French switched to Transifex
14839 even for our custom programs:
14840 https://mailman.boum.org/pipermail/tails-l10n/2016-November/004312.html
14841 - Notify the user, if running on a 32-bit processor, that it won't
14842 be supported in Tails 3.0 anymore. (Closes: #12193)
14843 - Notify I2P users that I2P will be removed in Tails
14844 2.12. (Closes: #12271)
14846 * Bugfixes
14847 - Disable -proposed-updates at boot time. If a Debian point
14848 release happens right after a freeze but we have decided to
14849 enable it before the freeze to get (at least most of) it, then
14850 we get in the situation where -proposed-updates is enabled in
14851 the final release, which we don't want. We only want it enabled
14852 at build time. (Closes: #12169)
14853 - Ferm: Use the variable when referring to the Live user. The
14854 firewall will fail to start during early boot otherwise since
14855 the "amnesia" user hasn't been created yet. (Closes: #12208)
14856 - Tor Browser: Don't show offline warning when opening local
14857 documentation. (Closes: #12269)
14858 - tails-virt-notify-user: use the tails-documentation helper to
14859 improve UX when one is not connected to Tor yet, and display
14860 localized doc when available.
14861 - Fix rare issue causing automatic upgrades to not apply properly
14862 (Closes: #8449, and hopefully #11839 as well):
14863 * Allow the tails-install-iuk user to run "/usr/bin/nocache
14864 /bin/cp *" as root.
14865 * Install tails-iuk 2.8, which will use nocache for various file
14866 operations, and sync writes to the installation medium.
14867 - Install Linux 4.8.15 to prevent GNOME from freezing with Intel
14868 GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
14869 of other small bugs)
14871 * Build system
14872 - Add 'offline' option, making it possible to build Tails offline
14873 (if all needed resources are present in your cache). (Closes:
14874 #12272)
14876 * Test suite
14877 - Encapsulate exec_helper's class to not "pollute" the global
14878 namespace with all our helpers. This is an example of how we can
14879 work towards #9030.
14880 - Extend remote shell with *safe* file operations. Now we can
14881 read/write/append *any* characters without worrying that it will
14882 do crazy things by being passed through the shell, as was the
14883 case before. This commit also:
14884 * adds some better reporting of errors happening on the server
14885 side by communicating back the exception thrown.
14886 * removes the `user` parameter from the VM.file_* methods. They
14887 were not used, any way, and simply do not feel like they
14888 fit. I think the only reason we had it initially was because
14889 it was implemented via the command interface, where a user
14890 concept makes a lot of sense.
14891 - debug_log() Dogtail script content on failure.
14892 - Add a very precise timestamp to each debug_log().
14893 - Make robust_notification_wait() ensure the applet is closed. In
14894 robust_notification_wait() when we close the notification
14895 applet, other windows may change position, creating a racy
14896 situation for any immediately following action aimed at one such
14897 window. (Closes: #10381)
14898 - Fix I2P's Pidgin test. The initial conversation (that determines
14899 the title of the conversation window) is now made by a different
14900 IRC service than before.
14901 - Use lossless compression for the VNC viewer with --view.
14902 Otherwise the VNC viewer is not a good place to extract test
14903 suite images from, at least with xtigervncviewer.
14904 - Add optional pause() notification feature to the test suite. It
14905 will run a user-configurable arbitrary shell command when
14906 pause() is called, e.g. on failure when --interactive-debugging
14907 is used. This is pretty useful when multitasking with long test
14908 suite runs, so you immediately are notified when a test fails
14909 (or when you reached a temporary pause() breakpoint). (Closes:
14910 #12175)
14911 - Add the possibility to run Python code in a persistent session
14912 in the remote shell and use this for Dogtail to significantly
14913 improve its performance by saving state and reusing it between
14914 commands. This changes the semantics of the creation of Dogtail
14915 objects. Previously they just created the code that then would
14916 be run once an actionable method was called (.wait, .click etc),
14917 but now it works like in Python, that Dogtail will try to find
14918 the graphical element upon object creation. (Closes: #12059)
14919 - Test that we don't ship any -proposed-updates APT sources.
14920 (Closes: #12169)
14921 - Make force_new_tor_circuit() respect NEWNYM rate limiting.
14922 - Add retry magic for lost click when opening Tails' documentation
14923 from the desktop launcher. (Closes: #12131)
14925 -- Tails developers <tails@boum.org> Mon, 06 Mar 2017 17:14:52 +0100
14927 tails (3.0~beta1) experimental; urgency=medium
14929 * All changes brought by Tails 2.7.1, 2.9.1 and 2.10.
14931 * Major new features and changes
14932 - Redesigned Tails Greeter.
14933 - Upgrade to a new snapshot (2017013002) of the Debian and Torproject
14934 APT repositories.
14935 - Upgrade Linux to 4.9.0-1.
14937 * Security fixes
14938 - Reject packets sent on the LAN to the NetBIOS name service
14939 (Closes: #11944).
14940 - Seahorse: use the Tor OnionBalance hidden service pool,
14941 which provides transport encryption and authentication of the keyserver.
14943 * Minor improvements
14944 - Include adwaita-qt* and enable it by default, so that Qt applications
14945 integrate nicely into a GNOME environment (Closes: #11790).
14946 - Add support for the TREZOR hardware wallet in Electrum (Closes: #10964).
14947 - AppArmor: allow all programs to read /etc/tor/torsocks.conf via
14948 abstractions/base, to ease maintenance.
14949 - Don't (try to) bind the Power button to the shutdown action
14950 (Closes: #12004).
14951 - Enable natural scrolling (Closes: #11969).
14952 - Update uBlock Origin patterns + settings file.
14953 - live-persist: remove Squeeze → Wheezy migration code.
14954 - Update pre-existing persistent GnuPG configuration on login
14955 (Closes: #12201).
14956 - Upgrader: use the alpha channel when the next version will be an
14957 alpha, beta, or RC. This will allow users of 3.0~betaN to upgrade to
14958 the next beta or RC, without having to type any command-line
14959 (Closes: #12206).
14961 * Bugfixes
14962 - Fix "upgrade from ISO" when run from a 32-bit system,
14963 such as Tails 2.x (Closes: #11873).
14964 - Fix ability to read videos over HTTPS with Totem (Closes: #11963).
14965 - Re-introduce default directories in $HOME, which fixes
14966 Spice file transfers (Closes: #11968).
14967 - Re-enable tap-to-click (Closes: #11993).
14968 - Lower systemd's DefaultTimeoutStopSec, to get rid of a long delay
14969 before memory wiping starts. This also prevents shutdown from ever
14970 being blocked by any buggy service that takes a while to stop
14971 (Closes: #12061).
14972 - Drop Jessie APT sources.
14973 - Re-add VirtualBox DKMS modules.
14974 - Fix GnuPG communication with keyservers, by using the Tor OnionBalance
14975 hidden service pool (Closes: #12202).
14976 - Fix Enigmail communication with keyservers, by teaching Torbirdy
14977 not to break it (Closes: #11948):
14978 · Patch Torbirdy to allow not breaking keyserver communication when
14979 using GnuPG v2.1+, and to use a better default keyserver.
14980 · Torbirdy: enable the new behaviour made possible by the aforementioned
14981 patch (extensions.enigmail.already_torified).
14982 · Torbirdy: drop our custom keyserver configuration, since the
14983 aforementioned patch makes it the default.
14985 * Removed features
14986 - Don't install gnome-system-log anymore (Closes: #12133).
14987 It's deprecated in GNOME, and mostly useless anyway as it's not
14988 Journal-aware. It's replacement (gnome-logs) is not usable
14989 enough in the context of Tails, and most users who can read logs
14990 should manage to do it with journalctl, so don't install it either.
14991 - Drop multiarch handling: Tails 3.0 will be amd64-only (Closes: #11961).
14993 * Build system
14994 - Disable eatmydata usage and caching: in current Stretch, debootstrap fails
14995 if we use eatmydata + the operation mode picked by live-build when caching
14996 is enabled (Closes: #12052).
14997 - Bump disk space (and memory for in-RAM builds) requirements.
14998 - Follow replacement of python-reportbug with python3-reportbug.
14999 - Don't try to deinstall packages that are unknown on Stretch.
15000 - Move AppArmor aliases to a dedicated file, and include it.
15001 This will avoid maintaining these settings as a patch.
15002 - Don't attempt to remove the usr.bin.chromium-browser AppArmor profile:
15003 it's not shipped in Debian anymore.
15005 * Test suite
15006 - Add optional pause() notification (Closes: #12175).
15007 - Make the remote shell's file operations robust (Closes: #11887).
15008 - Update a number of test cases for Stretch, sometimes by converting
15009 them to Dogtail.
15010 - Drop usage and tests of read-only persistence.
15011 We won't have this option anymore, and it's not even sure we'll
15012 reintroduce it (Refs: #12093, Closes: #12055).
15013 - Adjust CONFIGURED_KEYSERVER_HOSTNAME to match current settings.
15014 - Test suite: clean up disks between features.
15016 * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
15017 - Adjust dpkg-divert path: it has moved.
15018 - Replace xfonts-wqy with fonts-wqy-microhei + fonts-wqy-zenhei.
15019 The former was removed from Debian testing, and the latter are recommended
15020 by task-chinese-s-desktop and task-chinese-t-desktop.
15021 - Install virtualbox* from sid.
15022 It was removed from testing due to https://bugs.debian.org/794466.
15023 - Drop deprecated settings from org/gnome/settings-daemon/plugins/power.
15024 - Update settings name in org/gnome/desktop/peripherals/touchpad, and drop
15025 deprecated ones.
15026 - Adjust to changed Liferea's .desktop filename.
15027 - Also torify Liferea when started via its (new) D-Bus service.
15028 - Install hunspell-pt-br instead of hunspell-pt-pt.
15029 Tor Browser 6.5 moved from pt-PT to pt-BR, which is fine vs
15030 spellcheckers in Jessie since its hunspell-pt provides both -pt and
15031 -br, but in Stretch they are separate packages.
15032 - AppArmor: adjust usr.sbin.cupsd profile so it loads successfully
15033 (Closes: #12116).
15034 - Migrate from netstat to ss.
15035 - Update extensions.enigmail.configuredVersion.
15036 - Remove the jessie-proposed-updates APT sources.
15038 -- Tails developers <tails@boum.org> Wed, 01 Feb 2017 19:23:03 +0000
15040 tails (2.10) unstable; urgency=medium
15042 * Major new features and changes
15043 - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
15044 - Install OnionShare from jessie-backports. Also install
15045 python3-stem from jessie-backports to allow the use of ephemeral
15046 onion services (Closes: #7870).
15047 - Completely rewrite tor-controlport-filter. Now we can safely
15048 support OnionShare, Tor Browser's per-tab circuit view and
15049 similar.
15050 * Port to python3.
15051 * Handle multiple sessions simultaneously.
15052 * Separate data (filters) from code.
15053 * Use python3-stem to allow our filter to be a lot more
15054 oblivious of the control language (Closes: #6788).
15055 * Allow restricting STREAM events to only those generated by the
15056 subscribed client application.
15057 * Allow rewriting commands and responses arbitrarily.
15058 * Make tor-controlport-filter reusable for others by e.g. making
15059 it possible to pass the listen port, and Tor control
15060 cookie/socket paths as arguments (Closes: #6742). We hear
15061 Whonix plan to use it! :)
15062 - Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series
15063 (Closes: #12012).
15065 * Security fixes
15066 - Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159)
15067 - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
15068 - Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9.
15069 - Upgrade pcscd to 1.8.13-1+deb8u1.
15070 - Upgrade libgd3 to 2.1.0-5+deb8u8.
15071 - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4.
15072 - Upgrade tor to 0.2.9.9-1~d80.jessie+1.
15073 - Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2.
15075 * Minor improvements
15076 - Enable and use the Debian Jessie proposed-updates APT
15077 repository, anticipating on the Jessie 8.7 point-release
15078 (Closes: #12124).
15079 - Enable the per-tab circuit view in Tor Browser (Closes: #9365).
15080 - Change syslinux menu entries from "Live" to "Tails" (Closes:
15081 #11975). Also replace the confusing "failsafe" wording with
15082 "Troubleshooting Mode" (Closes: #11365).
15083 - Make OnionCircuits use the filtered control port (Closes:
15084 #9001).
15085 - Make tor-launcher use the filtered control port.
15086 - Run OnionCircuits directly as the Live user, instead of a
15087 separate user. This will make it compatible with the Orca screen
15088 reader (Closes: #11197).
15089 - Run tor-controlport-filter on port 9051, and the unfiltered one
15090 on 9052. This simplifies client configurations and assumptions
15091 made in many applications that use Tor's ControlPort. It's the
15092 exception that we connect to the unfiltered version, so this
15093 seems like the more sane approach.
15094 - Remove tor-arm (Nyx) (Closes: #9811).
15095 - Remove AddTrust_External_Root.pem from our website CA bundle. We
15096 now only use Let's Encrypt (Closes: #11811).
15097 - Configure APT to use Debian's Onion services instead of the
15098 clearnet ones (Closes: #11556).
15099 - Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
15100 incidentally also makes our filter lists lighter by
15101 de-duplicating common patterns among the EasyList filters
15102 (Closes: #6908). Thanks to spriver for this first major code
15103 contribution!
15104 - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
15105 Jessie backports (Closes: #11899).
15106 - Add support for exFAT (Closes: #9659).
15107 - Disable unprivileged BPF. Since upgrading to kernel 4.6,
15108 unprivileged users can use the bpf() syscall, which is a
15109 security concern, even with JIT disabled. So we disable that.
15110 This feature wasn't available before Linux 4.6, so disabling it
15111 should not cause any regressions (Closes: #11827).
15112 - Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
15113 - Raise the maximum number of loop devices to 32 (Closes: #12065).
15114 - Drop kernel.dmesg_restrict customization: it's enabled by
15115 default since 4.8.4-1~exp1 (Closes: #11886).
15116 - Upgrade Electrum to 2.7.9-1.
15117 - Make the Electrum proxy configuration apply after upgrading to
15118 2.7.9-1. These changes incidentally makes Electrum behave nicer:
15119 users will now not be presented the network configuration part
15120 of the setup wizard -- a server will be picked randomly, and
15121 Electrum will auto-connect. The automated test suite is adjusted
15122 accordingly (Closes: #12140).
15123 - Remove unused Browser profile seed file localstore.rdf which was
15124 made obsolete in Firefox 34.
15125 - Tor Browser: switch from pt-PT to pt-BR langpack. The upstream
15126 Tor Browser did this in version 6.5 (Refs: #12159).
15128 * Bugfixes
15129 - Tails Greeter:
15130 * use gdm-password instead of gdm-autologin, to fix switching to
15131 the VT where the desktop session lives on Stretch (Closes:
15132 #11694)
15133 * Fix more options scrolledwindow size in Stretch (Closes:
15134 #11919)
15135 - Tails Installer: remove unused code warning about missing
15136 extlinux in Tails Installer (Closes: #11196).
15137 - Update APT pinning to cover all binary packages built from
15138 src:mesa so we ensure installing mesa from jessie-backports
15139 (Closes: #11853).
15140 - Install xserver-xorg-video-amdgpu. This should help supporting
15141 newer AMD graphics adapters. (Closes #11850)
15142 - Fix firewall startup during early boot, by referring to the
15143 "amnesia" user via its UID (Closes: #7018).
15144 - Include all amd64-microcodes.
15145 - refresh-translations: ignore
15146 config/chroot_local-includes/usr/share/doc/tails/website/.
15147 Otherwise, if the website has been built already, PO tools
15148 complain that there are files with translatable strings in
15149 there, which are not listed in POTFILES.in.
15150 - Make uBlock Origin's button appear on first run. Otherwise it
15151 will only appear on browser runs after the first one. This bug
15152 also affected Adblock Plus (Closes: #12145).
15154 * Build system
15155 - Be more careful when unmounting the tmpfs used as workspace
15156 during builds, fixing an issue that made Jenkins' ISO builders
15157 prone to failures (Closes: #12009).
15158 - Upgrade the Vagrant basebox to 20170105. The only big change is
15159 that we now install the backported kernel in the builder VM, to
15160 make building possible on Debian Sid (Closes: #12081).
15161 - Ensure the VirtualBox guest DKMS modules are built for the
15162 kernel we want them for. In some situations, depending on the
15163 version of the running kernel, the modules would not be built
15164 for the 686 kernel, which is the one that needs the VirtualBox
15165 guest modules. This commit ensures the VirtualBox guest modules
15166 are built and installed regardless of the how the build
15167 environment looks like (Closes: #12139).
15169 * Test suite
15170 - Replace the filesystem shares support with a helper for easily
15171 sharing files from the host to the guest using virtual disks
15172 (Closes: #5571).
15173 - Do not test sending email when testing POP3. We cannot clean
15174 that email up (easily) since when we use POP3 deletions won't
15175 affect the remote inbox, only our local one, resulting in the
15176 quota being reached eventually (Closes: #12006).
15177 - Have APT tests configure APT to use non-onion sources. Our test
15178 suite uses Chutney to create a virtual, private Tor network, and
15179 thus doesn't support connections to Onion services running in
15180 the real Tor network (Refs: #11556).
15181 - Allow connections to Tor's control port during stream isolation
15182 tests, but only for those applications where we expect that.
15183 - Fix Electrum tests after upgrading to 2.7.9-1.
15184 - Make encryption.feature pass for Tails 2.10~rc1.
15185 - Adapt tests after the Donation campaign was disabled (Refs:
15186 #12134).
15187 - Fix 'The "Tails documentation" link on the Desktop works'
15188 scenario. The TailsOfflineDocHomepage.png image doesn't match
15189 what we see any more (I have no clue why), so let's use Dogtail
15190 and solve this once and for all, hopefully.
15191 - Work around Tails freezing during memory wiping. These
15192 workarounds should be reverted once #11786 is fixed
15193 properly. (Refs: #10776, #11786)
15194 - Support both xtigervncviewer and xtightvncviewer for --view.
15195 xtightvncviewer is a transitional package in Sid, which depends
15196 on tigervnc-viewer (which ships xtigervncviewer), so by keeping
15197 the dep and supporting both binaries, --view will work on both
15198 Sid and Jessie (Closes: #12129).
15199 - Test suite: bump image after upgrading to Tor Browser 6.5 (Refs:
15200 #12159).
15201 - Add debugging info for when PacketFu misbehaves, and be more
15202 careful when to save pcap artifacts (Refs: #11508).
15204 -- Tails developers <tails@boum.org> Mon, 23 Jan 2017 11:38:37 +0100
15206 tails (2.9.1) unstable; urgency=medium
15208 * Security fixes
15209 - Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay
15210 close attention you'll see that we import -build1 but there was
15211 a -build2. The only change is Tor Button 1.9.5.13 which makes
15212 some changes to the donation campaign banner in `about:tor`,
15213 which we safely can skip. (Closes: #12028)
15214 - Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029)
15215 - Upgrade APT-related packages to 1.0.9.8.4.
15217 * Minor improvements
15218 - Switch to DuckDuckGo as the default search engine in the tor
15219 Browser. This is what Tor Browser has, and Disconnect.me (the
15220 previous default) has been re-directing to DDG for some time,
15221 which has been confusing users. In addition, we localize the DDG
15222 user interface for the locales with availablelangpacks. (Closes:
15223 #11913)
15224 - Improve the display name for the Wikipedia search plugin.
15225 - Enable contrib and non-free for our own APT repos.
15226 - Upgrade Tor to 0.2.8.10. (Closes: #12015)
15227 - Upgrade obfs4proxy to 0.0.7-1~tpo1.
15229 * Bugfixes
15230 - AppArmor Totem profile: add permissions needed to avoid warning
15231 on startup. (Closes: #11984)
15232 - Upgrade the VirtualBox Guest additions and modules to version
15233 5.1.8. This should prevent Xorg from crashing unless the video
15234 memory for the VMs are significantly bumped. (Closes: #11965)
15235 Users will still have to enable I/O APIC due to a bug in Linux.
15236 - Drop unwanted search plugins from the Tor Browser langpacks.
15237 Otherwise they are only removed from English locales. Note that
15238 the langpacks contain copies of the English plugins, not
15239 localized versions, so we actually lose nothing.
15241 * Test suite
15242 - Add support for SikuliX, which recently hit Debian Unstable,
15243 while still supporting Sikuli for Jessie users. (Closes: #11991)
15244 - Fix some instances where we were trying to use the mouse outside
15245 of the Sikuli screen.
15246 - Use "TorBirdy" instead of "amnesia branding" as the "anchor"
15247 addon. I.e. the addon that we use to find the other ones. The
15248 "amnesia branding" addon has been removed, so we must use
15249 something else. (Fixup: #11906)
15250 - Dogtailify "the support documentation page opens in Tor Browser"
15251 step. We previously relied on Sikuli, and the image was made
15252 outdated thanks to our donation campaign. No more! (Closes:
15253 #11911)
15254 - Resolve dl.amnesia.boum.org instead of picking a static address.
15255 Just hours after updating the dustri.org IP address, its web
15256 server went down => test suite failures. Let's make this test as
15257 robust as actually downloading the Tails ISO image -- if that
15258 fails, we probably have more serious problems on our hands than
15259 a failing test suite. (Closes: #11960)
15260 - Switch MAT scenario from testing PDFs to PNGs. Also add
15261 anti-test and test using using a tool *different* from MAT, the
15262 tool being tested here. (Closes: #11901)
15264 -- Tails Developers <tails@boum.org> Wed, 14 Dec 2016 13:19:16 +0100
15266 tails (2.7.1) unstable; urgency=medium
15268 * Security fixes
15269 - Upgrade Tor Browser to 6.0.7 (build3) based on Firefox 45.5.1.
15270 - Upgrade gstreamer0.10-based packages to 0.10.31-3+nmu4+deb8u2.
15271 - Upgrade imagemagick-based packages to 8:6.8.9.9-5+deb8u6.
15272 - Upgrade libicu52 to 52.1-8+deb8u4.
15273 - Upgrade vim-based packages to 2:7.4.488-7+deb8u1.
15275 * Minor improvements
15276 - Reserve 64 MiB for the kernel and 128 MiB for privileged
15277 processes before the memory is wiped. We hope that this might
15278 help (but not solve, sadly) some crashes experienced while
15279 wiping the memory.
15281 * Build system
15282 - Make the wiki shipped inside Tails build deterministically
15283 (Closes: #11966):
15284 * Enable ikiwiki's "deterministic" option, and require it when
15285 building.
15286 * Use our custom backport of discount (2.2.1-1~bpo8+1~0.tails1),
15287 to fix reproducibility issues (Debian#782315). This can be
15288 dropped once our ISO builders use Stretch.
15289 * Install ikiwiki from our builder-jessie APT suite, to make the
15290 pagestats plugin output deterministic.
15291 - refresh-translations: don't update PO files unless something
15292 other than POT-Creation-Date was changed. (Closes: #11967)
15293 - Fix Vagrant's is_release? check. Per auto/build, we consider it
15294 a release when we build from detached head, and HEAD is tagged.
15295 - Enforce `cleanall` when building a release. I.e. don't allow the
15296 user supplied options to override this behaviour. This is
15297 important since Vagrant caches wiki builds, and we do not want
15298 leftovers from a previous builds ending up in a release. Also,
15299 this is required for making Tails images build reproducibly.
15300 - Make the build system's `cleanall` option really clean
15301 everything. At the moment it doesn't clean the cached wiki
15302 build (which basically was its only job).
15303 - import-package: support contrib and non-free sections.
15305 * Test suite
15306 - Wait a bit between opening the shutdown applet menu, and
15307 clicking one of its widgets. (Closes: #11616).
15308 - Adapt Icedove test after removing the amnesia branding add-on.
15309 (Closes: #11906)
15310 - Replace --pause-on-fail with --interactive-debugging. It does
15311 the same thing, but also offers an interactive Ruby shell, via
15312 pry, with the Cucumber world context.
15314 -- Tails developers <tails@boum.org> Wed, 30 Nov 2016 17:27:37 +0100
15316 tails (3.0~alpha1) experimental; urgency=medium
15318 * Major new features and changes
15319 - Upgrade to a snapshot of Debian 9 (Stretch) from 2016-11-15.
15320 - Switch userpace from 32-bit to 64-bit (Closes: #8183), and accordingly:
15321 · Memory erasure: drop the "one instance of sdmem per 2 GiB of RAM" tweak,
15322 that is not needed on x86-64.
15323 · Display a "sorry!" message when trying to boot on a 32-bit BIOS system
15324 (refs: #11638).
15325 - Switch GNOME Shell to its default black theme (Closes: #11789).
15327 * Minor improvements
15328 - Install the cirrus and modesetting X.Org drivers (Closes: #10962).
15329 - Install the 'amdgpu' driver for the AMD Radeon cards (refs: #11850).
15330 - Stop disabling kernel modesetting for QXL (refs: #11518).
15331 - Replace TopIcons with gnome-shell-extension-top-icons-plus.
15332 The former causes plenty of trouble and is apparently abandoned
15333 upstream. The latter is actively maintained upstream, and packaged
15334 in Debian. (refs: #10576)
15335 - Use torsocks to torify Git, and drop tsocks entirely. tsocks has been
15336 unmaintained for years in Debian, and was removed from testing
15337 for a while (Closes: #10955).
15338 - Replace Florence's "systray" icon with the Florence Indicator GNOME Shell
15339 extension (refs: #8312). And then, don't automatically start Florence:
15340 the Florence Indicator GNOME Shell extension will start it the first time
15341 one tries to display it. This should save a tiny bit of RAM.
15342 - Harden AppArmor Totem profiles.
15343 - Switch to the Debian-packaged aufs kernel module (Closes: #11829).
15344 - Configure the firewall to not allow root to connect to Tor at all,
15345 which is possible now that APT uses a dedicated user for network
15346 operations.
15347 - Fix firewall startup during early boot, by referring to the "amnesia"
15348 user via its UID (refs: #7018).
15349 - Install hunspell dictionaries instead of myspell ones, for a few more
15350 languages: Spanish, Italian, Portuguese and Russian. Only Farsi keeps
15351 using a myspell dictionary for now.
15353 * Removed features
15354 - Stop installing BookletImposer PDF imposition toolkit.
15355 It's unmaintained upstream and thus won't be part of Debian Stretch.
15356 - Stop installing ekeyd: it's unmaintained, very rarely used, poorly
15357 designed (dedicated daemon), and security sensitive (Closes: #7687).
15358 - Stop shipping ttdnsd. It was only useful for developers and power-users
15359 who can install it themselves as needed. It's been unmaintained upstream
15360 for many years. It's very buggy so we had to remove it from the DNS
15361 resolution loop years ago. It's not in Debian. And it's one of the only
15362 two bits of Tails that still relied on tsocks, that is RC-buggy,
15363 unmaintained in Debian, and not in Stretch at the moment. So it has
15364 become clear that the cost of keeping ttdnsd now outweighs the benefits
15365 it brought (refs: #10959).
15367 * Build system
15368 - Bump disk space (and memory for in-RAM builds) requirements.
15369 - Support new live-config configuration directory naming, again and again.
15370 - Use the lowest compression level for the SquashFS when compressing it
15371 with gzip. This makes our development builds faster, and the resulting
15372 ISO image only a little bit bigger (Closes: #9788).
15373 - Configure initramfs compression later, to make the build faster.
15375 * Test suite
15376 - Various refactoring while we were at it.
15377 - Port tests to Dogtail: installation, upgrade, notification detection,
15378 Synaptic, Gobby, and some of Tor Browser.
15379 - Workaround GNOME Shell being buggy for Dogtail (refs: #11718).
15380 - Update a bunch of test suite images for Stretch.
15381 - Mark created disk as temporary when we don't need to keep it around.
15382 - Simplify adding NetworkManager connections, and rely more on the defaults.
15383 Not providing the complete configuration file makes us test something
15384 closer to what happens when a user adds a Wi-Fi connection themselves.
15385 - Adjust the minimum allowed memory pattern coverage before wiping.
15386 - Always sync the time from the host when restoring from a snapshot.
15387 Previously we wouldn't do it when the network was plugged but Tor wasn't
15388 running, which can cause issues if we *then* start Tor since the time
15389 may be off.
15390 - Adjust to the fact that we now support running as a 64-bit guest
15391 in VirtualBox, and simplify code since we now include a 64-bit userland.
15392 - Improve how we restart Tor/I2P after restoring from a snapshot.
15393 - Adjust PolicyKit tests for Stretch.
15394 - Work around Tails stopping on shut down due to #11730.
15395 This should be reverted once #11730 is fixed properly.
15396 - Update the screenshot scenario.
15397 - Fix pcap file saving on MAC spoofing failure (Closes: #11698).
15398 - Test that notifications are actually shown.
15399 - Drop obsolete workaround for Florence sometimes not being hidden
15400 on startup (#11398).
15401 - Avoid remote shell deadlock.
15402 - Install at-spi2-core from Debian Sid.
15403 With the current version in Stretch, at-spi-bus-launcher crashes on
15404 start, breaking parts of GNOME's accessibility, and Dogtail.
15405 For details, see https://bugs.debian.org/840618.
15406 - Check that the MAC address is spoofed for manually added persistent
15407 NetworkManager connections created on Jessie and Stretch (refs: #11931).
15408 - Use nc.traditional in tests that rely on its behaviour.
15409 - Adjust expected notification text to cope with #11941.
15411 * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
15412 - Adjust APT sources and pinning for Stretch.
15413 - Don't install gnome-media, which is not part of testing/sid anymore.
15414 We already install the only bits it was providing or depending on.
15415 - Don't install gnome-themes: it's gone in Stretch.
15416 - Stop installing GStreamer 0.10 explicitly: it won't be in Stretch,
15417 and some bits are gone already.
15418 - Refresh and unfuzzy patches for Stretch. Replace some of them with
15419 programmatic patching, as patches break the build whenever
15420 they become fuzzy.
15421 - Drop start_AppArmor_earlier.diff: on Stretch, AppArmor starts much earlier
15422 already.
15423 - Accept iceweasel-l10n-* that don't provide any search engine:
15424 on Stretch, at least iceweasel-l10n-ar_1%3a43.0.4-1_all.deb doesn't.
15425 - Stop deleting 75-persistent-net-generator.rules: obsolete in Stretch.
15426 It was removed in systemd (220-7).
15427 - Tell live-boot we're still using aufs: recent live-boot defaults
15428 to overlayfs, which we don't use yet.
15429 - Don't remove imagemagick in 11-localize_browser: cups-filters depends on it
15430 (Closes: #10960).
15431 - Explicitly install bc: needed by our 2010-pidgin live-config hook.
15432 - Remove gcc-4.9-base and gcc-5 via a chroot hook, taking into account
15433 that GCC 5 is the default on Stretch.
15434 - Switch to openjdk-8-jre: openjdk-7-jre is not in Stretch anymore.
15435 - gcalctool was renamed to gnome-calculator.
15436 - Don't try to delete non-existing AppArmor profile for ntpd: it was moved
15437 to the ntp package in Stretch.
15438 - Build DKMS modules with GCC 5: Stretch hasn't 4.8 anymore.
15439 - Don't try to reload or disable an initscript that we don't patch,
15440 and that doesn't exist anymore.
15441 - Support the case when /usr/src/libdvd-pkg does not exist.
15442 Apparently this can happen on Stretch.
15443 - Adjust to the move of /etc/gnome/defaults.list in Stretch
15444 (Closes: #11440).
15445 - Stop installing xserver-xorg-input-vmmouse. It's obsolete and conflicts
15446 with recent kernels: https://bugs.debian.org/831420
15447 - Install open-vm-tools from sid: it's been removed from testing.
15448 - Install the gobby package, instead of the (now gone) transitional
15449 gobby-0.5 one.
15450 - apparmor-adjust-tor-profile.diff: drop bits that are useless, and
15451 prevent Tor from starting, on Stretch.
15452 - Tor Daemon Status: declare compatibility with GNOME Shell 3.20.
15453 - Shutdown helper: declare compatibility with GNOME Shell 3.20.
15454 - Drop 43-adjust_path_to_ibus-unikey_binaries hook: it was a workaround
15455 for a bug (Debian#714932) that was fixed.
15456 - Use netcat-openbsd instead of connect-proxy for torifying SSH.
15457 connect-proxy seems barely maintained in Debian and was removed from
15458 testing due to https://bugs.debian.org/830423.
15459 - Don't disable gdomap service: we don't include it anymore.
15460 unar in Jessie depended on gnustep-base-runtime (that ships gdomap),
15461 but this is not the case in Stretch anymore.
15462 - Install system-config-printer-common instead of system-config-printer,
15463 and drop customization that were needed only for the latter:
15464 system-config-printer (1.5.7-2) extracts into a new -common package
15465 the bits needed by gnome-control-center (Closes: #11505).
15466 - Adjust haveged AppArmor profile to work with Linux 4.x on Stretch.
15467 - cupsd AppArmor profile: update list of backends, and add aufs-specific
15468 tweak that Stretch needs (refs: #11699).
15469 - Revert to GNOME's default font antialiasing/hinting.
15470 We fixed on rgba/slight when converting some manual fontconfig stuff
15471 to GNOME's layer on top of it, but at least from a fresh Stretch
15472 install (2016-08-24) we got grayscale/slight. It could be that some
15473 auto-detection is involved, so the values would be different depending
15474 on the actual hardware. Any way, let's try to decrease our delta here.
15475 - Adjust haveged arguments customization for Stretch (Closes: 11522).
15476 - Display the date in the desktop top bar, as we did in Jessie and older.
15477 (Closes: #11696)
15478 - Drop patch to keep haveged, saned, spice-vdagent and laptop-mode running
15479 on shutdown. These patches are no-ops on Stretch, where these services
15480 have native systemd unit files. It's not worth porting these patches:
15481 saned is socket-activated so in most cases it does not have to be shut
15482 down, and we expect that the other ones can be stopped pretty quickly.
15483 Let's bring back this kind of optimization if, and only if, we identify
15484 an actual problem to fix in this area :)
15485 - Don't delete downloaded debs after install: apt(8) >= 1.2~exp1 deletes
15486 them by default, which is not nice for users who use it to preseed
15487 their persistent APT cache. (Closes: #10958)
15488 - Hide "OpenJDK Java 8 Policy Tool" from the Applications menu.
15489 - Don't ship GCC 6: we don't ship compilers in Tails usually.
15490 - Don't ship gcc-5-base: on Stretch we ship gcc-6-base instead.
15491 - Don't start shipping libdvdcss2-dbgsym nor paxctld.
15492 - Adjust default web browser customization: GNOME in Debian now defaults
15493 to Firefox ESR (refs: #11440).
15494 - Install libreoffice-gtk3: on Stretch this is needed to have Gtk+ 3 widgets
15495 and a Gtk/GNOMEish print dialog.
15496 - Explicitly install gtk2-engines-pixbuf, as it's not pulled automatically
15497 on Stretch, and it's needed to theme GTK+ 2 applications in a nice way
15498 (Closes: #11715).
15499 - AppArmor gnome abstraction: allow reading /etc/xdg/*-mimeapps.list
15500 (refs: #11440).
15501 - Drop obsolete disabling of GNOME Keyring's GnuPG agent feature.
15502 That feature was removed upstream.
15503 - Explicitly select pinentry-gtk2 as our preferred pinentry program.
15504 On Stretch, gnome-keyring depends on pinentry-gnome3, and then that one
15505 is selected by default. It does not feel worth it to introduce a hackish
15506 solution such as a fake pinentry-gnome3 package, so let's ignore it and
15507 just make sure we are using the pinentry program we prefer
15508 (Closes: #11713).
15509 - Drop keep_memlockd_on_shutdown.diff: it's been a no-op since Tails 2.0
15510 (Closes: #11708).
15511 - Drop custom NetworkManager plugin configuration: these tweaks are not
15512 needed on Stretch anymore.
15513 - Disable new style network interface naming scheme.
15514 It has little value for a live system, so let's stick to what we are
15515 used to, and avoid having to adjust code/config/test suite
15516 (Closes: #11721).
15517 - Drop obsolete NM configuration wrt. sending hostname in DHCP requests
15518 (Closes: #11720).
15519 - Update APT pinning to cover all binary packages built from src:mesa
15520 (refs: #11853).
15521 - Don't try to install gnupg-curl: it doesn't exist anymore in Stretch.
15522 - Install seahorse-nautilus from sid. It's been removed from testing.
15523 - Drop workaround for Debian bug #645466, that was fixed in 2014
15524 (Closes: #11534).
15525 - Allow the "_apt" user to use Tor: in Stretch, APT network operations
15526 are performed with the "_apt" user and not root.
15527 - Make sure that 'localhost' points to the IPv4 loopback address.
15528 - Make desktop launchers executable (Closes: #11927).
15529 - Disable Wayland usage in GDM (Closes: #11923).
