unsafe-browser vs XWayland

[tails.git] / debian / changelog

tails (5.10) UNRELEASED; urgency=medium

  * Dummy entry for next release.

 -- boyska <boyska@riseup.net>  Tue, 24 Jan 2023 12:31:16 +0100

tails (5.9) unstable; urgency=medium

  * Update tor to 0.4.7.13 (tails/tails!1013)

    Closes issues:
      - Upgrade to Tor 0.4.7.13 (tails/tails#19377)

    Commits:
      - Update tor to 0.4.7.13

  * Resolve "Upgrade to Tor Browser based on Firefox 102.7" (tails/tails!1012)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 102.7 (tails/tails#19360)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 12.0.2-build1

  * tps: Increase timeout of activate call (tails/tails!1006)

    Closes issues:
      - tps logs passphrase in cleartext in debug mode (tails/tails#19350)
      - Persistent Storage fails to activate: timeout (tails/tails#19347)

    Commits:
      - tps: Don't print status of NetworkManager.service to stdout
      - tps: Bump the activation timeout to 120 seconds
      - tps: Add log messages
      - tps: Log line which called executil helper functions

  * Troubleshooting mode: stop passing options that can only break stuff
    (tails/tails!999)

    Closes issues:
      - Reconsider Troubleshooting Mode kernel command line wrt. Wayland
        (tails/tails#19321)

    Commits:
      - Troubleshooting mode (syslinux): stop passing options that can only break stuff
      - Troubleshooting mode (EFI): stop passing options that can only break stuff

  * Upgrade to Linux 6.0 (tails/tails!996)

    Closes issues:
      - Add randomize_kstack_offset=1 to boot parameters (tails/tails#19023)
      - Enable BPF JIT hardening (tails/tails#19345)
      - Upgrade to Linux 6.0 (tails/tails#18467)

    Commits:
      - Test suite: allow the pattern to cover slightly less of the write cache
      - Revert renaming of /etc/amnesia/version to /etc/tails/version
      - Move "set -eu" to a better location
      - Test suite: remove dead code
      - Test suite: drop check about tails-version output
      - Upgrade to Linux 6.0.12-1~bpo11+1
      - early_patch: implement the initramfs-tools' "prereqs" interface
      - initramfs: stop including SCSI drivers
      - initramfs: bring back including all DRM modules
      - Always log the size of the initramfs
      - initramfs: remove support for AFS and CIFS
      - initramfs: remove support for PCMCIA and parallel port
      - initramfs: don't include firmware for drivers we removed
      - initramfs: remove sunrpc support
      - initramfs: remove a bunch more SCSI drivers
      - Add set -u
      - Drop set -x
      - Include fewer modules in the initramfs
      - Compress the initramfs with the most space-efficient XZ compression level
      - Simplify how we set initramfs compression algorithm
      - Hardening: turn on BPF JIT hardening, if the JIT is enabled.
      - Fix headings levels
      - Hardening: randomize kernel stack offset on syscall entry
      - initrd: install privacy screen provider drivers
      - Upgrade to Linux 6.0.3-1~bpo11+1 from bullseye-backports
      - Enable bullseye-backports APT source
      - Rename config/amnesia to config/variables
      - Rename /etc/amnesia to /etc/tails
      - Deprecate /usr/share/doc/amnesia/
      - The thing is called Tails
      - Drop support for config/amnesia.local
      - Update comment
      - Rename $AMNESIA_* variables
      - Remove unused variables

  * Tor Connection: Hide "Fix clock", "Proxy", and "Captive Portal" when time sync
    was successful already (tails/tails!986)

    Closes issues:
      - Add label to bridge line on the error screen (tails/tails#19332)
      - Hide "Fix clock", "Proxy", and "Captive Portal" when time sync was successful
        already (tails/tails#19171)

    Commits:
      - Make it easier to reason about state transitions
      - Tor Connection: simplify test
      - Tor Connection: improve phrasing
      - Tor Connection: make phrasing consistent
      - Tor Connection: tell the user when we know their network is blocking access to
        Tor
      - Tor Connection: explain what bridges are on the error screen
      - Tor Connection: rename "Bridge by email" section on the error screen
      - Tor Connection: add label to bridge line on the error screen too
      - Tor Connection: fix alignment of "Send an empty email" string
      - Tor Connection: Hide "Fix clock", "Proxy", and "Captive Portal" when time sync
        was successful already
      - Name widgets so we can act on them
      - Tor Connection: make log message somewhat clearer
      - Tor Connection: remember the result of tails-get-network-time

  * tps: Fix handling of symlink bindings (tails/tails!1009)

    Closes issues:
      - Persistent Storage sometimes fails to activate Dotfiles (tails/tails#19346)

    Commits:
      - tps behave-tests: Support passing flags to behave
      - tps behave-tests: Test source directory with symlink
      - tps behave-tests: Add README
      - tps: Fix BEHAVE_DEBUG_ON_ERROR feature of the behave tests
      - tps: Improve log messages
      - tps-frontend: Improve log and error messages
      - tps-frontend: Fix log level of message
      - tps: Fix activation of symlink bindings failing
      - tps: Fix log message
      - tps: Improve error message
      - tps: Fix Activate call failing with spurious error
      - tps: More useful error message

  * tps: Don't log parameters which can contain secrets (tails/tails!1005)

    Closes issues:
      - tps logs passphrase in cleartext in debug mode (tails/tails#19350)

    Commits:
      - tps: Don't log parameters which can contain secrets

  * Do not hide the GTK3 “application menu” button in title bars (tails/tails!1004)

    Closes issues:
      - Cannot access GTK3 application menus in Tails 5.8 / Wayland (tails/tails#19371)

    Commits:
      - Do not hide the GTK3 “application menu” button in title bars

  * Fix Tor Browser homepage localization when started from Tor Connection
    (tails/tails!1003)

    Closes issues:
      - Tor Browser homepage is not localized when started from Tor Connection
        (tails/tails#19369)

    Commits:
      - Simplify f-string
      - Lint
      - Fix Tor Browser homepage localization when started from Tor Connection

  * Update tails@ key (tails/tails!1001)

    Commits:
      - Test suite: ensure OpenPGP keys test is run when the only change on the branch
        is updating a key
      - Update tails@ key

  * Pull non-website PO files from Weblate (tails/tails!1000)

    Closes issues:
      - Pull non-website PO files from Weblate (tails/tails#19322)

    Commits:
      - import-translations: remove obsolete reference to Transifex
      - import-translations: drop support for excluding languages
      - generate-languages-list: workaround the fact we can't distinguish reviewed
        translations from non-reviewed ones
      - Pull non-website PO files from Weblate

  * Make a few user-facing strings localizable (tails/tails!998)

    Closes issues:
      - Not localized (internationalized) strings (tails/tails#19349)

    Commits:
      - Integrate the Welcome Screen's main_window.py into our l10n framework
      - Lint
      - Make a few user-facing strings localizable

  * Autocorrect Rubocop violations (tails/tails!997)

    Commits:
      - Test suite: lint
      - Test suite: run rubocop --autocorrect

  * Improve wording of backup utility (tails/tails!995)

    Closes issues:
      - Improve wording of backup utility (tails/tails#19348)

    Commits:
      - Test suite: adjust to new UI wording
      - Use more consistent wording
      - Fix typography
      - Improve wording

  * Fix newly discovered shellcheck violations (tails/tails!994)

    Commits:
      - Fix "lb build" exit code reporting
      - Add missing quotes

  * Remove scrollbar in Favorites (tails/tails!992)

    Closes issues:
      - Need to scroll to see all Favorites (tails/tails#19338)

    Commits:
      - Apply 1 suggestion(s) to 1 file(s)
      - Test suite: fix "the screen keyboard works in Tor Browser"
      - Lint
      - Test suite: remove dead code
      - Test suite: retry opening new tab
      - Test suite: ensure Tor Browser has loaded the home page before we continue
      - Test suite: spam Tor Browser less intensively
      - Test suite: remove unused code
      - Test suite: start Tor Browser and Thunderbird by typing their name
      - Test suite: fix typo in comment
      - Remove scrollbar in Favorites

  * Remove dead code about TAILS_WIKI_SUPPORTED_LANGUAGES (tails/tails!991)

    Commits:
      - WhisperBack: don't try to include non-existing tails-greeter.errors file
      - WhisperBack: don't try to include non-existing xorg.conf
      - Remove l10n plumbing for WhisperBack configuration file
      - Remove obsolete .xsessionrc
      - Lint
      - WhisperBack config: remove dead code

  * Test suite: fix Unsafe Browser localization test in French (tails/tails!988)

    Commits:
      - Test suite: fix Unsafe Browser localization test in French

  * Revert "Run Qt applications as native Wayland by default" (tails/tails!987)

    Closes issues:
      - Remove obsolete config/chroot_local-includes/usr/share/live/config/xserver-
        xorg/*.ids (tails/tails#19330)
      - Qt AppImages broken on Tails 5.8 (tails/tails#19326)
      - Clipboard encryption/decryption with Kleopatra is broken on Wayland
        (tails/tails#19329)
      - can't paste into unlock password field in KeepassXC in Tails 5.8
        (tails/tails#19327)

    Commits:
      - Remove obsolete per-device X.Org driver override via live-config
      - Revert "Don't run OnionShare as a native Wayland app"
      - Revert "Run Qt applications as native Wayland by default"

  * Remove the warning dialog when starting the Unsafe Browser (tails/tails!985)

    Closes issues:
      - Explain better the Unsafe Browser from Tor Connection (tails/tails#19168)

    Commits:
      - Test suite: adjust to removed warning dialog
      - Remove the warning dialog when starting the Unsafe Browser

  * Make the Upgrader use the mirror redirector (tails/tails!983)

    Commits:
      - Upgrader: use dedicated SocksPort with no stream isolation
      - Test suite: remove test whose cost/benefit has become very high
      - Test suite: apply user-facing terminology
      - Design doc: remove outdated details
      - Remove now unused mirror-pool-dispatcher submodule
      - Design doc: update what the fallback DNS pool is used for
      - Drop dead code, obsolete dependencies, and obsolete tweaks
      - Upgrader: Drop the "replace URL with a random one from the mirror pool JSON"
        and "fallback to DNS pool" mechanisms
      - Upgrader: bring back explanation when impossible to do an incremental upgrade
      - IUK test suite: adjust to 888b78811bcd156284d01a063d448f6bd693db22
      - Design doc: use new download URI in example UDFs
      - Generate UDFs that point to the mirror redirector for ISO and IUK downloads

  * Welcome Screen: restore ability to login with default settings by pressing
    "Enter" (tails/tails!982)

    Closes issues:
      - Login with default settings now requires pressing "Enter" twice in the Welcome
        Screen (tails/tails#19323)

    Commits:
      - Welcome Screen: restore ability to login with default settings by pressing
        "Enter"

  * switch Persistent Storage icon to SVG (tails/tails!980)

    Closes issues:
      - Replace Persistent Storage icon with SVG version (tails/tails#19316)

    Commits:
      - Also use the SVG icon in the Welcome Screen
      - Switch Persistent Storage icon to SVG

 -- Tails developers <tails@boum.org>  Mon, 23 Jan 2023 11:53:31 +0100

tails (5.8) unstable; urgency=medium

  * Upgrade Thunderbird to 102.6.0-1~deb11u1

  * Fix FTBFS: refresh patch (tails/tails!965)

    Closes #19297
  
    Commits:
      - Fix FTBFS: refresh patch

  * Update tor browser to 12.0.1 (tails/tails!979)

    Closes #19313

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 12.0.1-build1

  * Enable bullseye-proposed-updates (to test Bullseye 11.6 before it's released),
    upgrade to Linux 5.10.158 (tails/tails!975)

    Closes #19301, #19293

    Commits:
      - After disabling the Tor Configuration persistence feature, only start Tor
        Connection if we're connected to a local network
      - Also consider the Linux kernel from bullseye-updates
      - Install the Linux kernel from bullseye-proposed-updates, if that suite is
        enabled
      - Test suite: remove unused image
      - Upgrade to Linux 5.10.158-1
      - Enable bullseye-proposed-updates, to test Bullseye 11.6 before it's released
      - Bump snapshot of the Debian archive to 2022121302, so we can use proposed-
        updates for Bullseye 11.6

  * Test suite: make keyboard input more reliable (tails/tails!971)

    Commits:
      - Test suite: increase sleep time at the end of Screen#type
      - Test suite: correct comment
      - Test suite: keep keys pressed for 40 ms
      - Test suite: improve comment
      - Test suite: keep keys pressed for 20 ms instead of 10 ms
      - Test suite: update comment

  * Fix Dotfiles access for non-root users (tails/tails!968)

    Closes #19278

    Commits:
      - Fix dotfiles access for non-root users

  * Adapt to Wayland our error reporting mechanism when GDM fails to start
    (tails/tails!951)

    Closes #19227

    Commits:
      - resorting to X.Org → crash → better UX!
      - Adapt to Wayland our error reporting mechanism when GDM fails to start

  * Switch from bullseye-proposed-updates to Bullseye 11.6 (tails/tails!978)

    Closes #19315

    Commits:
      - Revert "Enable bullseye-proposed-updates, to test Bullseye 11.6 before it's
        released"
      - Bump APT snapshots

  * Tor Connection UI improvements (tails/tails!977)

    Closes #19238, #19256, #19169, #19172

    Commits:
      - Tor Connection: fix window size
      - Fix links from Tor Connection to the offline documentation
      - Tor Connection: fix typo in string
      - Tor Connection: display QR code scanning error below the scanning button
      - Add label to bridge line

  * Persistent Storage: use new icon (tails/tails!976)

    Commits:
      - Use the new Persistent Storage icon on the Welcome Screen when the Persistent
        Storage does not exist yet
      - Persistent Storage: use new icon

  * Allow persisting bridge scanned from QR code, take 1 (tails/tails!973)

    Closes #19281

    Commits:
      - Allow persisting bridge scanned from QR code, take 1

  * Update tor to 0.4.7.12 (tails/tails!972)

    Closes #19310

    Commits:
      - Update tor to 0.4.7.12

  * fix window centering (tails/tails!970)

    Closes #19045

    Commits:
      - Ensure extension description matches what it actually does
      - gdm-tails is a GDM session, with extension support
      - more comments to clarify subtleties
      - check which session we're in is more to the point
      - not really needed
      - Apply 1 suggestion(s) to 1 file(s)
      - stop "when it's done" , not predefined time
      - window-centering only runs in GDM
      - increase timeout
      - rounding is needed to avoid false moves
      - better comments and log messages
      - Revert "avoid useless CPU work"
      - avoid useless CPU work
      - extensions are disabled in GDM: workaround
      - window centering in Greeter

  * Remove static suggestion of diceware passphrase (tails/tails!969)

    Closes #19305

    Commits:
      - Remove static suggestion of diceware passphrase

  * Allow disabling the Unsafe Browser (tails/tails!967)

    Closes #19289

    Commits:
      - fix "I disable the Unsafe Browser" in corner cases
      - adapt Greeter options persistence
      - fix test suite for new wording
      - Adjust to the Unsafe Browser being disabled by default
      - Update tests
      - Enable Unsafe Browser by default
      - Revert "Welcome Screen: always enable the Unsafe Browser and make the setting
        obsolete"

  * Misc Persistent Storage fixes for 5.8 (tails/tails!966)

    Closes #19220, #19279, #19280, #19148, #19294

    Commits:
      - Don't run OnionShare as a native Wayland app
      - Run Qt applications as native Wayland by default
      - Allow running Qt applications as native Wayland
      - Remove Dasher (broken on Wayland)
      - Tell the user what's going on while deleting Persistent Storage
      - When Persistent Storage is unlocked, instruct how to delete it
      - Persistent Storage: add missing link to doc on the features screen

  * FIX --disable-chutney (tails/tails!961)

    Commits:
      - FIX --disable-chutney

  * Tor Connection: select "Ask for a bridge by email" by default when "Hiding"
    (tails/tails!957)

    Closes #19167

    Commits:
      - Make it easier to scan a QR code
      - Tor Connection: select "Ask for a bridge by email" by default when "Hiding"

  * Tor Connection: display percentage on the connection progress bar
    (tails/tails!955)

    Commits:
      - Tor Connection: display percentage on the connection progress bar

  * TPS explanation strings, and more (tails/tails!947)

    Closes #18759

    Commits:
      - remove vague comment
      - remove dead code
      - remove dead code
      - explanation strings for relevant TPS features

  * Additional Software: ensure APT is not broken after being interrupted
    (tails/tails!946)

    Closes #18657

    Commits:
      - Additional Software: ensure APT is not broken after being interrupted

  * Test suite: relax our expectations for coverage of the known pattern in memory
    (tails/tails!944)

    Commits:
      - Test suite: relax our expectations for coverage of the known pattern in memory

  * create persistent storage from the greeter (tails/tails!922)

    Closes #15586

    Commits:
      - change wording following the new style
      - comment to explain flag files
      - tabs → spaces
      - Apply 3 suggestion(s) to 3 file(s)
      - Fix labels
      - greeter test suite code refactor
      - checking early is useless and ineffective
      - FIX look at the actual value
      - big code refactoring
      - actually handle button
      - better size and margins for padlock
      - make label the same in glade and python
      - remove suggested-action
      - Reorder in greeter
      - Better real estate use
      - draft: automated tests
      - "don't create" is not a suggested-action
      - Clearer state management in UI
      - actually start persistent storage setup
      - draft: create persistent storage from greeter

  * Upgrade Tor Browser to 12.0 (tails/tails!921)

    Closes #19135, #19085

    Commits:
      - Test suite: bump timeout
      - Make code more readable
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 12.0
      - Test suite: fix "Downloading files with the Tor Browser" scenario with Tor
        Browser 12 on Wayland
      - Test suite: improve comment phrasing
      - Test suite: only compute keymap once in Screen#press
      - Test suite (mouse_location): remove unused method parameters
      - Fix buggy (invisible) conflict resolution from rebase
      - Turn off shellcheck false positive
      - Drop obsolete mentions of $TBB_EXT
      - Drop import of library that's not needed anymore
      - Update handling of Tor Browser locales
      - Fix location for Burmese
      - Declare newly added Tor Browser locales
      - Don't try to install non-existing langpacks
      - Tor Browser update process: there's no langpacks anymore
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 12.0a5
      - Upgrade Tor Browser to nightly.2022.11.22
      - Thunderbird: avoid proxy bypass, same as Tor Browser
      - Test suite: Unsafe Browser has no bookmarks at all anymore
      - Unsafe Browser: delete default bookmarks
      - Test suite: update expected images
      - Test suite: update expected images
      - Upgrade Tor Browser to 12.0a4
      - Thunderbird: replace network.security.ports.banned pref with
        network.proxy.allow_hijacking_localhost
      - Tor Browser: remove network.security.ports.banned pref, which does more harm
        than good
      - Update AppArmor policy for Tor Browser 12
      - Test suite: update expected images for Tor Browser 12
      - Test suite: update expected Unsafe Browser images for Tor Browser 12
      - Lint
      - Remove unused variable
      - Test suite: update expected images for Tor Browser 12
      - Test suite: remove obsolete complexity
      - Test suite: update for new "New Identity" UX in Tor Browser 12
      - Test suite: spam Tor Browser less intensively
      - Test suite: refactoring (DRY)
      - Test suite: update expected image
      - Test suite: spam Tor Browser less intensively
      - Test suite: add support for Tor Browser nightly builds
      - Clarify comment
      - Fix indentation
      - Drop unused flexibility
      - Remove obsolete variable
      - Adjust to multilingual Tor Browser tarball
      - Adjust to script being renamed upstream
      - Upgrade Tor Browser to nightly.2022.10.19
      - Tor Browser upgrade doc: support nightly builds, assume multilingual tarball
      - Upgrade Tor Browser to 12.0a3
      - Unsafe Browser: also apply branding to brand.properties
      - Fix grammar in comment
      - Unsafe Browser: don't ask confirmation when quitting with CTRL+q
      - Test suite: update Unsafe Browser images
      - Test suite: add expected unused Tor Browser library
      - Test suite: adjust to Tor Browser 12's (Firefox 102) new download flow
      - Upgrade Tor Browser to 12.0a2
      - Clarify wording

 -- Tails developers <tails@boum.org>  Mon, 19 Dec 2022 09:43:26 +0000

tails (5.8~beta1) unstable; urgency=medium

  * Rewrite the Persistent Storage settings in Python (tails/tails!897)

    Closes: #17803, #15142, #11529, #15827, #7002, #18008, #17331, #7503, #19130, #16061, #15313

    Commits:
      - Change test case to reflect what we wanted
      - Really disable broken Thunderbird test
      - fix reload-connections hook during greeter
      - clarify Mount.__str__ from persistence.conf format
      - one more type hint
      - remove a (never used) systemd alias
      - symlink_to ignores the second argument.
      - sort hook execution
      - Point to issue
      - Update comment
      - Reset Tor configuration when deactivating the corresponding Persistent Storage
        feature
      - Don't install/upgrade Additional Software unless the corresponding persistent
        directories are mounted
      - Don't try to create Persistent Storage when the system partition is not called
        "Tails"
      - Don't try to create Persistent Storage on non-GPT device
      - Persistent Storage creation: use UI strings from the design
      - Add ssh as a conflict app for the SSH client feature
      - Move "Tor Browser Bookmarks" to Applications section of Persistent Storage
        settings
      - Save with Glade 3.40.0
      - Reload NetworkManager connections when activating/deactivating the
        corresponding Persistent Storage feature
      - tps-frontend: fix icons path
      - Stop setting custom permissions on /var/lib/live/config
      - WhisperBack: don't include obsolete file in the attached technical info
      - CUPS: update configuration files as soon as possible
      - Restart CUPS after enabling/disabling the Printers persistent storage feature
      - Remove incorrect comment
      - Remove function that's not used anymore
      - tails-additional-software-config: adjust to new Persistent Storage
        implementation
      - Refactoring: move method to library
      - Revert "Test suite: workaround regression in Additional Software"
      - tails-additional-software: don't wait for tps-frontend to complete before
        writing contents to live-additional-software.conf
      - Add docstring
      - launch_x_application: drop feature we don't need anymore
      - Add exceptions for Bandit false positives
      - Use long option name
      - Harden sudo configuration
      - Revert "Test suite: add temporary workaround for tps buggy user story wrt.
        dotfiles"
      - Fix the user story for Dotfiles
      - Lint
      - tps: document behavior that can be surprising
      - TCA: fix setup of persistent bridge switch widget
      - Remove unused script and service
      - Test suite: remove obsolete workaround
      - TCA: drop useless code
      - TCA: fix localization of window title
      - Remove unused copied'n'pasted constant
      - TCA: mediate reading/writing from/to tca.conf via tca-portal
      - Update logger's name: "tor-launcher" does not mean anything in this context
        anymore
      - Remove unused import
      - TCA: remove unused import
      - TCA: fix type of argument
      - Don't allow deleting an unlocked Persistent Storage
      - Drop incomplete attempt to support unlocking Persistent Storage after login
      - Unsafe Browser: adjust to the removal of persistence_is_enabled in tails-
        greeter.sh
      - Lint
      - Remove useless customization
      - Fix typo in docstring
      - Add Synaptic, apt-get, and dpkg as conflicting apps for the Additional Software
        persistent storage feature
      - Remove "XXX" comment: this is about further improving a feature that was not
        even planned in the design
      - Remove "XXX" comment: already tracked on the issue
      - Lint
      - Remove "XXX" comment: moved to the issue
      - Lint
      - Fix variable type mismatch
      - Remove "XXX" comment: moved to the issue
      - Remove "XXX" comment
      - Add check
      - Remove "XXX" comment: let's not translate stuff that the user has no chance to
        ever see
      - Remove "XXX" comment: moved to the issue
      - Test suite: fix Gherkin When/Then semantics
      - Test suite: fix backup scenario
      - Remove unused import
      - Test suite: refactoring (extract code to method)
      - Revert "Test suite: adjust for increased TimeoutStopsec= (refs: #17278)"
      - Test suite: check earlier that Additional Software is correctly configured
      - Test suite: workaround regression in Additional Software
      - Test suite: minor refactoring
      - Additional Software: add more accurate wait loop
      - Update comment
      - Additional Software: don't run tps a second time
      - Additional Software: drop unsupported and now useless options
      - mypy: enable a few more checks
      - mypy: ignore gi and gi.repository
      - Help mypy discover our Python libraries
      - Lint
      - Fix comment phrasing
      - Fix activating Additional Software with an unlocked persistent storage
      - Test suite: use shortcut
      - Test suite: continue adapting to new UI
      - Remove obsolete scripts
      - Test suite: drop the Persistent Storage configuration file unit tests
      - Fix indentation
      - Ignore flake8 false positives
      - tps test suite: make config_file_test support the case when udisks is not
        running
      - Fix typo in comment
      - GitLab CI: drop test-persistent-storage-behave
      - Fix tps behave tests when a dedicated filesystem is mounted on /tmp
      - Add support for debug output without a debugger installed
      - Lint
      - Fix type mismatch
      - Lint
      - Test suite: finish adapting "I delete the persistent partition" to new UI
      - Use string from the design
      - Fix inverted boolean logic
      - Fix typo in comment
      - Make it possible to run config_file_test.py without a tails-persistent-storage
        user
      - Revert "tps: Change owner of persistence.conf to root"
      - Move class docstring where it belongs
      - Fix typo in comment
      - Test suite: don't test for persistence.conf.bak existence
      - Test suite: run the persistence storage behave and config file unit tests
      - GitLab CI: add missing dependencies
      - GitLab CI: run persistent storage tests in separate jobs
      - tps test suite: use larger filesystem to that mke2fs can create a Journal
      - Fix typo in comment
      - Declare mount flags used by the tps test suite
      - tps test suite: use the same mount flags as production
      - Sort ExecStartPre before ExecStart, just like their execution order
      - Maintain directories with systemd-tmpfiles
      - Forbid usage as non-amnesia: this would break stuff
      - Simplify code and make bookmark removal an atomic operation
      - Do all GNOME bookmarks changes as the amnesia user
      - Use canonical directory location
      - Protect grep command against special regexp chars
      - Revert incomplete split of the Welcome Screen persistence feature
      - Welcome Screen: don't allow login until we're fully done activating the
        Persistent Storage
      - Remove unused import
      - Welcome Screen: point to new issue that tracks a cleanup that's now possible
      - Remove unused imports
      - Lint
      - Remove unused import
      - Don't let tempfile try to delete file that we just renamed
      - Don't try (and fail) to refresh features' IsActive when unlocking
      - Use different variables names when we're using them to store different data
        types
      - Fix comment grammar and clarify
      - Test suite: add temporary workaround for tps buggy user story wrt. dotfiles
      - Add shellcheck exception
      - Test suite: actually enable all persistence presets.
      - tps: Remove config file backup functionality
      - tps: Make writes to the configuration file atomic
      - tps: Fix "invalid boot device" message not shown
      - tps: Fix state handling
      - tps: Handle expected error that deletion fails because device is busy
      - tps: Don't unmount with force
      - Remove unused IncorrectOwnerException and IncorrectOwnerError
      - Rename test directory
      - tps: Remove the obsolete mount test
      - GitLab CI: Run the tps config file test
      - tps: Fix config file test
      - tps: Change owner of persistence.conf to root
      - tps: Deactivate features before deleting
      - Test suite: start porting to new implementation of Persistent Storage
      - Test suite: update referenced class name
      - tps: Don't make the tps service exit when closing the app
      - tps: Add button to open tails-additional-software-config
      - tps: Add labelled-by property to list boxes in features_view.ui
      - tps: Fix test
      - tps: Print debug log messages when running behave tests
      - tps: Make features view accessible to screen readers
      - tps: Format features_view.ui with glade
      - tps: Use connect-drop
      - connect-drop: Avoid opening an additional file descriptor
      - actually authenticate to dbus
      - Test suite: remove obsolete images
      - Persistent Storage frontend: add accessibility relationships
      - connect-drop: fix style
      - connect-drop: --dbus has help line
      - connect-drop: option groups
      - connect-drop --env-keep
      - connect-drop is now DBus-aware
      - WIP: Update Persistent Storage design document
      - Update Persistent Storage design document
      - tps: Add basic support for custom features
      - Clarify branded names
      - tps: Add some accessibility information
      - tps: Improve layout
      - Set executable bit on unlock-veracrypt-volumes
      - tps: Use tails-documentation to open doc links
      - tps: Add a HACKING.md
      - tps: Try again using get_block_for_dev
      - tps: Add Tor Configuration feature
      - tps: Remove Language and Region feature
      - tps: Start implementing language and region feature
      - Rewrite Persistent Storage settings in Python (refs: #17803)

  * Tor bridges QR code scanning (tails/tails!874)

    Closes: #18219

    Commits:
      - match labels between code and tests
      - do whatever dogtail wants
      - fix labeling in tca
      - Test suite: update to new string
      - Apply GNOME style guide
      - Implement sajolida's new design for bridges input on the error screen
      - Polish new bridge input UI
      - infobar works in error page, too
      - infobar moved up
      - MessageDialog → InfoBar
      - scanning QR from error page is tested, too
      - test suite refactoring
      - adapt QR code automated test to new mockup
      - using QR code sets state
      - the new mockup now seems to behave
      - scan qrcode: new mockup
      - change wording for QR code errors
      - Test suite: ensure we see the QR code on the screen
      - run_test_suite: check recently added dependencies
      - WIP: Test suite: add test for QR code scanning feature in Tor Connection
      - Reference issue that has more details instead of a commit that lacks context
      - Don't load library that we don't use anymore
      - show no dialog if the user closes zbarcam
      - Ignore zbarcam output if it arrives too late
      - Add the v4l2loopback kernel module
      - improve labels before UX does :)
      - Tor Connection: disable the "Scan a QR code" button until "Enter a bridge that
        you already know" is selected
      - gettext for dialog
      - implement Scan QR code from error step, too
      - better error handling
      - QR code content is parsed/validated
      - doctests for parse_qr_content
      - Convert the contents of the QR code into bridge lines
      - clicking on "Scan QR code" does something...
      - glade: clicked callback + naming convention
      - Tor Connection: add button to scan QR code
      - scanning Tor bridges QR codes: building blocks

  * Migrate from X.Org to Wayland (tails/tails!838)

    Closes: #12213, #19042, #14623, #15635, #19008, #16795, #18020, #17284, #5422, #9767, #7502, #18339

    Commits:
      - Test suite: don't expect the application title seen on the accessibility bus to
        be localized
      - Glade: AtkObject::accessible-role properties should not be translatable
      - Test suite: fix clearing notifications
      - FIX sandbox check for some parts of the test suite
      - Test suite: simplify
      - workaround an a11y bug preventing test suite
      - one more test suite fix
      - Test suite: migrate to input techniques that work on Wayland
      - TPS is on Wayland, a11y, ibus...
      - remove unused import
      - Update path
      - more explicit block clearnet → internal services
      - FIX proxy test for unsafebrowser
      - Really disable broken Thunderbird test
      - no incoming connections to UnsafeBrowser
      - tails-add-session-firewall-rune work without --apply
      - typo
      - Test suite: make test work in non-English locales
      - Test suite: rename step to match what it currently checks
      - Fix typos in comment
      - Test suite: remove workaround
      - Test suite: fix race condition
      - Test suite: add missing space between words in error message
      - Extract Python code to an external script
      - Simplify
      - Drop unnecessary /g regexp modifiers
      - Use extended regexps
      - Don't install unneeded systemd-container
      - Update comment
      - Remove obsolete comment
      - Fix typo in comment
      - Update comment
      - Improve user-facing string
      - Use install(1) instead of mkdir + chown
      - Make variable name correctly reflect its value
      - Make variable name correctly reflect its value
      - Add missing word in error message
      - Test suite: drop unnecessary step
      - Test suite: move and warn about xdotool using code
      - Fix a bunch of issues identified by shellcheck
      - Unsafe Browser: drop workarounds.
      - Test suite: clarify/simplify code
      - Test suite: fix recovery
      - Test suite: fix robustness issue
      - Test suite: verify that browser address bar images exist
      - Test suite: adjust path
      - Test suite: fix sanity check
      - Test suite: drop comment
      - Unsafe Browser: move code
      - Unsafe Browser: drop unnecessary mount for container
      - Test suite: adapt firewall sanity check to the clearnet network namespace
      - Test suite: adapt test after dropping the greeter's Unsafe Browser setting
      - Test suite: adapt regex to new command line
      - Test suite: deal with Unsafe Browser permission error
      - Test suite: export Unsafe Browser bookmarks into an accessible directory
      - Unsafe Browser: allow access to /etc/hosts in AppArmor profile
      - Test suite: use correct step
      - Welcome Screen: really hide the "Add" button for obsolete settings
      - Welcome Screen: always enable the Unsafe Browser and make the setting obsolete
      - Revert "Unsafe Browser: prevent accidental/malicious operation under Xorg"
      - Unsafe Browser: further isolate from the root filesystem
      - Unsafe Browser: drop duplicated mount
      - Fix incorrect merge conflict resolution.
      - Unsafe Browser: expose the real /home
      - Unsafe Browser: confine with AppArmor
      - Unsafe Browser: prevent accidental/malicious operation under Xorg
      - Unsafe Browser: work around issue with ibus/a11y proxy stopping
      - Make necessary firewall rules in tails-create-netns persist throughout the
        session.
      - Unsafe Browser: migrate to tails-create-netns
      - Unsafe Browser: run as native Wayland application
      - Unsafe Browser: start with tailslib.netnsdrop.run_in_netns()
      - Add missing double quotes
      - Use $() to get a command's output, not backticks
      - Add missing double quotes
      - Drop unused argument
      - Disable shellcheck false positive
      - Test suite: work around the Screen Keyboard not appearing as it should on
        Wayland
      - Patch Thunderbird AppArmor profile so it works in Wayland.
      - Thunderbird: enable Wayland support
      - Test suite: fix a bunch of incorrect/buggy Dogtail click actions
      - Tor Browser: enable Wayland support
      - Test suite: fix a bunch of incorrect Dogtail "click" actions
      - Test suite: make test more robust.
      - Unsafe Browser: enable ibus and accessibility!
      - Test suite: actually disable TOR_TRANSPROXY for the Unsafe Browser
      - Test suite: optimization
      - Test suite: fix chroot vs pmap mismatch.
      - Test suite: fix Dogtail for non-amneisia users
      - Test suite vs Wayland: fix another issue when clicking crashes accessibility
      - Remote shell: get the GNOME environment from the python library instead
      - Fix environment so accessibility is working with launch_x_application()
      - Test suite vs Wayland: deal with several issues when installing packages in
        synaptic
      - Test suite: deal with XWayland vs Dogtail issue for synaptic run as root
      - Test suite: enable the accessibility toolkit for the root user
      - Remote shell: set XAUTHORITY, which isn't set by export_gnome_env() any more
      - Wayland vs export_gnome_env(): drop variables not dumped into /run/gnome-shell-
        environment/environ
      - Test suite: deal with Wayland vs Dogtail issue
      - Test suite: deal with GNOME notification buttons being unclickable through
        Dogtail
      - Test suite: work around another instance where Dogtail breaks after clicking a
        button
      - Test suite: use correct activation for some particular push buttons.
      - Test suite: deal with Wayland vs Dogtail issue.
      - Test suite: some radio buttons want 'click', some want 'select'.
      - Test suite: work around AT-SPI action bug
      - Test suite: apparently some buttons want "click" while others want "press"
      - Test suite: fix Electrum test vs Wayland migration.
      - Test suite: use appropriate Dogtail actions for push/radio buttons.
      - Test suite: use better image when waiting for snapshots to be restored fully.
      - Unsafe Browser: hook zenity dialogs to at-spi bus.
      - stop installing xorg packages
      - Test suite: handle Unsafe Browser exiting with an error code after being
        killed.
      - Test suite: adapt Unsafe Browser tests since migrating to Wayland.
      - Test suite: adapt to Wayland
      - Test suite: adapt to Wayland
      - Revert "Remove unused exec_unconfined_firefox()."
      - Update GNOME Shell user service name for Wayland
      - Test suite: migrate more tests to input techniques that work on Wayland
      - Remote shell: ensure $DISPLAY is set
      - Test suite: don't import dogtail.rawinput that can't work on Wayland
      - Test suite: generate methods with meta-programming
      - Test suite: migrate to input techniques that work on Wayland
      - Test suite: remove X.Org-specific workaround
      - Fix typo in comment
      - Test suite: click in a way that works on Wayland
      - Test suite: remove unused method that's broken on Wayland
      - Unsafe Browser: set up networking via a new namespace.
      - Revert "Unsafe Browser: crappy attempt to sort of get networking up."
      - Unsafe Browser: crappy attempt to sort of get networking up.
      - Unsafe Browser: bind-mount resolv.conf as read-only.
      - Unsafe Browser: experiment for running as the amnesia user.
      - Stop disabling Wayland in GDM (refs: #12213).
      - Revert "Use X.Org in amnesia's GNOME session (refs: #12213)."

 -- Tails developers <tails@boum.org>  Wed, 02 Nov 2022 09:47:35 +0000

tails (5.7) unstable; urgency=medium

  * fix FTBFS: don't remove, just hold (tails/tails!960)

    Closes issues:
      - Tails FTBFS: grub-pc is not configured (tails/tails#19290)

    Commits:
      - don't remove, just hold

  * Resolve "Upgrade to Tor Browser 11.5.8" (tails/tails!962)

    Closes issues:
      - Upgrade to Tor Browser 11.5.8 (tails/tails#19295)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5.8-build1

  * Add Metadata Cleaner (#18101) (tails/tails!959)

    Closes issues:
      - Mention MAT and metadata on /about (tails/tails#19206)
      - Add Metadata Cleaner (tails/tails#18101)

    Commits:
      - Mention Metadata Cleaner from /about (#19206)
      - Document Metadata Cleaner (#18101)
      - Add Metadata Cleaner (#18101)

  * WhisperBack debugging info: have df ignore filesystems of type fuse.portal
    (tails/tails!958)

    Closes issues:
      - Can't start WhisperBack when /root/.cache/doc is mounted (tails/tails#19282)

    Commits:
      - WhisperBack debugging info: have df ignore filesystems of type fuse.portal

  * Update htpdate pool: secure.flickr.com → flickr.com (tails/tails!954)

    Commits:
      - Update htpdate pool: secure.flickr.com → flickr.com

  * Update tor to 0.4.7.11 (tails/tails!953)

    Closes issues:
      - Upgrade to tor 0.4.7.11 (tails/tails#19276)

    Commits:
      - Update tor to 0.4.7.11

  * Remove broken pdf-redact-tools (tails/tails!950)

    Closes issues:
      - pdf-redact-tools broken (tails/tails#19250)

    Commits:
      - Remove broken pdf-redact-tools

  * Resolve "Explain better the Unsafe Browser from Tor Connection"
    (tails/tails!949)

    Commits:
      - Test suite: update wrt. new UI strings
      - Insist on signing in, then closing (#19168)
      - Be more clear (#19168)

  * Remove (easier) and (safer) label from consent question (#19166)
    (tails/tails!948)

    Closes issues:
      - Remove (easier) and (safer) label from consent question (tails/tails#19166)

    Commits:
      - Test suite: update wrt. new UI strings
      - Remove (easier) and (safer) label from consent question (#19166)

  * fix snakeoil certificates in Thunderbird test suite (tails/tails!943)

    Closes issues:
      - Fix and re-enable "I can send emails, and receive emails over IMAP" automated
        test: Certificate handling on Jenkins needs updating for Thunderbird 102
        (tails/tails#19193)

    Commits:
      - add snakeoil to thunderbird using certutil
      - reneable test by default
      - Revert "Really disable broken Thunderbird test"

  * extend validity time check for OpenPGP keys (tails/tails!939)

    Closes issues:
      - Extend period for "The included OpenPGP keys are up-to-date"
        (tails/tails#19219)

    Commits:
      - extend validity time check for OpenPGP keys

  * Fetch Tor Browser from our own archive (tails/tails!938)

    Commits:
      - Fetch Tor Browser from our own archive

 -- Tails developers <tails@boum.org>  Mon, 21 Nov 2022 11:13:06 +0100

tails (5.6) unstable; urgency=medium

  * Upgrade Linux to 5.10.149 (tails/tails!935)

    Closes issues:
      - Fix beacown (tails/tails#19210)

    Commits:
      - Release process: bring back test that we can run locally, but not on Jenkins
      - Really disable broken Thunderbird test
      - Upgrade Linux to 5.10.149-1

  * Disable broken Thunderbird test (tails/tails!934)

    Commits:
      - Disable broken Thunderbird test

  * Upgrade Tor Browser to 11.5.5 (tails/tails!936)

    Closes issues:
      - Upgrade to Tor Browser 11.5.5 (ESR 91.13 + ESR 102.4 backports)
        (tails/tails#19178)

    Commits:
      - Upgrade Tor Browser to 11.5.5

  * post-release misc updates (tails/tails!932)

    Commits:
      - easier transmission-remote instructions
      - avoid re-downloading if restarting
      - better instructions for automated test suite

  * Thunderbird: remove obsolete oauth2 pref (tails/tails!929)

    Commits:
      - Thunderbird: remove obsolete oauth2 pref

  * Upgrader: when a manual upgrade is needed, point to the news & manual upgrade
    doc without specifying a (probably incorrect) version (tails/tails!915)

    Closes issues:
      - Tails Upgrader recommends manual upgrades to deprecated versions
        (tails/tails#17069)

    Commits:
      - Make /latest inline the translated version of the release notes
      - Rewrite in Markdown
      - Move latest release notes out of /news
      - Improve phrasing
      - Point to release notes of latest version only
      - Upgrader: when a manual upgrade is needed, point to the news & manual upgrade
        doc without specifying a version

 -- Tails developers <tails@boum.org>  Mon, 24 Oct 2022 08:06:36 +0000

tails (5.5) unstable; urgency=medium

  * Upgrade to Tor Browser 11.5.4 (ESR 91.13 + ESR 102.3 backports)
    (tails/tails!930)

    Closes issues:
      - Upgrade to Tor Browser 11.5.4 (ESR 91.13 + ESR 102.3 backports)
        (tails/tails#19125)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5.4-build2

  * Upgrade to Thunderbird 102 (tails/tails!928)

    Closes issues:
      - Upgrade to Thunderbird 102 (tails/tails#19156)

    Commits:
      - adapt test suite to new UI
      - JS hardening in Thunderbird
      - Enable OAuth2
      - Update Thunderbird patches from
        tails/thunderbird@4efe2ce285c552c1808120d54a11f4be9e57527f
      - Update Thunderbird patches from
        tails/thunderbird@4efe2ce285c552c1808120d54a11f4be9e57527f
      - Thunderbird patches update doc: update examples
      - Thunderbird patches update doc: push upstream tags too
      - Thunderbird patches update doc: document how to verify
      - Thunderbird patches update doc: add missing commit and push steps
      - Thunderbird patches update doc: don't suggest we're still trying to upstream
        patches
      - Thunderbird patches update doc: adjust to Bullseye
      - Drop useless step

  * import-translations: use new remote (tails/tails!927)

    Closes issues:
      - App translations supported by Tor Project moving from Transifex to weblate
        (tails/tails#19150)

    Commits:
      - import-translations: drop support for standalone WhisperBack project
      - import-translations: use new remote

  * GitLab CI: ensure all website core pages exist (tails/tails!926)

    Commits:
      - Make code more readable
      - GitLab CI: ensure all website core pages exist

  * GitLab CI: build our website on master and branches targeting master
    (tails/tails!924)

    Commits:
      - GitLab CI: build our website on master and branches targeting master
      - build-website: remove check now done in GitLab CI

  * Test suite: remove Cucumber test scenarios and build website checks that are
    now covered by GitLab CI (tails/tails!923)

    Closes issues:
      - Remove Cucumber test scenarios that are now covered by GitLab CI
        (tails/tails#17992)

    Commits:
      - build-website: remove check now done in GitLab CI
      - Test suite: remove Cucumber test scenarios that are now covered by GitLab CI

  * Upgrade to Bullseye 11.5 and Linux 5.10.140 (tails/tails!920)

    Closes issues:
      - Upgrade Linux to 5.10.140 (tails/tails#19127)
      - Upgrade to Bullseye 11.5 (tails/tails#19082)

    Commits:
      - Test suite: relax timeouts
      - Test suite: bump timeout
      - Refresh patch
      - Upgrade to Bullseye 11.5 and Linux 5.10.140

  * Test suite: fix virt-viewer active?() check to work with all versions
    (tails/tails!919)

    Closes issues:
      - virt-viewer 11.0 breaks our test suite (tails/tails#19064)

    Commits:
      - Test suite: fix virt-viewer active?() check to work with all versions

  * Fix screen lock keyboard shortcut (tails/tails!918)

    Closes issues:
      - Super+L sometimes starts the screensaver when it should ask for a screen lock
        password (tails/tails#19090)

    Commits:
      - Fix screen lock keyboard shortcut

  * Test suite: make localized Unsafe Browser tests faster and easier to maintain
    (tails/tails!917)

    Closes issues:
      - Localized Unsafe Browser tests are slow and hard to maintain
        (tails/tails#19041)

    Commits:
      - Test suite: add comment
      - Make Gherkin scenario outline placeholder more descriptive
      - Test suite: make localized Unsafe Browser tests faster and easier to maintain
      - Test suite: remove dead code

  * Add standard fields to /etc/os-release (tails/tails!914)

    Commits:
      - Add standard fields to /etc/os-release

  * Build system: make our website cache volume smaller (tails/tails!913)

    Commits:
      - Build system: make our website cache volume smaller

  * Use "torsocks --isolate" everywhere we use torsocks (tails/tails!912)

    Commits:
      - Use "torsocks --isolate" everywhere we use torsocks

  * Fix devel FTBFS with uBlock 1.44.0+dfsg-1 (tails/tails!910)

    Commits:
      - Refresh patch

  * Post-release doc updates (tails/tails!907)

    Commits:
      - call for testers has meaningful date
      - warning: tb-build-05 not serving files over HTTP
      - cleanup script that waits for new TBB release

  * GitLab CI: run the Bandit security oriented static analyzer for Python
    (tails/tails!904)

    Commits:
      - Check re.match's return value in a way that always returns a boolean
      - Add typing information
      - GitLab CI: also check shell and Python files that have no shebang
      - GitLab CI: run the Bandit security oriented static analyzer for Python
      - Lint comments format
      - Ignore Bandit false positives
      - Remove obsolete Emacs "coding: UTF-8" configuration
      - WhisperBack: only load global configuration file
      - Add configuration for the Bandit security oriented static analyzer for Python

  * Make it easy to re-run failed test suite scenarios (tails/tails!901)

    Closes issues:
      - run_test_suite wrapper that retries failed tests (tails/tails#19072)

    Commits:
      - RM tip: run all test scenarios
      - RM tip: multiple test suite runs overnight
      - set rerun file from ruby

 -- Tails developers <tails@boum.org>  Thu, 13 Oct 2022 11:55:08 +0200

tails (5.4) unstable; urgency=medium

  * Upgrade Tor Browser to 11.5.2 (tails/tails!908)

    Closes issues:
      - Upgrade to Tor Browser based on 91.13 (tails/tails#19073)

    Commits:
      - automatic redirect to HTTPS, here we meet again
      - Upgrade Tor Browser to UNVERIFIED 11.5.2-build1

  * Upgrade Linux packages to 5.10.0-17, currently at version 5.10.136
    (tails/tails!900)

    Closes issues:
      - Handle CVE-2022-2585 (POSIX CPU timer UAF) (tails/tails#19081)

    Commits:
      - Upgrade Linux packages to 5.10.0-17, currnetly at version 5.10.136

  * Disable HTTPS-only mode in Unsafe Browser (tails/tails!906)

    Closes issues:
      - Disable HTTPS-only mode in Unsafe Browser (tails/tails#19095)

    Commits:
      - disable HTTPS-only mode for unsafe browser

  * Upgrade tor to 0.4.7.10 (tails/tails!903)

    Closes issues:
      - Upgrade to tor 0.4.7.10 (tails/tails#19083)

    Commits:
      - Don't mention irrelevant implementation detail
      - Avoid initially pushed branch failing its pipeline
      - Drop obsolete step
      - Upgrade tor to 0.4.7.10

  * Resolve "Some time sync related automated tests fail when run on a system whose
    system clock is not in UTC" (tails/tails!902)

    Closes issues:
      - Some time sync related automated tests fail when run on a system whose system
        clock is not in UTC (tails/tails#19070)

    Commits:
      - uses UTC time even on non-UTC systems

  * Misc kernel hardening (tails/tails!899)

    Closes issues:
      - Kernel hardening: restricts loading TTY line disciplines (tails/tails#18302)
      - Enable page allocator freelist randomization (tails/tails#18886)
      - Consider dropping slub_debug=P and page_poison=1 options and let init_on_free
        wipe slab and page allocations (tails/tails#18858)

    Commits:
      - Kernel hardening: restricts loading TTY line disciplines
      - Kernel: enable page allocator freelist randomization
      - Remove obsolete kernel command line options

  * Actually stop NetworkManager before applying an upgrade (tails/tails!896)

    Commits:
      - Remove obsolete comment
      - Use systemctl(1) instead of service(8)
      - Actually stop NetworkManager before applying an upgrade

  * Test suite: fix Unsafe Browser localization tests (tails/tails!867)

    Commits:
      - testing unsafebrowser is more deterministic
      - add spanish start page image for unsafe browser
      - add portuguese start page image for unsafe browser
      - debug unsafe browser errors

 -- Tails developers <tails@boum.org>  Wed, 24 Aug 2022 13:18:27 +0200

tails (5.3.1) unstable; urgency=medium

  * Upgrade Linux to 5.10.127-2 (DSA-5191)
  * Upgrade Thunderbird to 91.12.0 (DSA-5195)

 -- Tails developers <tails@boum.org>  Mon, 01 Aug 2022 23:19:49 +0000

tails (5.3) unstable; urgency=medium

  * Upgrade to Tor Browser 11.5.1, bring back uBlock, and fix the Unsafe Browser's
    window title (tails/tails!894)

    Closes issues:
      - uBlock is not enabled in Tor Browser (tails/tails#19059)
      - Upgrade to Tor Browser based on ESR 91.12 (tails/tails#19058)
      - Window title of Unsafe Browser reads "Tor Browser" (tails/tails#18603)

    Commits:
      - Tor Browser: use the system's libstdc++.so.6 like upstream would on a Bullseye
        system
      - update-acng-config: get ready for 6.x
      - Remove hack that's not needed on Bullseye anymore
      - Update comments
      - Make cp behavior deterministic
      - htpdate pool 2: replace fragile thepiratebay.org with www.gnome.org
      - Bring back code needed to install uBlock
      - Create directory before copying into it
      - Browsers: also pass --name to Firefox
      - Reformat code: make room for more options and nicer Git diffs
      - Unsafe Browser: also set brandProductName to "Unsafe Browser", for consistency
      - Unsafe Browser: set the branding in the file that's actually used in current
        Tor Browser
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5.1-build1

  * Test suite: misc. improvements (tails/tails!892)

    Closes issues:
      - Test suite sometimes fails to find a picture (e.g. TailsGreeterLoginButton.png)
        while it's present on screen (tails/tails#19044)

    Commits:
      - Test suite: also display stdout on vmcommand failure
      - Test suite: bump timeout
      - Test suite: fix typo in comment
      - Welcome Screen: remove unused import
      - Test suite: point to relevant issue
      - Test suite: wait more for some images
      - Test suite: have Screen#find wait longer
      - Test suite: add debug logging to investigate #19044
      - Test suite: fix variable name
      - Test suite: give some time to the persistence passphrase widget to get focus
      - Use named constants instead of magic numbers
      - Don't catch unrelated IndexError exceptions
      - Lint
      - Remove unused import
      - Test suite: fix, improve, and update comments
      - Test suite: set the time in the guest using timedatectl
      - Make host_to_guest_time_sync raise an exception on failure
      - Lint

  * Upgrade to Debian Bullseye 11.4, Linux 5.10.127, and Network Manager 1.30.6
    (tails/tails!891)

    Closes issues:
      - Upgrade to Debian Bullseye 11.4 (tails/tails#19046)

    Commits:
      - Refresh patch
      - Update Vagrant box to Debian Bullseye 11.4
      - Enable the 19046-bullseye-11.4-force-all-tests APT overlay (refs: #19046).
      - Upgrade to Linux 5.10.0-16 (currently at 5.10.127-1)
      - Upgrade to Debian Bullseye 11.4

  * Upgrade mat2 to 0.12.1-2+deb11u1

 -- Tails developers <tails@boum.org>  Mon, 25 Jul 2022 13:45:07 +0200

tails (5.2) unstable; urgency=medium

  * Upgrade Thunderbird to 91.11.0

  * Upgrade Tor Browser to 11.5 (tails/tails!889)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 91.11 (tails/tails#19029)

    Commits:
      - more bumping tor browser
      - bump torbrowser images
      - autobump
      - manual bump TorBrowserOverviewIcon.png
      - some more image bumping
      - l10n screenshot updated
      - bump duckduckgo prompt image
      - adapt tor browser screenshot
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5
      - Revert "NIGHTLY ONLY! REMOVE ME!"
      - clean nightly dirt
      - install langpacks for nightlies, too (if possible)
      - NIGHTLY ONLY! REMOVE ME!
      - Revert "disable OnionAliases for Unsafe Browser"
      - use new TBB setting to disable onionrewrites altogether
      - take tbb 11.5 from nightlies
      - disable OnionAliases for Unsafe Browser
      - Upgrade Tor Browser to 11.5a13-build2

  * Adapt release process to new Tor blog platform (tails/tails!887)

    Closes issues:
      - Change release process details for blog.torproject.org (tails/tails#18963)

    Commits:
      - Be explicit
      - Release process: suggest publishing a Tor blog even for bugfix releases
      - Release process: improve Tor blog post instructions
      - generate-Tor-blog-post: use actual template and also generate the Lektor header
      - generate-Tor-blog-post: refactor (extract code to function)
      - generate-Tor-blog-post: remove inline images too
      - Release process: adapt the Tor blog post process to Lektor
      - generate-Tor-blog-post: fix ikiwiki command

  * GitLab CI: clean up and refactor https-get-expired jobs (tails/tails!884)

    Commits:
      - GitLab CI: force running jobs when updating .gitlab-ci.yml
      - GitLab CI: factorize
      - GitLab CI: install golang in the same way we do during a Tails build
      - GitLab CI: remove duplicate call to "apt-get update"
      - GitLab CI: drop obsolete pinning to Buster

  * Git: ignore the early_patch= (aka. --early-patch) hook (tails/tails!882)

    Commits:
      - Git: ignore the early_patch= (aka. --early-patch) hook

  * Resolve "IUK test suite: features/frontend is broken (tails-transform-mirror-
    url fails)" (tails/tails!880)

    Closes issues:
      - IUK test suite: features/frontend is broken (tails-transform-mirror-url fails)
        (tails/tails#18661)

    Commits:
      - IUk test suite: Set Torsocks to allow outbound connections to the loopback
        interface
      - IUK test suite: Add test file
      - IUK test suite: disable certificate verification

  * Test suite: fix copying a new directory with late patch (tails/tails!877)

    Commits:
      - Test suite: fix copying a new directory with late patch

  * Resolve "Test "The included APT repository keys are up-to-date" does not check
    subkeys" (tails/tails!876)

    Closes issues:
      - Test "The included APT repository keys are up-to-date" does not check subkeys
        (tails/tails#19047)

    Commits:
      - check we have at least one *relevant* subkey
      - gpg checks deeper: both master keys and subkeys
      - consistent naming
      - Revert "Revert "check APT subkeys, too""

  * Test suite: misc bugfixes (tails/tails!872)

    Commits:
      - Test suite: also set the guest's time when connected to the LAN but not to Tor
      - Test suite: move sleep where it was supposed to be

  * workaround persistent Tor bridges bug (tails/tails!870)

    Closes issues:
      - Tor Bridges persistence sometimes fails to save bridges during initial setup on
        Bullseye, at least in our test suite (tails/tails#18926)

    Commits:
      - workaround for bug only present in test suite

  * check APT subkeys, too (tails/tails!869)

    Closes issues:
      - Test "The included APT repository keys are up-to-date" does not check subkeys
        (tails/tails#19047)

    Commits:
      - check APT subkeys, too

  * Set Samba workgroup used by GTK applications to "localhost" (tails/tails!865)

    Closes issues:
      - Several applications ask Tor to resolve the "workgroup" hostname
        (tails/tails#19030)

    Commits:
      - Set Samba workgroup used by GTK applications to "localhost"

 -- Tails developers <tails@boum.org>  Mon, 11 Jul 2022 08:13:08 +0000

tails (5.1.1) unstable; urgency=medium

  * Upgrade Linux to 5.10.120-1 and tor to 0.4.7.8 (tails/tails!863)

    Closes issues:
      - Upgrade to tor 0.4.7.8 (tails/tails#19035)
      - Upgrade Linux to 5.10.120-1 (tails/tails#19036)

    Commits:
      - Upgrade Linux kernel packages to 5.10.0-15 (currently at version 5.10.120-1)
      - Upgrade to tor 0.4.7.8

  * Upgrade to Thunderbird 91.10.0

  * Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
    (tails/tails!864)

    Closes issues:
      - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
        (tails/tails#19020)

    Commits:
      - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header

  * Test suite: update the set of @fragile tags (tails/tails!862)

    Closes issues:
      - "Persistent browser bookmarks" is fragile (tails/tails#11585)
      - "The persistent Tor Browser directory is usable" test suite scenario is fragile
        (tails/tails#15336)
      - The "is properly stream isolated" test suite mechanism is fragile
        (tails/tails#17013)
      - Step "a screenshot is saved to the live user's Pictures directory" is fragile
        (tails/tails#13458)
      - "I can view and print a PDF file" scenarios are fragile (tails/tails#10994)
      - Memory erasure on boot medium removal is fragile (tails/tails#13462)
      - Test suite: update the set of @fragile tags (tails/tails#19007)

    Commits:
      - add @fragile tags when it's useful
      - Remove many @feature tags

  * follow up again on tca audit: clarify comments (tails/tails!860)

    Closes issues:
      - Audit tca-portal (tails/tails#18374)

    Commits:
      - acknowledge jvoisin's comments

  * Test suite: exercise the screen keyboard with a key that won't auto-complete
    (tails/tails!857)

    Closes issues:
      - "the screen keyboard works in Tor Browser" fails in Arabic (tails/tails#19013)

    Commits:
      - Test suite: exercise the screen keyboard with a key that won't auto-complete

  * GitLab CI: improve jobs rules (tails/tails!856)

    Commits:
      - GitLab CI: don't run code tests on the master branch
      - GitLab CI: also run https-get-expired* jobs when we modify our htpdate
        configuration
      - GitLab CI: only run https-get-expired when relevant

  * Inline strtobool function (tails/tails!855)

    Commits:
      - Inline strtobool function

  * Test suite: improve robustness (tails/tails!851)

    Closes issues:
      - Developers need to apply workaround in order to build Tails during the release
        process (tails/tails#18998)
      - Test scenario "htpdate is using the Tails-specific SocksPort" is broken
        (tails/tails#19003)

    Commits:
      - Test suite: avoid missed clicks retry when opening the calendar & notifications
        menu
      - Test suite: give the Upgrader time to fill the zenity dialog
      - Test suite: give the Greeter some time to re-enable the login button
      - Fix building from dev branches during the release process
      - Test suite: don't reset virtual X display between clients
      - Test suite: hopefully increase chances we catch the process we want
      - Lint
      - Test suite: ensure we write every line extracted from "ss -taupen" as soon as
        we have it
      - Test suite: migrate from service(8) to directly using systemctl
      - Test suite: adapt to new HTTPS client used by htpdate
      - Test suite: make setting up a Pidgin account more robust
      - Test suite: make interaction with GNOME Disks title bar buttons more robust
      - Test suite: make copying'n'pasting into a Terminal more robust

  * Have a better footer (tails/tails!756)

    Commits:
      - Translate a couple strings to check sidebar2 vs. PO plugin
      - Update PO files
      - Update PO files
      - Link to accessibility from footer
      - Rescue translations
      - Update PO files
      - Fix very old bug
      - Use sidebar2 to replace translation hacks in templates
      - Integrate sidebar2 in the local build
      - Add missing ARIA label
      - Make the label bold
      - Improve the appeal to the newsletter (#16888)
      - Translate footer into Spanish
      - Update PO files
      - Move jobs from top navigation to footer
      - Use more consistent margin system
      - Have a better footer (#17699)
      - Create dedicated page for testimonials
      - Don't use all capitals (#16137)

  * early-patch: live-patch at initramfs's time (tails/tails!696)

    Commits:
      - Fix formatting
      - Fix documentation wrt. the name of the option actually passed
      - Document --late-patch
      - more documentation
      - works even if hook fails
      - early_patch from test suite umounts immediately
      - pass 9p fs to TailsToaster: --early-patch works
      - live-patch → late-patch
      - early-live-patch → early-patch
      - Test suite: make EARLY_LIVE_PATCH a boolean
      - Disable obsolete shellcheck override
      - Don't enable live_patch by default
      - Make headings levels consistent with the rest of our website
      - Add a TOC
      - Apply 4 suggestion(s) to 1 file(s)
      - run_test_suite --early-live-patch
      - developer documentation for live_patch
      - live_patch: early-patching system

 -- Tails developers <tails@boum.org>  Wed, 22 Jun 2022 11:31:52 +0000

tails (5.1) unstable; urgency=medium

  * Upgrade to Thunderbird 91.9.0

  * Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails!852)

    Closes issues:
      - Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails#18979)

    Commits:
      - htpdate: replace tachanka.org with www.autistici.org
      - Mark security advisory against 5.0 as fixed
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.14-build1

  * Resolve "displayed_time_str fails in test suite" (tails/tails!839)

    Closes issues:
      - displayed_time_str fails in test suite (tails/tails#18991)

    Commits:
      - Ignore advisories when looking for displayed time
      - help debug

  * FIX Clock disappearing when the user sets UTC as their local timezone
    (tails/tails!841)

    Closes issues:
      - Clock disappears from the GNOME top bar after "Fix the clock" and choosing UTC
        timezone (tails/tails#18993)

    Commits:
      - safety net for future problems
      - handle UTC special-case

  * Test suite: workaround lost and duplicate key presses by pasting long strings
    instead of typing them (tails/tails!821)

    Commits:
      - Test suite: merge step used only by another step into its caller
      - Test suite: paste long strings instead of typing them
      - Test suite: drop useless step
      - Test suite: refactor (extract code to method)

  * Test suite: Make opening GNOME menus more robust (tails/tails!816)

    Closes issues:
      - Opening GNOME menus in the test suite on Bullseye is very fragile
        (tails/tails#18930)

    Commits:
      - Test suite: try harder to open GNOME menus
      - Test suite: drop unnecessary delay
      - Test suite: use Dogtail to check presence of GNOME bookmarks
      - Test suite: use Dogtail to open the GNOME menus
      - Test suite: wait for the desktop to be visible before we interact with it after
        restoring a snapshot
      - Lint.