15530 - Fix AppArmor profile for gst-plugin-scanner (Closes: #11928).
15531 - Change Nautilus' default zoom level to 'small' (Closes: #11716).
15532 The icons in GNOME Files and on the desktop are too huge otherwise. With
15533 this new setting, they are similar in size to what we had in Jessie.
15534 - Fix broken symlink preventing Enigmail from being enabled.
15535 - Configure NetworkManager to not touch MAC addresses (refs: #11931).
15536 Its default behaviour on Debian Stretch is to reset the MAC address to the
15537 permanent one, and we did not make up our mind yet wrt. replacing
15538 our custom MAC spoofing system with NM's own one (refs: #11293).
15539 - Patch NetworkManager so that it does not leak the hostname in DHCP
15540 requests (Closes: #11720).
15541 - Deal with the fact that the NetworkManager dispatcher scripts are now
15542 sometimes called with an empty first argument (Closes: #11938).
15543 - Upgrade to GnuPG 2.1.15-9, and accordingly:
15544 · Remove the CA certificate for sks-keyservers.net, that we installed
15545 in the system-wide CAs directory: it is now included in the dirmngr
15546 package. Stop trusting it for non-GnuPG operations.
15547 · Make dirmngr use the sks-keyservers.net CA certificate from Debian.
15548 · Move keyserver proxy configuration to dirmngr.conf, and drop the
15549 keyserver-options that are obsolete or now the default.
15551 -- intrigeri <intrigeri@boum.org> Thu, 17 Nov 2016 16:19:21 +0000
15553 tails (2.7) unstable; urgency=medium
15555 * Security fixes
15556 - Upgrade to Linux 4.7. (Closes: #11885, #11818)
15557 - Upgrade to Tor 0.2.8.9. (Closes: #11832, #11891)
15558 - Upgrade Tor Browser to 6.0.6 based on Firefox 45.5. (Closes: #11910)
15559 - Upgrade Icedove to 1:45.4.0-1~deb8u1+tails1. (Closes: #11854,
15560 #11860)
15561 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u5.
15562 - Upgrade openssl to 1.0.1t-1+deb8u5.
15563 - Upgrade libarchive to 3.1.2-11+deb8u3.
15564 - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u8.
15565 - Upgrade libav to 6:11.8-1~deb8u1.
15566 - Upgrade ghostscript to 9.06~dfsg-2+deb8u3.
15567 - Upgrade c-ares to 1.10.0-2+deb8u1.
15568 - Upgrade nspr to 2:4.12-1+debu8u1.
15569 - Upgrade nss to 2:3.26-1+debu8u1.
15570 - Upgrade tar to 1.27.1-2+deb8u1.
15571 - Upgrade curl to 7.38.0-4+deb8u5.
15572 - Upgrade libgd3 to 2.1.0-5+deb8u7.
15573 - Upgrade opendjk-7 to 7u111-2.6.7-2~deb8u1.
15574 - Upgrade mat to 0.5.2-3+deb8u1.
15575 - Upgrade libxslt to 1.1.28-2+deb8u2.
15576 - Upgrade pillow to 2.6.1-2+deb8u3.
15578 * Minor improvements
15579 - Ship Let's encrypt intermediate certificate to prepare the
15580 the next certificate renewal of our website. Also unify the
15581 way our upgrades and security checkers verify this SSL
15582 certificate using our dedicated perl lib code. (Closes: #11810)
15584 * Bugfixes
15585 - Fix multiarch support in Synaptic. (Closes: #11820)
15586 - Set default spelling language to en_US in Icedove. (Closes: #11037)
15588 * Build system
15589 - Disable debootstrap merged-usr option. (Closes: #11903)
15591 * Test suite
15592 - Add test for incremental upgrades. (Closes: #6309)
15593 - Add tests for Icedove. (Closes: #6304)
15594 - Decrease timeout to Tails Greeter to speed up testing of branches
15595 where it is broken. (Closes: #11449)
15596 - Add a ID field to the remote shell responses to filter out
15597 unrelated ones. (Closes: #11846)
15598 - Reliabily wait for the Greeter PostLogin script. (Closes: #5666)
15599 - Reliabily type the kernel command line in the prompt at the boot
15600 menu to ensure the remote shell is started. (Closes: #10777)
15601 - Remove DVDROM device when not used, to workaround QEMU/Libvirt
15602 compatibility issue. (Closes: #11874)
15604 -- Tails developers <tails@boum.org> Sun, 13 Nov 2016 14:46:04 +0100
15606 tails (2.6) unstable; urgency=medium
15608 * Major new features and changes
15609 - Install Tor 0.2.8.7. (Closes: #11351)
15610 - Enable kASLR in the Linux kernel. (Closes: #11281)
15611 - Upgrade Icedove to 1:45.2.0-1~deb8u1+tails1: (Closes: #11714)
15612 · Drop auto-fetched configurations using Oauth2. They do not
15613 work together with Torbirdy since it disables needed
15614 functionality (like JavaScript and cookies) in the embedded
15615 browser. This should make auto-configuration work for GMail
15616 again, for instance. (Closes: ##11536)
15617 · Pin Icedove to be installed from our APT repo. Debian's
15618 Icedove packages still do not have our secure Icedove
15619 autoconfig wizard patches applied, so installing them would be
15620 a serious security regression. (Closes: #11613)
15621 · Add missing icedove-l10n-* packages to our custom APT
15622 repository (Closes: #11550)
15623 - Upgrade to Linux 4.6: (Closes: #10298)
15624 · Install the 686 kernel flavour instead of the obsolete 586
15625 one.
15626 · APT, dpkg: add amd64 architecture. The amd64 kernel flavour is
15627 not built anymore for the i386 architecture, so we need to use
15628 multiarch now.
15629 · Build and install the out-of-tree aufs4 module. (Closes: #10298)
15630 · Disable kernel modesetting for QXL: it's not compatible with
15631 Jessie's QXL X.Org driver.
15633 * Security fixes
15634 - Hopefully fixed an issue which would sometimes make the Greeter
15635 ignore the "disable networking" or "bridge mode"
15636 options. (Closes: #11593)
15638 * Minor improvements
15639 - Install firmware-intel-sound and firmware-ti-connectivity. This
15640 adds support for some sound cards and Wi-Fi adapters. (Closes:
15641 #11502)
15642 - Install OpenPGP Applet from Debian. (Closes: #10190)
15643 - Port the "About Tails" dialog to python3.
15644 - Run our initramfs memory erasure hook earlier (Closes:
15645 #10733). The goal here is to:
15646 · save a few seconds on shutdown (it might matter especially for
15647 the emergency one);
15648 · work in a less heavily multitasking / event-driven
15649 environment, for more robust operation.
15650 - Install rngd, and make rng-tools initscript return success when
15651 it can't find any hardware RNG device. Most Tails systems around
15652 probably have no such device, and we don't want systemd to
15653 believe they failed to boot properly. (Closes: #5650)
15654 - Don't force using the vboxvideo X.Org driver. According to our
15655 tests, this forced setting is:
15656 · harmful: it breaks X startup when the vboxvideo *kernel*
15657 driver is loaded;
15658 · useless: X.Org now autodetects the vboxvideo X.Org driver and
15659 uses it when running in VirtualBox and the vboxvideo kernel
15660 is not present.
15661 - Port boot-profile to python3 (Closes: #10083). Thanks to
15662 heartsucker <heartsucker@autistici.org> for the patch!
15663 - Include /proc/cmdline and the content of persistent APT sources
15664 in WhisperBack bug reports. (Closes: #11675, #11635)
15665 - Disable non-free APT sources at boot time. (Closes: #10130)
15666 - Have a dedicated page for the homepage of Tor Browser in
15667 Tails. (Closes: # 11725)
15668 - Only build the VirtualBox kernel modules for the 32-bit kernel.
15669 It's both hard and useless to build it for 64-bit in the current
15670 state of things, as long as we're shipping a 32-bit userspace.
15671 Also, install virtualbox-* from jessie-backports, since the
15672 version in Jessie is not compatible with Linux 4.x.
15674 * Build system
15675 - Don't install+remove dpatch during the build. It's not been
15676 needed in this hook for ages.
15677 - Bump BUILD_SPACE_REQUIREMENT: at least one of us needed that to
15678 build feature/10298-linux-4.x-aufs with the gzipcomp option.
15680 * Test suite
15681 - Send Tails Installer's debug log to the Cucumber debug log on
15682 failure. This is meant to debug #10720 since I can't
15683 reproduce it locally.
15684 - Give the system under testing 2 vCPUs. (Closes: #6729)
15685 - Split scenarios from checks.feature. (Closes: #5707)
15686 - Add retry-logic to the Synaptic tests. (Closes: #10412, #10441,
15687 #10991)
15688 - Run usb_upgrade.feature earlier, when there is enough free disk
15689 space left. (Closes: #11582)
15690 - Use more recent virtual hardware in the system under test,
15691 i.e. USB 3.0 (nec-xhci) on a pc-i440fx-2.5 machine. Switching
15692 USB controllers has helped with problems we see on Jenkins when
15693 booting from USB (#11588). Also, there are chances that more
15694 recent virtual hardware sees more testing these days, so it
15695 sounds potentially useful to "upgrade".
15696 - Add support for Cucumber 2.4. (Closes: #11690)
15697 - Always write {pretty,debug} logs and JSON output to the artifact
15698 directory.
15699 - Disable info level logging on Chutney nodes to save disk
15700 space. For our network all these add up to > 1 GiB and we didn't
15701 take this into account when budgeting RAM to the isotesters on
15702 Jenkins.
15704 -- Tails developers <tails@boum.org> Tue, 20 Sep 2016 04:16:33 +0200
15706 tails (2.5) unstable; urgency=medium
15708 * Major new features and changes
15709 - Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
15710 · Fix long delay causing bad UX in the autoconfig wizard,
15711 when it does not manage to guess proper settings on some domains.
15712 (Closes: #11486)
15713 · Better support sending email through some ISPs, such as Riseup.
15714 (Closes: #10933)
15715 · Fix spurious error message when creating an account and providing
15716 its password. (Closes: #11550)
15718 * Security fixes
15719 - Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
15720 - Upgrade GIMP to 2.8.14-1+deb8u1.
15721 - Upgrade libav to 6:11.7-1~deb8u1.
15722 - Upgrade expat to 2.1.0-6+deb8u3.
15723 - Upgrade libgd3 to 2.1.0-5+deb8u6.
15724 - Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
15725 - Upgrade perl to 5.20.2-3+deb8u6.
15726 - Upgrade Pidgin to 2.11.0-0+deb8u1.
15727 - Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
15728 - Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
15729 - Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
15730 - Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
15731 - Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.
15733 * Minor improvements
15734 - htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
15735 timeout for HTTP operations for more robust time synchronization.
15736 (Closes: #11577)
15737 - Hide settings panel for the Online Accounts component of GNOME,
15738 that we don't support. (Closes: #11545)
15739 - Vastly improve graphics performance in KVM guest with QXL driver.
15740 (Closes: #11500)
15741 - Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
15742 (Closes: #11489)
15744 * Build system
15745 - Wrap Pidgin in a more maintainable way. (Closes: #11567)
15747 * Test suite
15748 - Add a test scenario for the persistence "dotfiles" feature.
15749 (Closes: #10840)
15750 - Improve robustness of most APT, Git, SFTP and SSH scenarios,
15751 enough to enable them on Jenkins. (Closes: #10444, #10496, #10498)
15752 - Improve robustness of checking for persistence partition. (Closes: #11558)
15753 - Treat Tails booting from /dev/sda as OK, to support all cases
15754 including a weird one caused by hybrid ISO images. (Closes: #10504)
15755 - Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
15756 - Only query A records when exercising DNS lookups, to improve robustness.
15758 -- Tails developers <tails@boum.org> Sun, 31 Jul 2016 16:50:35 +0000
15760 tails (2.4) unstable; urgency=medium
15762 * Major new features and changes
15763 - Upgrade Tor Browser to 6.0.1 based on Firefox 45.2. (Closes:
15764 #11403, #11513).
15765 - Enable Icedove's automatic configuration wizard. We patch the
15766 wizard to only use secure protocols when probing, and only
15767 accept secure protocols, while keeping the improvements done by
15768 TorBirdy in its own non-automatic configuration wizard. (Closes:
15769 #6158, #11204)
15771 * Security fixes
15772 - Upgrade bsdtar and libarchive13 to 3.1.2-11+deb8u1.
15773 - Upgrade icedove to 38.8.0-1~deb8u1+tails3.
15774 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u3.
15775 - Upgrade libexpat1 to 2.1.0-6+deb8u2.
15776 - Upgrade libgd3 to 2.1.0-5+deb8u3.
15777 - Upgrade gdk-pixbuf-based packages to 2.31.1-2+deb8u5.
15778 - Upgrade libidn11 to 1.29-1+deb8u1.
15779 - Upgrade libndp0 to 1.4-2+deb8u1.
15780 - Upgrade poppler-based packages to 0.26.5-2+deb8u1.
15781 - Upgrade librsvg2-2 to 2.40.5-1+deb8u2.
15782 - Upgrade libsmbclient to 2:4.2.10+dfsg-0+deb8u3.
15783 - Upgrade OpenSSL to 1.0.1k-3+deb8u5.
15784 - Upgrade libtasn1-6 to 4.2-3+deb8u2.
15785 - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u2.
15786 - Upgrade openjdk-7-jre to 7u101-2.6.6-1~deb8u1.
15788 * Bugfixes
15789 - Enable Packetization Layer Path MTU Discovery for IPv4. If any
15790 system on the path to the remote host has a MTU smaller than the
15791 standard Ethernet one, then Tails will receive an ICMP packet
15792 asking it to send smaller packets. Our firewall will drop such
15793 ICMP packets to the floor, and then the TCP connection won't
15794 work properly. This can happen to any TCP connection, but so far
15795 it's been reported as breaking obfs4 for actual users. Thanks to
15796 Yawning for the help! (Closes: #9268)
15797 - Make Tails Upgrader ship other locales than English. (Closes:
15798 #10221)
15799 - Make it possible to add local USB printers again. Bugfix on
15800 Tails 2.0. (Closes #10965).
15802 * Minor improvements
15803 - Remove custom SSH ciphers and MACs settings. (Closes: #7315)
15804 - Bring back "minimize" and "maximize" buttons in titlebars by
15805 default. (Closes: #11270)
15806 - Icedove improvements:
15807 * Stop patching in our default into Torbirdy. We've upstreamed
15808 some parts, and the rest we set with pref branch overrides in
15809 /etc/xul-ext/torbirdy.js. (Closes: #10905)
15810 * Use hkps keyserver in Enigmail. (Closes: #10906)
15811 * Default to POP if persistence is enabled, IMAP is
15812 not. (Closes: #10574)
15813 * Disable remote email account creation in Icedove. (Closes:
15814 #10464)
15815 - Firewall hardening (Closes: #11391):
15816 * Don't accept RELATED packets. This enables quite a lot of code
15817 in the kernel that we don't need. Let's reduce the attack
15818 surface a bit.
15819 * Restrict debian-tor user to NEW TCP syn packets. It doesn't
15820 need to do more, so let's do a little bit of security in
15821 depth.
15822 * Disable netfilter's nf_conntrack_helper.
15823 * Fix disabling of automatic conntrack helper assignment.
15824 - Kernel hardening:
15825 * Set various kernel boot options: slab_nomerge slub_debug=FZ
15826 mce=0 vsyscall=none. (Closes: #11143)
15827 * Remove the kernel .map files. These are only useful for kernel
15828 debugging and slightly make things easier for malware, perhaps
15829 and otherwise just occupy disk space. Also stop exposing
15830 kernel memory addresses through /proc etc. (Closes: #10951)
15831 - Drop zenity hacks to "focus" the negative answer. Jessie's
15832 zenity introduced the --default-cancel option, finally!
15833 (Closes: #11229)
15834 - Drop useless APT pinning for Linux.
15835 - Remove gnome-tweak-tool. (Closes: #11237)
15836 - Install python-dogtail, to enable accessibility technologies in
15837 our automated test suite (see below). (Part of: #10721)
15838 - Install libdrm and mesa from jessie-backports. (Closes: #11303)
15839 - Remove hledger. (Closes: #11346)
15840 - Don't pre-configure the #tails chan on the default OFTC account.
15841 (Part of: #11306)
15842 - Install onioncircuits from jessie-backports. (Closes: #11443)
15843 - Remove nmh. (Closes: #10477)
15844 - Drop Debian experimental APT source: we don't use it.
15845 - Use APT codenames (e.g. "stretch") instead of suites, to be
15846 compatible with our tagged APT snapshots.
15847 - Drop module-assistant hook and its cleanup. We've not been using
15848 it since 2010.
15849 - Remove 'Reboot' and 'Power Off' entries from Applications →
15850 System Tools. (Closes: #11075)
15851 - Pin our custom APT repo to the same level as Debian ones, and
15852 explicitly pin higher the packages we want to pull from our custom
15853 APT repo, when needed.
15854 - config/chroot_local-hooks/59-libdvd-pkg: verify libdvdcss
15855 package installation. (Closes: #11420)
15856 - Make Tails Upgrader use our new mirror pool design. (Closes:
15857 #11123)
15858 - Drop custom OpenSSH client ciphers and MACs settings. We did a
15859 pretty bad job at maintaining them compared to the Debian
15860 upstream. (Closes: #7315)
15861 - Install jessie-backports version of all binary packages built
15862 from src:hplip. This adds support for quite a few new
15863 printers.
15864 - Install printer-driver-postscript-hp, which adds support for
15865 some more printers.
15867 * Build system
15868 - Use a freezable APT repo when building Tails. This is a first
15869 step towards reproducible builds, and improves our QA and
15870 development processes by making our builds more predictable. For
15871 details, see: https://tails.boum.org/contribute/APT_repository/
15872 - There has been a massive amount of improvements to the
15873 Vagrant-based build system, and now it could be considered the
15874 de-facto build system for Tails! Improvements and fixes include:
15875 * Migrate Vagrant to use libvirt/KVM instead of
15876 Virtualbox. (Closes: #6354)
15877 * Make apt-get stuff non-interactive while provisioning.
15878 Because there is no interaction, so that will results in
15879 errors.
15880 * Bump disk space (=> RAM for RAM builds) needed to build with
15881 Vagrant. Since the Jessie migration it seems impossible to
15882 keep this low enough to fit in 8 GiB or RAM. For this reason
15883 we also drop the space optimization where we build inside a
15884 crazy aufs stack; now we just build in a tmpfs.
15885 * Clean up apt-cacher-ng cache on vm:provision to save disk
15886 space on the builder.
15887 * Add convenient Rake task for SSH:ing into the builder VM:
15888 `rake vm:ssh`.
15889 * Add rake task for generating a new Vagrant base box.
15890 * Automatically provision the VM on build to keep things up-to-date.
15891 * Don't enable extproxy unless explicitly given as an
15892 option. Previously it would automatically be enabled when
15893 `http_proxy` is set in the environment, unlike what is
15894 documented. This will hopefully lead to fewer surprises for users
15895 who e.g. point http_proxy to a torified polipo, or similar.
15896 * Re-fetch tags when running build-tails with Vagrant. That
15897 should fix an annoyance related to #7182 that I frequently
15898 encounter: when I, as the RM, rebuild the release image the
15899 second time from the force-updated tag, the build system would
15900 not have the force-updated tag. (Closes: #7182)
15901 * Make sure we use the intended locale in the Tails builder VM.
15902 Since we communicate via SSH, and e.g. Debian forward the
15903 locale env vars by default, we have to take some steps
15904 ensuring we do not do that.
15905 - Pull monkeysphere from stretch to avoid failing to install under
15906 eatmydata. Patch submitted by Cyril Brulebois <cyril@debamax.com>.
15908 * Test suite
15909 - Add wrapper around dogtail (inside Tails) for "remote" usage in
15910 the automated test suite. This provides a simple interface for
15911 generating dogtail python code, sending it to the guest, and
15912 executing it, and should allow us to write more robust tests
15913 leveraging assistive technologies. (Closes: #10721)
15914 - A few previously sikuli-based tests has been migrated to use
15915 dogtail instead, e.g. GNOME Applications menu interaction.
15916 - Add a test for re-configuring an existing persistent volume.
15917 This is a regression test for #10809. (Closes: #10834)
15918 - Use a simulated Tor network provided by Chutney in the automated
15919 test suite. The main motivation here is improved robustness --
15920 since the "Tor network" we now use will exit from the host
15921 running the automated test suite, we won't have to deal with Tor
15922 network blocking, or unreliable circuits. Performance should
15923 also be improved. (Closes: #9521)
15924 - Drop the usage of Tor Check in our tests. It doesn't make sense
15925 now when we use Chutney since that always means it will report
15926 that Tor is not being used.
15927 - Stop testing obsolete pluggable transports.
15928 - Completely rewrite the firewall leak detector to something more
15929 flexible and expressive.
15930 - Run tcpdump with --immediate-mode for the network sniffer. With
15931 this option, "packets are delivered to tcpdump as soon as they
15932 arrive, rather than being buffered for efficiency" which is
15933 required to make the sniffing work reliable the way we use it.
15934 - Remove most scenarios testing "tordate". It just isn't working
15935 well in Tails, so we shouldn't expect the tests to actually work
15936 all of the time. (Closes: #10440)
15937 - Close Pidgin before we inspect or persist its accounts.xml.
15938 I've seen a case when that file is _not_ saved (and thus, not
15939 persisted) if we shut down the system while Pidgin is still
15940 running. (Closes: #11413)
15941 - Close the GNOME Notification bar by pressing ESC, instead of
15942 opening the Applications menu. The Applications menu often
15943 covers other elements that we're looking for on the
15944 screen. (Closes #11401)
15945 - Hide Florence keyboard window when it doesn't vanish by itself
15946 (Closes: #11398) and wait a bit less for Florence to disappear
15947 (Closes: #11464).
15949 -- Tails developers <tails@boum.org> Mon, 06 Jun 2016 20:10:56 +0200
15951 tails (2.3) unstable; urgency=medium
15953 * Security fixes
15954 - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
15955 - Upgrade icedove to 38.7.0-1~deb8u1
15956 - Upgrade git to 1:2.1.4-2.1+deb8u2
15957 - Upgrade libgd3 to 2.1.0-5+deb8u1
15958 - Upgrade pidgin-otr to 4.0.1-1+deb8u1
15959 - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
15960 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
15961 - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
15962 - Upgrade openssh to 1:6.7p1-5+deb8u2
15964 * Bugfixes
15965 - Refresh Tor Browser's AppArmor profile patch against the one from
15966 torbrowser-launcher 0.2.4-1. (Fixes: #11264)
15967 - Pull monkeysphere from stretch to avoid failing to install under
15968 eatmydata. (Fixes: #11170)
15969 - Start gpg-agent with no-grab option due to issues with pinentry and
15970 GNOME's top bar. (Fixes: #11038)
15971 - Tails Installer: Update error message to match new name of 'Clone
15972 & Install'. (Fixes: #11238)
15973 - Onion Circuits:
15974 * Cope with a missing geoipdb. (Fixes: #11203)
15975 * Make both panes of the window scrollable. (Fixes #11192)
15976 - WhisperBack: Workaround socks bug. When the Tor fails to connect to
15977 the host, WisperBack used to display a ValueError. This is caused by
15978 a socks bug that is solved in upstream's master but not in Tails.
15979 This commit workarounds this bug Unclear error message in WhisperBack
15980 when failing to connect to the server. (Fixes: #11136)
15982 * Minor improvements
15983 - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
15984 and fixes to various packages . (Fixes: #11232)
15985 - Upgrade I2P to 0.9.25. (Fixes: #11363)
15986 - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
15987 passwords from the clipboard. (Fixes: #11239)
15988 - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
15989 (Fixes: #11273)
15990 - Make the Tor Status "disconnected" icon more contrasted with the
15991 "connected" one. (Fixes: #11199)
15993 * Test suite
15994 - Add UTF-8 support to OTR Bot. (Fixes: #10866)
15995 - Don't explicitly depend on openjdk-7-jre or any JRE for that
15996 matter. Sikuli will pull in a suitable one, so depending on one
15997 ourselves is only risks causing trouble. (Fixes: #11335)
15999 -- Tails developers <tails@boum.org> Mon, 25 Apr 2016 14:12:22 +0200
16001 tails (2.2.1) unstable; urgency=medium
16003 * Security fixes
16004 - Upgrade Tor Browser to 5.5.4. (Closes: #11254)
16005 - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u6
16006 - Upgrade libotr to 4.1.0-2+deb8u1
16007 - Upgrade samba-related packages to 2:4.1.17+dfsg-2+deb8u2.
16008 - Upgrade libgraphite2 to 1.3.6-1~deb8u1.
16010 -- Tails developers <tails@boum.org> Thu, 17 Mar 2016 15:03:52 +0100
16012 tails (2.2) unstable; urgency=medium
16014 * Major new features and changes
16015 - Replace Vidalia (which has been unmaintained for years) with:
16016 (Closes: #6841)
16017 * the Tor Status GNOME Shell extension, which adds a System Status
16018 icon indicating whether Tor is ready or not.
16019 * Onion Circuits, a simple Tor circuit monitoring tool.
16021 * Security fixes
16022 - Upgrade Tor Browser to 5.5.3 (Closes: #11189).
16023 - Upgrade Linux to 3.16.7-ckt20-1+deb8u4.
16024 - Upgrade cpio to 2.11+dfsg-4.1+deb8u1.
16025 - Upgrade glibc to 2.19-18+deb8u3.
16026 - Upgrade libav to 6:11.6-1~deb8u1.
16027 - Upgrade libgraphite2 to 1.3.5-1~deb8u1.
16028 - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u1.
16029 - Upgrade libreoffice to 4.3.3-2+deb8u3.
16030 - Upgrade libssh2 to 1.4.3-4.1+deb8u1.
16031 - Upgrade openssl to 1.0.1k-3+deb8u4.
16032 - Upgrade perl to 5.20.2-3+deb8u4.
16033 - Upgrade python-imaging, python-pil to 2.6.1-2 2.6.1-2+deb8u2.
16035 * Bugfixes
16036 - Hide "Laptop Mode Tools Configuration" menu entry. We don't
16037 support configuring l-m-t in Tails, and it doesn't work out of
16038 the box. (Closes: #11074)
16039 - WhisperBack:
16040 * Actually write a string when saving bug report to
16041 disk. (Closes: #11133)
16042 * Add missing argument to OpenPGP dialog so the optional OpenPGP
16043 key can be added again. (Closes: #11033)
16045 * Minor improvements
16046 - Upgrade I2P to 0.9.24-1~deb8u+1.
16047 - Add support for viewing DRM protected DVD videos using
16048 libdvdcss2. Patch series submitted by Austin English
16049 <austinenglish@gmail.com>. (Closes: #7674)
16050 - Automatically save KeePassX database after every change by default.
16051 (Closes: #11147)
16052 - Implement Tor stream isolation for WhisperBack
16053 - Delete unused tor-tsocks-mua.conf previously used by Claws
16054 Mail. (Closes: #10904)
16055 - Add set -u to all gettext:ized shell scripts. In gettext-base <
16056 1.8.2, like the one we had in Wheezy, gettext.sh references the
16057 environment variable ZSH_VERSION, which we do not set. This has
16058 prevented us from doing `set -u` without various hacks. (Closes:
16059 #9371)
16060 - Also set -e in some shell scripts which lacked it for no good
16061 reason.
16062 - Make Git verify the integrity of transferred objects. (Closes:
16063 #11107)
16064 - Remove LAlt+Shift and LShift+RShift keyboard layout toggling
16065 shortcuts. (Closes: #10913, #11042)
16067 * Test suite
16068 - Reorder the execution of feature to decrease peak disk
16069 usage. (Closes: #10503)
16070 - Paste into the GTK file chooser, instead of typing. (Closes:
16071 #10775)
16072 - Pidgin: wait a bit for text to have stopped scrolling before we
16073 click on it. (Closes: #10783)
16074 - Fix step that runs commands in GNOME Terminal, that was broken
16075 on Jessie when a Terminal is running already. (Closes: #11176)
16076 - Let ruby-rjb guess JAVA_HOME instead fixing on one jvm
16077 version. (Closes: #11190)
16079 * Build system
16080 - Upgrade build system to Debian Jessie. This includes migrating to a
16081 new Vagrant basebox based on Debian Jessie.
16082 - Rakefile: print git status when there are uncommitted
16083 changes. Patch submitted by Austin English
16084 <austinenglish@gmail.com>. (Closes: #11108)
16085 - .gitignore: add .rake_tasks~. Patch submitted by Austin English
16086 <austinenglish@gmail.com>. (Closes: #11134)
16087 - config/amnesia: use --show-field over sed filtering. Patch
16088 submitted by Chris Lamb <lamby@debian.org>.
16089 - Umount and clean up leftover temporary directories from old
16090 builds. (Closes: #10772)
16092 -- Tails developers <tails@boum.org> Mon, 07 Mar 2016 18:09:50 +0100
16094 tails (2.0.1) unstable; urgency=medium
16096 * Major new features and changes
16097 - Enable the Tor Browser's font fingerprinting protection
16098 (Closes: #11000). We do it for all browsers (including
16099 the Unsafe Browser and I2P Browser mainly to avoid making our
16100 automated test suite overly complex. This implied to set an appropriate
16101 working directory when launching the Tor Browser, to accommodate for
16102 the assumptions it makes about this.
16104 * Security fixes
16105 - Upgrade Tor Browser to 5.5.2 (Closes: #11105).
16107 * Bugfixes
16108 - Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
16109 - Add libgnome2-bin to installed packages list to provide gnome-open,
16110 which fixes URL handling at least in KeePassX, Electrum and Icedove
16111 (Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!
16113 * Minor improvements
16114 - Refactor and de-duplicate the chrooted browsers' configuration:
16115 prefs.js, userChrome.css (Closes: #9896).
16116 - Make the -profile Tor Launcher workaround simpler (Closes: #7943).
16117 - Move Torbutton environment configuration to the tor-browser script,
16118 instead of polluting the default system environment with it.
16119 - Refresh patch against the Tor Browser AppArmor profile
16120 (Closes: #11078).
16121 - Propagate Tor Launcher options via the wrapper.
16122 - Move tor-launcher script to /usr/local/bin.
16123 - Move tor-launcher-standalone to /usr/local/lib.
16124 - Move Tor Launcher env configuration closer to the place where it is used,
16125 for simplicity's sake.
16127 * Test suite
16128 - Mass update browser and Tor Launcher related images due to font change,
16129 caused by Tor Browser 5.5's font fingerprinting protection
16130 (Closes: #11097). And then, use separate PrintToFile.png for the browsers,
16131 and Evince, since it cannot be shared anymore.
16132 - Adjust to the refactored chrooted browsers configuration handling.
16133 - Test that Tor Launcher uses the correct Tor Browser libraries.
16134 - Allow more slack when verifying that the date that was set.
16135 - Bump a bit the timeout used when waiting for the remote shell.
16136 - Bump timeout for the process to disappear, when closing Evince.
16137 - Bump timeout when saving persistence configuration.
16138 - Bump timeout for bootstrapping I2P.
16140 * Build system
16141 - Remove no longer relevant places.sqlite cleanup procedure.
16143 -- Tails developers <tails@boum.org> Fri, 12 Feb 2016 13:00:15 +0000
16145 tails (2.0) unstable; urgency=medium
16147 * Major new features and changes
16148 - Upgrade to Debian 8 (Jessie).
16149 - Migrate to GNOME Shell in Classic mode.
16150 - Use systemd as PID 1, and convert all custom initscripts to systemd units.
16151 - Remove the Windows camouflage feature: our call for help to port
16152 it to GNOME Shell (issued in January, 2015) was unsuccessful.
16153 - Remove Claws Mail: Icedove is now the default email client
16154 (Closes: #10167).
16155 - Upgrade Tor Browser to 5.5 (Closes: #10858, #10983).
16157 * Security fixes
16158 - Minimally sandbox many services with systemd's namespacing features.
16159 - Upgrade Linux to 3.16.7-ckt20-1+deb8u3.
16160 - Upgrade Git to 1:2.1.4-2.1+deb8u1.
16161 - Upgrade Perl to 5.20.2-3+deb8u3.
16162 - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u5.
16163 - Upgrade FUSE to 2.9.3-15+deb8u2.
16164 - Upgrade isc-dhcp-client tot 4.3.1-6+deb8u2.
16165 - Upgrade libpng12-0 to 1.2.50-2+deb8u2.
16166 - Upgrade OpenSSH client to 1:6.7p1-5+deb8u1.
16168 * Bugfixes
16169 - Restore the logo in the "About Tails" dialog.
16170 - Don't tell the user that "Tor is ready" before htpdate is done
16171 (Closes: #7721).
16172 - Upgrader wrapper: make the check for free memory more accurate
16173 (Closes: #10540, #8263).
16174 - Allow the desktop user, when active, to configure printers;
16175 fixes regression introduced in Tails 1.1 (Closes: #8443).
16176 - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
16177 and showing errors while we make sure that Tor bootstraps, which could
16178 take a while.
16179 - Allow Totem to read DVDs, by installing apparmor-profiles-extra
16180 from jessie-backports (Closes: #9990).
16181 - Make memory erasure on shutdown more robust (Closes: #9707, #10487):
16182 · don't forcefully overcommit memory
16183 · don't kill the allocating task
16184 · make sure the kernel doesn't starve from memory
16185 · make parallel sdmem handling faster and more robust
16186 - Don't offer the option, in Tor Browser, to open a downloaded file with
16187 an external application (Closes: #9285). Our AppArmor confinement was
16188 blocking most such actions anyway, resulting in poor UX; bugfix on 1.3.
16189 Accordingly, remove the now-obsolete exception we had in the Tor
16190 Browser AppArmor profile, that allowed executing seahorse-tool.
16191 - Fix performance issue in Tails Upgrader, that made it very slow to apply
16192 an automatic upgrade; bugfix on 1.7 (Closes: #10757).
16193 - Use our wrapper script to start Icedove from the GNOME menus.
16194 - Make it possible to localize our Icedove wrapper script.
16195 - List Icedove persistence option in the same position where Claws Mail
16196 used to be, in the persistent volume assistant (Closes: #10832).
16197 - Fix Electrum by installing the version from Debian Testing
16198 (Closes: #10754). We need version >=2.5.4-2, see #9713;
16199 bugfix on 2.0~beta1. And, explicitly install python-qt4 to enable
16200 Electrum's GUI: it's a Recommends, and we're not pulling it ourselves
16201 via other means anymore.
16202 - Restore default file associations (Closes: #10798);
16203 bugfix on 2.0~beta1.
16204 - Update 'nopersistent' boot parameter to 'nopersistence'; bugfix on 0.12
16205 (Closes: #10831). Thanks to live-media=removable, this had no security
16206 impact in practice.
16207 - Repair dotfiles persistence feature, by adding a symlink from
16208 /lib/live/mount/persistence to /live/persistence; bugfix on 2.0~beta1
16209 (Closes: #10784).
16210 - Fix ability to re-configure an existing persistent volume using
16211 the GUI; bugfix on 2.0~beta1 (Closes: #10809).
16212 - Associate armored OpenPGP public keys named *.key with Seahorse,
16213 to workaround https://bugs.freedesktop.org/show_bug.cgi?id=93656;
16214 bugfix on 1.1 (Closes: #10889).
16215 - Update the list of enabled GNOME Shell extensions, which might fix
16216 the "GNOME Shell sometimes leaves Classic mode" bug seen in 2.0~beta1:
16217 · Remove obsolete "Alternative Status Menu", that is not shipped
16218 in Debian anymore.
16219 · Explicitly enable the GNOME Shell extensions that build
16220 the Classic mode.
16221 - Make _get_tg_setting() compatible with set -u (Closes: #10785).
16222 - laptop-mode-tools: don't control autosuspend. Some USB input
16223 devices don't support autosuspend. This change might help fix
16224 #10850, but even if it doesn't, it makes sense to me that we
16225 don't let laptop-mode-tools fiddle with this on a Live system
16226 (Closes (for now): #10850).
16228 * Minor improvements
16229 - Remove obsolete code from various places.
16230 - Tails Greeter:
16231 · hide all windows while logging in
16232 · resize and re-position the panel when the screen size grows
16233 · PostLogin: log into the Journal instead of a dedicated log file
16234 · use localectl to set the system locale and keyboard mapping
16235 · delete the Live user's password if no administration password is set
16236 (Closes: #5589)
16237 · port to GDBus greeter interface, and adjust to other GDM
16238 and GNOME changes
16239 - Tails Installer:
16240 · port to UDisks2, and from Qt4 to GTK3
16241 · adapt to work on other GNU/Linux operating systems than Tails
16242 · clean up enough upstream code and packaging bits to make it
16243 deserve being uploaded to Debian
16244 · rename everything from liveusb-creator to tails-installer
16245 - Port tails-perl5lib to GTK3 and UDisks2. In passing, do some minor
16246 refactoring and a GUI improvement.
16247 - Persistent Volume Assistant:
16248 · port to GTK3 and UDisks2
16249 · handle errors when deleting persistent volume (Closes: #8435)
16250 · remove obsolete workarounds
16251 - Don't install UDisks v1.
16252 - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
16253 - Adjust import-translations' post-import step for Tails Installer,
16254 to match how its i18n system works nowadays.
16255 - Use socket activation for CUPS, to save some boot time.
16256 - Set memlockd.service's OOMScoreAdjust to -1000.
16257 - Don't bother creating /var/lib/live in tails-detect-virtualization.
16258 If it does not exist at this point, we have bigger and more
16259 noticeable problems.
16260 - Simplify the virtualization detection & reporting system, and do it
16261 as a non-root user with systemd-detect-virt rather than virt-what.
16262 - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
16263 WhisperBack's logs handling accordingly.
16264 - Drop tails-save-im-environment.
16265 It's not been used since we stopped automatically starting the web browser.
16266 - Add a hook that aborts the build if any *.orig file is found. Such files
16267 appear mainly when a patch of ours is fuzzy. In most cases they are no big
16268 deal, but in some cases they end up being taken into account
16269 and break things.
16270 - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
16271 - Install gnome-tweak-tool.
16272 - Don't bother testing if we're using dependency based boot.
16273 - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
16274 This has been fixed in Jessie proper.
16275 - Don't install ipheth-utils anymore. It seems to be obsolete
16276 in current desktop environments.
16277 - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
16278 - Drop all custom fontconfig configuration, and configure fonts rendering
16279 via dconf.
16280 - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
16281 that was applied upstream.
16282 - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
16283 it brings new features we need.
16284 - Have the security check and the upgrader wait for Tor having bootstrapped
16285 with systemd unit ordering.
16286 - Get rid of tails-security-check's wrapper.
16287 Its only purpose was to wait for Tor to have bootstrapped,
16288 which is now done via systemd.
16289 - Don't allow the amnesia and tails-upgrade-frontend users to run
16290 tor-has-bootstrapped as root with sudo. They don't need it anymore,
16291 thanks to using systemd for starting relevant units only once Tor
16292 has bootstrapped.
16293 - Install python-nautilus, that enables MAT's context menu item in Nautilus.
16294 (Closes: #9151).
16295 - Configure GDM with a snippet file instead of patching its
16296 greeter.dconf-defaults.
16297 - WhisperBack:
16298 · port to Python 3 and GObject Introspection (Closes: #7755)
16299 · migrate from the gnutls module to the ssl one
16300 · use PGP/MIME for better attachments handling
16301 · migrate from the gnupginterface module to the gnupg one
16302 · natively support SOCKS ⇒ don't wrap with torsocks anymore
16303 (Closes: #9412)
16304 · don't try to include the obsolete .xession-errors in bug reports
16305 (Closes: #9966)
16306 - chroot-browser.sh: don't use static DISPLAY.
16307 - Simplify debugging:
16308 · don't hide the emergency shutdown's stdout
16309 · tails-unblock-network: trace commands so that they end up in the Journal
16310 - Configure the console codeset at ISO build time, instead of setting it
16311 to a constant via the Greeter's PostLogin.default.
16312 - Order the AppArmor policy compiling in a way that is less of a blocker
16313 during boot.
16314 - Include the major KMS modules in the initramfs. This helps seamless
16315 transition to X.Org when booting, and back to text mode on shutdown,
16316 can help for proper graphics hardware reinitialization post-kexec,
16317 and should improve GNOME Shell support in some virtual machines.
16318 - Always show the Universal Access menu icon in the GNOME panel.
16319 - Drop notification for not-migrated-yet persistence configuration,
16320 and persistence settings disabled due to wrong access rights.
16321 That migration happened more two years ago.
16322 - Remove the restricted network detector, that has been broken for too long;
16323 see #10560 for next steps (Closes: #8328).
16324 - Remove unsupported, never completed kiosk mode support.
16325 - clock_gettime_monotonic: use Perl's own function to get the integer part,
16326 instead of forking out to sed.
16327 - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
16328 and the implementation are obsolete on Jessie.
16329 - Lower potential for confusion (#8443), by removing system-config-printer.
16330 One GUI to configure printers is enough (Closes: #8505).
16331 - Add "set -u" to tails-unblock-network.
16332 - Add a systemd target whose completion indicates that Tor has bootstrapped,
16333 and use it everywhere sensible (Closes: #9393).
16334 - Disable udev's 75-persistent-net-generator.rules, to preventing races
16335 between MAC spoofing and interface naming.
16336 - Replace patch against NetworkManager.conf with drop-in files.
16337 - Replace resolvconf with simpler NetworkManager and dhclient configuration.
16338 (Closes: #7708)
16339 - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
16340 with 'systemctl disable' (Closes: #9881).
16341 - Replace patches that wrapped apps with torsocks with dynamic patching with
16342 a hook, to ease maintenance. Also, patch D-Bus services as needed
16343 (Closes: #10603).
16344 - Notify the user if running Tails inside non-free virtualization software
16345 that does not try to hide its nature (Closes: #5315).
16346 Thanks to Austin English <austinenglish@gmail.com> for the patch.
16347 - Declare htpdate.service as being needed for time-sync.target, to ensure
16348 that "services where correct time is essential should be ordered after
16349 this unit".
16350 - Convert some of the X session startup programs to `systemd --user' units.
16351 - Let the Pidgin wrapper pass through additional command-line arguments
16352 (Closes: #10383)
16353 - Move out of the $PATH a bunch of programs that users should generally
16354 not run directly: connect-socks, end-profile, getTorBrowserUserAgent,
16355 generate-tor-browser-profile, kill-boot-profile, tails-spoof-mac,
16356 tails-set-wireless-devices-state, tails-configure-keyboard,
16357 do_not_ever_run_me, boot-profile, tails-unblock-network,
16358 tor-controlport-filter, tails-virt-notify-user, tails-htp-notify-user,
16359 udev-watchdog-wrapper (Closes: #10658)
16360 - Upgrade I2P to 0.9.23-2~deb8u+1.
16361 - Disable I2P's time syncing support.
16362 - Install Torbirdy from official Jessie backports, instead of from
16363 our own APT repository (Closes: #10804).
16364 - Make GNOME Disks' passphrase strength checking new feature work,
16365 by installing cracklib-runtime (Closes: #10862).
16366 - Add support for Japanese in Tor Browser.
16367 - Install xserver-xorg-video-intel from Jessie Backports (currently:
16368 2.99.917-2~bpo8+1). This adds support for recent chips such as
16369 Intel Broadwell's HD Graphics (Closes: #10841).
16370 - Improve a little bit post-Greeter network unblocking:
16371 · Sleep a bit longer between deleting the blacklist, and triggering udev;
16372 this might help cure #9012.
16373 · Increase logging, so that we get more information next time someone
16374 sees #9012.
16375 · Touch /etc/modprobe.d/ after deleting the blacklist; this might help,
16376 in case all this is caused by some aufs bug.
16377 - Enable and use the Debian jessie-proposed-updates APT repository,
16378 anticipating on the Jessie 8.3 point-release (Closes: #10897).
16379 - Upgrade most firmware packages to 20160110-1.
16380 - Upgrade Intel CPU microcodes to 3.20151106.1~deb8u1.
16381 - Disable IPv6 for the default wired connection, so that
16382 NetworkManager does not spam the logs with IPv6 router
16383 solicitation failure. Note that this does not fix the problem
16384 for other connections (Partially closes: #10939).
16386 * Test suite
16387 - Adapt to the new desktop environment and applications' look.
16388 - Adapt new changed nmcli syntax and output.
16389 - New NetworkManager connection files must be manually loaded in Jessie.
16390 - Adapt to new pkexec behavior.
16391 - Adapt to how we now disable networking.
16392 - Use sysctl instead of echo:ing into /proc/sys.
16393 - Use oom_score_adj instead of the older oom_adj.
16394 - Adapt everything depending on logs to the use of the Journal.
16395 - Port to UDisks v2.
16396 - Check that the system partition is an EFI System Partition.
16397 - Add ldlinux.c32 to the list of bootloader files that are expected
16398 to be modified when we run syslinux (Closes: #9053).
16399 - Use apt(8) instead of apt-get(8).
16400 - Don't hide the cursor after opening the GNOME apps menu.
16401 - Convert the remote shell to into a systemd native service and a Python 3,
16402 script that uses the sd_notify facility (Closes: #9057). Also, set its
16403 OOM score adjustment value via its unit file, and not from the test suite.
16404 - Adjust to match where screenshots are saved nowadays.
16405 - Check that all system units have started (Closes: #8262)
16406 - Simplify the "too small device" test.
16407 - Spawn `poweroff' and `halt' in the background, and don't wait for them
16408 to return: anything else would be racy vs. the remote shell's stopping.
16409 - Bump video memory allocated to the system under test, to fix out of video
16410 memory errors.
16411 - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
16412 of a Pentium one: the latter makes GNOME Shell crash.
16413 See #8778 for details about how Mesa's CPU features detection has
16414 room for improvement.
16415 - Adjust free(1) output parsing for Jessie.
16416 - vm-execute: rename --type option to --spawn.
16417 - Add method to set the X.Org clipboard, and install its dependency
16418 (xsel) in the ISO.
16419 - Paste URLs in one go, to work around issue with lost key presses
16420 in the browser (Closes: #10467).
16421 - Reliably wait for Synaptic's search button to fade in.
16422 - Take into account that the sticky bit is not set on block devices
16423 on Jessie anymore.
16424 - Ensure that we can use a NetworkManager connection stored in persistence
16425 (Closes: #7966).
16426 - Use a stricter regexp when extracting logs for dropped packets.
16427 - Clone the host CPU for the test suite guests (Closes: #8778).
16428 - Run ping as root (aufs does not support file capabilities so we don't
16429 get cap_net_raw+ep, and if built on a filesystem that does support
16430 file capabilities, then /bin/ping is not setupd root).
16431 - Escape regexp special characters when constructing the firewall log
16432 parsing regexp, and pass -P to grep, since Ruby uses PCRE.
16433 - Adjust is_persistent?() helper to findmnt changes in Jessie.
16434 - Rework in depth how we measure pattern coverage in memory, with more
16435 reliable Linux OOM and VM settings, fundamental improvements
16436 in what exactly we measure, and custom OOM adjutments for fillram
16437 processes (Closes: #9705).
16438 - Use blkid instead of parted to determine the filesystem type.
16439 - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
16440 the tiny border of the in-viewer menu.
16441 - Remove now redundant desktop screenshot directory scenario.
16442 - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
16443 - Disable screen blanking in the automated test suite, which occasionally
16444 breaks some test cases (Closes: #10403).
16445 - Move upgrade scenarios to the feature dedicated to them.
16446 - Don't make libvirt storage volumes executable.
16447 - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
16448 as a breakpoint when debugging.
16449 - Drop non-essential Totem test that is mostly a duplicate, and too painful
16450 to be worth automating on Jessie.
16451 - Retry Totem HTTPS test with a new Tor circuit on failure.
16452 - Replace iptables status regexp-based parser with a new XML-based
16453 status analyzer: the previous implementation could not be adjusted
16454 to the new ip6tables' output (Closes: #9704).
16455 - Don't reboot in one instance when it is not needed.
16456 - Optimize memory erasure anti-test: block the boot to save CPU on the host.
16457 - Update I2P tests for Jessie, and generally make them more robust.
16458 - Update Electrum tests for 2.5.4-2 (Closes: #10758).
16459 - Add workaround for libvirt vs. guestfs permissions issue, to allow
16460 running the test suite on current Debian sid.
16461 - Fix buggy code, that happened to work by mistake, in the Seahorse
16462 test cases; bugfix on 1.8.
16463 - Update test suite images due to CSS change on Tails' website.
16464 - Adapt Tor Browser tests to work with the 5.5 series.
16465 - Automatically test downloading files in Tor Browser.
16466 - Remove obsolete scenario, that tested opening a downloaded file with
16467 an external application, which we do not support anymore.
16468 - Improve robustness of the "Tails OpenPGP keys" scenario (Closes: #10378).
16469 - Automatically test the "Diable all networking" feature (Closes: #10430).
16470 - Automatically test that SSH works over LAN (Closes: #9087).
16471 - Bump some statuc sleeps to fix a few race conditions (Closes: #5330).
16472 - Automatically test that an emergency shutdown triggers on boot
16473 medium removal (Closes: #5472).
16474 - Make the AppArmor checks actually detect errors (Closes: #10926).
16476 * Build system
16477 - Bump amount of disk space needed to build Tails with Vagrant.
16478 The addition of the Japanese Tor Browser tarball made us reach
16479 the limit of the previous value.
16481 * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
16482 - Free the fixed UIDs/GIDs we need before creating the corresponding users.
16483 - Replace the real gnome-backgrounds with a fake, equivs generated one
16484 (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
16485 which is too fat to ship considering we're not using it.
16486 - AppArmor: adjust CUPS profile to support our Live system environment
16487 (Closes: #8261):
16488 · Mangle lib/live/mount/overlay/... as usual for aufs.
16489 · Pass the the attach_disconnected flag, that's needed for compatibility
16490 with PrivateTmp.
16491 - Make sure we don't ship geoclue* (Closes: #7949).
16492 - Drop deprecated GDM configuration file.
16493 - Don't add the Live user to the deprecated 'fuse' group.
16494 - Drop hidepid mount option for /proc (Closes: #8256). In its current,
16495 simplistic form it cannot be supported by systemd.
16496 - Don't manually load acpi-cpufreq at boot time. It fails to load
16497 whenever no device it supports is present, which makes the
16498 systemd-modules-load.service fail. These days, the kernel
16499 should just automatically load such modules when they are needed.
16500 - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
16501 - Disable the GDM unit file's Restart=always, that breaks our "emergency
16502 shutdown on boot medium removal" feature.
16503 - Update the implementation of the memory erasure on shutdown feature:
16504 · check for rebooting state using systemctl, instead of the obsolete
16505 $RUNLEVEL (Closes: #8306)
16506 · the kexec-load initscript normally silently exits unless systemd is
16507 currently running a reboot job. This is not the case when the emergency
16508 shutdown has been triggered, so we removed this check
16509 · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
16510 · don't (try to) switch to tty1 on emergency shutdown: it apparently
16511 requires data that we haven't locked into memory, and then it blocks
16512 the whole emergency shutdown process
16513 - Display a slightly darker version of the desktop wallpaper on the screen
16514 saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
16515 - Disable software autorun from external media.
16516 - Disable a few unneeded D-Bus services. Some of these services are
16517 automatically started (via D-Bus activation) when GNOME Shell tries
16518 to use them. The only "use" I've seen for them, except eating
16519 precious RAM, is to display "No appointment today" in the calendar pop-up.
16520 (Closes: #9037)
16521 - Prevent NetworkManager services from starting at boot time
16522 (Closes: #8313). We start them ourselves after changing the MAC address.
16523 - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
16524 - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
16525 places where we configure keyboard layout and input methods: both are now
16526 configured in the same place in Jessie's GNOME.
16527 - Migrate panel launchers to the favorite apps list (Closes: #7992).
16528 - Drop pre-GNOME Shell menu tweaks.
16529 - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
16530 - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
16531 and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
16532 functionality from the GNOME user menu, and makes Restart and Shutdown
16533 immediate, without further user interaction. Accordingly remove our custom
16534 Shutdown Helper panel applet (#8302).
16535 - Drop GNOME Panel configuration, now deprecated.
16536 - Disable GNOME Shell's screen lock feature.
16537 We're not there yet (see #5684).
16538 - Disable GNOME Shell screen locker's user switch feature.
16539 - Explicitly install libany-moose-perl (Closes: #8051).
16540 It's needed by our OpenPGP applet. On Wheezy, this package was pulled
16541 by some other dependency. This is not the case anymore on Jessie.
16542 - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
16543 over this functionality (Closes: #7481).
16544 - Don't install ntfsprogs: superseded on Jessie.
16545 - Don't install barry-util: not part of Jessie.
16546 - Link udev-watchdog dynamically, and lock it plus its dependencies
16547 in memory.
16548 - Migrate from gdm-simple-greeter to a custom gdm-tails session
16549 (Closes: #7599).
16550 - Update Plymouth installation and configuration:
16551 · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
16552 packages list pulls console-common in, which plymouth now conflicts with
16553 · don't patch the plymouth initscript anymore, that was superseded
16554 by native systemd unit files
16555 · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
16556 to prevent them from occupying the active TTY with an (empty) splash
16557 screen on shutdown/reboot, that would hide the messages we want to show
16558 to the user via tails-kexec (Closes: #9032)
16559 - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
16560 (Closes: #7898).
16561 - Explicitly install syslinux-efi, that we need and is not automatically
16562 pulled by anything else anymore.
16563 - Workaround #7248 for GDM: use a solid blue background picture,
16564 instead of a solid color fill, in the Greeter session.
16565 - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
16566 - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
16567 - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
16568 - Remove obsolete dconf screenshot settings and the corresponding test.
16569 - Drop our patched python-dbus{,-dev} package (Closes: #9177).
16570 - live-persist: stop overriding live-boot's functions, we now have
16571 a recent enough blkid.
16572 - Adjust sdmem initramfs bits for Jessie:
16573 · Directly call poweroff instead of halt -p.
16574 · Don't pass -n to poweroff and reboot, it's not supported anymore.
16575 - Wrap text in the Unsafe Browser startup warning dialog
16576 (Jessie's zenity does not wrap it itself).
16577 - Associate application/pgp-keys with Seahorse's "Import Key" application
16578 (Closes: #10571).
16579 - Install topIcons GNOME Shell extension (v28), to work around the fact
16580 that a few of the applets we use hijack the notification area.
16581 - "cd /" to fix permissions issue at tails-persistence-setup startup
16582 (Closes: #8097).
16583 - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
16584 - Adjust APT sources configuration:
16585 · remove explicit jessie and jessie-updates sources:
16586 automatically added by live-build
16587 · add Debian testing
16588 · add jessie-backports
16589 - Firewall: white-list access to the accessibility daemon (Closes: #8075).
16590 - Adjust to changed desktop notification behavior and supported feature set
16591 (Closes: #7989):
16592 · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
16593 to notify-send
16594 · update waiting for a notification handler: gnome-panel and nm-applet
16595 are obsolete, GNOME Shell is now providing this facility, so instead
16596 wait for a process that starts once GNOME Shell is ready, namely
16597 ibus-daemon (Closes: #8685)
16598 · port tails-warn-about-disabled-persistence and tails-virt-notify-user
16599 to notification actions (instead of hyperlinks), and make the latter
16600 transient; to this end, add support to Desktop::Notify for "hints"
16601 and notification actions
16602 · tails-security-check: use a dialog box instead of desktop notifications
16603 · MAC spoofing failure notification: remove the link to the documentation;
16604 it was broken on Tails/Wheezy already, see #10559 for next steps
16605 - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
16606 whenever the Greeter does not pull them in anymore.
16607 - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
16608 - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
16609 ourselves for seccomp support anymore.
16610 - Wrap Seahorse with torsocks when it is started as a D-Bus service too
16611 (Closes: #9792).
16612 - Rename the AppArmor profile for Tor, so it applies to the system-wide
16613 Tor service we run (Closes: #10528).
16614 - Essentially revert ALSA state handling to how it was pre-Jessie, so that
16615 mixer levels are unmuted and sanitized at boot time (Closes: #7591).
16616 - Pass --yes to apt-get when installing imagemagick.
16617 - Make removable devices, that we support installing Tails to, user writable:
16618 Tails Installer requires raw block device access to such devices
16619 (Closes: #8273). Similarly, allow the amnesia user, when active, to open
16620 non-system devices for writing with udisks2. This is roughly udisks2's
16621 equivalent of having direct write access to raw block storage devices.
16622 Here too, Tails Installer uses this functionality.
16623 - Disable networkd to prevent any risk of DNS leaks it might cause; and
16624 disable timesyncd, as we have our own time synchronization mechanism.
16625 They are not enabled by default in Jessie, but may be in Stretch,
16626 so let's be explicit about it.
16627 - Mask hwclock-save.service, to avoid sync'ing the system clock
16628 to the hardware clock on shutdown (Closes: #9363).
16629 - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
16630 (Closes: #9963)
16631 - Explicitly use tor@default.service when it's the one we mean.
16632 - Refactor GNOME/X env exporting to Tails' shell library, and grab
16633 more of useful bits of the desktop session environment.
16634 Then, use the result in the test suite's remote shell.
16635 - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
16636 automatically (Closes: #10609).
16637 - Have systemd hardening let Tor modify its configuration (needed by Tor
16638 Launcher), and start obfs4proy (Closes: #10696, #10724).
16639 - Bump extensions.adblockplus.currentVersion and
16640 extensions.enigmail.configuredVersion to match what we currently get
16641 on Jessie.
16642 - I2P: switch from 'service' to 'systemctl' where possible.
16644 -- Tails developers <tails@boum.org> Mon, 25 Jan 2016 18:06:33 +0100
16646 tails (1.8.2) unstable; urgency=medium
16648 * Security fixes
16649 - Upgrade Tor Browser to 5.0.7.
16650 - Upgrade Linux to 3.16.7-ckt20-1+deb8u2.
16651 - Upgrade foomatic-filters to 4.0.17-1+deb7u1.
16652 - Upgrade git to 1:1.7.10.4-1+wheezy2.
16653 - Upgrade Icedove to 38.5.0-1~deb7u1.
16654 - Upgrade libxml2-related packages to 2.8.0+dfsg1-7+wheezy5.
16655 - Upgrade OpenSSL-related packages to 1.0.1e-2+deb7u19.
16656 - Upgrade libsmbclient to 2:3.6.6-6+deb7u6.
16658 -- Tails developers <tails@boum.org> Sat, 09 Jan 2016 16:27:27 +0100
16660 tails (1.8.1) unstable; urgency=medium
16662 * Security fixes
16663 - Upgrade Tor Browser to 5.0.6.
16664 - Upgrade Linux to 3.16.7-ckt20-1+deb8u1
16665 - Upgrade gdkpixbuf to 2.26.1-1+deb7u3
16666 - Upgrade bind9 tools to 1:9.8.4.dfsg.P1-6+nmu2+deb7u8
16668 * Bugfixes
16669 - Fix time synchronization in bridge mode by refreshing our patch
16670 against Tor's AppArmor profile.
16672 -- Tails developers <tails@boum.org> Fri, 18 Dec 2015 19:05:18 +0000
16674 tails (1.8) unstable; urgency=medium
16676 * Security fixes
16677 - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
16678 - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
16679 - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
16680 - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
16681 - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
16682 - Upgrade wpasupplicant to 1.0-3+deb7u3.
16683 - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
16684 - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
16685 - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
16686 - Upgrade dpkg to 1.16.17.
16687 - Upgrade gnutls26 to 2.12.20-8+deb7u4.
16688 - Upgrade Icedove to 1:38.0.1-1~deb7u1.
16689 - Upgrade OpenSSL to 1.0.1e-2+deb7u18.
16691 * Bugfixes
16692 - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
16693 should work again. Note that the documentation has not been
16694 adapted to the slight changes in the Electrum account setup
16695 wizard yet.
16697 * Minor improvements
16698 - Upgrade I2P to 0.9.23-2~deb7u+1.
16699 - Rebase our patch against the Tor Browser AppArmor profile on top
16700 of the one shipped in torbrowser-launcher 0.2.1-2.
16701 - Warn if the claws-mail persistence is enabled and contains a
16702 Claws Mail configuration when starting icedove. (Closes: #10458)
16703 - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
16704 #10739)
16705 - Remove the Claws Mail persistence feature from the Persistence
16706 Assistant. (Closes: #10742)
16708 * Build system
16709 - Simplify ISO image naming rules by using the base rule we use
16710 for Jenkins all the time, except when building from a tag
16711 (i.e. building a release). (Closes: #10349)
16713 * Test suite
16714 - Lower the waiting time for USB installation in the test suite.
16715 So far we were waiting up to one hour, which is just the same as
16716 our Jenkins inactivity timeout, so in practice when Tails
16717 Installer fails and displays an error message, instead of
16718 reporting that the job failed (which is the point of the
16719 exercise) we abort the job due to this timeout which
16720 communicates less clearly that there's probably a bug. (Closes:
16721 #10718)
16722 - Remove the check for the sound icon in the systray in the
16723 Windows Camouflage tests. (Closes: #10493)
16724 - Retry running whois when "LIMIT EXCEEDED" is in its output for
16725 increased robustness. (Closes: #10523)
16726 - Make Seahorse tests more robust. (Closes: #9095, #10501)
16727 - Make the handling of Pidgin's account manager more robust.
16728 (Closes: #10506)
16730 -- Tails developers <tails@boum.org> Mon, 14 Dec 2015 23:07:19 +0100
16732 tails (1.7) unstable; urgency=medium
16734 * Major new features and changes
16735 - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
16736 - Add a technology preview of the Icedove Email client (a
16737 rebranded version of Mozilla Thunderbird), including OpenPGP
16738 support via the Enigmail add-on, general security and anonymity
16739 improvements via the Torbirdy add-on, and complete persistence
16740 support (which will be enabled automatically if you already have
16741 Claws Mail persistence enabled). Icedove will replace Claws Mail
16742 as the supported email client in Tails in a future
16743 release. (Closes: #6151, #9498, #10285)
16744 - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
16745 improvement of this new Tor major release, the new
16746 KeepAliveIsolateSOCKSAuth option allows us to drop the
16747 bug15482.patch patch (taken from the Tor Browse bundle) that
16748 enabled similar (but inferior) functionality for *all*
16749 SocksPort:s -- now the same circuit is only kept alive for
16750 extended periods for the SocksPort used by the Tor
16751 Browser. (Closes: #10194, #10308)
16752 - Add an option to Tails Greeter which disables networking
16753 completely. This is useful when intending to use Tails for
16754 offline work only. (Closes: #6811)
16756 * Security fixes
16757 - Fix CVE-2015-7665, which could lead to a network interface's IP
16758 address being exposed through wget. (Closes: #10364)
16759 - Prevent a symlink attack on ~/.xsession-errors via
16760 tails-debugging-info which could be used by the amnesia user to
16761 read the contents of any file, no matter the
16762 permissions. (Closes: #10333)
16763 - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
16764 - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
16765 - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
16766 - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
16767 - Upgrade unzip to 6.0-8+deb7u4.
16769 * Bugfixes
16770 - Add a temporary workaround for an issue in our code which checks
16771 whether i2p has bootstrapped, which (due to some recent change
16772 in either I2P or Java) could make it appear it had finished
16773 prematurely. (Closes: #10185)
16774 - Fix a logical bug in the persistence preset migration code while
16775 real-only persistence is enabled. (Closes: #10431)
16777 * Minor improvements
16778 - Rework the wordings of the various installation and upgrade
16779 options available in Tails installer in Wheezy. (Closes: #9672)
16780 - Restart Tor if bootstrapping stalls for too long when not using
16781 pluggable transports. (Closes: #9516)
16782 - Install firmware-amd-graphics, and firmware-misc-nonfree instead
16783 of firmware-ralink-nonfree, both from Debian Sid.
16784 - Update the Tails signing key. (Closes: #10012)
16785 - Update the Tails APT repo signing key. (Closes: #10419)
16786 - Install the nmh package. (Closes: #10457)
16787 - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
16788 process, and pass the "sync" option when remounting the system
16789 partition as read-write. This might help with some issues we've
16790 seen, such as #10239, and possibly for #8449 as well.
16792 * Test suite
16793 - Add initial automated tests for Icedove. (Closes: #10332)
16794 - Add automated tests of the MAC spoofing feature. (Closes: #6302)
16795 - Drop the concept of "background snapshots" and introduce a general
16796 system for generating snapshots that can be shared between
16797 features. This removes all silly hacks we previously used to
16798 "skip" steps, and greatly improves performance and reliability
16799 of the whole test suite. (Closes: #6094, #8008)
16800 - Flush to the log file in debug_log() so the debugging info can
16801 be viewed in real time when monitoring the debug log
16802 file. (Closes: #10323)
16803 - Force UTF-8 locale in automated test suite. Ruby will default to
16804 the system locale, and if it is non-UTF-8, some String-methods
16805 will fail when operating on non-ASCII strings. (Closes: #10359)
16806 - Escape regexp used to match nick in CTCP replies. Our Pidgin
16807 nick's have a 10% chance to include a ^, which will break that
16808 regexp. We need to escape all characters in the nick. (Closes:
16809 #10219)
16810 - Extract TBB languages from the Tails source code. This will
16811 ensure that valid locales are tested. As an added bonus, the
16812 code is greatly simplified. (Closes: #9897)
16813 - Automatically test that tails-debugging-info is not susceptible
16814 to the type of symlink attacks fixed by #10333.
16815 - Save all test suite artifacts in a dedicated directory with more
16816 useful infromation encoded in the path. This makes it easier to
16817 see which artifacts belongs to which failed scenario and which
16818 run. (Closes: #10151)
16819 - Log all useful information via Cucumber's formatters instead of
16820 printing to stderr, which is not included when logging to file
16821 via `--out`. (Closes: #10342)
16822 - Continue running the automated test suite's vnc server even if
16823 the client disconnects. (Closes: #10345)
16824 - Add more automatic tests for I2P. (Closes: #6406)
16825 - Bump the Tor circuit retry count to 10. (Closes: #10375)
16826 - Clean up dependencies: (Closes: #10208)
16827 * libxslt1-dev
16828 * radvd
16829 * x11-apps
16831 -- Tails developers <tails@boum.org> Tue, 03 Nov 2015 01:09:41 +0100
16833 tails (1.6) unstable; urgency=medium
16835 * Security fixes
16836 - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
16837 - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
16838 - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
16839 - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
16840 - Upgrade libslp1 to 1.2.1-9+deb7u1.
16841 - Upgrade ssl-cert to 1.0.32+deb7u1.
16843 * Bugfixes
16844 - Fix a corner case for the MAC spoofing panic mode. If panic mode
16845 failed to disable the specific device that couldn't be spoofed
16846 (by unloading the module) we disable networking. Previously we
16847 only stopped NetworkManager. The problem is that NM isn't even
16848 started at this time, but will specifically be started when
16849 we're done with MAC spoofing. Therefore, let's completely
16850 disable NetworkManager so it cannot possibly be
16851 started. (Closes: #10160)
16852 - Avoid use of uninitialized value in restricted-network-detector.
16853 If NetworkManager decides that a wireless connection has timed
16854 out before "supplicant connection state" has occued, our idea of
16855 the state is `undef`, so it cannot be used in a string
16856 comparison. Hence, let's initialize the state to the empty
16857 string instead of `undef`. Also fix the state
16858 recording. Apparently NetworkManager can say a few different
16859 things when it logs the device state transitions. (Closes:
16860 #7689)
16862 * Minor improvements
16863 - Remove workaround for localizing search engine plugins. The
16864 workaround has recently become unnecessary, possibly due to the
16865 changes made for the seach bar after the Tor Browser was rebased
16866 on Firefox 38esr. (Closes: #9146)
16867 - Refer to the I2P Browser in the I2P notifications. Instead of
16868 some obscure links that won't work in the Tor Browser, where
16869 users likely will try them, and which I believe will open them
16870 by default. (Closes: #10182)
16871 - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
16872 enforce mode. (Closes: #9830)
16874 * Test suite
16875 - Test that udev-watchdog is monitoring the correct device when
16876 booted from USB. (Closes: #9890)
16877 - Remove unused 'gksu' step. This causes a false-positive to be
16878 found for #5330. (Closes: #9877)
16879 - Make --capture capture individual videos for failed scenarios
16880 only, and --capture-all to capture videos for all scenarios.
16881 (Closes: #10148)
16882 - Use the more efficient x264 encoding when capturing videos using
16883 the --capture* options. (Closes: #10001)
16884 - Make --old-iso default to --iso if omitted. Using the same ISO
16885 for the USB upgrade tests most often still does what we want,
16886 e.g. test that the current version of Tails being tested has a
16887 working Tails installer. Hence this seems like a reasonable
16888 default. (Closes: #10147)
16889 - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
16890 throw a new dedicated FindAnyFailed exception if these fail
16891 instead. Rjb::throw doesn't block Ruby's execution until the
16892 Java exception has been received by Ruby, so strange things can
16893 happen and we must avoid it. (Closes: #9633)
16894 - Fix the Download Management page in our browsers. Without the
16895 browser.download.panel.shown pref set, the progress being made
16896 will not update until after the browser has been restarted.
16897 (Closes: #8159)
16898 - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
16899 that deals with debugging instead of printing it to STDERR via
16900 the `--debug` option (which now has been removed). This gives us
16901 the full flexibility of Cucumber's formatter system, e.g. one
16902 easy-to-read formatter can print to the terminal, while we get
16903 the full debug log printed to a file. (Closes: #9491)
16904 - Import logging module in otr-bot.py. Our otr-bot.py does not use
16905 logging but the jabberbot library makes logging calls, causing a
16906 one-off message “No handlers could be found for logger
16907 "jabberbot"” to be printed to the console. This commit
16908 effectively prevents logging/outputting anything to the terminal
16909 which is at a level lower than CRITICAL. (Closes: 9375)
16910 - Force new Tor circuit and reload web site on browser
16911 timeouts. (Closes: #10116)
16912 - Focus Pidgin's buddy list before trying to access the tools
16913 menu. (Closes: #10217)
16914 - Optimize IRC test using waitAny. If connecting to IRC fails,
16915 such as when OFTC is blocking Tor, waiting 60 seconds to connect
16916 while a a Reconnect button is visible is sub-optimal. It would
16917 be better to try forcing a new Tor circuit and clicking the
16918 reconnect button. (Closes: #9653)
16919 - Wait for (and focus if necessary) Pidgin's Certificate windows.
16920 (Closes: #10222)
16922 -- Tails developers <tails@boum.org> Sun, 20 Sep 2015 17:47:26 +0000
16924 tails (1.5.1) unstable; urgency=medium
16926 * Security fixes
16927 - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
16928 - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
16929 - Upgrade libnss3 to 2:3.14.5-1+deb7u5.
16931 * Bugfixes
16932 - Refresh Tor Browser AppArmor profile patch. The old one doesn't
16933 apply on top of testing's torbrowser-launcher anymore.
16935 * Build system
16936 - Make sure Jenkins creates new jobs to build the testing branch
16937 after freezes. (Closes: #9925)
16939 -- Tails developers <tails@boum.org> Fri, 28 Aug 2015 01:52:14 +0200
16941 tails (1.5) unstable; urgency=medium
16943 * Major new features and changes
16944 - Move LAN web browsing from Tor Browser to the Unsafe Browser,
16945 and forbid access to the LAN from the former. (Closes: #7976)
16946 - Install a 32-bit GRUB EFI boot loader. This at least works
16947 on some Intel Baytrail systems. (Closes: #8471)
16949 * Security fixes
16950 - Upgrade Tor Browser to 5.0, and integrate it:
16951 · Disable Tiles in all browsers' new tab page.
16952 · Don't use geo-specific search engine prefs in our browsers.
16953 · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
16954 Marketplace), and the "Share this page" button in the Tool bar.
16955 · Generate localized Wikipedia search engine plugin icons so the
16956 English and localized versions can be distinguished in the new
16957 search bar. (Closes: #9955)
16958 - Fix panic mode on MAC spoofing failure. (Closes: #9531)
16959 - Deny Tor Browser access to global tmp directories with AppArmor,
16960 and give it its own $TMPDIR. (Closes: #9558)
16961 - Tails Installer: don't use a predictable file name for the subprocess
16962 error log. (Closes: #9349)
16963 - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
16964 which is too wide-open.
16965 - Use aliases so that our AppArmor policy applies to
16966 /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
16967 it applies to /. And accordingly:
16968 · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
16969 · Install rsyslog from wheezy-backports, since the version from Wheezy
16970 conflicts with AppArmor 2.9.
16971 · Stop installing systemd for now: the migration work is being done in
16972 the feature/jessie branch, and it conflicts with rsyslog from
16973 wheezy-backports.
16974 · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
16975 · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
16976 · Take into account aufs whiteouts in the system_tor profile.
16977 · Adjust the Vidalia profile to take into account Live-specific paths.
16978 - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
16979 - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
16980 - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
16981 - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
16982 - Upgrade libexpat1 to 2.1.0-1+deb7u2.
16983 - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
16984 - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
16985 - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.
16987 * Bugfixes
16988 - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
16990 * Minor improvements
16991 - Tails Installer: let the user know when it has rejected a candidate
16992 destination device because it is too small. (Closes: #9130)
16993 - Tails Installer: prevent users from trying to "upgrade" a device
16994 that contains no Tails, or that was not installed with Tails Installer.