  * Upgrade to Linux 5.10.113-1 (DSA 5127-1) (tails/tails!813)

    Closes issues:
      - Upgrade Linux to 5.10.113-1 (DSA 5127-1) (tails/tails#18962)

    Commits:
      - Upgrade to Linux 5.10.113-1 (DSA 5127-1)

  * Make console-setup.service startup non-racy (tails/tails!811)

    Closes issues:
      - console-setup.service fails sometimes, which breaks "Tor is ready" in test
        suite (tails/tails#18636)

    Commits:
      - Make console-setup.service startup non-racy

  * Test suite: support running on Ruby 3.0 (tails/tails!810)

    Closes issues:
      - Test suite misbehaves on Ruby 3.0, e.g. "the Tor Connection Assistant connects
        to Tor" step always incorrectly fails (tails/tails#18904)

    Commits:
      - Test suite: ensure we don't try to click the "Restore Disk Image" button before
        it's visible
      - Test suite: support Bookworm host system's improved UEFI graphics
      - Test suite: enable Ruby deprecation warnings
      - Test suite: adjust to separation of positional and keyword arguments in Ruby
        3.0
      - Test suite: update button label for Bullseye
      - Remove duplicate word in comment
      - Test suite: drop workaround for Ruby < 2.7
      - Test suite: migrate from deprecated luks_open and luks_close to
        cryptsetup_{open,close}

  * test https-get-expired with sid's Go (tails/tails!849)

    Commits:
      - GitLab CI: only run https-get-expired-sid job when relevant
      - GitLab CI: factorize
      - GitLab CI: test https-get-expired with sid's Go on a sid image
      - also test https-get-expired with sid's golang

  * Vagrant: install ikiwiki that fixes #18992 (tails/tails!847)

    Closes issues:
      - ikiwiki generates buggy PO files with po4a 0.62 (tails/tails#18992)

    Commits:
      - Vagrant: stop using the obsolete builder-jessie APT suite
      - Vagrant: install ikiwiki that fixes #18992

  * tca-portal: stricter validation (tails/tails!846)

    Commits:
      - test: right length, valid for date(1), but invalid format
      - drop test case for "minutes" timespec
      - be more explicit about the format we want
      - seconds always included
      - stricter validation for SetTimeCommand

  * ignore advisories + better debug (tails/tails!845)

    Commits:
      - ignore advisory
      - FIX error message

  * Test suite: fix regression when testing Tor Connection in non-English locale
    (tails/tails!843)

    Commits:
      - Test suite: fix regression when testing Tor Connection in non-English locale

  * FIX sharing via onionshare from nautilus (tails/tails!840)

    Closes issues:
      - "Share via OnionShare" does nothing (tails/tails#18990)

    Commits:
      - FIX sharing via onionshare from nautilus

  * lint_po: ignore unknown-message-flag errors (tails/tails!836)

    Commits:
      - lint_po: ignore unknown-message-flag errors

  * Don't enable "configure a bridge" just because the user looked at the hide mode
    (tails/tails!835)

    Closes issues:
      - “Configure a Bridge” is enabled when rolling back from hiding Tor
        (tails/tails#18546)

    Commits:
      - regression test for #18546
      - enable easymode-bridges only in easy mode

  * Vagrant build box: upgrade to po4a 0.62-1 (tails/tails!834)

    Commits:
      - Vagrant build box: drop APT configuration for Buster
      - Vagrant build box: upgrade to po4a 0.62-1

  * Installer: create system partition 2 MiB from the beginning of the drive
    (tails/tails!832)

    Commits:
      - Installer: create system partition 2 MiB from the beginning of the drive

  * Various Tor Connection UX improvements (tails/tails!831)

    Closes issues:
      - Tor Connection: Give the same instructions on both bridge screens
        (tails/tails#18596)
      - Always tell whether bridges are used in the success screen (tails/tails#18547)

    Commits:
      - Clarify docstring
      - Test suite: update expected images
      - Make phrasing consistent
      - Test suite: DRY
      - refactor: properties allow our code to be clearer
      - bridges: same instructions on both screens
      - Success message conditional to bridges

  * Rewrite the home pages of the Unsafe Browser + Have different homes for the
    Unsafe Browser depending on whether we're connected to Tor already
    (tails/tails!829)

    Closes issues:
      - Have different homes for the Unsafe Browser depending on whether we're
        connected to Tor already (tails/tails#18601)
      - Rewrite the home pages of the Unsafe Browser (tails/tails#18602)

    Commits:
      - Apply style guide
      - Improve sentence
      - Improve grammar
      - Improve grammar
      - Improve grammar
      - Be more clear
      - Add illustration by Andrés
      - Test suite: remove obsolete localized images
      - Test suite: update expected image
      - Test suite: add missing @doc tag
      - FIX wrong path was checked
      - Clarify that the image is an example
      - Clarify use of CSS (Take 2)
      - Unsafe browser: home page if non connected to Tor
      - Clarify use of CSS
      - Rework CSS
      - Improve structure
      - Write a dedicated page for captive portals
      - Improve instructions
      - Give examples of websites to use
      - Use our own image and remove the login and password
      - Shorten

  * Test suite: misc. robustness improvements (tails/tails!827)

    Closes issues:
      - Tests for backup are fragile (tails/tails#18727)

    Commits:
      - Test suite: add localized expected image for Unsafe Browser start page in pt_BR
      - Test suite: enable debug logging for Screen#wait
      - Test suite: Fix frequent "cannot find TailsGreeterLoginButton.png" failures
      - Test suite: update expected image for Bullseye
      - Test suite: give the XMPP server some time to create the room
      - Test suite: update expected Pidgin images
      - Test suite: fix error message
      - Test suite: Improve error reporting
      - Test suite: Fix clock upper bound calculation
      - Test suite: refactoring (save value to variable)
      - Test suite: Drop most debugging info for issue that does not happen anymore
      - Test suite: Drop spurious verb in debug log
      - Revert "Mark test scenario as fragile"
      - Test suite (backup): Wait for Zenity to have filled its widgets with the
        expected text

  * Upgrade apt-cacher-ng to bullseye-backports - fixes issue #18931
    (tails/tails!825)

    Closes issues:
      - rake build fails - apt-get works erratically ( 502 connection closed
        [IP:127.0.0.1:3142] ) - No build artifacts were found! (tails/tails#18931)

    Commits:
      - Upgrade apt-cacher-ng to bullseye-backports.

  * Disable search providers in the Activities Overview: Calculator, Nautilus,
    Terminal (tails/tails!824)

    Closes issues:
      - Disable some GNOME Overview search providers (tails/tails#18952)

    Commits:
      - Disable search providers in the Activities Overview: Calculator, Contacts,
        Documents, Nautilus, Terminal

  * Test suite: ignore failures to destroy a stopped domain (tails/tails!822)

    Closes issues:
      - Scenario: "Upgrading an old Tails USB installation from another Tails USB
        drive" after-hook is racy (tails/tails#18972)

    Commits:
      - Test suite: ignore failures to destroy a stopped domain

  * Associate OpenPGP-encrypted files with Kleopatra (tails/tails!820)

    Closes issues:
      - Tails 5 does not decrypt .gpg files when double-clicking them
        (tails/tails#18967)

    Commits:
      - Associate OpenPGP-encrypted files with Kleopatra

  * safely get gnome_env_vars (tails/tails!819)

    Commits:
      - clarify about which environment is being dumped
      - Clarify comment
      - Fix typo in comment
      - comments clarify why we think we are safe
      - fix systemd path
      - gnome_env_vars look at the gnome-shell env dump
      - gnome-shell dumps its conf in a root-owned file

  * Avoid user confusion wrt. name of the default KeePassXC database
    (tails/tails!818)

    Closes issues:
      - KeePassXC offers to rename the default database on non-English locales
        (tails/tails#18966)

    Commits:
      - Silence false positive
      - Drop obsolete reason
      - Don't allow translating Passwords.kdbx

  * Use Bullseye debootstrap configuration (tails/tails!817)

    Commits:
      - Use Bullseye debootstrap configuration

  * FIX IUK verification when we have 2 series at the same time (tails/tails!815)

    Closes issues:
      - bin/copy-iuks-to-rsync-server-and-verify failing because of old releases
        (tails/tails#18959)

    Commits:
      - Apply 1 suggestion(s) to 1 file(s)
      - document how the RM should use this command
      - don't fail when 404s have been ignored
      - proper exit code on failure
      - refactor --ignore-404
      - refactor run()
      - fix leftover
      - 404s found -> non-zero exit code
      - --ignore-404 and --dry-run

  * Fix FTBFS with uBlock 1.42 (tails/tails!814)

    Commits:
      - Unfuzzy patch

  * Upgrade to tor 0.4.7.7 (tails/tails!812)

    Closes issues:
      - Upgrade to tor 0.4.7.x (tails/tails#18932)

    Commits:
      - Upgrade to tor 0.4.7.7

  * Add translation files for Qt5 (#18958) (tails/tails!808)

    Closes issues:
      - Translations of basic Qt5 strings are missing (tails/tails#18958)

    Commits:
      - Add translation files for Qt

  * Make news/version_3* non-translatable (#16758) (tails/tails!805)

    Commits:
      - Make news/version_3* non-translatable (#16758)

  * Add Kleopatra to the Favorites (tails/tails!802)

    Commits:
      - Test suite: make expected image a tiny bit smaller
      - Add Kleopatra to the Favorites submenu

  * Test suite: drop pre-Bullseye compatibility (tails/tails!789)

    Commits:
      - Test suite: drop workaround for Ruby < 2.7
      - Test suite: migrate from deprecated luks_open and luks_close to
        cryptsetup_{open,close}

  * Add to confirm before restarting (#18912) (tails/tails!782)

    Closes issues:
      - New dialog when Unsafe Browser is not enabled makes it too easy to lose work
        (tails/tails#18912)

    Commits:
      - Make code more readable
      - Make function's responsibility tighter to simplify its code
      - Handle new code branch that was forgotten
      - Fix local variables declaration
      - Use 'Cancel' as default button (#18912)
      - 'Cancel' is more standard
      - Add to confirm before restarting (#18912)

  * Display time in the timezone that the user has chosen in Tor Connection
    (tails/tails!751)

    Closes issues:
      - Display time in the timezone that the user has chosen in Tor Connection
        (tails/tails#6284)

    Commits:
      - Design doc: Explain security trade-off
      - Test suite: Explain that Asia/Shanghai == +08:00
      - tails-get-date: use Python instead of date(1)
      - Fix typo in error message
      - Test suite: ensure the displayed clock is in the user's timezone
      - Test suite: remove workaround
      - Test suite: refactor (extract code do method)
      - Test suite: be more defensive to give better error output
      - Test suite: send debug info to the debug log
      - Test suite: make step name clearer
      - Design doc: mention timezone status and plans
      - Apply 1 suggestion(s) to 1 file(s)
      - Fix typo in comment
      - Improve grammar
      - Improve grammar
      - Remove unnecessary comma
      - try to fix the vertical misalignment
      - Update to #6284
      - Link back to main page
      - https://www.merriam-webster.com/dictionary/time%20zone
      - Move FAQ to a dedicated page
      - Shorten path
      - Don't potentially overwrite TZ key in dict with environment's value.
      - Cleanup dead code, fix formatting.
      - Consistently display GMT instead of UTC.
      - Use the same time format as GNOME's clock.
      - use date to format the date
      - date@ extension does The Right Thing
      - DRAFT: display time in local timezone

  * Follow-up on "Audit tca-portal" (tails/tails!723)

    Commits:
      - useless shellcheck directive
      - Apply 2 suggestion(s) to 2 file(s)
      - Fix typo in comment
      - clarify how we believe pgrep --ns 1 will help us
      - PersistenceSetupCommand: gnome_env_vars not needed
      - export_gnome_env hardening
      - some more validation when setting system time
      - gnome.py executes later; required for testing
      - add some doctests to tca-portal
      - more tuples, less lists
      - clarify: we are fine with the TOCTOU
      - --systemd-socket is exclusive with --listen
      - be more explicit about stdout/stderr handling
      - clarify handle_* comments
      - clarify what is the role of handle_line
      - anchor SetTimeCommand regexp
      - clarify comment about validate_args
      - use full path to commands whenever possible

  * Automatic time sync before connecting to Tor in automatic mode
    (tails/tails!681)

    Closes issues:
      - Mitigate attack by active network adversary on automated time sync + replayed
        Tor consensus (tails/tails#18830)
      - Automatic time sync before connecting to Tor in automatic mode
        (tails/tails#18717)

    Commits:
      - Test suite: rename step to make it closer to what a user would do
      - use the non-deprecated version of "Tor is ready"
      - Use less jargon
      - Add missing word in comment
      - Update comment: this now build reproducibly
      - Clarify comment
      - fix undefined local variable
      - tails-get-network-time better syslog
      - tails-get-network-time has timeout
      - refactor old test case based on new functions
      - new test: time sync times out
      - tor connection runs even if timesync fails
      - python style
      - some info is shown during network time sync
      - comments
      - wait for time to be retrieved before starting Tor
      - use APT preferences, not --target-release
      - gitlab tests run with the correct Go version
      - public key type check
      - Explain why these if statements don't apply to us
      - Fix typo
      - Design doc: 2 out of 3 is enough since we're using the median
      - ignore redirects
      - test all urls in htpdate.pools
      - https-get-expired gets more testing
      - https-get-expired: explain how this compares to Go implementation
      - Test suite: explain why scenarios pass in a somewhat surprisingly manner
      - Lint
      - Lint
      - Design doc: explain why we accept a risk
      - Design doc: improve phrasing
      - Design doc: drop conditional
      - Design doc: explain why we're protected
      - Design doc: clarify phrasing
      - Update design doc: this is not a problem anymore
      - reproducibility: clean cache after compiling
      - fix spelling
      - htpdate performs the median
      - design doc: explain https-get-expired
      - Lint: gofmt
      - Pick Go from buster-backports
      - try to make go build reproducible: -trimpath
      - Test suite: mark fragile scenario as such
      - https-get-expired: CI tests now
      - test https-get-expired building
      - https-get-expired gains -proxy option
      - port htpdate to https-get-expired
      - https-get-expired: more similar to htpdate's curl
      - https-get-expired output headers, not body
      - fix go compilation
      - add https-get-expired: will need for time sync
      - "date in past" check is more robust
      - sanity check: the new date cannot be in the past
      - unsafe browser is checked for tor leaks
      - UnsafeBrowser correctly detects if we're online
      - checking DisableNetowrk is #18293-aware
      - Merge the new scenario with the old one
      - FIX restore: some snapshot has network but no Tor
      - UnsafeBrowser tests don't need Tor; scenarios--
      - FIX we don't even need to check Tor
      - Test suite: clarify what we're actually testing
      - Improve grammar
      - Fix typo
      - Fix typo
      - Update doc to automatic time sync (#18717)
      - Improve structure of design doc
      - Avoid jargon
      - Design doc: copy more detailed explanation from the blueprint
      - Design doc: improve structure
      - Design doc: document new automatic time sync mechanism
      - Remove very old explanation
      - wording: we're looking for unneeded *exceptions*
      - Apply 5 suggestion(s) to 2 file(s)
      - FIX test case: allow it to use time sync
      - "flow through" supports fake connectivity check
      - FIX globally setting allowed DNS queries
      - refactor check for leaks
      - debugging leaks is easier
      - fix DNS query for easy mode
      - test suite self-correction warning
      - dns queries are allowed only when needed
      - +debug "traffic has only flowed through"
      - break the "Tor is ready" step in two
      - rubocop
      - easy-mode allowed_hosts are set in tca_configure
      - explicitly allow connectivity check in many tests
      - fix time sync error simulation
      - fix exception wording
      - use DNS inspection to check for leaks
      - the FirewallHelper is DNS-aware
      - one more check
      - test "traffic only flows through" supports timesync
      - Add tests for time sync before Tor connects
      - Improve TCA test suite code
      - add vm script to upload/download files
      - tails-get-network-time: don't assume anything about body encoding
      - Raise exception instance, not class
      - Clean up code
      - tails-get-network-time: emulate NetworkManager's behavior more closely
      - Move hard-coded string to constant
      - Blacken
      - tails-get-network-time: refactor
      - Add more typing
      - tails-get-network-time: migrate to pycurl, to make our fingerprint closer to
        NetworkManager's
      - Store the network time server in a configuration file
      - Move code to main() function
      - Test suite: adjust to new automatic time sync feature
      - Test suite: drop workaround
      - Tor Connection: in automatic mode, set the system time from the network
      - tca-portal: implement a new get-network-time command
      - tca-portal: include stdout in responses

 -- Tails developers <tails@boum.org>  Sat, 04 Jun 2022 08:11:47 +0000

tails (5.0) unstable; urgency=medium

  * Upgrade Thunderbird to 91.8

  * Upgrade Tor Browser to 11.0.11 (based on esr91.9) (tails/tails!804)

    Commits:
      - Test suite: update expected image
      - Test suite: update expected web page title
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.11-build1

  * Fix Additional Software test suite on Bullseye (tails/tails!794)

    Commits:
      - Test suite: use popularity-contest as a test package instead of sslh

  * Fix devel branch FTBFS (tails/tails!773)

    Commits:
      - Preserve UIDs/GIDs stability
      - Refresh list of standard packages

  * Drop obsolete patch (tails/tails!690)

    Commits:
      - Drop obsolete patch

  * all languages are listed (tails/tails!683)

    Commits:
      - all formats are shown
      - translations appear again in Greeter
      - when native l10n is not available, use english
      - all languages are listed

  * Fix the Tails Installer in bullseye (tails/tails!679)

    Commits:
      - retry has shorter sleep times
      - FIX self.sleep never existed
      - retry getting udisks object upon failure
      - don't rescan devices: we already know!
      - partition_device returns a UDI
      - refactor detect_supported_drives
      - retrying getting system partition helps
      - race conditions? let's increase sleep time!

  * Document Kleopatra (tails/tails!803)

    Commits:
      - Be more clear
      - Improve grammar
      - Be more clear
      - Improve grammar
      - Fix typo
      - Fix broken links
      - Mention Kleopatra in the Persistent Storage settings
      - Remove not-so-useful note
      - Document Kleopatra (Closes: #18933)
      - Remove Seahorse from the doc
      - Remove screenshots that need updating
      - Remove OpenPGP Applet from the doc
      - Patch screenshots for the removal of the OpenPGP Applet

  * Fix opening links and attachments from Thunderbird, disable LibreOffice tip of
    the day (tails/tails!793)

    Commits:
      - AppArmor Thunderbird profile: allow executing /bin/dash with inherited policy
      - Disable LibreOffice's tip of the day

  * fix whisperback sending error (tails/tails!787)

    Commits:
      - Thread.isAlive -> is_alive

  * Fix Scenario: Upgrading an old Tails USB installation from another Tails USB
    drive (tails/tails!765)

    Commits:
      - apparently fix tails/tails#18840
      - send tails installer log to syslog

  * Additional Software: synchronize APT data when needed directly from t-p-s
    (tails/tails!764)

    Commits:
      - Test suite: restart Tails in the same way we expect the user to
      - Test suite: don't exit the persistence wizard once done, make saving settings
        explicit
      - Test suite: refactoring (convert step to method)
      - Additional Software: synchronize APT data when needed directly from t-p-s
      - Remove XXX:Bullseye: this is not going to happen

  * Persistence: enable Additional Software by default (tails/tails!800)

    Commits:
      - Persistence Setup: adjust test suite to Additional Software being enabled by
        default
      - Persistence: enable Additional Software by default

  * Let the user know they should wait while we are copying Additional Software to
    a new Persistent Storage (tails/tails!799)

    Commits:
      - Use phrasing proposed by sajolida
      - t-p-s: ensure the GUI is updated while we synchronize data to the new
        Persistent Storage
      - Persistence setup: forbid clicking "Restart Now" twice in a row
      - Test suite: save a file listing of /var/cache/apt when a Additional Software
        scenario fails
      - Let the user know they should wait while we are copying Additional Software
        data to a new Persistent Storage

  * htpdate.service is always started (tails/tails!796)

    Commits:
      - be more explicit about what we are testing
      - htpdate is started every time
      - some tests can be excluded from feature branches
      - add regression test for #18868
      - start htpdate.service earlier

  * Replace Seahorse and OpenPGP Applet with Kleopatra (tails/tails!792)

    Commits:
      - Ensure Seahorse icons are present when running the persistence-setup test suite
      - Persistent Storage: re-add custom icons for the GnuPG and SSH Client features
      - FT role definition: remove seahorse-nautilus
      - Contributors & design doc: drop OpenPGP Applet
      - Remove the topIcons GNOME Shell extension
      - Test suite: remove OpenPGP Applet tests, and the code & images they used
      - Re-add and update explanation for disabling ssh-agent
      - Remove broken patch
      - Remove Gettext stuff for Seahorse
      - Remove hooks about Seahorse and OpenPGP Applet
      - Replace our PGP tools with Kleopatra

  * Fix Bullseye-based Tails booting 20% slower than 4.x (tails/tails!791)

    Commits:
      - Freeze the AppArmor kernel feature set too

  * Stop trusting our old APT signing key (tails/tails!788)

    Commits:
      - Bump APT snapshots to versions signed with our new key
      - Test suite: stop ignoring our old APT key
      - Stop trusting our old APT signing key

  * Update live-build to include the local packages fix. (tails/tails!776)

    Commits:
      - Update live-build to include the local packages fix.

  * Tails Installer: retry getting partition table (tails/tails!767)

    Commits:
      - retry getting partition table

  * Update gdm-tails.json for Bullseye (tails/tails!689)

    Commits:
      - Add pointer accessibility support to gdm-tails.json
      - gdm-tails.json: remove panelStyle

  * Update VeraCrypt test suite for Bullseye (tails/tails!686)

    Commits:
      - Test suite: trim expected image to account for GNOME mounted volume
        notification
      - Give exchange USB drive more space
      - Test suite: update to new GNOME Disks UI
      - Test suite: update Nautilus application name
      - Test suite: update expected picture

 -- Tails developers <tails@boum.org>  Mon, 02 May 2022 12:03:37 +0200

tails (5.0~beta1) unstable; urgency=medium

  * Upgrade to Debian 11 (Bullseye).
    - Fixes opening a Veracrypt volume with a long passphrase (tails#17474)
    - NetworkManager now uses its internal DHCP client
    - Removes python2
    - Software upgrades:
      - GNOME 3.38
      - Audacity 2.4.2
      - bookletimposer 0.3
      - GIMP 2.20.22
      - Inkscape 1.0.2
      - LibreOffice 7.0.4
      - NetworkManager 1.30.0
      - OnionCircuits 0.7
      - Pidgin 2.14.1
      - Thunderbird 91.7.0-2~deb11u1
      - X.Org 1.20.11

  * Upgrade Tor Browser to 11.0.10-build1 (tails#777)

  * Enable driverless printing and scanning (tails#18521)

  * Fix locales translation in the Welcome Screen (tails#18199, tails/tails!683)

    Commits:
      - all formats are shown
      - translations appear again in Greeter
      - when native l10n is not available, use english
      - all languages are listed

  * Drop hack to kill GDM on login, not necessary anymore on Bullseye (tails#17952)

  * Have tor log to the Journal (tails#18842)

  * Have NetworkManager and MAC spoofing ignore veth* network interfaces (tails#18443)

  * Drop deprecated printer-driver-hpijs (tails#18225)

  * Fix devel branch FTBFS (tails/tails!773)

    Commits:
      - Preserve UIDs/GIDs stability
      - Refresh list of standard packages

  * Drop obsolete patch (tails/tails!690)

    Commits:
      - Drop obsolete patch

  * Fix the Tails Installer in bullseye (tails/tails!679)

    Commits:
      - retry has shorter sleep times
      - FIX self.sleep never existed
      - retry getting udisks object upon failure
      - don't rescan devices: we already know!
      - partition_device returns a UDI
      - refactor detect_supported_drives
      - retrying getting system partition helps
      - race conditions? let's increase sleep time!

  * Fix Scenario: Upgrading an old Tails USB installation from another Tails USB
    drive (tails/tails!765)

    Commits:
      - apparently fix tails/tails#18840
      - send tails installer log to syslog

  * Additional Software: synchronize APT data when needed directly from t-p-s
    (tails/tails!764)

    Commits:
      - Test suite: restart Tails in the same way we expect the user to
      - Test suite: don't exit the persistence wizard once done, make saving settings
        explicit
      - Test suite: refactoring (convert step to method)
      - Additional Software: synchronize APT data when needed directly from t-p-s
      - Remove XXX:Bullseye: this is not going to happen

  * Update gdm-tails.json for Bullseye (tails/tails!689)

    Commits:
      - Add pointer accessibility support to gdm-tails.json
      - gdm-tails.json: remove panelStyle

  * Update VeraCrypt test suite for Bullseye (tails/tails!686)

    Commits:
      - Test suite: trim expected image to account for GNOME mounted volume
        notification
      - Give exchange USB drive more space
      - Test suite: update to new GNOME Disks UI
      - Test suite: update Nautilus application name
      - Test suite: update expected picture

 -- Tails developers <tails@boum.org>  Mon, 04 Apr 2022 09:25:25 +0000

tails (4.29) unstable; urgency=medium

  * Upgrade to Tor Browser 11.0.x based on Firefox 91.8 (tails/tails!777)

    Closes issues:
      - Upgrade to Tor Browser 11.0.x based on Firefox 91.8 (tails/tails#18874)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.10-build1

  * Upgrade Thunderbird to 91.7

  * Upgrade to obfs4proxy 0.0.12 (Elligator2 bug) (tails/tails!728)

    Closes issues:
      - Fix bug in obfs4proxy (Elligator2), upgrading to 0.0.12+ (tails/tails#18800)

    Commits:
      - Revert "Downgrade obfs4proxy to 0.0.12-dev from the Tor Browser 11.0.4 tarball"

  * htpdate: log to stdout even when a log file is specified (tails/tails!772)

    Closes issues:
      - htpdate: also log to the Journal (tails/tails#18895)

    Commits:
      - htpdate: log to stdout even when a log file is specified

  * Upgrade to Buster 10.12 and Linux 5.10.103-1 (tails/tails!771)

    Closes issues:
      - Upgrade to Buster 10.12 (tails/tails#18885)
      - Upgrade Linux to 5.10.103-1 (DSA-5095-1) (tails/tails#18877)

    Commits:
      - Drop unused KERNEL_SOURCE_VERSION variable
      - Upgrade to Buster 10.12 and Linux 5.10.106-1

  * Test suite: drop OTR tests (tails/tails!769)

    Closes issues:
      - "Pidgin automatically generates an OTR key" test suite step fails when host
        system is Bullseye (tails/tails#18866)

    Commits:
      - Test suite: rename otr-bot to xmpp-bot
      - Test suite: drop support for OTR
      - Test suite: drop OTR tests

  * Provide HTTPS link when JavaScript is disabled (#18559) (tails/tails!755)

    Commits:
      - Update release process
      - Improve comment
      - Provide HTTPS link when JavaScript is disabled (#18559)

  * Clarify purpose and timeline (tails/tails!744)

    Commits:
      - Add link to release notes on GitLab
      - Include technical writers in the procedure
      - Fix Markdown
      - Clarify where
      - Remember Technical Writers where to find the latest stable
      - Clarify purpose and timeline

  * Upgrade zlib1g to 1:1.2.11.dfsg-1+deb10u1 (DSA-5111-1)


  * doc updates after releasing 4.28 (tails/tails!742)

    Commits:
      - Use expected location of release notes
      - Easier technical-writers notification
      - clean RCs from rsync.lizard: command
      - twitter: less brain usage, more commands
      - clicking links is easier than thinking
      - RM: please communicate before clocking off
      - more parallelization: do tests while IUKs are building
      - lesson learned: read DSA mailing list
      - be sure you are on the right branch
      - importing PO often fails: let's explain why
      - check iuks/v2 exists: scripted

 -- Tails developers <tails@boum.org>  Mon, 04 Apr 2022 13:21:09 +0200

tails (4.28) unstable; urgency=medium

  * Upgrade to Tor Browser 11.0.7-build2 based on Firefox 91.7 (tails/tails!741)

    Closes issues:
      - Upgrade to Tor Browser 11.0.7 based on Firefox 91.7 (tails/tails#18853)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.7-build2

  * Upgrade to Thunderbird 91.6.1

  * Upgrade to tor 0.4.6.10 (tails/tails!737)

    Closes issues:
      - Upgrade to tor 0.4.6.10 (tails/tails#18835)

    Commits:
      - Upgrade to tor 0.4.6.10 (Closes #18835)

  * Enable obfs4proxy logging (tails/tails!734)

    Commits:
      - save obfs4proxy logs into artifacts
      - enable obfs4proxy debug logging
      - "obfs4proxy managed" is an option from the past

  * minor fixes to custom-apt-cruft-check (tails/tails!733)

    Commits:
      - custom-apt-cruft-check: output nicer Markdown
      - Give method a name closer to what it wraps
      - ordered list
      - fix wrong variable name
      - markdown-ish
      - we obey rubocop

  * Test suite: collect logs of tor & friends when we timed out waiting for TCA to
    connect (tails/tails!732)

    Closes issues:
      - Test suite does not save tor log on "Timed out while waiting for TCA to connect
        to Tor (Timeout::Error)" (tails/tails#18850)

    Commits:
      - Apply 2 suggestion(s) to 1 file(s)
      - Test suite: collect logs of tor & friends when we timed out waiting for TCA to
        connect

  * Test suite: ignore old APT repository signing key (tails/tails!731)

    Closes issues:
      - Test suite: ignore expiration date of 221F9A3C6FA3E09E182E060BC7988EA7A358D82E
        (tails/tails#18836)

    Commits:
      - Test suite: ignore old APT repository signing key

  * Test suite can test on the real Tor network (tails/tails!725)

    Closes issues:
      - Test behavior on the real Tor network (tails/tails#18847)

    Commits:
      - move Jenkins-only code in the appropriate section
      - better debug message
      - shell oneliner converted to ruby
      - Configure simulated Tor network: step -> function
      - rubocop is happier
      - Test suite: don't try to save chutney data when it does not exist
      - add at least one relevant scenario
      - if +real-Tor, select relevant scenarios
      - test suite runs with real Tor, if +real-Tor
      - "default bridges" honors --disable-chutney
      - Check adapted to --disable-chutney
      - run_test_suite --disable-chutney
      - chutney-specific conf  moved into appropriate step

 -- Tails developers <tails@boum.org>  Mon, 07 Mar 2022 18:16:01 +0100

tails (4.27) unstable; urgency=medium

  * Upgrade Tor Browser to 11.0.6-build1, based on Firefox 91.6 (tails!724)

    Closes issues: tails#18799

    This upgrades obfs4proxy to the version shipped with Tor Browser 11.0.4
    (0.0.11 + a few commits).

  * Upgrade to Linux 5.10.92 (tails/tails!721)

    Closes issues:
      - devel branch FTBFS with webext-ublock-origin-firefox 1.39.0+dfsg-2
        (tails/tails#18722)
      - Upgrade Linux to 5.10.92+ (DSA 5050-1) (tails/tails#18805)

    Commits:
      - Refresh uBlock Origin patch
      - Dropping VirtualBox guest support for now
      - Bump APT snapshot of the Debian archive to 2022012801
      - Upgrade to Linux 5.10.0-11 (currently at version 5.10.92-1)

  * Upgrade to Thunderbird 91 (tails/tails!720)

    Closes issues:
      - Upgrade to Thunderbird 91 (tails/tails#18069)

    Commits:
      - Test suite: update expected images for Thunderbird 91
      - Test suite: adjust to Thunderbird 91 UI
      - Test suite: drop dead code
      - Test suite: lint (thanks Rubocop)
      - Test suite: refactor (extract code to method) to solve Rubocop error
      - Make patch apply
      - Update path mangling in Thunderbird patches for v91
      - Update Thunderbird patches from
        tails/thunderbird@bef716a60762b743dce1f48c37a64a99a0707b21
      - Upgrade to Thunderbird 91

  * Insist on Tor Browser being offline (#18584) (tails/tails!711)

    Closes issues:
      - Change buttons to [Start Tor Browser Offline] [Open Tor Connection] when
        starting Tor Browser while not connected to tor (tails/tails#18584)

    Commits:
      - Insist on Tor Browser being offline (#18584)

  * Install obfs4proxy from the Tor Browser tarball (tails/tails!716)

    Commits:
      - Briefly document what config/equivs is for
      - Install our dummy obfs4proxy package
      - Enable the 18800-obfs4proxy-from-tor-browser-tarball APT overlay (refs:
        #18800).
      - Add equivs configuration for our new obfs4proxy dummy package
      - AppArmor: allow access that obfs4proxy 0.0.11 needs
      - Install obfs4proxy from the Tor Browser tarball
      - Simplify

  * Test suite: update expected button label (tails/tails!718)

    Commits:
      - Test suite: update expected button label

  * Re-generate our test IUKs using gensquashfs (tails/tails!715)

    Closes issues:
      - Re-generate our test IUKs using gensquashfs (tails/tails#18654)

    Commits:
      - Test suite: use test IUKs generated with gensquashfs
      - Release process: never delete test IUKs generated with gensquashfs
      - Give new, unique names to test IUKs generated with gensquashfs

  * Add generated tails-backup.desktop to .gitignore (tails/tails!714)

    Commits:
      - Add generated tails-backup.desktop to .gitignore

  * simplify workflow when adding an APT overlay (tails/tails!708)

    Commits:
      - waiting now uses a proper tool
      - add-APT-overlay can wait for suite creation

  * Resolve "Tests for backup are fragile" (tails/tails!706)

    Closes issues:
      - Tests for backup are fragile (tails/tails#18727)

    Commits:
      - try to make backup tool test more resilient

  * fix wi-fi settings from Tor Connection (tails/tails!692)

    Closes issues:
      - Fix Wi-Fi settings when open from Tor Connection (tails/tails#18587)

    Commits:
      - Fix Wi-Fi settings from Tor Connection

 -- Tails developers <tails@boum.org>  Mon, 07 Feb 2022 13:50:41 +0000

tails (4.26) unstable; urgency=medium

  * Resolve "All branches FTBFS since Thunderbird 91 was uploaded"
    (tails/tails!707)

    Closes issues:
      - All branches FTBFS since Thunderbird 91 was uploaded (tails/tails#18789)

    Commits:
      - pin thunderbird l10n packages, too
      - Add freeze exceptions for 4.26
      - Enable the 18789-fix-ftbfs-thunderbird-91 APT overlay (refs: #18789).

  * Upgrade Tor Browser to 11.0.4-build2 (tails/tails!710)

    Closes issues:
      - Upgrade to Tor Browser 11.0. … 4? (tails/tails#18795)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.4-build2

  * Resolve "Change buttons to [Start Tor Browser Offline] [Open Tor Connection]
    when starting Tor Browser while not connected to tor" (tails/tails!704)

    Closes issues:
      - Change buttons to [Start Tor Browser Offline] [Open Tor Connection] when
        starting Tor Browser while not connected to tor (tails/tails#18584)

    Commits:
      - open TorBrowser when offline →opens Tor Connection

  * Use DuckDuckGo for search queries on our website (tails/tails!498)

    Commits:
      - Don't search on staging.tails.boum.org
      - Shorten
      - Translate searchbox placeholder
      - Factorize the CSS translation hack
      - Remove useless template
      - Improve search box
      - Align better the heart and the label
      - Use DuckDuckGo on news as well
      - Prevent Search and Donate from touching on small screen
      - Fix contrast to WCAG AA
      - Use DuckDuckGo for search queries (#17652)

 -- Tails developers <tails@boum.org>  Mon, 10 Jan 2022 13:15:16 +0100

tails (4.25) unstable; urgency=medium

  * Upgrade Tor Browser to 11.0.2-build3 (tails/tails!684)

    Closes issues:
      - Upgrade to Tor Browser 11.0.2 based on Firefox 91.4esr (tails/tails#18726)

    Commits:
      - Fetch Tor Browser from our own archive
      - FIX sha256sums for TorBrowser
      - Upgrade Tor Browser to 11.0.2-build3

  * Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10
    (tails/tails!656)

    Closes issues:
      - Buggy GUI in Unsafe Browser after upgrade to Tor Browser 11.0a10
        (tails/tails#18668)

    Commits:
      - Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10.

  * IUK generation: stop using the "extreme" extra compression option
    (tails/tails!663)

    Closes issues:
      - squashfs-tools-ng is slow (tails/tails#18675)

    Commits:
      - IUK generation: stop using the "extreme" extra compression option

  * Fix devel FTBFS by dropping VirtualBox guest support for now (tails/tails!652)

    Commits:
      - Test suite: the live user is no longer a member of vboxsf.
      - Fix FTBFS by dropping VirtualBox for now (Closes #18643)

  * APT: trust the new signing key for our APT repositories (tails/tails!682)

    Commits:
      - APT: trust the new signing key for our APT repositories (tails/sysadmin#17810)

  * Resolve ""I can listen to an Ogg audio track in Tor Browser" test suite step
    sometimes fails" (tails/tails!680)

    Closes issues:
      - "I can listen to an Ogg audio track in Tor Browser" test suite step sometimes
        fails (tails/tails#18716)

    Commits:
      - Test suite: make audio in browser test more robust
      - Test suite: simplify

  * Refresh uBlock origin patch to fix devel FTBFS (tails/tails!678)

    Commits:
      - Refresh uBlock Origin patch

  * Fix shellcheck CI job (tails/tails!677)

    Commits:
      - Replace unsupported braces expansion with list
      - Add missing quotes
      - Update shellcheck exclusion for newer shellcheck

  * Drop feature/tor-nightly-master branch (tails/tails!676)

    Closes issues:
      - APT time-based snapshots fail: tor-nightly-master-buster suite does not exist
        anymore (tails/tails#17877)

    Commits:
      - Drop feature/tor-nightly-master branch

  * Upgrade Tor Browser to 11.0.1-build1 (tails/tails!675)

    Closes issues:
      - Upgrade to Tor Browser 11.0.1 (based on Firefox 91.3esr) (tails/tails#18641)

    Commits:
      - Revert "Unsafe Browser: fix buggy GUI after upgrade to Tor Browser 11.0a10."
      - Upgrade Tor Browser to 11.0.1-build1

  * run_test_suite --live-patch (and more!) (tails/tails!674)

    Commits:
      - one-line if can be made more compact
      - enjoy some File module goodness
      - avoid using shell, let's Find.find with ruby
      - Apply 1 suggestion(s) to 1 file(s)
      - correctly handle invocations without --live-patch
      - refactoring: live_patch is a VM method
      - --live-patch is more powerful
      - --live-patch (draft)
      - run_test_suite --view-interact
      - test suite debug: easier to copy files in the VM

  * Test suite: remove unused step definition and the corresponding image
    (tails/tails!673)

    Commits:
      - Test suite: remove unused step definition and the corresponding image

  * Test suite: fix reporting of hostname leaks via DHCP (tails/tails!671)

    Commits:
      - Test suite: fix reporting of hostname leaks via DHCP

  * Fix some GitLab CI tests (tails/tails!669)

    Commits:
      - Add missing dependencies
      - Add missing dependency
      - Maintain the list of Tor Connection dependencies in a single place

  * Resolve "Compute years range dynamically in Tor Connection's time setting
    dialog" (tails/tails!668)

    Closes issues:
      - Compute years range dynamically in Tor Connection's time setting dialog
        (tails/tails#18512)

    Commits:
      - Tor Connection year range derives from build time

  * add comments to connect-drop after security audit (tails/tails!666)

    Commits:
      - add comments to connect-drop after security audit

  * Add a "Tails (External Hard Disk)" boot menu option (tails/tails!665)

    Commits:
      - Add a "Tails (External Hard Disk)" option that removes live-media=removable

  * Vagrant build box: have hostname resolve to 127.0.0.1 (tails/tails!661)

    Commits:
      - Vagrant build box: have hostname resolve to 127.0.0.1

  * Test suite: give GNOME Overview more time to process our search
    (tails/tails!654)

    Commits:
      - Test suite: give GNOME Overview more time to process our search

  * Upgrade Vagrant build box to Bullseye (tails/tails!653)

    Closes issues:
      - Upgrade Vagrant build box to Bullseye (tails/tails#18660)

    Commits:
      - Vagrant: add more debug output
      - build-tails: fix submodule initialization
      - Use long option name
      - Vagrant build box provisioning: don't assume the "debian" and "debian-security"
        snapshots have the same serial
      - Document when we can drop a workaround
      - Upgrade Vagrant build box to Bullseye
      - Vagrant build box: bump all APT snapshots

  * create-usb-image-from-iso: detect syslinux installation failure
    (tails/tails!651)

    Closes issues:
      - Builds succeeds even if syslinux failed to install in create-usb-image-from-iso
        (tails/tails#18664)

    Commits:
      - Add comment
      - create-usb-image-from-iso: remove obsolete comments
      - create-usb-image-from-iso: remove obsolete workaround
      - create-usb-image-from-iso: detect syslinux installation failure

  * Tor Connection: Add link to Troubleshooting doc (tails/tails!650)

    Closes issues:
      - Link to the Tor connection troubleshooting doc from the error screen
        (tails/tails#18549)

    Commits:
      - apply UX tip: move link to bottom
      - Tor Connection: Add link to Troubleshooting doc

  * Trim down SquashFS exclusions: remove obsolete ones, move as much as possible
    to chroot_local-hooks (tails/tails!649)

    Commits:
      - leading slashes are clearer
      - Trim down SquashFS exclusions: remove obsolete ones, move as much as possible
        to chroot_local-hooks

  * Upgrade to tor 0.4.6.8 (tails/tails!647)

    Closes issues:
      - Upgrade tor to 0.4.6 (tails/tails#18310)

    Commits:
      - Upgrade to tor 0.4.6.8, by bumping the snapshot of the torproject APT
        repository to 2021110301

  * Improve dialog when Unsafe Browser is not enabled (tails/tails!628)

    Closes issues:
      - Improve dialog when Unsafe Browser is not enabled (tails/tails#18598)

    Commits:
      - Fix HTML
      - Update anchor
      - Apply 1 suggestion(s) to 1 file(s)
      - Make the link for the Unsafe Browser documentation translatable
      - Use a named anchor (refs: #18598)
      - Include link for the Unsafe Browser documentation
      - Associate text/html with tor-browser (refs: #18598)
      - Apply 1 suggestion(s) to 1 file(s)
      - Improve dialog when Unsafe Browser is not enabled

  * Basic GUI to backup a Persistent Storage to another one (tails/tails!596)

    Closes issues:
      - Retry updating the backup if only mounting the backup Tails is missing
        (tails/tails#18720)
      - Basic GUI to backup a Persistent Storage to another one (tails/tails#18504)

    Commits:
      - Test suite: improve readability
      - Test suite: test that the backup is identical to the source
      - Adjust to a04204cba2
      - Adjust to 6161e4f823
      - Adjust to a77c2425f3
      - Adjust to cb7b877fda
      - Test suite: use deprecated GuestFS luks_* functions
      - Nitpick on copy
      - Avoid ampersand
      - tails-backup: avoid issue in non-English locales
      - Shellcheck: disable excessive rule
      - Test suite: detect disks being plugged using udisks
      - Test suite: add elementary scenario for tails-backup.
      - tails-backup: implement pinentry retries and cancel
      - tails-backup: handle unlocked but unmounted TailsData
      - tails-backup: suppress bilibop's message
      - tails-backup: detect if rsync fails through pipefail
      - Expand rsync short options.
      - tails-backup-rsync: defensively check that we copy between mountpoints
      - tails-backup: make shellcheck happy
      - tails-backup: don't try to unlock and already unlocked and mounted volume
      - tails-backup: drop need for admin password
      - tails-backup: drop unused parameters
      - tails-backup: add back progress bar that doesn't hide rsync's output
      - tails-backup: fix up on "Always display the 1st screen"
      - Fix typo
      - Improve feedback (for now)
      - Be more specific
      - Always display the 1st screen if there's any error (#18720)
      - Use consistent quotes
      - Put the most meaningful word first
      - Move together with the other Persistent Storage utilities
      - tails-backup: drop unused variables
      - tails-backup: use consistent indentation
      - tails-backup: unlock and mount the drive automatically
      - tails-backup: show pulsating progress while copying
      - tails-backup: try to eject automatically
      - tails-backup: fix quoting.
      - Make tails-backup executable.
      - Fix launcher
      - Advice to upgrade from the backup utility
      - Update doc to Persistent Storage Backup utility
      - Shorten
      - Rework interactions and copy
      - fix typo in .desktop file
      - update to latest version of the script
      - tails-backup

  * Improve robustness of new TCA automated tests (tails/tails!525)

    Commits:
      - Test suite: drop unused step.
      - Test suite: correctly use "is None" in python script.
      - Remove usage of tor.sh's tor_is_working
      - Drop most of the tor shell library.
      - tor_is_working is stem-based, too
      - refactor bash+py stem wrapper into py script
      - python ♥ equality to None should use `is` keyword
      - python ♥ let's PEP8 everything
      - python ♥ remove useless imports
      - python ♥ proper argument parser
      - python ♥ main function
      - Fix indentation.
      - Drop unused variable.
      - Catch correct exception.
      - Extract script.
      - Rewrite tor_wait_until_bootstrapped() to be more robust.
      - Extreme Nitpicking™
      - Make tor_wait_until_bootstrapped() handle tor restarts.
      - Improve debugging.
      - Avoid spamming new python interpreters while waiting for Tor to bootstrap.
      - Allow multiline code blocks in tor_control_stem_wrapper().
      - Target the 4.22 code base
      - XXX debugging for test/18293-improve-tca-test-robustness
      - Test suite: adapt to removal of tor_control_send().
      - Test suite: test that tor's control port is open for real.
      - Tor shell library: improve error handling when the Tor control port is
        unavailable.
      - Remove mention of unused import.
      - Tor shell library: re-implement control interaction with Python and stem.
      - Tor shell library: improve parsing and error handling of getinfo/getconf.
      - Add missing shell quoting.
      - Add forgotten local variables.
      - Add proper error handling to the shell library's control port interaction.
      - Test suite: wait for tor's ControlPort before using it (refs: #18293).

 -- Tails developers <tails@boum.org>  Mon, 06 Dec 2021 16:03:22 +0100

tails (4.24) unstable; urgency=medium

  * Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails!639)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails#18261)

    Commits:
      - Unsafe Browser: disable more "phone home" features
      - Unsafe Browser: disable services.settings.server
      - Test suite: search for element more widely.
      - Test suite: Firefox' Print dialog is now a panel (refs #18261)
      - Update the Tor Browser AppArmor policy for Tor Browser 11 (Firefox 91)
      - Test suite: lint
      - Test suite: make Gherkin test description more honest
      - Rubocop: disable a pattern we use all over the place
      - Test suite: update expected images and drop obsolete special-case for Chinese
      - Test suite: account for different separator used in German
      - Lint.
      - Test suite: update comment
      - Fix typo in comment
      - Test suite: adjust to new Firefox print dialog
      - Test suite: update expected windows titles
      - Test suite: update expected images
      - Upgrade Tor Browser to 11.0a9

  * Test suite: make "Unsafe Browser has only Firefox's default bookmarks
    configured" step more robust (tails/tails!646)

    Closes issues:
      - Fragile test since the upgrade to Tor Browser 11: "Unsafe Browser has only
        Firefox's default bookmarks configured" (tails/tails#18658)

    Commits:
      - Test suite: wait for menu to really open before looking for menu entry
      - Test suite: update expected picture

  * APT sources: add Bullseye security (stable) (tails/tails!637)

    Closes issues:
      - APT sources: add Bullseye security (tails/tails#18492)

    Commits:
      - APT pinning: ensure we get security updates for the packages we pull from
        Bullseye
      - APT sources: add Bullseye security repo

  * Move tca developer doc to more appropriate places (tails/tails!636)

    Closes issues:
      - Update "Tor network configuration" design doc (tails/tails#18360)

    Commits:
      - tips to develop Tor Connection are reachable
      - tca doc behavior.md moved to Gherkin
      - move tca/HACKING.md to website

  * APT sources: add Bullseye security (tails/tails!626)

    Commits:
      - APT pinning: ensure we get security updates for the packages we pull from
        Bullseye
      - APT sources: add Bullseye security repo

  * Upgrade kernel to 5.10.46-5 in stable (tails/tails!625)

    Closes issues:
      - Upgrade Linux to 5.10.46-5 (DSA 4978-1) (tails/tails#18613)
      - Upgrade to Buster 10.11 (tails/tails#18608)

    Commits:
      - Pull libzstd1 from Bullseye: needed by updated squashfs-tools
      - Install squashfs-tools from bullseye.
      - FIX uBlock patch
      - to get a new kernel in stable, bump debian/serial
      - change pinning to get kernel from bullseye
      - bump kernel to 5.10.46-5

  * Upgrade kernel to 5.10.46-5 in devel (tails/tails!622)

    Commits:
      - Pull libzstd1 from Bullseye: needed by updated squashfs-tools
      - change pinning to get kernel from bullseye
      - bump kernel to 5.10.46-5

  * update Tor network configuration design doc (tails/tails!606)

    Commits:
      - TCA is not a Tor Launcher wrapper.
      - Apply intrigeri's proofreading suggestions.
      - explain why tca-portal runs as root
      - Document connect-drop security model
      - update Tor network configuration design doc

  * TCA: clean leftovers (tails/tails!604)

    Closes issues:
      - TCA clean leftovers (tails/tails#18273)

    Commits:
      - systemd-notify: move to better way
      - we considered this implementation good enough
      - remove dead code
      - move XXX to #18610
      - clarify comment after tails/tails!567
      - remove code that was never used and never tested
      - comment moved to #18609

  * Upgrade Tor Browser to 11.0a10-build1 (tails/tails!655)

    Commits:
      - Upgrade Tor Browser to 11.0a10-build1

  * Remove obsolete freeze exception (tails/tails!648)

    Commits:
      - Remove obsolete freeze exception

  * Port the iuk test suite from squashfs-tools to squashfs-tools-ng
    (tails/tails!644)

    Closes issues:
      - Port the iuk test suite from squashfs-tools to squashfs-tools-ng
        (tails/tails#18653)

    Commits:
      - IUK test suite: support file names with spaces
      - IUK test suite: take into account gensquashfs behavior wrt. SOURCE_DATE_EPOCH
      - IUK test suite: add missing import
      - IUK test suite: port from squashfs-tools to squashfs-tools-ng
      - IUK generation: add assertion
      - Upgrader: use apparent size to compute space needed to install an IUK

  * Switch to zstd for SquashFS compression in development ISO/USB images
    (tails/tails!643)

    Commits:
      - Switch to zstd for SquashFS compression in development ISO/USB images

  * Switch to squashfs-tools-ng to build IUKs (tails/tails!640)

    Closes issues:
      - Switch to squashfs-tools-ng to fix IUKs build reproducibly (tails/tails#18577)
      - Failure reproducing IUKs for 4.22~rc1 (tails/tails#18536)
      - Failure reproducing IUKs for 4.23 (tails/tails#18627)

    Commits:
      - GitLab CI: avoid confusing error message
      - Release process: use only the isobuilders that have squashfs-tools-ng
      - Switch to squashfs-tools-ng to generate our IUKs
      - Update release process requirements for building IUKs

  * Resolve "Tor Connection bridge tests fail" (tails/tails!621)

    Closes issues:
      - Tor Connection bridge tests fail (tails/tails#18634)

    Commits:
      - FIX tests for 84e047ebd39e too
      - fix tests after 68b0e77119e

  * Upgrader: avoid high cpu usage when getting download progress info
    (tails/tails!619)

    Closes issues:
      - tails-upgrade-frontend causes very high CPU load when downloading upgrade
        (tails/tails#18632)

    Commits:
      - Upgrader: avoid high cpu usage when getting download progress info

  * Explain better how to type a bridge (#18597) (tails/tails!617)

    Closes issues:
      - Explain better "type in a bridge" (tails/tails#18597)

    Commits:
      - Fix grammar
      - Use singular as much as possible
      - Use 'bridge' in singular as much as possible
      - Fix broken link
      - Explain better how to type a bridge (#18597)
      - Style guide: not everybody types

  * Don't mention local network in Unsafe Browser confirmation (tails/tails!615)

    Closes issues:
      - Don't mention local network in Unsafe Browser confirmation (tails/tails#18600)

    Commits:
      - Simplify

  * Rephrase intro of Fix Clock dialog (tails/tails!614)

    Closes issues:
      - Rephrase intro of Fix Clock dialog (tails/tails#18572)

    Commits:
      - Be consistent with /doc/about/warnings/identity
      - Simply
      - Remove duplicate text
      - Simplify and be more correct

  * Improve time zone selection UX (tails/tails!595)

    Closes issues:
      - Improve time zone selection UX (tails/tails#18514)

    Commits:
      - the test suite correctly handles UTC/GMT
      - UTC can be selected, too
      - test suite enjoys better UX, too
      - pressing enter selects topmost entry
      - tca gtk errors are logged immediately
      - test suite waits for filtering to be applied
      - Test suite: replace usage of non-existing Screen.pressKey with Screen.press
      - revamp the time selection dialog
      - fix logging
      - test suite updated for new timezone selection
      - FIX matching (lets hope so)
      - better UX for timezone selection
      - proper logging in asyncutils

  * Installer: make the confirmation dialog more scary (tails/tails!593)

    Closes issues:
      - Make the confirmation more scary when reinstalling a USB stick that has a
        Persistent Storage (tails/tails#18301)

    Commits:
      - Test suite: adjust confirmation label when reinstalling over a usb with a
        persistent volume
      - Test suite: adjust confirmation dialog label in Installer (refs #18301)
      - Installer: inform when there is no target available
      - Installer: enforce Persistent Storage detection
      - Installer: display if the target device has a Persistence Storage
      - Make the confirmation more scary when reinstalling a USB stick that has a
        Persistent Storage (refs: #18301)

  * TCA: Fix "AttributeError: no attribute persistence_config_failed"
    (tails/tails!590)

    Commits:
      - FIX condition
      - make the diff smaller
      - TCA: Fix "AttributeError: no attribute persistence_config_failed"

 -- Tails developers <tails@boum.org>  Thu, 04 Nov 2021 14:25:18 +0100

tails (4.23) unstable; urgency=medium

  * Upgrade Tor Browser to 10.5.8-build2 (tails/tails!611)

    Closes issues:
      - Upgrade to Tor Browser 10.5.8 (based on Firefox 78.15.0esr) (tails/tails#18623)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 10.5.8-build2

  * FIX #18568: wait after killing TBB (tails/tails!607)

    Closes issues:
      - "Tails is localized for every tier-1 language" test fails on iguana
        (tails/tails#18568)

    Commits:
      - FIX #18568: wait after killing TBB

  * Fix devel FTBFS (tails/tails!601)

    Commits:
      - Install squashfs-tools from bullseye.
      - Refresh uBlock patch vs version 1.37.0+dfsg-1 (fixes: #18537)

  * copy-iuks-to-rsync-server-and-verify: handle arbitrary build agents
    (tails/tails!597)

    Closes issues:
      - copy-iuks-to-rsync-server-and-verify: needs adjustment for changing isobuilder
        names (tails/tails#18574)

    Commits:
      - copy-iuks-to-rsync-server-and-verify: handle arbitrary build agents.