16995 (Closes: #5623)
16996 - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
16997 support for the OTRv3 protocol and for multiple concurrent connections
16998 to the same account. (Closes: #9513)
16999 - Skip warning dialog when starting Tor Browser while being offline,
17000 in case it is already running. Thanks to Austin English for the patch!
17001 (Closes: #7525)
17002 - Install the apparmor-profiles package (Closes: #9539), but don't ship
17003 a bunch of AppArmor profiles we don't use, to avoid increasing
17004 boot time. (Closes: #9757)
17005 - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
17006 of patching /etc/apparmor.d/tunables/home.
17007 - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
17008 is actually used as the read-write branch of the root filesystem's union
17009 mount, is visible. As a consequence:
17010 · One can now inspect how much space is used, at a given time, in the
17011 read-write branch of the root filesystem's union mount.
17012 · We can make sure our AppArmor policy works fine when that filesystem
17013 is visible, which is safer in case e.g. live-boot's behavior changes
17014 under our feet in the future... or in case these "hidden" files are
17015 actually accessible somehow already.
17017 * Build system
17018 - Add our jenkins-tools repository as a Git submodule, and replace
17019 check_po.sh with a symlink pointing to the same script in that submodule.
17020 Adjust the automated test suite accordingly. (Closes: #9567)
17021 - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
17022 particular the inclusion of the Tor Browser 5.0 series has recently
17023 increased the amount of space needed to build Tails. (Closes: #9901)
17025 * Test suite
17026 - Test that the Tor Browser cannot access LAN resources.
17027 - Test that the Unsafe Browser can access the LAN.
17028 - Installer: test new behavior when trying to upgrade an empty device, and
17029 when attempting to upgrade a non-Tails FAT partition on GPT; also, take
17030 into account that all unsupported upgrade scenarios now trigger
17031 the same behavior.
17032 - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
17033 on failure. (Closes: #9518, #9709)
17034 - run_test_suite: remove control chars from log file even when cucumber
17035 exits with non-zero. (Closes: #9376)
17036 - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
17037 - Use custom exception when 'execute_successfully' fails.
17038 - Retry looking up whois info on transient failure. (Closes: #9668)
17039 - Retry wget on transient failure. (Closes: #9715)
17040 - Test that Tor Browser cannot access files in /tmp.
17041 - Allow running the test suite without ntp installed. There are other means
17042 to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
17043 (Closes: #9651)
17044 - Bump timeout in the Totem feature.
17045 - Grep memory dump using the --text option. This is necessary with recent
17046 versions of grep, such as the one in current Debian sid, otherwise it
17047 will count only one occurrence of the pattern we're looking for.
17048 (Closes: #9759)
17049 - Include execute_successfully's error in the exception, instead
17050 of writing it to stdout via puts. (Closes: #9795)
17051 - Test that udev-watchdog is actually monitoring the correct device.
17052 (Closes: #5560)
17053 - IUK: workaround weird Archive::Tar behaviour on current sid.
17054 - Test the SocksPort:s given in torrc in the Unsafe Browser.
17055 This way we don't get any sneaky errors in case we change them and
17056 forget to update this test.
17057 - Directly verify AppArmor blocking of the Tor Browser by looking in
17058 the audit log: Firefox 38 does no longer provide any graphical feedback
17059 when the kernel blocks its access to files the user wants to access.
17060 - Update browser-related automated test suite images, and workaround
17061 weirdness introduced by the new Tor Browser fonts.
17062 - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
17063 via alternate, live-boot generated paths.
17064 - Adjust tests to cope with our new AppArmor aliases.
17065 - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
17067 -- Tails developers <tails@boum.org> Mon, 10 Aug 2015 19:12:58 +0200
17069 tails (1.4.1) unstable; urgency=medium
17071 * Security fixes
17072 - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
17073 - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
17074 isolation bugfix. (Closes: #9560)
17075 - AppArmor: deny Tor Browser access to the list of recently used files.
17076 (Closes: #9126)
17077 - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
17078 - Upgrade Linux to 3.16.7-ckt11-1.
17079 - Upgrade CUPS to 1.5.3-5+deb7u6.
17080 - Upgrade FUSE to 2.9.0-2+deb7u2.
17081 - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
17082 - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
17083 - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
17085 * Bugfixes
17086 - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
17087 - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
17088 (Closes: #9416)
17089 - Partially fix the truncated notifications issue. (#7249)
17091 * Minor improvements
17092 - Disable the hwclock.sh initscript at reboot/shutdown time.
17093 This is an additional safety measure to ensure that the hardware clock
17094 is not modified. (Closes: #9364)
17095 - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
17096 (Closes: #9417)
17097 - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
17098 profile shipped with torbrowser-launcher 0.2.0-1.
17099 - Add the jessie/updates APT repo and set appropriate pinning.
17100 - Upgrade Electrum to 1.9.8-4~bpo70+1.
17101 - Upgrade kernel firmware packages to 0.44.
17103 * Build system
17104 - Install the Linux kernel from Debian Jessie. (Closes: #9341)
17105 - Remove files that are not under version control when building in Jenkins.
17106 (Closes: #9406)
17107 - Don't modify files in the source tree before having possibly merged
17108 the base branch into it. (Closes: #9406)
17109 - Make it so eatmydata is actually used during a greater part of the build
17110 process. This includes using eatmydata from wheezy-backports.
17111 (Closes: #9419, #9523)
17112 - release script: adjust to support current Debian sid.
17114 * Test suite
17115 - Test the system clock sanity check we do at boot. (Closes: #9377)
17116 - Remove the impossible "Clock way in the past" scenarios.
17117 Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
17118 these scenarios cannot happen, and since we test that it works they
17119 can be safely removed.
17120 - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
17121 - Pidgin: retry looking for the roadmap URL in the topic.
17122 - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
17123 (Closes: #9317)
17124 - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
17125 - Check that notification-daemon is running when looking for notifications
17126 fails. (Closes: #9332)
17127 - Allow using the cucumber formatters however we want. (Closes: #9424)
17128 - Enable Spice in the guest, and blacklist the psmouse kernel module,
17129 to help with lost mouse events. (Closes: #9425)
17130 - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
17131 - Test that Seahorse is configured to use the correct keyserver.
17132 (Closes: #9339)
17133 - Always export TMPDIR back to the test suite's shell environment.
17134 (Closes: #9479)
17135 - Make OpenPGP tests more reliable:
17136 · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
17137 · Retry accessing menus in Seahorse on failure. (Closes: #9344)
17138 - Focus the Pidgin conversation window before any attempt to interact
17139 with it. (Closes: #9317)
17140 - Use convertkey from the (backported to Jessie) Debian package,
17141 instead of our own copy of that script. (Closes: #9066)
17142 - Make the memory erasure tests more robust (Closes: #9329):
17143 · Bump /proc/sys/vm/min_free_kbytes when running fillram.
17144 · Actually set oom_adj for the remote shell when running fillram.
17145 · Try to be more sure that we OOM kill fillram.
17146 · Run fillram as non-root.
17147 - Only try to build the storage pool if TailsToasterStorage isn't found.
17148 (Closes: #9568)
17150 -- Tails developers <tails@boum.org> Sun, 28 Jun 2015 19:46:25 +0200
17152 tails (1.4) unstable; urgency=medium
17154 * Major new features
17155 - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
17156 introduces many major new features for usability, security and
17157 privacy. Unfortunately its per-tab circuit view did not make it
17158 into Tails yet since it requires exposing more Tor state to the
17159 user running the Tor Browser than we are currently comfortable
17160 with. (Closes: #9031, #9369)
17161 - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
17162 bundled with the Tor Browser, we patch it so that circuits used
17163 for SOCKSAuth streams have their lifetime increased indefinitely
17164 while in active use. This currently only affects the Tor Browser
17165 in Tails, and should improve the experience on certain web sites
17166 that otherwise would switch language or log you out every ten
17167 minutes or so when Tor switches circuit. (Closes: #7934)
17169 * Security fixes
17170 - tor-browser wrapper script: avoid offering avenues to arbitrary
17171 code execution to e.g. an exploited Pidgin. AppArmor Ux rules
17172 don't sanitize $PATH, which can lead to an exploited application
17173 (that's allowed to run this script unconfined, e.g. Pidgin)
17174 having this script run arbitrary code, violating that
17175 application's confinement. Let's prevent that by setting PATH to
17176 a list of directories where only root can write. (Closes: #9370)
17177 - Upgrade Linux to 3.16.7-ckt9-3.
17178 - Upgrade curl to 7.26.0-1+wheezy13.
17179 - Upgrade dpkg to 1.16.16.
17180 - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
17181 - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
17182 - Upgrade openldap to 2.4.31-2.
17183 - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
17184 - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
17185 - Upgrade libtasn1-3 to 2.13-2+deb7u2.
17186 - Upgrade libx11 to 2:1.5.0-1+deb7u2.
17187 - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
17188 - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
17189 - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
17190 - Upgrade ppp to 2.4.5-5.1+deb7u2.
17192 * Bugfixes
17193 - Disable security warnings when connecting to POP3 and IMAP ports.
17194 (Closes: #9327)
17195 - Make the Windows 8 browser theme compatible with the Unsafe and I2P
17196 browsers. (Closes: #9138)
17197 - Hide Torbutton's "Tor Network Settings..." context menu entry.
17198 (Closes: #7647)
17199 - Upgrade the syslinux packages to support booting Tails on
17200 Chromebook C720-2800. (Closes: #9044)
17201 - Enable localization in Tails Upgrader. (Closes: #9190)
17202 - Make sure the system clock isn't before the build date during
17203 early boot. Our live-config hook that imports our signing keys
17204 depend on that the system clock isn't before the date when the
17205 keys where created. (Closes: #9149)
17206 - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
17207 us from getting GNOME's default keyserver in addition to our
17208 own. (Closes: #9233)
17209 - Prevent Firefox from crashing when Orca is enabled: grant
17210 it access to assistive technologies in its Apparmor
17211 profile. (Closes: #9261)
17212 - Add Jessie APT source. (Closes: #9278)
17213 - Fix set_simple_config_key(). If the key already existed in the
17214 config file before the call, all other lines would be removed
17215 due to the sed option -n and p combo. (Closes: #9122)
17216 - Remove illegal instance of local outside of function definition.
17217 Together with `set -e` that error has prevented this script from
17218 restarting Vidalia, like it should. (Closes: #9328)
17220 * Minor improvements
17221 - Upgrade I2P to 0.9.19-3~deb7u+1.
17222 - Install Tor Browser's bundled Torbutton instead of custom .deb.
17223 As of Torbutton 1.9.1.0 everything we need has been upstreamed.
17224 - Install Tor Browser's bundled Tor Launcher instead of our
17225 in-tree version. With Tor 0.2.6.x our custom patches for the
17226 ClientTransportPlugin hacks are not needed any more. (Closes:
17227 #7283)
17228 - Don't install msmtp and mutt. (Closes: #8727)
17229 - Install fonts-linuxlibertine for improved Vietnamese support in
17230 LibreOffice. (Closes: #8996)
17231 - Remove obsoletete #i2p-help IRC channel from the Pidgin
17232 configuration (Closes: #9137)
17233 - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
17234 Bliminse for the patch. (Closes: #9069).
17235 - Install printer-driver-gutenprint to support more printer
17236 models. (Closes: #8994).
17237 - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
17238 - Hide the Tor logo in Tor Launcher. (Closes: #8696)
17239 - Remove useless log() instance in tails-unblock-network. (Closes:
17240 #9034)
17241 - Install cdrdao: this enables Brasero to burn combined data/audio
17242 CDs and to do byte-to-byte disc copy.
17243 - Hide access to the Add-ons manager in the Unsafe Browser. It's
17244 currently broken (#9307) but we any way do not want users to
17245 install add-ons in the Unsafe Browser. (Closes: #9305)
17246 - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
17247 The default value of this option activates warnings on ports
17248 23,109,110,143. This commit disables the warnings for POP3 and
17249 IMAP as these could be equally used in encrypted StartTLS
17250 connections. (Closes: #9327)
17251 - Completely rework how we localize our browser by generating our
17252 branding add-on, and search plugins programatically. This
17253 improves the localization for the ar, es, fa, ko, nl, pl, ru,
17254 tr, vi and zh_CN locales by localizing the Startpage and
17255 Disconnect.me search plugins. Following Tor Browser 4.5's recent
17256 switch, we now use Disconnect.me as the default search
17257 engine. (Closes: #9309)
17258 * Actively set Google as the Unsafe Browser's default search
17259 engine.
17261 * Build system
17262 - Encode in Git which APT suites to include when building Tails.
17263 (Closes: #8654)
17264 - Clean up the list of packages we install. (Closes: #6073)
17265 - Run auto/{build,clean,config} under `set -x' for improved
17266 debugging.
17267 - Zero-pad our ISO images so their size is divisible by 2048.
17268 The data part of an ISO image's sectors is 2048 bytes, which
17269 implies that ISO images should always have a size divisible
17270 by 2048. Some applications, e.g. VirtualBox, use this as a sanity
17271 check, treating ISO images for which this isn't true as garbage.
17272 Our isohybrid post-processing does not ensure this,
17273 however. Also Output ISO size before/after isohybrid'ing and
17274 truncate'ing it. This will help detect if/when truncate is
17275 needed at all, so that we can report back to syslinux
17276 maintainers more useful information. (Closes: #8891)
17277 - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
17278 goal here is to avoid Tor Browser tarballs being deleted by
17279 apt-cacher-ng's daily expiration cronjob: they're not listed in
17280 any APT repo's index file, so acng will be quite eager to clean
17281 them up.
17283 * Test suite
17284 - Bring dependency checks up-to-date (Closes: #8988).
17285 - Adapt test suite to be run on Debian Jessie, which includes
17286 removing various Wheezy-specific workarounds, adding a few
17287 specific to Jessie, migrating from ffmpeg to libav, and
17288 more. (Closes: #8165)
17289 - Test that MAT can see that a PDF is dirty (Closes: #9136).
17290 - Allow throwing Timeout::Error in try_for() blocks, as well as
17291 nested try_for() (Closes: #9189, #9290).
17292 - Read test suite configuration files from the features/config/local.d
17293 directory. (Closes: #9220)
17294 - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
17295 zombie processes from appearing. (Closes: #9139)
17296 - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
17297 it to properly clean up. (Closes: #8707)
17298 - Split SSH & SFTP configs in the test suite. (Closes: #9257)
17299 - Improve how we start subprocesses in the test suite, mostly by
17300 bypassing the shell for greater security and robustness (Closes:
17301 #9253)
17302 - Add Electrum test feature. (Closes #8963)
17303 - Test that Tails Installer detects when USB devices are
17304 removed. (Closes: #9131)
17305 - Test Tails Installer with devices which are too small. (Closes:
17306 #9129)
17307 - Test that the Report an Error launcher works in German. (Closes:
17308 #9143)
17309 - Verify that no extensions are installed in the Unsafe Browser
17310 using about:support instead of about:addons, which is broken
17311 (#9307). (Closes: #9306)
17312 - Retry GNOME application menu actions when they glitch. The
17313 GNOME application menus seem to have issues with clicks or
17314 hovering actions not registering, and hence sometimes submenus
17315 are not opened when they should, and sometimes clicks on the
17316 final application shortcut are lost. There seems to be a
17317 correlation between this and CPU load on the host running the
17318 test suite. We workaround this by simply re-trying the last
17319 action when it seems to fail. (Closes: #8928)
17320 - Work around Seahorse GUI glitchiness (Closes: #9343):
17321 * When Seahorse appears to be frozen--apparently due to network
17322 issues--it can often be worked around by refreshing the screen
17323 or activating a new window.
17324 * Open Seahorse's preferences dialog using the mouse.
17325 * Access menu entries with the mouse.
17326 - Wait for systray icons to finish loading before interacting with
17327 the systray. (Closes: #9258)
17328 - Test suite configuration: generalize local.d support to *.d. We
17329 now load features/config/*.d/*.yml.
17330 - Use code blocks in "After Scenario" hooks. This is much simpler
17331 to use (and more readable!) compared to hooking functions and
17332 arguments like we used to do.
17333 - Create filesystem share sources in the temporary directory and
17334 make them world-readable. (Closes: #8950)
17336 -- Tails developers <tails@boum.org> Mon, 11 May 2015 16:45:04 +0200
17338 tails (1.3.2) unstable; urgency=medium
17340 * Security fixes
17341 - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR.
17342 - Upgrade OpenSSL to 1.0.1e-2+deb7u16.
17344 * Bugfixes
17345 - Make Florence usable with touchpads by forcing syndaemon to
17346 always use the `-t` option, which only disables tapping and
17347 scrolling and not mouse movements (Closes: #9011).
17348 - Make tails-spoof-mac log the correct macchanger exit code on
17349 failure (Closes: #8687).
17350 - Tails Installer:
17351 · Ignore devices with less than 3.5 GB of storage since they
17352 do not fit a Tails installation (Closes: #6538).
17353 · Remove devices from the device list as they are unplugged
17354 (Closes: #8691).
17356 * Minor improvements
17357 - Install obfs4proxy 0.0.4-1~tpo1, which adds support for
17358 client-mode ScrambleSuit.
17359 - Don't start Vidalia if Windows Camouflage is enabled. (Closes:
17360 #7400)
17361 - I2P Browser:
17362 · Remove "Add-ons" from the Tools menu, and hide "Keyboard
17363 Shortcuts" and "Take a Tour" since they point to resources on
17364 the open Internet (Closes: #7970).
17365 · Hide TorButton button from the customize toolbar options, and
17366 remove configs whose only purpose was to make Torbutton "green"
17367 (Closes: #8893).
17369 * Test suite
17370 - New tests:
17371 · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server"
17372 (Closes: #6308).
17373 · Verify that Tails' Tor binary has the expected Tor authorities
17374 hard coded (Closes: #8960).
17375 - Improvements:
17376 · Programmatically determine the supported languages when testing
17377 the Unsafe Browser (Closes: #8918).
17378 · Rename --temp-dir to --tmpdir and make it behave more like
17379 mktemp, and honour TMPDIR if set in the environment. (Closes:
17380 #8709).
17381 - Bugfixes:
17382 · Make --temp-dir (now --tmpdir) actually work.
17384 -- Tails developers <tails@boum.org> Mon, 30 Mar 2015 16:54:20 +0200
17386 tails (1.3.1) unstable; urgency=medium
17388 * Security fixes
17389 - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses:
17390 · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
17391 · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
17392 - Upgrade Linux to 3.16.7-ckt7-1.
17393 - Upgrade libxfont to 1:1.4.5-5.
17394 - Upgrade OpenSSL to 1.0.1e-2+deb7u15.
17395 - Upgrade tcpdump to 4.3.0-1+deb7u2.
17396 - Upgrade bsdtar to 3.0.4-3+wheezy1.
17397 - Upgrade CUPS to 1.5.3-5+deb7u5.
17398 - Upgrade file and libmagic to 5.11-2+deb7u8.
17399 - Upgrade GnuPG to 1.4.12-7+deb7u7.
17400 - Upgrade libarchive to 3.0.4-3+wheezy1.
17401 - Upgrade libav to 6:0.8.17-1.
17402 - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1.
17403 - Upgrade libgcrypt11 1.5.0-5+deb7u3.
17404 - Upgrade libgnutls26 to 2.12.20-8+deb7u3.
17405 - Upgrade libgtk2-perl to 2:1.244-1+deb7u1.
17406 - Upgrade ICU to 4.8.1.1-12+deb7u2.
17407 - Upgrade NSS to 2:3.14.5-1+deb7u4.
17408 - Upgrade libssh2 to 1.4.2-1.1+deb7u1.
17410 * Bugfixes
17411 - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include:
17412 · Directory authority changes.
17413 · Fix assertion errors that may trigger under high DNS load.
17414 · No longer break on HUP with seccomp2 enabled.
17415 · and more - please consult the upstream changelog.
17416 - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly
17417 (Closes: #8964, #6985). Changes include:
17418 · Ask about bridges before proxy in wizard.
17419 · Hide logo if TOR_HIDE_BROWSER_LOGO set.
17420 · Remove firewall prompt from wizard.
17421 · Feedback when “Copy Tor Log” is clicked.
17422 · Improve behavior if tor exits.
17423 · Add option to hide TBB's logo
17424 · Change "Tor Browser Bundle" to "Tor Browser"
17425 · Update translations from Transifex.
17426 - Fix the Tor Launcher killer. (Closes: #9067)
17427 - Allow Seahorse to communicate with keyservers when run from Tails
17428 OpenPGP Applet. (Closes: #6394)
17429 - SSH client: don't proxy connections to 172.17.* to 172.31.*.
17430 (Closes: #6558)
17431 - Repair config/chroot_local-packages feature, that was broken in Tails 1.3
17432 by 19-install-tor-browser-AppArmor-profile. (Closes: #8910)
17433 - language_statistics.sh: count original words instead of translated words.
17434 Otherwise we get >100% translation if translated strings are longer than
17435 original strings. (Closes: #9016)
17437 * Minor improvements
17438 - Only ship the new Tails signing key, and have Tails Upgrader stop trusting
17439 the old one. Update the documentation and test suite accordingly.
17440 (Closes: #8735, #8736, #8882, #8769, #8951)
17441 - Polish and harden a bit the WhisperBack configuration (Closes: #8991):
17442 · Only allow the `amnesia' user to run tails-debugging info as root
17443 with no arguments.
17444 · Fix spelling and grammar mistakes, improve phrasing a bit.
17445 · Quote variables consistently.
17447 * Test suite
17448 - New tests:
17449 · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user
17450 chatroom. (Closes: #8002)
17451 · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001)
17452 · Check that Pidgin only responds to the expected CTCP requests.
17453 (Closes: #8966)
17454 · Fetching keys using Seahorse started via the OpenPGP Applet.
17455 · Sync'ing keys using Seahorse.
17456 - Bugfixes:
17457 · Fix a race condition between the remote shell's and Tails Greeter's
17458 startup, by making sure the remote shell is ready before we start
17459 GDM. (Closes: #8941)
17460 · Kill virt-viewer properly. (Closes: #9070)
17461 · Make sure the display is stopped on destroy_and_undefine().
17462 Where we had it earlier, it could be skipped if anything else in the
17463 block threw an exception.
17464 · Fix wrong use of "$@". (Closes: #9071)
17465 · Enable the pipefail option in run_test_suite.
17466 · Improve the GNOME screenshot test's robustness. (Closes: #8952)
17467 - Refactoring:
17468 · turn the focus_pidgin_window() helper into a more generic
17469 VM.focus_xorg_window() one.
17470 · Reorganize the Display class.
17471 · Use clearer method to check process status in the Display class.
17472 - New developer-oriented features:
17473 · Add a --log-to-file option to run_test_suite. (Closes: #8894)
17474 · Add helpers for generating random strings.
17475 · Make it possible to hook arbitrary calls on scenario end. This is useful
17476 for dynamically adding cleanup functions, instead of having
17477 to explicitly deal with them in some After hook.
17479 -- Tails developers <tails@boum.org> Mon, 23 Mar 2015 12:34:56 +0000
17481 tails (1.3) unstable; urgency=medium
17483 * Major new features
17484 - Produce the Tails image in hybrid mode (again) so that the same
17485 image can be installed both on DVD *and* "hard disks" like USB
17486 storage and similar. (Closes: #8510)
17487 - Confine the Tor Browser using AppArmor. (Closes: #5525)
17488 - Install the Electrum bitcoin client from wheezy-backports, and
17489 add a persistence preset for the Live user's bitcoin wallet. If
17490 electrum is started without the persistence preset enabled, a
17491 warning is shown. (Closes: #6739)
17493 * Security fixes
17494 - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr)
17495 (Closes: #8938).
17497 * Bugfixes
17498 - Have tor_bootstrap_progress echo 0 if no matching log line is
17499 found. (Closes: #8257)
17500 - Always pass arguments through wrappers (connect-socks, totem,
17501 wget, whois) with "$@". $* doesn't handle arguments with
17502 e.g. embedded spaces correctly. (Closes: #8603, #8830)
17503 - Upgrade Linux to 3.16.7-ckt4-3.
17505 * Minor improvements
17506 - Install a custom-built Tor package with Seccomp enabled;
17507 enable the Seccomp sandbox when no pluggable transport is used.
17508 (Closes: #8174)
17509 - Install obfs4proxy instead of obfsproxy, which adds support for
17510 the obfs4 Tor pluggable transport. (Closes: #7980)
17511 - Install GnuPG v2 and associated tools from wheezy-backports,
17512 primarily for its improved support for OpenPGP smartcards. It
17513 lives side-by-side with GnuPG v1, which still is the
17514 default. (Closes: #6241)
17515 - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
17516 #7999)
17517 - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
17518 - Install keyringer from Debian Jessie. (Closes: #7752)
17519 - Install pulseaudio-utils.
17520 - Remove all traces of Polipo: we don't use it anymore. This
17521 closes #5379 and #6115 because:
17522 * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
17523 * Wrap wget with torsocks. (Closes: #6623)
17524 * Wrap Totem to torify it with torsocks. (Closes: #8219)
17525 * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
17526 (Closes: #8680)
17527 - Use torsocks for whois and Gobby, instead of torify.
17528 - Upgrade I2P to 0.9.18-1~deb7u+1.
17529 - Refactor the Unsafe and I2P browser code into a common shell
17530 library. A lot of duplicated code is now shared, and the code
17531 has been cleaned up and made more reliable. Several
17532 optimizations of memory usage and startup time were also
17533 implemented. (Closes: #7951)
17534 - Invert Exit and About in gpgApplet context menu. This is a
17535 short-term workaround for making it harder to exit the
17536 application by mistake (e.g. a double right-click). (Closes:
17537 #7450)
17538 - Implement new touchpad settings. This enables tap-to-click,
17539 2-fingers scrolling, and disable while typing. We don't enable
17540 reverse scrolling nor horizontal scrolling. (Closes: #7779)
17541 - Include the mount(8) output and live-additional-software.conf in
17542 WhisperBack bug reports (Closes: #8719, #8491).
17543 - Reduce brightness and saturation of background color. (Closes:
17544 #7963)
17545 - Have ALSA output sound via PulseAudio by default. This gives us
17546 centralized sound volume controls, and... allows to easily, and
17547 automatically, test that audio output works from Tor Browser,
17548 thanks to the PulseAudio integration into the GNOME sound
17549 control center.
17550 - Import the new Tails signing key, which we will use for Tails
17551 1.3.1, and have Tails Upgrader trust both it and the "old"
17552 (current) Tails signing key. (Closes: #8732)
17553 - tails-security-check: error out when passed an invalid CA file.
17554 Unfortunately, the underlying HTTPS stack we use here fails open
17555 in those case, so we have to check it ourselves. Currently, we
17556 check that the file exists, is readable, is a plain file and is
17557 not empty. Also support specifying the CA file via an
17558 environment variable. This will ease development and bug-fixing
17559 quite a bit.
17560 - Fix racy code in Tails Installer that sometimes made the
17561 automated test suite stall for scenarios installing Tails
17562 to USB disks. (Closes: #6092)
17563 - Make it possible to use Tails Upgrader to upgrade a Tails
17564 installation that has cruft files on the system partition.
17565 (Closes: #7678)
17567 * Build system
17568 - Install syslinux-utils from our builder-wheezy APT repository in
17569 Vagrant. We need version 6.03~pre20 to make the Tails ISO image
17570 in hybrid mode
17571 - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
17572 - Revert "Workaround build failure in lb_source, after creating
17573 the ISO." This is not needed anymore given the move to the Tor
17574 SOCKS proxy. (Closes: #5307)
17575 - Remove the bootstrap stage usage option and disable all
17576 live-build caching in Vagrant. It introduces complexity and
17577 potential for strange build inconsistencies for a meager
17578 reduction in build time. (Closes: #8725)
17579 - Hardcode the mirrors used at build and boot time in auto/config.
17580 Our stuff will be more consistent, easier to reproduce, and our
17581 QA process will be more reliable if we all use the same mirrors
17582 at build time as the ones we configure in the ISO. E.g. we won't
17583 have issues such as #8715 again. (Closes: #8726)
17584 - Don't attempt to retrieve source packages from local-packages so
17585 local packages can be installed via
17586 config/chroot_local-packages. (Closes: #8756)
17587 - Use our own Tor Browser archive when building an ISO. (Closes:
17588 #8125)
17590 * Test suite
17591 - Use libguestfs instead of parted when creating partitions and
17592 filsystems, and to check that only the expected files
17593 persist. We also switch to qcow2 as the default disk image
17594 format everywhere to reduce disk usage, enable us to use
17595 snapshots that includes the disks (in the future), and to use
17596 the same steps for creating disks in all tests. (Closes: #8673)
17597 - Automatically test that Tails ignores persistence volumes stored
17598 on non-removable media, and doesn't enable swaps. (Closes:
17599 #7822)
17600 - Actually make sure that Tails can boot from live systems stored
17601 on a hard drive. Running the 'I start Tails from DVD ...' step
17602 will override the earlier 'the computer is set to boot from ide
17603 drive "live_hd"' step, so let's make the "from DVD" part
17604 optional; it will be the default any way.
17605 - Make it possible to use an old iso with different persistence
17606 presets. (Closes: #8091)
17607 - Hide the cursor between steps when navigating the GNOME
17608 applications menu. This makes it a bit more robust, again:
17609 sometimes the cursor is partially hiding the menu entry we're
17610 looking for, hence preventing Sikuli from finding it (in
17611 particular when it's "Accessories", since we've just clicked on
17612 "Applications" which is nearby). (Closes: #8875)
17613 - Ensure that the test will fail if "apt-get X" commands fail.
17614 - Test 'Tor is ready' notification in a separate scenario. (Closes:
17615 #8714)
17616 - Add automated tests for torified wget and whois. This should
17617 help us identify future regressions such as #8603 in their
17618 torifying wrappers.
17619 - Add automated test for opening an URL from Pidgin.
17620 - And add automated tests for the Tor Browser's AppArmor
17621 sandboxing.
17622 - Test that "Report an Error Launcher" opens the support
17623 documentation.
17624 - Test that the Unsafe Browser:
17625 * starts in various locales.
17626 * complains when DNS isn't configured.
17627 * tears down its chroot on shutdown.
17628 * runs as the correct user.
17629 * has no plugins or add-ons installed.
17630 * has no unexpected bookmarks.
17631 * has no proxy configured.
17632 - Bump the "I2P router console is ready" timeout in its test to
17633 deal with slow Internet connections.
17634 - Make the automatic tests of gpgApplet more robust by relying
17635 more on graphical elements instead of keyboard shortcuts and
17636 static sleep():s. (Closes: #5632)
17637 - Make sure that enough disk space is available when creating
17638 virtual storage media. (Closes: #8907)
17639 - Test that the Unsafe Browser doesn't generate any non-user
17640 initiated traffic, and in particular that it doesn't check for
17641 upgrades, which is a regression test for #8694. (Closes: #8702)
17642 - Various robustness improvements to the Synaptic tests. (Closes:
17643 #8742)
17644 - Automatically test Git. (Closes: #6307)
17645 - Automatically test GNOME Screenshot, which is a regression test
17646 for #8087. (Closes: #8688)
17647 - Fix a quoting issue with `tails_persistence_enabled?`. (Closes:
17648 #8919)
17649 - Introduce an improved configuration system that also can store
17650 local secrets, like user credentials needed for some
17651 tests. (Closes: #6301, #8188)
17652 - Actually verify that we successfully set the time in our time
17653 syncing tests. (Closes: #5836)
17654 - Automatically test Tor. This includes normal functionality and
17655 the use pluggable transports, that our Tor enforcement is
17656 effective (e.g. only the Tor network or configured bridges are
17657 contacted) and that our stream isolation configuration is
17658 working. (Closes: #5644, #6305, #7821)
17660 -- Tails developers <tails@boum.org> Mon, 23 Feb 2015 17:14:00 +0100
17662 tails (1.2.3) unstable; urgency=medium
17664 * Security fixes
17665 - Upgrade Linux to 3.16.7-ckt2-1.
17666 - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr)
17667 (Closes: #8700).
17668 - Fail safe by entering panic mode if macchanger exits with an
17669 error, since in this situation we have to treat the
17670 driver/device state as undefined. Also, we previously just
17671 exited the script in this case, not triggering the panic mode
17672 and potentially leaking the real MAC address (Closes: #8571).
17673 - Disable upgrade checking in the Unsafe Browser. Until now the
17674 Unsafe Browser has checked for upgrades of the Tor Browser in
17675 the clear (Closes: #8694).
17677 * Bugfixes
17678 - Fix startup of the Unsafe Browser in some locales (Closes: #8693).
17679 - Wait for notification-daemon to run before showing the MAC
17680 spoofing panic mode notifications. Without this, the "Network
17681 card disabled" notification is sometimes lost when MAC spoofing
17682 fails. Unfortunately this only improves the situation, but
17683 doesn't fix it completely (see #8685).
17684 - Log that we're going to stop NetworkManager before trying to do
17685 it in the MAC spoofing scripts. Without this we wouldn't get the
17686 log message in case stopping NetworkManager fails (thanks to
17687 `set -e`).
17688 - Set GNOME Screenshot preferences to save the screenshots in
17689 /home/amnesia (Closes: #8087).
17690 - Do not suspend to RAM when closing the lid on battery power
17691 (Closes: #8071).
17692 - Properly update the Tails Installer's status when plugging in a
17693 USB drive after it has started (Closes: #8353).
17694 - Make rsync compare file contents by using --checksum for more
17695 reliable generation of the squashfs filesystem in
17696 IUKs. Previously it used the default, which is checking
17697 timestamps and file size, but that doesn't play well with the
17698 Tor browser files, that have a fixed mtime, which could result
17699 in updated files not ending up in the IUK.
17701 * Minor improvements
17702 - Finish migrating tails-security-check's and tails-iuk's pinning
17703 to our website's new X.509 certificate authority (Closes: #8404).
17705 * Build system
17706 - Update to Vagrant build box tails-builder-20141201. The only
17707 change is the removal of a reference to an ISO image which
17708 doesn't exist (except on the system that generated the build
17709 box) which causes an error for some users (Closes: #7644).
17710 - Generate the list of packages used during build, after building
17711 with Jenkins (Closes: #8518). This allows tracking their status
17712 on the Debian reproducible build front:
17713 https://reproducible.debian.net/index_pkg_sets.html#tails
17715 * Automated test suite
17716 - Check PO files with i18nspector (Closes: #8359).
17717 - Fix the expected image of a check.tp.o failure. Previously we
17718 looked for the "Sorry. You are not using Tor." text, but it
17719 seems it recently changed enough for Sikuli to not find it. To
17720 prevent future errors of the same kind we'll look for the
17721 crossed-over onion icon instead (Closes: #8533).
17722 - Bump timeout when waiting for Tor to re-bootstrap. We have a
17723 dreaded issue with timeouts that are multiple of 2 minutes, and
17724 then Tor succeeds soon after, so in order to allow for this
17725 timeout to be reached twice, and then possibly succeed, let's
17726 use N*2 minutes + 30 seconds, with N=2.
17728 -- Tails developers <tails@boum.org> Wed, 14 Jan 2015 16:12:26 +0100
17730 tails (1.2.2) unstable; urgency=medium
17732 * Bugfixes
17733 - Create a CA bundle for Tails Upgrader at ISO build time, and
17734 patch Tails Upgrader to use it. Specifically this will make it
17735 possible to check for Tails upgrades after our website changes
17736 certificate around the 2014 to 2015 transition (Partially fixes
17737 #8404).
17739 -- Tails developers <tails@boum.org> Mon, 15 Dec 2014 10:05:17 +0100
17741 tails (1.2.1) unstable; urgency=low
17743 * Security fixes
17744 - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1.
17745 - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr).
17747 * Bugfixes
17748 - Install syslinux-utils, to get isohybrid back (Closes: #8155).
17749 - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which
17750 includes a patch that restores mouse scrolling in KVM/Spice
17751 (Closes: 7426).
17752 - Set Torbutton logging preferences to the defaults (Closes:
17753 #8160). With the default settings, no site-specific information is
17754 logged.
17755 - Use the correct stack of rootfs:s for the chroot browsers (Closes:
17756 #8152, #8158). After installing incremental upgrades Tails' root
17757 filesystem consists of a stack squashfs:s, not only
17758 filesystem.squashfs. When not stacking them correct we may end up
17759 using the Tor Browser (Firefox) from an older version of Tails, or
17760 with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to
17761 1.2, when we migrated from Iceweasel to the Tor Browser. Based on
17762 a patch contributed by sanic.
17763 - Use the Tor Browser for MIME type that GNOME associates with
17764 Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX
17765 etc. should be possible again.
17766 - Update patch to include all Intel CPU microcodes (Closes: #8189).
17767 - AppArmor: allow Pidgin to run Tor Browser unconfined, with
17768 scrubbed environment (Closes: #8186). Links opened in Pidgin are
17769 now handled by the Tor Browser.
17770 - Install all localized Iceweasel search plugins (Closes: #8139).
17771 - When generating the boot profile, ignore directories in
17772 process_IN_ACCESS as well (Closes: #7925). This allows ut to
17773 update the squashfs-ordering again in Tails 1.2.1.
17774 - gpgApplet: Don't pass already encoded data to GTK2 (Closes:
17775 #7968). It's now possible to clearsign text including non-ASCII
17776 characters.
17777 - Do not run the PulseAudio initscript, neither at startup nor
17778 shutdown (Closes: #8082).
17780 * Minor improvements
17781 - Upgrade I2P to 0.9.17-1~deb7u+1.
17782 - Make GnuPG configuration closer to the best practices one
17783 (Closes: #7512).
17784 - Have GnuPG directly use the Tor SOCKS port (Closes: #7416).
17785 - Remove TrueCrypt support and documentat how to open TrueCrypt
17786 volumes using cryptsetup (Closes: #5373).
17787 - Install hopenpgp-tools from Debian Jessie.
17789 * Build system
17790 - Add gettext >= 0.18.3 as a Tails build dependency. We need it for
17791 xgettext JavaScript support in feature/jessie.
17793 * Automated test suite
17794 - Don't click to open a sub-menu in the GNOME applications menu
17795 (Closes: #8140).
17796 - When testing the Windows camouflage, look for individual systray
17797 applets, to avoid relying on their ordering (Closes: #8059).
17798 - Focus the Pidgin Buddy List before looking for something
17799 happening in it (Closes: #8161).
17800 - Remove workaround for showing the TBB's menu bar (Closes #8028).
17802 -- Tails developers <tails@boum.org> Tue, 02 Dec 2014 11:34:03 +0100
17804 tails (1.2) unstable; urgency=medium
17806 * Major new features
17807 - Migrate from Iceweasel to the Tor Browser from the Tor Browser
17808 Bundle 4.0 (based on Firefox 31.2.0esr). This fixes the POODLE
17809 vulnerability.
17810 The installation in Tails is made global (multi-profile), uses
17811 the system-wide Tor instance, disables the Tor Browser updater,
17812 and keeps the desired deviations previously present in Iceweasel,
17813 e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
17814 we run it as a standalone XUL application), among other things.
17815 - Install AppArmor's userspace tools and apparmor-profiles-extra
17816 from Wheezy Backports, and enable the AppArmor Linux Security
17817 Module. This adds Mandatory Access Control for several critical
17818 applications in Tails, including Tor, Vidalia, Pidgin, Evince
17819 and Totem.
17820 - Isolate I2P traffic from the Tor Browser by adding a dedicated
17821 I2P Browser. It is set up similarly to the Unsafe Browser,
17822 but further disables features that are irrelevant for I2P, like
17823 search plugins and the AdBlock Plus addon, while keeping Tor Browser
17824 security features like the NoScript and Torbutton addons.
17825 - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
17827 * Security fixes
17828 - Disable TCP timestamps (Closes: #6579).
17830 * Bugfixes
17831 - Remove expired Pidgin certificates (Closes: #7730).
17832 - Use sudo instead of gksudo for running tails-upgrade-frontend to
17833 make stderr more easily accessible (Closes: #7431).
17834 - Run tails-persistence-setup with sudo instead of gksudo to make
17835 stderr more easily accessible, and allow the desktop user to
17836 pass the --verbose parameter (Closes: #7623).
17837 - Disable CUPS in the Unsafe Browser. This will prevent the
17838 browser from hanging for several minutes when accidentally
17839 pressing CTRL+P or trying to go to File -> Print (Closes: #7771).
17841 * Minor improvements
17842 - Install Linux 3.16-3 (version 3.16.5-1) from Debian
17843 unstable (Closes: #7886, #8100).
17844 - Transition away from TrueCrypt: install cryptsetup and friends
17845 from wheezy-backports (Closes: #5932), and make it clear that
17846 TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
17847 - Install Monkeysign dependencies for qrcodes scanning.
17848 - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
17849 the new syslinux-efi package.
17850 - Upgrade I2P to 0.9.15-1~deb7u+1
17851 - Enable Wheezy proposed-updates APT repository and setup APT
17852 pinnings to install packages from it.
17853 - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
17854 should make Tor a bit harder to exploit. It is only be enabled
17855 when when no special Tor configuration is requested in Tails
17856 Greeter due to incompatibility with pluggable transports.
17857 - Start I2P automatically when the network connects via a
17858 NetworkManager hook, and "i2p" is present on the kernel command
17859 line. The router console is no longer opened automatically, but
17860 can be accessed through the I2P Browser (Closes: #7732).
17861 - Simplify the IPv6 ferm rules (Closes: #7668).
17862 - Include persistence.conf in WhisperBack reports (Closes: #7461)
17863 - Pin packages from testing to 500, so that they can be upgraded.
17864 - Don't set Torbutton environment vars globally (Closes: #5648).
17865 - Enable VirtualBox guest additions by default (Closes: #5730). In
17866 particular this enables VirtualBox's display management service.
17867 - In the Unsafe Browser, hide option for "Tor Browser Health
17868 report", and the "Get Addons" section in the Addon manager
17869 (Closes: #7952).
17870 - Show Pidgin's formatting toolbar (Closes: #7356). Having the
17871 formatting toolbar displayed in Pidgin makes the OTR status more
17872 explicit by displaying it with words.
17874 * Automated test suite
17875 - Add --pause-on-fail to ease VM state debugging when tests
17876 misbehave.
17877 - Add execute_successfully() and assert_vmcommand_success() for
17878 added robustness when executing some command in the testing VM.
17879 - Use Test::Unit::Assertions instead of our home-made assert().
17880 - Add test for persistent browser bookmarks.
17881 - Add basic tests for Pidgin, Totem and Evince, including their
17882 AppArmor enforcement.
17883 - Factorize some common step pattern into single steps.
17884 - Factorize running a command in GNOME Terminal.
17885 - Add common steps to copy a file and test for its existence.
17886 - Add a wait_and_double_click Sikuli helper method.
17887 - Add a VM.file_content method, to avoid repeating ourselves, and
17888 use it whenever easily doable.
17889 - Drop test that diffs syslinux' exithelp.cfg: we don't ship this
17890 file anymore.
17891 - In the Unsafe Browser tests, rely on subtle timing less (Closes:
17892 #8009).
17893 - Use the same logic to determine when Tor is working in the test
17894 suite as in Tails itself. The idea is to avoid spamming the Tor
17895 control port during bootstrap, since we've seen problems with
17896 that already.
17898 -- Tails developers <tails@boum.org> Wed, 15 Oct 2014 18:34:50 +0200
17900 tails (1.1.2) unstable; urgency=medium
17902 * Security fixes
17903 - Upgrade the web browser to 24.8.0esr-0+tails3~bpo70+1
17904 (fixes Mozilla#1064636).
17905 - Install Linux 3.16-1 from sid (Closes: #7886).
17906 - Upgrade file to 5.11-2+deb7u5 (fixes CVE-2014-0207,
17907 CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479,
17908 CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 and CVE-2014-3587).
17909 - Upgrade curl to 7.26.0-1+wheezy10 (fixes CVE-2014-3613 and
17910 CVE-2014-3620).
17911 - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u2
17912 (fixes CVE-2014-0591).
17913 - Upgrade gnupg to 1.4.12-7+deb7u6 (fixes CVE-2014-5270).
17914 - Upgrade apt to 0.9.7.9+deb7u5 (fixes CVE-2014-0487,
17915 CVE-2014-0488, CVE-2014-0489, CVE-2014-0490, and
17916 CVE-2014-6273.).
17917 - Upgrade dbus to 1.6.8-1+deb7u4 (fixes CVE-2014-3635,
17918 CVE-2014-3636, CVE-2014-3637, CVE-2014-3638 and CVE-2014-3639).
17919 - Upgrade libav-based pacakges to 6:0.8.16-1 (fixes
17920 CVE-2013-7020).
17921 - Upgrade bash to 4.2+dfsg-0.1+deb7u1 (fixes CVE-2014-6271).
17923 -- Tails developers <tails@boum.org> Tue, 23 Sep 2014 23:01:40 -0700
17925 tails (1.1.1) unstable; urgency=medium
17927 * Security fixes
17928 - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
17929 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
17930 Also import the Tor Browser profile at commit
17931 271b64b889e5c549196c3ee91c888de88148560f from
17932 ttp/tor-browser-24.8.0esr-3.x-1.
17933 - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
17934 - Upgrade I2P to 0.9.14.1-1~deb7u+1.
17935 - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
17936 and CVE-2014-4943).
17937 - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
17938 CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
17939 - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
17940 CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
17941 - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
17942 CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
17943 CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
17944 - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
17945 CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
17946 CVE-2014-4345).
17947 - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
17948 CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
17949 CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
17950 CVE-2013-3674 and CVE-2014-2263.
17951 - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
17952 - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
17953 - Prevent dhclient from sending the hostname over the network
17954 (Closes: #7688).
17955 - Override the hostname provided by the DHCP server (Closes: #7769).
17956 - Add an I2P boot parameter. Without adding "i2p" to the kernel
17957 command line, I2P will not be accessible for the Live user.
17958 - Stricter I2P firewall rules:
17959 * deny I2P from accessing the LAN
17960 * deny I2P from accessing the loopback device, except for select
17961 whitelisted services
17962 * allow I2P access to the Internet
17963 The ACCEPT rules will only be enabled when the string 'i2p' is
17964 passed at the boot prompt. The rules which DENY or REJECT
17965 access for the 'i2psvc' user will always be applied.
17966 - Disable I2P plugins, since it doesn't make much sense without
17967 persistence, and should eliminate some attack vectors.
17968 - Disable I2P's BOB port. No maintained I2P application uses it.
17970 * Bugfixes
17971 - Fix condition clause in tails-security-check (Closes: #7657).
17972 - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
17973 - Prevent Tails Installer from updating the system partition
17974 properties on MBR partitions (Closes: #7716).
17976 * Minor improvements
17977 - Upgrade to Torbutton 1.6.12.1.
17978 - Install gnome-user-guide (Closes: #7618).
17979 - Install cups-pk-helper (Closes: #7636).
17980 - Update the SquashFS sort file.
17981 - Compress the SquashFS more aggressively (Closes: #7706).
17982 - I2P: Keep POP3 email on server. The default in the I2P webmail
17983 app was to keep mail on the server, but that setting was changed
17984 recently. This configuration setting (susimail.config) will only
17985 be copied over in I2P 0.9.14 and newer.
17986 - Add a Close button to the Tails Installer launcher window.
17988 * Build system
17989 - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
17990 - Consistently use the same Debian mirror.
17991 - Disable runtime APT proxy configuration when using APT in
17992 binary_local-hooks (Closes: #7691).
17994 * Automated test suite
17995 - Automatically test hostname leaks (Closes: #7712).
17996 - Move autotest live-config hook to be run last. This way we'll
17997 notice if some earlier live-config hook cancels all hooks by
17998 running the automated test suite since the remote shell won't be
17999 running in that case.
18000 - Test that the I2P boot parameter does what it's supposed to do
18001 (Closes: #7760).
18002 - Start applications by using the GNOME Applications menu instead
18003 of the GNOME Run Dialog (Closes: #5550, #7060).
18005 -- Tails developers <tails@boum.org> Sun, 31 Aug 2014 20:49:28 +0000
18007 tails (1.1) unstable; urgency=medium
18009 * Rebase on Debian Wheezy
18010 - Upgrade literally thousands of packages.
18011 - Migrate to GNOME3 fallback mode.
18012 - Install LibreOffice instead of OpenOffice.
18013 - Remove custom LSB logging: Wheezy has fancy colored init
18014 logging.
18016 * Major new features
18017 - UEFI boot support.
18018 - Replace the Windows XP camouflage with an experimental Windows 8
18019 camouflage.
18020 - Install Linux 3.14.12-1 from Debian unstable.
18021 - Bring back VirtualBox guest modules, installed from Wheezy
18022 backports. Full functionality is only available when using the
18023 32-bit kernel.
18025 * Security fixes
18026 - Fix write access to boot medium via udisks (#6172).
18027 - Don't allow the desktop user to pass arguments to
18028 tails-upgrade-frontend (Closes: #7410).
18029 - Make persistent file permissions safer (Closes #7443):
18030 * Make the content of /etc/skel non-world-readable. Otherwise,
18031 such files may be copied to /home/amnesia, and in turn to the
18032 persistent volume, with unsafe permissions. That's no big deal
18033 in /home/amnesia (that is itself not world-readable), *but*
18034 the root of the persistent volume has to be world-readable.
18035 * Have activate_custom_mounts create new directories with safe
18036 permissions.
18037 * Set strict permissions on /home/amnesia (Closes: #7463).
18038 * Fix permissions on persistent directories that were created
18039 with unsafe permissions (Closes: #7458).
18040 * Fix files ownership while copying persistence (Closes: #7216).
18041 The previous instructions to copy the persistent data were
18042 creating personal files that belong to root. I don't think
18043 there is a way of preserving the original ownership using
18044 Nautilus (unless doing a "move" instead of a "copy" but that's
18045 not what we are trying to do here).
18046 - Disable FoxyProxy's proxy:// protocol handler (Closes: #7479).
18047 FoxyProxy adds the proxy:// protocol handler, which can be used
18048 to configure the proxy via an URI. A malicious web page can
18049 include (or a malicious exit node can inject) some JavaScript
18050 code to visit such an URI and disable or otherwise change
18051 Iceweasel's proxy settings. While using this to disable
18052 proxying will be dealt with safely by our firewall, this could
18053 be used to defeat stream isolation, although the user must be
18054 tricked into accepting the new proxy settings.
18055 - Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1
18056 (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
18057 - Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
18058 - Upgrade libav-based packages to 0.8.13-1 (fixes CVE-2014-4609).
18059 - Upgrade to libxml2 2.8.0+dfsg1-7+wheezy1 (fixes CVE-2014-0191).
18060 - Upgrade to dbus 1.6.8-1+deb7u3 (fixes CVE-2014-3477,
18061 CVE-2014-3532 and CVE-2014-3533).
18063 * Bugfixes
18064 - Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In
18065 feature/regular-gnupg-agent, we installed the regular GnuPG
18066 agent so that it is used instead of GNOME keyring's one. This is
18067 not enough on Wheezy, so let's disable the starting of the "gpg"
18068 component of GNOME keyring.
18069 - Make sure /etc/default/locale exists, with a sensible default
18070 value (Closes: #7333). Before Tails Greeter's PostLogin script
18071 are run, /etc/default/locale does not exist on Wheezy. Our
18072 tails-kexec initscript (and quite a few other scripts we run)
18073 depends on this file to exist. So, let's make sure it exists,
18074 with a sensible default value.
18075 - Create the tails-persistence-setup user with the same UID/GID it
18076 had on Tails/Squeeze. (Closes: #7343) Else, our various checks
18077 for safe access rights on persistence.conf fail.
18078 - Revert back to browsing the offline documentation using Iceweasel
18079 instead of Yelp (Closes: #7390, #7285).
18080 - Make the new NetworkManager configuration directory persistent,
18081 when the old one was, but disable the old one (Closes: #7338).
18082 - Before running tails-upgrade-frontend, chdir to a world-readable
18083 place (Closes: #7641). In particular, Archive::Tar::Wrapper,
18084 when called by tails-install-iuk, wants to chdir back to the
18085 original cwd after it has chdir'd elsewhere to do its job.
18087 * Minor improvements
18088 - Install seahorse-nautilus, replacing seahorse-plugins (Closes #5516).
18089 - Install hledger (custom backport, for now): our accountants need this.
18090 - Install stable Scribus instead of scribus-ng.
18091 - Install the printer driver for Epson Inkjet that use ESC/P-R.
18092 - Install the BookletImposer PDF imposition toolkit. It's tiny,
18093 and really helpful e.g. when producing booklets.
18094 - Install gtkhash and nautilus-gtkhash (Closes #6763).
18095 - Import new version of Tor Launcher:
18096 · Now based on upstream Tor Launcher 0.2.5.4.
18097 · Tor bug #11772: Proxy Type menu not set correctly
18098 · Tor bug #11699: Change &#160 to   in network-settings.dtd
18099 · Correctly handle startup paths that contain dot.
18100 - Upgrade to Torbutton 1.6.9.0.
18101 - Avoid shipping python2.6 in addition to python2.7.
18102 - Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in
18103 Debian since Squeeze, now is a good time to drop the obsolete
18104 0.4 implementation.
18105 - Require a bit less free memory before checking for upgrades with
18106 Tails Upgrader. The general goal is to avoid displaying "Not
18107 enough memory available to check for upgrades" too often due to
18108 over-cautious memory requirements checked in the wrapper.
18109 - Make Tails Greeter's help window resolution-aware. Previously it
18110 used a static 800x600 which was problematic on lower resolutions,
18111 and sub-optimal on higher resolutions. Now it adapts itself
18112 according to the screen resolution.
18113 - Whisperback now sanitizes attached logs better with respect to
18114 DMI data, IPv6 addresses, and serial numbers (Closes #6797,
18115 #6798, #6804).
18116 - Integrate the new logo in Tails Installer (Closes #7095)
18117 - Also install linux-base and linux-compiler-gcc-4.8-x86 from
18118 sid. This way, we can get rid of our linux-compiler-gcc-4.8-x86
18119 3.12, and it makes things a bit more consistent.
18120 - Include the syslinux binary, and its MBR, in the ISO filesystem.
18121 This in turn allows Tails Installer to use this binary and MBR,
18122 which is critical for avoiding problems (such as #7345) on
18123 "Upgrade from ISO".
18124 - Include syslinux.exe for win32 in utils/win32/ on the ISO
18125 filesystem (Closes: #7425).
18126 - Tails Installer:
18127 * Add consistent margins in GUI.
18128 * Always reset the target drive's MBR, without asking for
18129 confirmation, after installing or upgrading.
18130 * Install the bootloader using the syslinux binary found on the
18131 target device, once the Live OS has been extracted/copied
18132 there.
18133 - Enable double-clicking to pick entries in the language or
18134 keyboard layout lists in Tails Greeter.
18135 - Install backport of shared-mime-info 1.3 (Closes: #7079).
18136 - Make sanity-check prompts closable in Tails Persistence Setup
18137 (Closes: #7119).
18138 - Fix quick search in Tails Greeter's Other languages window
18139 (Closes: #5387).
18140 - Install systemd. It is not enabled by default, but having it
18141 around will help doing the migration work.
18142 - Enable AppArmor on the kernel command-line. This is a no-op
18143 without the userspace tools and with no profile shipped, but it
18144 will make it easier to fix this part of the situation.
18146 * Build system
18147 - Bump Vagrant builder's memory for RAM builds. Wheezy requires
18148 more space to build, and the resulting image is larger.
18149 - Fix Vagrant compatibility issue. Some classes' methods/fields
18150 have been renamed between Vagrant versions, so we need a simple
18151 compatibility layer to support all versions. Without this, it's
18152 not possible to issue e.g. a `build` command to an already
18153 running (i.e. `vm:up`:ed) Vagrant instance.
18154 - Move cpu and mem checks to the `build` task. Previously, when
18155 they were checked in `vm:up` *only* when issued while the VM
18156 already is up, so these checks weren't run if one issues a
18157 `build` when the VM is off. Now we'll fail earlier with a more
18158 informative error message, and it looks like a more logical home
18159 for them too.
18160 - Fix buggy memory checks for RAM building. We have to take into
18161 account which state the Vagrant VM is in for determining *where*
18162 we check if enough memory is available for a RAM build. If it's
18163 off, we check the host; if it's on we check the VM. Previously
18164 we always checked the host, which doesn't make sense when the VM
18165 is already started.
18167 * Automated test suite
18168 - Bump the tester VM's RAM by 256 MiB. There is not enough free
18169 RAM to run Tails Upgrader with just 1 GiB of RAM after the
18170 migration to Wheezy.
18171 - Always adjust OOM and memory overcommit settings. The kernel
18172 freezes seem to also happen for the amd64 kernel when filling
18173 the memory.
18174 - Add option to make Sikuli rety on FindFailed. This makes it
18175 possible to update manu images for Sikuli in just *one* test
18176 suite run, by continuously updating outdated pictures as we go.
18177 - Actually run "Upgrade from ISO" from a USB drive running the old
18178 version. That's what users do, and is buggy.
18179 - Automatically test persistent directories permissions (Closes: #7560).
18180 - Use read-write persistence when testing upgraded USB
18181 installations. Otherwise e.g. the permission fixes won't get
18182 applied, and the subsequent steps testing the permissions will
18183 fail.
18184 - Actually check that the ISO's Tails is installed. The step
18185 "Tails is installed on USB drive $TARGET" only checks that the
18186 *running* Tails is installed on $TARGET, which obviously fails
18187 when doing an upgrade from ISO running an old Tails. That it
18188 worked for the same scenario running the current Tails is just
18189 coincidental.
18190 - Use OpenJDK 7 to run our test suite (Closes #7175).
18191 - Use qemu-system-x86_64 directly, instead of kvm, for running the
18192 automated test suite (Closes: #7605).
18194 -- Tails developers <tails@boum.org> Sun, 20 Jul 2014 23:16:13 +0200
18196 tails (1.0.1) unstable; urgency=medium
18198 * Security fixes
18199 - Upgrade the web browser to 24.6.0esr-0+tails1~bpo60+1
18200 (Firefox 24.6.0esr + Iceweasel patches + Torbrowser patches).
18201 Also import the Tor Browser profile at commit
18202 90ba8fbaf6f23494f1a0e38d63153b3b7e65d3d3 from
18203 ttp/tor-browser-24.6.0esr-3.x-1.
18204 - Install Linux 3.14 from Debian unstable (fixes CVE-2014-3153 and
18205 others).
18206 - Install openssl from Squeeze LTS (fixes CVE-2014-0076,
18207 CVE-2014-0195, CVE-2014-0221, CVE-2014-3470 and CVE-2014-0224).
18208 - Install GnuTLS from Squeeze LTS (fixes CVE-2014-3466.).
18210 * Minor improvements
18211 - Add Squeeze LTS APT sources. It has been given a low pinning
18212 priority so explicit pinning must be used to actually install
18213 anything from it.
18214 - Upgrade Tor to 0.2.4.22-1~d60.squeeze+1.
18215 - Upgrade I2P to 0.9.13-1~deb6u+1.
18217 -- Tails developers <tails@boum.org> Sun, 08 Jun 2014 19:14:00 +0200
18219 tails (1.0) unstable; urgency=medium
18221 * Security fixes
18222 - Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1
18223 (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches).
18224 - Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1:
18225 * Based on 0.2.4.21-1~d60.squeeze+1.
18226 * Backport the fix for Tor bug #11464. It adds client-side blacklists for
18227 all Tor directory authority keys that was vulnerable to Heartbleed.
18228 This protects clients in case attackers were able to compromise a
18229 majority of the authority signing and identity keys.
18231 * Bugfixes
18232 - Disable inbound I2P connections. Tails already restricts incoming
18233 connections, but this change tells I2P about it.
18234 - Fix link to the system requirements documentation page in the Tails
18235 Upgrader error shown when too little RAM is available.
18237 * Minor improvements
18238 - Upgrade I2P to 0.9.12-2~deb6u+1.
18239 - Import TorBrowser profile. This was forgotten in Tails 0.23 and even
18240 though we didn't explicitly set those preferences in that release
18241 they defaulted to the same values. This future-proofs us in case the
18242 defaults would ever change.
18243 - Import new custom version of tor-launcher:
18244 * Based on upstream Tor Launcher 0.2.5.3.
18245 * Improve how Tor Launcher handles incomplete translation.
18246 (Tor bug #11483; more future-proof fix for Tails bug #6885)
18247 * Remove the bridge settings prompt. (Tor bug #11482; closes Tails
18248 bug #6934,)
18249 * Always show bridge help button. (Tor bug #11484)
18250 - Integrate the new Tails logo into various places:
18251 * The website
18252 * The boot splash
18253 * The "About Tails" dialog
18255 * Build system
18256 - Use the stable APT suite when building from the stable Git branch
18257 (Closes: #7022).
18259 * Test suite
18260 - Add test for the #7022 fix.
18262 -- Tails developers <tails@boum.org> Sun, 27 Apr 2014 19:34:01 +0200
18264 tails (0.23) unstable; urgency=medium
18266 * Security fixes
18267 - Upgrade the web browser to 24.4.0esr-0+tails1~bpo60+1
18268 (Firefox 24.4.0esr + Iceweasel patches + Torbrowser patches).
18270 * Major new features
18271 - Spoof the network interfaces' MAC address by default (Closes: #5421),
18272 as designed on https://tails.boum.org/contribute/design/MAC_address/.
18273 - Rework the way to configure how Tor connects to the network
18274 (bridges, proxy, fascist firewall): add an option to Tails Greeter,
18275 start Tor Launcher when needed (Closes: #5920, #5343).
18277 * Bugfixes
18278 - Additional software: do not crash when persistence is disabled
18279 (Closes: #6440).
18280 - Upgrade Pidgin to 2.10.9, that fixes some regressions introduced
18281 in the 2.10.8 security update (Closes: #6661).
18282 - Wait for Tor to have fully bootstrapped, plus a bit more time,
18283 before checking for upgrades (Closes: #6728) and unfixed known
18284 security issues.
18285 - Disable the Intel Management Engine Interface driver (Closes: #6460).
18286 We don't need it in Tails, it might be dangerous, and it causes bugs
18287 on various hardware such as systems that reboot when asked to shut down
18288 - Add a launcher for the Tails documentation. This makes it available
18289 in Windows Camouflage mode (Closes: #5374, #6767).
18290 - Remove the obsolete wikileaks.de account from Pidgin (Closes: #6807).
18292 * Minor improvements
18293 - Upgrade Tor to 0.2.4.21-1~d60.squeeze+1.
18294 - Upgrade obfsproxy to 0.2.6-2~~squeeze+1.
18295 - Upgrade I2P to 0.9.11-1deb6u1.
18296 - Install 64-bit kernel instead of the 686-pae one (Closes: #5456).
18297 This is a necessary first step towards UEFI boot support.
18298 - Install Monkeysign (in a not-so-functional shape yet).
18299 - Disable the autologin text consoles (Closes: #5588). This was one of
18300 the blockers before a screen saver can be installed
18301 in a meaningful way (#5684).
18302 - Don't localize the text consoles anymore: it is broken on Wheezy,
18303 the intended users can as well use loadkeys, and we now do not have
18304 to trust setupcon to be safe for being run as root by the desktop user.
18305 - Make it possible to manually start IBus.
18306 - Reintroduce the possibility to switch identities in the Tor Browser,
18307 using a filtering proxy in front of the Tor ControlPort to avoid giving
18308 full control over Tor to the desktop user (Closes: #6383).
18309 - Incremental upgrades improvements:
18310 · Drop the Tails Upgrader launcher, to limit users' confusion
18311 (Closes: #6513).
18312 · Lock down sudo credentials a bit.
18313 · Hide debugging information (Closes: #6505).
18314 · Include ~/.xsession-errors in WhisperBack bug reports.
18315 This captures the Tails Upgrader errors and debugging information.
18316 · Report more precisely why an incremental upgrade cannot be done
18317 (Closes: #6575).
18318 · Various user interface and phrasing improvements.
18319 - Don't install the Cookie Monster browser extension (Closes: #6790).
18320 - Add a browser bookmark pointing to Tor's Stack Exchange (Closes: #6632).
18321 - Remove the preconfigured #tor channel from the Pidgin: apparently,
18322 too many Tails users go ask Tails questions there, without making
18323 it clear that they are running Tails, hence creating a user-support
18324 nightmare (Closes: #6679).
18325 - Use (most of) Tor Browser's mozconfig (Closes: #6474).
18326 - Rebase the browser on top of iceweasel 24.3.0esr-1, to get
18327 the certificate authorities added by Debian back (Closes: #6704).
18328 - Give access to the relevant documentation pages from Tails Greeter.
18329 - Hide Tails Greeter's password mismatch warning when entry is changed.
18330 - Persistent Volume Assistant:
18331 · Take into account our installer is now called Tails Installer.
18332 · Optimize window height (Closes: #5458).
18333 · Display device paths in a more user-friendly way (Closes: #5311).
18335 * Build system
18336 - Ease updating POT and PO files at release time, and importing translations
18337 from Transifex (Closes: #6288, #6207).
18338 - Drop custom poedit backport, install it from squeeze-backports-sloppy.
18339 - Make ISO and IUK smaller (Closes: #6390, #6425):
18340 · Exclude more files from being included in the ISO.
18341 · Remove *.pyc later so that they are not recreated.
18342 · Truncate log files later so that they are not filled again.
18343 · At ISO build time, set mtime to the epoch for large files whose content
18344 generally does not change between releases. This forces rsync
18345 to compare the actual content of these files, when preparing an IUK,
18346 instead of blindly adding it to the IUK merely because the mtime
18347 has changed, while the content is the same.
18348 - Make local hooks logging consistent.
18350 * Test suite
18351 - Migrate from JRuby to native Ruby + rjb.
18352 - The test suite can now be run on Debian Wheezy + backports.
18353 - Fix buggy "persistence is not enabled" step (Closes: #5465).
18354 - Use IPv6 private address as of RFC 4193 for the test suite's virtual
18355 network. Otherwise dnsmasq from Wheezy complains, as it is not capable
18356 of handling public IPv6 addresses.
18357 - Delete volumes after each scenario unless tagged @keep_volumes.
18358 - Add an anti-test to make sure the memory erasure test works fine.
18359 - A *lot* of bugfixes, simplifications and robustness improvements.
18361 -- Tails developers <tails@boum.org> Tue, 18 Mar 2014 00:58:50 +0100
18363 tails (0.22.1) unstable; urgency=medium
18365 * Security fixes
18366 - Upgrade the web browser to 24.3.0esr-0+tails1~bpo60+2
18367 (Firefox 24.3.0esr + Iceweasel patches + Torbrowser patches).
18368 - Upgrade NSS to 3.14.5-1~bpo60+1.
18369 - Upgrade Pidgin to 2.10.8.
18370 - Workaround browser size fingerprinting issue by using small icons
18371 in the web browser's navigation toolbar (Closes: #6377).
18372 We're actually hit by Tor#9268, and this is the best workaround gk
18373 and I were able to find when discussing this on Tor#10095.
18375 * Major new features
18376 - Check for upgrades availability using Tails Upgrader, and propose
18377 to apply an incremental upgrade whenever possible (Closes: #6014).
18378 · Run tails-update-frontend at session login time.
18379 · Have tails-security-check only report unfixed security issues.
18380 · Greatly improve the Tails Upgrader UI and strings phrasing.
18381 · Enable startup notification for Tails Upgrader.
18382 - Install Linux 3.12 (3.12.6-2) from Debian testing. Unfortunately,
18383 this breaks the memory wipe feature on some hardware (#6460), but
18384 it fixes quite a few security issues, and improves hardware support.
18385 - Update the build system to be compatible with Vagrant 1.2 and 1.3,
18386 in addition to the already supported versions (Closes: #6221).
18387 Thanks to David Isaac Wolinsky <isaac.wolinsky@gmail.com>.
18389 * Bugfixes
18390 - Do not start IBus for languages that don't need it. This fixes
18391 the keybindings problems introduced in 0.22 (Closes: #6478).
18392 Thanks to WinterFairy.
18393 - Disable network.proxy.socks_remote_dns in the Unsafe Browser.
18394 Bugfix against 0.22 (Closes: #6479).
18395 - Fetch Tor Browser User-Agent from its own prefs, rather than from
18396 the obsolete Torbutton ones. Bugfix against 0.22 (Closes: #6477).
18397 - Upgrade Vagrant basebox to include up-to-date Debian archive keys
18398 (Closes: #6515, #6527).
18399 - Do not use a non-working proxy for downloading the Vagrant basebox
18400 (Closes: #6514).
18401 - Use IE's icon in Windows camouflage mode.
18402 Bugfix against 0.22 (Closes: #6536).
18403 - Support "upgrading" a partial Tails installation (Closes: #6438)
18404 and fix missing confirmation dialog in Tails Installer (Closes: #6437).
18405 Thanks to Andres Gomez Ramirez <andres.gomez@cern.ch>.
18406 - Fix browser homepage in Spanish locales (Closes: #6612).
18408 * Minor improvements
18409 - Tor 0.2.4 is stable! Adapt APT sources accordingly.
18410 - Update Tor Browser to 24.2.0esr-1+tails1, that uses its own NSS
18411 library instead of the system one.
18412 - Update Torbutton to 1.6.5.3.
18413 - Do not start Tor Browser automatically, but notify when Tor is ready.
18414 Warn the user when they attempt to start Tor Browser before Tor is ready.
18415 - Import Tor Browser profile at
18416 3ed5d9511e783deb86835803a6f40e7d5a182a12 from ttp/tor-browser-24.2.0esr-1.
18417 - Use http.debian.net for Vagrant builds, instead of the mostly broken
18418 (and soon obsolete) cdn.debian.net.
18419 - Phrasing and UI improvements in tails-upgrade-frontend.
18420 - Style and robustness improvements in tails-security-check.
18421 - Make room for upcoming UEFI support in Tails Installer.
18423 -- Tails developers <tails@boum.org> Wed, 29 Jan 2014 15:08:13 +0100
18425 tails (0.22) unstable; urgency=medium
18427 [Tails developers]
18428 * Security fixes
18429 - Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
18430 - Stop migrating persistence configuration and access rights. Instead,
18431 disable all persistence configuration files if the mountpoint has wrong
18432 access rights (Closes: #6413).
18433 - Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting
18434 the browser, such as CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
18436 * Major improvements
18437 - Switch to Iceweasel 24 (Closes: #6370).
18438 · Resync' (most) Iceweasel prefs with TBB 3.0-beta-1 and get rid
18439 of many obsolete or default settings.
18440 · Disable WebRTC (Closes: #6468).
18441 · Import TorBrowser profile at commit
18442 51bf06502c46ee6c1f587459e8370aef11a3422d from the tor-browser-24.2.0esr-1
18443 branch at https://git.torproject.org/tor-browser.git.
18444 - Switch to Torbutton 1.6.5 (Closes: #6371).
18445 · Prevent Torbutton from asking users to "upgrade TBB".
18446 · Use the same Tor SOCKS port as the TBB (9151) for our web browser.
18447 This should be enough to avoid being affected by Tor#8511.
18448 · Disable Torbutton 1.6's check for Tor.
18449 Unfortunately, the new check.torproject.org breaks the remote Tor
18450 check. We cannot use the local Tor check with the control port. So,
18451 the shortest and sanest path to fixing the check issue, because the
18452 remote Tor check is broken" seems to simply disable this check.
18453 Patch submitted upstream as Tor#10216.
18454 - Prepare incremental upgrades to be the next default way to upgrade Tails,
18455 on point-releases at least.
18457 * Bugfixes
18458 - Deny X authentication only after Vidalia exits (Closes: #6389).
18459 - Disable DPMS screen blanking (Closes: #5617).
18460 - Fix checking of the persistent volume's ACL.
18461 - Sanitize more IP and MAC addresses in bug reports (Closes: #6391).
18462 - Do not fail USB upgrade when the "tmp" directory exists on the
18463 destination device.
18464 - Tails Installer: list devices with isohybrid Tails installed
18465 (Closes: #6462).
18467 * Minor improvements
18468 - Create a configuration file for additional software if needed
18469 (Closes: #6436).
18470 - Translations all over the place.
18471 - Enable favicons in Iceweasel.
18472 - Do not propose to make permanent NoScript exceptions.
18473 In Tails, every such thing is temporary, so better only display the menu
18474 entry that's about temporarily allowing something.
18475 - Clearer warning when deleting persistent volume (thanks to Andres Gomez
18476 Ramirez <andres.gomez@cern.ch> for the patch).
18477 - Make wording in Tails Installer more consistent.
18479 [ WinterFairy ]
18480 * Use IBus instead of SCIM (Closes: #5624, #6206).
18481 It makes it possible to input passwords in pinentry for at least Japanese,
18482 Chinese and Korean languages.
18483 * Add an import-translation script.
18484 This automates the importation process of completed translations
18485 from Transifex.
18486 * Always list optimal keyboard layout in the greeter (Closes: #5741).
18487 * Fix on-the-fly translation of the greeter in various languages
18488 (Closes: #5469).
18490 [ Kytv]
18491 * Update I2P to 0.9.8.1 (Closes: #6080, #5889).
18492 * Improve I2P configuration:
18493 - Disable IPv6 support in a nicer way.