 -- Tails developers <tails@boum.org>  Tue, 05 Oct 2021 08:20:24 +0200

tails (4.22) unstable; urgency=medium

  * Upgrade Thunderbird to 78.13.0-1~deb10u1

  * Upgrade to Tor Browser 10.5.6 (78.14.0esr) (tails/tails!594)

    Commits:
      - Upgrade Tor Browser to 10.5.6-build2 (fixes: #18566)

  * Remove Prestera firmware, that's useless in the context of Tails
    (tails/tails!572)

    Commits:
      - Stop setting up a kernel module build environment during the images build
      - Remove Prestera firmware, that's useless in the context of Tails

  * Only allow typing 1 bridge (tails/tails!587)

    Commits:
      - Only allow typing 1 bridge

  * Don't pretend tor has bootstrapped when tor@default.service failed to start
    (tails/tails!585)

    Commits:
      - Don't pretend tor has bootstrapped when tor@default.service failed to start

  * Upgrade firmware-amd-graphics to 20210818-1 (tails/tails!582)

    Commits:
      - Install version 20210818-1 of packages built from src:firmware-nonfree
      - Enable the 18556-amd-gpu-firmware APT overlay (refs: #18556).

  * Ensure we use a working mirror to download automatic upgrades (tails/tails!581)

    Commits:
      - Update mirror-pool-dispatcher submodule
      - Allow the Upgrader to use tor, now needed by tails-transform-mirror-url for
        testing mirrors
      - many improvements to mirror-pool-dispatcher
      - FIX dependency for tails-transform-mirror-url
      - apply suggestion from mirror-pool-dispatcher!2
      - mirror-pool-dispatcher tests mirrors

  * Test suite: fix Pidgin scenarios with XMPP accounts on a server that requires
    going through the "Create New Room" UI (tails/tails!580)

    Closes issues:
      - Some Pidgin test suite scenarios fail when using XMPP accounts on a server that
        requires going through the "Create New Room" UI (tails/tails#18560)

    Commits:
      - Test suite: update expected Pidgin images

  * Test suite: fail if tor reports that DisableNetwork is an empty string
    (tails/tails!573)

    Commits:
      - Test suite: log and fail if tor reports that DisableNetwork is an empty string

  * Persistent Bridges, iteration 4: integrate bridges persistence in Tor
    Connection (tails/tails!543)

    Commits:
      - Tor Connection: remove visible border around scrolled window
      - Drop unneeded grep option
      - Test suite: be more defensive when interacting with toggle buttons
      - Test suite: disable step that does not reflect the current implementation
      - Roadmap--
      - Mention alternate implementation idea in comment
      - Fix typo in comment
      - Make checks closer to our needs
      - Move shell code from tca-portal to helper script
      - Make tca-portal helper script more generic
      - Tor Connection: when pre-filling bridges, adjust the verb from "Type in" to
        "Use"
      - Test suite: explain what labelee is
      - Test suite: adjust to current UI
      - TCA: fix display on low-height screen resolutions
      - Test suite: update expected UI text to match current implementation
      - TCA: correctly set the bridges persistence switch's initial state
      - TCA: adapt to new tca-portal API
      - TCA: remove unused imports
      - TCA: display error when enabling/disabling persistence failed
      - TCA: check success/failure of portal call when enabling/disabling persistence
      - Test suite: lint
      - Test suite: adjust strings to match current implementation
      - TCA: lock the UI and display a spinner while enabling/disabling persistence
      - TCA: add another keyboard accelerator
      - TCA: when toggling bridges persistence, wait the portal call to return a
        response
      - TCA: remove unused import
      - Change usages of call_async to new API
      - TCA: remove incorrect signal handling
      - TCA: actually enable/disable Tor bridges persistence when the user asks us to
      - TCA: display vertical scrollbar when contents does not fit
      - TCA: hide Network Monitor launcher
      - Test suite: use the Tor Connection UI to enable bridges persistence
      - TCA: add skeleton implementation for toggling bridges persistence on/off
      - TCA: draft bridges Glade UI
      - TCA: improve keyboard navigation
      - TCA: add accessibility relationships between a bunch of widgets
      - TCA: add debug output
      - TCA: move persistence detection to the wrapper script
      - TCA: avoid throwing an (invisible) KeyError exception on first launch
      - Lint.

  * Persistent Bridges, iteration 3: allow persisting bridges (tails/tails!539)

    Commits:
      - Test suite: lint, again
      - Test suite: adjust expected owner to actual implementation
      - TCA: check and save persistence status on startup
      - tca-portal: add commands to enable/disable persistence of Tor configuration
      - Test suite: mock functionality that's not implemented yet
      - Test suite: add step implementation
      - Test suite: disable incorrect step definition
      - Test suite: implement steps
      - Test suite: adjust to expected permissions of /var/lib/tca
      - Persistence setup: add support for disabling a preset non-interactively
      - Persistence setup: add a "Tor Bridges" feature
      - On shutdown, copy to Persistent Storage the Tor configuration that should now
        persist
      - Test suite: implement "I accept Tor Connection's offer to use my persistent
        bridges" step.
      - Test suite: implement "I choose to connect to Tor automatically" step.
      - Test suite: extend step to handle configuring persistent bridges.
      - TDD: add (unimplemented) steps for Tor bridges persistence
      - Test suite: simplify feature name

  * Persistent Bridges, iteration 2: use settings from tca.conf on first start
    (tails/tails!538)

    Commits:
      - Revert "Test suite: cope with current actual behavior"
      - TCA: rename method to reflect what it now does
      - TCA: on first run, pre-seed bridges UI state from configuration
      - TCA: add debug logging to help understand what configuration we've loaded
      - TCA: add debug output to help figure out whether we loaded tca.conf
      - TCA: fix loading an empty or invalid configuration file
      - TCA: on first start, load Tor connection configuration from tca.conf

  * Persistent Bridges, iteration 1: split transient / potentially persistent state
    (tails/tails!533)

    Commits:
      - Test suite: cope with current actual behavior
      - Test suite: adjust to actual implementation
      - TCA: don't save the default bridges to tca.conf
      - Test suite: fix buggy "tca.conf is empty" test
      - Make method name clearer and consistent with read_tca_state()
      - TCA: Rename method
      - Fix typo
      - TCA: Migrate transient state information to a dedicated file
      - TCA: Rename method
      - TCA: Refactoring (extract code to functions)
      - Test suite: Implement new steps
      - Test suite: lint
      - TDD: add (unimplemented) steps for the contents of tca.conf
      - TCA: Disable loading proxy settings from the configuration file
      - TCA: Set up, pass through, and inherit a new state file
      - TCA: Remove unused import
      - TCA: Drop unneeded call to expanduser()
      - TCA: Only save known-working Tor configuration to tca.conf
      - TCA: Minor refactoring (avoid having to reason about double-negations)
      - TCA: Make methods names more specific

  * Always start tor@default.service at boot, don't restart it after closing the
    Unsafe Browser (tails/tails!584)

    Commits:
      - Test suite: adjust to the fact tor@default.service is started during boot
      - Don't restart tor after exiting the Unsafe Browser
      - Always start tor@default.service at boot

  * Unsafe Browser: Only mention the Persistent Storage when there is one
    (tails/tails!583)

    Commits:
      - Unsafe Browser: Only mention the Persistent Storage when there is one

  * Fix running the test suite on sid (tails/tails!579)

    Commits:
      - Drop another instance of the obsolete which(1)
      - Test suite: migrate away from obsolete which(1)
      - Test suite: switch to virtio graphics

  * FIX run_test_suite usage of tor --version for corner-cases (tails/tails!575)

    Commits:
      - FIX run_test_suite for corner-cases

  * Installer: fix combobox freezes (tails/tails!571)

    Commits:
      - Installer: fix combobox freezes (refs: #18531)

  * Update Tor Browser AppArmor policy (tails/tails!568)

    Commits:
      - Update Tor Browser AppArmor policy

  * Tor Connection: decrease "sign of life" timeout, increase bootstrap timeout
    (tails/tails!567)

    Commits:
      - Test suite: DRY clicking "Connect to Tor"
      - Test suite: drop obsolete workaround
      - Fix typo
      - Tor Connection: allow the user to retry connecting to Tor from the error screen
        with the same settings
      - TCA hacking: use numbers that we have a chance to somewhat support
      - TCA hacking: drop buggy option
      - Add dummy entry for next release
      - Tor Connection: decrease "sign of life" timeout, increase bootstrap timeout

  * Test suite: use new XMPP chat rooms (tails/tails!566)

    Closes issues:
      - Deal with xmpp.riseup.net going away (tails/tails#17956)

    Commits:
      - Test suite: remove dead code
      - Test suite: rename argument to match its current usage
      - Test suite: use new XMPP chat rooms

  * Resolve "TCA does not connect with default bridges when it should"
    (tails/tails!563)

    Commits:
      - Let's use user-centric (first person) phrasing whenever possible
      - Always set variables
      - better variable names
      - test suite: support using bridges w/o needing them
      - Gherkin for #18462
      - preserve user's choice of using default bridges

  * Stop trying to connect to Tor when we reach the Tor Connection error screen
    (tails/tails!559)

    Commits:
      - TCA hacking: add missing sudo
      - TCA hacking: make test firewall rule not depend on already having connected to
        tor
      - TCA hacking: make test firewall rule more accurate
      - Test suite: adjust to the new, fixed situation
      - Revert "let's wait for the Fix Clock dialog to show up"
      - let's wait for the Fix Clock dialog to show up
      - state machine docstring
      - minor cleaning use of variables
      - FIX state machine wrt DisableNetwork
      - refactor _decide_right_step
      - remove hopefully-obsolete todo comments
      - stop trying to connect after timeout

  * Move wait_for_working_tor logic from NetworkManager to systemd
    (tails/tails!558)

    Commits:
      - Update links in comment
      - Drop useless logging
      - Allow NM to start htpdate again if it failed last time
      - Clean up implementation of "Does not run htpdate again after success"
      - Update comment
      - sw upgrade should only run when tor is ready
      - waiting for readiness sounds like a pre-command
      - Does not run htpdate again after success
      - let's use the flag file, instead of asking tor
      - systemd-controlled htpdate

  * Add Russian to the bundled offline documentation (tails/tails!552)

    Commits:
      - enable Russian on our website. will-fix:
        https://gitlab.tails.boum.org/tails/tails/-/issues/18454

  * vagrant/lib/tails_build_settings.rb: use --no-signature with git log
    (tails/tails!548)

    Commits:
      - vagrant/lib/tails_build_settings.rb: use --no-signature with git log
      - .gitignore: ignore vmdb2.log

  * GJsonRpcClient.call_async can set a callback (tails/tails!544)

    Commits:
      - tca-portal: add missing sentence bits
      - Apply 3 suggestion(s) to 1 file(s)
      - GJsonRpcClient response handler fix
      - tca-portal is now fully asynchronous
      - change previous usages of call_async to new API
      - call_async can set callbacks

  * drop tordate (tails/tails!542)

    Commits:
      - ooops, that wasn't useless!
      - Tor Connection: make GtkSpinButton's UI consistent
      - Tor Connection: add keyboard accelerators
      - Tor Connection: use "Wrong clock" instead of "Wrong time" terminology
      - Tor Connection: use "Fix Clock" instead of "Set Time" terminology
      - Test suite: lint
      - Test suite: simplify
      - Test suite: use higher-level predicate
      - Test suite: remove obsolete exception
      - htpdate: increase timeout for working tor
      - drop useless stuff from 10-time.sh
      - 20-time imports: update comments, fix shellcheck
      - remove confusing log line
      - htpdate works successfully after manual time set
      - tca sends stderr to journal
      - no reason to delete the tor log anymore
      - testing for tordate in test suite is now useless
      - stop mentioning tordate in website
      - update time syncing design doc
      - remove unused code from 20-time.sh
      - be bold: let's drop @fragile from tor bridges!
      - drop tordate

  * Re-enable the tor sandbox when no PTs are used (tails/tails!535)

    Commits:
      - Use variable name more readable than $1
      - Add missing "set -eu"
      - Test suite: fix typo in not-enabled-yet code
      - Test suite: prepare sandbox test for when #18470 is fixed
      - Test suite: adjust to tor sandbox being disabled when falling back to default
        bridges
      - Remove unused attribute
      - Revamp management of the Tor Sandbox configuration option
      - Lint.
      - Use consistent and less confusing names for attribute and method
      - Adjust to new call_async API
      - Tor Connection: disable caching of information retrieved from tor by Stem
      - Wait for side-effects of async call to complete.
      - Improve encapsulation.
      - Rename tor-sandbox-helper → tor-pt-configuration-helper.
      - Be defensive about arguments.
      - Give base-class a better name.
      - Drop useless re-definition of method in subclass.
      - Be more Pythonic.
      - Apply 1 suggestion(s) to 1 file(s)
      - Test suite: re-enable tor sandbox sanity check (refs: #18237).
      - Drop unused, out-of-date main() used for testing a library.
      - Re-enable the tor sandbox when no PTs are used (refs: #18237)

  * TCA: Allow the user to manually set time (tails/tails!531)

    Commits:
      - time dialog: spacing + follow mockups better
      - reference to how a problem might be solved
      - Set time test scenario uses snapshots
      - stricter date validation
      - Test suite: lint
      - Test suite re-introduce linting lost by merge conflict resolution
      - FIX date format
      - more bringing back from devel
      - Tor Connection: translate 1 string to test l10n
      - Update POT and PO files
      - bring back lost changes to tor.rb
      - fix datestring validation
      - Test suite: revert indentation regression
      - Test suite: use user-facing terminology in Gherkin
      - fix test suite about time dialog
      - loggers are better than prints
      - tca remembers user timezone
      - bring back "unsuccessfully configure" step
      - reorder fixes in the error screen
      - set-system-time has early input validation
      - tca-portal can validate arguments
      - set-system-time errors are handled
      - less noisy logging
      - tails-set-date cleaned a bit
      - tails-set-date checks if the date is valid early
      - wait for set time window to be closed
      - rewrite Gherkin using more user-centric language
      - fix "Apply suggestion"
      - Apply 1 suggestion(s) to 1 file(s)
      - tca test: combo box faster and cleaner
      - Tooltip for combo box
      - tca-portal is a bit more verbose
      - when changing the time, tor must be restarted
      - Test "set the time in tca" does what it says
      - FIX time dialog
      - FIX: missing .ui file translation support
      - Connect to Tor can be clicked
      - TCA: adds a dialog to Set Time
      - tca-portal allows setting time
      - Separate the anti-test from the fix
      - reword: "I try to" actually check failure
      - 15548 implementation is "simulated"
      - test suite: hw clock can be set to relative time
      - test: cmd_helper modernized
      - DRAFT: Add a Scenario for #15548

  * Allow running our test suite on modern AMD CPUs (tails/tails!406)

    Commits:
      - document LIBVIRT_CPUMODEL
      - amd hack: convert to config file
      - modern AMD CPUs apparently benefit from this fix

 -- Tails developers <tails@boum.org>  Mon, 06 Sep 2021 15:14:57 +0200

tails (4.21) unstable; urgency=medium

  * Upgrade to Linux 5.10.46-3 (tails/tails!549)

    Closes issues:
      - Upgrade to Linux 5.10.46-2+ (CVE-2021-33909) (tails/tails#18489)

    Commits:
      - Update /etc/group's expected lines ordering
      - Ensure UIDs/GIDs don't change
      - Remove obsolete dkms logs cleanup
      - Don't (attempt to) build VirtualBox guest modules anymore
      - Upgrade snapshot of the Debian archive to 2021080201

  * Upgrade Thunderbird to 78.12.0-1~deb10u1

  * Don't (attempt to) build VirtualBox guest modules anymore (tails/tails!537)

    Commits:
      - Update /etc/group's expected lines ordering
      - Ensure UIDs/GIDs don't change
      - Remove obsolete dkms logs cleanup
      - Don't (attempt to) build VirtualBox guest modules anymore

  * Installer: allow choose Upgrade option when reinstall is cancelled
    (tails/tails!553)

    Closes issues:
      - Choosing "Upgrade" option in Tails Installer can delete persistent volume
        (tails/tails#18494)

    Commits:
      - Installer: allow choose Upgrade option when reinstall is cancelled

  * Upgrade to Tor Browser 10.5.4 (based on Firefox 78.13esr) (tails/tails!555)

    Closes issues:
      - Upgrade to Tor Browser 10.5.4 (based on Firefox 78.13esr) (tails/tails#18479)

    Commits:
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 10.5.4-build1

  * Clean up code and pre-TCA leftovers (tails/tails!541)

    Closes issues:
      - Clean up pre-TCA leftovers (tails/tails#18365)
      - Rename a11y-proxy-netns: it's now used for ibus as well (tails/tails#18366)

    Commits:
      - Give function the name we use
      - Rename a11y-proxy-netns → netns-bus-proxy.
      - Rename TCA's torlaunch network namespace from torlaunch to tca.
      - Update comment.
      - Test suite: drop obsolete workaround.
      - Drop already done TODO comment.
      - Fix outdated references to Tor Launcher.
      - Drop unneeded workaround.
      - Test suite: drop code used to support --old-iso for 4.20 release.
      - Remove unused exec_unconfined_firefox().

  * Refactor and consolidate how we explicitly check for Tor leaks in the automated
    test suite (tails/tails!540)

    Closes issues:
      - "all Internet traffic has only flowed through Tor" sometimes fails: does not
        allow for varying behavior (fallback to default bridges, or not)
        (tails/tails#18493)

    Commits:
      - Test suite: refactor and consolidate how we explicitly check for Tor leaks.
      - Revert "Test suite: temporarily disable failing step in scenario."

  * Post-RM: doc improvements (tails/tails!528)

    Commits:
      - clarify release types
      - after releasing: give more guidance
      - one less bashism
      - rm doc: give manual testers the signatures
      - some parts are not related to freeze
      - refresh-translations explains that it failed
      - rm doc: clarify what to do with the package diff
      - rm doc: clarify freezing

  * Fix usage of mutable default arguments in Python (tails/tails!527)

    Commits:
      - Fix usage of mutable default arguments in Python

  * More automated testing of TCA for Sponsor08/10 (tails/tails!435)

    Commits:
      - Refactor.
      - Clarify.
      - Clarify.
      - Test suite: wait longer for the TCA to report errors.
      - Test suite: test that TCA reports an error when reconnecting to a network where
        Tor is blocked.
      - Test suite: drop unnecessary step.
      - Test suite: make blocking Tor survive reconnections.
      - Test suite: monitor Tor leaks.
      - Fix erroneous camel casing in translation.
      - Test suite: test explicitly selecting default bridges in TCA.
      - Test suite: test that the same Tor config is applied if TCA reconnects.
      - Test suite: test that TCA disallows normal bridges in hide mode.

 -- Tails developers <tails@boum.org>  Mon, 09 Aug 2021 07:55:57 +0000

tails (4.20) unstable; urgency=medium

  * Upgrade Thunderbird to 78.11.0-1~deb10u1

  * Upgrade KeePassXC to 2.6.2+dfsg.1-1~bpo10+1

  * 20-time.sh: actually abort if Tor has failed to bootstrap (tails/tails!514)

    Commits:
      - 20-time.sh: temporarily workaround buggy check
      - 20-time.sh: fix success and error handling
      - 20-time.sh: simplify control flow
      - Lint.
      - 20-time.sh: actually abort if Tor has failed to bootstrap

  * Resolve "TCA sometimes fails to start: "bwrap: Can't find source path
    /tmp/netns-specific/torlaunch: No such file or directory"" (tails/tails!489)

    Commits:
      - tails-ibus-proxy-netns@.service: remove now unneeded NotifyAccess=all
      - a11y: systemd-notify -> import systemd.daemon
      - silence useless information to syslog
      - avoid errors when started directly
      - clean systemd unit
      - more timeout on a11y-proxy-netns
      - FIX gnome.sh search for exact name gnome-shell
      - drop tca watchdog
      - safer watchdog
      - wait for user systemd session to be ready
      - FIX systemctl path
      - remove testing leftover
      - a11y/ibus proxy wait socket to signal readiness
      - tca-related proxies only active when unneeded
      - tails-tor-launcher not needed anymore
      - a11y/ibus proxies for TCA only started with TCA
      - FIX: call systemctl --user
      - tentatively setting TCA as a systemd service

  * Resolve "TCA asks consent question when changing network" (tails/tails!460)

    Commits:
      - FIX: switching to progress, not success, on connection
      - small code cleaning
      - FIX #18336 again
      - tca: FIX success-error-retry
      - tca reacts to DisableNetwork changes
      - reduce stem logging noise
      - tca application monitors DisableNetwork

  * tca-portal service (tails/tails!422)

    Commits:
      - start tca-portal at boot
      - restrict access to tca-portal.socket!
      - tca-portal: add open-documentation + refactoring
      - FIX FTBFS on tca-portal.service
      - gnome-system-monitor opens at network tab
      - ooops: enable tca-portal unit
      - tca-portal opens onioncircuits
      - tca-portal (sic!) has systemd socket-activation
      - tca can talk to its portal
      - tca-connection-helper based on tinyrpc
      - draft of a tor-connection-helper service

  * Resolve "TCA: buggy window detection logic on app startup" (tails/tails!457)

    Commits:
      - TCA sends startup notification to DE

  * Resolve "The amnesia user might have too much power over TCA's configuration
    directory" (tails/tails!442)

    Commits:
      - change documentation wrt to tca.conf
      - tca.conf path changed to /var/lib/tca/

  * Install Linux 5.10.46 and upgrade shim (tails/tails!521)

    Commits:
      - Update shim* to the version from sid
      - Update Linux to 5.10.46

  * Don't run a useless IBus proxy for OnionCircuits (tails/tails!510)

    Commits:
      - Don't run a useless IBus proxy for OnionCircuits

  * Rakefile: actually build with the base branch merged (tails/tails!504)

    Closes issues:
      - Merging the base branch is not effective ⇒ different Git state between
        isobuilders and isotesters (tails/tails#18441)

    Commits:
      - Rakefile: actually build with the base branch merged

  * Rewrite notification when closing TCA on progress bar (tails/tails!496)

    Commits:
      - Rewrite notification when closing TCA on progress bar (#18362)

  * Implement "Connect to Tor" button in error screen (tails/tails!494)

    Commits:
      - Revert "avoid errors when started directly"
      - step error correctly indicates that bridges are on
      - better textarea alignment
      - put the current bridges in the textarea
      - keeps more state about bridge configuration
      - avoid errors when started directly
      - error: step proxy now goes back to error screen
      - connect to tor actually does something
      - bridges + "connect to tor" on error
      - DRAFT of better error screen

  * Tor Connection Assistant (tails/tails!375)

    Commits:
      - open unsafe-browser (if configured)
      - Test suite: properly tear down after cloding TCA.
      - Test suite: add some extra error handling.
      - Test suite: pass showingOnly even though it should not be needed.
      - Test suite: add error message.
      - Test suite: fix bad syntax.
      - Test suite: add delay between tries in override_child().
      - Test suite: add optional delay between retry_action() tries.
      - Make is_tor_working() more accurate.
      - Test suite: only set default bridges when relevant.
      - design change: Tor Launcher is just removed.
      - document tca behaviour
      - bootstrap/phase may include WARN, too
      - Test suite: work around closing TCA too fast.
      - more logging to debug test suite
      - remove leftover commit
      - proper place for hacking tips
      - Add icon for the Tor Connection assistant
      - Generate the list of default bridges at build time.
      - Test suite: drop workaround.
      - success indication and fallback to default bridges
      - more hacking tips to test tca
      - cover corner cases better
      - NetworkManager state: signal instead of polling
      - tca calls NM immediately
      - tca reacts to nm state changes
      - Test suite: save Tor journal if TCA fails to start.
      - Test suite: bump image.
      - Test suite: TCA has a new internal name.
      - Test suite: attempt to make try_for() more robust.
      - Test suite: adapt to TCA UI change.
      - Test suite: fix retring for child() with regexp matching.
      - TCA: move to Gtk.Application style
      - progress bar get data from bootstrap-phase
      - TCA: drop debugging.
      - Test suite: convert potentially endless loop to try_for() with timeout.
      - Persistent Welcome Screen settings: migrate obsolete network setting to new
        offline mode setting.
      - Test suite: optimize upgrade check.
      - smoother progress bar
      - connect-drop: clean unnecessary hacks
      - s/amnesia/LIVE_USERNAME/
      - drop tor-sandbox-helper: not used right now
      - FIX proxy not working
      - document tca wrappers
      - some css rule to style TCA a bit
      - refactoring: utils -> torutils
      - more user freedom: consent question can be changed
      - current Tor state is observed when filling bridges
      - SAVECONF
      - resize window on every change_box
      - FIX GAsyncSpawn 100% CPU
      - no internet probe anymore: also fix 100% CPU bug
      - Welcome Screen: use "airplane mode" icon for Offline mode.
      - Test suite: add scenario testing that TCA can connect after an initial
        connection failure.
      - Test suite: make function usable in more contexts.
      - Test suite: also make it possible to block default bridges.
      - Test suite: detect TCA errors and fail early.
      - Test suite: add scenario testing that TCA falls back to default bridges if Tor
        is blocked.
      - Test suite: run a dedicated default bridge.
      - Test suite: refactor.
      - Test suite: adapt to another changed label.
      - FIX doc about how to check for non-working Tor
      - improve display size detection
      - FIX layout
      - Test suite: refer to the correct variable.
      - Test suite: adapt to changed label.
      - Test suite: fix syntax error.
      - Rephrase warning
      - Improve user-visible strings
      - Test suite: improve names.
      - Test suite: use TCA's "hide Tor usage" path when testing PTs.
      - Disable launcher buttons: broken because of netns
      - use the 3 images + better layout
      - normal bridges are not accepted in Hide Mode
      - Bridge validation + better handle IPv6
      - Always obfs4 + bridge documentation link
      - GitLab CI: tails-documentation
      - tails-documentation gains --force-local
      - document tips&tricks for tca
      - don't kill TCA on network reconnection
      - syslog logging really has identity set
      - lots of logging  to understand bridge bug
      - put doctests in gitlab in shape again
      - FIX IBus connection for onion-circuits
      - more debug about bridge-connection part
      - Port TCA to onion-grater-over-netns magic
      - TCA will honor debug flag
      - more logging
      - a bit less noise for translatable mixin
      - TCA logs to syslog/stderr automagically
      - gitlab-ci: TCA doctest dependency
      - FIX .gitlab-ci.yml (syntax error)
      - normal bridges were to be stripped, not expanded
      - default bridges imported
      - FIX: bridges have ip-port, not only IP!
      - put TCA testing in gitlab-ci
      - bridges doctests
      - reformatting
      - Revert "Test suite: add workaround for TCA not sanitizing bridge input
        properly."
      - Decent validation for bridge lines
      - rewrite tca wrapper in python
      - Test suite: reorder steps to avoid TCA blocking the desktop.
      - Revert "Test suite: wait for TCA's GUI to be available before using it."
      - Test suite: work around lost click around TCA start.
      - Test suite: refactor.
      - Test suite: add workaround for TCA not sanitizing bridge input properly.
      - Test suite: wait for TCA's GUI to be available before using it.
      - Test suite: add timeout.
      - Test suite: work around Ruby <2.7 args vs keywords handling.
      - Test suite: fix exception message.
      - Test suite: adapt scenario for new "Offline Mode" Greeter setting.
      - Welcome Screen: obsolete "Network Connection" and add new "Offline Mode"
        setting.
      - Test suite: rewrite Tor Launcher tests for Tor Connection Assistant.
      - Test suite: allow regexp matching in Dogtail's child() method.
      - Test suite: drop unnecessary methods from subclass.
      - ignore main.ui
      - tca: state saved, still to little use
      - tca: don't run two times
      - minor UI changes
      - tca: side icon will be added from Python
      - Temporarily add pluggable transport config to torrc.
      - Convert Tor Launcher .desktop file to one for TCA.
      - Remove Tor Launcher, for real!
      - tca: small text improvement
      - connect-drop works fine without environment
      - Revert "Remove Tor Launcher"
      - tails-tor-launcher actually runs tca
      - Remove Tor Launcher
      - another workaround for #18123
      - onion-grater: quoting matters
      - Move very context-specific script out of root's PATH.
      - onion-grater: options are case insensitive
      - adapt profile to onion-grater's case-sensitiveness
      - Temporarily workaround tor bug by always disabling the seccomp sandbox.
      - FIX onion-grater tca profile
      - run `tca` and it will auto-sudo
      - tca can connect to onion-grater
      - translations refreshed for TCA
      - FIX connect-drop
      - add tca .ui file to POTFILES.in for l10n
      - Test suite: delete obsolete scenario.
      - Improve comment.
      - Test suite: use correct bridge/PT terminology.
      - Test suite: fix tor seccomp check in the normal bridge case.
      - Improve comment.
      - Fix assertion failure message.
      - Let's settle for 'normal' bridge when no PT is used.
      - Add Tor Launcher to GNOME favorite applications.
      - Tor Launcher: allow amnesia to start and add suitable .desktop file.
      - Tor Launcher: kill old instances when starting.
      - Remove the "Tor is ready" notification.
      - side image
      - small TorConnectionProxy fixes
      - step proxy
      - tca: --debug-statefile for better simulation
      - error page + early proxy config
      - back button
      - main workflows work!
      - Step forwards for bridge configuration
      - bridge selection: beginning
      - easy Tor configuration works!
      - sudo tca will do; start Tor integration
      - more steps in Tor launcher UI
      - GUI: first step implemented (more or less)
      - a first attempt at a GUI
      - Test suite: always verify that Tor's Sandbox setting.
      - Handle multiline GETCONF responses.
      - Welcome Screen: add note about the missing bridge mode option.
      - Test suite: fix tor Seccomp verification.
      - Tor Launcher: enable tor's Seccomp sandbox when not using pluggable transports.
      - tor-launcher: repair the --force-net-config feature.
      - Drop now unused restart-tor script.
      - Unsafe Browser: don't restart tor with restart-tor.
      - Drop ugly hook killing Tor Launcher.
      - onion-grater: transparently recover lost tor controller connections.
      - Work around event handling bug in stem?
      - Make dynamic configuration we always do static.
      - Test suite: another attempt to deal with lost key press.
      - Test suite: deal with lost key press.
      - Test suite: adapt to Tor Launcher always starting (refs: #17330)
      - small refactoring
      - tor launcher: set *every* option
      - tor-launcher supports proxy authentication
      - detect Tor bootstrapping status
      - Tor Launcher some more implementation
      - WIP: a first attempt at rewriting Tor Launcher
      - onion-grater: fix error handling.
      - onion-grater: workaround tor bug by switch from control socket to control port.
      - Always start Tor Launcher (refs: #17330).
      - onion-grater: connect to control socket without control port fallback.
      - Improve check by verifying at least one "nameserver" line.
      - Drop unused imports.

  * Upgrade Tor Browser to 10.5.2 (tails/tails!524)

    Commits:
      - Fetch Tor Browser from our own archive
      - Tor Browser upgrade process: adjust branch name
      - Upgrade Tor Browser to 10.5.2-build1
      - Tor Browser upgrade process: adjust instructions to new file names
      - Factorize export of TOR_USE_LEGACY_LAUNCHER (fixes: #18459)

  * Fix feature branch commit encoded into the artifacts' names (fixes: #18468)
    (tails/tails!522)

    Closes issues:
      - Built images encode incorrect topic branch commit (tails/tails#18468)

    Commits:
      - Fix feature branch commit encoded into the artifacts' names (fixes: #18468)

  * Update the jenkins-tools submodule, to fix po.feature (tails/tails!520)

    Commits:
      - Update the jenkins-tools submodule, to fix po.feature

  * Upgrader: more robust upgrade download and verification failure detection
    (tails/tails!519)

    Closes issues:
      - Upgrader: confusing download failure but upgrade still applied
        (tails/tails#18162)

    Commits:
      - tails-iuk-cancel-download: return exit code as-is if it's neither 0 nor 1
      - tails-iuk-cancel-download: fix shell syntax errors
      -  Avoid that the Upgrader breaks if pgrep won't match any process
      - Upgrader: cancell the IUK download if an error appears
      - Upgrader: more defensive programming
      - Upgrader: ensure we fail closed on download and verification errors

  * Test suite: consistently save artifacts for various Tor connection failures
    (tails/tails!517)

    Commits:
      - Test suite: handle case where the htpdate logs do not exist.
      - Test suite: add headings to output in Tor failure artifacts.
      - Test suite: make save_tor_journal() possible to run without Tor logs.
      - Revert "Revert "Test suite: consistently save artifacts for various Tor
        connection failures.""

  * Upgrade to OnionShare 2.2 (tails/tails!515)

    Commits:
      - OnionShare: use ~/Downloads/ as the upload directory in "Receive Files" mode
      - AppArmor: allow a few more things that OnionShare v2 needs
      - OnionShare config: use the same indentation as what the app saves
      - OnionShare config: import new settings
      - onion-grater: update rules for OnionShare v2
      - OnionShare: hide Tor settings
      - Install OnionShare from Bullseye

  * Upgrade Tor Browser to 10.5a17 (tails/tails!513)

    Commits:
      - Test suite: update expected image
      - Unsafe Browser: Disable Tor Browser's tor bootstrapping mechanism
      - Test suite: add support for testing Tor Browser alpha versions
      - Fetch Tor Browser from our own archive.
      - Disable Tor Browser's tor bootstrapping UI
      - Upgrade Tor Browser to 10.5a17.

  * WhisperBack: set lower expectations for handling of error reports
    (tails/tails!511)

    Closes issues:
      - Temporarily set low expectations for handling of error reports, via our website
        and/or in WhisperBack (tails/tails#18427)

    Commits:
      - WhisperBack: set lower expectations

  * Fix issues in testing's test suite (tails/tails!509)

    Commits:
      - Revert "Test suite: consistently save artifacts for various Tor connection
        failures."
      - Test suite: consistently save artifacts for various Tor connection failures.
      - Test suite: work around the desktop icons being obscured by TCA.
      - Nitpick.
      - Test suite: correctly identify supported Tor Browser locales (fixes #18319)
      - Test suite: drop unknown keyword parameters from translate().
      - Test suite: rework translate() to not always use the tails domain (fixes:
        #18447).

  * onion-grater: fix support for restrict-stream-events for namespace matched
    profiles (tails/tails!508)

    Commits:
      - Lint.
      - Move hard-coded network address to constant
      - onion-grater: fix remote connection check.
      - Untangle if-statements a bit.
      - onion-grater: fix support for restrict-stream-events for namespace matched
        profiles (closes: #18417).

  * Upgrade Linux to 5.10.40 (tails/tails!507)

    Commits:
      - Upgrade Linux to 5.10.40 (5.10.0-0.bpo.7)

  * Upgrade to Debian Buster 10.10 (tails/tails!506)

    Commits:
      - Upgrade to Debian Buster 10.10 by bumping APT snapshot of the Debian archive to
        2021062201
      - Test suite: don't break if there are multiple Firefox processes
      - lint_po: ignore torbrowser-launcher's PO files
      - generate-build-manifest: support builds that used no source package
      - Switch to a simpler way to maintain our Tor Browser AppArmor profile delta
      - Rebase AppArmor profile for Tor Browser on top of torbrowser-launcher 0.3.3-5

  * Upgrade Tor to 0.4.5.9 (tails/tails!505)

    Closes issues:
      - Upgrade tor to 0.4.5.9 (tails/tails#18309)

    Commits:
      - Upgrade Tor to 0.4.5.9

  * build-tails: fix bugs that prevent local submodules from being used
    (tails/tails!503)

    Commits:
      - build-tails: fix resetting the submodules' origin
      - build-tails: fix syntax error

  * Installer: Make "Reinstall" option not disappear when coming back from
    confirmation dialog (tails/tails!502)

    Closes issues:
      - "Reinstall" option disappears when coming back from Upgrade confirmation
        (tails/tails#18300)
      - Disable Tails Installer options when there is no target USB stick available
        (tails/tails#18346)

    Commits:
      - Installer: disable widgets when there is no target available
      - Make "Reinstall" option not disappear when coming back from confirmation dialog

  * always start tor (except offline mode) (tails/tails!497)

    Commits:
      - FIX comment explaining how we user tor@ units
      - always start tor (except offline mode)

  * Fix build vmdb2 without http proxy (tails/tails!490)

    Commits:
      - variables are better than hardcoded names!
      - logs are preserved in case of error
      - cleaner temporary files handling
      - FIX building without a http_proxy

  * Resolve "Run tails-*-proxy-netns@.service only for the amnesia user"
    (tails/tails!487)

    Commits:
      - a11y/ibus: description includes netns name
      - a11y/ibus proxy are only enabled for amnesia user

  * Jenkins lib: support extracting issue number at the beginning of the branch
    name (tails/tails!482)

    Commits:
      - adds doctests to ActiveBranches
      - Jenkins lib: support extracting issue number at the beginning of the branch
        name

  * Resolve "TCA: Implement screen when not connected to a local network"
    (tails/tails!481)

    Commits:
      - open the _real_ wifi settings page
      - wording follows wireframe design
      - gnome env: add XDG_CURRENT_DESKTOP
      - tca can open wi-fi config window

  * Test suite: drop low-value tests, add Cucumber tags, improve wording a little
    (tails/tails!479)

    Commits:
      - Test suite: try harder not to click a button before it's active
      - Test suite: remove a few low-value USB installation, upgrade, and boot tests
      - Test suite: remove wget plaintext http:// test
      - fixup! Test suite: remove whois(1) tests
      - Test suite: give generic method a more generic name
      - Test suite: remove whois(1) tests
      - Test suite: merge closely related scenarios to improve performance
      - Test suite: use an existing snapshot instead of booting a fresh Tails
      - Test suite: improve wording of scenarios and steps
      - Test suite: remove Pidgin custom certificates tests
      - Test suite: remove basic AppArmor test
      - Test suite: remove GnuPG keyserver test
      - Test suite: remove browser plugins tests
      - Test suite: add @slow and @not_release_blockers Cucumber tags
      - Test suite: remove definition for unused step
      - Test suite: remove VirtualBox test

  * Generate the Vagrant base boxes using vmdb2 instead of vmdebootstrap
    (tails/tails!478)

    Commits:
      - Add shellcheck exception.
      - Drop insane backticks.
      - Re-introduce some comments that were lost when migrating to vmdb2.
      - Build doc: remove obsolete instructions
      - vmdb2: remove no-op duplicated mirror parameters
      - Fix copy-paste mistakes.
      - Use grub.d instead of fighting with sed/perl escaping.
      - vmdb2: disable caching
      - Drop duplicated work.
      - Update docs and instructions for migration from vmdebootstrap to vmdb2.
      - Let's stop claiming Tails can be built from Stretch.
      - Escape \ in here doc.
      - Vagrant: work around Debian#951257.
      - Vagrant: abort when the proxy is invalid.
      - Vagrant: use IP address for internal proxy.
      - Drop leftovers from when we used vmdeboostrap to generate Vagrant boxes.
      - Apply policy-rc.d trick to workaround Debian bug when installing udisks2 in a
        chroot.
      - tails-builder: install missing udisks2 deps.
      - Workaround the fact subshells don't inherit set -e
      - Drop debugging.
      - Include the .qcow2, not raw image, in the Vagrant box.
      - Bump tails-builder image back to 20G.
      - More clean up.
      - Switch to vmdb2-based Vagrant box creation (refs: #15349)
      - Split long command over multiple lines.
      - Generate .box file.
      - Add back --rootfs-tarball argument to vmdb2.
      - Use correct sed syntax in replacement to refer to matched groups.
      - Use variables in place of hard-coded strings.
      - Shell quoting++
      - Drop unnecessary `touch`.
      - Clean up before and after calling vmdb2.
      - Generate image name dynamically.
      - Set APT serials dynamically.
      - Use mktemp for temporary file.
      - Drop unused stuff for generating container images.
      - Do `set -u` in script.
      - vmdb2: append newline at the end of authorized_keys entry
      - vmdb2: add HTTP proxy support
      - WIP: Vagrant: script for generating tails-builder images using vmdb2 instead of
        vmdebootstrap (refs: #15349)

  * Drop obsolete workaround for Jenkins passing mergebasebranch (tails/tails!475)

    Commits:
      - Revert "Rakefile: handle jenkins passing the now obsolete mergebasebranch."

  * custom-apt-cruft-check: indentify used binary packages where we lack the source
    (tails/tails!473)

    Commits:
      - custom-apt-cruft-check: add support for the testing suite
      - custom-apt-cruft-check: indentify used binary packages where we lack the
        source.

  * GitLab CI (test-tca): add missing python3-dbus dependency (tails/tails!472)

    Commits:
      - GitLab CI (test-tca): add missing python3-dbus dependency

  * Disable shellcheck false positive (tails/tails!471)

    Commits:
      - Disable shellcheck false positive

  * Fix the dependencies of tca-portal.service and tca-portal.socket
    (tails/tails!461)

    Commits:
      - Fix tca-portl.{socket,service} dependencies
      - Let tca-portal.service be started via systemd socket activation

  * Resolve "No spinner when starting Tor Browser from TCA" (tails/tails!459)

    Commits:
      - offline step now follows wording from our design
      - FIX: going offline should not display error step
      - tca-portal open applications using gtk stuff

  * Drop monkeysphere configuration (tails/tails!454)

    Commits:
      - Drop monkeysphere configuration

  * Use v3 Onion Service for the deb.torproject.org APT repository
    (tails/tails!453)

    Commits:
      - Use v3 Onion Service for the deb.torproject.org APT repository

  * Test suite: drop Seahorse tests (tails/tails!451)

    Commits:
      - Test suite: drop now useless background
      - Test suite: update rationale for workaround
      - Test suite: drop support for running v2 Onion services in Chutney
      - Test suite: drop Seahorse tests

  * Maintain our Tor Browser AppArmor profile delta in a simpler way
    (tails/tails!449)

    Commits:
      - Test suite: don't break if there are multiple Firefox processes
      - lint_po: ignore torbrowser-launcher's PO files
      - generate-build-manifest: support builds that used no source package
      - Switch to a simpler way to maintain our Tor Browser AppArmor profile delta
      - Rebase AppArmor profile for Tor Browser on top of torbrowser-launcher 0.3.3-5

  * Recover TCA fix + test suite work from now defunct !431 (tails/tails!447)

    Commits:
      - Test suite: fix racy test.
      - Test suite: avoid using regex matching since we can.
      - Test suite: drop escaping we already deal with.
      - Test suite: implement proper dropping of markup.
      - Test suite: escape single-quotes in generated Python strings.
      - Test suite: drop markup from translated strings.
      - Test suite: make Dogtail automatically translate strings.
      - TCA: fix tor crashing when falling back to default bridges.

  * TCA asks for confirmation if you close it during progress (tails/tails!446)

    Commits:
      - Apply 1 suggestion(s) to 1 file(s)
      - asks confirmation on quit during progress

  * TCA: explain the autoconfig better and implement designed behavior for
    displaying help (tails/tails!445)

    Commits:
      - TCA: hide bridge help by default
      - TCA: use the designed toggle instead of a link near "Configure a Tor bridge" in
        consent question
      - TCA: Explain more about the implications of the autoconfig of Tor

  * Resolve "TCA connects with default bridges when it shouldn't" (tails/tails!444)

    Commits:
      - TCA always saves configuration

  * Resolve "TCA status does not reflect the current status of the connection to
    Tor" (tails/tails!443)

    Commits:
      - tca reacts to /run/tor-has-bootstrapped/done
      - tca monitors /run/tor-has-bootstrapped/done

  * Improve Tor Connection GUI (tails/tails!438)

    Commits:
      - Test suite: adapt to UI changes in TCA.
      - Fix shellcheck regressions
      - TCA: add title to proxy configuration window
      - TCA: add link to doc in consent question
      - TCA: make status messages consistently include "to Tor"
      - TCA: define margin in 1 single place
      - TCA: make the bridges config screen breathe
      - TCA: implement designed link to the bridges doc
      - TCA: remove icons on proxy port & pasword entries
      - TCA: make the "Connecting" progress screen breathe
      - TCA: make proxy configuration visual layout linear
      - TCA: basic visual layout for the "Error connecting to Tor" screen
      - TCA: reorganize container/child structure to fix vertical text alignment
      - TCA: Fix vertical text alignment
      - TCA: Fix vertical text alignment
      - TCA: make "Connected to Tor successfully" a progress-box-heading
      - TCA: add standard spacing between label and progress bar
      - TCA: make "Connecting to Tor…" a progress-box-heading
      - TCA: move progress-box-heading styling to CSS
      - TCA: make it breathe
      - TCA: drop duplicate margin
      - TCA: improve vertical alignment of success icon
      - TCA: hide percentage
      - fixup! TCA: use Unicode ellipsis char
      - TCA: use correct Unicode char
      - TCA: hide non-functional "Reset Tor Connection" button
      - TCA: explicitly declare translation domain in Glade UI file
      - TCA: style step titles via CSS, make them larger
      - TCA: make layout more GNOME HIG compliant
      - TCA: use non-deprecated margin properties, make them multiples of 6px
      - TCA: make the "Start Tor Browser button" fill the dialog width as designed
      - TCA: drop custom font size
      - TCA: use standard GNOME HIG spacing
      - TCA: improve visual layout
      - TCA: fix alignment
      - TCA: improve visual layout
      - TCA: simplify CSS
      - TCA: port CSS to pixels and start making it a bit more GNOME HIG compliant
      - TCA: give widget a name so it can be styled with CSS
      - WIP: save with glade/sid
      - Git, please ignore Glade backup files for TCA
      - TCA Glade UI: require the GTK version we're shipping in Tails 4.x

  * Resolve "Confusing behavior of Tor Connection in offline mode"
    (tails/tails!436)

    Commits:
      - better function naming
      - offline mode error strings changed
      - FIX ci dependencies for tca
      - update gettext strings
      - tca offline mode errors are translatable
      - TCA give clear error message in Offline Mode
      - tailslib has doctests
      - tailslib: can check greeter variables

  * Resolve "Ensure WhisperBack still tells us how successful connections to Tor
    were made" (tails/tails!434)

    Commits:
      - whisperback includes tca details

  * TCA UI improvements (tails/tails!428)

    Commits:
      - Test suite: don't throw TCAConnectionFailure on try_for() timeout.
      - Test suite: adapt for recent UI changes in TCA.
      - explain bridge requirements in hide mode
      - smaller image in TCA
      - Improvements to TCA GUI
      - doc: how to tweak tca GUI
      - corner case about bridge validation
      - FIX resize problems through GtkStack
      - tca UI improvements
      - changing to default bridges is honored
      - tca ui more consistent

  * TCA reports an error in case of slow connection (tails/tails!426)

    Commits:
      - progress bar was very slow; + more testing
      - tca timeout understands "sign-of-life" UX concept
      - quick & dirty: increase timeout

  * Display an error message when upgrader fails to check for available upgrades
    (tails/tails!412)

    Closes issues:
      - Display an error message when the Upgrader fails to check for available
        upgrades (tails/tails#18238)

    Commits:
      - Display a dialog if an error happens when getting the UDF
      - Make debugging_info parameter optional
      - Display an error dialog when the Upgrader fails to check for available upgrades

  * Rename "MAC address spoofing" as "MAC address anonymization" (tails/tails!411)

    Commits:
      - Be more helpful
      - Avoid in-page link
      - Rewrite
      - Rename "MAC address spoofing" as "MAC address anonymization" (#18286)

  * Upgrade Linux to 5.10.24 (tails/tails!409)

    Commits:
      - Upgrade Linux to 5.10.24
      - Revert "Install linux-compiler-* linux-kbuild-* from our custom APT repository"

  * Fix shellcheck error (tails/tails!394)

    Commits:
      - Fix shellcheck error

  * Establish a coding standards baseline on our shell code base (tails/tails!190)

    Commits:
      - GitLab CI: install "file" for the shellcheck test
      - Lint
      - Lint
      - GitLab CI: use Unit test reports for shellcheck
      - shellcheck-tree: drop unused import
      - shellcheck-tree: drop obsolete comment
      - GitLab CI: check shell scripts
      - ShellCheck: fix remaining offenses
      - ShellCheck: fix remaining SC2086 offenses
      - shellcheck-tree: skip built website
      - Drop unused variables
      - ShellCheck: make exceptions where warranted
      - Misc. linting suggested by ShellCheck
      - shellcheck-tree: new script, that runs shellcheck on all shell scripts
      - Misc. linting suggested by ShellCheck
      - ShellCheck: make exceptions where warranted
      - Drop $ in arithmetic variables
      - Drop useless calls to cat
      - ShellCheck: fix offenses
      - ShellCheck: fix SC2155 offenses
      - ShellCheck: backticks → $()
      - auto/config: fix stderr redirection
      - Factorize
      - ShellCheck: make exceptions where warranted
      - ShellCheck: add missing quoting
      - branch_name_to_suite: fix bug in tr call
      - ShellCheck: disable false positive
      - unsafe-browser: use $* when our intent is to concatenate
      - keepassxc wrapper: fix behavior in case 2+ arguments are passed
      - live-persist: fix usage message
      - ShellCheck: fix SC2162 offense
      - ShellCheck: make exceptions where warranted
      - ShellCheck: add missing quoting
      - ShellCheck: fix SC2006 offenses
      - ShellCheck: fix SC2155 offenses
      - Drop useless "echo"
      - ShellCheck: make exceptions where warranted
      - ShellCheck: fix SC2006 offenses
      - ShellCheck: replace deprecated tempfile with mktemp (SC2186)
      - ShellCheck: add missing quoting
      - Replace antiquated use of expr
      - Drop unused variables
      - ShellCheck: fix SC2155 offenses
      - ShellCheck: disable check that generates mostly false positives
      - Simplify
      - Drop unused variables
      - ShellCheck: add missing quoting
      - Drop unused variable
      - ShellCheck: fix SC2059 offense
      - Ensure here-doc text is not subject to parameter expansion, command
        substitution, and arithmetic expansion, unless we do need it
      - ShellCheck: fix SC2162 offenses
      - chroot_local-hooks: consistently set the executable bit
      - Simplify
      - Make for loop more robust
      - Ensure filenames that start with '-' are not interpreted as switches
      - Ensure glob is not expanded by the shell interpreter
      - 10-tbb: fix typo in variable name
      - ShellCheck: lint
      - ShellCheck: make exceptions where warranted
      - ShellCheck: disable false positive
      - ShellCheck: disable following included source files

 -- Tails developers <tails@boum.org>  Mon, 12 Jul 2021 13:50:41 +0200

tails (4.19) unstable; urgency=medium

  * Upgrade Tor Browser to 10.0.17-build1 (tails/tails!468)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 78.11 (tails/tails#18284)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.17-build1.

  * Upgrade Thunderbird to 1:78.10.0-1~deb10u1

  * run_test_suite: fix tor version check with recent tor (tails/tails!450)

    Commits:
      - Chutney: fix tor version check with recent tor
      - run_test_suite: fix tor version check with recent tor

  * Upgrader, tails-security-check: drop CA pinning (tails/tails!448)

    Closes issues:
      - TLS certificate issue prevents tails-upgrade-frontend to check for updates :
        Error while downloading the signing key (tails/tails#18324)

    Commits:
      - Design doc: update tense
      - Remove unused Let's Encrypt certificates
      - Upgrader, tails-security-check: drop CA pinning
      - Design doc: drop overly optimistic future improvement idea
      - Design doc: mirrors used by the Upgrader are all HTTPS nowadays

  * gitlab-triage: migrate from Docker to podman (tails/tails!440)

    Commits:
      - gitlab-triage: migrate from Docker to podman

  * Add password feedback for sudo (refs: #18355) (tails/tails!439)

    Commits:
      - Add password feedback for sudo (refs: #18355)

  * Remove ikiwiki-cgi.setup (tails/tails!405)

    Commits:
      - Document how to test changes to the banner locally
      - Deduplicate content
      - Don't disable plugins that are not enabled by default
      - Remove ikiwiki-cgi.setup and references to it

 -- Tails developers <tails@boum.org>  Mon, 31 May 2021 09:19:03 +0000

tails (4.18) unstable; urgency=medium

  * Upgrade Thunderbird to 78.9.0-1~deb10u1

  * Upgrade Tor Browser to 10.0.16 (tails/tails!400)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 78.10 (tails/tails#18252)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.15.

  * Upgrade Intel microcodes to 3.20210216.1~deb10u1

  * Upgrade firmware-linux-nonfree to 20210315-2

  * Remove Poedit (#18236) (tails/tails!395)

    Commits:
      - Remove Poedit (#18236)

  * Display an error message when the Upgrader fails to download the signing key
    (tails/tails!390)

    Closes issues:
      - Display an error message when the Upgrader fails to check for available
        upgrades (tails/tails#18238)

    Commits:
      - Display an error message when the Upgrader fails to download the signing key

  * Remove clock sync notification (tails/tails!389)

    Closes issues:
      - Remove the "clock synchronization" notification (tails/tails#7439)

    Commits:
      - tails-htp-notify-user only notifies if $problems

  * Bump snapshots of the Debian APT archive to 2021033101 (tails/tails!388)

    Commits:
      - Bump snapshots of the Debian APT archive to 2021033101

  * APT: use non-onion HTTPS sources for Debian repositories (tails/tails!383)

    Closes issues:
      - Fix failures with Debian's APT repository onion service (tails/tails#17993)

    Commits:
      - APT: use non-onion HTTPS sources for Debian repositories

  * Merge base branch earlier (tails/tails!381)

    Closes issues:
      - The mergebasebranch option merges the base branch too late (tails/tails#12557)

    Commits:
      - Document that faketime is needed on the host to build Tails.
      - Vagrant: don't install faketime any more.
      - Drop useless version part from development build filenames.
      - Build system: only add base branch info to image names when relevant.
      - Build system: make development images' names more consistent.
      - Build system: move around logic to reduce ENV state.
      - Build system: re-run rake after merging base branch (#12557)
      - Rakefile: handle jenkins passing the now obsolete mergebasebranch.
      - Build system: by default, merge the base branch early when building (#12557)

 -- Tails developers <tails@boum.org>  Mon, 19 Apr 2021 14:19:38 +0000

tails (4.17) unstable; urgency=medium

  * Upgrade Thunderbird to 78.8.0-1~deb10u1

  * Upgrade Tor Browser to 10.0.14-build1 (tails/tails!382)

    Commits:
      - Upgrade Tor Browser to 10.0.14-build1.

  * Upgrade tor to 0.4.5.7 (tails/tails!380)

    Closes issues:
      - Upgrade tor to 0.4.5.7 (tails/tails#18244)

    Commits:
      - Upgrade tor to 0.4.5.7

  * Retry failed upgrade downloads, reusing the previously downloaded data, and
    fallback to the DNS mirror pool (tails/tails!379)

    Closes issues:
      - Make it possible to resume an automatic upgrade download (tails/tails#15875)
      - Make Tails Upgrader resilient to broken mirrors (tails/tails#17615)

    Commits:
      - Tails::IUK::TargetFile::Download: always disable exponential backoff when
        running tests
      - Tails::IUK::LWP::UserAgent::WithProgress: display correct progress status when
        resuming a previously failed download
      - Give Tails::IUK::LWP::UserAgent::WithProgress information that it'll need
      - Refactoring: make temp_file an attribute
      - Refactoring: use more meaningful variable name and document what value it holds
      - GitLab CI: disable test that now requires systemd
      - Retry failed upgrade downloads, reusing the previously downloaded data, and
        fallback to the DNS mirror pool
      - Upgrader hardening: comment out sudo env_keep settings that are not needed in
        production
      - Tails::Download::HTTPS hardening: drop support for SSL_NO_VERIFY
      - Upgrader test suite: remove useless Win32 support code

  * Repair the filesystem on the system partition and avoid breaking it in the
    first place (tails/tails!374)

    Closes issues:
      - Deleted obsolete automatic upgrades still occupy disk space ⇒ no automatic
        upgrade possible after a while (tails/tails#17902)

    Commits:
      - On boot, repair the filesystem on the system partition
      - Refactoring: move repartitioning code to a function
      - Unmount the system partition on shutdown

  * Upgrade GRUB2 to 2.04-16+ (tails/tails!372)

    Closes issues:
      - Upgrade GRUB2 to 2.04-16+ (tails/tails#18227)
      - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)

    Commits:
      - Bump snapshots of the Debian APT archive to 2021030401

  * Upgrade non-free Linux firmware to 20210208-3 (tails/tails!371)

    Closes issues:
      - Upgrade non-free Linux firmware to 20210208-3+ (tails/tails#18226)
      - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)

    Commits:
      - Revert "Temporarily install the kernel from Bullseye"
      - Refresh uBlock patch
      - Bump snapshots of the Debian APT archive to 2021030101

  * Test suite: relax delay for OpenPGP future expiration date (tails/tails!370)

    Commits:
      - Test suite: relax delay for OpenPGP future expiration date

  * Improve security advisory since they don't list vulnerabilities anymore
    (tails/tails!369)

    Commits:
      - Help people find the information on their own (#18221)
      - Remove not-so-helpful TOC
      - Simplify and reuse the same wording
      - Don't make people click for nothing (#18221)

  * Clarify error message when starting the Unsafe Browser while offline
    (tails/tails!367)

    Closes issues:
      - Clarify error message when the Unsafe Browser was launched without network
        connection (tails/tails#12251)

    Commits:
      - Test suite: update to match UI change
      - Clarify error message when starting offline (#12251)

  * Release process: add po4a version sanity checks (tails/tails!364)

    Commits:
      - Release process: ensure the RM has the correct version of po4a

  * Upgrade our production and test-only tor configuration (tails/tails!363)

    Closes issues:
      - Upgrade our production and test-only tor configuration (tails/tails#18216)

    Commits:
      - Test suite: bump PathsNeededToBuildCircuits to 0.67, like Chutney
      - Test suite: drop "TestingBridgeDownloadInitialDelay" customization
      - Test suite: drop "DownloadInitialDelay" testing options that we set to their
        default value
      - Test suite: drop unused second argument for the "DownloadInitialDelay" tor
        testing options
      - Test suite: use the new "DownloadInitialDelay" names for the "DownloadSchedule"
        tor testing options
      - torrc: drop obsolete WarnUnsafeSocks setting
      - torrc: migrate from deprecated {Control,Trans}ListenAddress to
        {Control,Trans}Port address syntax

  * Upgrade tor to 0.4.5.6 (tails/tails!361)

    Commits:
      - run_test_suite: abort if the host system's tor is too old
      - Test suite setup doc: ensure we have a recent enough tor
      - Test suite setup doc: update APT pinning to support current QEMU backport
      - Upgrade tor to 0.4.5.6 final

  * Update uBlock Origin patch (tails/tails!354)

    Commits:
      - Refresh uBlock patch

  * Resolve "onion-grater race condition" (tails/tails!345)

    Closes issues:
      - onion-grater race condition (tails/tails#18123)

    Commits:
      - whitespace
      - onioncircuits: longer options are more readable
      - tails-create-netns: more consistent style
      - tails-create-netns: avoid bashisms
      - a11y-proxy-netns: explain behavior with comments
      - review tips: is_veth_nic is more readable
      - review tips: clearer behaviour
      - Remove another remain from the reverted TBB experiment.
      - veth exclusion: log to debug
      - don't spoof veth interfaces
      - a11y proxy now can be passed to the right netns
      - onioncircuits is accessible!
      - small cleanup to tailslib.gnome
      - really: let's forget about TBB and its netns
      - Let's forget about TBB in its netns
      - get_all_ethernet_nics behave even if no real eth
      - update design doc for netns improvements
      - test: tor can bind a non-127.0.0.1 port
      - FIX helper lib to recognize veth appropriately
      - better wording
      - tails-documentation: fixed when Tor is not ready
      - sudo tor-browser allowed
      - FIX service: run before network.target
      - we need veth: don't blacklist it, it's harmless
      - /stop tails-create-netns service can stop
      - FIX tails-create-netns.service
      - TBB: changed onion-grater
      - TBB works + port 9150 drop
      - netns: firewall configuration moved to ferm
      - configure tor and ferm for TBB netns address
      - tails-create-netns is a systemd.service
      - onion-grater whitelisted in sane_defaults
      - onioncircuits profile adapted to netns
      - onioncircuits wrapper to use netns
      - still a draft, but at least tidier
      - DRAFT of network namespace support

  * Test suite: disable sound forwarding to host (tails/tails!333)

    Closes issues:
      - Test suite: consider disabling SPICE audio (tails/tails#18122)

    Commits:
      - Test suite: disable sound forwarding to host (Closes: #18122)

 -- Tails developers <tails@boum.org>  Mon, 22 Mar 2021 08:11:53 +0000

tails (4.15.1) unstable; urgency=medium

  * Upgrade sudo to 1.8.27-1+deb10u3 due to CVE-2021-3156 ("Baron
    Samedit").

 -- Tails developers <tails@boum.org>  Wed, 27 Jan 2021 19:33:08 +0100

tails (4.15) unstable; urgency=medium

  * Upgrade Thunderbird to 1:78.6.0-1~deb10u1

  * Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails!331)

    Closes issues:
      - Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails#18100)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.9-build2.

  * Test suite: support path of tcpdump in current sid (tails/tails!328)

    Closes issues:
      - Test suite broken on current sid: "No such file or directory -
        /usr/sbin/tcpdump" (tails/tails#18126)

    Commits:
      - Test suite: support path of tcpdump in current sid

  * Update CAs trusted to connect to our website (tails/tails!327)

    Closes issues:
      - Upgrader fails to check upgrades: CA changed for our website
        (tails/tails#18127)
      - Remove AddTrust_External_Root.pem from our website CA bundle
        (tails/tails#11811)

    Commits:
      - Fix shell syntax
      - Reference issue and add another related XXX
      - Don't ship individual Let's Encrypt intermediate certificates files in the
        image
      - Move Let's Encrypt intermediate certificates outside of the system-wide CA
        store
      - Upgrader: trust current and upcoming Let's Encrypt intermediate certificates
      - Add current and upcoming Let's Encrypt intermediate certificates
      - Remove AddTrust_External_Root.pem from our website CA bundle (refs: #11811).

  * Upgrade Linux to 5.9.15-1~bpo10+1 (stable branch) (tails/tails!325)

    Closes issues:
      - Upgrade to Linux 5.9.15 (tails/tails#18104)
      - Install Intel SOF Firmware and Topology binaries from Debian
        (tails/tails#18096)
      - USB tethering is broken with iOS 14 => Need kernel upgrade (tails/tails#18097)

    Commits:
      - Refresh uBlock patch
      - Install Intel SOF Firmware and Topology binaries from Debian
      - Upgrade Linux to 5.9.15-1~bpo10+1
      - Update APT snapshot for the "debian" archive to 2021011501

  * Upgrade firmware-linux to 20201218-1

  * Migrate blueprints to GitLab wiki (tails/tails!323)

  * Fix stream isolation test suite after !306 (tails/tails!319)

    Closes issues:
      - Test suite: update wrt. recent htpdate changes (tails/tails#18095)

    Commits:
      - fix stream isolation test suite after !306

  * Refresh uBlock patch to fix devel branch FTBFS (tails/tails!318)

    Commits:
      - Refresh uBlock patch

  * Test suite: improve error reporting for GuestFS problems and user mistakes
    (tails/tails!317)

    Commits:
      - Test suite: error out early if images to be tested are directories
      - Test suite: log all guestfs events, not only "trace" level messages

  * Make 'Upgrading the system' dialog appear faster (tails/tails!316)

    Closes issues:
      - Make  "Upgrading the system" dialog appear faster (tails/tails#18051)

    Commits:
      - Upgrader test suite: adjust to match UI changes
      - Warn in advance about the network connection being disabled (#18051)
      - Avoid ambiguous future tense
      - Lint.
      - Upgrader: don't declare variable in conditional statement
      - Upgrader: adjust test suite to user interaction changes
      - Fix typo
      - Make 'Upgrading the system' dialog appear faster

  * Make writing Tails.module more robust (tails/tails!315)

    Closes issues:
      - Make writing Tails.module more robust (tails/tails#17906)

    Commits:
      - Make writing Tails.module more robust

  * Fix support for Ledger hardware wallet, by upgrading python3-btchip
    (tails/tails!313)

    Closes issues:
      - "No hardware device detected" with Ledger Nano S wallet in Electrum
        (tails/tails#18080)

    Commits:
      - Fix support for Ledger hardware wallet, by upgrading python3-btchip

  * Test expiration date for all keys trusted by APT (tails/tails!310)

    Closes issues:
      - Test expiration date for all keys trusted by APT (tails/tails#18094)

    Commits:
      - Test suite: improve Gherkin phrasing
      - Test suite: check expiration date for all trusted APT keys

  * Log more info upon curl failure in htpdate (tails/tails!306)

    Commits:
      - htpdate: make output more useful on name resolution errors
      - htpdate: include stdout and stderr of curl(1) upon failure
      - htpdate: remove misleading comment

  * Clarify that this message is about the size of the USB stick (#18073)
    (tails/tails!305)

    Closes issues:
      - Improve error message when the USB stick is too small (tails/tails#18073)

    Commits:
      - Add comment to explain the unit being used
      - Display too small boot device size in GB, not GiB
      - Display too small boot device size with 1 digit of precision after the decimal
        point
      - Make displayed number and unit match
      - Only use variable after we've assigned it a value
      - Clarify that this message is about the size of the USB stick (#18073)

  * Thunderbird: drop obsolete patch. (tails/tails!304)

    Commits:
      - Thunderbird: drop obsolete patch.

  * Make build reproducibility verification easier (tails/tails!303)

    Commits:
      - Don't trust any random key that has a UID which contains "deb.tails.boum.org"
      - Make formatting consistent with other command lines
      - Minor rephrasing
      - Fix typo
      - Use numbered list: order matters
      - Reorder instructions to avoid a step essentially depend on the next one
      - contribute/build.mdwn: add instruction for importing deb.tails.boum.org key
      - release_process/test/reproducibility.mdwn: add -p to mkdir
      - Rakefile: add option to scp to disable agent

  * Test suite: differentiate between tordate and htpdate errors (tails/tails!295)

    Commits:
      - Test suite: split exception.
      - Test suite: use more specific exception.
      - We can have TimeSyncingError due to tordate, so no htpdate log exists.
      - Rename variable and rearrange code to fix scoping issues.
      - Test suite: differentiate between tordate and htpdate errors.

  * Add "Don't Show Again" button to the notification when starting Tails in a VM
    (tails/tails!284)

    Closes issues:
      - Add "Don't Show Again" button to notifications where appropriate
        (tails/tails#10553)

    Commits:
      - swap buttons in tails-virt-notify-user
      - Refresh translations.
      - tails-documentation: drop yelp dependency.
      - Revert "Patch libdesktop-notify-perl to accept an array ref for actions."
      - tails-documentation: let Gnome start Tor Browser so it can quit.
      - tails-virt-notify-user: port form Perl to Python.
      - Simply
      - Improve button labels
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - tails-virt-notify-user: make action IDs globally unique again.
      - Simplify.
      - tails-virt-notify-user: make action buttons ordering deterministic.
      - Patch libdesktop-notify-perl to accept an array ref for actions.
      - live-persist: always enable support for "Don't ask again" (refs: #10553).
      - tails-virt-notify-user: only show "Don't ask again" if feature is available
        (refs: #10553).
      - tails-virt-notify-user: add "Don't ask again" button PoC (refs: #10553).
      - Add tooling for "Don't ask me again" feature for notifications etc.

 -- Tails developers <tails@boum.org>  Mon, 25 Jan 2021 08:23:10 +0000

tails (4.14) unstable; urgency=medium

  * Grant the user read access to external Persistent Storage (tails/tails!300)

    Closes issues:
      - Nautilus cannot open a plugged Tails Persistent Storage anymore
        (tails/tails#18050)

    Commits:
      - Make *external* TailsData's root user-readable when mounted (closes: #18050)

  * Upgrade Tor Browser to 10.0.7 (tails/tails!297)

    Closes issues:
      - Upgrade Tor Browser to 10.0.7 (tails/tails#18058)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.7-build1.

  * Add a script to help updating our UX debt spreadsheet (tails/tails!292)

    Commits:
      - ux-debt-changes: list issues that had the UX:debt label removed
      - ux-debt-changes: list issues that had the UX:debt label added
      - ux-debt-changes: allow running only some of the supported reports
      - ux-debt-changes: cache GitLab API responses
      - ux-debt-changes initial version: lists solved or rejected UX:debt issues since
        a date

  * Upgrade to Linux 5.9 and to Buster 10.7 (tails/tails!288)

    Closes issues:
      - Upgrade Linux to 5.9 (tails/tails#17973)
      - Upgrade to Buster 10.7 (tails/tails#17995)

    Commits:
      - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1
      - Install the kernel from buster-backports
      - Upgrade Tails and the Vagrant build box to Debian Buster 10.7

  * Test suite: make evince "Print to File" test more robust (tails/tails!287)

    Commits:
      - Test suite: update and fix comment
      - Test suite: make evince "Print to File" test more robust

  * Upgrade Linux to 5.9 (devel branch) (tails/tails!285)

    Commits:
      - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1

  * Don't include URLs pointing to our live website in translatable strings
    (tails/tails!283)

    Commits:
      - Upgrader: don't use non-existent debug method
      - GitLab CI: ensure we don't re-add translatable URLs to our live website
      - Update POT and PO files
      - Don't include URLs pointing to our live website in translatable strings
      - Lint

  * Test suite: bump timeout for the Greeter's GUI to update after language change.
    (tails/tails!279)

    Commits:
      - Revert "Test suite: switch from sleep() to more robust approach."
      - Test suite: switch from sleep() to more robust approach.
      - Test suite: bump timeout for the Greeter's GUI to update after language change.

  * Port otr-bot to Python 3 and migrate to slixmpp (tails/tails!278)

    Closes issues:
      - Test suite's otr-bot.py has obsolete dependencies (tails/tails#17031)

    Commits:
      - Test suite doc: update dependencies
      - Make otr-bot quiet.
      - otr-bot: linting.
      - Improve variable names.
      - otr-bot: port to python3 and migrate from jabberbot to slixmpp.

  * Detect corrupt GnuPG public keyring and restore its backup (tails/tails!275)

    Closes issues:
      - Automate fix for "GnuPG keys missing" problem (tails/tails#17807)

    Commits:
      - Try to detect corrupt GnuPG pubring.kbx and restore any backup (refs: #17807)

  * Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter
    (tails/tails!274)

    Commits:
      - Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter

  * Install the kernel from buster-backports (tails/tails!273)

    Commits:
      - Install the kernel from buster-backports

  * Enable Electrum's Ledger hardware wallet support (tails/tails!272)

    Closes issues:
      - Ledger Nano S hardware wallet is not recognized due to wrong udev rules
        (tails/tails#15353)

    Commits:
      - Enable Electrum's Ledger hardware wallet support

  * Test suite: update expected title of the GitLab page we use (tails/tails!271)

    Commits:
      - Test suite: update expected title of the GitLab page we use

  * Port Tails Installer to Python 3 (tails/tails!270)

    Closes issues:
      - Port Tails Installer to Python 3 (tails/tails#10085)
      - Installer: get rid of workaround for udisks bug#418 in SetFlags()
        (tails/tails#15010)

    Commits:
      - Update POT and PO files
      - Also undo mistaken changes to Tails 3.0 release note PO files.
      - Installer: get rid of workaround for udisks#418 in SetFlags()
      - Installer: update URL (Redmine → GitLab)
      - Installer: drop obsolete comment
      - Installer: don't make user-facing URLs translatable
      - Undo mistaken change to Tails 3.0 release notes.
      - Tails Installer: fix incorrect function/variable names.
      - Update installer's deps after porting to Python 3 (refs: #10085)
      - Apply 1 suggestion(s) to 1 file(s)
      - Tails Installer: don't show install/cancel buttons on warning prompts.
      - Tails Installer: delay deletion of parents until all drives have been examined.
      - Tails Installer: update PO/POT files after migration to Python 3.
      - Tails Installer: move into Python 3's dist-packages.
      - Tails Installer: revive _set_liberal_perms_recursive().
      - Tails Installer: pass argument list to subprocess.Popen().
      - Tails Installer: port to Python 3 based on saschamarkus's patches (refs:
        #10085).

  * Update deb.torproject.org's APT key (tails/tails!269)

    Closes issues:
      - Outdated APT key for deb.torproject.org (tails/tails#18042)

    Commits:
      - Stop installing deb.torproject.org-keyring
      - Update deb.torproject.org's APT key

  * Release process: drop dependency on parallel_collect_IUKs (tails/tails!267)

    Commits:
      - Lint
      - Release process: don't pass --debug to copy-iuks-to-rsync-server-and-verify
      - Release process: drop dependency on parallel_collect_IUKs
      - Lint

  * Allow users to change persisted admin password option (tails/tails!266)

    Closes issues:
      - Allow users to change persisted admin password option (tails/tails#18018)

    Commits:
      - Fix not being able to delete a once persisted admin password

  * Upgrade Thunderbird to 1:78.5.1-1~deb10u1, and accordingly update
    its patch series (tails/tails!264)

    Closes issues:
      - All branches FTBFS since Thunderbird 78.5.0 upload (tails/tails#18034)

    Commits:
      - Drop Thunderbird patch: applied in 78.5.0 upstream
      - Drop Thunderbird patch: applied in 78.5.0 upstream
      - patch-thunderbird: log which patch we're currently trying to apply
      - Lint

  * Stop installing the Unifont fonts (tails/tails!263)

    Commits:
      - Stop installing the Unifont fonts

  * Upgrade tor to 0.4.4.6 (tails/tails!259)

    Commits:
      - Upgrade tor to 0.4.4.6

  * Document python-gitlab setup needed for generate-changelog and generate-report
    (tails/tails!258)

    Commits:
      - Don't track testing forever
      - Make instructions work on sid
      - python3-gitlab from Buster doesn't work
      - Document torsocks for GitLab scripts
      - Improve readibility
      - generate-changelog, generate-report: point to documentation
      - Document how to configure python-gitlab

  * Test suite: use the qemu-xhci USB controller (tails/tails!255)

    Closes issues:
      - Use qemu-xhci for TailsToaster (tails/tails#15831)

    Commits:
      - Test suite: use the qemu-xhci USB controller

  * Require Buster or newer for running our test suite (tails/tails!254)

    Closes issues:
      - Require Buster or newer for running our test suite (tails/tails#17842)

    Commits:
      - Test suite: run a Q35 5.0 machine
      - Test suite: drop workarounds for running on Stretch
      - run_test_suite: drop support for Stretch
      - Test suite doc: drop support for Stretch

 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2020 08:56:31 +0000

tails (4.13) unstable; urgency=medium

  * Tor Browser 10.0.5 (tails/tails!253)

    Closes issues:
      - Upgrade to Tor Browser 10.0.5 (tails/tails#18017)
      - Most Tor Browser scenarios fail (tails/tails#18016)
      - Only ship locale definitions that the user can select in the Welcome Screen
        (tails/tails#17139)

    Commits:
      - Mark security issue as fixed
      - Test suite: avoid wait_any() in error-prone situation.
      - Test suite: adapt image so it works for RTL locales too.
      - Upgrade Tor Browser to 10.0.5-build1.
      - Automate++

  * Browsers: drop el-GR from browser localization (tails/tails!252)

    Closes issues:
      - "The Unsafe Browser can be used in all languages supported in Tails" scenario
        fails in Greek (tails/tails#18015)

    Commits:
      - Browsers: drop el-GR from browser localization.

  * Test suite: wait for GNOME Overview launchers to be ready before interacting
    with them (tails/tails!251)

    Closes issues:
      - Most Tor Browser scenarios fail (tails/tails#18016)

    Commits:
      - Test suite: wait for GNOME Overview launchers to be ready before interacting
        with them (fixes: #18016).

  * Garbage collect website cache more aggressively (tails/tails!248)

    Closes issues:
      - Some builds fail on Jenkins due to lack of disk space to store cached built
        website (tails/tails#18010)

    Commits:
      - website-cache: don't delete lost+found directory
      - Lint
      - website-cache: garbage collect cache directories older than 20 days

  * generate-report: Buster compatibility, help the user install dependencies
    (tails/tails!247)

    Commits:
      - generate-report: add helpful message on missing Python modules
      - generate-changelog, generate-report: support Python 3.7

  * custom-apt-cruft-check: fix output when there's nothing to remove
    (tails/tails!246)

    Commits:
      - custom-apt-cruft-check: fix output when there's nothing to remove

  * Release process: streamline configuration and environment management
    (tails/tails!245)

    Commits:
      - Release process: rename variable to avoid confusion
      - Apply 1 suggestion(s) to 1 file(s)
      - Fix typo in suggestion
      - Apply 3 suggestion(s) to 3 file(s)
      - rm-config: workaround pylint false positives
      - remove-unused-udfs: lint
      - remove-unused-udfs: actually use passed before_version
      - rm-config: add mypy exceptions
      - rm-config: add docstrings
      - rm-config: lint
      - rm-config: drop unused import
      - rm-config: import generation of IUK_SOURCE_VERSIONS
      - Factorize
      - rm-config: import more configuration generation
      - rm-config: validate configuration
      - RM config template: quote "FIXME" as it should be in the manually-filled
        version
      - rm-config: fix generate-environment for non-string values
      - rm-config: log config before validating
      - rm-config: pass stage to Config()
      - rm-config: add validate-configuration action
      - Release process: consistently provide editor command-line
      - rm-config: ensure generated shell snippet has a trailing newline
      - Release process: move generation of derived values to rm-config
      - Lint
      - Release process: fully phrase the rm-config usage bits
      - Release process: bring all notes together
      - Release process: document how to get your own local.yml
      - Release process: convert example local.yml to YAML, move generated variable out
        of it
      - Add type hints
      - Lint
      - rm-config: generate boilerplate config, read config & export it as shell
        environment
      - Release process: ensure the configuration does not taint the next release
        process
      - Document config format
      - Ensure RM config snippets produce 1 single YAML document when concatenated
      - Release process: specify interface for new RM config management.

  * WhisperBack: include the output of lsusb in reports (tails/tails!244)

    Commits:
      - WhisperBack: include the output of lsusb in reports

  * Automate Tor Browser WebRTC tests (tails/tails!243)

    Closes issues:
      - Automate Tor Browser WebRTC tests (tails/tails#10264)

    Commits:
      - Test suite: automatically test that WebRTC is disabled in Tor Browser
      - Test suite: refactoring (extract code to function)

  * GitLab CI: only run the apt-snapshots-expiry job when relevant
    (tails/tails!242)

    Commits:
      - GitLab CI: only run the apt-snapshots-expiry job when relevant
      - GitLab CI: switch to "Pipelines for Merge Requests" mode

  * GitLab CI: check PO files that we did not import from Transifex yet, only run
    PO checks when relevant (tails/tails!241)

    Commits:
      - Lint
      - GitLab CI: lint
      - GitLab CI: only run check-po-msgfmt and lint-po when relevant
      - GitLab CI: check PO files that we did not import from Transifex yet

  * Add script that checks which packages in our custom APT repo are unused
    (tails/tails!240)

    Closes issues:
      - Remove cruft from our custom APT repository (2020Q4 edition)
        (tails/tails#17997)

    Commits:
      - custom-apt-cruft-check: look for custom package on the suite we're working on
      - custom-apt-cruft-check: update script description to match current usage
      - custom-apt-cruft-check: fix generated reprepro command
      - custom-apt-cruft-check: make output command line easier to copy'n'paste
      - custom-apt-cruft-check: use a command line argument to specify which suite to
        check
      - Revert overzealous linting
      - custom-apt-cruft-check: fix branch check
      - Lint
      - custom-apt-cruft-check: add helpful comment to error message
      - custom-apt-cruft-check: output require reprepro clean up command
      - custom-apt-cruft-check: fetch .build-manifest from Jenkins
      - custom-apt-cruft-check: change quoting so \n becomes an actual newline
      - custom-apt-cruft-check: also support the devel branch/APT suite
      - Lint
      - custom-apt-cruft-check: add support for Onion service
      - Add script that checks which packages in our custom APT repo that are unused.

  * Release process: automate removing unused UDFs (tails/tails!239)

    Commits:
      - Remove UDFs for versions we'll never release
      - remove-unused-udfs: avoid computing the list of tags multiple times
      - remove-unused-udfs: avoid using global variable.
      - Release process: automate removing unused UDFs
      - Release process: remove now-irrelevant case
      - Release process: move cleaning up Changelog to a smarter place
      - Release process: remove duplicate operation
      - Release process: bundle together actions on the devel branch

  * GitLab CI: check that no APT snapshot will expire within 1 month
    (tails/tails!238)

    Commits:
      - GitLab CI: give job a name that better reflects its, well, job
      - Cleanup
      - GitLab CI: check that no APT snapshot will expire within 1 month.
      - apt-snapshot-expiry: exit with error if any snapshot will expire within 1
        month.
      - Get rid of subshell.

  * Release process: automate generation of email to manual testers
    (tails/tails!237)

    Commits:
      - Release process: make the shell complain if setting PAD was forgotten.
      - Release process: de-duplicate
      - Release process: automate generating the call for manual testing

  * Release process: streamline APT repository operations (tails/tails!236)

    Commits:
      - Release process: only context switch to freeze exception management if needed
      - Release process: streamline thawing time-based APT snapshots
      - Release process: streamline bumping time-based APT snapshots expiration date
      - Fix Vagrant build box APT snapshots updating info
      - Release process: streamline freezing time-based APT snapshots
      - Release process: automate
      - Release process: streamline post-release operations
      - Release process: streamline initializing the versioned custom APT suite
      - Replace link to obsolete reprepro homepage with link to Tracker
      - Release process: automate
      - Release process: streamline merging base branches
      - Custom APT repo doc: move to a script merging a main branch
      - Release process: streamline resetting custom APT suites
      - Lint
      - Custom APT repo doc: move to a script resetting a suite
      - Release process: streamline merging APT overlays
      - Release process: be extra explicit about what "freeze time" means
      - Revert "Release process: be explicit about the required setting when merging"

  * Ensure that we install the required custom packages from our custom APT repo
    (tails/tails!235)

    Commits:
      - Release process: drop VeraCrypt reminder.
      - Build system: ensure we install the required custom packages from our custom
        APT repo.

  * Release process: move big code snippets to scripts (tails/tails!234)

    Commits:
      - Lint
      - Release process: move to a script preparing the included website
      - Release process: move to a script cleaning SquashFS sort file
      - Lint
      - Release process: move to a script generating images signatures and Torrents
      - Lint
      - Release process: move to a script publishing test UDFs
      - Lint
      - Release process: move to a script signing UDFs
      - Release process: move to a script updating the trace file
      - Lint
      - Release process: move to a script publishing IUKs
      - Lint
      - Release process: move to a script announcing and seeding the Torrents
      - Lint
      - Release process: move to a script copying release files to the website
      - Release process: move Tor blog post generation to a script

  * check-po-msgstr: Add option to sanitize .po files (tails#17661)
    (tails/tails!232)

    Commits:
      - check-po-msgstr: Add option to sanitize .po files (tails#17661)

  * GitLab CI: run the perl5lib, persistence-setup, and a subset of the upgrader
    test suites (tails/tails!228)

    Commits:
      - Upgrader test suite: drop noisy output
      - Add missing strictures
      - GitLab CI: run the subset of the iuk test suite that works in a Docker
        environment
      - GitLab CI: run the persistence-setup test suite
      - GitLab CI: run the perl5lib test suite
      - Skip chattr when running in a test environment
      - Perl program test suite doc: run tests in a UTF-8 locale
      - Perl program test suite doc: use command-line --all flag instead of environment
        variable
      - Perl program test suite doc: add missing dependency

  * GitLab CI: run unit tests for tails-gdm-error-message (tails/tails!224)

    Commits:
      - GitLab CI: run unit tests for tails-gdm-error-message

  * GitLab CI: run WhisperBack unit tests (tails/tails!222)

    Commits:
      - GitLab CI: run WhisperBack unit tests

  * GitLab CI: check PO files with lint_po, that calls i18nspector
    (tails/tails!221)

    Commits:
      - GitLab CI: use Debian testing for lint-po stage
      - GitLab CI: check PO files with lint_po, that calls i18nspector

  * Fix test suite robustness regression introduced by the upgrade of lizard
    isotesters to Buster (tails/tails!218)

    Closes issues:
      - Test suite robustness regressed since the lizard isotesters were upgraded to
        Buster (tails/tails#17985)

    Commits:
      - Test suite: don't let Screen#find mess with Screen#wait_vanish's timeout
        argument
      - Test suite: make @screen.find() @screen.wait() for 5 seconds

  * Fix Tails Installer in Turkish and in languages that have a translation for the
    "Clone the current Tails" string (tails/tails!217)

    Closes issues:
      - Tails Installer does not allow upgrade in languages that have a translation for
        the "Clone the current Tails" string (tails/tails#17982)
      - tails-installer fails to operate in Turkish (tails/tails#17576)

    Commits:
      - Fix Tails Installer in Turkish
      - Update POT and PO files
      - Installer: s/Live.?OS/Tails/
      - Installer: use translations for strings defined in Glade

  * Move wrap_test_suite cucumber args logic into run_test_suite (tails/tails!216)

    Commits:
      - run_test_suite: use variable consistently.
      - run_test_suite: don't use current Git state, but the one described by Jenkin's
        environment variables.
      - Fix comment.
      - Test suite: print which Cucumber tags are used on start.
      - Remove unused Rake 'test' task.
      - run_test_suite: make @doc tag handling independent of ~@fragile.
      - Simplify.
      - run_test_suite: move cucumber logic from wrap_test_suite in here (refs:
        tails/sysadmin#17772).

  * Test suite: automate a few manual tests (tails/tails!213)

    Closes issues:
      - Automatically test that we cannot login as root (tails/tails#10274)
      - Automate APT manual tests (tails/tails#17017)
      - Test that the correct keyboard layout is set (tails/tails#10261)
      - Test that DuckDuckGo is the default search engine in Tor Browser
        (tails/tails#10265)
      - Test that the on-screen keyboard works and its layout is correctly set
        (tails/tails#10263)

    Commits:
      - Test suite: fix regexp
      - Test suite: login using the button, not accelerators.
      - Test suite: implement find_any() with real_find().
      - Fix typo
      - Test suite: enable localization tests in Spanish and Turkish
      - Test suite: have #(exists|find|wait)_any return a hash instead of an array
      - run_test_suite: pass --expand to Cucumber
      - Test suite: handle the fact that the browser address bar is initialized lazily
        (Persian edition)
      - Test suite: make new tests not run by default
      - Test suite: automate the screen keyboard manual tests
      - Test suite: enable keyboard layout and browser search engine tests for Arabic
      - Test suite: automate testing that DuckDuckGo is the default search engine in
        all tier-1 languages
      - Test suite: automate testing that the correct keyboard layout is set
      - Test suite: automate manual /bin/su tests
      - Test suite: automate manual APT tests
      - Test suite: fix steps semantics
      - Test suite: don't bother logging in when not needed

  * Drop dead code for read-only persistence (tails/tails!211)

    Closes issues:
      - Drop dead code for read-only persistence (tails/tails#17972)

    Commits:
      - Drop dead code for read-only persistence

  * Make the root directory of the persistence non-world-readable (tails/tails!210)

    Closes issues:
      - Make the root directory of the persistence non-world-readable
        (tails/tails#7465)

    Commits:
      - Put first what matters most to the user
      - Document shortcut
      - Add period at the end of (imperative) sentences
      - Fix Markdown formatting
      - Add, and take benefit from, a GTK bookmark for the persistent Dotfiles source
        directory
      - Make the root directory of the persistence non-world-readable

  * Make udisks less verbose about "errors" to determine whether unused loop
    devices are encrypted (tails/tails!209)

    Commits:
      - Revert "Raise the maximum number of loop devices to 32 (refs: #12065)."

  * Allow raising sound volume above 100% (tails/tails!207)

    Closes issues:
      - Allow raising sound volume above 100% (tails/tails#17322)
      - Re-enable TCP timestamps (tails/tails#17491)

    Commits:
      - Allow raising sound volume above 100%

  * Re-enable TCP timestamps (tails/tails!206)

    Closes issues:
      - Re-enable TCP timestamps (tails/tails#17491)

    Commits:
      - Re-enable TCP timestamps

  * Add a button to restart Tails at the end of creating the Persistent Storage
    (tails/tails!205)

    Commits:
      - Drop unneeded sentence
      - Add a button to restart Tails at the end of creating the Persistent Storage

  * Only install usable locales and Tor Browser langpacks (tails/tails!204)

    Closes issues:
      - Only ship locale definitions that the user can select in the Welcome Screen
        (tails/tails#17139)
      - Test suite often fails on Jenkins due to lack of "disk" space in
        /tmp/TailsToaster/TailsToasterStorage (tails/tails#17984)

    Commits:
      - Test suite: calculate supported locales outside of loop.
      - Test suite: add expected image for the Unsafe Browser in Spanish
      - Test suite: don't use English as a way of testing localization of the Unsafe
        Browser
      - Test suite: adjust for the removal of locales-all
      - Avoid localepurge deleting ll_RR.utf8 locale variants
      - Build system: drop browser localization descriptions for languages not
        available in the Welcome Screen
      - Bring back localepurge, to delete unneeded localizations
      - Only ship Tor Browser langpacks for locales that the user can select in the
        Welcome Screen
      - Only ship locale definitions that the user can select in the Welcome Screen

  * Thunderbird 78 and Enigmail obsoletion (tails/tails!203)

    Closes issues:
      - Upgrade to Thunderbird 78 ESR (tails/tails#17148)
      - Migrate from Enigmail to Thunderbird 78's built-in OpenPGP support
        (tails/tails#17147)

    Commits:
      - Test suite: adjust tests for Thunderbird 78.
      - Test suite: make local.yml load before *.d dirs, as intended.
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Add missing 'set -u' to build-time hook.
      - Apply 1 suggestion(s) to 1 file(s)
      - Explicit
      - Be more assertive
      - I'm not sure whether it's still the case
      - Update more references
      - Instruct to disable the GnuPG feature of the Persistent Storage
      - Document 'Require Encryption' by default
      - Rewrite anonym's draft
      - Improve grammar
      - Fix path
      - Simplify PO file
      - Remove outdated screenshot
      - Explain better the protection of the Master Password
      - Thunderbird: drop part of patch.
      - Thunderbird: don't automatically attach public key to signed messages.
      - Thunderbird: backport patch introducing pref for whether to automatically
        attach the public key.
      - Thunderbird: backport fix for OpenPGP dialog when sending to a recipient
        without key.
      - Create libresolv.so → libresolv-${version}.so symlink.
      - Thunderbird: use the "Require encryption by default" policy.
      - Thunderbird: apply patch fixing issue with default encryption policy.
      - Revert "Thunderbird: patch to disable protectHeaders AKA MemoryHole."
      - Revert "Thunderbird: set allow_external_gnupg = true."
      - Improve migration prompt
      - Help user know how old Tails 4.13 is
      - Update Persistent Storage UI and doc
      - Remove fuzzy duplicates in PO files.
      - Remove section that's too generic
      - Remove deprecated migration instructions
      - Add section to import private keys
      - Move shorter and more generic sections first
      - Use automatic TOC anchors
      - Merge inline with its only page
      - Add headings and make the instructions linear
      - Thunderbird: patch to disable protectHeaders AKA MemoryHole.
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - Hook thunderbird wrapper script into our translation infrastructure.
      - Thunderbird: notify user about Enigmail migration.
      - Update Thunderbird OpenPGP docs for version 78.
      - Drop everything related to Enigmail.
      - Thunderbird: set allow_external_gnupg = true.
      - Thunderbird: update renamed prefs from upstreamed patches.
      - Don't install Enigmail (refs: #17147).
      - Update Thunderbird patches from icedove.git at commit
        90184f927783370a65bfde271a67613d21372c9f
      - Fix indentation.
      - Revert "Install Thunderbird 68 until we're ready for 78"

 -- Tails developers <tails@boum.org>  Mon, 16 Nov 2020 12:23:11 +0100

tails (4.12) unstable; urgency=medium

  * Security fixes
    - Upgrade libx11 to 2:1.6.7-1+deb10u1

  * Hardware support
    - Upgrade firmware-linux-nonfree to 20200918-1

  * Upgrade to Tor Browser 10.0.2 (based on Firefox 78.4) (tails/tails!208)

    Closes issues:
      - Upgrade to Tor Browser 10.0.2 (based on Firefox 78.4) (tails/tails#17971)

    Commits:
      - Revert "Tor Browser: patch in prefs changes introduced in 10.0-build3."
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.2-build2.

  * Use v3 Onion service to connect to our custom APT repository (tails/tails!201)

    Closes issues:
      - Migrate deb.tails.boum.org APT source to v3 onion (tails/tails#17937)

    Commits:
      - Use v3 Onion service to connect to our custom APT repository

  * onion-grater: fix rate limiting of how often we try to connect to tor
    (tails/tails!199)

    Commits:
      - onion-grater: fix rate limiting of how often we try to connect to tor

  * Electrum & Upgrader wrappers: fix i18n support and use canonical URL for manual
    upgrade doc (tails/tails!198)

    Closes issues:
      - tails-upgrade-frontend-wrapper points users to a 404 URL for manual upgrades in
        French (tails/tails#17958)
      - Some Python scripts fail to set the gettext text domain correctly
        (tails/tails#17758)

    Commits:
      - Lint
      - Electrum & Upgrader wrappers: fix internationalization support, by setting the
        text domain correctly
      - Unfuzzy 2 translation strings
      - Update POT and PO files
      - tails-upgrade-frontend-wrapper: remove spurious double quotes surrounding error
        message
      - Update POT and PO files
      - tails-upgrade-frontend-wrapper: use canonical URLs for manual upgrade doc

  * Keep installing Thunderbird 68 until we're ready for 78 (tails/tails!197)

    Closes issues:
      - All branches FTBFS since Thunderbird 78 reached the Buster security repo
        (tails/tails#17962)

    Commits:
      - Install Thunderbird 68 until we're ready for 78

  * WhisperBack: sanitize HTTP(s) URLs (tails/tails!196)

    Closes issues:
      - Unscrubbed URL in WhisperBack reports (tails/tails#10695)

    Commits:
      - WhisperBack: sanitize HTTP(s) URLs

  * Avoid mirrors and rsync.lizard running out of disk space during the release
    process when upgrades to a beta/RC are present (tails/tails!195)

    Closes issues:
      - Avoid mirrors and rsync.lizard running out of disk space during the release
        process when upgrades to a beta/RC are present (tails/tails#17944)

    Commits:
      - Release process: delete beta/RC IUKs before uploading the IUKs for the final
        version
      - Call for testing: set a deadline for providing feedback (2 days before the
        final release)
      - Release process: automate generation of call for testing

  * Installer: fix various internationalization bugs (tails/tails!194)

    Closes issues:
      - Various internationalization bugs in the Installer (tails/tails#17961)

    Commits:
      - Update POT and PO files, to match translatable strings changes
      - Installer: allow translators to reorder string arguments in translations
      - Installer: fix translations being unused due to translatable string being
        computed at runtime

  * Upgrade Linux to 5.8 and Debian to 10.6 (tails/tails!188)

    Closes issues:
      - Upgrade Linux to 5.8 (tails/tails#17896)
      - Upgrade to Buster 10.6 (tails/tails#17930)
      - Regression with Intel Corporation [8086:22b0] and [8086:22b1] GPU since 4.9
        (tails/tails#17953)

    Commits:
      - Tor Browser AppArmor profile: allow access to DRI nodes
      - Tor Browser AppArmor profile: update patch to apply on top of 0.3.2-14
      - Update GNOME Shell to 3.30.2-11~deb10u2.0tails1
      - Update systemd to 241-7~deb10u4.0tails1
      - Refresh uBlock patch to apply cleanly on top of webext-ublock-origin-firefox
        1.30.0+dfsg-1
      - Adjust for webext-ublock-origin package split
      - Adjust fake linux-compiler-gcc-N-x86 hack to Linux 5.8's needs
      - Kernel command line: drop init_on_alloc=1, now set by default in Debian
      - Upgrade Linux to 5.8.0-2 (currently at version 5.8.10-1)
      - Bump snapshot of the Debian archive to 2020101002

  * Upgrade to tor 0.4.4.5 (tails/tails!187)

    Closes issues:
      - Upgrade to tor 0.4.4 (tails/tails#17932)

    Commits:
      - Bump APT snapshot of the "torproject" archive to 2020091901, that has tor
        0.4.4.x

  * Port Perl code to translatable strings format supported by GNU gettext
    (tails/tails!181)

    Closes issues:
      - Port Perl code to translatable strings format supported by GNU gettext
        (tails/tails#17928)

    Commits:
      - refresh-translations: check PO files while converting them to MO
      - Upgrader, Persistence wizard: set the UTF-8 flag on all strings returned by
        Locale::TextDomain
      - Re-add loading POSIX: we use it for more than setlocale
      - Upgrader, Persistence wizard: assume UTF-8 locale
      - Drop unneeded call to setlocale
      - Drop meaningless attempt at localization
      - Persistence setup: encode output when displaying errors on stdout
      - IUK creation: make saveas method benchmarking info honor its $outfile_name
        argument
      - Port Perl code to translatable strings format supported by GNU gettext

  * Import WhisperBack into our main Git repository (tails/tails!179)

    Closes issues:
      - Move WhisperBack source to our main Git repository (tails/tails#16936)

    Commits:
      - generate-changelog: don't consider obsolete tails/whisperback project
      - Integrate WhisperBack into our l10n setup
      - Import WhisperBack

  * Import Tails Installer into our main Git repository and delete its dead code
    (tails/tails!159)

    Closes issues:
      - Move Tails Installer to our main Git repository (tails/tails#17917)

    Commits:
      - generate-changelog: don't consider obsolete tails/installer project
      - Adjust tails-installer.desktop to l10n setup
      - Installer: adjust gettext files lookup
      - Installer: adjust data directory lookup
      - Update Transifex script & doc: most of our Transifex projects are obsolete
      - Adjust code and doc to the fact Tails Installer now lives in tails.git
      - Import Tails Installer

  * Add a button to cancel the upgrade while downloading (tails/tails!12)

    Closes issues:
      - Add a button to cancel the upgrade while it's downloading (tails/tails#17310)

    Commits:
      - Fix regression introduced by 26b9b1b83f3857232474dd2291889867e80a3b45
      - Upgrader: port code added in !12 to the l10n setup we switched to in !181
      - Lint
      - Convert tails-iuk-get-target-file | zenity pipeline to  start / pump / finish
      - Untabify
      - Update design doc wrt. new tails-iuk-get-target-file permissions
      - Remove unnecessary exit code handling
      - Fix typo
      - Allow tails-upgrade-frontend to kill the download process
      - Set a signal handler to cancel the download when the zenity dialog is closed
      - Add a button to cancel the upgrade while it is downloading

 -- Tails developers <tails@boum.org>  Mon, 19 Oct 2020 08:35:44 +0000

tails (4.11) unstable; urgency=medium

  * Security fixes
    - Upgrade Linux kernel to 5.7.0-3 at 5.7.17-1 (#17895).
    - Upgrade Tor Browser to 10.0 (#17933).
    - Upgrade Thunderbird to 68.12.0-1~deb10u1.
    - Upgrade xorg-server to 1.20.4-1+deb10u1.
    - Upgrade openexr to 2.2.1-4.1+deb10u1.
    - Upgrade bind9 to 9.11.5.P4+dfsg-5.1+deb10u2.
    - Upgrade ghostscript to 9.27~dfsg-2+deb10u4.
    - Upgrade libzmq5 to 4.3.1-4+deb10u2.

  * Minor improvements and updates
    - Upgrade Electrum to 4.0.2-2.

  * Tor Browser 10.0 (tails/tails!189)

    Commits:
      - Tor Browser: patch in prefs changes introduced in 10.0-build3.
      - Test suite: make scenario titles consistently not end with period
      - Unsafe Browser: adjust disabling add-ons to Tor Browser 10
      - Unsafe Browser: add missing escaping
      - Upgrade Tor Browser to 10.0-build2 (refs: #17933).
      - Rename, refactor, reorganize.
      - Tor Browser: use new trick to avoid mandatory extension signing.
      - Upgrade Tor Browser to 10.0a7.

  * Test suite: use versioned python2 interpreter for otr-bot.py (tails/tails!186)

    Commits:
      - Test suite: use versioned python2 interpreter for otr-bot.py

  * Test suite: switch to virtio transport for the remote shell (tails/tails!185)

    Closes issues:
      - Improve the remote shell's performance by switching to a virtio channel
        (tails/tails#11888)

    Commits:
      - Test suite: make SocketReadTimeout inherit from RuntimeError
      - Lint.
      - Test suite: use factorized way to get and update the domain's XML definition
      - Fix Layout/EmptyLineAfterGuardClause Rubocop regression
      - Fix Style/StringLiterals Rubocop regression
      - Fix Naming/HeredocDelimiterNaming Rubocop regression
      - Rubocop: fix a Security/JSONLoad regression
      - tails-autotest-remote-shell: lint
      - tails-autotest-remote-shell: remove unused import
      - Remote shell: improve warning.
      - Test suite: log whenever remote_shell_is_up?() returns false.
      - Remote shell: use timed read() for virtio channel.
      - Remote shell: switch from serial to virtio transport (refs: #11888).

  * Release process: generate UDFs to non-final releases from any supported
    previous version (tails/tails!178)

    Closes issues:
      - UDF generation is broken for release candidates (tails/tails#17921)

    Commits:
      - Don't generate UDFs on the stable channel to point to a release candidate
      - Release process: generate UDFs to non-final releases from any supported
        previous version

  * Don't override Debian's system-wide Thunderbird configuration (tails/tails!177)

    Commits:
      - Adding comment explaining extensions.update.enabled Thunderbird pref (Refs:
        #16021)
      - Removing network.protocol-handler.app.http[s] Thunderbird preferences (Refs:
        #16021)
      - Removing intl.locale.requested Thunderbird preference (Refs: #16021)
      - Changing header in Thunderbird's prefs file indicating they are Tails' prefs
        (Refs: #16021)
      - aa_tails.js: Removing repeated thunderbird preferences
      - Moving local included thunderbird config to not overwrite debian default (Will-
        fix: #16021)

  * Clarify phrasing of KeePassXC database renaming dialog (tails/tails!175)

    Commits:
      - Explicit (#17286)
      - Explain that the change came from KeePassXC (#17286)

  * Test Thunderbird with local email server on Jenkins (tails/tails!172)

    Closes issues:
      - Checking credentials in Thunderbird autoconfig wizard sometimes fails in the
        test suite (tails/tails#11890)
      - Run our own email (IMAP/POP3/SMTP) server for automated tests run on lizard
        (tails/tails#12277)

    Commits:
      - Test suite: fix Rubocop offenses
      - Lint.
      - Test suite: add debug logging so we can tell whether we're installing the
        hosts' email server's snakeoil certificate
      - Test suite: add missing newline.
      - Test suite: set promiscuous trust for the certificate we import.
      - Test suite: import isotesters' snakoil SSL cert into Thunderbird.
      - Test suite: complete the switch from Icedove to Thunderbird namespace in
        configuration (refs: #12277)

  * Chutney docs and logging (tails/tails!167)

    Commits:
      - Test suite: improve logging message for initial Chutney cleanup.
      - Test suite: also log when Chutney is up and running.
      - Test suite: make Chutney logging visible without debug formatter.
      - Test suite: document our usage of Chutney (refs: #17801).

  * Install python3-trezor from buster-backports (tails/tails!165)

    Commits:
      - Install trezor packages from buster-backports

  * Fix “return to Greeter when clicking the Start Tails button” on Intel+AMD dual-
    GPU systems (tails/tails!163)

    Commits:
      - tails-unblock-network: skip most graphics-related devices when triggering udev

  * Round the download size in "Upgrade available" dialog (tails/tails!162)

    Commits:
      - Rounds the size of numbers displayed in stderr if is not possible to do an
        incremental upgrade because there is no free memory or disk space available
      - Round the download size in Upgrade available IUK dialog

  * Save KeePassXC database in persistent directory (tails/tails!161)

    Commits:
      - Adjust end-user documentation for new default KeePassXC database filename
      - Open Passwords.kdbx by default (#17286)
      - Install KeePassXC 2.5.4 from buster-backports (#17286)

  * Support audio on recent Intel platforms: Comet Lake, Whiskey Lake, etc.
    (tails/tails!157)

    Commits:
      - auto/build: enable the pipefail option
      - Add Intel SOF Firmware and Topology binaries as a submodule and install them
      - build-tails: give our build scripts access to submodules' refs
      - Make code fail hard if it becomes obsolete

  * "Synchronizing the system's clock" notification: hidden → onion services
    (tails/tails!156)

    Commits:
      - update hidden to onion services
        (https://gitlab.tails.boum.org/tails/tails/-/issues/15354)

  * Drop obsolete workaround for python3-qdarkstyle, fixing devel FTBFS
    (tails/tails!154)

    Commits:
      - Drop now unneeded APT pinning on helpdev and python3-qdarkstyle
      - Revert "Avoid installing python3-qdarkstyle by default"

  * Build the changelog from GitLab MRs rather than from Git commits
    (tails/tails!153)

    Commits:
      - generate-changelog: only list merged MRs
      - Changelog generation: support preparing a non-final (alpha, beta, RC) release
      - Update comment
      - Release process: update obsolete reference to Stretch
      - Release process: use HTTPS URIs
      - Remove obsolete "release" script
      - RM doc: drop obsolete process hack around painful changelog generation
      - Release process and release notes checklist: switch to automated changelog
        generation
      - changelog.jinja2: add newlines for nicer formatting if rendered as Markdown
      - generate-changelog: skip merge commits
      - Add PoC script that generates a changelog from GitLab MRs

  * Include "initially installed Tails version" info in WhisperBack reports
    (tails/tails!152)

    Commits:
      - Include "initially installed Tails version" in WhisperBack reports
      - Reorder debugging info: keep persistence-related info together

  * try_for() timeout is not honored (tails/tails!151)

    Closes issues:
      - Test suite: try_for timeout is not honored (tails/tails#17822)

    Commits:
      - Revert "Revert "Test suite: revert exception handling change in try_for""

  * Enable persistence for all Greeter settings (tails/tails!149)

    Commits:
      - Test suite: make sure Greeter settings are default when they should.
      - Test suite: add scenario testing persistent Greeter options (refs: #17136).
      - Test suite: support entering sudo/persistent password in German.
      - Test suite: simplify.
      - Test suite: refactor.
      - Test suite: restore $language after reboot during the same scenario.
      - Test suite: consistently wait for notifications after logging in.
      - Greeter: Explain in a comment why we need this ugly workaround
      - Greeter: expand persistence support to all settings.

  * Tor browser 10.0.x based on ESR78 (tails/tails!148)

    Commits:
      - Automate Tor Browser import branch name generation.
      - Tor Browser: disable update checks via Enterprise Policy mechanism.
      - Revert "Tor Browser: disable the update check with a hack."
      - Upgrade Tor Browser to 10.0a6.
      - Tor Browser: disable the update check with a hack.
      - Test Suite: bump image.
      - Test Suite: bump UnsafeBrowserStartPage.fa.png.
      - Unsafe Browser: enable userChrome.css.
      - Unsafe Browser: Fix pref → user_pref error.
      - Tor Browser: drop userChrome.css.
      - Unsafe Browsesr: make DNS resolution work.
      - Revert "Tor Browser: remove leftover .orig."
      - Revert "Tor Browser: delete all Namecoin stuff."
      - Revert "Tor Browser: temporarily disable all non-en_US locales."
      - Tor Browser: refresh extension hacks patches.
      - Upgrade Tor Browser to 10.0a5-build2.
      - Move variables.
      - Don't ignore grep failure.
      - Tor Browser: delete all Namecoin stuff.
      - Tor Browser: use the bundled libstdc++.so.6.
      - Tor Browser: remove leftover .orig.
      - Tor Browser: temporarily disable all non-en_US locales.
      - Upgrade Tor Browser to 10.x nightly build as of 2020-08-13.
      - Tor Browser: naming scheme for nightly builds has changed.

  * Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings
    (tails/tails!147)

    Commits:
      - Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings (#17887)

  * Upgrade Linux to 5.7.17-1, adjust for updated Electrum dependencies, support
    older TREZOR firmware (tails/tails!142)

    Commits:
      - Avoid installing python3-qdarkstyle by default
      - Install python3-hid, to support the HID version of TREZOR
      - Install python3-qdarkstyle from Bullseye: Electrum now depends on it (#17904)
      - Upgrade Linux to 5.7.0-3, currently at version 5.7.17-1 (#17895)
      - Revert "Install python3-cryptography, otherwise Electrum 4.0.2-0.1 won't start"
      - Install python3-construct from buster-backports: python3-trezor needs it
        (#17904)

  * Fix sorting Intel GPUs last in the "Error starting GDM" message
    (tails/tails!141)

    Closes issues:
      - Multiple GPUs are not sorted in the intended order in the "Error starting GDM"
        message (tails/tails#17903)

    Commits:
      - Fix sorting Intel GPUs last in the "Error starting GDM" message (#17903)

  * Include information about the contents of the system partition in WhisperBack
    reports (tails/tails!140)

    Commits:
      - tails-debugging-info: include information about the contents of the system
        partition
      - tails-debugging-info: add support for commands that need to go through a shell

 -- Tails developers <tails@boum.org>  Mon, 21 Sep 2020 12:03:51 +0200

tails (4.10) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
    - Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
      #17834).

  * Bugfixes
    - Make iPhone Tethering work by adding udev rule to disable MAC
      spoofing for it (Closes: #17820).
    - Remove broken Thunderbird protocol selection. This code has been
      a no-op in practice since at least Tails 4.0.  We've decided to
      reject #17276 and investigate what the biggest problems are for
      email in Tails with slow/shitty Internet connections:
      default'ing to IMAP may, or may not, be part of these
      problems (Closes #17276).

  * Minor improvements and updates
    - Upgrade to Tor 0.4.3.6 (Closes: #17835).
    - Upgrade to Electrum 4.0.2 (Closes: #17828).
    - Hide Thunderbird welcome message: it is not relevant in the
      context of Tails.  For example, it feels weird that we would
      encourage users to donate to Thunderbird about as loudly as we
      encourage them to donate to Tails.  Besides, the default message
      is retrieved from the web when Thunderbird starts.  We don't
      need this extra network activity.
    - import-translations: use *_release branches instead of
      *_completed branches. The new *_release branches contain exactly
      what we want, i.e. all reviewed translations from
      Transifex. While the *_completed branches only contain PO files
      for languages that are fully translated (Closes: #16774).

  * Build system
    - Upgrade snapshot of the Debian archive to 2020081601, including
      the 10.5 point release of Debian Buster (Closes: #17790).
    - On Bullseye and newer: use custom, fake, unversioned python
      packages. The unversioned python packages are not shipped in
      Bullseye/sid anymore, and even old versions are not installable
      anymore (Closes: #17858).
    - Import vagrant-libvirt's create_box.sh script. It's not included
      in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).

  * Test suite
    - Improve robustness for scenario "The Additional Software dpkg
      hook notices when persistence is locked down while installing a
      package".
    - Improve robustness for scenario "Use GNOME Disks to unlock a USB
      drive that has a basic VeraCrypt volume with a keyfile".
    - Improve robustness of cloning a Git repository.
    - Don't hammer resources of the system under test while
      installing/removing packages. I see every such dpkg|grep call
      takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
      default delay between checks, which I suspect is enough to slow
      down the package installation/removal we're exercising.
    - Update expected title of the GitLab page we use
    - Rubocop: target Ruby 2.5 (Buster).

 -- Tails developers <tails@boum.org>  Mon, 24 Aug 2020 13:28:43 +0200

tails (4.9) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.5.3-build1 (Closes: #17827).
    - Upgrade Thunderbird to 1:68.10.0-1~deb10u1 (DSA-4718).
    - Upgrade Linux to 5.7.0-1 at 5.7.6-1 (Closes: #17786).
    - Upgrade Evolution Data Server to 3.30.5-1+deb10u1 (DSA-4725).
    - Upgrade FFmpeg to 7:4.1.6-1~deb10u1 (DSA-4722).
    - Upgrade ImageMagick to 8:6.9.10.23+dfsg-2.1+deb10u1 (DSA-4712).
    - Upgrade NSS to 2:3.42.1-1+deb10u3 (DSA-4726).
    - Upgrade OpenMPT to 2:3.42.1-1+deb10u3 (DSA-4729).
    - Upgrade WebKitGTK to 2.28.3-2~deb10u1 (DSA-4724).

  * Bugfixes
    - Fix quoting issue triggering problems with some administration
      passwords (Closes: #17792).
    - Fix toram boot option by not starting the tails-shutdown-on-media-removal
      service unit in that case (Closes: #17800).
    - Fix keyboard setting handling in the greeter (Closes: #17794).
    - Make sure log messages can be displayed by Plymouth, which has strict
      limits, and improve parsing in tails-gdm-error-message (Closes: #17533).
    - Upgrade firmware-linux and firmware-nonfree to 20200421-1.

  * Minor improvements and updates
    - Ensure MAC spoofing messages are translated (Closes: #17783).
    - Improve failure handling for MAC spoofing (Closes: #17784).
    - Trigger MAC spoofing "panic" mode when the debug=test_mac_spoof_panic boot
      option is set.
    - Upgrade VirtualBox guest modules to 6.1.12-dfsg-5.

  * Build system
    - Automate post-release GitLab updates, using gitlab-triage (Closes: #17589).
    - Fix a lot of possible problems spotted by ShellCheck, thanks to Paul Wise.
    - Stop installing custom firmware: firmware-realtek 20200421-1 includes it
      (See: #17786, #17323).
    - Update Thunderbird patches (Closes: #6156, #17808).
    - Bump snapshot of the Debian archive to 2020071801 (Closes: #17786).

  * Test suite
    - Add shell-special chars to passwords (See: #17792).
    - Always test the Unsafe Browser in Farsi.
    - Fix support for symlinks (Closes: #17547).
    - Update persistence-setup test suite for a new preset in Welcome Screen
      settings.
    - Drop Thunderbird POP3 test.
    - Make the "the Tor Browser has started" step stricter.
    - Improve error output when the Unsafe Browser fails to start in some locale.

 -- Tails developers <tails@boum.org>  Mon, 27 Jul 2020 09:03:10 +0200

tails (4.8) unstable; urgency=medium

  * Major changes
    - Welcome Screen: after a large refactoring we now can persist
      settings (See: #17136)! Currently it is limited to the newly
      added option that controls whether the Unsafe Browser is allowed
      to start (#17085). In the next major release we'll support all
      options.

  * Security fixes
    - Allow to disable the Unsafe Browser in the Welcome Screen
      (Closes: #17085). The Unsafe Browser can be used by exploits to
      deanonymize the Tails user (for details, see: #15635).
    - Upgrade Tor Browser to 9.5.1-build2 (Closes: 17782).
    - Thunderbird:
      * Upgrade to Thunderbird 68.9.0 (DSA-4702).
      * Disable unsafe MX automatic configuration method (Closes:
        #17277).
      * Disable unsafe MS Exchange automatic configuration method
        (Closes: #17654).
    - Upgrade Linux kernel to linux-image-5.6.0-2 at 5.6.14-2 (Closes:
      #17611, #17620).
    - Upgrade gnutls28-based packages to 3.6.7-4+deb10u4 (DSA-4697).
    - Upgrade intel-microcode to 3.20200609.2~deb10u1 (DSA-4701).