18494 - Disable i2cp (allows java clients to communicate from outside the JVM). If
18495 this is unset an exception for port 7654 would need to be added to ferm.
18496 - Disable "in-network" updates (this is also done in the regular I2P
18497 packages).
18498 - Disable the outproxies. Access to the Internet is already routed through
18499 Tor so these are unnecessary. If end-users have a good reason to go
18500 through one of the I2P outproxies they can turn them back on.
18501 * Add a couple of default I2P IRC channels to Pidgin.
18502 * Allow access to the local 'eepsite' through FoxyProxy.
18503 * Add firewall exceptions for the standard I2P ports.
18505 -- Tails developers <tails@boum.org> Sat, 30 Nov 2013 16:47:18 +0100
18507 tails (0.21) unstable; urgency=low
18509 * Security fixes
18510 - Don't grant access to the Tor control port for the desktop user
18511 (amnesia). Else, an attacker able to run arbitrary code as this user
18512 could obtain the public IP with a get_info command.
18513 · Vidalia is now run as a dedicated user.
18514 · Remove the amnesia user from the debian-tor group.
18515 · Remove the Vidalia launcher in the Applications menu.
18516 The Vidalia instance it starts is useless, since it can't connect
18517 to the Tor control port.
18518 - Don't allow the desktop user to directly change persistence settings.
18519 Else, an attacker able to run arbitrary code as this user could
18520 leverage this feature to gain persistent root access, as long as
18521 persistence is enabled.
18522 · Fully rework the persistent filesystem and files ownership
18523 and permissions.
18524 · Run the Persistent Volume Assistant as a dedicated user, that is
18525 granted the relevant udisks and filesystem -level credentials.
18526 · At persistence activation time, don't trust existing persistence
18527 configuration files, migrate to the new ownership and permissions,
18528 migrate every known-safe existing settings and backup what's left.
18529 Warn the user when not all persistence settings could be migrated.
18530 · Persistent Volume Assistant uses the new ownership and permissions
18531 scheme when initializing a new persistent volume, and refuses to
18532 read persistence.conf if it, or the parent directory, hasn't the
18533 expected permissions.
18534 · Make boot medium 'system internal' for udisks with bilibop.
18535 Once Tails is based on Wheezy, this will further complete the
18536 protection (see #6172 for details).
18537 - Update Iceweasel to 17.0.10esr-0+tails2~bpo60+1.
18538 - Update Torbutton to 1.5.2-2, including a patch cherry-picked from
18539 upstream to make window resizing closer to what the design says.
18541 * Major new features
18542 - Add a persistence preset for printing settings (Closes: #5686).
18543 Reload CUPS configuration after persistence activation.
18544 - Support SD card connected through a SDIO host adapter (Closes: #6324).
18545 · Rebrand Tails USB installer to Tails installer.
18546 · Display devices brand, model and size in the Installer
18547 (Closes: #6292).
18548 · Ask for confirmation before installing Tails onto a device
18549 (Closes: #6293).
18550 · Add support for SDIO and MMC block devices to the Tails Installer
18551 (Closes: #5744) and the Persistent Volume Assistant (Closes: #6325).
18552 · Arm the udev watchdog when booted from SD (plugged in SDIO) too
18553 (Closes: #6327).
18555 * Minor improvements
18556 - Provide a consistent path to the persistent volume mountpoint
18557 (Closes: #5854).
18558 - Add a KeePassX launcher to the top GNOME panel (Closes: #6290).
18559 - Rework bug reporting workflow: point the desktop launcher to
18560 the troubleshooting page.
18561 - Make /home world-readable at build time, regardless of the Git
18562 working copy permissions. This makes the build process more robust
18563 against strict umasks.
18564 - Add signing capabilities to the tails-build script (Closes: #6267).
18565 This is in turn used to sign ISO images built by our Jenkins setup
18566 (Closes: #6193).
18567 - Simplify the ikiwiki setup and make more pages translatable.
18568 - Exclude the version string in GnuPG's ASCII armored output.
18569 - Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting
18570 data with GnuPG.
18571 - Use the same custom Startpage search URL than the TBB.
18572 This apparently disables the new broken "family" filter.
18573 - Update AdBlock Plus patterns.
18574 - Install Linux from Debian testing.
18575 (That is, the same version that was shipped in 0.20.1.)
18577 * Test suite
18578 - Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use.
18579 - Adapt tests to match the Control Port access security fix:
18580 · Take into account that the amnesia user isn't part of the debian-tor
18581 group anymore.
18582 · Run as root the checks to see if a process is running: this
18583 is required to see other users' processes.
18585 -- Tails developers <tails@boum.org> Sat, 26 Oct 2013 23:42:46 +0200
18587 tails (0.20.1) unstable; urgency=low
18589 * Major new features
18590 - Install Tor 0.2.4.17-rc-1~d60.squeeze+1 from the Tor project's repository.
18591 - Install Iceweasel 17.0.9esr with Torbrowser patches.
18592 - Install Linux kernel 3.10-3 (version 3.10.11-1) from sid.
18594 * Bugfixes
18595 - Remount persistence devices read-only at shutdown/reboot time
18596 (Closes: #6228).
18597 - Greeter: display a warning icon on admin password mismatch and on
18598 persistence unlocking failure. Thanks to Andres Gomez Ramirez
18599 <andres.gomez@cern.ch> for the fix!
18600 - Don't torsocksify Pidgin.
18601 Instead we disable Pidgin's GNOME integration to get the "Global proxy
18602 configuration", which we set to use Tor. This fixes the I2P IRC account.
18603 - Additional software: fix typo in notification.
18604 - Allow installing "Priority: standard" packages that we do not install
18605 by default: remove them late in the build process instead of assigning
18606 them a -1 APT pinning level.
18608 * Minor improvements
18609 - Update AdBlock Plus patterns.
18610 - Use more unique ISO file name when building from Jenkins.
18611 - Additional software: point to the system log on upgrade failure.
18612 - Set SOCKS5_USER and SOCKS5_PASSWORD in the connect-socks wrapper (used
18613 by Git). Else, Tor 0.2.4's IsolateSOCKSAuth and connect-proxy
18614 sometimes play together in some way that makes connect-proxy ask for
18615 a password to connect to the SocksPort. SOCKS5_USER and
18616 SOCKS5_PASSWORD are passed through unchanged if they were manually set
18617 by the user already.
18618 - Use our custom connect-socks wrapper for SSH. Else, Tor 0.2.4's
18619 IsolateSOCKSAuth and connect-proxy sometimes play together in some way
18620 that makes connect-proxy ask for a password to connect to the
18621 SocksPort. Note that connect-socks uses the default SocksPort too, so
18622 no change here wrt. our connection isolation design.
18624 * Localization
18625 - Import new translations from Transifex.
18627 * Test suite
18628 - Fix old ISO checking for consistent error reporting.
18629 - Remove custom persistence test from manual test suite.
18630 It was removed for the GUI in t-p-s 0.33.
18632 -- Tails developers <tails@boum.org> Sun, 15 Sep 2013 15:49:36 +0200
18634 tails (0.20) unstable; urgency=low
18636 * Major new features
18637 - Install Linux kernel 3.10.3-1 from Debian unstable.
18638 - Iceweasel 17.0.8esr + Torbrowser patches.
18640 * Bugfixes
18641 - Prevent Iceweasel from displaying a warning when leaving HTTPS web sites.
18642 - Make Iceweasel use the correct, localized search engine.
18643 - Fix Git access to https:// repositories.
18645 * Minor improvements
18646 - Install Dasher, a predictive text entry tool.
18647 - Add a wrapper around TrueCrypt which displays a warning about it soon
18648 being deprecated in Tails.
18649 - Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP.
18650 Many of the other protocols Pidgin support are broken in Tails and
18651 haven't got any security auditting.
18652 - Disable the pre-defined Pidgin accounts so they do not auto-connect
18653 on Pidgin start.
18654 - Include information about Alsa in WhisperBack reports.
18655 - Explicitly restrict access to ptrace. While this setting was enabled
18656 by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1.
18657 It's unclear what will happen next, so let's explicitly enable it ourselves.
18658 - Do not display dialog when a message is sent in Claws Mail.
18659 - Sync iceweasel preferences with the Torbrowser's.
18661 * Localization
18662 - Many translation updates all over the place.
18663 - Merge all Tails-related POT files into one, and make use of intltoolize
18664 for better integration with Transifex.
18666 -- Tails developers <tails@boum.org> Tue, 30 Jul 2013 14:19:57 +0200
18668 tails (0.19) unstable; urgency=low
18670 * Major new features
18671 - Install Linux kernel 3.9.5-1 from Debian unstable.
18672 Features of particular interest for Tails are the Yama LSM
18673 (ptrace scope restrictions) and improved hardware support.
18674 As a corollary, install initramfs-tools from there too.
18675 - Iceweasel 17.0.7esr + Torbrowser patches.
18676 - Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of
18677 wireless device. Next steps are described on the
18678 todo/protect_against_external_bus_memory_forensics ticket.
18680 * Bugfixes
18681 - Fix write access to boot medium at the block device level,
18682 by installing bilibop-udev. Thanks to quidame for his support.
18683 - tails-greeter l10n-related fixes, thanks to winterfairy:
18684 · Fix so translations is applied on password mismatch messages.
18685 · Separate forward and login buttons and make them translatable.
18686 - Fix link to documentation when no sudo password is set.
18687 - gpgApplet: partial fix for clipboard emptying after a wrong passphrase
18688 was entered.
18689 - Workaround aufs bug in Unsafe Browser script.
18691 * Minor improvements
18692 - Drop GNOME proxy settings: we did not find any use of it we were keen
18693 to support, other than two programs (Seahorse, Pidgin) that are now run
18694 with torsocks.
18695 - Format newly created persistent volumes as ext4.
18696 - GnuPG: don't connect to the keyserver specified by the key owner.
18697 This feature opens the door to a variety of subtle attacks.
18698 - GnuPG: locate keys only from local keyrings.
18699 This is probably the default, but better safe than sorry.
18700 - Install virt-what from Wheezy.
18701 The version from Squeeze does not detect at least Parallels for Mac v.8.
18702 - Upgrade live-boot and live-config to the 3.0.x final version from Wheezy.
18703 · Remove /live and /lib/live/image compatibility symlinks.
18704 · Add /live/overlay -> /lib/live/mount/overlay symlink.
18705 The live-boot changes (commit d2b2a461) brought to fix Debian bug
18706 #696495 revert some of our previous changes (commit 77dab1cb), and as
18707 a result, at the time live-persist runs, no tmpfs is mounted on
18708 /live/overlay, which breaks the aufs mount. So, let's just ensure
18709 /live/overlay points to a tmpfs.
18710 · Really disable policykit and sudo live-config hooks.
18711 ... by making it believe they've already been run.
18712 This workarounds new live-config's default behavior.
18714 * Localization
18715 - Many translation updates all over the place.
18717 * Test suite
18718 - Re-enable previously disabled boot device permissions test.
18720 -- Tails developers <tails@boum.org> Wed, 26 Jun 2013 12:36:20 +0200
18722 tails (0.18) unstable; urgency=low
18724 * New features
18725 - Support obfs3 bridges.
18726 - Automatically install a custom list of additional packages chosen by
18727 the user at the beginning of every working session, and upgrade them
18728 once a network connection is established (technology preview).
18730 * Iceweasel
18731 - Upgrade to Iceweasel 17.0.6esr-0+tails1~bpo60+1.
18732 - Update Torbrowser patches to current maint-2.4 branch (567682b).
18733 - Isolate DOM storage to first party URI, and enable DOM storage:
18734 don't set dom.storage.enabled anymore, and set Torbutton's
18735 disable_domstorage to false.
18736 - Isolate the image cache per url bar domain.
18737 - Torbutton 1.5.2, and various prefs hacks to fix breakage:
18738 · Add .saved version of the Torbutton preferences the TBB also sets.
18739 · Set TOR_SOCKS_HOST and TOR_SOCKS_PORT.
18740 · Move some prefs (network.proxy.*, extensions.autoDisableScopes,
18741 extensions.foxyproxy.last-version) to user.js.
18742 Else, with Torbutton 1.5.x, these ones are not taken into account.
18743 · Set network.proxy.socks_version.
18744 Else we get the meaningless user_pref("network.proxy.socks_version", 9063);
18745 in prefs.js after the initial startup.
18746 · Set extensions.foxyproxy.socks_remote_dns to true.
18747 Else, it overrides the various ways we set network.proxy.socks_remote_dns,
18748 which in turn makes Torbutton think it should start in non-Tor mode.
18749 · Also pass the TOR_SOCKS_* environment variables to iceweasel when
18750 generating the profile: Torbutton behaves differently depending on
18751 these variables, so we don't want the initial profile generation to be
18752 done without them. In practice, this has no implication that we could
18753 see right now, but better safe than sorry.
18754 · Import all version overrides from the TBB prefs.
18755 Else, the User-Agent sent in the HTTP headers is fine, but real
18756 values leak with JavaScript, as demonstrated by ip-check's "Browser
18757 type" test.
18758 · Move a bunch of settings to user_pref(), that are not applied otherwise.
18759 For some, this fixes a regression in 0.18~rc1.
18760 For other, the bug was already present in Tails 0.17.2.
18761 - HTTPS Everywhere 3.2.
18762 - Update prefs to match the TBB's, fix bugs, and take advantage of the latest
18763 Torbrowser patches:
18764 · Increase pipeline randomization.
18765 · Fix @font-face handling of local() fonts.
18766 Also disable fallback font rendering.
18767 · Explicitly disable SPDY v2 and v3.
18768 · Update http pipelining prefs.
18769 - Make prefs organization closer to the TBB's:
18770 · Remove Torbutton prefs that we set at their default value.
18771 · Import Torbutton preferences from the TBB.
18772 · Organize iceweasel config files in sections the same way as the TBB.
18773 - Cleanup prefs:
18774 · Don't set extensions.torbutton.clear_cookies nor
18775 extensions.torbutton.saved.share_proxy_settings:
18776 we don't care about toggling anymore.
18777 · Don't set extensions.torbutton.saved.download_retention nor
18778 extensions.torbutton.saved.search_suggest:
18779 these settings are not used in Torbutton anymore.
18780 - Update unsafe browser prefs mangling accordingly.
18781 - Move network.protocol-handler.warn-external.* to user_pref().
18782 Else they're not applied.
18783 These prefs are actually ignored by Firefox these days -- the TBB
18784 design doc reads "They are set still anyway out of respect for the
18785 dead". Let's go on doing the same.
18786 - Update extensions.adblockplus.currentVersion.
18787 - Fetch xul-ext-https-everywhere (3.2-2) and xul-ext-noscript (2.6.6.1-1)
18788 from Debian unstable. They were uploaded there, and accordingly removed
18789 from experimental.
18791 * Bugfixes
18792 - Linux 3.2.41-2+deb7u2.
18793 - Fixed swapped filenames of tails-{reboot,shutdown}.desktop.
18794 Thanks to Mikko Harhanen for the patch.
18795 - Only add ClientTransportPlugin to torrc when bridge mode is enabled.
18796 This should bring back support for proxies of type other than obfsproxy.
18798 * Minor improvements
18799 - Set kernel.dmesg_restrict=1, and make /proc/<pid>/ invisible
18800 and restricted for other users. It makes it slightly harder for an attacker
18801 to gather information that may allow them to escalate privileges.
18802 - Install gnome-screenshot.
18803 - Don't disable IPv6 on all network interfaces anymore.
18804 It turns out the IPv6 leaks we wanted to fix actually don't exist.
18805 - Add a "About Tails" launcher in the System menu.
18806 - Install GNOME accessibility themes.
18807 - Use 'Getting started...' as the homepage for Tails documentation button.
18808 - Stop relying on the obsolete /live/image compatibility symlink.
18809 - Disable audio preview in Nautilus.
18810 - Wheezy was released => Squeeze is now oldstable.
18811 - Pick Tor from deb.torproject.org regardless of the release name they
18812 advertise. At some point we needed it, their APT repository still thought
18813 that stable == Squeeze.
18814 - Add Wheezy APT sources.
18815 - Install Linux and related packages from Wheezy.
18816 Debian sid just got Linux 3.8, and we don't want to switch to a new kernel
18817 yet.
18818 - Fetch laptop-mode-tools from Wheezy.
18819 Wheezy has the version we've been installing in 0.18~rc1,
18820 while a newer one was uploaded to sid in the meantime.
18821 - Fetch a few packages from Wheezy instead of unstable.
18822 Namely: spice-vdagent, libregexp-common-perl, macchanger, service-wrapper,
18823 libservice-wrapper-java and libservice-wrapper-jni.
18824 Wheezy has the versions we've been installing for a while, so let's
18825 avoid having unstable push a newer one to us uselessly at some point.
18826 Note that at the time of this writing, the versions in sid and in Wheezy
18827 are the same, so this commit is effectively a no-op as of today: it is
18828 merely a safeguard for the future.
18830 * Localization
18831 - Many translation updates all over the place.
18833 * Build process
18834 - Make Vagrant's build-tails script support Jenkins too.
18836 * Test suite
18837 - Fix Unsafe Browser test broken by hidepid.
18839 -- Tails developers <tails@boum.org> Mon, 13 May 2013 22:17:38 +0200
18841 tails (0.17.2) unstable; urgency=low
18843 * Iceweasel
18844 - Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
18845 - Stop displaying obsolete context menu entries ("Open Tor URL" and friends).
18847 * Hardware support
18848 - Update Linux to 3.2.41-2
18850 * Bugfixes
18851 - Use more reliable OpenPGP keyservers:
18852 · use the hkps pool in GnuPG (and import their SSL CA)
18853 · use hkp://pool.sks-keyservers.net in Seahorse (as it does not support
18854 hkps yet)
18855 - Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.)
18856 from resetting the system partition's attributes when manipulating the
18857 partition table. To this end, backport the relevant bugfix from Wheezy
18858 into parted 2.3-5+tails1. This allowed to remove the sgdisk-based
18859 workaround in tais-persistence-setup, and to stop installing
18860 python-parted. All this is a first needed step to fix
18861 todo/make_system_disk_read-only in a future release.
18863 * Minor improvements
18864 - Disable NoScript's HTML5 media click-to-play for better user experience.
18866 * Localization
18867 - Tails USB installer: update translations for French, German, Spanish,
18868 Finnish, Greek, Italian, Latvian, Dutch, Polish and Chinese.
18869 - Tails Greeter: update translations for Farsi, Chinese, French;
18870 new translations: Finnish, Norwegian Bokmål, Galician.
18871 - tails-persistence-setup: update Farsi and Chinese translations;
18872 import new translations for Finnish and Swedish.
18873 - WhisperBack: update translations for Arabic, French, German, Greek,
18874 Spanish, Korean, Polish, Russian. New translations: Finnish, Chinese.
18876 * Build process
18877 - Add automated testing framework (Sikuli, Cucumber, libvirt -based)
18878 with a bunch of tests.
18880 -- Tails developers <amnesia@boum.org> Sun, 07 Apr 2013 12:17:26 +0200
18882 tails (0.17.1) unstable; urgency=low
18884 * Iceweasel
18885 - Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1.
18887 * Hardware support
18888 - Update Linux to 3.2.39-2.
18889 It includes the drm and agp subsystems from Linux 3.4.29.
18890 - Don't install xserver-xorg-video-rendition backport.
18891 xserver-xorg-video-rendition has been removed from squeeze-backports
18892 due to an upstream tarball mismatch discover when merging backports
18893 into the main Debian archive, and xserver-xorg-video-all still depends
18894 on it, so we explicitly install all drivers from -all but -rendition
18895 as a (hopefully temporary) workaround.
18897 * Minor improvements
18898 - Remove Indymedia IRC account, until we ship a version of Pidgin
18899 with SASL support, that is when Tails is based on Wheezy.
18901 * Build system
18902 - Don't ship the wiki's todo and bugs on ISO images.
18904 -- Tails developers <amnesia@boum.org> Thu, 21 Mar 2013 18:54:11 +0100
18906 tails (0.17) unstable; urgency=low
18908 * New features
18909 - Install the KeePassX password manager, with a configuration and
18910 documentation that makes it easy to persist the password database.
18912 * Iceweasel
18913 - Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1.
18914 - Install xul-ext-adblock-plus from squeeze-backports.
18915 - Do not allow listing all available fonts.
18916 Set browser.display.max_font_attempts and browser.display.max_font_count
18917 to enable the Torbrowser Limit-the-number-of-fonts-per-document patch.
18918 - Set default spellchecker dictionary to English (USA),
18919 and localize it according to locale with our custom branding extension.
18920 - Disable the add-ons automatic update feature.
18921 - Make the generated profile world-readable.
18922 - Remove NoScript click-to-play confirmation.
18923 - Sync some prefs set by Torbutton, to be ready when it stops setting these.
18924 - Disable navigation timing.
18925 - Disable SPDY. It stores state and may have keepalive issues.
18926 - More aggressive iceweasel HTTP pipelining settings.
18927 - Enable WebGL (as click-to-play only).
18928 - Disable network.http.connection-retry-timeout.
18929 - Disable full path information for plugins.
18930 - Remove NoScript blocks of WebFonts.
18931 - Disable DOM storage in Torbutton.
18932 Since we don't apply the 0026-Isolate-DOM-storage-to-first-party-URI.patch
18933 Torbrowser patch yet, and still disable DOM storage, we need to tell
18934 Torbutton not to use it.
18935 - Synchronize iceweasel's general.useragent.override with TBB based on FF17.
18936 The User-Agent settings are not kept up-to-date anymore in Torbutton, so
18937 we have to keep in sync manually with TBB's settings.
18938 - Remove obsolete APT pining for Torbutton.
18939 It's not maintained in Debian anymore, so we now fetch it from our own
18940 APT repository.
18941 - Fetch FoxyProxy from Debian experimental and libnspr4-0d from
18942 squeeze-backports, for compatibility with Iceweasel 17.
18943 - Rebase bookmarks file on top of the default iceweasel 17 one.
18944 - Explicitly disable AdBlock Plus "correct typos" feature.
18945 This feature connects to http://urlfixer.org/.
18946 It is disabled by default in 2.2-1, but let's be careful.
18948 * Minor improvements
18949 - Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1.
18950 Accordingly update the 9980-permissions hook, live-persist,
18951 unsafe-browser and boot-profile.
18952 Add compatibility symlinks from /live to /lib/live, and from /live/image
18953 to /lib/live/mount/medium, to ease the transition.
18954 - Check for errors when sourcing live-boot files, e.g. to detect when
18955 they have been renamed upstream.
18956 - Don't add "quiet" to the kernel command-line ourselves.
18957 Else, it appears twice as live-build's lb_binary_syslinux adds it too.
18958 Historically, we've been adding it ourselves on top of that because
18959 lb_binary_yaboot does not add it, but since we gave up the PowerPC support
18960 attempt, we're now only interested in syslinux, so let's make it easier
18961 for the general case, e.g. when one wants to remove the "quiet" parameter
18962 as suggested by our "Tails does not start" debugging documentation.
18963 - Upgrade I2P to 0.9.4.
18965 * Bugfixes
18966 - Many bugfixes brought by the Debian Squeeze 6.0.7 point-release.
18967 - Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse
18968 as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail,
18969 and brings support for OpenPGP smartcards.
18970 - Enable I2P hidden mode.
18971 Else, killing I2P ungracefully is bad for the I2P network.
18972 - live-persist: move error() function before the first potential usecase.
18973 - Add missing executable bit on restart-tor and restart-vidalia.
18974 - Add shutdown and reboot launchers to the menu.
18975 This workarounds the lack of a shutdown helper applet in camouflage mode.
18976 - Remove Pidgin's MXit and Sametime support.
18977 ... at least until CVE-2013-0273, CVE-2013-0272 and CVE-2013-0271 are
18978 fixed in Debian stable. While we're at it, don't force file removal in
18979 these "set -e" build scripts: fail hard, instead of silently ignoring
18980 the fact that files may have moved or disappeared.
18982 * Hardware support
18983 - Install recent Intel and AMD microcode from squeeze-backports,
18984 explicitly excluding the iucode-tool package that's not a good idea
18985 for Live systems.
18986 - Install firmware loader for Qualcomm Gobi USB chipsets.
18987 This is needed to have various mobile broadband chipsets work.
18988 - Upgrade barry to 0.18.3-5~bpo60+1.
18989 This much improved new version supports more hardware & ISP,
18990 and does not display dozens of spurious error messages at boot time.
18992 * Build system
18993 - Remove APT local cache (/Var/cache/apt/{,src}pkgcache.bin).
18995 -- Tails developers <amnesia@boum.org> Sat, 23 Feb 2013 10:37:57 +0100
18997 tails (0.16) unstable; urgency=low
18999 * Minor improvements
19000 - Replace the too-easy-to-misclick shutdown button with a better
19001 "Shutdown Helper" Gnome applet.
19002 - Display ~/Persistent in GNOME Places and GtkFileChooser if it is mounted.
19003 - Set Unsafe Browser's window title to "Unsafe Browser".
19004 - Install ekeyd to support the EntropyKey.
19005 - Install font for Sinhala.
19006 - Update Poedit to 1.5.4.
19007 - Kill Vidalia when restarting Tor.
19008 Doing this as early as possible exposes Vidalia's "broken onion" icon
19009 to users less.
19010 - Hide the persistence setup launchers in kiosk mode.
19011 - Add a shell library for Tor functions.
19012 These are shared among multiple of our scripts.
19013 - Install dictionaries for supported languages.
19014 Install hunspell dictionaries when possible,
19015 fall back on myspell ones else.
19017 * Bugfixes
19018 - Disable IPv6 on all network interfaces.
19019 This is a workaround for the IPv6 link-local multicast leak that was recently
19020 discovered. Tails has no local service that listens on IPv6, so there should be
19021 no regression, hopefully, unless one wants to play with OnionCat and VoIP,
19022 but those of us should know how to workaround this anyway.
19023 - live-persist: Fix variable mismatch, fixing probe white-list.
19024 Tails may previously have been able to list GPT partitions labelled
19025 "TailsData" on hard drives (!) as valid persistence volumes...
19026 - live-persist: Fix --media option when no devices are attached.
19027 Earlier, if it was set to e.g. 'removable-usb' and no USB storage was
19028 connected, $whitelistdev would be empty, which is interpreted like
19029 all devices are ok by the rest of the code.
19030 - Fix SCIM in the autostarted web browser: save IM environment variables
19031 to a file during Desktop session startup, and export them into the
19032 autostarted browser's environment.
19033 - Talk of DVD, not of CD, in the shutdown messages.
19034 - Make tordate work in bridge mode with an incorrect clock.
19035 When using a bridge Tor reports TLS cert lifetime errors (e.g. when
19036 the system clock is way off) with severity "info", but when no bridge
19037 is used the severity is "warn". tordate/20-time.sh depends on grepping
19038 these error messages, so we termporarily increase Tor's logging
19039 severity when using bridge mode. If we don't do this tordate will
19040 sleep forever, leaving Tor in a non-working state.
19041 · White-list root to use Tor's ControlPort.
19042 · Add logging for is_clock_way_off().
19043 · Remove Tor's log before time syncing.
19044 We depend on grepping stuff from the Tor log (especially for
19045 tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
19046 · Stop Tor before messing with its log or data dir.
19047 - live-persist: limit searched devices the same way as live-boot.
19048 If no --media argument is specified, use live-boot's
19049 "(live-media|bootfrom)=removable(|-usb)" argument to limit devices
19050 searched for a persistent volume.
19051 - tails-greeter: do not pass media=removable to live-persist.
19052 Now that we have autodetection with kernel command-line,
19053 it should not be needed anymore.
19054 - Start memlockd after configuring it,
19055 instead of starting it before and restarting it after.
19056 This avoids running memlockd twice, and prevents other possibly
19057 surprising race-conditions.
19058 As a consequence, also have tails-sdmem-on-media-removal start after the
19059 memlockd service *and* tails-reconfigure-memlockd: to start the watchdog,
19060 we need memlockd to be properly configured *and* running.
19062 * iceweasel
19063 - Set iceweasel homepage to the news section on the Tails website.
19064 ... using the localized one when possible.
19065 - Hide the iceweasel add-on bar by default.
19066 Now that we don't want to ship the Monkeysphere addon anymore,
19067 that was the only one displayed in there, we can as well hide the whole bar.
19068 - Don't hide the AdBlock-Plus button in the add-on bar anymore. Now that
19069 we hide the whole addon bar, we can get rid of this old
19070 UX improvement.
19071 - Do not install a placeholder (fake) FireGPG iceweasel extension anymore.
19072 It was shipped from 0.10 (early 2012) to 0.15 (late November),
19073 so the migration period should be over now.
19074 - Don't install xul-ext-monkeysphere anymore.
19075 The implication of the current keyserver policy are not well
19076 understood, Monkeysphere is little used in Tails, and we're not sure
19077 anymore it would be our first bet for the web browser profile with no
19078 CA. Let's keep the various configuration bits (e.g. FoxyProxy,
19079 patching MSVA), though, so that advanced users who are used to have
19080 Monkeysphere in Tails just have to install the package.
19082 * Build system
19083 - Install the "standard" task with tasksel for better consistency in the
19084 Tails ISO images built in various environments.
19085 - Install p7zip-full. It's a dep by file-roller, but we explicily use it
19086 elsewhere, and it's better to be safe than sorry.
19087 - Remove pinning of libvpx0 to sid.
19088 This package is part of Squeeze, and not from testing/sid.
19089 We have been shipping the version from Squeeze for a while.
19090 - Remove config/chroot_local-packages/ from .gitignore.
19091 The documented way for "external" contributors to add custom packages
19092 is to put them in chroot_local-packages, and once we pull we import
19093 any such package into our APT repo and rewrite the
19094 history appropriately.
19095 Also, the ability to add packages in there and not see them in "git
19096 status" makes it very easy to build tainted ISO images with
19097 non-standard packages, which makes some of us fear can lead to hard to
19098 debug situations.
19099 - Make it clearer what can and cannot be done in terms of local packages.
19101 -- Tails developers <amnesia@boum.org> Thu, 10 Jan 2013 12:47:42 +0100
19103 tails (0.15) unstable; urgency=low
19105 * Major new features
19106 - Persistence for browser bookmarks.
19107 - Support for obfsproxy bridges.
19109 * Minor improvements
19110 - Add the Hangul (Korean) Input Method Engine for SCIM.
19111 - Add vendor-specific dpkg origin information. This makes dpkg-vendor
19112 return correct information.
19113 - Install pcscd and libccid from squeeze-backports. This is needed to
19114 support, to some extent, some OpenPGP SmartCard readers.
19115 - Install HPIJS PPD files and the IJS driver (hpijs).
19116 This adds support for some printers, such as Xerox DocumentCenter400.
19117 - Optimize fonts display for LCD.
19118 - Update TrueCrypt to version 7.1a.
19120 * Bugfixes
19121 - Do not use pdnsd anymore. It has been orphaned in Debian, has quite
19122 some bugs in there, and apparently Tor's DNSPort's own caching is
19123 be good enough.
19124 - Remove useless iceweasel cookies exceptions. They are useless as
19125 per-session cookies are allowed.
19126 - Do not run setupcon on X. This call is only needed on the Linux
19127 console, no need to annoy the user with a weird "Press enter to
19128 activate this console" when the open a root shell in a GNOME
19129 Terminal.
19130 - Allow the tails-iuk-get-target-file user to connect to the SOCKSPort
19131 dedicated for Tails-specific software.
19132 - Fix gpgApplet menu display in Windows camouflage mode.
19133 - Fix Tor reaching an inactive state if it's restarted in "bridge mode",
19134 e.g. during the time sync' process.
19136 * Iceweasel
19137 - Update iceweasel to 10.0.11esr-1+tails1.
19138 - User profile is now generated at build time in order to support persistent
19139 bookmarks.
19140 - Update HTTPS Everywhere to version 3.0.4.
19141 - Update NoScript to version 2.6.
19142 - Fix bookmark to I2P router console.
19143 - Re-enable Monkeysphere extension to connect to the validation agent.
19145 * Localization
19146 - The Tails USB installer, tails-persistence-setup and tails-greeter
19147 are now translated into Bulgarian.
19148 - Update Chinese translation for tails-greeter.
19149 - Update Euskadi translation for WhisperBack.
19151 * Build system
19152 - Custom packages are now retrieved from Tails APT repository instead
19153 of bloating the Git repository.
19154 - Allow '~' in wiki filenames. This makes it possible to ship
19155 update-description files for release candidates.
19156 - Document how to create incremental update kit.
19157 - Handle release candidates when generating custom APT sources.
19158 - Remove pinning for xul-ext-adblock-plus.
19159 It is obsolete since we've added this package to our APT repository.
19161 -- Tails developers <amnesia@boum.org> Sun, 25 Nov 2012 12:59:17 +0100
19163 tails (0.14) unstable; urgency=low
19165 * Major new features
19166 - Enable Tor stream isolation; several new SocksPorts with
19167 appropriate Isolate* options have been added for different use
19168 cases (i.e. applications). All application's have been
19169 reconfigured to use these new SocksPorts, which should increase
19170 anonymity by making it more difficulte to correlate traffic from
19171 different applications or "online identities".
19172 - The web browser now has the anonymity enhancing patches from the
19173 TorBrowser applied.
19174 - gpgApplet can now handle public-key cryptography.
19175 - Install an additional, PAE-enabled kernel with NX-bit
19176 support. This kernel is auto-selected when the hardware supports
19177 it and will:
19178 * provide executable space protection, preventing certain types of
19179 buffer overflows from being exploitable.
19180 * enable more than 4 GiB of system memory.
19181 * make all processors/cores available, including their
19182 power-saving functionality.
19183 - Add a persistence preset for NetworkManager connections.
19185 * Minor improvements
19186 - On kexec reboot, make the boot quiet only if debug=wipemem was not
19187 enabled.
19188 - Update torproject.org's APT repo key.
19189 - Update the embedded Tails signing key.
19190 - Use symlinks instead of duplicating localized searchplugins.
19191 - Rewrite Tails firewall using ferm. Tails firewall was written in
19192 very unsophisticated iptables-save/restore format. As more feature
19193 creeped in, it started to be quite unreadable.
19194 - Optimize VirtualBox modules build at runtime to avoid installing the
19195 userspace utils N times.
19196 - Drop most of Vidalia's configuration. Our custom lines just caused
19197 trouble (with multiple SocksPorts) and the default works well.
19198 - Blacklist PC speaker module. On some computers, having the pcspkr
19199 module loaded means loud beeps at bootup, shutdown and when using
19200 the console. As it draws useless attention to Tails users, it is
19201 better to prevent Linux from loading it by default.
19202 - Remove all addons from the Unsafe Browser. No addons are essential
19203 for the Unsafe Browser's intent. If anything they will modify the
19204 network fingerprint compared to a normal Iceweasel install, which
19205 is undesirable.
19206 - Prevent some unwanted packages to be installed at all, rather than
19207 uninstalling them later. This should speed up the build a bit.
19208 - Add a symlink from /etc/live/config to /etc/live/config.d. This
19209 makes the system compatible with live-config 3.0.4-1, without
19210 breaking backward compatibility with various parts of the system
19211 that use the old path.
19212 - Do not run unecessary scripts during shutdown sequence, to make
19213 shutdown faster.
19214 - Make live-persist deal with persistent ~/.gconf subdirs so that
19215 any options saved therein actually get persistent.
19216 - Prevent memlockd unload on shutdown, to make sure that all
19217 necessary tools for memory wiping are available when the new
19218 kernel has kexec'd.
19219 - Patch initscripts headers instead of fiddling with update-rc.d. We
19220 now let insserv figure out the correct ordering for the services
19221 during startup and shutdown, i.e. use dependency-based boot
19222 sequencing.
19223 - Remove the last absolute path in our isolinux config, which makes
19224 it easier to migrate from isolinux to syslinux (just rename the
19225 directory), and hence might make it easier for 3rd party USB
19226 installers (like the Universal USB Installer) to support Tails.
19228 * Bugfixes
19229 - Include `seq` in the ramdisk environment: it is used to wipe more
19230 memory. This fixes the long-standing bug about Tails not cleaning
19231 all memory on shutdown.
19232 - Fix Yelp crashing on internal links
19233 - Allow amnesia user to use Tor's TransPort. This firewall exception
19234 is necessary for applications that doesn't have in-built SOCKS
19235 support and cannot use torsocks. One such example is Claws Mail,
19236 which uses tsocks since torsocks makes it leak the hostname. This
19237 exception, together with Tor's automatic .onion mapping makes
19238 Claws Mail able to use hidden service mail providers again.
19239 - Force threads locking support in Python DBus binding. Without this
19240 liveusb-creator doesn't work with a PAE-enabled kernel.
19241 - Fix localized search plugins for 'es' and 'pt'
19242 - Fix live-boot's readahead, which caused an unnecessary pause
19243 during boot.
19244 - Factorize GCC wanted / available version numbers in VirtualBox
19245 modules building hook. This, incidentally, fixes a bug caused by
19246 duplication and not updating all instances.
19247 - Fix tordate vs. Tor 0.2.3.x. Since 0.2.3.x Tor doesn't download a
19248 consensus for clocks that are more than 30 days in the past or 2
19249 days in the future (see commits f4c1fa2 and 87622e4 in Tor's git
19250 repo). For such clock skews we set the time to the Tor authority's
19251 cert's valid-after date to ensure that a consensus can be
19252 downloaded.
19254 * Tor
19255 - Update to version 0.2.3.24-rc-1~~squeeze+1, a new major
19256 version. It's not a stable release, but we have been assured by
19257 the Tor developers that this is the right move.
19258 - Stop setting custom value for the Tor LongLivedPorts
19259 setting. Gobby's port was upstreamed in Tor 0.2.3.x.
19261 * Iceweasel
19262 - Update to 10.0.10esr-1+tails1, which has all the anonymity enhancing
19263 patches from the TorBrowser applied.
19264 - Install iceweasel from our own repo, http://deb.tails.boum.org.
19265 - Fix Iceweasel's file associations. No more should you be suggested
19266 to open a PDF in the GIMP.
19268 * htpdate
19269 - Use curl instead of wget, and add a --proxy option passed through
19270 to curl.
19271 - Remove the --fullrequest option, we don't need it anymore.
19272 - Remove --dns-timeout option, we don't need it anymore.
19273 - Change --proxy handling to support Debian Squeeze's curl.
19274 - Clarify what happens if --proxy is not used.
19275 - Compute the median of the diffs more correctly.
19277 * Hardware support
19278 - Update Linux to 3.2.32-1.
19280 * Software
19281 - Update vidalia to 0.2.20-1+tails1.
19282 - Update bundled WhisperBack package to 1.6.2:
19283 * Raise the socket library timeout to 120 seconds
19284 * Use smtplib's timeout parameter
19285 * Fix error output when calling send a 2nd time
19286 - Update liveusb-creator to 3.11.6-3.
19287 - Update i2p to 0.9.2.
19288 - Update tails-persistence-setup to 0.20-1, which should make it
19289 possible to install Tails on large (>= 32 GiB) USB drives.
19290 - Install console-setup and keyboard-configuration from unstable
19291 (required by new initramfs-tools).
19292 - Update tails-greeter to 0.7.3:
19293 * Import pt_BR translation.
19294 * Let langpanel usable during option selection stage
19295 * Print less debugging messages by default
19296 (below are changes in tails-greeter 0.7.2:)
19297 * Use correct test operators.
19298 * Generate language codes of available locales at package build
19299 time.
19300 * Read list of language codes from where we have saved it at
19301 package build time.
19302 * Drop tails-lang-helper, not used anymore.
19303 * Do not compile locales at login time anymore. Tails now ships
19304 locales-all.
19305 - Import live-config{,-sysvinit} 3.0.8-1. live-config >= 3.0.9-1
19306 has basically nothing useful for us, and it migrates to new paths
19307 brought by live-boot 3.0~b7, which we're not ready for yet (see:
19308 todo/newer_live-boot).
19310 * Localization
19311 - Fix Tails specific Iceweasel localization for pt-BR
19312 - Add Japanese input system: scim-anthy.
19313 - whisperback is now also translated into German, Hebrew, Hungarian,
19314 Italian and Korean.
19315 - tails-persistence-setup is now also translated into Arabic.
19316 - tails-greeter is now also translated into Arabic, Hebrew, Basque,
19317 Hungarian, Italian and Chinese.
19319 * Build system
19320 - Catch more errors in during build time:
19321 - Ensure that all local hooks start with 'set -e'.
19322 - Fail hard if adduser fails in local hooks.
19323 - Fail hard if 'rm' fails in local hooks.
19324 - vagrant: Ensure we have the set of Perl packages needed by our
19325 Ikiwiki
19326 - vagrant: Configure live-build to ship with ftp.us.debian.org.
19327 Using cdn.debian.net leads to bad interactions with Tor.
19328 - vagrant: Don't use gzip compression when building from a tag, i.e.
19329 a release.
19330 - vagrant: Optionally use bootstrap stage cache for faster builds
19331 via the 'cache' build option.
19332 - vagrant: Make sure release builds are clean, i.e. they don't use
19333 any potentially dangerous build options.
19334 - vagrant: Disable live-build package caching. This build system is
19335 meant to use an external caching proxy, so live-build's cache just
19336 wastes RAM (for in-memory builds) or disk space.
19337 - vagrant: use aufs magic instead of copying source into tmpfs.
19338 This reduces the amount of RAM required for building Tails in.
19339 - vagrant: Allow in-memory builds when a VM with enough memory is
19340 already started.
19342 -- Tails developers <amnesia@boum.org> Sat, 10 Nov 2012 12:34:56 +0000
19344 tails (0.13) unstable; urgency=low
19346 * Major new features
19347 - Use white-list/principle of least privelege approach for local services.
19348 Only users that need a certain local (i.e. hosted on loopback) service
19349 (according to our use cases) are granted access to it by our firewall;
19350 all other users are denied access.
19351 - Ship a first version of the incremental update system. Updates are not
19352 currently triggered automatically, but this will allow tests to be done
19353 on larger scales.
19355 * Minor improvements
19356 - Enable four workspaces in the Windows XP camouflage. This allows
19357 users to quickly switch to a more innocent looking workspace in case
19358 they are working on sensitive data and attract unwanted attention.
19359 The workspace switcher applet isn't there, though, since there's no
19360 such thing in Windows XP, so switching is only possible via keyboard
19361 shortcuts.
19362 - Ship with precompiled locales instead of generating them upon login.
19363 - Add support for wireless regulation.
19364 - Use color for Git output, not intended for machine consumption,
19365 written to the terminal.
19366 - Have ttdnsd use OpenDNS. Using Google's DNS servers was very
19367 glitchy, and rarely succeeded when it should. It can probably be
19368 attributed to Google's DNS, which is known to take issue with Tor
19369 exits.
19370 - Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
19371 - Include GDM logs and dmidecode informations in the reports.
19372 - Allow to modify language and layout in the "Advanced options" screen
19373 of the greeter.
19374 - GnuPG: bump cert-digest-algo to SHA512.
19375 - Update torproject.org's APT repo key.
19377 * Bugfixes
19378 - Make Claws Mail save local/POP emails in its dot-directory. The
19379 default is to save them at ~/Mail, which isn't included in our
19380 current Claws Mail persistence preset.
19381 - Fix the System Monitor applet.
19382 - Remove broken ttdnsd from the default DNS resolution loop.
19383 - Hide the 'TailsData' partition in desktop applications.
19384 - Ship unrar-free again, so that the GNOME archive manager knows about
19385 it.
19386 - Ship with an empty whitelist for Noscript.
19387 - Disable FoxyProxy's advertisement on proxy error page.
19388 - Fix slow browsing experience for offline documentation.
19389 - Raise the socket timeout to 120 seconds in WhisperBack.
19390 - Enable the ikiwiki trail plugin for the locally built wiki too.
19392 * Iceweasel
19393 - Upgrade iceweasel to 10.0.6esr-1 (Extended Support Release) and install it
19394 and its dependencies from squeeze-backports.
19396 * Hardware support
19397 - Upgrade Linux to 3.2.23-1.
19399 * Software
19400 - Update tor to version 0.2.2.39.
19401 - Update Iceweasel to version 10.0.7esr-2.
19402 - Update i2p to version 0.9.1.
19404 * Build system
19405 - vagrant: Install Ikiwiki from Debian unstable. The 'mirrorlist'
19406 patches have finally been merged in upstream Ikiwiki. So instead of
19407 building Ikiwiki by hand, we can now install the package directly
19408 from Debian unstable.
19409 - Do not build the ikiwiki forum on the bundled static website copy.
19411 -- Tails developers <amnesia@boum.org> Mon, 17 Sep 2012 15:19:25 +0200
19413 tails (0.12.1) unstable; urgency=low
19415 This is a brown paper bag release to fix two major problems introduced in
19416 Tails 0.12.
19418 * Iceweasel
19419 - Upgrade Torbutton to 1.4.6.
19420 - Upgrade AdBlock Plus to 2.1.
19421 - Update AdBlock Plus patterns.
19423 * Hardware support
19424 - Upgrade Linux to 3.2.21-3 (linux-image-3.2.0-3-486).
19426 * Software
19427 - Install MAT from Debian backports, drop custom package.
19428 - Install python-pdfrw to re-add PDF support to the MAT.
19429 - Upgrade tails-greeter to 0.7.1, which fixes the race condition that
19430 broke administration password and locale settings on some systems.
19432 * Boot
19433 - Remove the Tails specific plymouth theme. The theme interfers heavily with
19434 the boot process on some hardware.
19436 -- Tails developers <amnesia@boum.org> Mon, 17 Sep 2012 13:06:03 +0200
19438 tails (0.12) unstable; urgency=low
19440 * Major new features
19441 - Add the Unsafe Web Browser, which has direct access to the Internet and
19442 can be used to login to captive portals.
19443 - The (previously experimental, now deemed stable) Windows camouflage can now
19444 be enabled via a check box in Tails greeter.
19446 * Tor
19447 - Upgrade to 0.2.2.37-1~~squeeze+1.
19449 * Iceweasel
19450 - Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release) and install it
19451 and its dependencies from squeeze-backports.
19452 - Add a bookmark for the offline Tails documentation.
19453 - Update AdBlock patterns.
19455 * Persistence
19456 - Allow using larger USB drives by increasing the mkfs timeout to 10 minutes.
19457 - Tell the user what's going on when the Tails boot device cannot be found.
19459 * Hardware support
19460 - Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).
19462 * Software
19463 - Install rfkill.
19464 - Install torsocks. Note that this makes `torify' use `torsocks' instead of
19465 `tsocks'. The `tsocks' binary is dropped to avoid problems, but remaining
19466 files (the library) are kept since ttdnsd depends on them.
19467 - Fetch live-config-sysvinit from sid so that it matches live-config version.
19468 - Update virtualbox backports to 4.1.10-dfsg-1~bpo60+1.
19469 - Install pciutils (needed by virtualbox-guest-utils).
19470 - Install mousetweaks. This is needed to use the mouse accessibility settings
19471 in System -> Preferences -> Mouse -> Accessibility.
19472 - Install the "hardlink" files deduplicator.
19473 - Do not install cryptkeeper anymore. See todo/remove_cryptkeeper for reason.
19474 Users of cryptkeeper are encouraged to install cryptkeeper via `apt-get
19475 update; apt-get install --yes cryptkeeper`, open their volume and move
19476 their to Tails' built-in persistence instead, as a one-time migration.
19477 - Upgrade I2P to version 0.9.
19478 - Don't install GParted. GNOME Disk Utility has been on par with GParted
19479 since Squeeze was released.
19480 - Upgrade live-boot to 3.0~a27-1+tails2~1.gbp319fe6.
19481 - Upgrade live-config to 3.0~a39-1 and install it from Debian experimental.
19482 - Upgrade tails-greeter to 0.7.
19483 - Upgrade tails-persistence-setup to 0.17-1.
19484 - Install libyaml-libyaml-perl.
19485 - Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1.
19486 - Fetch python-pdfrw from backports, drop custom package.
19488 * Internationalization
19489 - The Tails website and documentation now has a (partial) Portuguese
19490 translation.
19492 * Build system
19493 - Tails can now be built without using a HTTP proxy.
19494 - Tails can now easily be built by using Vagrant. See the updated
19495 contribute/build page for instructions.
19497 * Boot
19498 - Remove obsolete noswap boot parameter. live-boot now handles swap on an
19499 opt-in basis.
19500 - The squashfs.sort files generated with boot-profile should now be ok which
19501 makes the generate images boot noticeably faster on optical media. See
19502 bugs/weird_squashfs.sort_entries for more information.
19503 - Set Tails specific syslinux and plymouth themes.
19504 - Add NVidia KMS video drivers to the initrd in order to show our shiny new
19505 plymouth theme on more systems.
19507 -- Tails developers <amnesia@boum.org> Mon, 11 Jun 2012 13:37:00 +0200
19509 tails (0.11) unstable; urgency=low
19511 * Major new features
19512 - Do not grant the desktop user root credentials by default.
19513 - A graphical boot menu (tails-greeter 0.6.3) allows choosing among
19514 many languages, and setting an optional sudoer password.
19515 - Support opt-in targeted persistence
19516 · tails-persistence-setup 0.14-1
19517 · live-boot 3.0~a25-1+tails1~5.gbp48d06c
19518 · live-config 3.0~a35-1
19519 - USB installer: liveusb-creator 3.11.6-1
19521 * iceweasel
19522 - Install iceweasel 10.0.4esr-1 (Extended Support Release).
19523 Let's stop tracking a too fast moving target.
19524 Debian Wheezy will ship ESR versions.
19525 - Install needed dependencies from squeeze-backports.
19526 - Search plugins:
19527 · Remove bing.
19528 bing appeared due to our upgrading iceweasel.
19529 Removing it makes things consistent with the way they have been
19530 until now, that is: let's keep only the general search engines
19531 we've been asked to add, plus Google, and a few specialized ones.
19532 · Replace Debian-provided DuckDuckGo search plugin with the "HTML SSL"
19533 one, version 20110219. This is the non-JavaScript, SSL, POST flavour.
19534 · Add ixquick.com.
19535 · Install localized search engines in the correct place.
19536 No need to copy them around at boot time anymore.
19537 · Remove Scroogle. RIP.
19538 - Enable TLS false start, like the TBB does since December.
19539 - Adblock Plus: don't count and save filter hits, supress first run dialog.
19540 - Install neither the GreaseMonkey add-on, nor any GreaseMonkey script.
19541 YouTube's HTML5 opt-in program is over.
19542 HTML5 video support is now autodetected and used.
19544 * Vidalia
19545 - Upgrade to 0.2.17-1+tails1: drop Do-not-warn-about-Tor-version.patch,
19546 applied upstream.
19547 - Set SkipVersionCheck=true.
19548 Thanks to chiiph for implementing this upstream (needs Vidalia 0.2.16+).
19550 * Internationalization
19551 - Install all available iceweasel l10n packages.
19552 - Remove syslinux language choosing menu.
19553 tails-greeter allows choosing a non-English language.
19554 - Add fonts for Hebrew, Thai, Khmer, Lao and Korean languages.
19555 - Add bidi support.
19556 - Setup text console at profile time.
19557 Context: Tails runs with text console autologin on.
19558 These consoles now wait, using a "Press enter to activate this console"
19559 message, for the user. When they press enter in there, they should have chosen
19560 their preferred keyboard layout in tails-greeter by now. Then, we run setupcon.
19561 As a result, the resulting shell is properly localized, and setupcon
19562 sets the correct keyboard layout, both according to the preferences expressed by
19563 the user in tails-greeter.
19564 - Don't use localepurge, don't remove any Scribus translations anymore,
19565 don't localize environment at live-config time:
19566 tails-greeter allows us to support many, many more languages.
19568 * Hardware support
19569 - Linux 3.2.15-1 (linux-image-3.2.0-2-amd64).
19570 - Fix low sound level on MacBook5,2.
19571 - Disable laptop-mode-tools automatic modules. This modules set often
19572 needs some amount of hardware-specific tweaking to work properly.
19573 This makes them rather not well suited for a Live system.
19575 * Software
19576 - Install GNOME keyring.
19577 This is needed so that NetworkManager remembers the WEP/WPA secrets
19578 for the time of a Tails session. Initialize GNOME keyring at user
19579 creation time.
19580 - Install usbutils to have the lsusb command.
19581 - Install the Traverso multitrack audio recorder and editor.
19583 * Miscellaneous
19584 - GNOME Terminal: keep 8192 scrollback lines instead of the smallish
19585 default.
19586 - Replaced tails-wifi initscript with laptop-mode-tools matching feature.
19587 - Disable gdomap service.
19588 - Fetch klibc-utils and libklibc from sid.
19589 The last initramfs-tools depends on these.
19590 - Set root password to "root" if debug=root is passed on the
19591 kernel cmdline. Allow setting root password on kernel cmdline via
19592 rootpw=. Looks like we implemented this feature twice.
19593 - Append a space on the kernel command line. This eases manually adding
19594 more options.
19595 - Rename sudoers.d snippets to match naming scheme.
19596 Sudo credentials that shall be unconditionally granted to the Tails
19597 default user are named zzz_*, to make sure they are applied.
19598 - WhisperBack: also include /var/log/live-persist and
19599 /var/lib/gdm3/tails.persistence.
19600 - Add a wrapper to torify whois.
19601 - Rework the VirtualBox guest modules building hook to support
19602 multiple kernels.
19603 - Consistently wait for nm-applet when waiting for user session to come up.
19604 Waiting for gnome-panel or notification-daemon worked worse.
19605 - Don't start the NetworkManager system service via init.
19606 Some Tails NM hooks need the user to be logged in to run properly.
19607 That's why tails-greeter starts NetworkManager at PostLogin time.
19608 - Also lock /bin/echo into memory. For some reason, kexec-load needs it.
19609 - Pidgin: don't use the OFTC hidden service anymore.
19610 It proved to be quite unreliable, being sometimes down for days.
19611 - Do not display storage volumes on Desktop, by disabling
19612 /apps/nautilus/desktop/volumes_visible GConf entry. Enabling that
19613 GConf setting avoids displaying the bind-mounted persistent
19614 directories on the Desktop, and reduces user confusion. It also is
19615 a first step towards a bigger UI change: GNOME3 does not manage the
19616 Desktop anymore, so volume icons and other Desktop icons are meant to
19617 disappear anyway. It implies we'll have to move all Desktop icons
19618 elsewhere. Let's start this move now: this will smooth the UI change
19619 Wheezy will carry for our users, by applying some of it progressively.
19621 * Build system
19622 - Don't build hybrid ISO images anymore. They boot less reliably on
19623 a variety of hardware, and are made less useful by us shipping
19624 a USB installer from now on.
19625 - Append .conf to live-config configuration filenames:
19626 live-config >3.0~a36-1 only takes into account files named *.conf
19627 in there. Accordingly update scripts that source these files.
19628 - Remove long-obsolete home-refresh script and its configuration.
19630 * Virtualization support
19631 - Support Spice and QXL: install the Spice agent from Debian sid,
19632 install xserver-xorg-video-qxl from squeeze-backports.
19634 -- Tails developers <amnesia@boum.org> Tue, 17 Apr 2012 14:54:00 +0200
19636 tails (0.10.2) unstable; urgency=low
19638 * Iceweasel
19639 - Update to 10.0.2-1.
19640 - Disable HTTPS-Everywhere's SSL Observatory (plus first-run pop-up).
19641 - Revert "FoxyProxy: don't enclose regexps between ^ and $."
19642 Currently "http://www.i2p2.de" (and everything similar) is captured by
19643 the I2P filter, which is incorrect. It seems isMultiLine="false" does
19644 *not* make RE into ^RE$ any longer.
19645 - Remove file:// from NoScript's exception lists.
19646 This will fix the JavaScript toggles in the local copy of the documentation.
19647 - Update AdBlock patterns.
19649 * Software
19650 - Upgrade I2P to 0.8.13.
19651 - Install libvpx0 from sid.
19652 - Fetch klibc-utils and libklibc from sid.
19653 The last initramfs-tools depends on these.
19655 * Hardware support
19656 - Upgrade Linux kernel to 3.2.7-1.
19657 - Install firmware-libertas.
19658 This adds support for wireless network cards with Marvell Libertas
19659 8xxx chips supported by the libertas_cs, libertas_sdio, libertas_spi,
19660 libertas_tf_usb, mwl8k and usb8xxx drivers.
19662 * Miscellaneous
19663 - Revert "Set time to middle of [valid-after, fresh-until] from consensus."
19664 This reverts commit 18d23a500b9412b4b0fbe4e38a9398eb1a3eadef.
19665 With this vmid clocks that are E minutes back in time may cause issues
19666 (temporary Tor outages) after consensus updates that happen at the
19667 (60-E):th minute or later during any hour. Full analysis:
19668 https://mailman.boum.org/pipermail/tails-dev/2012-January/000873.html
19669 - Add the default user to the vboxsf group.
19670 This will allow the user to get full access to automounted VirtualBox
19671 shared folders as they are mounted with guid vboxsf and rwx group
19672 permissions.
19674 -- Tails developers <amnesia@boum.org> Thu, 01 Mar 2012 20:26:21 +0100
19676 tails (0.10.1) unstable; urgency=low
19678 * Iceweasel
19679 - Make Startpage the default web search engine. Scroogle does not look
19680 reliable enough these days.
19682 * Software
19683 - Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation).
19684 - Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI).
19686 * Hardware support
19687 - Upgrade Linux kernel to 3.2.1-2
19689 * Time synchronization
19690 Serious rework that should fix most, if not all, of the infamous
19691 time-sync' related bugs some Tails users have experienced recently.
19692 - Make htpdate more resilient by using three server pools, and
19693 allowing some failure ratio.
19694 - Set time from Tor's unverified-consensus if needed.
19695 - Set time to middle of [valid-after, fresh-until] from consensus.
19696 - Many robustness, performance and fingerprinting-resistance improvements.
19697 - Display time-sync' notification much earlier.
19699 * Miscellaneous
19700 - Fix access to "dumb" git:// protocol by using a connect-socks wrapper
19701 as GIT_PROXY_COMMAND.
19702 - SSH client: fix access to SSH servers on the Internet by correcting
19703 Host / ProxyCommand usage.
19704 - Pidgin: use OFTC hidden service to workaround Tor blocking.
19705 - Claws Mail: disable draft autosaving.
19706 When composing PGP encrypted email, drafts are saved back to
19707 the server in plaintext. This includes both autosaved and manually
19708 saved drafts.
19709 - tails-security-check-wrapper: avoid eating all memory when offline.
19711 -- Tails developers <amnesia@boum.org> Sat, 28 Jan 2012 10:00:31 +0100
19713 tails (0.10) unstable; urgency=low
19715 * Tor: upgrade to 0.2.2.35-1.
19717 * Iceweasel
19718 - Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
19719 - Update Torbutton to 1.4.5.1-1.
19720 - Support viewing any YouTube video that is available in HTML5 format:
19721 install xul-ext-greasemonkey and the "Permanently Enable HTML5 on
19722 YouTube" GreaseMonkey script.
19723 - Stop using Polipo in Iceweasel. Its SOCKS support was fixed.
19724 - Install from Debian sid the iceweasel extensions we ship,
19725 for compatibility with FF9.
19726 - Use Scroogle (any languages) instead of Scroogle (English only) when
19727 booted in English. Many users choose English because their own
19728 language is not supported yet; let's not hide them search results in
19729 their own language.
19730 - Install Iceweasel language packs from Debian unstable:
19731 unfortunately they are not shipped on the mozilla.debian.net repository.
19732 - Install the NoScript Firefox extension; configure it the same way as
19733 the TBB does.
19734 - Disable third-party cookies.
19735 They can be used to track users, which is bad. Besides, this is what
19736 TBB has been doing for years.
19737 - FoxyProxy: allow direct connections to RFC1918 IPs.
19739 * Do not transparent proxy outgoing Internet connections through Tor.
19740 - Torify the SSH client using connect-proxy to all IPs but RFC1918 ones.
19741 - Torify APT using Polipo HTTP.
19742 - Torify wget in wgetrc.
19743 - Torify gobby clients using torsocks. It does not support proxies yet.
19744 - Torify tails-security-check using LWP::UserAgent's SOCKS proxy support.
19745 - Fix enabling of GNOME's HTTP proxy.
19747 * Software
19748 - Upgrade Vidalia to 0.2.15-1+tails1.
19749 · New upstream release.
19750 · Do not warn about Tor version.
19751 - Upgrade MAT to 0.2.2-1~bpo60+1.
19752 - Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1,
19753 built against the ABI of X.Org backports.
19754 - Upgrade I2P to 0.8.11 using KillYourTV's Squeeze packages;
19755 additionally, fix its start script that was broken by the tordate merge.
19756 - Install unar (The Unarchiver) instead of the non-free unrar.
19757 - Install Nautilus Wipe instead of custom Nautilus scripts.
19759 * Hardware support
19760 - Upgrade Linux kernel to 3.1.6-1.
19761 - Upgrade to X.Org from squeeze-backports.
19762 - Install more, and more recent b43 firmwares.
19763 - Upgrade barry to 0.15-1.2~bpo60+1.
19765 * Internationalization
19766 - Add basic language support for Russian, Farsi and Vietnamese.
19767 - Install some Indic fonts.
19768 - Install some Russian fonts.
19769 - Add Alt+Shift shortcut to switch keyboard layout.
19771 * Miscellaneous
19772 - Support booting in "Windows XP -like camouflage mode":
19773 · Install homebrewn local .debs for a Windows XP look-alike Gnome theme.
19774 · Add the "Windows XP Bliss" desktop wallpaper.
19775 · Added a script that's sets up Gnome to look like Microsoft Windows XP.
19776 · Add Windows XP "camouflage" icons for some programs.
19777 · Make Iceweasel use the IE icon when Windows XP camouflage is enabled.
19778 · Add special launcher icons for the Windows XP theme so that they're
19779 not too big.
19780 - Decrease Florence focus zoom to 1.2.
19781 - Do not fetch APT translation files. Running apt-get update is heavy enough.
19782 - Add MSN support thanks to msn-pecan.
19783 - Add custom SSH client configuration:
19784 · Prefer strong ciphers and MACs.
19785 · Enable maximum compression level.
19786 · Explicitly disable X11 forwarding.
19787 · Connect as root by default, to prevent fingerprinting when username
19788 was not specified.
19789 - Replace flawed FireGPG with a home-made GnuPG encryption applet;
19790 install a feature-stripped FireGPG that redirects users to
19791 the documentation, and don't run Seahorse applet anymore.
19792 - Enable Seahorse's GnuPG agent.
19793 - Blank screen when lid is closed, rather than shutting down the system.
19794 The shutdown "feature" has caused data losses for too many people, it seems.
19795 There are many other ways a Tails system can be shut down in a hurry
19796 these days.
19797 - Import Tails signing key into the keyring.
19798 - Fix bug in the Pidgin nick generation that resulted in the nick
19799 "XXX_NICK_XXX" once out of twenty.
19800 - Pre-configure the #tor IRC discussion channel in Pidgin.
19801 - Fix "technology preview" of bridge support: it was broken by tordate merge.
19802 - Install dependencies of our USB installer to ease its development.
19803 - Make vidalia NM hook sleep only if Vidalia is already running.
19804 - Reintroduce the htpdate notification, telling users when it's safe
19805 to use Tor Hidden Services.
19806 - htpdate: omit -f argument to not download full pages.
19807 - htpdate: write success file even when not within {min,max}adjust.
19808 Otherwise htpdate will not "succeed" when the time diff is 0 (i.e.
19809 the clock was already correct) so the success file cannot be used
19810 as an indicator that the system time now is correct, which arguably
19811 is its most important purpose.
19813 * Build system
19814 - Name built images according to git tag.
19816 -- Tails developers <tails@boum.org> Wed, 04 Jan 2012 09:56:38 +0100
19818 tails (0.9) unstable; urgency=low
19820 * Tor
19821 - Upgrade to 0.2.2.34 (fixes CVE-2011-2768, CVE-2011-2769).
19823 * Iceweasel
19824 - Upgrade to 3.5.16-11 (fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
19825 - Upgrade FireGPG to 0.8-1+tails2: notify users that the FireGPG Text
19826 Editor is the only safe place for performing cryptographic operations,
19827 and make it impossible to do otherwise. Other ways open up several
19828 severe attacks through JavaScript (e.g. leaking plaintext when
19829 decrypting, signing messages written by the attacker).
19830 - Install Cookie Monster extension instead of CS Lite.
19831 - Always ask where to save files.
19832 - Upgrade Torbutton to 1.4.4.1-1, which includes support for the in-browser
19833 "New identity" feature.
19835 * Software
19836 - Install MAT, the metadata anonymisation toolkit.
19837 - Upgrade TrueCrypt to 7.1.
19838 - Upgrade WhisperBack to 1.5~rc1 (leads the user by the hand if an error
19839 occurs while sending the bugreport, proposes to save it after 2 faild
19840 attempts, numerous bugfixes).
19841 - Linux: upgrade to linux-image-3.0.0-2-486 (version 3.0.0-6); fixes
19842 a great number of bugs and security issues.
19844 * Miscellaneous
19845 - Fully rework date and time setting system.
19846 - Remove the htp user firewall exception.
19847 - Saner keyboard layouts for Arabic and Russian.
19848 - Use Plymouth text-only splash screen at boot time.
19849 - Color the init scripts output.
19850 - Suppress Tor's warning about applications doing their own DNS lookups.
19851 This is totally safe due to our Tor enforcement.
19852 - Disable hdparm boot-time service.
19853 We only want hdparm so that laptop-mode-tools can use it.
19854 - Run Claws Mail using torify.
19855 It's not as good as if Claws Mail supported SOCKS proxies itself,
19856 but still better than relying on the transparent netfilter torification.
19857 - Install HPLIP and hpcups for better printing support.
19859 * Erase memory at shutdown
19860 - Run many sdmem instances at once.
19861 In hope of erasing more memory until we come up with a proper fix for
19862 [[bugs/sdmem_does_not_clear_all_memory]].
19863 - Kill gdm3 instead of using its initscript on brutal shutdown.
19864 - Use absolute path to eject for more robust memory wipe on boot medium removal.
19866 * Space savings
19867 - Exclude kernel and initramfs from being put into the SquashFS.
19868 Those files are already shipped where they are needed, that is in the ISO
19869 filesystem. Adapt kexec and memlockd bits.
19870 - Do not ship the GNOME icon theme cache.
19871 - Do not ship .pyc files.
19872 - Do not ship NEWS.Debian.gz files.
19874 * Build system
19875 - Re-implement hook that modifies syslinux config to make future
19876 development easier.
19878 -- Tails developers <amnesia@boum.org> Tue, 01 Nov 2011 13:26:38 +0100
19880 tails (0.8.1) unstable; urgency=low
19882 * Iceweasel
19883 - Update to 3.5.16-10 (fixes DSA-2313-1).
19884 - FireGPG: force crypto action results to appear in a new window, otherwise
19885 JavaScript can steal decrypted plaintext. Advice: always use FireGPG's
19886 text editor when writing text you want to encrypt. If you write it in a
19887 textbox the plaintext can be stolen through JavaScript before it is
19888 encrypted in the same way.
19889 - Update HTTPS Everywhere extension to 1.0.3-1.
19890 - Stop using the small version of the Tor check page. The small version
19891 incorrectly tells Tails users to upgrade their Torbrowser, which has
19892 confused some users.
19894 * Software
19895 - Update Linux to 3.0.0-2 (fixes DSA-2310-1, CVE-2011-2905, CVE-2011-2909,
19896 CVE-2011-2723, CVE-2011-2699, CVE-2011-1162, CVE-2011-1161).
19897 - Update usb-modeswitch to 1.1.9-2~bpo60+1 and usb-modeswitch-data to
19898 20110805-1~bpo60+1 from Debian backports. This adds support for a few
19899 devices such as Pantech UMW190 CDMA modem.
19900 - Install libregexp-common-perl 2011041701-3 from Debian unstable. This
19901 fixes the bug: [[bugs/msva_does_not_use_configured_keyserver]].
19902 - Install hdparm so the hard drives can be spinned down in order to save
19903 battery power.
19904 - Install barry-util for better BlackBerry integration.
19905 - Debian security upgrades: OpenOffice.org (DSA-2315-1), openjdk-6
19906 (DSA-2311-1), policykit-1 (DSA-2319-1)
19908 * Protecting against memory recovery
19909 - Set more appropriate Linux VM config before wiping memory. These
19910 parameters should make the wipe process more robust and efficient.
19912 -- Tails developers <amnesia@boum.org> Sun, 16 Oct 2011 11:31:18 +0200
19914 tails (0.8) unstable; urgency=low
19916 * Rebase on the Debian Squeeze 6.0.2.1 point-release.
19918 * Tor
19919 - Update to 0.2.2.33-1.
19920 - Disabled ControlPort in favour of ControlSocket.
19921 - Add port 6523 (Gobby) to Tor's LongLivedPorts list.
19923 * I2P
19924 - Update to 0.8.8.
19925 - Start script now depends on HTP since I2P breaks if the clock jumps or is
19926 too skewed during bootstrap.
19928 * Iceweasel
19929 - Update to 3.5.16-9 (fixes CVE-2011-2374, CVE-2011-2376, CVE-2011-2365,
19930 CVE-2011-2373, CVE-2011-2371, CVE-2011-0083, CVE-2011-2363, CVE-2011-0085,
19931 CVE-2011-2362, CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984,
19932 CVE-2011-2983).
19933 - Enable HTTP pipelining (like TBB).
19934 - Update HTTPS Everywhere extension to 1.0.1-1 from Debian unstable.
19935 - Suppress FoxyProxy update prompts.
19936 - Prevent FoxyProxy from "phoning home" after a detected upgrade.
19937 - Fixed a bunch of buggy regular expressions in FoxyProxy's configuration.
19938 See [[bugs/exploitable_typo_in_url_regex?]] for details. Note that none of
19939 these issues are critical due to the transparent proxy.
19940 - Add DuckDuckGo SSL search engine.
19942 * Torbutton
19943 - Update to torbutton 1.4.3-1 from Debian unstable.
19944 - Don't show Torbutton status in the status bar as it's now displayed in the
19945 toolbar instead.
19947 * Pidgin
19948 - More random looking nicks in pidgin.
19949 - Add IRC account on chat.wikileaks.de:9999.
19951 * HTP
19952 - Upgrade htpdate script (taken from Git 7797fe9) that allows setting wget's
19953 --dns-timeout option.
19955 * Software
19956 - Update Linux to 3.0.0-1. -686 is now deprecated in favour of -486 and
19957 -686-pae; the world is not ready for -pae yet, so we now ship -486.
19958 - Update OpenSSL to 0.9.8o-4squeeze2 (fixes CVE-2011-1945 (revoke
19959 compromised DigiNotar certificates), CVE-2011-1945).
19960 - Update Vidalia to 0.2.14-1+tails1 custom package.
19961 - Install accessibility tools:
19962 - gnome-mag: screen magnifier
19963 - gnome-orca: text-to-speech
19964 - Replace the onBoard virtual keyboard with Florence.
19965 - Install the PiTIVi non-linear audio/video editor.
19966 - Install ttdnsd.
19967 - Install tor-arm.
19968 - Install lzma.
19970 * Arbitrary DNS queries
19971 - Tor can not handle all types of DNS queries, so if the Tor resolver fails
19972 we fallback to ttdnsd. This is now possible with Tor 0.2.2.x, since we
19973 fixed Tor bug #3369.
19975 * Hardware support
19976 - Install ipheth-utils for iPhone tethering.
19977 - Install xserver-xorg-input-vmmouse (for mouse integration with the host OS
19978 in VMWare and KVM).
19979 - Install virtualbox-ose 4.x guest packages from Debian backports.
19981 * Miscellaneous
19982 - Switch gpg to use keys.indymedia.org's hidden service, without SSL.
19983 The keys.indymedia.org SSL certificate is now self-signed. The hidden
19984 service gives a good enough way to authenticate the server and encrypts
19985 the connection, and just removes the certificates management issue.
19986 - The squashfs is now compressed using XZ which reduces the image size quite
19987 drastically.
19988 - Remove Windows autorun.bat and autorun.inf. These files did open a static
19989 copy of our website, which is not accessible any longer.
19991 * Build system
19992 - Use the Git branch instead of the Debian version into the built image's
19993 filename.
19994 - Allow replacing efficient XZ compression with quicker gzip.
19995 - Build and install documentation into the chroot (-> filesystem.squashfs).
19996 Rationale: our static website cannot be copied to a FAT32 filesystem due
19997 to filenames being too long. This means the documentation cannot be
19998 browsed offline from outside Tails. However, our installer creates GPT
19999 hidden partitions, so the doc would not be browseable from outside Tails
20000 anyway. The only usecase we really break by doing so is browsing the
20001 documentation while running a non-Tails system, from a Tails CD.
20003 -- Tails developers <amnesia@boum.org> Thu, 09 Sep 2011 11:31:18 +0200
20005 tails (0.7.2) unstable; urgency=high
20007 * Iceweasel
20008 - Disable Torbutton's external application launch warning.
20009 ... which advises using Tails. Tails *is* running Tails.
20010 - FoxyProxy: install from Debian instead of the older one we previously
20011 shipped.
20013 * Software
20014 - haveged: install an official Debian backport instead of a custom backport.