  * Bugfixes
    - Trigger emergency shutdown on resume when the boot device was
      removed while suspended (Closes: #16787).
    - Thunderbird: make searching in messages (Find bar and Find in
      This Message) work again (Closes: #17328).
    - Ensure Mac Spoofing Panic messages will be correctly displayed
      (Closes: #17779). udev may close child processes when a process
      associated with a rule (/etc/udev/rules) terminates so we wait
      for those processes before exiting.
    - Wrap `seahorse-tool --import` so it is handled by `gpg --import`
      (Closes: #17183). This makes importing binary keys via GNOME
      Files integration possible again.

  * Minor improvements and updates
    - Upgrade to tor 0.4.3.5-1 (Closes: #17741).
    - Upgrade LibreOffice to 1:6.1.5-3+deb10u6.
    - Upgrade VirtualBox guest modules to 6.1.10-dfsg-1.
    - Append Unsafe Browser setting to WhisperBack debug info.

  * Build system
    - Upgrade snapshot of the Debian archive to 2020061003, including
      the 10.4 point release of Debian Buster (Closes: #17620).
    - Tor Browser AppArmor profile: update patch to apply on top of
      0.3.2-11 (Closes: #17612)
    - Thunderbird AppArmor profile: update patch to apply on top of
      68.9.0 (Closes: #17769).

  * Test suite
    - Establish a coding standards baseline on our Ruby code base
      using Rubocop (Closes: #17646). This *MASSIVE* change includes
      mainly stylistic fixes and linting but also a few bug fixes,
      some dead code removal and code simplifications/refactorings,
      spelling fixes, improved gherkin and even removal the of
      a few duplicated tests and merging of very similar tests.
    - Improve robustness of navigating the GRUB menu in UEFI mode, and
      consequently drop the @fragile tag on the UEFI boot scenario
      (Closes: #13459).
    - Allow configuring the number of vCPUs given to TailsToaster.
      Based on work done by kytv (♥) on #6729. On powerful hardware
      with many CPUs, Tails boots much faster with >2 vCPUs given to
      TailsToaster.
    - Disable desktop size and clipboard interference between the host
      system and the system under test when using --view.
    - Ensure we run post_snapshot_restore_hook every time it's needed.
    - Fix running with XDG_SESSION_TYPE unset (Closes: #17596).
    - Always test the localized start up page of the Unsafe Browser.
    - Add --keep-chutney option to keep Chutney data, but no
      snapshots, between runs.
    - Revert "Test suite: disable tests about notifications in case of
      MAC spoofing failure (refs: #10774)"
    - Verify that the Unsafe Browser is disabled by default.
    - Test suite: fix --image-bumping-mode.

 -- Tails developers <tails@boum.org>  Mon, 29 Jun 2020 16:02:18 +0200

tails (4.7) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.5-build2 (Closes: #17710).
    - Upgrade APT to 1.8.2.1 (DSA-4685).
    - Upgrade BIND to 1:9.11.5.P4+dfsg-5.1+deb10u1 (DSA-4689).
    - Upgrade WebKitGTK to 2.28.2-2~deb10u1 (DSA-4681).
    - Upgrade Thunderbird to 1:68.8.0-1~deb10u1 (DSA-4683).

  * Bugfixes
    - Improve Additional Software reliability (Closes: #17278): disable
      periodic APT operations entirely, adjust timeouts, force data
      synchronization, preserve file ownership.
    - Make memory erasure feature compatible with overlayfs (Closes: #15146).
    - Adjust various documentation for the new GitLab-based hosting.

  * Minor improvements and updates
    - Fix title of unlock-veracrypt-volume error dialog in case of incorrect
      password (Closes: #17668).
    - Clean up confusing torrc (Closes: #17706).

  * Build system
    - IUK creation: don't use extreme compression options for the outer
      SquashFS container refs.
    - IUK creation: add support for building several IUKs in parallel locally
      (Closes: #17657).
    - IUK verification: add support for fetching IUKs built in parallel on
      Jenkins (Closes: #17658).
    - Release process: generate UDFs on the alpha channel for previous
      non-final releases (Closes: #17614).
    - Remove aufs-based IUK generation code and doc (Closes: #17489).

  * Test suite
    - Adjust for augmented timeouts in Additional Software.
    - Adjust locale lookup to check several directories.
    - Speed up 'I fill a ... MiB file' step by 1000%.
    - Keep latest test suite screenshot (Closes: #17621).
    - Fix test suite breaking when the user connects to the VM via virt-viewer
      (Closes: #17623).
    - Adjust reference images and titles following the migration to GitLab
      (Closes: #17718, 17719).

 -- Tails developers <tails@boum.org>  Mon, 01 Jun 2020 18:31:41 +0200

tails (4.6) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.0.10-build2 (Closes: #17660).
    - Upgrade Thunderbird to 1:68.7.0-1~deb10u1 (MFSA-2020-14, DSA-4656).
    - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4657, DSA-4659).
    - Upgrade Node.js to 10.19.0~dfsg1-1 (DSA-4669).
    - Upgrade OpenLDAP to 2.4.47+dfsg-3+deb10u2 (DSA-4666).
    - Upgrade OpenSSL to 1.1.1d-0+deb10u3 (DSA-4661).
    - Upgrade ReportLab to 3.5.13-1+deb10u1 (DSA-4663).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u3 (DSA-4658).

  * Bugfixes
    - Switch Japanese input method from Anthy to Mozc (Closes: #16719).
    - Install the libu2f-udev package, for U2F device support.
    - Update our list of 'Favorites' applications (Closes: #16990).

  * Build system
    - lint_po: support locales with "@" in their name, such as ru@petr1708
      (Closes: #17554).
    - perl5lib: declare missing test dependencies (Closes: #17591).
    - iuk: declare missing test dependencies (Closes: #17592).
    - Upgrade to po4a 0.55 for Tails images and Vagrant box (Closes: #17005).

  * Test suite
    - Print disk usage information when the test suite fails with “No
      space left” errors.
    - Ensure no zombie processes are left around, by cleaning subprocesses
      correctly (Closes: #17551).
    - Prevent webrick from becoming a zombie process.
    - Avoid test suite getting stuck due to a zero timeout.
    - Fix obsoletion warnings (Closes: #17552).
    - Add root check and --allow-non-root option (Closes: #17613). Let's
      make it clear running the test suite requires root privileges in
      the general case.

 -- Tails developers <tails@boum.org>  Mon, 04 May 2020 18:43:38 +0200

tails (4.5) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.0.9-build1 (Closes: #17594).
    - Upgrade BlueZ to 5.50-1.2~deb10u1 (DSA-4647).
    - Upgrade GnuTLS to 3.6.7-4+deb10u3 (DSA-4652).

 -- Tails developers <tails@boum.org>  Mon, 06 Apr 2020 21:51:05 +0200

tails (4.5~rc1) unstable; urgency=medium

  * Major changes
    - Migrate from aufs to overlayfs (Closes: #8415). This change touches
      many components which won't all be listed individually, but some
      highlights are listed below:
      ⋅ Adjust the build system to stop building the aufs kernel module.
      ⋅ Switch the kernel command line from union=aufs to union=overlayfs.
      ⋅ Adjust AppArmor profiles (Closes: #9045, #12112).
      . Adapt chroot-browsers (Closes: #12105).
      ⋅ Drop the aufs Git submodule.
      ⋅ Make memory erasure feature compatible with overlayfs
        (Closes: #15146).
      ⋅ Make Upgrader support and also generate overlayfs-based IUKs by
       default (Closes: #9373).
    - Use GRUB with Secure Boot support for x86_64 (Closes: #6560, #15806).
      This is also a large change, touching many components:
      ⋅ Install grub from bullseye.
      ⋅ Introduce a custom grub configuration file.
      ⋅ Use a custom background image.
      ⋅ Mimick Debian Installer's efi-image build script to handle all
        details in binary local hooks.
      ⋅ Add SYSLINUX in the syslinux bootloader menu, to make it easier to
        troubleshoot GRUB vs. syslinux issues (Closes: #17538).
      ⋅ Upgrader: Adjust to also handle files in EFI/debian when dealing
        with file removals.
      ⋅ Adjust test suite.
    - Migrate test suite from Sikuli to a combination of OpenCV (image
      matching), xdotool (mouse interaction), plus libvirt's send-key
      (keyboard interaction) (Closes: #15460). This is another major
      changes, allowing the test suite to run on Buster-based systems,
      touching various areas of the test suite, among which:
      ⋅ Add workaround for the Greeter when restoring snapshot.
      ⋅ Fix dependencies for Buster.
      ⋅ Replace some Sikuli-based options with some OpenCV-based ones
        (e.g. --retry-find → --image-bumping-mode).
      ⋅ Handle non-English keyboards.
      ⋅ Fix --capture on Buster and above.
      ⋅ Deal with Buster having migrated from avconv to ffmpeg.

  * Security fixes
    - Upgrade ICU to 63.1-6+deb10u1 (DSA-4646).

  * Minor improvements and updates
    - Refactor tails-documentation (Closes: #16903).

  * Build system
    - Freeze APT snapshots for 4.5~rc1.
    - Rakefile: always disable website caching when building from a tag
      (Closes: #17513).
    - Rakefile: fix recommended permissions (libvirt needs +r to share the
      source tree with the Vagrant box).
    - Import persistence-setup.git from its own repository into tails.git
      (Closes: #17526, #6487).
    - IUK: ensure rsync runtime dependency is installed.

  * Test suite
    - Adjust for the aufs → overlayfs migration (Closes: #12106, #17440,
      #17451).
    - run_test_suite: don't print usage on error.
    - run_test_suite: --view/--vnc-server-only are only supported on x11.
    - Optimize checking if file is empty.
    - Speed up some test failures to avoid resource starvation.
    - Check for tcplay dependency.
    - Increase chances chutney starts after unclean shutdown.
    - Make chutney log what it is doing.
    - Make opening Thunderbird's Extensions tab more robust.

 -- Tails developers <tails@boum.org>  Thu, 26 Mar 2020 22:51:35 +0100

tails (4.4.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.0.7-build1 (Closes: #17539).
    - Upgrade tor to 0.4.2.7 (Closes: #17531).
    - Upgrade Thunderbird to 1:68.6.0-1~deb10u1 (MFSA-2020-10, DSA-4642).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u2 (DSA-4641).

  * Build system
    - lint_po: avoid race conditions when checking PO files (Closes: #17359).

 -- Tails developers <tails@boum.org>  Sun, 22 Mar 2020 20:27:47 +0100

tails (4.4) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
    - Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
      (Closes: #17477).
    - Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
    - Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
    - Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
    - Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
    - Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).

  * Bugfixes
    - Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
      tails-workarounds provided firmwares until the firmware-realtek
      package is updated with the patch by Sjoerd Simons (Debian#935969).
      Note: This might not be sufficient to support those cards.

  * Minor improvements and updates
    - Upgrade dogtail to 0.9.11-6.
    - Upgrade virtualbox to 6.1.4-dfsg-1.

  * Build system
    - Vagrant build box: disable mitigation features for CPU
      vulnerabilities (Closes: #17386). Given the kind of things we do in
      our Vagrant build box, it seems very unlikely that vulnerabilities
      such as Spectre and Meltdown can be exploited in there.  Let's
      reclaim some of the performance cost of the corresponding mitigation
      features.
    - Enable website caching by default, with a way option to disable it
      (Closes: #17439).
    - Key the website cache on debian/changelog too (Closes: #17511).
    - Update APT snapshot of the Debian archive to 2020030101.
    - Add support for the tails-workarounds submodule.

 -- Tails developers <tails@boum.org>  Wed, 11 Mar 2020 10:59:10 +0100

tails (4.3) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 9.0.5-build2 (Closes: #17469).
    - Update Linux kernel to linux-image-5.4.0-3-amd64, currently at
      5.4.13-1 (Closes: #17443).
    - Upgrade Thunderbird to 1:68.4.1-1~deb10u1
    - Upgrade WebKitGTK to 2.26.3-1~deb10u1 (DSA-4610).

  * Bugfixes
    - live-persist: don't backup empty configuration files (Closes:
      #17112). In some cases, the previous code would overwrite a
      non-empty backup file with an empty one, making it harder to
      recover from the already painful #10976.
    - create-usb-image-from-iso: Run syslinux within proper chroot
      (Closes: #17179). Previously we ran syslinux from the host,
      which can lead to bugs if its versions differs from the one
      inside the chroot (which is what Tails will use later). Thanks
      to Johan Blåbäck for the patch!
    - Tails Upgrader: Fix progress bar not pulsating and hide useless
      OK button (Closes: #16603).

  * Minor improvements and updates
    - Upgrade tor to 0.4.2.6 (Closes: #17059).
    - Install the trezor package, which adds a command-line (only)
      tool for managing Trezor devices (Closes: #17463). Thanks to
      Pavol Rusnak for the patch!
    - As a consequence of the Linux kernel upgrade we also:
      * Upgrade aufs to 5.4.3 20200127.
      * Install VirtualBox guest tools and kernel modules from sid.

  * Build system
    - Upgrade snapshot of the Debian archive to 2020020302, including
      the 10.3 point release of Debian Buster (Closes: #17458).
    - Add opt-in caching of the wiki (Closes: #15342).
    - Use mksquashfs' -no-exports option even when the fastcomp build
      option is set. "fastcomp" is supposed to only tweak SquashFS
      compression settings, but so far it was also disabling the
      -no-exports option that we set for our release builds.
    - Drop a bunch of packages installed for ikiwiki for various
      (obsoloete) resons:
      * libfile-chdir-perl, libyaml-perl and libxml-simple-perl which
        was needed back when we built our own ikiwiki from Git…  a
        looong time ago.
      * libtext-multimarkdown-perl used multimarkdown ikiwiki which
        its doubtful we ever will use.
      * libhtml-scrubber-perl, libhtml-template-perl,
        libhtml-parser-perl, libyaml-libyaml-perl and liburi-perl
        which are already installed as ikiwiki dependencies.
    - Install libimage-magick-perl instead of the perlmagick
      transitional package.
    - Don't install obsolete dependencies whois and eatmydata.
    - Consistently validate individual build options as we parse them.
      This is consistent with how we handled "fastcomp" already. Only
      compatibility checks between multiple build options really need
      to happen later, once we've parsed all build options.
    - Remove 5 years old transition code
    - Fully provision the Vagrant box every time it starts, and
      partially re-provision it for every build.
    - Behave correctly when disabling a previously set "offline" or
      "vmproxy+extproxy" build option.  Previously, setting one of
      these build options *once* would taint the Vagrant box forever
      with the resulting apt-cacher-ng configuration.
    - Shrink the apt-cacher-ng cache after a successful build too
      (Closes: #17288).
    - Set up infrastructure to retrieve log file from the VM even on
      build failure (Closes: #7749).
    - Always build from a fresh Git clone.
    - Set the permissions that Vagrant needs inside the source tree
      (Closes: #11411, #16607, #17289).

  * Test suite
    - Remove Seahorse key synchronization scenarios. These 2 scenarios
      never pass due to #17169, so currently:
      * They don't teach us anything new → no benefit.
      * Every time a developer looks at test suite results,
        they need to filter out this known problem, which takes time
        and trains us to ignore problems.

 -- Tails developers <tails@boum.org>  Mon, 10 Feb 2020 14:08:59 +0100

tails (4.2.2) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)

  * Bugfixes
    - Avoid the Upgrader proposing to upgrade to the version
      that's already running (Closes: #17425)
    - Avoid 2 minutes delay while rebooting after applying an automatic
      upgrade (Closes: #17026)
    - Make Thunderbird support TLS 1.3 (Closes: #17333)

  * Build system
    - IUK generation: don't make all files in the SquashFS diff
      owned by root, otherwise an upgraded system cannot start
      (Closes: #17422)

 -- Tails developers <tails@boum.org>  Mon, 13 Jan 2020 09:21:51 +0000

tails (4.2) unstable; urgency=medium

  * Major changes
    - Switch to a redesigned upgrade system (Closes: #15281), which:
      - removes the need for manual upgrades caused by lack of disk space
        on the Tails device
      - uses less RAM
    - Bump snapshot of the Debian archive to 2019122802

  * Security fixes
    - Upgrade Tor Browser to 9.0.3 (Closes: #17402)
    - Upgrade Linux to 5.3.15-1 (Closes: #17332)
      and upgrade the aufs module to 5.3-20191223
    - Upgrade Thunderbird to 1:68.3.0-2~deb10u1
    - Upgrade libsasl2 to 2.1.27+dfsg-1+deb10u1
    - Upgrade python3-ecdsa to 0.13-3+deb10u1

  * Bugfixes
    - KeePassXC:
      - Open ~/Persistent/keepassx.kdbx by default again (Closes: #17212)
      - Open the database specified by the user on the command-line, if any
      - Fix database renaming prompt
    - Upgrader:
      - Ensure debugging info lands in the Journal before we refer to it
      - Catch more download errors
    - Upgrade amd64-microcode to 3.20191218.1, which removes firmware
      updates that cause issues

  * Minor improvements and updates
    - Add metadata analysis tools used by SecureDrop (Closes: #17178)
    - Refresh the signing key before checking for available upgrades
      (Closes: #15279)
    - Port the Upgrader and perl5lib to a set of dependencies that are
      faster and have a lower memory footprint (Closes: #17152)
    - Ensure IUKs don't include files of our website if their content
      has not changed (refs: #15290)
    - Zero heap memory at allocation time and at free time (Closes: #17236)

  * Build system
    - Import the Upgrader and perl5lib codebases into tails.git
      (part of #7036)
    - lint_po: ignore pre-existing rply cache file that can cause
      trouble if it's corrupted (Closes: #17359)
    - Move generate-languages-list to auto/scripts
    - import-translations: work around the lack of usable branches
      in Tor's translation.git (Closes: #17279)
    - Build released IUKs on Jenkins and verify that they match
      those built locally by the Release Manager (Closes: #15287)
    - Don't download every localized Tor Browser tarball: instead,
      use the new tarball that includes every langpacks (Closes: #17400)

  * Test suite
    - Adapt for the "one single SquashFS diff" upgrade scheme
    - Chutney: update to upstream 33cbff7fc73aa51a785197c5f4afa5a91d81de9c
      (Closes: #16792)
    - Fix tagging of Chutney exit relays and bridge authorities
    - Tag Chutney clients as such
    - Wait for all Chutney nodes to have bootstrapped before assuming
      the simulated Tor network is ready
    - Don't try to save tor control sockets as artifacts
    - Add a crude script to generate IUKs for our test suite

 -- Tails developers <tails@boum.org>  Mon, 06 Jan 2020 16:25:22 +0000

tails (4.1.1) unstable; urgency=medium

  * Bugfixes
    - Drop all network drivers from the initramfs to shrink its size
      drastically. Going over the 32 MiB mark might be the reason why so
      many Apple machines can't boot 4.1 while they could boot 4.0
      (Closes: #17320).
    - Only allow up to (but excluding) 32 MiB for initramfs accordingly.

  * Minor improvements and updates
    - Fix escape sequence in tails-gdm-failed-to-start.service, to avoid a
      warning message (Closes: #17166).

 -- Tails developers <tails@boum.org>  Sun, 15 Dec 2019 23:51:25 +0100

tails (4.1) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
      (MFSA-2019-37).
    - Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).
    - Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.

  * Security fixes
    - Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).
    - Disable unprivileged userfaultfd syscall (Closes: #17196).
    - Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).
    - Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).
    - Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)
    - Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
      CVE-2019-0117).
    - Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).
    - Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).
    - Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).
    - Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
      CVE-2019-17595).
    - Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
      CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
      CVE-2019-9947).
    - Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).
    - Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).
    - Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).

  * Bugfixes
    - Remove TorBirdy (Closes: #17219, #17269).
    - Use keys.openpgp.org's Onion service as the default keyserver
      (Closes: #12689, #14770).
    - Fix ordering of GTK bookmarks setup vs. Tor Browser directories
      creation (Closes: #17206).
    - Bring back the "Show Passphrase" button in the Greeter
      (Closes: #17177).
    - Bring back "Open in Terminal" entry in the GNOME Files context menu
      (Closes: #17186).
    - Revert "Browsers: disable the Quantum Bar." (Closes: #17143).
    - Revert "Hide all Tor connection-related settings in
      about:preferences in all browsers" (Closes: #17214).
    - Wait until Tor has bootstrapped before we try to upgrade Additional
      Software (Closes: #17203).
    - Fix the "GDM failed to start" splash screen functionality
      (Closes: #17200).

  * Minor improvements and updates
    - htpdate: stop sending User-Agent that fakes Tor Browser
      (Closes: #12023).
    - HTP: replace encrypted.google.com with www.google.com.
    - Remove signal handler from Greeter UI file (Closes: #17240).
    - Upgrade AMD microcode to 3.20191021.1.
    - Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1
      (Debian#907999).

  * Build system
    - Update Vagrant box to Buster (Closes: #16868).
    - Adjust to timedatectl's output on Buster.
    - Adjust to Buster's debootstrap.
    - Vagrant: ensure the chroot has a /proc filesystem while running
      postinstall.sh
    - Vagrant: install po4a from Stretch in the basebox.
    - build-tails: wait for NTP to be disabled before setting the desired
      date.
    - Bump APT snapshot of the Debian archive to 2019111801, including the
      10.2 point release of Buster (Closes: #17124, #17021).
    - Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
      (Closes: #17161).

  * Test suite
    - Ensure we don't break tests by opening the Applications menu in
      post_vm_start_hook (Closes: #17164).
    - Improve GnuPG testing (Closes: #12689):
      · Switch to using sajolida's key.
      · Start adjusting for keys.openpgp.org.
      · Make the "GnuPG's dirmngr uses the configured keyserver" step
        actually test what it is meant to.
      · Make error strings better reflect what failure they are about.
      · Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
        infrastructure.
    - Ensure dirmngr picks up the changes we make to its configuration.
    - Switch backend keyservers (Closes: #14770).
    - Don't leave redir(1) processes behind (Closes: #14948).
    - Update image for Buster (Closes: #14770).
    - Update fragility status of Seahorse scenarios.
    - Avoid multiple instances of tcpdump writing to the same file,
      resulting in an unparsable network capture (Closes: #17102).
    - Update for Thunderbird 68 (Closes: #17269).

  * Documentation:
    - Remove or adapt mentions to Tails Installer as only installation
      method (Closes: #17204).
    - Add a warning about which Tails to run rsync from (Closes: #17197).

 -- Tails developers <tails@boum.org>  Mon, 02 Dec 2019 22:23:35 +0100

tails (4.0) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 9.0-build2, based on Firefox ESR 68.2.

  * Security fixes
    - Upgrade IBus to 1.5.19-4+deb10u1.0tails1 (Closes: #17144)
    - Upgrade sudo to 1.8.27-1+deb10u1

  * Bugfixes
    - Fix regressions brought by the integration of Tor Browser 9.0:
      · Fix non-English spellchecking (Closes: #17150)
      · Unsafe Browser: don't enable private browsing mode, don't display
        Tor Browser icons, hide the new "New identity" toolbar button
        (Closes: #17142)
      · Hide all Tor connection-related settings in about:preferences
        (Closes: #17157)
    - Fix Stealth Onion services in OnionShare (Closes: #17162)
    - Upgrade OpenSSL to 1.1.1d-0+deb10u2

  * Minor improvements and updates
    - Don't include the locales package (Closes: #17132)
    - Update htpdate's User-Agent to match Tor Browser 9.0's

  * Test suite
    - Only partially fill memory for userspace processes (Closes: #17104)
    - Drop the "Unsafe Browser has no proxy configured" step, that's hard
      to update and adds little value
    - Various updates for Tor Browser 9.0 final
    - Make the "SSH is using the default SocksPort" scenario more robust
      (Closes: #17163)

 -- Tails developers <tails@boum.org>  Mon, 21 Oct 2019 10:24:56 +0000

tails (4.0~rc1) unstable; urgency=medium

  * Major changes
    - Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
    - Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
      Accordingly:
      · Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
      · Disable the update check (Closes: #15483).
    - Curate the list of languages in Tails Greeter (Closes: #16095).
      Only include languages which meet one of these conditions:
      · Have a PO file in tails.git (i.e. have at least one translated
        and reviewed string)
      · Are on our list of tier-1 supported languages.
    - Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
    - Bump APT snapshots of the 'debian' and 'torproject' archives
      to 2019100904. This includes the update to the Buster 10.1
      point-release.

  * Security fixes
    - Drop NoScript customization that makes our web fingerprint diverge
      from Tor Browser's (related to #5362).
    - Enable Buster security APT sources (Closes: #17119).
    - Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
      and more security fixes).
    - Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
      flooding attack.
    - Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
    - Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
    - Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
    - Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
    - Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
    - Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
    - Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
    - Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
    - Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
      CVE-2019-11729).
    - Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
      DSA-4483-1, and CVE-2019-9848).
    - Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
    - Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
    - Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
      CVE-2019-13118).
    - Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
    - Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
    - Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
    - Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).

  * Bugfixes
    - Ensure that tor-has-bootstrapped systemd units are stopped
      if tor@default.service stops; replace the tor-has-bootstrapped
      script with a tor_has_bootstrapped() function that checks the status
      of tails-tor-has-bootstrapped.target (Closes: #16664).
    - Fix MIME info data build reproducibility (Closes: #17023).
    - Fix missing GNOME bookmarks, by adding them earlier in the session
      login process (Closes: #17030).
    - Increase left dock width in GIMP's sessionrc (Closes: #16807).
    - Use hardware defaults for the touchpad click method (Closes: #17045).
    - Fix image thumbnails in GNOME Files (Closes: #17062).
    - Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
      (Closes: #17060).
    - Fix sdhci-pci support.
    - Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
    - Fix administration password not being applied in some cases
      (Closes: #13447).
    - Fix Greeter settings being applied when clicking "Cancel"
      (Closes: #17087).
    - Fix bridge information not always shown when the user selects
      bridge mode in the Greeter.
    - Fix path in whisperback's debugging info (Closes: #17109).
    - Fix Tor Browser functionality that was broken when it was started
      by clicking a link in Thunderbird (Closes: #17105).
    - Fix WhisperBack that was broken due to an expired X.509 certificate:
      stop using TLS (we already have end-to-end encryption via OpenPGP,
      plus end-to-end encryption and remote peer authentication via
      Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
    - Install Stretch's po4a (0.47-2) from our custom APT repository:
      the upgrade to Buster's version will need more work and coordination
      (Closes: #17127).
    - Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
      Regression introduced when we upgraded to Tor Browser based on Firefox
      ESR 60.
    - Mention USB images as a valid installation technique when trying
      to create a persistent volume on a device that can't have one
      (Closes: #17025).

  * Minor improvements and updates
    - Add iPhone USB tethering support (Closes: #16180).
    - Install Enigmail from Buster (Closes: #16978).
    - Disable GDM debug logs (Closes: #17011).
    - Hide less common keyboard layouts in the Greeter (Closes: #17084).
    - Major refactoring and cleanup of Tails Greeter (Closes: #17098).
    - Use a localized page for the Greeter help window, if available
      (Closes: #17101).
    - Separate Chinese into simplified and traditional scripts
      in the Greeter (Closes: #16094).
    - Allow the user to show the passphrase they're typing when creating
      a new persistent volume (Closes: #15102).
    - When saving persistence.conf or its backup, also run sync(1)
      on its parent directory (might help fix #10976).
    - Improve Tails Installer wording (Closes: #15564).
    - Update tor to 0.4.1.6-1~d10.buster+1.
    - Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.

  * Build system
    - SquashFS sort file: remove more noise.
    - Improve lint_po's UX (refs: #16864).
    - Import our pythonlib, previously included as a submodule (Closes: #16935).
    - Use a consistent, standard Python packages directory (Closes: #17082).

  * Test suite
    - Make various steps more robust:
      · "all notifications are disappeared" (Closes: #17012)
      · "Additional Software is correctly configured for package"
      · "I unlock and mount this VeraCrypt file container
        with Unlock VeraCrypt Volumes"
      · "I open the Unsafe Browser proxy settings dialog"
      · starting apps via the GNOME Activities Overview (Closes: #13469)
      · "I start the Tor Browser in offline mode"
    - Handle Guestfs::Error exceptions.
    - Provide guidance to fix problematic situation.
    - Update various reference images for Buster.
    - Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
      matching is enabled (Closes: #17029).
    - Dogtail'ify all interactions with gedit (Closes: #17028).
    - New test: ensure that no experimental APT suite is enabled
      for deb.torproject.org (Closes: #16931).
    - Remove dead IRC-related code and dependencies.
    - Take into account that Evince and Tor Browser's print-to-file dialogs
      are rendered in a subtly different manner.
    - Drop fragile tag for actual Tails bugs (#17007).
    - Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
    - Fix regression in the Persistent browser bookmarks scenario
      (Closes: #17125).

 -- Tails developers <tails@boum.org>  Thu, 10 Oct 2019 11:23:53 +0000

tails (4.0~beta2) unstable; urgency=medium

  * All changes included in Tails 3.16, see the corresponding changelog entry.

  * Major changes
    - Upgrade tor to 0.4.1.5 (Closes: #16986).

  * Security fixes
    - Upgrade the Linux kernel to 5.2.0-2 (Closes: #16942).
      This mitigates the Spectre v1 swapgs vulnerability (CVE-2019-1125).
      Accordingly, aufs to aufs5.2 20190805.
    - Install enigmail from Bullseye (Closes: #16738).
      This fixes CVE-2019-12269.

  * Bugfixes
    - tails-unblock-network: only sleep until all-net-blacklist.conf is gone,
      instead of unconditionally delaying the login process for 5 seconds
      (Closes: #16805).
    - Terminate GDM's GNOME session after the amnesia user logs in,
      to free 200-300 MiB of memory (Closes: #12092).
      Temporarily enable GDM debug logs so we get enough information to fix
      any issue this might cause.
    - Make our KeePassXC wrapper translatable (Closes: #16952).
    - Adjust boot-time backports APT pinning for Buster.
    - Ensure we don't install unwanted packages even if they become
      "Priority: standard" again (Closes: #16949).
    - Move some GNOME apps to different menu categories (Closes: #16981).
    - Update HTP pools: replace boum.org (invalid certificate) with puscii.nl,
      replace www.myspace.com with myspace.com (the former redirects to
      the latter).
    - AppArmor: allow OnionShare to open URLs with Tor Browser (Closes: #16914).
    - Make file transfers with Spice reliable.

  * Minor improvements and updates
    - Greeter: improve formatting of printed exceptions.
    - Use the same icon for Tails Documentation in the Applications menu
      as on te Desktop (Closes: #16800).
    - Drop migration path from GnuPG persistent configuration created
      in the Tails 2.x era.
    - Remove various hacks that we don't need on Buster anymore.
    - Stop installing libcaribou-gtk3-module (Closes: #16757).
    - Stop installing python-cairo: mat2 does not use it anymore.
    - tails-unblock-network: have udev reload the databases it uses.
      This should avoid our fix for #16805 introducing regressions.

  * Build system
    - Bump APT snapshot of the 'debian' and 'torproject' archives
      to 2019090202.
    - Import the Greeter codebase into tails.git (Closes: #16912).
    - Explicitly install gnome-shell to make the set of installed packages
      more deterministic (related to #16947).
    - Don't try to follow symlinks when normalizing timestamps on source files.
    - Add missing "set -u" to build-time hook.
    - Use consistent method to extract translatable strings from Glade files.
    - Create gdm-tails related files from the original GNOME files
      (Closes: #12551).
    - Stop installing libimage-exiftool-perl explicitly: mat2 depends on it
      already.
    - Rakefile: disable compression when retrieving artifacts via scp.
      This makes this build step faster on systems that have SSH compression
      enabled by default.
    - import-translations: use tails-misc_release for tails.git's PO files
      (i.e. the Tails part of #16774).
    - Use squashfs-tools from sid (Closes: #16637).
    - Lower VM_MEMORY_BASE to 1536M.
    - Remove unneeded package cleanup (Closes: #16950).

  * Test suite
    - New scenario: installing with GNOME Disks from a USB image
      (Closes: #16004).
    - New scenarios: VeraCrypt PIM support (Closes: #15946).
    - Revert timeout bump that's not needed anymore.
    - Add a showing method on Dogtail objects.
    - VeraCrypt: ensure the temporary keyfile file is not garbage collected
      while we still need it.
    - Remote shell: print traceback to stderr so we can see it.
    - Install Dogtail from Bullseye and run it with Python 3 (Closes: #16976).
      This gives us UTF-8 support. Accordingly, drop anonym's "showingOnly"
      patch that was merged upstream, and port some test suite code to Dogtail,
      which we could not do before it got UTF-8 support.
    - Dogtail'ify some steps.
    - Make "^the Tor Browser shows the "([^"]+)" error$" step more robust
      (Closes: #11592.
    - Make the "the support documentation page opens in Tor Browser" step more
      robust (Closes: #15321)
    - Remove a bunch of obsolete @fragile tags, update the reasons why
      the remaining ones are fragile, and add some missing @fragile tags.
    - Drop useless code based on wrong assumptions (refs: #13470).
    - Make the "I set an administration password" step more robust.

 -- Tails developers <tails@boum.org>  Mon, 02 Sep 2019 19:55:24 +0000

tails (4.0~beta1) unstable; urgency=medium

  * Major changes
    - Upgrade to a snapshot of Debian 10 (Buster) from 2018-08-06.

  * Removed features
    - Remove scribus completely (refs: 16290).
    - Remove LibreOffice Math (#16911).

  * Bugfixes
    - Fix Electrum wrapper's persistence check (Closes: #16821).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Hide the security level button in the unsafe browser (Closes:
      #16735).
    - Only hide unlocked TailsData partitions from the boot device
      (Closes: #16789).

  * Minor improvements and updates
    - Remove KeePassX and replace it with KeePassXC (Closes:
      #15297). As KeePassX was used around for a longer time, we don't
      need automatic upgrading cappability from old KeePass file
      format (Tails 2 times). The user can still import those old
      files, if they want to access it.
    - Ship a pre-compiled AppArmor policy to make boot faster (Closes:
      #16138).
    - Change the splash screen for Tails 4.0 (#16837). Add SVG source
      while we're at it!
    - Remove our predefined bookmarks and ship default upstream Tor
      Browser bookmarks instead (Closes: #15895).
    - Install bolt for improved Thunderbolt support (Closes: #5463).
    - Don't display the Home launcher on the desktop (Closes: #16799).
      Since the switch to the desktop-icons GNOME Shell extension, the
      nicer XDG-blah name ("Home" in English, translated in many
      languages) is not used to label this launcher anymore: instead,
      the name of the directory is displayed, in this case: "amnesia",
      which makes no sense to our users. Our other options to fix that
      are more costly and we've decided a while ago, when I proposed
      to remove the desktop icons, to keep them until they were too
      expensive to support. So this one goes: we have the Places menu
      already.
    - Add Files to favorite apps (Closes: #16799). This gives another
      entry point to the home folder, which partially mitigates any UX
      regression that might be caused by the previous changelog entry.
    - Explicitly install imagemagick. We ship it on purpose (see
      [[contribute/meetings/201707]]).
    - MAT:
      * Drop obsolete optional MAT dependencies it isn't using any
        more.
      * Stop explicitly installing MAT dependencies. The package
        depends on those so we don't need to pull them ourselves.
    - Move translations from root-terminal.desktop.in into own PO
      files (Closes: #15335).
    - Drop obsolete live-boot patch: the bug it workarounds only
      happens with CONFIG_AUFS_DEBUG enabled. We disable
      CONFIG_AUFS_DEBUG in config/chroot_local-hooks/13-aufs and the
      Debian package did it as well (Refs: Debian#886329).
    - Rename /usr/share/amnesia to /usr/share/tails.
    - Drop APT pinning for non-existing live.debian.net, that we
      haven't used since 2010.
    - Don't install the cryptsetup initramfs integration and startup
      scripts (Closes: #16264). We probably only need the binaries.
      Not installing the initramfs integration will get rid of some
      noise
    - Don't install full-blown cryptsetup, take 2 (refs: #15690). We've
      stopped installing it (#16264) but this branch independently
      reintroduced it.
    - Disable live-tools.service (Closes: #16324). This service is only
      useful to display the "Please remove the live-medium, close the
      tray (if any) and press ENTER to continue:" prompt on shutdown,
      that we don't want to display in Tails: shutdown and memory
      erasure should not require a confirmation once the user has
      triggered it. In Stretch this code was broken and we were
      relying on this. But the Buster upgrade of this code has
      repaired it, so I sometimes see that prompt. This might also
      explain some issues such as #16312.
    - AppArmor: allow cups-brf, driverless, and gutenprint53+usb
      printer backends (Closes: #15030). Technically, cups-brf and
      driverless are not third-party and should be confined more
      strictly with "ixr", under the cupsd profile. But I don't know
      how to to test these backends and confining them more strictly
      may break them.  Anyway, that's an upstream matter: the purpose
      of our Tails-specific patch is to replace the third party
      backends /usr/lib/cups/backend/* catch all rule, that doesn't
      work for us, and not to keep the list of backends which come
      with CUPS up-to-date.
    - Make export_gnome_env() exit early if gnome-shell isn't running.
      Without this e.g. the automated test suite, which will call
      export_gnome_env() before gnome-shell is running, will have its
      journal polluted with errors about this. This is not the first
      time I see this and get worried and waste minutes investigating,
      so let's just fix it.

  * Build system
    - Bump VM_MEMORY_BASE to 2048M. With the previous 1024M setting,
      the squashfs preparation gets OOM-killed.
    - Limit the memory used by mksquashfs to 512M (Closes: #16177). By
      default mksquashfs will use 25% of the physical memory. So when
      we use the "ram" build option, build in a VM with 13GB of RAM,
      of which up to 12G is supposed to be used by the build tmpfs,
      mksquashfs will try using 13/4 = 3.25G of memory. And then it
      will get reaped by the OOM killer more or less occasionally
      depending on how much space is really used in the build tmpfs
      and how much memory the rest of the system is using. So let's
      limit the memory used by mksquashfs to 50% of the memory we
      allocate to the build VM, excluding the part of it that we
      expect tmpfs data to fill. In passing, the fact mksquashfs does
      not get killed every time suggests that our current
      BUILD_SPACE_REQUIREMENT value exceeds the real needs of a build:
      a value around 10 or 11G should be enough. But that will be for
      another commit.
    - Use xz with default settings to compress non-release SquashFS
      (refs: #16177). squashfs-tools 1:4.3-11, used to build
      feature/buster, does not consistently honor the value passed to
      -mem: the xz compressor does but at least the gzip and lzo ones
      don't. This makes the build often fail because mksquashfs gets
      reaped by the OOM-killer. Our only other option is currently to
      bump the build VM memory a lot, which is going to be painful on
      developers' systems and might not be an option on Jenkins. So
      let's fall back to xz with default settings (not the crazy slow
      but efficient we use at release time) when building non-release
      images.
    - Rename the "gzipcomp" build option to "fastcomp". What matters
      in the "user" interface is not the exact algorithm that's used,
      it's the fact it's supposed to be faster than the compression
      settings we use to build releases. We may have to changes these
      fast(er) settings occasionally, possibly to use a non-gzip
      algorithm. So let's keep supporting "gzipcomp" for backward
      compatibility but stop documenting it. Instead, support and
      document "fastcomp".
    - Add the vmproxy+extproxy build option. When enabled, use the
      vmproxy but configure it to in turn use the exproxy set via the
      http_proxy environment variable.
    - Support the case when we don't ship a custom AppArmor feature
      set. Let's keep this sanity check for the times when we do ship
      a custom feature set, but building an ISO without a custom one
      should remain supported. (Closes: #15149)
    - Don't remove packages whose deinstallation removes most of the
      system; don't explicitly remove packages that are taken care of
      by "apt-get autoremove" already. On Buster, removing dpkg-dev
      or make deinstalls python3, gnome-shell and more.
    - Install all "Priority: standard" packages via an explicit
      packages list instead of via --tasks (Closes: #15690). This will
      make it easier to remove some of these packages from the list of
      those that should be installed in the first place, as opposed to
      letting them be installed by tasksel only to uninstall them
      later. I've seeded tails-000-standard.list with the output of:
      tasksel --task-packages standard | sort … run on a clean Buster
      system. Also:
       * live-build forcibly translates --packages-lists="standard"
         into "tasksel install standard", so to make this change
         effective we also need to switch to "--packages-lists
         minimal" or "--packages-lists none". The former has
         problematic side-effects so let's use the latter.
       * Add to tails-common.list some of the packages that were
         previously installed automatically, e.g. via live-build's
         lists/standard → lists/minimal.

  * Test suite
    - Tons of tiny updates for the Stretch → Buster transition, mainly
      updated reference images, but also a few other trivial changes
      (e.g. close with Alt+F4 instead of menu, or vice versa) due to
      changes in applications.
    - Drop test case about migrating from a Jessie-area persistent
      volume. If our code happens to support Tails 2.x → 4.x upgrades
      without going through 3.x, fine. But let's not spend cycles in
      our CI to guarantee this.
    - Revert "Test suite: add backward compatibility with redir <
      3.0." We don't support running the test suite on Jessie anymore.
    - Adjust dhclient listening address for Buster.
    - Bump timeout for poweroff from 3 to 10 minutes (Refs: #16312).
    - Adjust dogtail patterns for gobby test (Closes: #16335). With the
      gobby upgrade from 0.5.0 to 0.6.0 pre-series, the case changed a
      little for a menu item and the window it leads to.
    - Update key shortcut to close seahorse's Preferences window
      (Closes: #16341). The “Close” button is gone from the
      Preferences window in the buster version of the seahorse
      package, making it impossible to close that window. Switch to
      sending ESC instead of Alt-C.
    - Update MAT test case for MAT2 (Closes: #16623).
    - Add debug logging for when we call Sikuli. When following a
      (debug) log live (through `--format debug`) I find this change
      useful to know what is going on *right now* since Sikuli only
      reports what it has done after it is done.
    - Be more careful when finding ASP notifications. For some reason
      both the label and button has a "weird" invisible (despite
      `showingOnly`) twin located just below the Applications
      menu. So let's make some extra effort to actually find the real
      notification, and then look for the label and button among its
      children.
    - Remove obsolete method. Display::take_screenshot() hasn't
      existed for years.
    - Remove workaround "Desktop icons are sometimes not shown" (Refs:
      #13461)
    - Wait longer between search steps in the GNOME Overview. On
      jenkins.lizard — which was under high load at that time — I've
      seen failures while starting GNOME Terminal from the Overview,
      where:
       - The debug log claims we did type "c", waited 1 second, then
         typed "ommandline", then slept another 1 second, then pressed
         Enter. I.e. just as the code says.
       - The video shows that GNOME Shell did pick up "c", which
         selected the first search result ("Configure Persistent
         Volume"), but then there's no trace of typing "ommandline".
         So I suspect that "ommandline" was lost because GNOME Shell
         was still busy, somehow. Let's sleep a bit longer before
         these steps, to give GNOME Shell a better chance to recover
         and notice keyboard input.
    - Log exceptions thrown in generated (i.e. snapshot) steps (Refs:
      #16747). Hopefully this will help us track down these elusive
      exceptions.
    - Extend waiting time for additional software to be installed.
    - Sometimes we need more more time to load a page over tor.
    - Remove useless TailsUpgraderApplyingUpgrade.png. The "progress
      prompt" it was used for just flashes by and can easily be
      missed. There is no reason at all to wait for it since the only
      two final outcomes are success or failure, which we already look
      for.
    - debug_log() when we save/restore snapshots. These actions can
      take a long time (especially saving snapshots on a system under
      load) and can make it appear like if the test suite has gotten
      stuck for those following the debug log.
    - Don't rely on mtimes from Debian packages we download, to
      indicate which one has the biggest version (Closes: #16819).
      These mtimes are copied from the HTTP server where APT downloads
      packages from, which contradicts our assumption that the newest
      file must be the one with the biggest version. Instead we use ls
      to sort by version number, to pick the biggest version.
    - Only send TAB every second to get the syslinux kernel
      command-line (Closes: #16820). Our syslinux has a timeout of 5s so
      sending TAB every second should be enough to guarantee we do
      open the kernel command line. As anonym reported, "the spammer
      makes the splash show for significantly longer: I've seen >10x,
      so the boot splash never managed to appear, which is worrying".
    - Drop workaround to make the TAB spammer compatible with the UEFI
      firmware (Closes: #16820). As reported by anonym on #16820, and
      confirmed by my testing, pressing TAB doesn't seem to open the
      UEFI configuration, so the very reason why we had this
      workaround is gone.

  * Adjustments for Debian 10 (Buster) with no or very little user-visible impact
    - Adjust APT sources and pinning for Buster.
    - Refresh and unfuzzy patches for Buster.
    - Pass --ellipsize to zenity (refs: #16286). This fixes dialog
      width and height on Buster.
    - Update expected /etc/passwd and /etc/group for Buster.
    - Display TopIcons systray on the left of the system menu (Refs:
      #14796).
    - Remove apparmor-adjust-freedesktop-abstraction.diff patch,
      merged upstream in apparmor. The
      9d8b6f4dbd8a04470490ae2bfd52044906abd7f6 commit (first appeared
      upstream in apparmor v2.13.1) implements this change in a
      generic way.
    - Adjust hook to the fact the Dovecot AppArmor profiles are not
      shipped in /etc anymore.
    - Import iuk.git's feature/buster branch at commit 919335e
      (Closes: #16286).
    - Enable desktop-icons gnome-shell extension (Closes: #16283).
    - Add autostart script to have gnome-shell trust desktop icons
      (Closes: #16283). Various conditions must be met for gnome-shell
      to make desktop icons launchable, including file
      permissions. But the GIO metadata::trusted setting is also
      needed, and can apparently only be set from an opened session,
      so let's set the right things with an autostart script.
    - Drop code that sets the cursor to "WATCH" (hourglass) after
      logging in (Closes: #16305) This fixes "GDM's GNOME Shell floods
      the Journal with XFIXES/cursor issues on Buster" by importing
      the relevant bits of greeter:feature/buster's commit abad17b6.
    - Remove 8 development packages that are not part of Tails 3.11 so
      we probably don't need to ship them in Tails 4.0 either (Closes:
      #16272).
    - Completely get rid of Qt4 (Closes: #15182).
    - SSH client: remove obsolete CompressionLevel setting (Closes:
      #16320).
    - Removing /usr/share/live/config/xserver-xorg/intel.ids (Closes:
      #14991). Let's hope the graphics hardware issues we fixed via
      that file is fixed no.
    - Adjust Onion Grater and AppArmor configuration for OnionShare
      1.3 (Closes: #16306).
    - Have OnionShare 1.3 connect to the system Tor via Onion Grater
      for the control port (Closes: #16306). By default, OnionShare
      1.3 will start its own tor process, which can't possibly work on
      Tails.
    - Don't install binutils-* (Closes: #16272). It wasn't in Tails 3.x
      and we have no reason to ship it in 4.0.
    - Install mat2 instead of the transitional mat package.
    - Don't suspend automatically (Closes: #16624)
    - tails-additional-software: Adjust arguments to
      tails-persistence-setup (Closes: #16622). It seems like the perl
      library which previously nicely handled the tps command-line
      arguments now doesn't support taking dashes instead of
      underscores anymore.
    - Start tails-unblock-network in a blocking way (Closes: #16620)
      This reverts commit 59e99c51f15ab9e756e287acb03b4d3a91ca1dd2 in
      greeter.git. NetworkManager starting at the same time as GNOME
      Shell makes things racy: the Wi-Fi password prompt is sometimes
      not displayed (unreproduce on Debian Buster Live).
    - Patch ibus to fix an issue that prevented the on-screen keyboard
      from displaying in Tails Greeter (Closes: #16291).
    - oniongrater: give onioncircuits empty STATUS_SERVER events.
      Connection to STATUS_SERVER events is required by stem 1.7
      connect() function, but we actually don't need them, so let's
      suppress them (Closes: #16626).
    - Fix GNOME bookmarks file for Buster (Closes: #16629).
    - Build VeraCrypt packages with our patches applied for Buster
      (Closes: #16634).
    - Avoid new "render" group stealing a GID we have already
      statically allocated to another group (Closes: #16649) With the
      systemd 241-1~bpo9+1 → 241-3~bpo9+1 upgrade, udev.postinst now
      creates a "render" system group, which shifts GIDs and makes our
      devel branch FTBFS.
    - update-acng-config: add support for 4.x and 5.x, drop 2.x. We
      won't build 2.x releases anymore but we'll start building 4.x
      from this branch soon.
    - Restore Plymouth theme to "text" (Closes: #16743). The default
      theme in Buster ("futureprototype") is Debian-branded and thus
      unsuitable for Tails. Let's revert to the one we use in Tails
      3.x.
    - Stop installing caribou and libcaribou*: they're not used by
      GNOME Shell in Buster anymore (Closes: #16628)
    - Allow read access to /etc/machine-id in the AppArmor profile for
      Thunderbird (Closes: #16756). It breaks access to the D-Bus
      service where the GNOME on-screen keyboard listens on Buster.
    - Fix screen locker not working in Buster (Closes: #16763).
    - Hide lstopo in the Applications menu (Closes: #16797). It's
      pulled as a dependency by aircrack-ng but is probably not useful
      to the vast majority of Tails users.
    - Hide nm-connection-editor in the Applications menu (Closes:
      #16798). We still need the network-manager-gnome package that
      installs this .desktop file (for details, see
      commit:40290be3651eaa6f08346231aef80eddd8b33c64), but there's no
      reason to expose it directly to users.
    - TorStatus: call our custom destructor to avoid a use-after-free
      crashing GNOME Shell (Closes: #16791). It was ported to an ES6
      class in the process.
    - Copy dmidecode to initramfs (Closes: #16857). On Buster,
      partprobe complains if dmidecode is missing. It's not clear what
      the consequences are, at least it doesn't cause partprobe to
      exit with an error status code - but it's cheap to just copy
      dmidecode to the initramfs.
    - Adjust path for webext-ublock-origin 1.19.0+dfsg-2 (Closes:
      #16858).
    - Update Tor Browser AppArmor profile to take into account new
      uBlock installation path (Closes: #16858).
    - Disable the uBlock logger sidebar. This  brings back
      the hack we had before we removed it in #16206. Without this,
      the uBlock logger sidebar is displayed.
    - Reintroduce the same APT pinning as we use in 3.x for uBlock.
      Granted, the version from Buster should probably be sufficient
      right now, but it probably won't be once Tor Browser gets
      updated to a future major Firefox ESR. And in the meantime,
      this pinning discrepancy between devel and feature/buster makes
      it harder to maintain our patch against
      /usr/share/webext/ublock-origin/js/background.js.
    - Drop obsolete libdesktop-notify-perl patches: they were merged
      upstream.
    - Use X.Org in amnesia's GNOME session (Closes: #12213). Since a
      few months gdm3 defaults to Wayland in Debian testing/sid, just
      like upstream. But we're not ready yet.
    - Adjust Greeter's gdm-tails.session for Buster (Closes:
      #12551). This should ultimately be applied in greeter.git, but
      let's deal with it as a patch for now to avoid having to
      maintain two parallel branches of the Greeter.
    - Patch udisks2 and libblockdev and fix Tails Installer to repair
      USB boot on Buster (Closes: #14809).
    - Install gnome-user-docs directly instead of the gnome-user-guide
      transitional package.
    - Install the "crypto" libblockdev plugin (Closes: #14816). It's
      needed by recent udisks to do crypto operations.
    - Use ConditionUser=1000 instead of manually testing the output of
      `id -u' in some of our systemd services.
    - Have debootstrap install gnupg when setting up the chroot.
      Otherwise the build fails after debootstrap has done its job and
      live-build tries to use apt-key.
    - Don't try to install the obsolete gnome-search-tool package.
      It's been removed from testing/sid by its maintainers:
      https://bugs.debian.org/885975
    - Don't try to retrieve syslinux.exe from the syslinux source
      package. Since syslinux 3:6.03+dfsg1-1 this file is (rightfully)
      not included anymore in the Debian source package.  This commit
      is meant to fix the feature/buster ISO build. We of course need
      to find a proper solution, which is what #15178 is about.
    - Drop our pinned AppArmor feature set (Closes: #15149). On current
      Buster the AppArmor package pins to the Linux 4.14.13-1 feature
      set and I expect it'll keep pinning something that should work
      with the policy shipped in Buster.
    - Drop Stretch-specific workaround. This essentially workarounds
      4f8b50afb10a1ce1faf7645971bc020d2eb5d7dd,
      3e2d8a6a025b86f8191d125783ad507c57171bad and
      d56633a3089e5b177e07c2888442745557772f42.
    - Disable the usr.bin.man AppArmor profile. On Buster it breaks
      apparmor.service due to "profile has merged rule with
      conflicting x modifiers" that's most likely caused by the "/**
      mrixwlk" rule vs. our tweaks for aufs support.
    - Import files (from gksu 2.0.2-9+b1) needed for the Root Terminal
      into Git instead of fetching the package and extracting them at
      build time.
    - Use orca's current package name instead of pre-Buster
      transitional one.
    - Stop explicitly installing gstreamer1.0-pulseaudio. This was
      needed on Jessie due to Debian#852870 which was fixed in
      Stretch.
    - Drop adwaita-qt4: it was removed from Debian sid and won't be in
      Buster.
    - Disable man-db.timer on Buster (Closes: #16631)
    - Fix invalid seq range in update-acng-config so we geberate proper
      rules for Tails 4.x and 5.x.

 -- Tails developers <tails@boum.org>  Wed, 07 Aug 2019 20:30:15 +0200

tails (3.16) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 8.5.5 (Closes: #16692).

  * Security fixes
    - Install Linux kernel from the Buster security repository (Closes: #16970).
      The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
      in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
      release. Let's instead track Buster (+ security) for the time being.
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
    - Upgrade Thunderbird to 60.8 (DSA-4482-1).
    - Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
    - Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
    - Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).

  * Bugfixes
    - Additional software: Improve/fix support for translations (Closes: #16601).
    - Rework the implementation for hiding TailsData partitions (Closes: #16789).
    - Adjust how tordate determines whether the clock is in a valid range,
      fixing issues with obfs4 (Closes: #16972).

  * Minor improvements and updates
    - Ship default upstream Tor Browser bookmarks, and remove our predefined
      bookmarks (Closes: #15895).
    - Hide the security level button in the unsafe browser (Closes: #16735).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Remove LibreOffice Math (Closes: #16911).
    - Website: Make sandbox page translatable (Closes: #16873).
    - Website: Only scrub HTML on blueprints (Closes: #16901).
    - Website: Point history & diff URLs to Salsa.

  * Build system
    - Bump APT snapshot of the torproject archive to 2019073103, and drop
      tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
    - Bump APT snapshot of the Debian archive to 2019080801 to get fixed
      firmware packages from sid instead of sticking to those from
      stretch-backports (Closes: #16728).
    - Enable the buster APT repository and install some packages from there:
      hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
    - Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
      Browser AppArmor profile accordingly (Closes: #16858).
    - Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
      0.3.2-1 (Closes: #16941).

  * Test suite
    - Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
    - Adjust both locale handling and reference pictures for the Unsafe
      Browser homepage (Closes: #17004).
    - Fix "Watching a WebM video over HTTPS" scenario on Jenkins
      (Closes: #10442).
    - Tag "Watching a WebM video" as fragile.
    - Make @check_tor_leaks more verbose (See: #10442).
    - Remove broken Electrum scenario since Electrum support is currently
      missing (Closes: #16421).

 -- Tails developers <tails@boum.org>  Tue, 03 Sep 2019 20:30:14 +0200

tails (3.15) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 8.5.4 (Closes: #16691).
    - Upgrade Thunderbird to 60.7.2 (Closes: #16834).

  * Security fixes
    - Upgrade Expat to 2.2.0-2+deb9u2 (DSA-4472-1).
    - Upgrade OpenSSL 1.0 to 1.0.2s-1~deb9u1 (DSA-4475-1).
    - Upgrade OpenSSL to 1.1.0k-1~deb9u1 (DSA-4475-1).
    - Upgrade Vim to 2:8.0.0197-4+deb9u3 (DSA-4467-1).

  * Bugfixes
    - Recompute CHS values for the hybrid MBR after first-boot
      repartitioning (Closes: #16389). Some legacy BIOS systems won't boot
      otherwise.
    - Strip debug symbols from the aufs kernel module smaller (refs: #16818).
      The primary target was getting the initramfs down under 32MB, hoping
      to repair boot of feature/buster on MacBookPro 8,1. In any cases,
      the user experience should be improved due to a faster boot for
      every user, and a shortened “black screen” duration (between the
      bootloader and the Plymouth splash screen).

  * Minor improvements and updates
    - Make “Unlock VeraCrypt Volumes” show an error message if locking
      fails (Closes: #15794).
    - Add support for booting Tails from a read only sdcard (fromiso),
      through Heads, allowing for measured boot on some tamper-evident
      hardware (https://github.com/osresearch/heads/issues/581).

  * Build system
    - Patch Thunderbird packages from Debian when building Tails images
      (Closes: #6156).
    - Improve tooling to maintain and update PO files (Closes: #15403),
      rewriting some tools and moving code to the jenkins-tools submodule.
    - Implement preliminary steps needed to make the ikiwiki PO plugin
      able to update PO files for languages that are disabled on the
      website (refs: #15355).

 -- Tails developers <tails@boum.org>  Tue, 09 Jul 2019 02:50:09 +0200

tails (3.14.2) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.5.3 (Closes: #16835).

  * Bugfixes
    - tails-screen-locker: Don't use dim-label style class
      (Closes: #16802).

 -- Tails developers <tails@boum.org>  Sun, 23 Jun 2019 11:52:49 +0200

tails (3.14.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
    - Upgrade Thunderbird to 60.7.0 (Closes: #16742).
    - Upgraded Linux to 4.19.37-4 (Closes: #16823).

  * Bugfixes
    - Only probe for partitions on the boot device when setting up
      TailsData. Without arguments partprobe will scan all devices,
      and if it encounters a device it doesn't support (e.g. fake
      raid-0 arrays) it will return non-zero, thus aborting Tails'
      partitioning script, resulting in an unbootable install
      (Details: #16389).