20015 - unrar: install the version from Debian's non-free repository.
20016 Users report unrar-free does not work well enough.
20018 -- Tails developers <amnesia@boum.org> Sun, 12 Jun 2011 15:34:56 +0200
20020 tails (0.7.1) unstable; urgency=high
20022 * Vidalia: new 0.2.12-2+tails1 custom package.
20024 * Iceweasel
20025 - Don't show Foxyproxy's status / icon in FF statusbar to prevent users
20026 from accidentaly / unconsciously put their anonymity at risk.
20027 - "amnesia branding" extension: bump Iceweasel compatibility to 4.0 to ease
20028 development of future releases.
20030 * Software
20031 - Upgrade Linux kernel to Debian's 2.6.32-33: fixes tons of bugs,
20032 including the infamous missing mouse cursor one. Oh, and it closes
20033 a few security holes at well.
20034 - Install unrar-free.
20035 - Do not install pppoeconf (superseeded by NetworkManager).
20036 - Upgrade macchanger to Debian testing package to ease development of
20037 future Tails releases.
20038 - Debian security upgrades: x11-xserver-utils (DSA-2213-1), isc-dhcp
20039 (DSA-2216-1), libmodplug (DSA-2226-1), openjdk-6 (DSA-2224-1).
20041 * Protecting against memory recovery
20042 - Add Italian translation for tails-kexec. Thanks to Marco A. Calamari.
20043 - Make it clear what it may mean if the system does not power off
20044 automatically.
20045 - Use kexec's --reset-vga option that might fix display corruption issues
20046 on some hardware.
20048 * WhisperBack (encrypted bug reporting software)
20049 - Upgrade WhisperBack to 1.4.1:
20050 localizes the documentation wiki's URL,
20051 uses WebKit to display the bug reporting help page,
20052 now is usable on really small screens.
20053 - Extract wiki's supported languages at build time, save this
20054 information to /etc/amnesia/environment, source this file into the
20055 Live user's environment so that WhisperBack 1.4+ can make good use
20056 of it.
20058 * Miscellaneous
20059 - Fix boot in Chinese.
20060 - Install mobile-broadband-provider-info for better 3G support.
20061 - Add back GNOME system icons to menus.
20062 - tails-security-check: avoid generating double-slashes in the Atom
20063 feeds URL.
20064 - Remove "vga=788" boot parameter which breaks the boot on some hardware.
20065 - Remove now useless "splash" boot parameter.
20066 - Fix a bunch of i386-isms.
20067 - Pass the noswap option to the kernel. This does not change actual Tails
20068 behaviour but prevents users from unnecessarily worrying because of
20069 the "Activating swap" boot message.
20070 - Make use of check.torproject.org's Arabic version.
20072 * Build system
20073 - Enable squeeze-backports. It is now ready and will be used soon.
20074 - Install eatmydata in the chroot.
20075 - Convert ikiwiki setup files to YAML.
20077 -- Tails developers <amnesia@boum.org> Fri, 29 Apr 2011 17:14:53 +0200
20079 tails (0.7) unstable; urgency=low
20081 * Hardware support
20082 - Install foomatic-filters-ppds to support more printers.
20083 - Give the default user the right to manage printers.
20085 * Software
20086 - Deinstall unwanted packages newly pulled by recent live-build.
20088 -- Tails developers <amnesia@boum.org> Wed, 06 Apr 2011 22:58:51 +0200
20090 tails (0.7~rc2) unstable; urgency=low
20092 ** SNAPSHOT build @824f39248a08f9e190146980fb1eb0e55d483d71 **
20094 * Rebase on Debian Squeeze 6.0.1 point-release.
20096 * Vidalia: new 0.2.10-3+tails5 custom package..
20098 * Hardware support
20099 - Install usb-modeswitch and modemmanager to support mobile broadband
20100 devices such as 3G USB dongles. Thanks to Marco A. Calamari for the
20101 suggestion.
20103 * Misc
20104 - Website relocated to https://tails.boum.org/ => adapt various places.
20105 - Configure keyboard layout accordingly to the chosen language for
20106 Italian and Portuguese.
20108 -- Tails developers <amnesia@boum.org> Fri, 25 Mar 2011 15:44:25 +0100
20110 tails (0.7~rc1) UNRELEASED; urgency=low
20112 ** SNAPSHOT build @98987f111fc097a699b526eeaef46bc75be5290a **
20114 * Rebase on Debian Squeeze.
20116 * T(A)ILS has been renamed to Tails.
20118 * Protecting against memory recovery
20119 New, safer way to wipe memory on shutdown which is now also used when
20120 the boot media is physically removed.
20122 * Tor
20123 - Update to 0.2.1.30-1.
20125 * Iceweasel
20126 - Add HTTPS Everywhere 0.9.4 extension.
20127 - Better preserve Anonymity Set: spoof US English Browser and timezone
20128 the same way as the Tor Browser Bundle, disable favicons and picture
20129 iconification.
20130 - Install AdBlock Plus extension from Debian.
20131 - Add Tor-related bookmarks.
20132 - Support FTP, thanks to FoxyProxy.
20133 - Update AdBlock patterns.
20134 - Disable geolocation and the offline cache.
20136 * Software
20137 - Update Vidalia to 0.2.10-3+tails4.
20138 - Install gnome-disk-utility (Palimpsest) and Seahorse plugins.
20139 - Add opt-in i2p support with Iceweasel integration through FoxyProxy.
20140 - onBoard: fix "really quits when clicking the close window icon" bug.
20141 - Optionally install TrueCrypt at boot time.
20142 - Install laptop-mode-tools for better use of battery-powered hardware.
20143 - Replace xsane with simple-scan which is part of GNOME and way easier
20144 to use.
20145 - Upgrade WhisperBack to 1.3.1 (bugfixes, French translation).
20146 - Install scribus-ng instead of scribus. It is far less buggy in Squeeze.
20148 * Firewall
20149 - Drop incoming packets by default.
20150 - Forbid queries to DNS resolvers on the LAN.
20151 - Set output policy to drop (defense-in-depth).
20153 * Hardware support
20154 - Install Atheros and Broadcom wireless firmwares.
20155 - Install libsane-hpaio and sane-utils, respectively needed for
20156 multi-function peripherals and some SCSI scanners.
20158 * live-boot 2.0.15-1+tails1.35f1a14
20159 - Cherry-pick our fromiso= bugfixes from upstream 3.x branch.
20161 * Miscellaneous
20162 - Many tiny user interface improvements.
20163 - More robust HTP time synchronization wrt. network failures.
20164 Also, display the logs when the clock synchronization fails.
20165 - Disable GNOME automatic media mounting and opening to protect against
20166 a class of attacks that was recently put under the spotlights.
20167 Also, this feature was breaking the "no trace is left on local
20168 storage devices unless explicitly asked" part of Tails specification.
20169 - Make configuration more similar to the Tor Browser Bundle's one.
20170 - GnuPG: default to stronger digest algorithms.
20171 - Many more or less proper hacks to get the built image size under 700MB.
20172 - Compress the initramfs using LZMA for faster boot.
20174 * Build system
20175 - Run lb build inside eatmydata fsync-less environment to greatly improve
20176 build time.
20178 -- Tails developers <amnesia@boum.org> Fri, 11 Mar 2011 15:52:19 +0100
20180 tails (0.6.2) unstable; urgency=high
20182 * Tor: upgrade to 0.2.1.29 (fixes CVE-2011-0427).
20183 * Software
20184 - Upgrade Linux kernel, dpkg, libc6, NSS, OpenSSL, libxml2 (fixes various
20185 security issues).
20186 - Upgrade Claws Mail to 3.7.6 (new backport).
20187 - Install Liferea, tcpdump and tcpflow.
20188 * Seahorse: use hkp:// transport as it does not support hkps://.
20189 * FireGPG: use hkps:// to connect to the configured keyserver.
20190 * Build system: take note of the Debian Live tools versions being used
20191 to make next point-release process faster.
20192 * APT: don't ship package indices.
20194 -- T(A)ILS developers <amnesia@boum.org> Wed, 19 Jan 2011 16:59:43 +0100
20196 tails (0.6.1) unstable; urgency=low
20198 * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676)
20199 * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues)
20200 * FireGPG: use the same keyserver as the one configured in gpg.conf.
20201 * Seahorse: use same keyserver as in gpg.conf.
20202 * HTP: display the logs when the clock synchronization fails.
20203 * Update HTP configuration: www.google.com now redirects to
20204 encrypted.google.com.
20205 * Use the light version of the "Are you using Tor?" webpage.
20206 * Update AdBlock patterns.
20208 -- T(A)ILS developers <amnesia@boum.org> Fri, 24 Dec 2010 13:28:29 +0100
20210 tails (0.6) unstable; urgency=low
20212 * Releasing 0.6.
20214 * New OpenPGP signing-only key. Details are on the website:
20215 https://amnesia.boum.org/GnuPG_key/
20217 * Iceweasel
20218 - Fixed torbutton has migrated to testing, remove custom package.
20220 * HTP
20221 - Query ssl.scroogle.org instead of lists.debian.org.
20222 - Don't run when the interface that has gone up is the loopback one.
20224 * Nautilus scripts
20225 - Add shortcut to securely erase free space in a partition.
20226 - The nautilus-wipe shortcut user interface is now translatable.
20228 * Misc
20229 - Really fix virtualization warning display.
20230 - More accurate APT pinning.
20231 - Disable Debian sid APT source again since a fixed live-config has
20232 migrated to Squeeze since then.
20234 * live-boot: upgrade to 2.0.8-1+tails1.13926a
20235 - Sometimes fixes the smem at shutdown bug.
20236 - Now possible to create a second partition on the USB stick T(A)ILS is
20237 running from.
20239 * Hardware support
20240 - Support RT2860 wireless chipsets by installing firmware-ralink from
20241 Debian Backports.
20242 - Install firmware-linux-nonfree from backports.
20243 - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at
20244 build time.
20246 * Build system
20247 - Install live-build and live-helper from Squeeze.
20248 - Update SquashFS sort file.
20250 -- T(A)ILS developers <amnesia@boum.org> Wed, 20 Oct 2010 19:53:17 +0200
20252 tails (0.6~rc3) UNRELEASED; urgency=low
20254 ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d **
20256 * Iceweasel
20257 - Autostart Iceweasel with the GNOME session. This workarounds the
20258 "Iceweasel first page is not loaded" bug.
20260 * HTP
20261 - Upgrade htpdate script (taken from Git 7797fe9).
20263 * Misc
20264 - Disable ssh-agent auto-starting with X session: gnome-keyring is
20265 more user-friendly.
20266 - Fix virtualization warning display.
20267 - Boot profile hook: write desktop file to /etc/skel.
20269 * Build system
20270 - Convert build system to live-build 2.0.1.
20271 - APT: fetch live-build and live-helper from Debian Live snapshots.
20272 - Remove dependency on live-build functions in chroot_local-hooks.
20273 This makes the build environment more robust and less dependent on
20274 live-build internals.
20275 - Remove hand-made rcS.d/S41tails-wifi: a hook now does this.
20276 - Measure time used by the lh build command.
20277 - Fix boot profile hook.
20278 - Boot profiling: wait a bit more: the current list does not include
20279 /usr/sbin/tor.
20281 -- T(A)ILS developers <amnesia@boum.org> Sat, 02 Oct 2010 23:06:46 +0200
20283 tails (0.6~rc2) UNRELEASED; urgency=low
20285 ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 **
20287 * Iceweasel
20288 - Refreshed AdBlock patterns (20100926).
20289 - Set network.dns.disableIPv6 to true (untested yet)
20290 - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug,
20291 disable extensions.torbutton.spoof_english again.
20293 * Software
20294 - WhisperBack: upgrade to 1.3~beta3 (main change: let the user provide
20295 optional email address and OpenPGP key).
20296 - Remove mc.
20297 - Update haveged backport to 0.9-3~amnesia+lenny1.
20298 - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs
20299 in persistency and smem-on-shutdown.
20300 - Update custom htpdate script. Taken from commit d778a6094cb3 in our
20301 custom Git repository: fixes setting of date/time.
20303 * Build system
20304 - Bugfix: failed builds are now (hopefully) detected.
20305 - Fix permissions on files in /etc/apt/ that are preserved in the image.
20306 - Install version 2.0~a21-1 of live-build and live-helper in the image.
20307 We are too late in the release process to upgrade to current Squeeze
20308 version (2.0~a29-1).
20310 * Misc
20311 - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement.
20313 -- T(A)ILS developers <amnesia@boum.org> Wed, 29 Sep 2010 19:23:17 +0200
20315 tails (0.6~1.gbpef2878) UNRELEASED; urgency=low
20317 ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa **
20319 * Hardware support
20320 - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1)
20321 from backports.org. This should support far more hardware and
20322 especially a lot of wireless adapters.
20323 - Add firmware for RTL8192 wireless adapters.
20324 - Enable power management on all wireless interfaces on boot.
20326 * Software
20327 - Install inkscape.
20328 - Install poedit.
20329 - Install gfshare and ssss: two complementary implementations
20330 of Shamir's Secret Sharing.
20331 - Install tor-geoipdb.
20332 - Remove dialog, mc and xterm.
20334 * Iceweasel
20335 - Set extensions.torbutton.spoof_english to its default true value
20336 in order to workaround a security issue:
20337 https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/
20339 * Monkeysphere
20340 - Install the Iceweasel extension.
20341 - Use a hkps:// keyserver.
20343 * GnuPG
20344 - Install gnupg from backports.org so that hkps:// is supported.
20345 - Use a hkps:// keyserver.
20346 - Proxy traffic via polipo.
20347 - Prefer up-to-date digests and ciphers.
20349 * Vidalia: rebased our custom package against 0.2.10.
20351 * Build system
20352 - Built images are now named like this:
20353 tails-i386-lenny-0.5-20100925.iso
20354 - Use live-helper support for isohybrid options instead of doing the
20355 conversion ourselves. The default binary image type we build is now
20356 iso-hybrid.
20357 - Remove .deb built by m-a after they have been installed.
20358 - Setup custom GConf settings at build time rather than at boot time.
20359 - Move $HOME files to /etc/skel and let adduser deal with permissions.
20360 - Convert to live-boot / live-config / live-build 2.x branches.
20361 - Replaced our custom live-initramfs with a custom live-boot package;
20362 included version is 2.0.5-1+tails2.6797e8 from our Git repository:
20363 git clone git://git.immerda.ch/tails_live-boot.git
20364 - Install live-config* from the live-snapshots Lenny repository.
20365 Rationale: live-config binary packages differ depending on the target
20366 distribution, so that using Squeeze's live-config does not produce
20367 fully-working Lenny images.
20368 - Rename custom scripts, packages lists and syslinux menu entries from
20369 the amnesia-* namespace to the tails-* one.
20371 * HTP
20372 - Use (authenticated) HTP instead of NTP.
20373 - The htpdate script that is used comes from commit 43f5f83c0 in our
20374 custom repository: git://git.immerda.ch/tails_htp.git
20375 - Start Tor and Vidalia only once HTP is done.
20377 * Misc
20378 - Fix IPv6 firewall restore file. It was previously not used at all.
20379 - Use ftp.us.debian.org instead of the buggy GeoIP-powered
20380 cdn.debian.net.
20381 - Gedit: don't autocreate backup copies.
20382 - Build images with syslinux>=4.01 that has better isohybrid support.
20383 - amnesia-security-check: got rid of the dependency on File::Slurp.
20384 - Take into account the migration of backports.org to backports.debian.org.
20385 - Make GnuPG key import errors fatal on boot.
20386 - Warn the user when T(A)ILS is running inside a virtual machine.
20387 - DNS cache: forget automapped .onion:s on Tor restart.
20389 * Documentation: imported Incognito's walkthrough, converted to
20390 Markdown, started the needed adaptation work.
20392 -- T(A)ILS developers <amnesia@boum.org> Sun, 26 Sep 2010 11:06:50 +0200
20394 tails (0.5) unstable; urgency=low
20396 * The project has merged efforts with Incognito.
20397 It is now to be called "The (Amnesic) Incognito Live System".
20398 In short: T(A)ILS.
20400 * Community
20401 - Created the amnesia-news mailing-list.
20402 - Added a forum to the website.
20403 - Created a chatroom on IRC: #tails on irc.oftc.net
20405 * Fixed bugs
20406 - Workaround nasty NetworkManager vs. Tor bug that often
20407 prevented the system to connect to the Tor network: restart Tor and Vidalia
20408 when a network interface goes up.
20409 - onBoard now autodetects the keyboard layout... at least once some
20410 keys have been pressed.
20411 - New windows don't open in background anymore, thanks to
20412 a patched Metacity.
20413 - Memory wiping at shutdown is now lightning fast, and does not prevent
20414 the computer to halt anymore.
20415 - GNOME panel icons are right-aligned again.
20416 - Fixed permissions on APT config files.
20417 - Repaired mouse integration when running inside VirtualBox.
20419 * Iceweasel
20420 - Torbutton: redirect to Scroogle when presented a Google captcha.
20421 - Revamped bookmarks
20422 . moved T(A)ILS own website to the personal toolbar
20423 . moved webmail links (that are expected to be more than 3 soon)
20424 to a dedicated folder.
20425 - Don't show AdBlock Plus icon in the toolbar.
20426 - Adblock Plus: updated patterns, configured to only update subscriptions
20427 once a year. Which means never, hopefully, as users do update their
20428 Live system on a regular basis, don't they?
20430 * Vidalia: rebased our custom package against 0.2.8.
20432 * Claws Mail
20433 - Install Claws Mail from backports.org to use the X.509 CA
20434 certificates provided by Debian.
20435 - Enable PGP modules with basic configuration:
20436 . Automatically check signatures.
20437 . Use gpg-agent to manage passwords.
20438 . Display warning on start-up if GnuPG doesn't work.
20439 - Set the IO timeout to 120s (i.e. the double of the default 60s).
20441 * Pidgin
20442 - Automatically connect to irc.oftc.net with a randomized nickname,
20443 so as not to advertize the use of T(A)ILS; this nickname is made of:
20444 . a random firstname picked from the 2000 most registered by the U.S.
20445 social security administration in the 70s;
20446 . two random digits.
20447 Good old irc.indymedia.org is still configured - with same nickname -
20448 but is not enabled by default anymore.
20449 - Disabled MSN support, that is far too often affected by security flaws.
20451 * Build $HOME programmatically
20452 - Migrated all GConf settings, including the GNOME panel configuration,
20453 to XML files that are loaded at boot time.
20454 - Configure iceweasel profile skeleton in /etc/iceweasel.
20455 A brand new profile is setup from this skeleton once iceweasel is
20456 started after boot.
20457 . build sqlite files at build time from plain SQL.
20458 . FireGPG: hard-code current firegpg version at build time to prevent
20459 the extension to think it was just updated.
20460 . stop shipping binary NSS files. These were here only to
20461 install CaCert's certificate, that is actually shipped by Debian's
20462 patched libnss.
20464 * Build system
20465 - Updated Debian Live snapshots APT repository URL.
20466 - Purge all devel packages at the end of the chroot configuration.
20467 - Make sure the hook that fixes permissions runs last.
20468 - Remove unwanted Iceweasel search plugins at build time.
20470 * Misc
20471 - Added a progress bar for boot time file readahead.
20472 - Readahead more (~37MB) stuff in foreground at boot time.
20473 - Make the APT pinning persist in the Live image.
20474 - localepurge: keep locales for all supported languages,
20475 don't bother when installing new packages.
20476 - Removed syslinux help menu: these help pages are either buggy or
20477 not understandable by non-geeks.
20478 - Fixed Windows autorun.
20479 - Disable a few live-initramfs scripts to improve boot time.
20480 - Firewall: forbid any IPv6 communication with the outside.
20481 - Virtualization support: install open-vm-tools.
20482 - WhisperBack: updated to 1.2.1, add a random bug ID to the sent
20483 mail subject.
20484 - Prompt for CD removal on shutdown, not for USB device.
20486 * live-initramfs: new package built from our Git (e2890a04ff) repository.
20487 - Merged upstream changes up to 1.177.2-1.
20488 - New noprompt=usb feature.
20489 - Fix buggy memory wiping and shutdown.
20490 - Really reboot when asked, rather than shutting down the system.
20492 * onBoard
20493 - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1).
20494 - Added an entry in the Applications menu.
20496 * Software
20497 - Install vim-nox with basic configuration
20498 - Install pwgen
20499 - Install monkeysphere and msva-perl
20500 - Replaced randomsound with haveged as an additional source of entropy.
20502 * Hardware support
20503 - Build ralink rt2570 wifi modules.
20504 - Build rt2860 wifi modules from Squeeze. This supports the RT2860
20505 wireless adapter, found particularly in the ASUS EeePC model 901
20506 and above.
20507 - Build broadcom-sta-source wifi modules.
20508 - Bugfix: cpufreq modules were not properly added to /etc/modules.
20509 - Use 800x600 mode on boot rather than 1024x768 for compatibility
20510 with smaller displays.
20512 -- amnesia <amnesia@boum.org> Fri, 30 Apr 2010 16:14:13 +0200
20514 amnesia (0.4.2) unstable; urgency=low
20516 New release, mainly aimed at fixing live-initramfs security issue
20517 (Debian bug #568750), with an additional set of small enhancements as
20518 a bonus.
20520 * live-initramfs: new custom package built from our own live-initramfs
20521 Git repository (commit 8b96e5a6cf8abc)
20522 - based on new 1.173.1-1 upstream release
20523 - fixed live-media=removable behaviour so that filesystem images found
20524 on non-removable storage are really never used (Debian bug #568750)
20526 * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1)
20528 * APT: consistently use the GeoIP-powered cdn.debian.net
20530 * Software: make room so that {alpha, future} Squeeze images fit on
20531 700MB CD-ROM
20532 - only install OpenOffice.org's calc, draw, impress, math and writer
20533 components
20534 - removed OpenOffice.org's English hyphenation and thesaurus
20535 - removed hunspell, wonder why it was ever added
20537 * Boot
20538 - explicitly disable persistence, better safe than sorry
20539 - removed compulsory 15s timeout, live-initramfs knows how to wait for
20540 the Live media to be ready
20542 * Build system: don't cache rootfs anymore
20544 -- amnesia <amnesia@boum.org> Sun, 07 Feb 2010 18:28:16 +0100
20546 amnesia (0.4.1) unstable; urgency=low
20548 * Brown paper bag bugfix release: have amnesia-security-check use
20549 entries publication time, rather than update time... else tagging
20550 a security issue as fixed, after releasing a new version, make this
20551 issue be announced to every user of this new, fixed version.
20553 -- amnesia <amnesia@boum.org> Sat, 06 Feb 2010 03:58:41 +0100
20555 amnesia (0.4) unstable; urgency=low
20557 * We now only build and ship "Hybrid" ISO images, which can be either
20558 burnt on CD-ROM or dd'd to a USB stick or hard disk.
20560 * l10n: we now build and ship multilingual images; initially supported
20561 (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it,
20562 pt, es
20563 - install Iceweasel's and OpenOffice.org's l10n packages for every
20564 supported language
20565 - stop installing localized help for OpenOffice.org, we can't afford it
20566 for enough languages
20567 - when possible, Iceweasel's homepage and default search engine are localized
20568 - added Iceweasel's "any language" Scroogle SSL search engine
20569 - when the documentation icon is clicked, display the local wiki in
20570 currently used language, if available
20571 - the Nautilus wipe script is now translatable
20572 - added gnome-keyboard-applet to the Gnome panel
20574 * software
20575 - replaced Icedove with claws mail, in a bit rough way; see
20576 https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best
20577 practices and configuration advices
20578 - virtual keyboard: install onBoard instead of kvkbd
20579 - Tor controller: install Vidalia instead of TorK
20580 - install only chosen parts of Gnome, rather than gnome-desktop-environment
20581 - do not install xdialog, which is unused and not in Squeeze
20582 - stop installing grub as it breaks Squeeze builds (see Debian bug #467620)
20583 - install live-helper from snapshots repository into the Live image
20585 * Iceweasel
20586 - do not install the NoScript extension anymore: it is not strictly
20587 necessary but bloodily annoying
20589 * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting.
20590 - added dependency on python-gnutls
20591 - install the SMTP hidden relay's certificate
20593 * amnesia-security-check: new program that tells users that the amnesia
20594 version they are running is affected by security flaws, and which ones
20595 they are; this program is run at Gnome session startup, after sleeping
20596 2 minutes to let Tor a chance to initialize.
20597 Technical details:
20598 - Perl
20599 - uses the Desktop Notifications framework
20600 - fetches the security atom feed from the wiki
20601 - verifies the server certificate against its known CA
20602 - tries fetching the localized feed; if it fails, fetch the default
20603 (English) feed
20605 * live-initramfs: new custom package built from our own live-initramfs
20606 Git repository (commit 40e957c4b89099e06421)
20607 - at shutdown time, ask the user to unplug the CD / USB stick, then run
20608 smem, wait for it to finish, then attempt to immediately halt
20610 * build system
20611 - bumped dependency on live-helper to >= 2.0a6 and adapted our config
20612 - generate hybrid ISO images by default, when installed syslinux is
20613 recent enough
20614 - stop trying to support building several images in a row, it is still
20615 broken and less needed now that we ship hybrid ISO images
20616 - scripts/config: specify distribution when initializing defaults
20617 - updated Debian Live APT repository's signing key
20619 * PowerPC
20620 - disable virtualbox packages installing and module building on !i386
20621 && !amd64, as PowerPC is not a supported guest architecture
20622 - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb
20624 * Squeeze
20625 - rough beginnings of a scratch Squeeze branch, currently unsupported
20626 - install gobby-infinote
20628 * misc
20629 - updated GnuPG key with up-to-date signatures
20630 - more improvements on boot time from CD
20631 - enhanced the wipe in Nautilus UI (now asks for confirmation and
20632 reports success or failure)
20633 - removed the "restart Tor" launcher from the Gnome panel
20635 -- amnesia <amnesia@boum.org> Fri, 05 Feb 2010 22:28:04 +0100
20637 amnesia (0.3) unstable; urgency=low
20639 * software: removed openvpn, added
20640 - Audacity
20641 - cups
20642 - Git
20643 - Gobby
20644 - GParted
20645 - lvm2 (with disabled initscript as it slows-down too much the boot in certain
20646 circumstances)
20647 - NetworkManager 0.7 (from backports.org) to support non-DHCP networking
20648 - ntfsprogs
20649 - randomsound to enhance the kernel's random pool
20650 * Tor
20651 - install the latest stable release from deb.torproject.org
20652 - ifupdown script now uses SIGHUP signal rather than a whole tor
20653 restart, so that in the middle of it vidalia won't start it's own
20654 tor
20655 - configure Gnome proxy to use Tor
20656 * iceweasel
20657 - adblockplus: upgraded to 1.0.2
20658 - adblockplus: subscribe to US and DE EasyList extensions, updated patterns
20659 - firegpg is now installed from Debian Squeeze rather than manually; current
20660 version is then 0.7.10
20661 - firegpg: use better keyserver ... namely pool.sks-keyservers.net
20662 - added bookmark to Amnesia's own website
20663 - use a custom "amnesiabranding" extension to localize the default search
20664 engine and homepage depending on the current locale
20665 - updated noscript whitelist
20666 - disable overriden homepage redirect on iceweasel upgrade
20667 * pidgin
20668 - nicer default configuration with verified irc.indymedia.org's SSL cert
20669 - do not parse incoming messages for formatting
20670 - hide formatting toolbar
20671 * hardware compatibility
20672 - b43-fwcutter
20673 - beginning of support for the ppc architecture
20674 - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel
20675 modules
20676 * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built
20677 from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git
20678 repository
20679 - securely erases RAM on shutdown using smem
20680 - fixes the noprompt bug when running from USB
20681 - disables local swap partitions usage, wrongly enabled by upstream
20682 * fully support for running as a guest system in VirtualBox
20683 - install guest utils and X11 drivers
20684 - build virtualbox-ose kernel modules at image build time
20685 * documentation
20686 - new (translatable) wiki, using ikiwiki, with integrated bugs and todo
20687 tracking system a static version of the wiki is included in generated
20688 images and linked from the Desktop
20689 * build system
20690 - adapt for live-helper 2.0, and depend on it
20691 - get amnesia version from debian/changelog
20692 - include the full version in ISO volume name
20693 - save .list, .packages and .buildlog
20694 - scripts/clean: cleanup any created dir in binary_local-includes
20695 - updated Debian Live snapshot packages repository URL and signing key
20696 - remove duplicated apt/preferences file, the live-helper bug has been
20697 fixed
20698 * l10n: beginning of support for --language=en
20699 * misc
20700 - improved boot time on CD by ordering files in the squashfs in the order they
20701 are used during boot
20702 - added a amnesia-version script to built images, that outputs the current
20703 image's version
20704 - added a amnesia-debug script that prepares a tarball with information that
20705 could be useful for developpers
20706 - updated Amnesia GnuPG key to a new 4096R one
20707 - set time with NTP when a network interface is brought up
20708 - import amnesia's GnuPG pubkey into the live session user's keyring
20709 - do not ask DHCP for a specific hostname
20710 - install localepurge, only keep en, fr, de and es locales, which reduces the
20711 generated images' size by 100MB
20712 - added a hook to replace /sbin/swapon with a script that only runs
20713 /bin/true
20714 - moved networking hooks responsibility from ifupdown to NetworkManager
20716 -- amnesia <amnesia@boum.org> Thu, 26 Nov 2009 11:17:08 +0100
20718 amnesia (0.2) unstable; urgency=low
20720 * imported /home/amnesia, then:
20721 - more user-friendly shell, umask 077
20722 - updated panel, added launcher to restart Tor
20723 - mv $HOME/bin/* /usr/local/bin/
20724 - removed metacity sessions
20725 - removed gstreamer's registry, better keep this dynamically updated
20726 - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated
20727 - removed .gnome/gnome-vfs/.trash_entry_cache
20728 - removed kconf_update log
20729 - removed and excluded Epiphany configuration (not installed)
20730 - cleanup .kde
20731 * iceweasel
20732 - enable caching in RAM
20733 - explicitly disable ssl v2, and enable ssl v3 + tls
20734 - removed prefs for the non-installed webdeveloper
20735 - removed the SSL Blacklist extension (not so useful, licensing issues)
20736 - deep profile directory cleanup
20737 - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled
20738 AddBlock Plus and CS Lite to allow upgrading them
20739 - updated pluginreg.dat and localstore.rdf
20740 - moved some settings to user.js
20741 - made cookie/JavaScript whitelists more consistent
20742 - force httpS on whitelisted sites
20743 - NoScript: marked google and gmail as untrusted
20744 - some user interface tweaks, mainly for NoScript
20745 - FireGPG: disable the buggy auto-detection feature, the link to firegpg's
20746 homepage in generated pgp messages and the GMail interface (which won't
20747 work without JavaScript anyway)
20748 - updated blocklist.xml
20749 - removed and excluded a bunch of files in the profile directory
20750 * icedove: clean the profile directory up just like we did for iceweasel
20751 * software: install msmtp and mutt
20752 * home-refresh
20753 - use rsync rather than tar
20754 * documentation
20755 - various fixes
20756 - reviewed pidgin-otr security (see TODO)
20757 * build system
20758 - stop calling home-refresh in lh_build
20759 - include home-refresh in generated images
20760 - gitignore update
20761 - fix permissions on local includes at build time
20762 - updated scripts/{build,clean} wrt. new $HOME handling
20763 - scripts/{build,config}: stop guessing BASEDIR, we must be run from
20764 the root of the source directory anyway
20765 - stop storing /etc/amnesia/version in Git, delete it at clean time
20766 * release
20767 - converted Changelog to the Debian format and location, updated
20768 build scripts accordingly
20769 - added a README symlink at the root of the source directory
20770 - basic debian/ directory (not working for building packages yet,
20771 but at least we can now use git-dch)
20772 - added debian/gbp.conf with our custom options for git-dch
20773 - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used
20774 by developpers' scripts
20775 - added ./release script: a wrapper around git-dch, git-commit and git-tag
20777 -- amnesia <amnesia@boum.org> Tue, 23 Jun 2009 14:42:03 +0200
20779 amnesia (0.1) UNRELEASED; urgency=low
20781 * Forked Privatix 9.03.15, by Markus Mandalka:
20782 http://mandalka.name/privatix/index.html.en
20783 Everything has since been rewritten or so heavily changed that nothing
20784 remains from the original code... apart of a bunch of Gnome settings.
20785 * hardware support:
20786 - install a bunch of non-free wifi firmwares
20787 - install xsane and add the live user to the scanner group
20788 - install aircrack-ng
20789 - install xserver-xorg-video-geode on i386 (eCafe support)
20790 - install xserver-xorg-video-all
20791 - install firmware-linux from backports.org
20792 - install system-config-printer
20793 - added instructions in README.eCAFE to support the Hercules eCAFE EC-800
20794 netbook
20795 * APT:
20796 - configure pinning to support installing chosen packages from
20797 squeeze; the APT source for testing is hardcoded in chroot_sources/,
20798 since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks
20799 - give backports.org priority 200, so that we track upgrades of packages
20800 installed from there
20801 * release: include the Changelog and TODO in the generated images,
20802 in the /usr/share/doc/amnesia/ directory
20803 * software: install gnomebaker when building Gnome-based live OS, to
20804 easily clone myself when running from CD
20805 * build system
20806 - build i386 images when the build host is amd64
20807 - added a version file: /etc/amnesia/version
20808 - use snapshot live-* packages inside the images
20809 - setup timezone depending on the chosen build locale
20810 - rely on standard live-initramfs adduser to do our user setup
20811 (including sudo vs. Gnome/KDE, etc.)
20812 - stop "supporting" KDE
20813 - allow building several images at once
20814 - migrated most of lh_config invocations to scripts/config
20815 - append "noprompt" so that halting/rebooting work with splashy
20816 - moved our own variables to config/amnesia, using the namespace
20817 $AMNESIA_*
20818 * iceweasel
20819 - default search engine is now Scroogle SSL, configured to search pages
20820 in French language; the English one is also installed
20821 - never ask to save passwords or forms content
20822 - configured the torbutton extension to use polipo
20823 - installed the CACert root certificate
20824 - installed the SSL Blacklist extension and the blacklist data
20825 - installed the FireGPG extension
20826 - installed the CS Lite extension
20827 - installed the NoScript extension
20828 - NoScript, CS Lite: replaced the default whitelists with a list of
20829 trusted, non-commercial Internet Service Providers
20830 - configure extensions (add to prefs.js):
20831 user_pref("extensions.torbutton.startup", true);
20832 user_pref("extensions.torbutton.startup_state", 1);
20833 user_pref("extensions.torbutton.tor_enabled", true);
20834 user_pref("noscript.notify.hide", true);
20835 user_pref("capability.policy.maonoscript.sites", "about:
20836 about:blank about:certerror about:config about:credits
20837 about:neterror about:plugins about:privatebrowsing
20838 about:sessionrestore chrome: resource:");
20839 user_pref("extensions.firegpg.no_updates", true);
20840 - install the NoScript plugin from Debian squeeze
20841 - delete urlclassifier3.sqlite on $HOME refresh: as we disabled
20842 "safebrowsing", this huge file is of no use
20843 - torbutton: install newer version from Squeeze
20844 * linux: removed non-686 kernel flavours when building i386 images
20845 * compatibility: append "live-media=removable live-media-timeout=15", to
20846 prevent blindly booting another debian-live installed on the hard disk
20847 * software: added
20848 - gnome-app-install
20849 - iwconfig
20850 - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
20851 - kvkbd: virtual keyboard (installed from backports.org)
20852 - sshfs (and added live user to the fuse group)
20853 - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
20854 - scribus
20855 * Tor
20856 - enable the transparent proxy, the DNS resolver, and the control port
20857 - save authentication cookie to /tmp/control_auth_cookie, so that the
20858 live user can use Tork and co.
20859 - autostart Tork with Gnome
20860 - Tork: installed, disabled most notifications and startup tips
20861 - added a restart tor hook to if-up.d (used by Network Manager as well),
20862 so that Tor does work immediately even if the network cable was
20863 plugged late in/after the boot process
20864 * $HOME
20865 - added a nautilus-script to wipe files and directories
20866 - bash with working completion for the live user
20867 * polipo: install and configure this HTTP proxy to forward requests
20868 through Tor
20869 * DNS: install and configure pdnsd to forward any DNS request through
20870 the Tor resolver
20871 * firewall: force every outgoing TCP connection through the Tor
20872 transparent proxy, discard any outgoing UDP connection
20873 * misc
20874 - set syslinux timeout to 4 seconds
20875 - use splashy for more user-friendly boot/halt sequences
20877 -- amnesia <amnesia@boum.org> Sat, 20 Jun 2009 21:09:15 +0200