  * Minor improvements and updates
    - Upgrade tor to 0.4.0.5-1~d90.stretch+1, the first stable
      candidate in the 0.4.0.x series (Closes: #16687).
    - Completely disable IPv6 except for the loopback interface. We
      attempt to completely block it on the netfilter level but we
      have seen ICMPv6 "leaks" any way (related to Router
      Solicitation, see: #16148) so let's just disable it. We keep
      enabled on the loopback interface since some services depends on
      ::1 being up.
    - create-usb-image-from-iso: Use syslinux from chroot. We used the
      syslinux from the vagrant box before, which caused issues with
      when building Tails/Buster with a Stretch vagrant box and then
      cloning the image via Tails Installer with syslinux from Buster
      (Closes: #16748).
    - Set Tor Browser's homepage to https://tails.boum.org/home/testing/
      if building anything but a stable release. This page explains the
      dangers of using a non-stable release. (Closes: #12003)

  * Build system
    - auto/{build,config}:
      * consistently use fatal() to error out, and prefix its message
        with "E: " to help distinguish them from the noise produced by
        tools we call etc.
      * Similarly, also prefix informational message with "I: ".
      * drop support for GnuPG 1.x.
      * clone more build output to the log file.
      * Drop obsolete check for syslinux version. This version
        requirement is satisfied by Jessie and it is doubtful Tails
        would build in anything older.
      * auto/build: drop a few checks for conditions that are already
        satisfied in the supported build environments.
    - Revert "Build system: try to be smart again by fetching only the
      refs we need." This optimization overrides the trick we have on
      Jenkins (set_origin_base_branch_head in
      jenkins-jobs:macros/builders.yaml),
      that ensures that a reproducibly_build_Tails_ISO_* job builds
      from the commit used by the first build. (Closes: #16730)

  * Test suite
    - Fix mistake with execute() vs spawn() when starting the upgrader.
    - Don't filter during pcap capture, instead let's just apply the
      same filtering when we are inspecting the pcap files. This way
      any pcap file saved on failure will include the full capture,
      and not just the packets sent by the system under testing, which
      sometimes makes it hard to understand what is going on.
    - Also include the content of /var/log/tor/log in $scenario.tor
      when tor failed to bootstrap (refs: #16793)
    - Don't flood the debug logger with tor@default's journal
      contents.
    - Power off system under testing after scenario. Until now we have
      relied on either one of the generated "snapshot restore" steps
      or the "[Given] a computer" step to implicitly stop the old VM
      when we move on to a new scenario. That meant the old VM was
      still running during the new scenarios @Before@ hooks. If the
      new scenario is tagged @check_tor_leaks that means we start its
      sniffer while the old VM is still running, possibly sending
      packets that then affect the new scenario. That would explain
      some myserious "Unexpected connections were made" failures we
      have seen (Closes: #11521).
    - Only accept IP(v6)/ARP during DHCP check.

 -- Tails developers <tails@boum.org>  Wed, 19 Jun 2019 15:29:07 +0200

tails (3.14) unstable; urgency=medium

  * Security fixes
    - Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
    - Enable all available mitigations for the Microarchitectural Data
      Sampling (MDS) attacks and disable SMT on vulnerable CPUs
      (Closes: #16720).
    - Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).

  * Bugfixes
    - Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
      The version in sid now displays a warning and exits, while 3.2.3-1 is
      still usable, in the rare cases when it manages to connect to the
      network, despite being affected by problematic phishing attacks which
      will only be solved once the package in Debian is updated to a newer
      upstream version.

  * Build system
    - Bump APT snapshot of the 'debian' archive to 2019051601, needed for
      the MDS mitigations.
    - Don't install the firmware-linux and firmware-linux-nonfree
      metapackages, as packages they pulled are already listed explicitly
      and one might run into version-related issues (Closes: #16708).

  * Minor improvements and updates
    - Remove some packages from the Tails image as their use is not
      widespread while consuming space for everyone. They can still be
      installed and upgraded through Additional Software (Closes: #15291).
      This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
      keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
      pdf-redact-tools, pwgen, traverso, and ssss.
    - Fix missing translations in the Greeter (Closes: #13438).
    - Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
    - Port fillram to Python 3 (Closes: #15845).
    - Enable localization for new locales introduced in Tor Browser 8.5
      (Closes: #16637).
    - Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
    - Improve internationalization of the Unlock VeraCrypt Volumes
      component (Closes: #16602).

  * Test suite
     - Make tails-security-check's SOCKS port test work when there's a live
       security advisory (Closes: #16701).
     - Make terminology more consistent.

 -- Tails developers <tails@boum.org>  Mon, 20 May 2019 18:52:04 +0200

tails (3.13.2) unstable; urgency=medium

  * Major changes
    - Replace all locale-specific fonts and standard X.Org fonts with
      the Noto fonts collection (Closes: #9956).
    - Install localization support packages for all tier-1 supported languages,
      and only those (Closes: #15807). Current tier-1 supported languages are:
      Arabic, German, English, Spanish, Farsi, French, Italian, Portuguese
      (Brazil), Russian, Turkish, Simplified Chinese, Hindi, Indonesian.
    - Disable the TopIcons GNOME Shell extension (Closes: #16608).
      This extension causes crashes (#11188), does not work on Wayland
      (#8309, #12213) so long-term, we need to remove it anyway.
      In order to learn how much our users rely on this extension and
      on OpenPGP Applet, let's disable this extension for one Tails release.
      While TopIcons is disabled (by default):
      · Users can still use OpenPGP Applet via the system tray in the bottom
        left corner of the desktop.
      · Users who do need TopIcons for other reasons can enable it again
        with 1 command line.

  * Security fixes
    - Upgrade Tor Browser to 8.0.9 (Closes: #16694).
    - Upgrade to Debian Stretch 9.9 (Closes: #16670).
    - Upgrade Thunderbird to 60.6.1 (Closes: #16641).

  * Bugfixes
    - Fix Thunderbird account setup wizard (Closes: #16573).
    - Display poweroff and reboot buttons even when locked (Closes: #15640).
    - Disable emergency shutdown during suspend (Closes: #11729).
    - Provide feedback while starting Onion Circuits (Closes: #16350).
    - Associate .key files with Seahorse (Closes: #15213).
      This partially fixes importing OpenPGP keys from GNOME Files.
    - Don't show spurious notification about "TailsData" while setting
      up a persistent volume (Closes: #16632).

  * Minor improvements and updates
    - Add a suspend button to status-menu-helper (Closes: #14556).
    - status-menu-helper: clean up and refactor.
    - Drop CSS hacks for the uBlock log window (Closes: #16206).
    - Polish 04-change-gids-and-uids code style (Closes: #16322).
    - Create persistence.conf backup in a more robust manner (Closes: #16568).
    - Make the WhisperBack .desktop file translatable in Transifex
      (Closes: #6486).

  * Build system
    - Don't fail the build if Tor Browser supports new locales that we don't ship
      a spellchecking dictionary for (#15807).
    - Fix apt-cacher-ng cache shrinking (Closes: #16020).
    - Remove obsolete usr.bin.onioncircuits AppArmor profile (Closes: #12170).
      All Tails current branches now install onioncircuits 0.6-0.0tails1,
      which ships a more current AppArmor profile than the one we
      have in our own Git tree.
    - Install Electrum from sid (Closes: #16642).
    - Avoid new "render" group stealing a GID we have already statically
      allocated to another group (Closes: #16649).

  * Test suite
    - Disable tests about notifications in case of MAC spoofing failure:
      we have a well-known bug here and these tests do nothing but confirm
      it again and again, which brings no value and has a cost (#10774).
    - Clarify what WebM scenarios are fragile (#10442).
    - Avoid zombies by waiting for killed child processes to exit (#14948).

 -- Tails developers <tails@boum.org>  Sun, 05 May 2019 19:32:22 +0000

tails (3.13.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.0.8 (Closes: #16606, MFSA-2019-10).
    - Upgrade NTFS-3G to 1:2016.2.22AR.1+dfsg-1+deb9u1 (DSA-4413-1).

 -- Tails developers <tails@boum.org>  Fri, 22 Mar 2019 20:54:03 +0000

tails (3.13) unstable; urgency=medium

  * Major changes
    - Upgrade Linux to 4.19.28-1 (Closes: #16390, #16469, #16552).
    - Upgrade Tor Browser to 8.0.7 (Closes: #16559).
    - Upgrade Thunderbird to 65.1.0 (Closes: #16422).

  * Security fixes
    - Upgrade LDB to 2:1.1.27-1+deb9u1 (DSA-4397-1).
    - Upgrade OpenJPEG to 2.1.2-1.1+deb9u3 (DSA-4405-1).
    - Upgrade OpenSSL 1.0 to 1.0.2r-1~deb9u1 (DSA-4400-1).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u6 (DSA-4387-2).

  * Bugfixes
    - Upgrade tor to 0.3.5.8-1~d90.stretch+1 (Closes: #16348).
    - Ensure Additional Software doesn't try to download packages that are
      in persistent cache (Closes: #15957).
    - Improve chances of recovering a lost persistence configuration
      (Closes: #10976).
    - Tor Launcher: add langpacks to enable localization again
      (Closes: #16338).
    - Migrate away from buggy Chinese input method: switch from ibus-pinyin
      to ibus-libpinyin + ibus-chewing (Closes: #11292).
    - Fix crash in Whisperback when additional persistent APT repositories
      are configured (Closes: #16563).
    - Give visual feedback while starting Whisperback (Closes: #16333).

  * Minor improvements and updates
    - Add feedback when opening VeraCrypt Mounter (Closes: #16334).
    - Improve consistency in Additional Software's accessibility
      (Closes: #16110).
    - Fix missing accessibility support when opening a browser from a
      notification (Closes: #16475).
    - Refresh ublock-origin patch to apply cleanly on top of 1.18.4+dfsg-1
      (Closes: #16451)
    - Upgrade intel-microcode to 3.20180807a.2~deb9u1.
      Fixes CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-3639,
      CVE-2018-3640, CVE-2017-5753, CVE-2017-5754.

  * Build system
    - Lower memory requirements when building Tails by limiting the memory
      used by mksquashfs to 512M (Closes: #16177).
    - Remove obsolete check on Thunderbird addons (Closes: #16045).
    - Update Tails' APT GnuPG key expiration (Closes: #16420).
    - Optimize Git operations (share resources, fetch only the needed
      objects).
    - Clone submodules from the host's local repositories (Closes: #16476).
    - Drop useless manual initramfs update (Closes: #16452).
    - Add a sanity check on the size of the initramfs (Closes: #16452).

  * Test suite
    - Add automated tests for Additional Software GUI (Closes: #14576,
      #14596).
    - Add automated tests on the backup persistence configuration
      (Closes: #16461).
    - Adjust test for Thunderbird 60.5.1 (Closes: #16555).

 -- Tails developers <tails@boum.org>  Mon, 18 Mar 2019 23:40:50 +0100

tails (3.12.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.0.6 (MFSA-2019-05; Closes: #16437).
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u5 (DSA-4381).
    - Upgrade cURL to 7.52.1-5+deb9u9 (DSA-4386).
    - Upgrade Qt 5 to 5.7.1+dfsg-3+deb9u1 (DSA-4374).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u5 (DSA-4387).

 -- Tails developers <tails@boum.org>  Tue, 12 Feb 2019 21:25:14 +0100

tails (3.12) unstable; urgency=medium

  * Major changes
    - Make the USB image the main supported way to install Tails (refs: #15292).
      On first boot, grow the system partition to a size that's a factor
      of the size of the boot medium and randomize GUIDs (Closes: #15319).
    - Upgrade Linux to 4.19, version 4.19.13-1 (Closes: #16073, #16224).
      Fixes CVE-2018-19985, CVE-2018-19406, CVE-2018-16862, CVE-2018-18397,
      CVE-2018-18397, CVE-2018-18397, CVE-2018-18397, CVE-2018-19824,
      CVE-2018-14625.
    - Remove Liferea (Closes: #11082, #15776).
    - Upgrade to the Debian Stretch 9.6 point-release.

  * Security fixes
    - Upgrade Tor Browser to 8.0.5 (MFSA-2019-02; Closes: #16388).
    - Upgrade Thunderbird to 60.4.0 (DSA-4362-1; Closes: #16261).
    - Upgrade OpenSSL to 1.0.2q-1~deb9u1 (DSA-4355-1).
    - Upgrade libarchive to 3.2.2-2+deb9u1 (DSA-4360-1).
    - Upgrade GnuTLS to 3.5.8-5+deb9u4 (CVE-2018-10844, CVE-2018-10845).
    - Upgrade libgd3 to 2.2.4-2+deb9u3 (CVE-2018-1000222, CVE-2018-5711).
    - Upgrade libmspack to 0.5-1+deb9u3 (CVE-2018-18584, CVE-2018-18585).
    - Upgrade libopenmpt to 0.2.7386~beta20.3-3+deb9u3 (CVE-2018-10017).
    - Upgrade libx11 to 2:1.6.4-3+deb9u1 (CVE-2018-14598, CVE-2018-14599,
      CVE-2018-14600).
    - Upgrade libxcursor to 1:1.1.14-1+deb9u2 (CVE-2015-9262).
    - Upgrade NetworkManager to 1.6.2-3+deb9u2+0.tails1 (CVE-2018-15688).
    - Upgrade wpa to 2:2.4-1+deb9u2 (CVE-2018-14526).
    - Upgrade zeromq3 to 4.2.1-4+deb9u1 (CVE-2019-6250).
    - Upgrade APT to 1.4.9 (DSA-4371-1).
    - Upgrade GhostScript to 9.26a~dfsg-0+deb9u1 (DSA-4372-1).

  * Bugfixes
    - Fix Totem's access to the Internet when it's started from the Applications
      menu.
    - Rename HTP pools to avoid confusion (Closes: #15428).
    - Fix memory erasure on shutdown with systemd v239+, by mounting
      a dedicated tmpfs on /run/initramfs instead of trying to remount /run
      with the "exec" option (Closes: #16097).
    - Make the KeePassX wrapper dialog translatable.
    - Fix detection of first Thunderbird run.

  * Minor improvements and updates
    - Upgrade tor to 0.3.4.9-1~d90.stretch+1.
    - Upgrade Mesa to 18.2.6-1~bpo9+1, libdrm to 2.4.95-1~bpo9+1,
      and libglvnd to 1.1.0-1~bpo9+1.
    - Upgrade firmware-linux and firmware-nonfree to 20190114-1.
    - Upgrade amd64-microcode to 3.20181128.1.
    - Upgrade intel-microcode to 3.20180807a.2~bpo9+1.
    - Remove the boot readahead feature (Closes: #15915).
      In most supported use cases, it did not improve boot time anymore,
      or even increases it.
    - Require TLS 1.2 in our Upgrader and tails-security-check (Closes: 11815).
    - Enable O_CREAT restriction in /tmp directories for FIFOs and regular
      files (Closes: #16072).
    - Upgrade systemd to 240-4~bpo9+0tails1 (Closes: #16352).
      Fixes CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866.
    - Upgrade Enigmail to 2.0.8-5~deb9u1 (Closes: #15657).
    - Upgrade Torbirdy to 0.2.6-1~bpo9+1 (Closes: #15661).
    - Modify Torbirdy configuration in a way that's easier to maintain.
    - Tell the user they need to use sudo when they attempt to use su
      (Closes: #15583).

  * Build system
    - Make the build of the USB image reproducible (Closes: #15985).
    - Allow specifying which set of APT snapshots shall be used during
      the build, with the APT_SNAPSHOTS_SERIALS build option (Closes: #15107).
    - Fix more GIDs and display more information when changing UIDs or GIDs
      fails (Closes: #16036).
    - Remove obsolete patches, refresh remaining ones to apply on top
      of currently installed packages version.
    - Disable irrelevant recurring jobs in Vagrant build box (refs: #16177)
      that increase the chance of FTBFS due to mksquashfs being reaped
      by the OOM killer.
    - Adjust for recent GnuPG error'ing out when it has no controlling terminal.

  * Test suite
    - Adjust test suite for USB image:
      - Add tests that exercise behavior on first boot from a device
        installed using the USB image (Closes: #16003).
      - Drop tests for use cases we don't support anymore with the introduction
        of the USB image (refs: #16004).
      - Adjust remaining tests to focus on main supported use cases,
        i.e. Tails installed from a USB image (refs: #16004.
    - In scenarios where we simulate MAC spoofing failure, test safety-critical
      properties even if the desktop notification is buggy (refs: #10774).
    - Update expected title for our Redmine (Closes: #16237).
    - Update expected image for OpenPGP key search.

 -- Tails developers <tails@boum.org>  Mon, 28 Jan 2019 13:26:26 +0100

tails (3.11) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.0.4-build2 (Closes: #16193).
    - Upgrade Thunderbird to 60.3.0-1~deb9u1.0tails1 (Closes: #16118).
    - Thunderbird: unconditionally disable Autocrypt, as it is not safe in
      its current state (See: #15923, Closes: #16186).
    - Upgrade Linux to 4.18.20 and aufs to 4.18.11+-20181119
      (Closes: #16145).
    - Upgrade cURL to 7.52.1-5+deb9u8 (DSA-4331).
    - Upgrade Ghostscript to 9.26~dfsg-0+deb9u1 (DSA-4336, DSA-4346).
    - Upgrade Perl to 5.24.1-3+deb9u5 (DSA-4347).
    - Upgrade Policykit to 0.105-18+deb9u1 (DSA-4350).
    - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u4 (DSA-4345).
    - Upgrade OpenSSL to 1.1.0j-1~deb9u1 (DSA-4348).
    - Upgrade libtiff to 4.0.8-2+deb9u4 (DSA-4349).

  * Bugfixes
    - Tails Upgrader:
      · Improve support for incremental upgrades to avoid issues with
        partially applied upgrades (Closes: #14754).
      · Add a prompt after the IUK has been downloaded so the user can
        control when the network will be disabled; previously this was
        done without users having a say, possibly leading to confusion and
        lost work (Closes: #15282).
    - Thunderbird: always set locale according to environment (Closes: #16113).

  * Minor improvements and updates
    - Remove packages which were needed for getTorBrowserUserAgent
      (Closes: #16024).
    - Fix persistence configuration window opening on full screen
      (Closes: #15894).
    - Time sync: don't temporarily increase tor's log level when using
      bridges/PTs (Closes: #15743).
    - Warn about non-free software depending on the host operating system
      and/or virtualization stack (Closes: #16195).

  * Build system
    - Create USB image after building the ISO, and include it in build
      artifacts (Closes: #15984, #15985, #15990).
    - Release process: adapt to IDF v2 (Closes: #16171).

  * Test suite
    - Add new Using "VeraCrypt encrypted volumes" feature, with scenarios
      split into two parts: "Unlock VeraCrypt Volumes" and "GNOME Disks"
      (Closes: #14469, #14471, #15238, #15239).
    - Reintroduce "Clock is one day in the future in bridge mode" test
      (Closes: #15743).
    - Make starting apps via GNOME Activities Overview more robust
      (Closes: #13469).
    - Check for "Upgrading the system" and adjust to "Upgrade successfully
      downloaded" new UI (See: #14754, #15282).

 -- Tails developers <tails@boum.org>  Mon, 10 Dec 2018 20:37:06 +0100

tails (3.10.1) unstable; urgency=medium

  * Declare that Enigmail is compatible with Thunderbird 60.*.

 -- Tails developers <tails@boum.org>  Tue, 23 Oct 2018 01:30:00 +0200

tails (3.10) unstable; urgency=medium

  * Security fixes
    - Harden sudo config to avoid potential future privilege escalation
      (Closes: #15829).
    - Upgrade Linux to 4.18 and aufs to 4.18-20181008 (Closes: #15936).
    - Upgrade the snapshot of the Debian archive to 2018100901 accordingly.
    - Upgrade Tor Browser to 8.0.3-build1 (Closes: #16067).
    - Upgrade Thunderbird to 60.2.1 (Closes: #16037).

  * Bugfixes
    - Fix installation of mesa/stretch-backports by installing libwayland*
      from stretch-backports (Closes: #15846).
    - Tor Browser AppArmor profile patch: update to apply cleanly on top
      of torbrowser-launcher 0.2.9-5.
    - Additional Software: fix issues spotted during the code review
      (Closes: #15838).
    - Additional Software: make sure to offer persistence only for newly
      installed packages, avoiding inconsistency (Closes: #15983).
    - Improve button labels in confirmation dialogs of the Tails installer
      (Closes: #11501).
    - Hardcode User Agent in htpdate.user-agent (Closes: #15912), as the
      Tor Browser doesn't expose it anymore.
    - Fix encoding-related crashes in Tails Installer (Closes: #15166).
    - Set the Firefox preferences to spoof English, to avoid leaking
      information about locale settings (Closes: #16029).
    - VeraCrypt: Hide PIM entries in GNOME Shell and Disks, since a newer
      cryptsetup would be needed (Closes: #16031).
    - VeraCrypt: Fix support for multiple encryption, by iterating over
      all children in the device-mapper tree (Closes: #15967).
    - Update translations.

  * Minor improvements and updates
    - Add dmsetup and losetup output in WhisperBack reports to help debug
      VeraCrypt-related issues (Closes: #15966).
    - Let AppArmor allow access to /usr/local/share/mime, reducing noise
      in logs due to many DENIED entries (Closes: #15965).
    - Use proper stem.connection module in onion-grater instead of trying
      to read the auth cookie manually: that's fragile and breaks some use
      cases (e.g. custom auth cookie).
    - Unlock VeraCrypt Volumes: Improve internationalization support.

  * Test suite
    - Ensure the test suite doesn't break when changing the headline of
      /home (Closes: #12156).
    - Update test suite for updated button labels in confirmation dialogs
      of the Tails installer (Closes: #11501).

 -- Tails developers <tails@boum.org>  Tue, 23 Oct 2018 01:30:00 +0200

tails (3.9.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 8.0.2, based on Firefox 60.2.1 (Closes: #16017).
    - Upgrade Thunderbird to 60.0-3~deb9u1.0tails2 (Closes: #15959). Also
      imported the same security fixes that caused Tor Browser 8.0.2.
    - Upgrade curl to 7.52.1-5+deb9u7 (DSA-4286).
    - Upgrade Ghostscript to 9.20~dfsg-3.2+deb9u5 (DSA-4294).
    - Upgrade libarchive-zip-perl to 1.59-1+deb9u1 (DSA-4300).
    - Upgrade libkpathsea6 to 2016.20160513.41080.dfsg-2+deb9u1 (DSA-4299).
    - Upgrade LittleCMS 2, aka. liblcms2-2, to 2.8-4+deb9u1 (DSA-4284).
    - Upgrade Python 2.7 to 2.7.13-2+deb9u3 (DSA-4306).
    - Upgrade Python 3.5 to 3.5.3-1+deb9u1 (DSA-4307).

  * Bugfixes
    - Make Thunderbird translated in non-English locales via
      intl.locale.requested, which works correctly since 60.0-3
      (Closes: #15942).
    - Totem: backport AppArmor profile fix to allow opening the help
      (Closes: #15841)
    - Remove mutt, that was accidentally installed in 3.9 (Closes: #15904).
    - Fix VeraCrypt volumes not being opened in GNOME Files (Closes: #15954).
    - Fix displaying the "General" section in the Tor Browser preferences
      (Closes: #15917).
    - Fix APT pinning at Tails runtime for our custom APT repository
      and for Debian backports (Closes: #15837, #15973).

  * Minor improvements and updates
    - Upgrade tor to 0.3.4.8-1~d90.stretch+1 (Closes: #15889).

 -- Tails developers <tails@boum.org>  Wed, 03 Oct 2018 12:12:33 +0200

tails (3.9) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 8.0 (Closes: #15803, #15907).
      Notable user-visible changes and relevant details:
      · Adjust to the fact Tor Browser 8.0a10 replaces firefox with a wrapper.
      · Don't use the bundled copy of libstdc++.so.6, ours is recent enough.
      · Drop obsolete Torbutton prefs (Closes: #15706).
      · Switch back to 128px icons (Closes: #15081).
      · AppArmor profile: take into account new Firefox binary path.
    - Upgrade Thunderbird to 60.0 (Closes: #15792).
      Notable user-visible changes and relevant details:
      · AppArmor profile: patch to avoid conflicting x modifiers for ps(1).
    - Upgrade tor to 0.3.4.7-rc (Closes: #15772).

  * Security fixes
    - Upgrade Linux to 4.17.17-1 and intel-microcode to 3.20180807a.1
      This fixes CVE-2018-3620 aka. Foreshadow aka. L1 Terminal Fault
      (Closes: #15796).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u4 (DSA-4280).

  * Bugfixes
    - Fix Totem on Intel graphics cards by inlining the backported mesa
      and dri-enumerate abstractions into its AppArmor profile: they are needed
      with recent Mesa and libdrm (Closes: #15821). Regression introduced
      in 3.9~rc1.
    - Fix unlocking "hidden" TrueCrypt/VeraCrypt volumes via GNOME Shell
      (Closes: #15843).
    - Fix confusing error message when unlocking TrueCrypt/VeraCrypt volumes
      (Closes: #15733).
    - Revert to Stretch's X.Org nouveau video driver (Closes: #15833).
      It seems that the regression brought by the upgraded one
      is worse than the improvements reported after our call for testing.
      Regression introduced in 3.9~rc1.
    - Use the intel X.Org driver for Intel Corporation UHD Graphics 620.
    - Fix regressions introduced in 3.9~rc1 in/by Additional Software Packages:
      · Don't break new empty persistence configuration files creation when
        permissions are incorrect (Closes: #15802).
      · Fix UX when the user has specified a distribution or version
        for a given package in their live-additional-software.conf
        (Closes: #15822).
      · Don't show installation notifications on upgrade (Closes: #15879).
    - Make more Additional Software Packages strings translatable in the
      configuration dialog and PolicyKit messages.

  * Minor improvements and updates
    - Upgrade firmware-nonfree to 20180825-1.
    - Update the deb.torproject.org APT repository signing key.
    - Unlock VeraCrypt Volumes: add disclaimer (Closes: #15849).

  * Test suite
    - Update Thunderbird test suite for 60.0 (Closes: #15791).
    - Fix various robustness issues.
    - Make the Chutney nodes use a higher V3AuthVotingInterval to make client
      bootstrap more robust (Closes: #15799).
    - Update the Tor Launcher binary path.
    - Adjust to the fact "New Circuit for this Site" is now in the site
      information and not under the Torbutton anymore.
    - Delete unused images.

 -- Tails developers <tails@boum.org>  Tue, 04 Sep 2018 12:15:43 +0000

tails (3.9~rc1) unstable; urgency=medium

  * Major changes
    - Integrate the Additional Software Packages feature into the desktop
      and revamp the interface of "Configure Persistent Volume".
    - Support TrueCrypt/VeraCrypt encrypted volumes on the desktop.
    - Upgrade Tor Browser to 8.0a9, based on Firefox 60 ESR (Closes: #15023).
      Notable user-visible changes and relevant details:
      · Drop search engine customization and stick to Tor Browser's defaults.
      · Upgrade uBlock Origin to its WebExtension version and now rely
        on the filter lists shipped in the Debian package.
      · Tweak the number of web content processes to work better with 2 GiB
        of RAM (Closes: #15716).
      · Revamp how we're handling our custom prefs, drop obsolete ones,
        reduce our delta with pristine Tor Browser.
    - Upgrade Thunderbird to 60.0b10 (Closes: #15091). Notable details:
      · Install Torbirdy 0.2.5 from stretch-backports and drop our patches
        that were merged upstream.
      · Enable the optional part of the fixes for EFAIL (Closes: #15602).
    - Upgrade Linux to 4.17 (Closes: #15763).
    - Upgrade tor to 0.3.4.6-rc (Closes: #15770).
    - Upgrade to Debian Stretch 9.5.

  * Security fixes
    - Upgrade CUPS to 2.2.1-8+deb9u2 (DSA-4243).
    - Upgrade Exiv2 to 0.25-3.1+deb9u1 (DSA-4238).
    - Upgrade FUSE to 2.9.7-1+deb9u1 (DSA-4257).
    - Upgrade GDM to 3.22.3-3+deb9u2 (DSA-4270).
    - Upgrade libsoup to 2.56.0-2+deb9u2 (DSA-4241).
    - Upgrade Imagemagick to 8:6.9.7.4+dfsg-11+deb9u5 (DSA-4245).
    - Upgrade ffmpeg to 7:3.2.12-1~deb9u1 (DSA-4258, DSA-4249).
    - Upgrade libmspack to 0.5-1+deb9u2 (DSA-4260).
    - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u3 (DSA-4271).
    - Upgrade the Apache XML Security for C++ library to 1.7.3-4+deb9u1
      (DSA-4265).

  * Bugfixes
    - Don't display the Enigmail configuration wizard in every Tails session
      (Closes: #15693, #15746). Fix against Tails 3.8.
    - Make the torstatus GNOME Shell extension actually translatable
      (Closes: #15715). Fix against the first Tails release that included
      this extension.
    - Drop Icedove → Thunderbird migration code which started causing trouble.
    - Tails Installer:
      · Link to upgrade documentation when upgrading (Closes: #7904).
      · Show the reinstall option only when the device is big enough to make
        a full reinstallation (Closes: #14810).
      · Make the main window fit in a 600px-high screen (Closes: #14849).
      · Show the correct device size in the reinstall confirmation dialog
        (Closes: #15590).
    - Tails Greeter: don't display file:/// URLs to users (Closes: #15582).

  * Minor improvements and updates
    - Install Mesa and libdrm* from stretch-backports and upgrade the Nouveau
      X.Org video driver to 1.0.15. This improves support for some graphics
      cards such as NVIDIA Pascal series (Closes: #14910)
    - htpdate: improve diagnostics output when the date header can't be fetched.
    - Onion Grater: support named AppArmor profiles.
    - Update Onion Grater's config for new Tor Browser AppArmor profile name.
    - Enable e10s in the Unsafe Browser.
    - Delete all search plugins for the Unsafe Browser (Closes: #15708).
    - Display a deprecation warning when starting Liferea (#11082).
    - Upgrade VirtualBox guest modules to 5.2.16-dfsg-3~bpo9+2.
    - Use Tor Browser for browsing the documentation even when offline
      (Closes: #15720).
    - Provide feedback while Tor Browser, "Tails documentation"
      or "Report an error" are starting (Closes: #15101).
    - WhisperBack: remove the right pane (Closes: #7180).
    - tails-debugging-info: return machine-readable, structured data.
      Adjust WhisperBack accordingly (Closes: #8514). This paves the way
      towards more usable bug reports (#8722).
    - Port lots of our Perl code to more lightweight libraries.
      This decreases the amount of memory used by the persistence
      configuration interface.
    - Do not hide applications that require an admin password (Closes: #11013).
    - Try unlocking every persistent volume when multiple ones are
      available (Closes: #15653).
    - Upgrade Electrum to 3.1.3-1~bpo9+1.
    - Upgrade most firmware to 20180518-1.
    - Upgrade Intel microcode to 3.20180703.2~bpo9+1.
    - Upgrade AMD microcode to 3.20180524.1.

  * Build system
    - Drop AppArmor feature set pinning: this is now done in Debian Stretch
      (Closes: #15341).
    - Remove the now unused deb.torproject.org sid APT source (Closes: #15638).
    - Install OnionShare from our custom APT repo instead of from sid.
      We've mistakenly tracked sid for a while and it has become a problem,
      so stick to the version that works for us until Tails 4.0.
    - Fix building the ISO on zfs by dropping the cache=none setting for
      vmproxy's storage (Closes: #14404).
    - Update the Vagrant basebox for any change under vagrant/.
      Previously, some relevant changes were not effective until something under
      vagrant/definitions/tails-builder/ was changed.
    - Make intltool ignore .py files: `intltool-update --maintain` seems to be
      buggy with .py files.
    - Refresh our CUPS AppArmor profile patch to apply on 2.2.1-8+deb9u2.
    - Make it more obvious that the .orig file check is fatal (Closes: #15727).
    - Delete baseboxes once they're 6 months old instead of 4.
      This is more in line with the delay between our major releases these days.
    - Rename /usr/share/amnesia to /usr/share/tails. It was about time.
    - Abort the build if /etc/{passwd,group} has changed (Closes: #15419).
      Such changes can break Tails after an automatic upgrade was applied
      so let's detect it ASAP. Consequently, ensure a few GIDs — that wanted
      to play musical chairs — are the same as in Tails 3.8 (Closes: #15695).
    - Don't fail the build if the APT lists don't include any package
      whose name matches ^geoclue.

  * Test suite
    - Adjust to the new tails-persistence-setup API.
    - Update the Tor Browser's AppArmor profile name.
    - Re-enable the "I can print the current page […]" test.
    - Update tests wrt. the fact tails-upgrade-frontend-wrapper was ported
      to Python (Closes: #15379).
    - Make a test more robust by waiting for the page to have loaded.
    - Adjust to the fact the WhisperBack debugging info is now configured
      in a machine-readable file.
    - Remove test for tails-debugging-info, that has been a no-op for a while.
    - Adjust for Tor Browser 8.
    - Make the "I open the address" step more robust and accordingly
      stop marking the tests that use it in the Unsafe Browser
      as fragile (refs: #14771).
    - De-duplicate a number of images of standard GTK+ 3 widgets.
    - Make the audio and WebM tests more robust.
    - Make the "I start the Tor Browser in offline mode" step more robust.
    - Make the "AppArmor has (not )? denied" step more robust.
    - Don't try and use XVFB_PID if it's not set (Closes: #15730).
    - Adjust Pidgin test to use a certificate that's still in Debian
      (Closes: #15762).
    - Use a hopefully more reliable public GnuPG key and make tests
      more robust against new subkeys being added (Closes: #15771).
    - Stop hard-coding the list of RTL Tor Browser locales.
    - Fix the "Unsafe Browser can be used in all languages supported in Tails"
      test for locales that have a translated homepage (Closes: #11711).
    - Take into account that apt(8) won't return when run in the remote shell
      with the ASP hooks enabled.

 -- Tails developers <tails@boum.org>  Thu, 16 Aug 2018 18:37:47 +0000

tails (3.8) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.5.6 (MFSA 2018-17; Closes: #15683).
    - Upgrade Enigmail to 2.0.7 (partly fixes #15602 aka. EFAIL).
    - Upgrade libgcrypt to 1.7.6-2+deb9u3 (DSA-4231-1).
    - Upgrade perl to 5.24.1-3+deb9u4 (DSA-4226-1).

  * Bugfixes
    - Thunderbird: fix importing public OpenPGP keys from email attachments
      (Closes: #15610).
    - Make the Unsafe Browser home page translatable again (Closes: #15461).

  * Minor improvements
    - Don't display the "Know your rights" message on Thunderbird first run.
    - Move Thunderbird's default userChrome.css to /etc/thunderbird, just like
      we do for Tor Browser, for easier upgrade handling.

 -- Tails developers <tails@boum.org>  Mon, 25 Jun 2018 09:59:22 +0000

tails (3.7.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.5.5 (MFSA 2018-14; closes: #15643).
    - Upgrade Thunderbird to 52.8.0 (DSA-4209-1; Closes: #15607).
      - Partially fixes EFAIL.
      - Fixes importing OpenPGP keys from keyservers with Enigmail.
      - Accordingly refresh our Thunderbird AppArmor profile patch.
    - Upgrade cURL to 7.52.1-5+deb9u6 (DSA-4202-1).
    - Upgrade GnuPG (modern) 2.1.18-8~deb9u2 (DSA-4222-1).
    - Upgrade GnuPG (legacy) to 1.4.21-4+deb9u1 (DSA-4223-1).
    - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4212-1).
    - Upgrade PackageKit to 1.1.5-2+deb9u1 (DSA-4207-1).
    - Upgrade procps to 2:3.3.12-3+deb9u1 (DSA-4208-1).
    - Upgrade wavpack to 5.0.0-2+deb9u2 (DSA-4197-1).
    - Upgrade wget to 1.18-5+deb9u2 (DSA-4195-1).
    - Upgrade xdg-utils to 1.1.1-1+deb9u1 (DSA-4211-1).

  * Bugfixes
    - Fix setting a screen locker password with non-ASCII characters
      (Closes: #15636).
    - WhisperBack:
      - Rename the WhisperBack launcher to "WhisperBack Error Reporting"
        so that users have a better chance to understand what it does
        (Closes: #6432)
      - Ensure debugging info in Whisperback reports don't contain email
        signature markers so that email clients forward it in full
        (Closes: #15468).
      - Wrap text written by the user to 70 chars (Closes: #11689).

  * Minor improvements
    - The "Tails documentation" desktop launcher now opens /doc instead of
      the aging /getting_started that confused people during user testing
      (Closes: #15575).

  * Test suite
    - Update to match "Tails documentation" behaviour change.

 -- Tails developers <tails@boum.org>  Sat, 09 Jun 2018 19:53:51 +0000

tails (3.7) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.5.4 (MFSA 2018-12, Closes: #15588).
    - Upgrade OpenSSL to 1.1.0f-3+deb9u2 (DSA-4157).
    - Upgrade Perl to 5.24.1-3+deb9u3 (DSA-4172).
    - Upgrade Libre Office to 1:5.2.7-1+deb9u4 (DSA-4178).
    - Upgrade libmad to 0.15.1b-8+deb9u1 (DSA-4192).

  * Bugfixes
    - Enable the removal of OpenPGP keyblock in Whisperback (closes: #7797).
    - Show the logo in Whisperback's About menu (closes: #13198).
    - Use the same font in all the Whisperback report (Closes: #11272).
    - Update tails-bugs@tails.boum OpenPGP key (Closes: #15534).

  * Minor improvements
    - Stop installing python-qt4 and python-trezor (Closes: #15391).
    - Make WhisperBack easier to find in the GNOME Overview (Closes: #13299).

 -- Tails developers <tails@boum.org>  Tue, 08 May 2018 01:47:22 +0200

tails (3.6.2) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.5.3 (MFSA 2018-10, Closes: #15459).
    - Upgrade Thunderbird to 1:52.7.0-1~deb9u1.0tails1 (DSA-4155,
      Closes: #15471).
    - Upgrade libicu to 57.1-6+deb9u2 (DSA-4150).
    - Upgrade intel-microcode to 3.20180312.1~bpo9+1. Implements
      IBRS/IBPB/STIPB support, Spectre-v2 mitigation for: Sandybridge,
      Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake
      (Closes: #15173).

  * Bugfixes
    - Tor Browser AppArmor profile:
     * Grant the main Firefox process access to machine-id: needed for
       IBus support (Closes: #15437).
     * Allow access to extensions installed by the user such as Tails
       Verification (Closes: #15434).
    - Remove packages needed to support Video Acceleration API
      (VA-API) because they breaks opening GNOME Settings and Totem in
      Tails 3.6 on some computers (only NVIDIA for now but perhaps
      other hardware is affected). (Closes: #15433, #15449)
    - Upgrade Linux to 4.15.11-1 and bump the aufs submodule (Closes:
      #15456, #15457).
    - tails-documentation script:
      * open translated documentation page in Tor Browser when online
        (Closes: #15371).
      * use documented syntax for os.execv (Refs: #15332)
      * re-add support for passing a HTML anchor as the second
        argument.
    - Fix issue where the tails-persistence-setup user's guid would be
      changed when it was the uid that was intended (Closes: #15422).

 -- Tails developers <tails@boum.org>  Thu, 29 Mar 2018 17:49:42 +0200

tails (3.6.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.5.2 (MFSA 2018-08 i.e. CVE-2018-5146).
    - Upgrade libvorbis to 1.3.5-4+deb9u2 (DSA 4140-1 aka. CVE-2018-5146).
    - Upgrade curl to 7.52.1-5+deb9u5 (DSA 4136-1).
    - Upgrade samba to 2:4.5.12+dfsg-2+deb9u2 (DSA 4135-1).

  * Bugfixes
    - Fix ISO build reproducibility (Closes: #15400)
    - Disable Selfrando: Tor Browser upstream currently enables it only
      in non-release builds
      (https://trac.torproject.org/projects/tor/ticket/24912#comment:8).

 -- Tails developers <tails@boum.org>  Fri, 16 Mar 2018 22:42:00 +0000

tails (3.6) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 7.5.1.
    - Upgrade Tor to 0.3.2.10. (Closes: #15158)
    - Add ability to lock the screen. (Closes: #5684)
    - Add initial support for Meek bridges. (Closes: #8243)
    - Upgrade to Thunderbird 52.6.0. (Closes: #15298)
    - Enable Thunderbird AppArmor profile. (Closes: 11973)
    - Upgrade Linux to 4.15.0-1. (Closes: #15309).
    - Upgrade systemd to 237.
    - Upgrade Electrum to 3.0.6. (Closes: #15022)
    - Upgrade the base system to the Debian Stretch 9.4 point-release
      (Closes: #15341)
    - Port a few shell scripts to Python thanks to GoodCrypto. (Closes: #11198)

  * Security fixes
    - Upgrade Intel processor microcode firmware. (Closes: #15173).
    - Upgrade poppler to 0.48.0-2+deb9u1. (CVE-2017-14929, CVE-2017-1000456)
    - Upgrade tiff to 4.0.8-2+deb9u2 (CVE-2017-9935, CVE-2017-11335,
      CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013)
    - Upgrade ffmpeg to 7:3.2.10-1~deb9u1. (CVE-2017-17081)
    - Upgrade libtasn1-6 to 4.10-1.1+deb9u1. (CVE-2017-10790, CVE-2018-6003)
    - Upgrade Libre Office to 1:5.2.7-1+deb9u2. (CVE-2018-6871)
    - Upgrade libvorbis to 1.3.5-4+deb9u1. (CVE-2017-14632, CVE-2017-14633)
    - Upgrade gcc to 6.3.0-18+deb9u1.
    - Upgrade util-linux to 2.29.2-1+deb9u1. (CVE-2018-7738)
    - Upgrade isc-dhcp to 4.3.5-3+deb9u1 (CVE-2017-3144, CVE-2018-5732,
      CVE-2018-5733)

  * Minor improvements
    - Avoid noisy warning at boot time by creating tails-upgrade-frontend's
      trusted GnuPG homedir with stricter permissions, then making it looser.
      (Closes: #7037)
    - Drop (broken) Thunderbird dedicated SocksPort. (Closes: #12460)
    - Drop customized update-ca-certificates.service. (Closes: #14756)
    - Update AppArmor cupsd profile. (Closes: #15029)
    - Improve UX when GDM does not start. (Closes: #14521)
    - Install packages needed to support Video Acceleration API.
      (Closes: #14580)
    - Upgrade aufs-dkms for Linux 4.15. (Closes: #15132).
    - Ship pdf-redact-tools, thanks to dachary <loic@dachary.org>.
      (Closes: #15052)
    - Additional Software Packages: convert to python3 and PEP-8.
      (Closes: #15198)
    - Additional Software Packages: do not check for updates every time the
      network gets reconnected. (Closes: #9819)
    - Revert to xorg-xserver from Stretch. (Closes: #15232)
    - Open Tails documentation in Tor Browser when online. (Closes: #15332)
    - Disable Enigmail's Memory Hole feature. (Closes: #15201)
    - Persistence Setup: stop depending on Synaptic. (Closes: #15263)

  * Bugfixes
    - Additional Software Packages: fix the "incomplete online upgrade
      process" bug in offline mode (Closes: #14570)
    - Additional Software Packages: do not block Desktop opening.
      (Closes: #9059)
    - Install OpenPGP Applet 1.1. (Closes: #6398).
    - Repair rng-tools using a real start-stop-daemon program.
      (Closes: #15344)
    - Tails installer: fix bug with unicode status messages. (Closes: #15254)

  * Build system
    - Abort if tails-custom-apt-sources failed.
    - Abort the ISO build when DKMS modules are not built. (Closes: #14789).
    - Improve how we track dependencies in build hooks. (Closes: #14818)
    - Fix (potential) rare race condition during build.
    - Ensure the SquashFS has /etc/hostname properly configured.
      (Closes: #15322)
    - Bump builder VM's RAM. (Closes: #15310)

  * Test suite
    - Log the list of systemd jobs when systemctl is-system-running fails.
      (Closes: #14772).
    - Allow more time for 'systemctl is-system-running' to succeed.
    - Only support SikuliX, not Sikuli.
    - Disable SPICE clipboard sharing.
    - Don't flood the debug logger with the journal contents.
    - Rescue exception.
    - Enter a name into the Thunderbird account configuration.
      (Closes: #11256)
    - Fix the "I do not see ..." step's case. (Closes: #14929)
    - Mark scenarios that use the "The Report an Error launcher will…" step
      as fragile (Closes: #15321)
    - Test that Tor Browser opens docs when online. (Closes: #15332)
    - Adapt test after warning moved to after Unsafe Browser verification
      dialog. (Closes: #8775)
    - Dogtailify electrum.feature.
    - Add additional software packages feature. (Closes: #14572)
    - Disable test that is broken due to a Tor Browser bug. (refs: #15336)

 -- Tails developers <tails@boum.org>  Mon, 12 Mar 2018 21:28:29 +0100

tails (3.5) unstable; urgency=medium

  * Security fixes
    - Upgrade amd64-microcode to 3.20171205.1, for the mitigation
      against Spectre (CVE-2017-5715) (Closes: #15148).
    - Upgrade Tor Browser to 7.5-build3 (Closes:  #15197).
    - Upgrade Thunderbird to 1:52.5.2-2~deb9u1.0tails1 (Closes: #15033)
    - Upgrade gdk-pixbuf to 2.36.5-2+deb9u2.0tails1 (Closes: #15177).
    - Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u4.
    - Upgrade libxml2 to 2.9.4+dfsg1-2.2+deb9u2.

  * Minor improvements
    - Upgrade Linux to 4.14.13, which is the first kernel that has the
      "[x86] microcode/AMD: Add support for fam17h microcode loading"
      commit, that's needed to load the AMD fam17h microcode for
      mitigating the Spectre vulnerability (CVE-2017-5715).

  * Bugfixes
    - Drop Claws Mail persistence setting migration. Whenever
      persistent Claws Mail setting is enabled, this creates an empty
      ~/.icedove/ directory, that prevents Thunderbird from starting
      (Closes: #12734).
    - Don't prevent the GNOME Applications button from opening its menu if
      time syncing resulted in a shift back in time (Closes: #14250).
    - Tails Installer: when cloning Tails to another USB drive, check
      if the target device has enough space *before* any destructive
      actions are made (Closes: #14622).
    - Tor Browser: make "Print to file" work again, for all locales
      (Closes: #13403, #15024).

  * Build system
    - Fix option passed to cmp: -q is not supported but --quiet is.
      Spotted on feature/buster that's the first branch that exercises
      this code, but there's no reason to fix it only there.

  * Test suite
    - Adapt tests for Tor Launcher 0.2.14.3, i.e. the one shipped with
      Tor Browser 7.5 in Tails 3.5 (Closes: #15064).
    - Add support for creating arbitrarily sized partitions.
    - Add a "Try cloning Tails to a too small partition" scenario
      (regression test for #14622).

 -- Tails developers <tails@boum.org>  Tue, 23 Jan 2018 00:57:58 +0100

tails (3.4) unstable; urgency=medium

  * Security fixes
    - Install Linux 4.14.0-3 from sid (Closes: #14976). This enables
      the kernel-side mitigations for Meltdown.
    - Upgrade curl to 7.52.1-5+deb9u3.
    - Upgrade enigmail to 2:1.9.9-1~deb9u1.
    - Upgrade gimp to 2.8.18-1+deb9u1.
    - Upgrade imagemagick to 8:6.9.7.4+dfsg-11+deb9u4.
    - Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
    - Upgrade libxcursor to 1:1.1.14-1+deb9u1.
    - Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
    - Upgrade poppler to 0.48.0-2+deb9u1.
    - Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
    - Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
    - Upgrade sensible-utils to 0.0.9+deb9u1.
    - Upgrade tor to 0.3.1.9-1~d90.stretch+1.

  * Minor improvements
    - Display TopIcons systray on the left of the system menu. This
      fixes #14796 (on Buster, it is displayed in the middle of the
      screen, on the left of the clock) and an annoying UX problem we
      have on Stretch: OpenPGP applet is in the middle of icons that
      share the exact same (modern, GNOME Shell-like) behaviour, which
      is disturbing when opening one of the modern menus and moving
      the mouse left/right to the others, because in the middle one
      icon won't react as expected, and the nice blue bottom border
      continuity is broken.
    - Use the "intel" X.Org driver for integrated graphics in Intel
      i5-7300HQ (Closes: #14990).
    - Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
      Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
      for good reasons, let's not revert to the upstream default.
    - Pin the AppArmor feature set to the Stretch's kernel one. Linux
      4.14 brings new AppArmor mediation features and the policy
      shipped in Stretch may not be ready for it. So let's disable
      these new features to avoid breaking stuff: it's too hard to
      check if all the policy for apps we ship (and that users install
      themselves) has the right rules to cope with these new mediation
      features.

  * Bugfixes
    - Don't delete downloaded debs after install (Closes: #10958).
    - Install xul-ext-ublock-origin from sid to make the dashboard
      work again(Closes: #14993). Thanks to cacahuatl
      <cacahuatl@autistici.org> for the patch!
    - Additional software feature: use debconf priority critical to
      prevent failure when installing packages otherwise requiring
      manual configuration (Closes: #6038)
    - Don't include anything under /lib/live/mount/medium/ in the
      readahead list (Closes: #14964). This fixes the boot time
      regression introduced in Tails 3.3.

  * Build system
    - Display a more helpful error message when the 'origin' remote
      does not point to the official Tails Git repository. This task
      calls git_base_branch_head() which relies on the fact 'origin'
      points to our official repo.
    - Vagrant: never build the wiki early. This has caused several
      issues throughout the years, the lastest instance being the
      reopening of #14933. (Closes: #14933)
    - Install libelf-dev during the time we need it for building DKMS modules.
    - Make the DKMS build hook verbose, and display DKMS modules build
      logs on failure. This hook is a recurring cause of headaches,
      let's simplify debugging.
    - Remove obsolete duplicate build of the virtualbox-guest DKMS
      module.

  * Test suite
    - Log the list of systemd jobs when systemctl is-system-running
      fails (Closes: #14772). Listing the units is not enough: in most
      cases I've seen, is-system-running returns "starting" which
      means the job queue is not empty, and to debug that we need the
      list of jobs.
    - Only support SikuliX; drop support for Sikuli.
    - Disable SPICE clipboard sharing in the guest. It could only mess
      things up, and in fact has confused me by suddenly setting my
      *host's* clipboard to "ATTACK AT DAWN"... :)
    - Decode Base64.decode64 return value appropriately; it returns
      strings encoded in ASCII-8bit.
    - Don't flood the debug logger with the journal contents.
    - Handle case where $vm is undefined during an extremely early
      scenario failure.
    - Allow more time for 'systemctl is-system-running' to
      succeed. (Refs: #14772)
    - Make Sikuli attempt to find replacements on FindFailed by
      employing fuzz, or "lowering the similarity factor". The
      replacements (if found) are saved among the artifacts, and
      serves as potential drop-in-replacements for outdated
      images. The main use case for this is when the font
      configuration in Tails changes, which normally invalidates a
      large part of our images given that our default high similarity
      factor. We also add the `--fuzzy-image-matching` where the
      replacements are used in case of FindFailed, so the tests can
      proceed beyond the first FindFailed. The idea is that a full
      test suite run will produce replacements for potentially *all*
      outdated images.
    - Fix our findAny() vs findfailed_hook. For findAny() it might be
      expected that some images won't be found, so we shouldn't use
      our findfailed_hook, which is about dealing with the situation
      where images need to be updated.
    - Make sure Pidgin's D-Bus policy changes are applied (Closes:
      #15007). Without the HUP there's a race that we sometimes lose.
    - Nump the Unsafe Browser's start page image (Closes: #15006).
    - Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
      since the latter is not detected on Sid (Closes: #14819).

 -- Tails developers <tails@boum.org>  Mon, 08 Jan 2018 16:57:07 +0100

tails (3.3) unstable; urgency=medium

  * Major changes
    - Upgrade the base system to the Debian Stretch 9.2 point-release
      which gives us tons of bugfixes (Closes: #14714).
    - Install Linux 4.13.0-1 (Closes: #14789).

  * Security fixes
    - Upgrade Thunderbird to 52.4.0 (Closes: #14963).
    - Upgrade Tor Browser to 7.0.10 (Closes: #14940).
    - Upgrade gdk-pixbuf to 2.36.5-2+deb9u1.0tails1 (Closes: #14729).

  * Minor improvements
    - Upgrade to Tor 0.3.1.8-2~d90.stretch+1, a new stable Tor series.
    - tails-documentation: rewrite in Python + use WebKit for display
      instead of the Tor Browser. Since Tor Browser 7.0.8 rendering of
      local pages (like our docs) fail (#14962) so this is probably a
      temporary workaround of that.
    - Replace the Unsafe Browser's warning pages with static,
      pure-HTML versions. This is truly a *temporary* workaround for
      #14962.
    - Update deb.tails.boum.org APT repo key (Closes: #14927)
    - Refresh Tor Browser AppArmor profile patch to apply on top of
      torbrowser-launcher 0.2.8-4's (Closes: #14923).
    - Drop obsolete manual enabling of AppArmor on the kernel
      command-line: it's now enabled by default, so the (Tails -
      Debian) delta gets smaller. :)

  * Bugfixes
    - Install Tails Installer 5.0.2. Fixes:
      * Most notably, fix an issue preventing Tails Installer from
        installing to drives containing a non-Tails partition that
        (obviously) has affected a lot of users. (Closes: #14755).
      * Fix an issue that made the resulting installations unbootable
        if Tails Installer was using a too recent udisks2, e.g. the
        one currently in Debian Sid (Closes: #14809).
      * Code clean-ups (Closes: #14721, #14722, #14723).
    - Fix UEFI boot for USB sticks installed with Universal USB
      Installer (Closes: #8992).
    - Force Tor Browser and Thunderbird to enable accessibility
      support even if no a11y feature is enabled in GNOME yet (Closes:
      #14752, #9260).
    - Mark our custom Desktop launchers as trusted (Closes: #14793,
      Refs: 14584).
    - Add a systemd --user target for bits of GNOME
      EarlyInitialization managed by systemd, and make the keyboard
      layout configuration as part of it. This fixes an issue where
      the layout chosen in the Greeter sometimes wasn't applied in the
      GNOME session (Closes: #12543).

  * Build system
    - auto/{build,clean,config}: run with `set -eu`.
    - Add script to sanity check the website. Currently it ensures all
      blog posts and security advisories have valid Ikiwiki 'meta
      date' directives, since we depend on it for reproducibility.
      Also make passing this sanity check a pre-condition for building
      the website (Closes: #12726, #14767).
    - Abort the ISO build when DKMS modules were not built.
    - Take into account where DKMS modules get installed nowadays.
    - auto/build: normalize file timestamps in wiki/src before
      building. The copy of the website included in the ISO image has
      "Posted" timestamps that apparently match when we cloned the Git
      repository, which affects reproducibility. (Closes: #14933).
    - Fix reproducibility of builds of topic branches that lag behind
      their base branch with the mergebasebranch build option enabled.
      Two otherwise identical merge commits done at different times
      get different IDs, and we happen to embed in the ISO the ID of
      the commit we're building from. (Closes: #14946)

  * Test suite
    - Bump timeout for "I can save the current page as", otherwise the
      "The Tor Browser directory is usable" scenario fails randomly
      when the system is under load.
    - New scenario: installing Tails to an eligible drive with an
      existing filesystem. This is a regression test for #14755.
    - New scenario: re-installing over an existing Tails installation.

 -- Tails developers <tails@boum.org>  Tue, 14 Nov 2017 04:53:27 +0100

tails (3.2) unstable; urgency=medium

  * Major changes
    - Upgrade Linux packages to the Debian kernel 4.12.0-2, based on
      mainline Linux 4.12.12 (Closes: #11831, #12732, #14673).

  * Security fixes
    - Upgrade Tor Browser to 7.0.6-build3 (Closes: #14696).
    - Upgrade to Thunderbird 52.3.0 (Closes: #12639).
    - Deny access to Pidgin's D-Bus service (Closes: #14612). That D-Bus
      interface is dangerous because it allows _any_ application running
      as `amnesia' that has access to the session bus to extract
      basically any information from Pidgin and to reconfigure it:
      https://developer.pidgin.im/wiki/DbusHowto
    - Block loading of Bluetooth kernel modules (Closes: #14655) and
      block Bluetooth devices with rfkill (Closes: #14655).
    - Add localhost.localdomain to the hosts file to prevent loopback
      leaks to Tor circuits (Closes: #13574). Thanks to tailshark for
      the patch!

  * Minor improvements
    - Upgrade to Tails Installer 5.0.1 (Closes: #8859, #8860, #12707). This
      version gets rid of the splash screen, detects when Tails is already
      installed on the target device (and then proposes to upgrade),
      and generally improves the UX. It also increases the Tails partition
      size and refuses to install to devices smaller than 8 GB.
    - Deprecate Thunderbird's preferences/0000tails.js (Closes: #12680).
    - Install the BookletImposer PDF imposition toolkit (Closes: #12686).
    - Tor Browser:
      * Fallback to ~/Tor Browser for uploads (Closes: #8917).
      * Silence some common operations that always are denied and
        otherwise would spam the journal (Closes: #14606)
    - Shell library: remove now unused functions (Closes: #12685).
    - Add pppoe to the installed packages (Closes #13463). Thanks to geb
      for the patch!
    - Replace syslinux:i386 with syslinux:amd64 in the ISO9660
      filesystem (Closes: #13513).
    - htpdate: fix date header regexp (Closes: #10495). It seems that
      some servers (sometimes) do not send their headers with first
      letter uppercased, hence a lot of failures to find the date in it.
    - Install aufs-dkms from Debian unstable (Closes: #12732).
    - Install vim-tiny instead of vim-nox (Closes: #12687). On Stretch,
      vim-nox started pulling ruby and rake in the ISO. I think vim-tiny
      would be good enough, and would save a few MiB in the ISO. Those
      who use vim more intensively and want another flavour of vim are
      likely to need persistence anyway, and can thus install a more
      featureful vim with the additional software packages feature.
    - Remove gksu and its and gconf's dependencies (Closes: #12738). We
      use pkexec instead of gksudo. gksu is unmaintained, buggy
      (e.g. #12000), and it is the only reason we ship GConf, which we
      want to remove. The other removals are:
      * libgnomevfs2-extra, which was previously used for SSH/FTP support in
        Nautilus, but isn't needed for that any more.
      * libgnome2-bin which provides gnome-open, which isn't required by
        any application in Tails (as far as we know).
      * Configurations and scripts that become obsolete because of these
        removals.
    - Refresh torbrowser-AppArmor-profile.patch to apply cleanly on top
      of torbrowser-launcher 0.2.8-1 (Closes: #14602).
    - Switch from Florence to GNOME's on-screen keyboard (Closes: #8281)
      and incidentally improve accessibility in GTK+ 2.0 and Qt
      applications. This drops Florence and the corresponding GNOME
      Shell extension.
    - Make ./HACKING.mdwn a symlink again (Closes: #13600).
    - Implement refresh-translations --force .
    - Rework how we handle the individual POT files of our applications.
      Comparing the new temporary POT files we generate with the
      temporary POT files we generated last time (if ever, and if we
      did, for which branch?) is not relevant; these POT files are only
      used for merging into a new tails.pot and *that* one is relevant
      to diff against the old tails.pot.
    - Update the Tails signing key. (Closes: #11747)
    - Reproducibility:
      * Ensure reproducible permissions for /etc/hostname (Closes:
        #13623).
      * Patch desktop-file-utils to make its mimeinfo.cache reproducible
        (Closes: #13439).
      * Patch glib2.0 to make its giomodule.cache reproducible (Closes:
        #13441).
      * Patch gdk-pixbuf to make its loaders.cache reproducible (Closes:
        #13442).
      * Patch gtk2.0 and gtk3.0 to make their immodules.cache
        reproducible (Closes: #13440).
      * Remove GCconf: it is a source of non-determinism in the
        filesystem (element order in /var/lib/gconf/defaults/%gconf-tree-*.xml)
        which made Tails unreproducible.
      * Ignore comment updates in POT files, which was a source of
        non-determinism and therefore prevented Tails from being
        reproducible (Closes: #12641).
    - Kernel hardening:
      * Increase mmap randomization to the maximum supported value
        (Closes: #11840). This improves ASLR effectiveness, and makes
        address-space fragmentation a bit worse.
      * Stop explicitly enabling kaslr: it's enabled by default in
        Debian, and this kernel parameter is not supported anymore.
      * Disable kexec, to make our attack surface a bit smaller.

  * Bugfixes
    - Start Nautilus silently in the background when run as root
      (Closes: #12034). Otherwise, after closing Nautilus one gets the
      prompt back only after 5-15 seconds, which confuses users and makes
      our doc more complicated than it should.
    - Ensure pinentry-gtk2 run by Seahorse has the correct $DISPLAY set
      (Closes: #12733).

  * Build system
    - build-manifest-extra-packages.yml: remove squashfs-tools version
      we don't use anymore (Closes: #12684). Apparently our
      apt-get/debootstrap wrapper tricks are enough to detect the
      version of squashfs-tools we actually install and use.
    - Merge base branch earlier, i.e. in auto/config instead of
      auto/build (Closes: #14459). Previously, a given build from a topic
      branch would mix inconsistent versions of things.
    - Fail builds started before SOURCE_DATE_EPOCH (Closes:
      #12352). Such builds would not be reproducible, and this is an
      assumption (a reasonable one!) that we do all over the place, so
      let's fail early. While we're at it, let's fail if
      SOURCE_DATE_EPOCH is not set as well. Actually we would fail any
      way if that was the case when reaching our
      99-zzzzzz_reproducible-builds-post-processing build hook, but
      let's fail early.

  * Test suite
    - Test the GNOME Root Terminal.
    - Take into account that Tails Installer 5.0.1 refuses to install
      Tails to devices smaller than 8 GiB. It'll still allow *upgrading*
      such sticks though.
    - Use 7200 MiB virtual USB drives when we really mean 8 GiB. In the
      real world, USB sticks labeled "8 GB" can be much smaller, so
      Tails Installer will accept anything that's at least 7200 MiB.
      This commit makes us exercise something closer to what happens in
      the real world, and incidentally it'll save storage space on our
      isotesters and improve test suite performance a bit. :)
    - Have unclutter poll every 0.1s instead of continuously. On current
      sid, virt-viewer eats a full CPU and doesn't do its job when
      "unclutter -idle 0" is running.
    - Adapt tests for Tails Installer 5.0.1.
    - Workaround Pidgin's DBus interface being blocked since we actually
      depend on it for some tests.
    - Test that Pidgin's DBus interface is blocked.
    - Save more data on test suite failures (Refs: #13541):
      * When Tor fails to bootstrap, save Tor logs and chutney nodes
        data.
      * When Htpdate fails to synchronize the clock, save its logs.
      * Always save the systemd journal on failure.
    - When testing emergency shutdown, wait longer for Tails to tell
      us it has finished wiping the memory. The goal here is to help
      us understand whether (Refs: #13462) is a bug in the emergency
      shutdown feature or in our test suite.
    - Restart nautilus-desktop if Desktop icons are not visible
      (Closes: #13461).
    - Test suite: fix assert_raise() when using ruby-test-unit >=
      3.2.5 (Closes: #14654). ruby-test-unit 3.2.5 added native Java
      exception support for JRuby. The fact we defined the :Java
      constant was enough to trigger that JRuby-specific code, which
      failed.
    - Test suite: take into account that click-to-play is not required
      anymore for WebM videos in Tor Browser (Closes: #14586).

 -- Tails developers <tails@boum.org>  Mon, 25 Sep 2017 22:23:01 +0200

tails (3.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 7.0.4-build1 (Closes: #13577).
    - Upgrade Linux to 4.9.30-2+deb9u3.
    - Upgrade libtiff to 4.0.8-2+deb9u1.
    - Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u2.
    - Upgrate evince to 3.22.1-3+deb9u1.
    - Upgrade imagemagick 8:6.9.7.4+dfsg-11+deb9u1.
    - Ensure Thunderbird cleans its temporary directory. (Closes: #13340).

  * Minor improvements
    - Patch gconf to produce reproducible XML output (refs: #12738). This is
      the temporary solution for #12738 in Tails 3.1 which will be reverted
      (and fixed permanently by removing gconf) in Tails 3.2.
    - Apply Debian bts patch to cracklib to produce reproducible dictionnaries
      (Closes: #12909).
    - Upgrade to Debian 9.1 (Closes: #13178).

  * Bugfixes
    - Replace faulty URL in htpdate neutral pool (Closes: #13472).
    - Keep installing a version of Enigmail compatible with Thunderbird 45.x
      (Closes: #13530).
    - Fix the time syncing and Tor notifications translations (Closes: #13437).

  * Build system
    - Upgrade the Vagrant basebox for building ISO images to Stretch
      (Closes: #11738).
    - Fix on-disk build by bumping Vagrant build VM memory to 768M
      (Closes: #13480).
    - Fix rescue build option by exporting TAILS_BUILD_FAILURE_RESCUE
      (Closes: #13476).

  * Test suite
    - mark gnome screenshot scenario as fragile (refs: #13458)
    - mark UEFI scenario as fragile (refs: #13459).

 -- Tails developers <tails@boum.org>  Sat, 05 Aug 2017 15:25:51 +0200

tails (3.0.1) unstable; urgency=medium

  * Security fixes
    - Upgrade tor to 0.3.0.9-1~d90.stretch+1 (Closes: #13253).
    - Upgrade Linux to 4.9.30-2+deb9u2.
    - Upgrade libc to 2.24-11+deb9u1.
    - Upgrade libexpat1 to 2.2.0-2+deb9u1.
    - Upgrade libgcrypt20 to 1.7.6-2+deb9u1.
    - Upgrade libgnutls30 to 3.5.8-5+deb9u1.
    - Enable Debian security APT sources (Closes: #12309).

  * Minor improvements
    - Use a higher resolution image in Tails persistence setup
      (Closes: #12510).

  * Bugfixes
    - Forcibly set $SSH_AUTH_SOCK before starting GNOME
      Shell. Apparently, due to a race condition, GNOME keyring
      sometimes fails to tell the session manager about the correct
      SSH_AUTH_SOCK, and thus GNOME Terminal hasn't this variable set
      and any ssh process started in there won't use the (perfectly
      working) SSH agent (Closes: #12481).
    - Fix issue that made Tails Installer rejects working USB drives,
      pretending they're not "removable" (Closes: #12696).
    - Make behavior of the power button and lid close actions in the Greeter
      consistent with the regular GNOME session (Closes: #13000).

  * Build system
    - Track the latest debian-security archive for the corresponding
      APT sources, and not for the unrelated jessie-updates (Closes:
      #12829).
    - Print APT sources used in the build VM, to help debugging issues
      such as #12829.

 -- Tails developers <tails@boum.org>  Tue, 04 Jul 2017 15:59:18 +0200

tails (3.0) unstable; urgency=medium

  * Major changes
    - Upgrade Tor Browser to 7.0.1 (Closes: #12635, #12657).
    - Upgrade to a new snapshot of the Debian and Torproject
      APT repositories: respectively 2017060904 and 2017060903
      (Closes: #12609).

  * Minor improvements
    - Tor Browser: enable Electrolysis (e10s), i.e. render content in a separate
      child process, which will allow to improve performance and security
      further along the road. This required us to drop our branding add-on
      and re-implement its functionality in our Tor Browser wrapper
      (Closes: #12569).
    - Clean obsolete cached packages when using the Additional Software Packages
      feature (Closes: #12400).
    - Improve KeePassX database migration handling (Closes: #12375).
    - Upgrade OnionShare to 0.9.2, from Debian sid as it has been removed
      from Stretch (Closes: #12610).
    - Upgrade Tor to 0.3.0.8 (Closes: #12656).
    - Drop obsolete bilibop patch, that was applied in 0.5.2.1.
    - Include disk space usage information in the WhisperBack bug reports.
    - Reorder technical details in WhisperBack bug reports in way that makes
      more sense when reading them.
    - Convert lc.py to Python 3.
    - Simplify some Python code thanks to subprocess.check_ouput.
    - Set the initial keyboard focus on the "Start Tails" button
      in Tails Greeter (Closes: #12509).
    - Convert Tails Greeter's Debian packaging to current best practices.

  * Bugfixes
    - Fix persistent Thunderbird configuration migration when there is
      a mimeTypes.rdf, that doesn't contain any associations to "icedove"
      or "/usr/bin/iceweasel" (Closes: #12580).
    - Fix persistent browser bookmarks, by generating them from an sqlite dump
      (Closes: #12568).
    - Use the "intel" X.Org driver for Intel Atom/Celeron/Pentium Processor
      x5-E8000/J3xxx/N3xxx Integrated Graphics Controller.
    - `exec' from our Thunderbird wrapper so it doesn't remain running.
    - Tails Installer: don't allow installing on non-removable drives
      (Closes: #10731).
    - Fetch the torbrowser-launcher sources from Debian sid:
      it's been removed from Debian testing.
      Refresh torbrowser-AppArmor-profile.patch accordingly.
    - Unsafe Browser: remove the search bar, that's currently buggy
      and its presence only encourages unsupported usage (Closes: #12573).
    - Unsafe Browser: disable searching in the address bar. It can result
      in leaking hostnames and credentials to the default search
      engine operator (Closes: #12540).
    - Make our omni.ja modifications reproducible (Closes: #12620).
    - Generate the fontconfig cache in a reproducible manner (Closes: #12567).
    - Don't include torrents/rss.html in the ISO. It's not generated
      in a deterministic manner and is worthless in the ISO (Closes: #12619).
    - Improve the language → default keyboard layout mapping
      in Tails Greeter (Closes: #12547).
    - Don't close Tails Greeter's main window when Alt-F4 is pressed
      (Closes: #12462).

  * Test suite
    - Run emergency_shutdown.feature after usb_*.feature, to reduce disk
      space requirements (Closes: #12565).
    - Deal with server messages in Pidgin.
    - Improve Pidgin connectivity check robustness.
    - Flag the Synaptic test as fragile (i.e. #12586).
    - Optimization: only test once that Tails, booted on DVD, eventually
      shuts down after wiping memory.
    - Move tests about the shutdown applet to a dedicated feature,
      as they have nothing to do with Tails' "emergency" shutdown feature.
    - Adapt the network connectivity check to Stretch, and improve it to check
      both link and IP connectivity (Closes: #12602).
    - Apply a fix from upstream Git to mutter, to fix some of its interactions
      with dogtail (Closes: #11718).
    - Mark "Scenario: Watching a WebM video" as fragile (i.e. #10442).

  * Build system
    - Set create_box -e, to make the vagrant box generation a bit more robust.
      (Closes: #12578).
    - Install kernel from backports and Tails build deps before performing
      APT upgrade, to avoid useless bandwidth usage (Closes: #12529).
    - Update submodules after merging the base branch (Closes: #12556).
    - Rakefile: fix date comparison in basebox:clean_old (Closes: #12575).
    - Rakefile: have basebox:clean_old delete baseboxes more than 4 months old
      (refs: #12576).
    - Also check for fuzzy patches' .orig files at the end of our build hooks,
      so we detect any fuzzy patches applied by hooks (Closes: #12617).
    - Remove .orig files for patches we allow to be fuzzy.
    - Don't pre-build the wiki when mergebasebranch is enabled.
      When pre-building the wiki, we modify the PO files which results in a
      conflict from the base branch merge in case it modifies the same
      files, which breaks the build (Closes: #12611).
    - Rakefile: add a task that removes all tails-builder-* libvirt volumes
      (Closes: #12599).

 -- Tails developers <tails@boum.org>  Sat, 10 Jun 2017 14:39:10 +0000

tails (3.0~rc1) unstable; urgency=medium

  * Major changes
    - Install Thunderbird 1:45.8.0-3+tails2 and handle the Icedove → Thunderbird
      migration, including wrt. persistent data (Closes: #11712, #12242).
      This package also has the patch from
      https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 applied,
      to ease future integration of the Thunderbird AppArmor profile.
      Also, drop the Claws → Icedove migration path.
    - Upgrade to a new snapshot of the Debian and Torproject
      APT repositories: 2017051803 (Closes: #12554).
    - Upgrade Linux packages to the Debian kernel 4.9.0-3, based on
      mainline Linux 4.9.25.
    - Replace the kexec-based memory erasure feature with the Linux kernel's
      memory poisoning (Closes: #12354, #12428). The kexec-based implementation
      was not reliable enough and provided a poor UX. Instead, we now return
      to the initramfs on shutdown and unmount all filesystems there, so their
      content and corresponding caches are erased.
    - Upgrade Tor Browser to 7.0a4 based on Firefox 52.1.1esr (Closes:
      #12115, #12464):
      * Unfortunately e10s (multi-process Firefox) is disabled (#12569).
      * Unfortunately persistent bookmarks created for the first time
        in Tails 3.0~rc1 is broken (#12568).
      * Adds exceptions for the extensions Tails installs on top of
        the vanilla Tor Browser (Closes: #11419).
    - Upgrade tor to 0.3.0.7-1 (Closes: #12485) and log both to the
      usual file and the journal (Closes: #12412).
    - Merge the code that makes Tails almost build reproducibly (Refs:
      #5630); we still have issues with the fontconfig cache (Refs:
      #12567).

  * Minor improvements
    - Add a HACKING document for new code contributors (Closes:
      #12164).
    - Rename tor-controlport-filter to onion-grater (Closes: #12394)
      and import patches killing the delta against Whonix version
      (Closes: #12173).
    - Improve onion-grater; thanks to Joy SN <joysn1980@yahoo.com>
      for the original patches (Closes: #12173):
      · add --listen-interface
      · make stdout/stderr unbuffered to ensure Python exceptions are logged
      · use yaml.safe_load()
    - Improve KeePassX database migration handling (refs: #12375).
    - Electrum: set coin selection strategy to 'Privacy' (Closes: #12177).
    - Allow Onion Circuits to access /proc/pid/status.
    - Make gdm-shell-tails.desktop more similar to the one shipped
      in gnome-shell 3.22.3-3 (refs: #12364).
    - Greeter: have the help window point to updated documentation,
      use WebKit2 instead of the deprecated WebKit, and hide the sidebar
      and banner.
    - Use exec to start KeePassX, i.e. avoid leaving the wrapper running.

  * Bugfixes
    - Install xserver-xorg-legacy, to fix support for various graphics
      adapters that still don't work with rootless X.Org (Closes: #12542).
    - Use the "intel" X.Org driver for Intel Q35 and Intel Atom
      D4xx/D5xx/N4xx/N5xx graphics controllers (refs: #12219).
    - Give UEFI bootloaders upper-case filenames (Closes: #12511).
      Some UEFI firmware, such as the one in the ThinkPad X220, only recognize
      them if they have an upper-case name.
    - KeePassX: enable "Automatically save after each change" again,
      like we did in Tails 2.x (fixes a regression introduced
      in 3.0~beta3).
    - Install packages needed by the "Test speakers" functionality
      (Closes: #12549).
    - Fix automatic upgrades when one is already applied (Closed:
      #12501).
    - When generating the network device blacklist, also blacklist
      network drivers from the staging directory (Closes: #12362).
    - htpdate pool: replace www.sarava.org with leap.se. The former
      has been down for a while and it's not clear when it's going to
      be stable again. The latter should be reliable.

  * Test suite
    - Check that dirmngr used the configured keyserver (Closes: #12371).
    - Sanity check that Chutney starts all nodes in the network.
    - Disable the Sandbox option for all nodes, until Tor#21943
      is fixed (Closes: #12512).
    - Wait for the desktop icons to be displayed in the "Tails desktop is ready"
      step. Let's not try interacting with the desktop earlier.
    - Add tests for memory erasure on "normal" shutdown (refs: #12428).
    - Add tests for memory erasure on "emergency" shutdown, and run some
      with network enabled (refs: #12354).
    - Have eject_cdrom run eject(1) like it used to do in the past.
      Otherwise the machine is immediately halted and we cannot test
      whether memory has been erased.
    - Pass mount_USB_drive structured data instead of free-form text.
    - Test that MAC spoofing and "Disable network" works for
      hotplugged networking devices (Refs: #12362).

  * Build system
    - Generate the Vagrant base box locally as part of the build process,
      instead of downloading it: one less binary blob as input in the build
      process (refs: #12409).
    - Use Vagrant for builds on Jenkins too (Closes: #11972).
    - Tell build script to be more verbose.
    - Respect the 'ARTIFACTS' environment variable if set.
    - Add a second disk to handle the apt-cacher-ng cache, and store
      the corresponding logs in there (Closes: #11979).
    - Use APT snapshots in Vagrant build VMs, create/use a basebox that matches
      the branch/tag/commit being tested, and provision a new VM for each build
      (Closes: #11980, #11981).
    - Ship all build dependencies in the Vagrant basebox, to save some
      time when building ISOs.
    - Make basebox generation compatible with both GnuPG 1.x and 2.x.
    - Set LC_ALL=C, mostly to suppress some warnings.
    - Support forcing VM cleanup before/after build.
    - Add tasks for cleaning up old or all base boxes (refs: #12409).
    - Add build option useful for debugging build failures.
    - Remove obsolete build options.
    - Make auto/scripts/utils.sh more reusable, use it in Rakefile,
      auto/build and setup-tails-builder.
    - Add an option controlling whether to merge the base branch.
    - Add "rake test" target and import logics from puppet-tails'
      wrap_test_suite script.
    - Build Tails as a release simply when HEAD is tagged, i.e. we do not
      require building from a detached head any more.
    - Sanity check compression choice when building a release.
    - Use the host's resolv.conf when building the Vagrant base box.
      Since systemd-networkd is used to manage resolv.conf inside the base box,
      and it hasn't been initialized yet (we are not booting it, just chrooting
      into it) DNS is broken otherwise.
    - Release process: "release" a new base box when freezing.
    - Chown/scp artifacts with a single command to limit overhead and warnings
      noise caused by repeated SSH calls.
    - Add a build options to use a custom CPU model, and custom
      machine type, for reproducibility testing (refs: #12345).
    - Add support for installing Tor Browser nightly builds.

 -- Tails developers <tails@boum.org>  Sat, 20 May 2017 16:48:45 +0200

tails (3.0~beta4) unstable; urgency=medium

  * Major changes
    - All changes brought by Tails 2.12.
    - Upgrade to a new snapshot of the Debian and Torproject
      APT repositories (2017041704).

  * Security improvements
    - Enable the buddy page allocator free poisoning (Closes: #12089).
    - Enable slub/slab allocator free poisoning (Closes: #12090).
    - Create IUKs (automatic upgrades) in a reproducible manner
      (Closes: #11974).

  * Minor improvements
    - Firewall: forbid the _apt user to talk to DNS ports. APT works very well
      without DNS access since we only have Onion APT sources, so let's silence
      the logs.
    - Replace Pidgin's "systray" icon with the guifications plugin
      (Closes: #11741). We're trying to remove as much as we can from
      the set of icons managed by TopIcons extension flavours, in the hope
      it's enough to cancel the problems we've seen with them (#10576, #11737).
    - Disable apt-daily.timer, that can only cause problems in our context
      (Closes: #12390).
    - Do not let pppd-dns manage /etc/resolv.conf (Closes: #12401).
    - Ensure rootless X.Org can access /dev/fb0 when started by GDM.
    - Include the amdgpu module in the initramfs (refs: #12218).
    - Tails Greeter: don't mention 'firewall' anymore (#12382).
    - Tails Greeter: avoid the popover menu for Formats being cut,
      in most cases (Closes: #12249).
    - Tails Greeter: disable the screensaver (Closes: #12370).
    - Tails Greeter: fix behavior when pressing Enter in the language selection
      menu (Closes: #12359).

  * Bugfixes
    - Install speech-dispatcher-espeak-ng to fix the Orca screen reader
      (Closes: #12389).
    - Install xserver-xorg-video-intel and use it on a few graphics adapters
      that are not supported correctly by the modesetting driver (refs: #12219).
      More PCI IDs will be added as new affected hardware is reported.

  * Test suite
    - Run on a Q35 2.8 machine (Closes: #11605).
    - Deprecate xtightvncviewer in favor of tigervnc-viewer.
    - Test the Unsafe Browser in 3 random supported languages, not all.
      This should be enough to identify most future regressions in this area,
      and will be much faster than testing them all.
    - Pidgin tests: switch to an image that doesn't depend on the
      topic of tails@conference.riseup.net.
    - Fix a problematic use of try_for.
    - Fix VM.select_virtual_desktop() and VM.do_focus().
    - Random Gherkin improvements.
    - Fix a focus issue for GNOME Terminal vs. Tails Installer.
    - Adjust to kernel memory poisoning being enabled, which breaks the way
      we used to test memory erasure (refs: #12354):
      · Drop "no memory erasure" and "memory erasure" tests, that can't work
        anymore.
      · Test erasure of memory freed by a killed userspace process.
      · Test that memory poisoning applies to unmounted tmpfs.
      · Test that memory poisoning applies to read and write cache
        for unmounted vfat and LUKS-encrypted ext4.
      · Run erase_memory a bit later, it requires less disk space nowadays.

 -- Tails developers <tails@boum.org>  Tue, 18 Apr 2017 13:01:25 +0000

tails (2.12) unstable; urgency=medium

  * Major changes
    - Completely remove I2P. :( We have decided to remove I2P (see
      #11276) due to our failure of finding someone interested in
      maintaining it in Tails (Closes: #12263).
    - Upgrade the Linux kernel to 4.9.13-1~bpo8+1 (Closes: #12122).

  * Security fixes
    - Upgrade Tor Browser to 6.5.2 based on Firefox 45.9. (Closes:
      #12444)
    - Mount a dedicated filesystem on /var/tmp, to mitigate the
      hardlinks permissions open by the user-tmp abstraction. See
      https://labs.riseup.net/code/issues/9949#note-23 for details
      (Closes: #12125).
    - Protect against CVE-2017-2636 by disabling the n-hdlc kernel
      module (Closes: #12315).
    - Ensure /etc/resolv.conf is owned by root:root in the SquashFS.
      lb_chroot_resolv will "cp -a" it from the source tree, so it
      inherits its ownership from the whoever cloned the Git
      repository. This has two problems. First, this results in unsafe
      permissions on this file (e.g. a Vagrant build results in the
      'amnesia' user having write access to it).
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u3
    - Upgrade gstreamer and its plugins to 1.4.4-2+deb8u1.
    - Upgrade eject to 2.1.5+deb1+cvs20081104-13.1+deb8u1.
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u8.
    - Upgrade pidgin to 2.11.0-0+deb8u2.
    - Upgrade samba to 2:4.2.14+dfsg-0+deb8u5.


  * Minor improvements
    - Don't add the live user to the "audio" group. This should not be
      needed on a modern Linux desktop system anymore (Closes:
      #12209).
    - Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT
      repository (Closes: #12307).
    - Install virtualbox-guest-* from sid. The version currently in
      jessie-backports is not compatible with Linux 4.9, and there's
      basically no chance that it gets updated (the maintainer asked
      for them to be *removed* from jessie-backports) (Closes:
      #12298).
    - Pull ttdnsd from our custom APT repository. It's gone from the
      TorProject one. We removed ttdnsd on feature/stretch already, so
      we'll need to pull it from our custom APT repository only for
      the next 3 months.
    - Clean up libdvd-pkg build files, again.  This cleanup operation
      was mistakenly removed in commit c4e8744 (Closes: #11273).
    - Install gnome-sound-recorder (Closes #10950). Thanks to Austin
      English <austinenglish@gmail.com> for the patch!
    - Stop restarting tor if bootstrapping stalls. It seems tor might
      have fixed the issues we used (see: #10238, #9516) to experience
      with the bootstrap process stalling and requiring a restart to
      kickstart it (Closes: #12411).
    - tor.sh: communicate via the UNIX socket instead of TCP port.
      This makes the library usable when run inside systemd units that
      have `PrivateNetwork=yes` set.
    - Get tor's bootstrap progress via GETINFO instead of log
      grep:ing.
    - Upgrade tor to 0.2.9.10-1~d80.jessie+1

  * Bugfixes
    - mirror-pool-dispatcher: bump maximum expected mirrors.json size
      to 32 KiB. This fixes an error where Tails Upgrader would
      complain with "cannot choose a download server" (Closes:
      #11735).

  * Build system
    - Retry curl and APT operations up to 20 times to make the ISO
      build more robust wrt. unreliable Internet connectivity. Thanks
      to Arnaud <arnaud@preev.io> for the patch!
    - Install ikiwiki from jessie-backports, instead of our patched
      one. Our changes were merged in 3.20161219, and jessie-backports
      now has 3.20170111~bpo8+1 (Closes: #12051).
    - Fix FTBFS when installing a .deb via config/chroot_local-packages
      by being more flexible when matching local packages in the apt
      list file (Closes: #12374). Thanks to Arnaud <arnaud@preev.io>
      for the patch!
    - auto/build: support Stretch's GnuPG v2 keyring filename.

  * Test suite
    - Try possible fix for #11508. IPv6Packet:s' source is accessed by
      `.ipv6_saddr`, not `ip_saddr` (that's for IPv4Packet). So, let's
      just try and see which one of the two each packet has, because
      one of them must be there! Also, given that UDPPacket can be
      either IPv4 or IPv6 it seems safest to try to parse each packet
      as IPv6Packet first -- that way we keep looking at transport
      layer protocols for IPv4 only, and treat everything IPv6 as the
      same, which makes sense, since we should block all IPv6, so
      everything should be treated the same at all times.
    - Changes due to #12411:
      * Raise special exception for Tor bootstrap failures.
      * Remove obsolete debug logging now that we don't log anything
        interesting for `restart-tor` any more.

 -- Tails developers <tails@boum.org>  Tue, 18 Apr 2017 17:41:46 +0200

tails (3.0~beta3) unstable; urgency=medium

  * Major new features and changes
    - Make the "Formats" settings in Tails Greeter take effect (Closes: #12079,
      new feature that was broken since it was introduced in 3.0~alpha1).
    - Upgrade to a new snapshot of the Debian and Torproject
      APT repositories (2017031702).

  * Removed features
    - Stop including I2P: we decided (#11276) to remove I2P, due to our failure
      at finding someone to maintain it in Tails (Closes: #12263).

  * Security fixes
    - Upgrade MAT to 0.6.1-4: fixes silent failure of the Nautilus
      contextual menu extension.
    - Ensure /etc/resolv.conf is owned by root:root in the SquashFS
      (Closes: #12343).
    - Protect against CVE-2017-2636 by disabling the n-hdlc kernel module
      (Closes: #12315).

  * Minor improvements
    - Reintroduce the X11 guest utilities for VirtualBox (regression
      introduced in 3.0~beta2).
    - Upgrade X.Org server and the modesetting driver (hopefully helps
      fixing #12219).
    - Automate the migration from KeePassX databases generated on Tails 2.x
      to the format required by KeePassX 2.0.x (Closes: #10956, #12369).
    - Add keyboard shortcuts in Tails Greeter (Closes: #12186, #12063).
    - Install dbus-user-session (regression introduced in 3.0~beta2).
    - Manage temporary directories in a declarative way (tmpfiles.d).
    - Replace references to the /var/run compatibility symlink
      with the canonical /run.
    - Update our Torbirdy patchset to the latest one sent upstream.
    - Install mesa-utils, so that Qt 5 can detect whether software based
      rendering is needed.
    - Have Tails Greeter honor the "debug" kernel command-line option,
      for easier debugging (Closes: #12373).
    - Refactor Tails Greeter to reduce code duplication (Closes: #12247).

  * Bugfixes
    - Fix sizing of zenity dialogs (Closes: #12313, regression introduced
      in 3.0~alpha1).
    - Fix confusing, spurious error messages in command-line applications
      wrapped with torsocks:
      · Ship a /etc/mailname file with content "localhost".
        Otherwise something (Git? libc6?) tries to resolve the "amnesia" host
        name, which fails, and a confusing error message is displayed
        (Closes: #12205, regression introduced in 3.0~alpha1).
      · Have torsocks allow UDP connections to the loopback interface,
        with AllowOutboundLocalhost 2 (Closes: #11736).

  * Test suite
    - Improve debugging info logging for PacketFu parsing issues,
      and implement a plausible fix (refs: #11508).
    - Try to make "double-click on desktop launcher" more reliable.
    - Fix selection of ISO in Tails Installer.
    - Re-enable the GnuPG tests that require a keyserver, pointing them
      to an Onion service we run on Chutney, that redirects all TCP traffic
      to a real, clearnet keyserver (Closes: #12211).
    - Implement a workaround for checking the configured keyserver in GnuPG,
      until a better fix is implemented (refs: #12371).
    - Fix the "Report an Error launcher" scenario in German.

  * Build system
    - Retry curl and APT operations up to 20 times to make the ISO build
      more robust wrt. unreliable Internet connectivity.
      Thanks to Arnaud <arnaud@preev.io> for the patch!
    - Install ikiwiki from jessie-backports, instead of our patched one
      (Closes: #12051).
    - Clean up libdvd-pkg build files, again (Closes: #11273).
    - Rakefile: fix TAILS_OFFLINE_BUILD exported variable name.
    - Adjust apt-mirror to support branches based on feature/stretch
      that don't use frozen APT snapshots.

 -- Tails developers <tails@boum.org>  Sun, 19 Mar 2017 15:10:28 +0100

tails (3.0~beta2) unstable; urgency=medium

  * All changes brought by Tails 2.11, except:
    - the test suite changes, that are not all compatible with this branch;
    - the "Tails 3.0 will require a 64-bit processor" notification:
      this advance warning is not useful on a release series
      that's 64-bit only.

  * Major new features and changes
    - Upgrade to a new snapshot of the Debian APT repositories (2017030802),
      and of the Torproject ones (2017030801).
    - Upgrade Linux to 4.9.0-2 (version 4.9.13-1).

  * Minor improvements
    - Improve GNOME Shell Window List styling. (Closes: #12233)

  * Bugfixes
    - Make it possible to start graphical applications in the Root Terminal.
      (part of #12000)

  * Test suite
    - Improve robustness when dealing with notifications. (Closes: #11464)
    - Bump timeout when waiting for 'Tor is ready' notification.
    - Fix the incremental upgrade test.
    - Drop a few obsolete test cases, update a number of images.
    - Adapt firewall leak test to new DHCP source IP address.
    - Adjust Seahorse and Enigmail tests to the keyserver that is now used.

 -- Tails developers <tails@boum.org>  Wed, 08 Mar 2017 16:29:44 +0000

tails (2.11) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
      #12283)
    - Fix CVE-2017-6074 (local root privilege escalation) by disabling
      the 'dccp' module. (Closes: #12280)
    - Disable kernel modules for some uncommon network protocol. These
      are the ones recommended by CIS. (Part of: #6457)
    - Disable modules we blacklist for security reasons. Blacklisted
      (via `blacklist MODULENAME`) modules are only blocked from being
      loaded during the boot process, but are still loadable with an
      explicit `modprobe MODULENAME`, and (worse!) via kernel module
      auto-loading.
    - Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
    - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u7.
    - Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
    - Upgrade libgd3 to 2.1.0-5+deb8u9.
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
    - Upgrade liblcms2-2 to 2.6-3+deb8u1.
    - Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
    - Upgrade login to 1:4.2-3+deb8u3.
    - Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
    - Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
    - Upgrade openssl to 1.0.1t-1+deb8u6.
    - Upgrade tcpdump to 4.9.0-1~deb8u1.
    - Upgrade vim to 2:7.4.488-7+deb8u2.
    - Upgrade libreoffice to 1:4.3.3-2+deb8u6.

  * Minor improvements
    - import-translations: also import PO files for French from
      Transifex. The translation team for French switched to Transifex
      even for our custom programs:
      https://mailman.boum.org/pipermail/tails-l10n/2016-November/004312.html
    - Notify the user, if running on a 32-bit processor, that it won't
      be supported in Tails 3.0 anymore. (Closes: #12193)
    - Notify I2P users that I2P will be removed in Tails
      2.12. (Closes: #12271)

  * Bugfixes
    - Disable -proposed-updates at boot time. If a Debian point
      release happens right after a freeze but we have decided to
      enable it before the freeze to get (at least most of) it, then
      we get in the situation where -proposed-updates is enabled in
      the final release, which we don't want. We only want it enabled
      at build time. (Closes: #12169)
    - Ferm: Use the variable when referring to the Live user. The
      firewall will fail to start during early boot otherwise since
      the "amnesia" user hasn't been created yet. (Closes: #12208)
    - Tor Browser: Don't show offline warning when opening local
      documentation. (Closes: #12269)
    - tails-virt-notify-user: use the tails-documentation helper to
      improve UX when one is not connected to Tor yet, and display
      localized doc when available.
    - Fix rare issue causing automatic upgrades to not apply properly
      (Closes: #8449, and hopefully #11839 as well):
      * Allow the tails-install-iuk user to run "/usr/bin/nocache
        /bin/cp *" as root.
      * Install tails-iuk 2.8, which will use nocache for various file
        operations, and sync writes to the installation medium.
    - Install Linux 4.8.15 to prevent GNOME from freezing with Intel
      GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
      of other small bugs)

  * Build system
    - Add 'offline' option, making it possible to build Tails offline
      (if all needed resources are present in your cache). (Closes:
      #12272)

  * Test suite
    - Encapsulate exec_helper's class to not "pollute" the global
      namespace with all our helpers. This is an example of how we can
      work towards #9030.
    - Extend remote shell with *safe* file operations. Now we can
      read/write/append *any* characters without worrying that it will
      do crazy things by being passed through the shell, as was the
      case before.  This commit also:
      * adds some better reporting of errors happening on the server
        side by communicating back the exception thrown.
      * removes the `user` parameter from the VM.file_* methods. They
        were not used, any way, and simply do not feel like they
        fit. I think the only reason we had it initially was because
        it was implemented via the command interface, where a user
        concept makes a lot of sense.
    - debug_log() Dogtail script content on failure.
    - Add a very precise timestamp to each debug_log().
    - Make robust_notification_wait() ensure the applet is closed. In
      robust_notification_wait() when we close the notification
      applet, other windows may change position, creating a racy
      situation for any immediately following action aimed at one such
      window. (Closes: #10381)
    - Fix I2P's Pidgin test. The initial conversation (that determines
      the title of the conversation window) is now made by a different
      IRC service than before.
    - Use lossless compression for the VNC viewer with --view.
      Otherwise the VNC viewer is not a good place to extract test
      suite images from, at least with xtigervncviewer.
    - Add optional pause() notification feature to the test suite. It
      will run a user-configurable arbitrary shell command when
      pause() is called, e.g. on failure when --interactive-debugging
      is used. This is pretty useful when multitasking with long test
      suite runs, so you immediately are notified when a test fails
      (or when you reached a temporary pause() breakpoint).  (Closes:
      #12175)
    - Add the possibility to run Python code in a persistent session
      in the remote shell and use this for Dogtail to significantly
      improve its performance by saving state and reusing it between
      commands. This changes the semantics of the creation of Dogtail
      objects. Previously they just created the code that then would
      be run once an actionable method was called (.wait, .click etc),
      but now it works like in Python, that Dogtail will try to find
      the graphical element upon object creation. (Closes: #12059)
    - Test that we don't ship any -proposed-updates APT sources.
      (Closes: #12169)
    - Make force_new_tor_circuit() respect NEWNYM rate limiting.
    - Add retry magic for lost click when opening Tails' documentation
      from the desktop launcher. (Closes: #12131)

 -- Tails developers <tails@boum.org>  Mon, 06 Mar 2017 17:14:52 +0100

tails (3.0~beta1) experimental; urgency=medium

  * All changes brought by Tails 2.7.1, 2.9.1 and 2.10.

  * Major new features and changes
    - Redesigned Tails Greeter.
    - Upgrade to a new snapshot (2017013002) of the Debian and Torproject
      APT repositories.
    - Upgrade Linux to 4.9.0-1.

  * Security fixes
    - Reject packets sent on the LAN to the NetBIOS name service
      (Closes: #11944).
    - Seahorse: use the Tor OnionBalance hidden service pool,
      which provides transport encryption and authentication of the keyserver.

  * Minor improvements
    - Include adwaita-qt* and enable it by default, so that Qt applications
      integrate nicely into a GNOME environment (Closes: #11790).
    - Add support for the TREZOR hardware wallet in Electrum (Closes: #10964).
    - AppArmor: allow all programs to read /etc/tor/torsocks.conf via
      abstractions/base, to ease maintenance.
    - Don't (try to) bind the Power button to the shutdown action
      (Closes: #12004).
    - Enable natural scrolling (Closes: #11969).
    - Update uBlock Origin patterns + settings file.
    - live-persist: remove Squeeze → Wheezy migration code.
    - Update pre-existing persistent GnuPG configuration on login
      (Closes: #12201).
    - Upgrader: use the alpha channel when the next version will be an
      alpha, beta, or RC. This will allow users of 3.0~betaN to upgrade to
      the next beta or RC, without having to type any command-line
      (Closes: #12206).

  * Bugfixes
    - Fix "upgrade from ISO" when run from a 32-bit system,
      such as Tails 2.x (Closes: #11873).
    - Fix ability to read videos over HTTPS with Totem (Closes: #11963).
    - Re-introduce default directories in $HOME, which fixes
      Spice file transfers (Closes: #11968).
    - Re-enable tap-to-click (Closes: #11993).
    - Lower systemd's DefaultTimeoutStopSec, to get rid of a long delay
      before memory wiping starts. This also prevents shutdown from ever
      being blocked by any buggy service that takes a while to stop
      (Closes: #12061).
    - Drop Jessie APT sources.
    - Re-add VirtualBox DKMS modules.
    - Fix GnuPG communication with keyservers, by using the Tor OnionBalance
      hidden service pool (Closes: #12202).
    - Fix Enigmail communication with keyservers, by teaching Torbirdy
      not to break it (Closes: #11948):
      · Patch Torbirdy to allow not breaking keyserver communication when
        using GnuPG v2.1+, and to use a better default keyserver.
      · Torbirdy: enable the new behaviour made possible by the aforementioned
        patch (extensions.enigmail.already_torified).
      · Torbirdy: drop our custom keyserver configuration, since the
        aforementioned patch makes it the default.

  * Removed features
    - Don't install gnome-system-log anymore (Closes: #12133).
      It's deprecated in GNOME, and mostly useless anyway as it's not
      Journal-aware. It's replacement (gnome-logs) is not usable
      enough in the context of Tails, and most users who can read logs
      should manage to do it with journalctl, so don't install it either.
    - Drop multiarch handling: Tails 3.0 will be amd64-only (Closes: #11961).

  * Build system
    - Disable eatmydata usage and caching: in current Stretch, debootstrap fails
      if we use eatmydata + the operation mode picked by live-build when caching
      is enabled (Closes: #12052).
    - Bump disk space (and memory for in-RAM builds) requirements.
    - Follow replacement of python-reportbug with python3-reportbug.
    - Don't try to deinstall packages that are unknown on Stretch.
    - Move AppArmor aliases to a dedicated file, and include it.
      This will avoid maintaining these settings as a patch.
    - Don't attempt to remove the usr.bin.chromium-browser AppArmor profile:
      it's not shipped in Debian anymore.

  * Test suite
    - Add optional pause() notification (Closes: #12175).
    - Make the remote shell's file operations robust (Closes: #11887).
    - Update a number of test cases for Stretch, sometimes by converting
      them to Dogtail.
    - Drop usage and tests of read-only persistence.
      We won't have this option anymore, and it's not even sure we'll
      reintroduce it (Refs: #12093, Closes: #12055).
    - Adjust CONFIGURED_KEYSERVER_HOSTNAME to match current settings.
    - Test suite: clean up disks between features.

  * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
    - Adjust dpkg-divert path: it has moved.
    - Replace xfonts-wqy with fonts-wqy-microhei + fonts-wqy-zenhei.
      The former was removed from Debian testing, and the latter are recommended
      by task-chinese-s-desktop and task-chinese-t-desktop.
    - Install virtualbox* from sid.
      It was removed from testing due to https://bugs.debian.org/794466.
    - Drop deprecated settings from org/gnome/settings-daemon/plugins/power.
    - Update settings name in org/gnome/desktop/peripherals/touchpad, and drop
      deprecated ones.
    - Adjust to changed Liferea's .desktop filename.
    - Also torify Liferea when started via its (new) D-Bus service.
    - Install hunspell-pt-br instead of hunspell-pt-pt.
      Tor Browser 6.5 moved from pt-PT to pt-BR, which is fine vs
      spellcheckers in Jessie since its hunspell-pt provides both -pt and
      -br, but in Stretch they are separate packages.
    - AppArmor: adjust usr.sbin.cupsd profile so it loads successfully
      (Closes: #12116).
    - Migrate from netstat to ss.
    - Update extensions.enigmail.configuredVersion.
    - Remove the jessie-proposed-updates APT sources.

 -- Tails developers <tails@boum.org>  Wed, 01 Feb 2017 19:23:03 +0000

tails (2.10) unstable; urgency=medium

  * Major new features and changes
    - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
    - Install OnionShare from jessie-backports. Also install
      python3-stem from jessie-backports to allow the use of ephemeral
      onion services (Closes: #7870).
    - Completely rewrite tor-controlport-filter. Now we can safely
      support OnionShare, Tor Browser's per-tab circuit view and
      similar.
      * Port to python3.
      * Handle multiple sessions simultaneously.
      * Separate data (filters) from code.
      * Use python3-stem to allow our filter to be a lot more
        oblivious of the control language (Closes: #6788).
      * Allow restricting STREAM events to only those generated by the
        subscribed client application.
      * Allow rewriting commands and responses arbitrarily.
      * Make tor-controlport-filter reusable for others by e.g. making
        it possible to pass the listen port, and Tor control
        cookie/socket paths as arguments (Closes: #6742). We hear
        Whonix plan to use it! :)
    - Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series
      (Closes: #12012).

  * Security fixes
    - Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159)
    - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
    - Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9.
    - Upgrade pcscd to 1.8.13-1+deb8u1.
    - Upgrade libgd3 to 2.1.0-5+deb8u8.
    - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4.
    - Upgrade tor to 0.2.9.9-1~d80.jessie+1.
    - Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2.

  * Minor improvements
    - Enable and use the Debian Jessie proposed-updates APT
      repository, anticipating on the Jessie 8.7 point-release
      (Closes: #12124).
    - Enable the per-tab circuit view in Tor Browser (Closes: #9365).
    - Change syslinux menu entries from "Live" to "Tails" (Closes:
      #11975). Also replace the confusing "failsafe" wording with
      "Troubleshooting Mode" (Closes: #11365).
    - Make OnionCircuits use the filtered control port (Closes:
      #9001).
    - Make  tor-launcher use the filtered control port.
    - Run OnionCircuits directly as the Live user, instead of a
      separate user. This will make it compatible with the Orca screen
      reader (Closes: #11197).
    - Run tor-controlport-filter on port 9051, and the unfiltered one
      on 9052. This simplifies client configurations and assumptions
      made in many applications that use Tor's ControlPort. It's the
      exception that we connect to the unfiltered version, so this
      seems like the more sane approach.
    - Remove tor-arm (Nyx) (Closes: #9811).
    - Remove AddTrust_External_Root.pem from our website CA bundle. We
      now only use Let's Encrypt (Closes: #11811).
    - Configure APT to use Debian's Onion services instead of the
      clearnet ones (Closes: #11556).
    - Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
      incidentally also makes our filter lists lighter by
      de-duplicating common patterns among the EasyList filters
      (Closes: #6908). Thanks to spriver for this first major code
      contribution!
    - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
      Jessie backports (Closes: #11899).
    - Add support for exFAT (Closes: #9659).
    - Disable unprivileged BPF. Since upgrading to kernel 4.6,
      unprivileged users can use the bpf() syscall, which is a
      security concern, even with JIT disabled. So we disable that.
      This feature wasn't available before Linux 4.6, so disabling it
      should not cause any regressions (Closes: #11827).
    - Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
    - Raise the maximum number of loop devices to 32 (Closes: #12065).
    - Drop kernel.dmesg_restrict customization: it's enabled by
      default since 4.8.4-1~exp1 (Closes: #11886).
    - Upgrade Electrum to 2.7.9-1.
    - Make the Electrum proxy configuration apply after upgrading to
      2.7.9-1. These changes incidentally makes Electrum behave nicer:
      users will now not be presented the network configuration part
      of the setup wizard -- a server will be picked randomly, and
      Electrum will auto-connect. The automated test suite is adjusted
      accordingly (Closes: #12140).
    - Remove unused Browser profile seed file localstore.rdf which was
      made obsolete in Firefox 34.
    - Tor Browser: switch from pt-PT to pt-BR langpack. The upstream
      Tor Browser did this in version 6.5 (Refs: #12159).

  * Bugfixes
    - Tails Greeter:
      * use gdm-password instead of gdm-autologin, to fix switching to
        the VT where the desktop session lives on Stretch (Closes:
        #11694)
      * Fix more options scrolledwindow size in Stretch (Closes:
        #11919)
    - Tails Installer: remove unused code warning about missing
      extlinux in Tails Installer (Closes: #11196).
    - Update APT pinning to cover all binary packages built from
      src:mesa so we ensure installing mesa from jessie-backports
      (Closes: #11853).
    - Install xserver-xorg-video-amdgpu. This should help supporting
      newer AMD graphics adapters. (Closes #11850)
    - Fix firewall startup during early boot, by referring to the
      "amnesia" user via its UID (Closes: #7018).
    - Include all amd64-microcodes.
    - refresh-translations: ignore
      config/chroot_local-includes/usr/share/doc/tails/website/.
      Otherwise, if the website has been built already, PO tools
      complain that there are files with translatable strings in
      there, which are not listed in POTFILES.in.
    - Make uBlock Origin's button appear on first run. Otherwise it
      will only appear on browser runs after the first one. This bug
      also affected Adblock Plus (Closes: #12145).

  * Build system
    - Be more careful when unmounting the tmpfs used as workspace
      during builds, fixing an issue that made Jenkins' ISO builders
      prone to failures (Closes: #12009).
    - Upgrade the Vagrant basebox to 20170105. The only big change is
      that we now install the backported kernel in the builder VM, to
      make building possible on Debian Sid (Closes: #12081).
    - Ensure the VirtualBox guest DKMS modules are built for the
      kernel we want them for. In some situations, depending on the
      version of the running kernel, the modules would not be built
      for the 686 kernel, which is the one that needs the VirtualBox
      guest modules.  This commit ensures the VirtualBox guest modules
      are built and installed regardless of the how the build
      environment looks like (Closes: #12139).

  * Test suite
    - Replace the filesystem shares support with a helper for easily
      sharing files from the host to the guest using virtual disks
      (Closes: #5571).
    - Do not test sending email when testing POP3. We cannot clean
      that email up (easily) since when we use POP3 deletions won't
      affect the remote inbox, only our local one, resulting in the
      quota being reached eventually (Closes: #12006).
    - Have APT tests configure APT to use non-onion sources. Our test
      suite uses Chutney to create a virtual, private Tor network, and
      thus doesn't support connections to Onion services running in
      the real Tor network (Refs: #11556).
    - Allow connections to Tor's control port during stream isolation
      tests, but only for those applications where we expect that.
    - Fix Electrum tests after upgrading to 2.7.9-1.
    - Make encryption.feature pass for Tails 2.10~rc1.
    - Adapt tests after the Donation campaign was disabled (Refs:
      #12134).
    - Fix 'The "Tails documentation" link on the Desktop works'
      scenario. The TailsOfflineDocHomepage.png image doesn't match
      what we see any more (I have no clue why), so let's use Dogtail
      and solve this once and for all, hopefully.
    - Work around Tails freezing during memory wiping. These
      workarounds should be reverted once #11786 is fixed
      properly. (Refs: #10776, #11786)
    - Support both xtigervncviewer and xtightvncviewer for --view.
      xtightvncviewer is a transitional package in Sid, which depends
      on tigervnc-viewer (which ships xtigervncviewer), so by keeping
      the dep and supporting both binaries, --view will work on both
      Sid and Jessie (Closes: #12129).
    - Test suite: bump image after upgrading to Tor Browser 6.5 (Refs:
      #12159).
    - Add debugging info for when PacketFu misbehaves, and be more
      careful when to save pcap artifacts (Refs: #11508).

 -- Tails developers <tails@boum.org>  Mon, 23 Jan 2017 11:38:37 +0100

tails (2.9.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay
      close attention you'll see that we import -build1 but there was
      a -build2. The only change is Tor Button 1.9.5.13 which makes
      some changes to the donation campaign banner in `about:tor`,
      which we safely can skip. (Closes: #12028)
    - Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029)
    - Upgrade APT-related packages to 1.0.9.8.4.

  * Minor improvements
    - Switch to DuckDuckGo as the default search engine in the tor
      Browser. This is what Tor Browser has, and Disconnect.me (the
      previous default) has been re-directing to DDG for some time,
      which has been confusing users. In addition, we localize the DDG
      user interface for the locales with availablelangpacks. (Closes:
      #11913)
    - Improve the display name for the Wikipedia search plugin.
    - Enable contrib and non-free for our own APT repos.
    - Upgrade Tor to 0.2.8.10. (Closes: #12015)
    - Upgrade obfs4proxy to 0.0.7-1~tpo1.

  * Bugfixes
    - AppArmor Totem profile: add permissions needed to avoid warning
      on startup. (Closes: #11984)
    - Upgrade the VirtualBox Guest additions and modules to version
      5.1.8. This should prevent Xorg from crashing unless the video
      memory for the VMs are significantly bumped. (Closes: #11965)
      Users will still have to enable I/O APIC due to a bug in Linux.
    - Drop unwanted search plugins from the Tor Browser langpacks.
      Otherwise they are only removed from English locales. Note that
      the langpacks contain copies of the English plugins, not
      localized versions, so we actually lose nothing.

  * Test suite
    - Add support for SikuliX, which recently hit Debian Unstable,
      while still supporting Sikuli for Jessie users. (Closes: #11991)
    - Fix some instances where we were trying to use the mouse outside
      of the Sikuli screen.
    - Use "TorBirdy" instead of "amnesia branding" as the "anchor"
      addon.  I.e. the addon that we use to find the other ones. The
      "amnesia branding" addon has been removed, so we must use
      something else. (Fixup: #11906)
    - Dogtailify "the support documentation page opens in Tor Browser"
      step. We previously relied on Sikuli, and the image was made
      outdated thanks to our donation campaign. No more! (Closes:
      #11911)
    - Resolve dl.amnesia.boum.org instead of picking a static address.
      Just hours after updating the dustri.org IP address, its web
      server went down => test suite failures. Let's make this test as
      robust as actually downloading the Tails ISO image -- if that
      fails, we probably have more serious problems on our hands than
      a failing test suite. (Closes: #11960)
    - Switch MAT scenario from testing PDFs to PNGs. Also add
      anti-test and test using using a tool *different* from MAT, the
      tool being tested here. (Closes: #11901)

 -- Tails Developers <tails@boum.org>  Wed, 14 Dec 2016 13:19:16 +0100

tails (2.7.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 6.0.7 (build3) based on Firefox 45.5.1.
    - Upgrade gstreamer0.10-based packages to 0.10.31-3+nmu4+deb8u2.
    - Upgrade imagemagick-based packages to 8:6.8.9.9-5+deb8u6.
    - Upgrade libicu52 to 52.1-8+deb8u4.
    - Upgrade vim-based packages to 2:7.4.488-7+deb8u1.

  * Minor improvements
    - Reserve 64 MiB for the kernel and 128 MiB for privileged
      processes before the memory is wiped. We hope that this might
      help (but not solve, sadly) some crashes experienced while
      wiping the memory.

  * Build system
    - Make the wiki shipped inside Tails build deterministically
      (Closes: #11966):
      * Enable ikiwiki's "deterministic" option, and require it when
        building.
      * Use our custom backport of discount (2.2.1-1~bpo8+1~0.tails1),
        to fix reproducibility issues (Debian#782315). This can be
        dropped once our ISO builders use Stretch.
      * Install ikiwiki from our builder-jessie APT suite, to make the
        pagestats plugin output deterministic.
    - refresh-translations: don't update PO files unless something
      other than POT-Creation-Date was changed. (Closes: #11967)
    - Fix Vagrant's is_release? check. Per auto/build, we consider it
      a release when we build from detached head, and HEAD is tagged.
    - Enforce `cleanall` when building a release. I.e. don't allow the
      user supplied options to override this behaviour. This is
      important since Vagrant caches wiki builds, and we do not want
      leftovers from a previous builds ending up in a release. Also,
      this is required for making Tails images build reproducibly.
    - Make the build system's `cleanall` option really clean
      everything.  At the moment it doesn't clean the cached wiki
      build (which basically was its only job).
    - import-package: support contrib and non-free sections.

  * Test suite
    - Wait a bit between opening the shutdown applet menu, and
      clicking one of its widgets. (Closes: #11616).
    - Adapt Icedove test after removing the amnesia branding add-on.
      (Closes: #11906)
    - Replace --pause-on-fail with --interactive-debugging. It does
      the same thing, but also offers an interactive Ruby shell, via
      pry, with the Cucumber world context.

 -- Tails developers <tails@boum.org>  Wed, 30 Nov 2016 17:27:37 +0100

tails (3.0~alpha1) experimental; urgency=medium

  * Major new features and changes
    - Upgrade to a snapshot of Debian 9 (Stretch) from 2016-11-15.
    - Switch userpace from 32-bit to 64-bit (Closes: #8183), and accordingly:
      · Memory erasure: drop the "one instance of sdmem per 2 GiB of RAM" tweak,
        that is not needed on x86-64.
      · Display a "sorry!" message when trying to boot on a 32-bit BIOS system
        (refs: #11638).
    - Switch GNOME Shell to its default black theme (Closes: #11789).

  * Minor improvements
    - Install the cirrus and modesetting X.Org drivers (Closes: #10962).
    - Install the 'amdgpu' driver for the AMD Radeon cards (refs: #11850).
    - Stop disabling kernel modesetting for QXL (refs: #11518).
    - Replace TopIcons with gnome-shell-extension-top-icons-plus.
      The former causes plenty of trouble and is apparently abandoned
      upstream. The latter is actively maintained upstream, and packaged
      in Debian. (refs: #10576)
    - Use torsocks to torify Git, and drop tsocks entirely. tsocks has been
      unmaintained for years in Debian, and was removed from testing
      for a while (Closes: #10955).
    - Replace Florence's "systray" icon with the Florence Indicator GNOME Shell
      extension (refs: #8312). And then, don't automatically start Florence:
      the Florence Indicator GNOME Shell extension will start it the first time
      one tries to display it. This should save a tiny bit of RAM.
    - Harden AppArmor Totem profiles.
    - Switch to the Debian-packaged aufs kernel module (Closes: #11829).
    - Configure the firewall to not allow root to connect to Tor at all,
      which is possible now that APT uses a dedicated user for network
      operations.
    - Fix firewall startup during early boot, by referring to the "amnesia"
      user via its UID (refs: #7018).
    - Install hunspell dictionaries instead of myspell ones, for a few more
      languages: Spanish, Italian, Portuguese and Russian. Only Farsi keeps
      using a myspell dictionary for now.

  * Removed features
    - Stop installing BookletImposer PDF imposition toolkit.
      It's unmaintained upstream and thus won't be part of Debian Stretch.
    - Stop installing ekeyd:  it's unmaintained, very rarely used, poorly
      designed (dedicated daemon), and security sensitive (Closes: #7687).
    - Stop shipping ttdnsd. It was only useful for developers and power-users
      who can install it themselves as needed. It's been unmaintained upstream
      for many years. It's very buggy so we had to remove it from the DNS
      resolution loop years ago. It's not in Debian. And it's one of the only
      two bits of Tails that still relied on tsocks, that is RC-buggy,
      unmaintained in Debian, and not in Stretch at the moment. So it has
      become clear that the cost of keeping ttdnsd now outweighs the benefits
      it brought (refs: #10959).

  * Build system
    - Bump disk space (and memory for in-RAM builds) requirements.
    - Support new live-config configuration directory naming, again and again.
    - Use the lowest compression level for the SquashFS when compressing it
      with gzip. This makes our development builds faster, and the resulting
      ISO image only a little bit bigger (Closes: #9788).
    - Configure initramfs compression later, to make the build faster.

  * Test suite
    - Various refactoring while we were at it.
    - Port tests to Dogtail: installation, upgrade, notification detection,
      Synaptic, Gobby, and some of Tor Browser.
    - Workaround GNOME Shell being buggy for Dogtail (refs: #11718).
    - Update a bunch of test suite images for Stretch.
    - Mark created disk as temporary when we don't need to keep it around.
    - Simplify adding NetworkManager connections, and rely more on the defaults.
      Not providing the complete configuration file makes us test something
      closer to what happens when a user adds a Wi-Fi connection themselves.
    - Adjust the minimum allowed memory pattern coverage before wiping.
    - Always sync the time from the host when restoring from a snapshot.
      Previously we wouldn't do it when the network was plugged but Tor wasn't
      running, which can cause issues if we *then* start Tor since the time
      may be off.
    - Adjust to the fact that we now support running as a 64-bit guest
      in VirtualBox, and simplify code since we now include a 64-bit userland.
    - Improve how we restart Tor/I2P after restoring from a snapshot.
    - Adjust PolicyKit tests for Stretch.
    - Work around Tails stopping on shut down due to #11730.
      This should be reverted once #11730 is fixed properly.
    - Update the screenshot scenario.
    - Fix pcap file saving on MAC spoofing failure (Closes: #11698).
    - Test that notifications are actually shown.
    - Drop obsolete workaround for Florence sometimes not being hidden
      on startup (#11398).
    - Avoid remote shell deadlock.
    - Install at-spi2-core from Debian Sid.
      With the current version in Stretch, at-spi-bus-launcher crashes on
      start, breaking parts of GNOME's accessibility, and Dogtail.
      For details, see https://bugs.debian.org/840618.
    - Check that the MAC address is spoofed for manually added persistent
      NetworkManager connections created on Jessie and Stretch (refs: #11931).
    - Use nc.traditional in tests that rely on its behaviour.
    - Adjust expected notification text to cope with #11941.

  * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
    - Adjust APT sources and pinning for Stretch.
    - Don't install gnome-media, which is not part of testing/sid anymore.
      We already install the only bits it was providing or depending on.
    - Don't install gnome-themes: it's gone in Stretch.
    - Stop installing GStreamer 0.10 explicitly: it won't be in Stretch,
      and some bits are gone already.
    - Refresh and unfuzzy patches for Stretch. Replace some of them with
      programmatic patching, as patches break the build whenever
      they become fuzzy.
    - Drop start_AppArmor_earlier.diff: on Stretch, AppArmor starts much earlier
      already.
    - Accept iceweasel-l10n-* that don't provide any search engine:
      on Stretch, at least iceweasel-l10n-ar_1%3a43.0.4-1_all.deb doesn't.
    - Stop deleting 75-persistent-net-generator.rules: obsolete in Stretch.
      It was removed in systemd (220-7).
    - Tell live-boot we're still using aufs: recent live-boot defaults
      to overlayfs, which we don't use yet.
    - Don't remove imagemagick in 11-localize_browser: cups-filters depends on it
      (Closes: #10960).
    - Explicitly install bc: needed by our 2010-pidgin live-config hook.
    - Remove gcc-4.9-base and gcc-5 via a chroot hook, taking into account
      that GCC 5 is the default on Stretch.
    - Switch to openjdk-8-jre: openjdk-7-jre is not in Stretch anymore.
    - gcalctool was renamed to gnome-calculator.
    - Don't try to delete non-existing AppArmor profile for ntpd: it was moved
      to the ntp package in Stretch.
    - Build DKMS modules with GCC 5: Stretch hasn't 4.8 anymore.
    - Don't try to reload or disable an initscript that we don't patch,
      and that doesn't exist anymore.
    - Support the case when /usr/src/libdvd-pkg does not exist.
      Apparently this can happen on Stretch.
    - Adjust to the move of /etc/gnome/defaults.list in Stretch
      (Closes: #11440).
    - Stop installing xserver-xorg-input-vmmouse. It's obsolete and conflicts
      with recent kernels: https://bugs.debian.org/831420
    - Install open-vm-tools from sid: it's been removed from testing.
    - Install the gobby package, instead of the (now gone) transitional
      gobby-0.5 one.
    - apparmor-adjust-tor-profile.diff: drop bits that are useless, and
      prevent Tor from starting, on Stretch.
    - Tor Daemon Status: declare compatibility with GNOME Shell 3.20.
    - Shutdown helper: declare compatibility with GNOME Shell 3.20.
    - Drop 43-adjust_path_to_ibus-unikey_binaries hook: it was a workaround
      for a bug (Debian#714932) that was fixed.
    - Use netcat-openbsd instead of connect-proxy for torifying SSH.
      connect-proxy seems barely maintained in Debian and was removed from
      testing due to https://bugs.debian.org/830423.
    - Don't disable gdomap service: we don't include it anymore.
      unar in Jessie depended on gnustep-base-runtime (that ships gdomap),
      but this is not the case in Stretch anymore.
    - Install system-config-printer-common instead of system-config-printer,
      and drop customization that were needed only for the latter:
      system-config-printer (1.5.7-2) extracts into a new -common package
      the bits needed by gnome-control-center (Closes: #11505).
    - Adjust haveged AppArmor profile to work with Linux 4.x on Stretch.
    - cupsd AppArmor profile: update list of backends, and add aufs-specific
      tweak that Stretch needs (refs: #11699).
    - Revert to GNOME's default font antialiasing/hinting.
      We fixed on rgba/slight when converting some manual fontconfig stuff
      to GNOME's layer on top of it, but at least from a fresh Stretch
      install (2016-08-24) we got grayscale/slight. It could be that some
      auto-detection is involved, so the values would be different depending
      on the actual hardware. Any way, let's try to decrease our delta here.
    - Adjust haveged arguments customization for Stretch (Closes: 11522).
    - Display the date in the desktop top bar, as we did in Jessie and older.
      (Closes: #11696)
    - Drop patch to keep haveged, saned, spice-vdagent and laptop-mode running
      on shutdown. These patches are no-ops on Stretch, where these services
      have native systemd unit files. It's not worth porting these patches:
      saned is socket-activated so in most cases it does not have to be shut
      down, and we expect that the other ones can be stopped pretty quickly.
      Let's bring back this kind of optimization if, and only if, we identify
      an actual problem to fix in this area :)
    - Don't delete downloaded debs after install: apt(8) >= 1.2~exp1 deletes
      them by default, which is not nice for users who use it to preseed
      their persistent APT cache. (Closes: #10958)
    - Hide "OpenJDK Java 8 Policy Tool" from the Applications menu.
    - Don't ship GCC 6: we don't ship compilers in Tails usually.
    - Don't ship gcc-5-base: on Stretch we ship gcc-6-base instead.
    - Don't start shipping libdvdcss2-dbgsym nor paxctld.
    - Adjust default web browser customization: GNOME in Debian now defaults
      to Firefox ESR (refs: #11440).
    - Install libreoffice-gtk3: on Stretch this is needed to have Gtk+ 3 widgets
      and a Gtk/GNOMEish print dialog.
    - Explicitly install gtk2-engines-pixbuf, as it's not pulled automatically
      on Stretch, and it's needed to theme GTK+ 2 applications in a nice way
      (Closes: #11715).
    - AppArmor gnome abstraction: allow reading /etc/xdg/*-mimeapps.list
      (refs: #11440).
    - Drop obsolete disabling of GNOME Keyring's GnuPG agent feature.
      That feature was removed upstream.
    - Explicitly select pinentry-gtk2 as our preferred pinentry program.
      On Stretch, gnome-keyring depends on pinentry-gnome3, and then that one
      is selected by default. It does not feel worth it to introduce a hackish
      solution such as a fake pinentry-gnome3 package, so let's ignore it and
      just make sure we are using the pinentry program we prefer
      (Closes: #11713).
    - Drop keep_memlockd_on_shutdown.diff: it's been a no-op since Tails 2.0
      (Closes: #11708).
    - Drop custom NetworkManager plugin configuration: these tweaks are not
      needed on Stretch anymore.
    - Disable new style network interface naming scheme.
      It has little value for a live system, so let's stick to what we are
      used to, and avoid having to adjust code/config/test suite
      (Closes: #11721).
    - Drop obsolete NM configuration wrt. sending hostname in DHCP requests
      (Closes: #11720).
    - Update APT pinning to cover all binary packages built from src:mesa
      (refs: #11853).
    - Don't try to install gnupg-curl: it doesn't exist anymore in Stretch.
    - Install seahorse-nautilus from sid. It's been removed from testing.
    - Drop workaround for Debian bug #645466, that was fixed in 2014
      (Closes: #11534).
    - Allow the "_apt" user to use Tor: in Stretch, APT network operations
      are performed with the "_apt" user and not root.
    - Make sure that 'localhost' points to the IPv4 loopback address.
    - Make desktop launchers executable (Closes: #11927).
    - Disable Wayland usage in GDM (Closes: #11923).
    - Fix AppArmor profile for gst-plugin-scanner (Closes: #11928).
    - Change Nautilus' default zoom level to 'small' (Closes: #11716).
      The icons in GNOME Files and on the desktop are too huge otherwise. With
      this new setting, they are similar in size to what we had in Jessie.
    - Fix broken symlink preventing Enigmail from being enabled.
    - Configure NetworkManager to not touch MAC addresses (refs: #11931).
      Its default behaviour on Debian Stretch is to reset the MAC address to the
      permanent one, and we did not make up our mind yet wrt. replacing
      our custom MAC spoofing system with NM's own one (refs: #11293).
    - Patch NetworkManager so that it does not leak the hostname in DHCP
      requests (Closes: #11720).
    - Deal with the fact that the NetworkManager dispatcher scripts are now
      sometimes called with an empty first argument (Closes: #11938).
    - Upgrade to GnuPG 2.1.15-9, and accordingly:
      · Remove the CA certificate for sks-keyservers.net, that we installed
        in the system-wide CAs directory: it is now included in the dirmngr
        package. Stop trusting it for non-GnuPG operations.
      · Make dirmngr use the sks-keyservers.net CA certificate from Debian.
      · Move keyserver proxy configuration to dirmngr.conf, and drop the
        keyserver-options that are obsolete or now the default.

 -- intrigeri <intrigeri@boum.org>  Thu, 17 Nov 2016 16:19:21 +0000

tails (2.7) unstable; urgency=medium

  * Security fixes
    - Upgrade to Linux 4.7. (Closes: #11885, #11818)
    - Upgrade to Tor 0.2.8.9. (Closes: #11832, #11891)
    - Upgrade Tor Browser to 6.0.6 based on Firefox 45.5. (Closes: #11910)
    - Upgrade Icedove to 1:45.4.0-1~deb8u1+tails1. (Closes: #11854,
      #11860)
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u5.
    - Upgrade openssl to 1.0.1t-1+deb8u5.
    - Upgrade libarchive to 3.1.2-11+deb8u3.
    - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u8.
    - Upgrade libav to 6:11.8-1~deb8u1.
    - Upgrade ghostscript to 9.06~dfsg-2+deb8u3.
    - Upgrade c-ares to 1.10.0-2+deb8u1.
    - Upgrade nspr to 2:4.12-1+debu8u1.
    - Upgrade nss to 2:3.26-1+debu8u1.
    - Upgrade tar to 1.27.1-2+deb8u1.
    - Upgrade curl to 7.38.0-4+deb8u5.
    - Upgrade libgd3 to 2.1.0-5+deb8u7.
    - Upgrade opendjk-7 to 7u111-2.6.7-2~deb8u1.
    - Upgrade mat to 0.5.2-3+deb8u1.
    - Upgrade libxslt to 1.1.28-2+deb8u2.
    - Upgrade pillow to 2.6.1-2+deb8u3.

  * Minor improvements
    - Ship Let's encrypt intermediate certificate to prepare the
      the next certificate renewal of our website. Also unify the
      way our upgrades and security checkers verify this SSL
      certificate using our dedicated perl lib code. (Closes: #11810)

  * Bugfixes
    - Fix multiarch support in Synaptic. (Closes: #11820)
    - Set default spelling language to en_US in Icedove. (Closes: #11037)

  * Build system
    - Disable debootstrap merged-usr option. (Closes: #11903)

  * Test suite
    - Add test for incremental upgrades. (Closes: #6309)
    - Add tests for Icedove. (Closes: #6304)
    - Decrease timeout to Tails Greeter to speed up testing of branches
      where it is broken. (Closes: #11449)
    - Add a ID field to the remote shell responses to filter out
      unrelated ones. (Closes: #11846)
    - Reliabily wait for the Greeter PostLogin script. (Closes: #5666)
    - Reliabily type the kernel command line in the prompt at the boot
      menu to ensure the remote shell is started. (Closes: #10777)
    - Remove DVDROM device when not used, to workaround QEMU/Libvirt
      compatibility issue. (Closes: #11874)

 -- Tails developers <tails@boum.org>  Sun, 13 Nov 2016 14:46:04 +0100

tails (2.6) unstable; urgency=medium

  * Major new features and changes
    - Install Tor 0.2.8.7. (Closes: #11351)
    - Enable kASLR in the Linux kernel. (Closes: #11281)
    - Upgrade Icedove to 1:45.2.0-1~deb8u1+tails1: (Closes: #11714)
      · Drop auto-fetched configurations using Oauth2.  They do not
        work together with Torbirdy since it disables needed
        functionality (like JavaScript and cookies) in the embedded
        browser. This should make auto-configuration work for GMail
        again, for instance.  (Closes: ##11536)
      · Pin Icedove to be installed from our APT repo. Debian's
        Icedove packages still do not have our secure Icedove
        autoconfig wizard patches applied, so installing them would be
        a serious security regression. (Closes: #11613)
      · Add missing icedove-l10n-* packages to our custom APT
        repository (Closes: #11550)
    - Upgrade to Linux 4.6: (Closes: #10298)
      · Install the 686 kernel flavour instead of the obsolete 586
        one.
      · APT, dpkg: add amd64 architecture. The amd64 kernel flavour is
        not built anymore for the i386 architecture, so we need to use
        multiarch now.
      · Build and install the out-of-tree aufs4 module. (Closes: #10298)
      · Disable kernel modesetting for QXL: it's not compatible with
        Jessie's QXL X.Org driver.

  * Security fixes
    - Hopefully fixed an issue which would sometimes make the Greeter
      ignore the "disable networking" or "bridge mode"
      options. (Closes: #11593)

  * Minor improvements
    - Install firmware-intel-sound and firmware-ti-connectivity.  This
      adds support for some sound cards and Wi-Fi adapters.  (Closes:
      #11502)
    - Install OpenPGP Applet from Debian. (Closes: #10190)
    - Port the "About Tails" dialog to python3.
    - Run our initramfs memory erasure hook earlier (Closes:
      #10733). The goal here is to:
      · save a few seconds on shutdown (it might matter especially for
        the emergency one);
      · work in a less heavily multitasking / event-driven
        environment, for more robust operation.
    - Install rngd, and make rng-tools initscript return success when
      it can't find any hardware RNG device. Most Tails systems around
      probably have no such device, and we don't want systemd to
      believe they failed to boot properly. (Closes: #5650)
    - Don't force using the vboxvideo X.Org driver. According to our
      tests, this forced setting is:
       · harmful: it breaks X startup when the vboxvideo *kernel*
         driver is loaded;
       · useless: X.Org now autodetects the vboxvideo X.Org driver and
         uses it when running in VirtualBox and the vboxvideo kernel
         is not present.
    - Port boot-profile to python3 (Closes: #10083). Thanks to
      heartsucker <heartsucker@autistici.org> for the patch!
    - Include /proc/cmdline and the content of persistent APT sources
      in WhisperBack bug reports. (Closes: #11675, #11635)
    - Disable non-free APT sources at boot time. (Closes: #10130)
    - Have a dedicated page for the homepage of Tor Browser in
      Tails. (Closes: # 11725)
    - Only build the VirtualBox kernel modules for the 32-bit kernel.
      It's both hard and useless to build it for 64-bit in the current
      state of things, as long as we're shipping a 32-bit userspace.
      Also, install virtualbox-* from jessie-backports, since the
      version in Jessie is not compatible with Linux 4.x.

  * Build system
    - Don't install+remove dpatch during the build. It's not been
      needed in this hook for ages.
    - Bump BUILD_SPACE_REQUIREMENT: at least one of us needed that to
      build feature/10298-linux-4.x-aufs with the gzipcomp option.

  * Test suite
    - Send Tails Installer's debug log to the Cucumber debug log on
      failure. This is meant to debug #10720 since I can't
      reproduce it locally.
    - Give the system under testing 2 vCPUs. (Closes: #6729)
    - Split scenarios from checks.feature. (Closes: #5707)
    - Add retry-logic to the Synaptic tests. (Closes: #10412, #10441,
      #10991)
    - Run usb_upgrade.feature earlier, when there is enough free disk
      space left. (Closes: #11582)
    - Use more recent virtual hardware in the system under test,
      i.e. USB 3.0 (nec-xhci) on a pc-i440fx-2.5 machine. Switching
      USB controllers has helped with problems we see on Jenkins when
      booting from USB (#11588). Also, there are chances that more
      recent virtual hardware sees more testing these days, so it
      sounds potentially useful to "upgrade".
    - Add support for Cucumber 2.4. (Closes: #11690)
    - Always write {pretty,debug} logs and JSON output to the artifact
      directory.
    - Disable info level logging on Chutney nodes to save disk
      space. For our network all these add up to > 1 GiB and we didn't
      take this into account when budgeting RAM to the isotesters on
      Jenkins.

 -- Tails developers <tails@boum.org>  Tue, 20 Sep 2016 04:16:33 +0200

tails (2.5) unstable; urgency=medium

  * Major new features and changes
    - Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
      · Fix long delay causing bad UX in the autoconfig wizard,
        when it does not manage to guess proper settings on some domains.
        (Closes: #11486)
      · Better support sending email through some ISPs, such as Riseup.
        (Closes: #10933)
      · Fix spurious error message when creating an account and providing
        its password. (Closes: #11550)

  * Security fixes
    - Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
    - Upgrade GIMP to 2.8.14-1+deb8u1.
    - Upgrade libav to 6:11.7-1~deb8u1.
    - Upgrade expat to 2.1.0-6+deb8u3.
    - Upgrade libgd3 to 2.1.0-5+deb8u6.
    - Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
    - Upgrade perl to 5.20.2-3+deb8u6.
    - Upgrade Pidgin to 2.11.0-0+deb8u1.
    - Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
    - Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
    - Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
    - Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
    - Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.

  * Minor improvements
    - htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
      timeout for HTTP operations for more robust time synchronization.
      (Closes: #11577)
    - Hide settings panel for the Online Accounts component of GNOME,
      that we don't support. (Closes: #11545)
    - Vastly improve graphics performance in KVM guest with QXL driver.
      (Closes: #11500)
    - Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
      (Closes: #11489)

  * Build system
    - Wrap Pidgin in a more maintainable way. (Closes: #11567)

  * Test suite
    - Add a test scenario for the persistence "dotfiles" feature.
      (Closes: #10840)
    - Improve robustness of most APT, Git, SFTP and SSH scenarios,
      enough to enable them on Jenkins. (Closes: #10444, #10496, #10498)
    - Improve robustness of checking for persistence partition. (Closes: #11558)
    - Treat Tails booting from /dev/sda as OK, to support all cases
      including a weird one caused by hybrid ISO images. (Closes: #10504)
    - Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
    - Only query A records when exercising DNS lookups, to improve robustness.

 -- Tails developers <tails@boum.org>  Sun, 31 Jul 2016 16:50:35 +0000

tails (2.4) unstable; urgency=medium

  * Major new features and changes
    - Upgrade Tor Browser to 6.0.1 based on Firefox 45.2. (Closes:
      #11403, #11513).
    - Enable Icedove's automatic configuration wizard. We patch the
      wizard to only use secure protocols when probing, and only
      accept secure protocols, while keeping the improvements done by
      TorBirdy in its own non-automatic configuration wizard. (Closes:
      #6158, #11204)

  * Security fixes
    - Upgrade bsdtar and libarchive13 to 3.1.2-11+deb8u1.
    - Upgrade icedove to 38.8.0-1~deb8u1+tails3.
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u3.
    - Upgrade libexpat1 to 2.1.0-6+deb8u2.
    - Upgrade libgd3 to 2.1.0-5+deb8u3.
    - Upgrade gdk-pixbuf-based packages to 2.31.1-2+deb8u5.
    - Upgrade libidn11 to 1.29-1+deb8u1.
    - Upgrade libndp0 to 1.4-2+deb8u1.
    - Upgrade poppler-based packages to 0.26.5-2+deb8u1.
    - Upgrade librsvg2-2 to 2.40.5-1+deb8u2.
    - Upgrade libsmbclient to 2:4.2.10+dfsg-0+deb8u3.
    - Upgrade OpenSSL to 1.0.1k-3+deb8u5.
    - Upgrade libtasn1-6 to 4.2-3+deb8u2.
    - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u2.
    - Upgrade openjdk-7-jre to 7u101-2.6.6-1~deb8u1.

  * Bugfixes
    - Enable Packetization Layer Path MTU Discovery for IPv4. If any
      system on the path to the remote host has a MTU smaller than the
      standard Ethernet one, then Tails will receive an ICMP packet
      asking it to send smaller packets. Our firewall will drop such
      ICMP packets to the floor, and then the TCP connection won't
      work properly. This can happen to any TCP connection, but so far
      it's been reported as breaking obfs4 for actual users. Thanks to
      Yawning for the help! (Closes: #9268)
    - Make Tails Upgrader ship other locales than English. (Closes:
      #10221)
    - Make it possible to add local USB printers again. Bugfix on
      Tails 2.0. (Closes #10965).

  * Minor improvements
    - Remove custom SSH ciphers and MACs settings. (Closes: #7315)
    - Bring back "minimize" and "maximize" buttons in titlebars by
      default. (Closes: #11270)
    - Icedove improvements:
      * Stop patching in our default into Torbirdy. We've upstreamed
        some parts, and the rest we set with pref branch overrides in
        /etc/xul-ext/torbirdy.js. (Closes: #10905)
      * Use hkps keyserver in Enigmail. (Closes: #10906)
      * Default to POP if persistence is enabled, IMAP is
        not. (Closes: #10574)
      * Disable remote email account creation in Icedove. (Closes:
        #10464)
    - Firewall hardening (Closes: #11391):
      * Don't accept RELATED packets. This enables quite a lot of code
        in the kernel that we don't need. Let's reduce the attack
        surface a bit.
      * Restrict debian-tor user to NEW TCP syn packets. It doesn't
        need to do more, so let's do a little bit of security in
        depth.
      * Disable netfilter's nf_conntrack_helper.
      * Fix disabling of automatic conntrack helper assignment.
    - Kernel hardening:
      * Set various kernel boot options: slab_nomerge slub_debug=FZ
        mce=0 vsyscall=none. (Closes: #11143)
      * Remove the kernel .map files. These are only useful for kernel
        debugging and slightly make things easier for malware, perhaps
        and otherwise just occupy disk space. Also stop exposing
        kernel memory addresses through /proc etc. (Closes: #10951)
    - Drop zenity hacks to "focus" the negative answer. Jessie's
      zenity introduced the --default-cancel option, finally!
      (Closes: #11229)
    - Drop useless APT pinning for Linux.
    - Remove gnome-tweak-tool. (Closes: #11237)
    - Install python-dogtail, to enable accessibility technologies in
      our automated test suite (see below). (Part of: #10721)
    - Install libdrm and mesa from jessie-backports. (Closes: #11303)
    - Remove hledger. (Closes: #11346)
    - Don't pre-configure the #tails chan on the default OFTC account.
      (Part of: #11306)
    - Install onioncircuits from jessie-backports. (Closes: #11443)
    - Remove nmh. (Closes: #10477)
    - Drop Debian experimental APT source: we don't use it.
    - Use APT codenames (e.g. "stretch") instead of suites, to be
      compatible with our tagged APT snapshots.
    - Drop module-assistant hook and its cleanup. We've not been using
      it since 2010.
    - Remove 'Reboot' and 'Power Off' entries from Applications →
      System Tools. (Closes: #11075)
    - Pin our custom APT repo to the same level as Debian ones, and
      explicitly pin higher the packages we want to pull from our custom
      APT repo, when needed.
    - config/chroot_local-hooks/59-libdvd-pkg: verify libdvdcss
      package installation. (Closes: #11420)
    - Make Tails Upgrader use our new mirror pool design. (Closes:
      #11123)
    - Drop custom OpenSSH client ciphers and MACs settings. We did a
      pretty bad job at maintaining them compared to the Debian
      upstream. (Closes: #7315)
    - Install jessie-backports version of all binary packages built
      from src:hplip. This adds support for quite a few new
      printers.
    - Install printer-driver-postscript-hp, which adds support for
      some more printers.

  * Build system
    - Use a freezable APT repo when building Tails. This is a first
      step towards reproducible builds, and improves our QA and
      development processes by making our builds more predictable. For
      details, see: https://tails.boum.org/contribute/APT_repository/
    - There has been a massive amount of improvements to the
      Vagrant-based build system, and now it could be considered the
      de-facto build system for Tails! Improvements and fixes include:
      * Migrate Vagrant to use libvirt/KVM instead of
        Virtualbox. (Closes: #6354)
      * Make apt-get stuff non-interactive while provisioning.
        Because there is no interaction, so that will results in
        errors.
      * Bump disk space (=> RAM for RAM builds) needed to build with
        Vagrant. Since the Jessie migration it seems impossible to
        keep this low enough to fit in 8 GiB or RAM. For this reason
        we also drop the space optimization where we build inside a
        crazy aufs stack; now we just build in a tmpfs.
      * Clean up apt-cacher-ng cache on vm:provision to save disk
        space on the builder.
      * Add convenient Rake task for SSH:ing into the builder VM:
        `rake vm:ssh`.
      * Add rake task for generating a new Vagrant base box.
      * Automatically provision the VM on build to keep things up-to-date.
      * Don't enable extproxy unless explicitly given as an
        option. Previously it would automatically be enabled when
        `http_proxy` is set in the environment, unlike what is
        documented. This will hopefully lead to fewer surprises for users
        who e.g. point http_proxy to a torified polipo, or similar.
      * Re-fetch tags when running build-tails with Vagrant. That
        should fix an annoyance related to #7182 that I frequently
        encounter: when I, as the RM, rebuild the release image the
        second time from the force-updated tag, the build system would
        not have the force-updated tag. (Closes: #7182)
      * Make sure we use the intended locale in the Tails builder VM.
        Since we communicate via SSH, and e.g. Debian forward the
        locale env vars by default, we have to take some steps
        ensuring we do not do that.
    - Pull monkeysphere from stretch to avoid failing to install under
      eatmydata. Patch submitted by Cyril Brulebois <cyril@debamax.com>.

  * Test suite
    - Add wrapper around dogtail (inside Tails) for "remote" usage in
      the automated test suite. This provides a simple interface for
      generating dogtail python code, sending it to the guest, and
      executing it, and should allow us to write more robust tests
      leveraging assistive technologies. (Closes: #10721)
    - A few previously sikuli-based tests has been migrated to use
      dogtail instead, e.g. GNOME Applications menu interaction.
    - Add a test for re-configuring an existing persistent volume.
      This is a regression test for #10809. (Closes: #10834)
    - Use a simulated Tor network provided by Chutney in the automated
      test suite. The main motivation here is improved robustness --
      since the "Tor network" we now use will exit from the host
      running the automated test suite, we won't have to deal with Tor
      network blocking, or unreliable circuits. Performance should
      also be improved. (Closes: #9521)
    - Drop the usage of Tor Check in our tests. It doesn't make sense
      now when we use Chutney since that always means it will report
      that Tor is not being used.
    - Stop testing obsolete pluggable transports.
    - Completely rewrite the firewall leak detector to something more
      flexible and expressive.
    - Run tcpdump with --immediate-mode for the network sniffer. With
      this option, "packets are delivered to tcpdump as soon as they
      arrive, rather than being buffered for efficiency" which is
      required to make the sniffing work reliable the way we use it.
    - Remove most scenarios testing "tordate". It just isn't working
      well in Tails, so we shouldn't expect the tests to actually work
      all of the time. (Closes: #10440)
    - Close Pidgin before we inspect or persist its accounts.xml.
      I've seen a case when that file is _not_ saved (and thus, not
      persisted) if we shut down the system while Pidgin is still
      running. (Closes: #11413)
    - Close the GNOME Notification bar by pressing ESC, instead of
      opening the Applications menu. The Applications menu often
      covers other elements that we're looking for on the
      screen. (Closes #11401)
    - Hide Florence keyboard window when it doesn't vanish by itself
      (Closes: #11398) and wait a bit less for Florence to disappear
      (Closes: #11464).

 -- Tails developers <tails@boum.org>  Mon, 06 Jun 2016 20:10:56 +0200

tails (2.3) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
    - Upgrade icedove to 38.7.0-1~deb8u1
    - Upgrade git to 1:2.1.4-2.1+deb8u2
    - Upgrade libgd3 to 2.1.0-5+deb8u1
    - Upgrade pidgin-otr to 4.0.1-1+deb8u1
    - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
    - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
    - Upgrade openssh to 1:6.7p1-5+deb8u2

  * Bugfixes
    - Refresh Tor Browser's AppArmor profile patch against the one from
      torbrowser-launcher 0.2.4-1. (Fixes: #11264)
    - Pull monkeysphere from stretch to avoid failing to install under
      eatmydata. (Fixes: #11170)
    - Start gpg-agent with no-grab option due to issues with pinentry and
      GNOME's top bar. (Fixes: #11038)
    - Tails Installer: Update error message to match new name of 'Clone
      & Install'. (Fixes: #11238)
    - Onion Circuits:
      * Cope with a missing geoipdb. (Fixes: #11203)
      * Make both panes of the window scrollable. (Fixes #11192)
    - WhisperBack: Workaround socks bug. When the Tor fails to connect to
      the host, WisperBack used to display a ValueError.  This is caused by
      a socks bug that is solved in upstream's master but not in Tails.
      This commit workarounds this bug Unclear error message in WhisperBack
      when failing to connect to the server. (Fixes: #11136)

  * Minor improvements
    - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
      and fixes to various packages . (Fixes: #11232)
    - Upgrade I2P to 0.9.25. (Fixes: #11363)
    - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
      passwords from the clipboard. (Fixes: #11239)
    - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
      (Fixes: #11273)
    - Make the Tor Status "disconnected" icon more contrasted with the
      "connected" one. (Fixes: #11199)

  * Test suite
    - Add UTF-8 support to OTR Bot. (Fixes: #10866)
    - Don't explicitly depend on openjdk-7-jre or any JRE for that
      matter. Sikuli will pull in a suitable one, so depending on one
      ourselves is only risks causing trouble. (Fixes: #11335)

 -- Tails developers <tails@boum.org>  Mon, 25 Apr 2016 14:12:22 +0200

tails (2.2.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.5.4. (Closes: #11254)
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u6
    - Upgrade libotr to 4.1.0-2+deb8u1
    - Upgrade samba-related packages to 2:4.1.17+dfsg-2+deb8u2.
    - Upgrade libgraphite2 to 1.3.6-1~deb8u1.

 -- Tails developers <tails@boum.org>  Thu, 17 Mar 2016 15:03:52 +0100

tails (2.2) unstable; urgency=medium

  * Major new features and changes
    - Replace Vidalia (which has been unmaintained for years) with:
      (Closes: #6841)
      * the Tor Status GNOME Shell extension, which adds a System Status
        icon indicating whether Tor is ready or not.
      * Onion Circuits, a simple Tor circuit monitoring tool.

  * Security fixes
    - Upgrade Tor Browser to 5.5.3 (Closes: #11189).
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u4.
    - Upgrade cpio to 2.11+dfsg-4.1+deb8u1.
    - Upgrade glibc to 2.19-18+deb8u3.
    - Upgrade libav to 6:11.6-1~deb8u1.
    - Upgrade libgraphite2 to 1.3.5-1~deb8u1.
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u1.
    - Upgrade libreoffice to 4.3.3-2+deb8u3.
    - Upgrade libssh2 to 1.4.3-4.1+deb8u1.
    - Upgrade openssl to 1.0.1k-3+deb8u4.
    - Upgrade perl to 5.20.2-3+deb8u4.
    - Upgrade python-imaging, python-pil to 2.6.1-2 2.6.1-2+deb8u2.

  * Bugfixes
    - Hide "Laptop Mode Tools Configuration" menu entry. We don't
      support configuring l-m-t in Tails, and it doesn't work out of
      the box. (Closes: #11074)
    - WhisperBack:
      * Actually write a string when saving bug report to
        disk. (Closes: #11133)
      * Add missing argument to OpenPGP dialog so the optional OpenPGP
        key can be added again. (Closes: #11033)

  * Minor improvements
    - Upgrade I2P to 0.9.24-1~deb8u+1.
    - Add support for viewing DRM protected DVD videos using
      libdvdcss2. Patch series submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #7674)
    - Automatically save KeePassX database after every change by default.
      (Closes: #11147)
    - Implement Tor stream isolation for WhisperBack
    - Delete unused tor-tsocks-mua.conf previously used by Claws
      Mail. (Closes: #10904)
    - Add set -u to all gettext:ized shell scripts. In gettext-base <
      1.8.2, like the one we had in Wheezy, gettext.sh references the
      environment variable ZSH_VERSION, which we do not set. This has
      prevented us from doing `set -u` without various hacks. (Closes:
      #9371)
    - Also set -e in some shell scripts which lacked it for no good
      reason.
    - Make Git verify the integrity of transferred objects. (Closes:
      #11107)
    - Remove LAlt+Shift and LShift+RShift keyboard layout toggling
      shortcuts. (Closes: #10913, #11042)

  * Test suite
    - Reorder the execution of feature to decrease peak disk
      usage. (Closes: #10503)
    - Paste into the GTK file chooser, instead of typing. (Closes:
      #10775)
    - Pidgin: wait a bit for text to have stopped scrolling before we
      click on it. (Closes: #10783)
    - Fix step that runs commands in GNOME Terminal, that was broken
      on Jessie when a Terminal is running already. (Closes: #11176)
    - Let ruby-rjb guess JAVA_HOME instead fixing on one jvm
      version. (Closes: #11190)

  * Build system
    - Upgrade build system to Debian Jessie. This includes migrating to a
      new Vagrant basebox based on Debian Jessie.
    - Rakefile: print git status when there are uncommitted
      changes. Patch submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #11108)
    - .gitignore: add .rake_tasks~. Patch submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #11134)
    - config/amnesia: use --show-field over sed filtering. Patch
      submitted by Chris Lamb <lamby@debian.org>.
    - Umount and clean up leftover temporary directories from old
      builds. (Closes: #10772)

 -- Tails developers <tails@boum.org>  Mon, 07 Mar 2016 18:09:50 +0100

tails (2.0.1) unstable; urgency=medium

  * Major new features and changes
    - Enable the Tor Browser's font fingerprinting protection
      (Closes: #11000). We do it for all browsers (including
      the Unsafe Browser and I2P Browser mainly to avoid making our
      automated test suite overly complex. This implied to set an appropriate
      working directory when launching the Tor Browser, to accommodate for
      the assumptions it makes about this.

  * Security fixes
    - Upgrade Tor Browser to 5.5.2 (Closes: #11105).

  * Bugfixes
    - Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
    - Add libgnome2-bin to installed packages list to provide gnome-open,
      which fixes URL handling at least in KeePassX, Electrum and Icedove
      (Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!

  * Minor improvements
    - Refactor and de-duplicate the chrooted browsers' configuration:
      prefs.js, userChrome.css (Closes: #9896).
    - Make the -profile Tor Launcher workaround simpler (Closes: #7943).
    - Move Torbutton environment configuration to the tor-browser script,
      instead of polluting the default system environment with it.
    - Refresh patch against the Tor Browser AppArmor profile
      (Closes: #11078).
    - Propagate Tor Launcher options via the wrapper.
    - Move tor-launcher script to /usr/local/bin.
    - Move tor-launcher-standalone to /usr/local/lib.
    - Move Tor Launcher env configuration closer to the place where it is used,
      for simplicity's sake.

  * Test suite
    - Mass update browser and Tor Launcher related images due to font change,
      caused by Tor Browser 5.5's font fingerprinting protection
      (Closes: #11097). And then, use separate PrintToFile.png for the browsers,
      and Evince, since it cannot be shared anymore.
    - Adjust to the refactored chrooted browsers configuration handling.
    - Test that Tor Launcher uses the correct Tor Browser libraries.
    - Allow more slack when verifying that the date that was set.
    - Bump a bit the timeout used when waiting for the remote shell.
    - Bump timeout for the process to disappear, when closing Evince.
    - Bump timeout when saving persistence configuration.
    - Bump timeout for bootstrapping I2P.

  * Build system
    - Remove no longer relevant places.sqlite cleanup procedure.

 -- Tails developers <tails@boum.org>  Fri, 12 Feb 2016 13:00:15 +0000

tails (2.0) unstable; urgency=medium

  * Major new features and changes
    - Upgrade to Debian 8 (Jessie).
    - Migrate to GNOME Shell in Classic mode.
    - Use systemd as PID 1, and convert all custom initscripts to systemd units.
    - Remove the Windows camouflage feature: our call for help to port
      it to GNOME Shell (issued in January, 2015) was unsuccessful.
    - Remove Claws Mail: Icedove is now the default email client
      (Closes: #10167).
    - Upgrade Tor Browser to 5.5 (Closes: #10858, #10983).

  * Security fixes
    - Minimally sandbox many services with systemd's namespacing features.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u3.
    - Upgrade Git to 1:2.1.4-2.1+deb8u1.
    - Upgrade Perl to 5.20.2-3+deb8u3.
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u5.
    - Upgrade FUSE to 2.9.3-15+deb8u2.
    - Upgrade isc-dhcp-client tot 4.3.1-6+deb8u2.
    - Upgrade libpng12-0 to 1.2.50-2+deb8u2.
    - Upgrade OpenSSH client to 1:6.7p1-5+deb8u1.

  * Bugfixes
    - Restore the logo in the "About Tails" dialog.
    - Don't tell the user that "Tor is ready" before htpdate is done
      (Closes: #7721).
    - Upgrader wrapper: make the check for free memory more accurate
      (Closes: #10540, #8263).
    - Allow the desktop user, when active, to configure printers;
      fixes regression introduced in Tails 1.1 (Closes: #8443).
    - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
      and showing errors while we make sure that Tor bootstraps, which could
      take a while.
    - Allow Totem to read DVDs, by installing apparmor-profiles-extra
      from jessie-backports (Closes: #9990).
    - Make memory erasure on shutdown more robust (Closes: #9707, #10487):
      · don't forcefully overcommit memory
      · don't kill the allocating task
      · make sure the kernel doesn't starve from memory
      · make parallel sdmem handling faster and more robust
    - Don't offer the option, in Tor Browser, to open a downloaded file with
      an external application (Closes: #9285). Our AppArmor confinement was
      blocking most such actions anyway, resulting in poor UX; bugfix on 1.3.
      Accordingly, remove the now-obsolete exception we had in the Tor
      Browser AppArmor profile, that allowed executing seahorse-tool.
    - Fix performance issue in Tails Upgrader, that made it very slow to apply
      an automatic upgrade; bugfix on 1.7 (Closes: #10757).
    - Use our wrapper script to start Icedove from the GNOME menus.
    - Make it possible to localize our Icedove wrapper script.
    - List Icedove persistence option in the same position where Claws Mail
      used to be, in the persistent volume assistant (Closes: #10832).
    - Fix Electrum by installing the version from Debian Testing
      (Closes: #10754). We need version >=2.5.4-2, see #9713;
      bugfix on 2.0~beta1. And, explicitly install python-qt4 to enable
      Electrum's GUI: it's a Recommends, and we're not pulling it ourselves
      via other means anymore.
    - Restore default file associations (Closes: #10798);
      bugfix on 2.0~beta1.
    - Update 'nopersistent' boot parameter to 'nopersistence'; bugfix on 0.12
      (Closes: #10831). Thanks to live-media=removable, this had no security
      impact in practice.
    - Repair dotfiles persistence feature, by adding a symlink from
      /lib/live/mount/persistence to /live/persistence; bugfix on 2.0~beta1
      (Closes: #10784).
    - Fix ability to re-configure an existing persistent volume using
      the GUI; bugfix on 2.0~beta1 (Closes: #10809).
    - Associate armored OpenPGP public keys named *.key with Seahorse,
      to workaround https://bugs.freedesktop.org/show_bug.cgi?id=93656;
      bugfix on 1.1 (Closes: #10889).
    - Update the list of enabled GNOME Shell extensions, which might fix
      the "GNOME Shell sometimes leaves Classic mode" bug seen in 2.0~beta1:
      · Remove obsolete "Alternative Status Menu", that is not shipped
        in Debian anymore.
      · Explicitly enable the GNOME Shell extensions that build
        the Classic mode.
    - Make _get_tg_setting() compatible with set -u (Closes: #10785).
    - laptop-mode-tools: don't control autosuspend. Some USB input
      devices don't support autosuspend. This change might help fix
      #10850, but even if it doesn't, it makes sense to me that we
      don't let laptop-mode-tools fiddle with this on a Live system
      (Closes (for now): #10850).

  * Minor improvements
    - Remove obsolete code from various places.
    - Tails Greeter:
      · hide all windows while logging in
      · resize and re-position the panel when the screen size grows
      · PostLogin: log into the Journal instead of a dedicated log file
      · use localectl to set the system locale and keyboard mapping
      · delete the Live user's password if no administration password is set
        (Closes: #5589)
      · port to GDBus greeter interface, and adjust to other GDM
        and GNOME changes
    - Tails Installer:
      · port to UDisks2, and from Qt4 to GTK3
      · adapt to work on other GNU/Linux operating systems than Tails
      · clean up enough upstream code and packaging bits to make it
        deserve being uploaded to Debian
      · rename everything from liveusb-creator to tails-installer
    - Port tails-perl5lib to GTK3 and UDisks2. In passing, do some minor
      refactoring and a GUI improvement.
    - Persistent Volume Assistant:
      · port to GTK3 and UDisks2
      · handle errors when deleting persistent volume (Closes: #8435)
      · remove obsolete workarounds
    - Don't install UDisks v1.
    - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
    - Adjust import-translations' post-import step for Tails Installer,
      to match how its i18n system works nowadays.
    - Use socket activation for CUPS, to save some boot time.
    - Set memlockd.service's OOMScoreAdjust to -1000.
    - Don't bother creating /var/lib/live in tails-detect-virtualization.
      If it does not exist at this point, we have bigger and more
      noticeable problems.
    - Simplify the virtualization detection & reporting system, and do it
      as a non-root user with systemd-detect-virt rather than virt-what.
    - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
      WhisperBack's logs handling accordingly.
    - Drop tails-save-im-environment.
      It's not been used since we stopped automatically starting the web browser.
    - Add a hook that aborts the build if any *.orig file is found. Such files
      appear mainly when a patch of ours is fuzzy. In most cases they are no big
      deal, but in some cases they end up being taken into account
      and break things.
    - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
    - Install gnome-tweak-tool.
    - Don't bother testing if we're using dependency based boot.
    - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
      This has been fixed in Jessie proper.
    - Don't install ipheth-utils anymore. It seems to be obsolete
      in current desktop environments.
    - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
    - Drop all custom fontconfig configuration, and configure fonts rendering
      via dconf.
    - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
      that was applied upstream.
    - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
      it brings new features we need.
    - Have the security check and the upgrader wait for Tor having bootstrapped
      with systemd unit ordering.
    - Get rid of tails-security-check's wrapper.
      Its only purpose was to wait for Tor to have bootstrapped,
      which is now done via systemd.
    - Don't allow the amnesia and tails-upgrade-frontend users to run
      tor-has-bootstrapped as root with sudo. They don't need it anymore,
      thanks to using systemd for starting relevant units only once Tor
      has bootstrapped.
    - Install python-nautilus, that enables MAT's context menu item in Nautilus.
      (Closes: #9151).
    - Configure GDM with a snippet file instead of patching its
      greeter.dconf-defaults.
    - WhisperBack:
      · port to Python 3 and GObject Introspection (Closes: #7755)
      · migrate from the gnutls module to the ssl one
      · use PGP/MIME for better attachments handling
      · migrate from the gnupginterface module to the gnupg one
      · natively support SOCKS ⇒ don't wrap with torsocks anymore
        (Closes: #9412)
      · don't try to include the obsolete .xession-errors in bug reports
        (Closes: #9966)
    - chroot-browser.sh: don't use static DISPLAY.
    - Simplify debugging:
      · don't hide the emergency shutdown's stdout
      · tails-unblock-network: trace commands so that they end up in the Journal
    - Configure the console codeset at ISO build time, instead of setting it
      to a constant via the Greeter's PostLogin.default.
    - Order the AppArmor policy compiling in a way that is less of a blocker
      during boot.
    - Include the major KMS modules in the initramfs. This helps seamless
      transition to X.Org when booting, and back to text mode on shutdown,
      can help for proper graphics hardware reinitialization post-kexec,
      and should improve GNOME Shell support in some virtual machines.
    - Always show the Universal Access menu icon in the GNOME panel.
    - Drop notification for not-migrated-yet persistence configuration,
      and persistence settings disabled due to wrong access rights.
      That migration happened more two years ago.
    - Remove the restricted network detector, that has been broken for too long;
      see #10560 for next steps (Closes: #8328).
    - Remove unsupported, never completed kiosk mode support.
    - clock_gettime_monotonic: use Perl's own function to get the integer part,
      instead of forking out to sed.
    - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
      and the implementation are obsolete on Jessie.
    - Lower potential for confusion (#8443), by removing system-config-printer.
      One GUI to configure printers is enough (Closes: #8505).
    - Add "set -u" to tails-unblock-network.
    - Add a systemd target whose completion indicates that Tor has bootstrapped,
      and use it everywhere sensible (Closes: #9393).
    - Disable udev's 75-persistent-net-generator.rules, to preventing races
      between MAC spoofing and interface naming.
    - Replace patch against NetworkManager.conf with drop-in files.
    - Replace resolvconf with simpler NetworkManager and dhclient configuration.
      (Closes: #7708)
    - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
      with 'systemctl disable' (Closes: #9881).
    - Replace patches that wrapped apps with torsocks with dynamic patching with
      a hook, to ease maintenance. Also, patch D-Bus services as needed
      (Closes: #10603).
    - Notify the user if running Tails inside non-free virtualization software
      that does not try to hide its nature (Closes: #5315).
      Thanks to Austin English <austinenglish@gmail.com> for the patch.
    - Declare htpdate.service as being needed for time-sync.target, to ensure
      that "services where correct time is essential should be ordered after
      this unit".
    - Convert some of the X session startup programs to `systemd --user' units.
    - Let the Pidgin wrapper pass through additional command-line arguments
      (Closes: #10383)
    - Move out of the $PATH a bunch of programs that users should generally
      not run directly: connect-socks, end-profile, getTorBrowserUserAgent,
      generate-tor-browser-profile, kill-boot-profile, tails-spoof-mac,
      tails-set-wireless-devices-state, tails-configure-keyboard,
      do_not_ever_run_me, boot-profile, tails-unblock-network,
      tor-controlport-filter, tails-virt-notify-user, tails-htp-notify-user,
      udev-watchdog-wrapper (Closes: #10658)
    - Upgrade I2P to 0.9.23-2~deb8u+1.
    - Disable I2P's time syncing support.
    - Install Torbirdy from official Jessie backports, instead of from
      our own APT repository (Closes: #10804).
    - Make GNOME Disks' passphrase strength checking new feature work,
      by installing cracklib-runtime (Closes: #10862).
    - Add support for Japanese in Tor Browser.
    - Install xserver-xorg-video-intel from Jessie Backports (currently:
      2.99.917-2~bpo8+1). This adds support for recent chips such as
      Intel Broadwell's HD Graphics (Closes: #10841).
    - Improve a little bit post-Greeter network unblocking:
      · Sleep a bit longer between deleting the blacklist, and triggering udev;
        this might help cure #9012.
      · Increase logging, so that we get more information next time someone
        sees #9012.
      · Touch /etc/modprobe.d/ after deleting the blacklist; this might help,
        in case all this is caused by some aufs bug.
    - Enable and use the Debian jessie-proposed-updates APT repository,
      anticipating on the Jessie 8.3 point-release (Closes: #10897).
    - Upgrade most firmware packages to 20160110-1.
    - Upgrade Intel CPU microcodes to 3.20151106.1~deb8u1.
    - Disable IPv6 for the default wired connection, so that
      NetworkManager does not spam the logs with IPv6 router
      solicitation failure. Note that this does not fix the problem
      for other connections (Partially closes: #10939).

  * Test suite
    - Adapt to the new desktop environment and applications' look.
    - Adapt new changed nmcli syntax and output.
    - New NetworkManager connection files must be manually loaded in Jessie.
    - Adapt to new pkexec behavior.
    - Adapt to how we now disable networking.
    - Use sysctl instead of echo:ing into /proc/sys.
    - Use oom_score_adj instead of the older oom_adj.
    - Adapt everything depending on logs to the use of the Journal.
    - Port to UDisks v2.
    - Check that the system partition is an EFI System Partition.
    - Add ldlinux.c32 to the list of bootloader files that are expected
      to be modified when we run syslinux (Closes: #9053).
    - Use apt(8) instead of apt-get(8).
    - Don't hide the cursor after opening the GNOME apps menu.
    - Convert the remote shell to into a systemd native service and a Python 3,
      script that uses the sd_notify facility (Closes: #9057). Also, set its
      OOM score adjustment value via its unit file, and not from the test suite.
    - Adjust to match where screenshots are saved nowadays.
    - Check that all system units have started (Closes: #8262)
    - Simplify the "too small device" test.
    - Spawn `poweroff' and `halt' in the background, and don't wait for them
      to return: anything else would be racy vs. the remote shell's stopping.
    - Bump video memory allocated to the system under test, to fix out of video
      memory errors.
    - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
      of a Pentium one: the latter makes GNOME Shell crash.
      See #8778 for details about how Mesa's CPU features detection has
      room for improvement.
    - Adjust free(1) output parsing for Jessie.
    - vm-execute: rename --type option to --spawn.
    - Add method to set the X.Org clipboard, and install its dependency
      (xsel) in the ISO.
    - Paste URLs in one go, to work around issue with lost key presses
      in the browser (Closes: #10467).
    - Reliably wait for Synaptic's search button to fade in.
    - Take into account that the sticky bit is not set on block devices
      on Jessie anymore.
    - Ensure that we can use a NetworkManager connection stored in persistence
      (Closes: #7966).
    - Use a stricter regexp when extracting logs for dropped packets.
    - Clone the host CPU for the test suite guests (Closes: #8778).
    - Run ping as root (aufs does not support file capabilities so we don't
      get cap_net_raw+ep, and if built on a filesystem that does support
      file capabilities, then /bin/ping is not setupd root).
    - Escape regexp special characters when constructing the firewall log
      parsing regexp, and pass -P to grep, since Ruby uses PCRE.
    - Adjust is_persistent?() helper to findmnt changes in Jessie.
    - Rework in depth how we measure pattern coverage in memory, with more
      reliable Linux OOM and VM settings, fundamental improvements
      in what exactly we measure, and custom OOM adjutments for fillram
      processes (Closes: #9705).
    - Use blkid instead of parted to determine the filesystem type.
    - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
      the tiny border of the in-viewer menu.
    - Remove now redundant desktop screenshot directory scenario.
    - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
    - Disable screen blanking in the automated test suite, which occasionally
      breaks some test cases (Closes: #10403).
    - Move upgrade scenarios to the feature dedicated to them.
    - Don't make libvirt storage volumes executable.
    - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
      as a breakpoint when debugging.
    - Drop non-essential Totem test that is mostly a duplicate, and too painful
      to be worth automating on Jessie.
    - Retry Totem HTTPS test with a new Tor circuit on failure.
    - Replace iptables status regexp-based parser with a new XML-based
      status analyzer: the previous implementation could not be adjusted
      to the new ip6tables' output (Closes: #9704).
    - Don't reboot in one instance when it is not needed.
    - Optimize memory erasure anti-test: block the boot to save CPU on the host.
    - Update I2P tests for Jessie, and generally make them more robust.
    - Update Electrum tests for 2.5.4-2 (Closes: #10758).
    - Add workaround for libvirt vs. guestfs permissions issue, to allow
      running the test suite on current Debian sid.
    - Fix buggy code, that happened to work by mistake, in the Seahorse
      test cases; bugfix on 1.8.
    - Update test suite images due to CSS change on Tails' website.
    - Adapt Tor Browser tests to work with the 5.5 series.
    - Automatically test downloading files in Tor Browser.
    - Remove obsolete scenario, that tested opening a downloaded file with
      an external application, which we do not support anymore.
    - Improve robustness of the "Tails OpenPGP keys" scenario (Closes: #10378).
    - Automatically test the "Diable all networking" feature (Closes: #10430).
    - Automatically test that SSH works over LAN (Closes: #9087).
    - Bump some statuc sleeps to fix a few race conditions (Closes: #5330).
    - Automatically test that an emergency shutdown triggers on boot
      medium removal (Closes: #5472).
    - Make the AppArmor checks actually detect errors (Closes: #10926).

  * Build system
    - Bump amount of disk space needed to build Tails with Vagrant.
      The addition of the Japanese Tor Browser tarball made us reach
      the limit of the previous value.

  * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
    - Free the fixed UIDs/GIDs we need before creating the corresponding users.
    - Replace the real gnome-backgrounds with a fake, equivs generated one
      (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
      which is too fat to ship considering we're not using it.
    - AppArmor: adjust CUPS profile to support our Live system environment
      (Closes: #8261):
      · Mangle lib/live/mount/overlay/... as usual for aufs.
      · Pass the the attach_disconnected flag, that's needed for compatibility
        with PrivateTmp.
    - Make sure we don't ship geoclue* (Closes: #7949).
    - Drop deprecated GDM configuration file.
    - Don't add the Live user to the deprecated 'fuse' group.
    - Drop hidepid mount option for /proc (Closes: #8256). In its current,
      simplistic form it cannot be supported by systemd.
    - Don't manually load acpi-cpufreq at boot time. It fails to load
      whenever no device it supports is present, which makes the
      systemd-modules-load.service fail. These days, the kernel
      should just automatically load such modules when they are needed.
    - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
    - Disable the GDM unit file's Restart=always, that breaks our "emergency
      shutdown on boot medium removal" feature.
    - Update the implementation of the memory erasure on shutdown feature:
      · check for rebooting state using systemctl, instead of the obsolete
        $RUNLEVEL (Closes: #8306)
      · the kexec-load initscript normally silently exits unless systemd is
        currently running a reboot job. This is not the case when the emergency
        shutdown has been triggered, so we removed this check
      · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
      · don't (try to) switch to tty1 on emergency shutdown: it apparently
        requires data that we haven't locked into memory, and then it blocks
        the whole emergency shutdown process
    - Display a slightly darker version of the desktop wallpaper on the screen
      saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
    - Disable software autorun from external media.
    - Disable a few unneeded D-Bus services. Some of these services are
      automatically started (via D-Bus activation) when GNOME Shell tries
      to use them. The only "use" I've seen for them, except eating
      precious RAM, is to display "No appointment today" in the calendar pop-up.
      (Closes: #9037)
    - Prevent NetworkManager services from starting at boot time
      (Closes: #8313). We start them ourselves after changing the MAC address.
    - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
    - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
      places where we configure keyboard layout and input methods: both are now
      configured in the same place in Jessie's GNOME.
    - Migrate panel launchers to the favorite apps list (Closes: #7992).
    - Drop pre-GNOME Shell menu tweaks.
    - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
    - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
      and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
      functionality from the GNOME user menu, and makes Restart and Shutdown
      immediate, without further user interaction. Accordingly remove our custom
      Shutdown Helper panel applet (#8302).
    - Drop GNOME Panel configuration, now deprecated.
    - Disable GNOME Shell's screen lock feature.
      We're not there yet (see #5684).
    - Disable GNOME Shell screen locker's user switch feature.
    - Explicitly install libany-moose-perl (Closes: #8051).
      It's needed by our OpenPGP applet. On Wheezy, this package was pulled
      by some other dependency. This is not the case anymore on Jessie.
    - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
      over this functionality (Closes: #7481).
    - Don't install ntfsprogs: superseded on Jessie.
    - Don't install barry-util: not part of Jessie.
    - Link udev-watchdog dynamically, and lock it plus its dependencies
      in memory.
    - Migrate from gdm-simple-greeter to a custom gdm-tails session
      (Closes: #7599).
    - Update Plymouth installation and configuration:
      · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
        packages list pulls console-common in, which plymouth now conflicts with
      · don't patch the plymouth initscript anymore, that was superseded
        by native systemd unit files
      · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
        to prevent them from occupying the active TTY with an (empty) splash
        screen on shutdown/reboot, that would hide the messages we want to show
        to the user via tails-kexec (Closes: #9032)
    - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
      (Closes: #7898).
    - Explicitly install syslinux-efi, that we need and is not automatically
      pulled by anything else anymore.
    - Workaround #7248 for GDM: use a solid blue background picture,
      instead of a solid color fill, in the Greeter session.
    - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
    - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
    - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
    - Remove obsolete dconf screenshot settings and the corresponding test.
    - Drop our patched python-dbus{,-dev} package (Closes: #9177).
    - live-persist: stop overriding live-boot's functions, we now have
      a recent enough blkid.
    - Adjust sdmem initramfs bits for Jessie:
      · Directly call poweroff instead of halt -p.
      · Don't pass -n to poweroff and reboot, it's not supported anymore.
    - Wrap text in the Unsafe Browser startup warning dialog
      (Jessie's zenity does not wrap it itself).
    - Associate application/pgp-keys with Seahorse's "Import Key" application
      (Closes: #10571).
    - Install topIcons GNOME Shell extension (v28), to work around the fact
      that a few of the applets we use hijack the notification area.
    - "cd /" to fix permissions issue at tails-persistence-setup startup
      (Closes: #8097).
    - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
    - Adjust APT sources configuration:
      · remove explicit jessie and jessie-updates sources:
        automatically added by live-build
      · add Debian testing
      · add jessie-backports
    - Firewall: white-list access to the accessibility daemon (Closes: #8075).
    - Adjust to changed desktop notification behavior and supported feature set
      (Closes: #7989):
      · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
        to notify-send
      · update waiting for a notification handler: gnome-panel and nm-applet
        are obsolete, GNOME Shell is now providing this facility, so instead
        wait for a process that starts once GNOME Shell is ready, namely
        ibus-daemon (Closes: #8685)
      · port tails-warn-about-disabled-persistence and tails-virt-notify-user
        to notification actions (instead of hyperlinks), and make the latter
        transient; to this end, add support to Desktop::Notify for "hints"
        and notification actions
      · tails-security-check: use a dialog box instead of desktop notifications
      · MAC spoofing failure notification: remove the link to the documentation;
        it was broken on Tails/Wheezy already, see #10559 for next steps
    - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
      whenever the Greeter does not pull them in anymore.
    - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
    - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
      ourselves for seccomp support anymore.
    - Wrap Seahorse with torsocks when it is started as a D-Bus service too
      (Closes: #9792).
    - Rename the AppArmor profile for Tor, so it applies to the system-wide
      Tor service we run (Closes: #10528).
    - Essentially revert ALSA state handling to how it was pre-Jessie, so that
      mixer levels are unmuted and sanitized at boot time (Closes: #7591).
    - Pass --yes to apt-get when installing imagemagick.
    - Make removable devices, that we support installing Tails to, user writable:
      Tails Installer requires raw block device access to such devices
      (Closes: #8273). Similarly, allow the amnesia user, when active, to open
      non-system devices for writing with udisks2. This is roughly udisks2's
      equivalent of having direct write access to raw block storage devices.
      Here too, Tails Installer uses this functionality.
    - Disable networkd to prevent any risk of DNS leaks it might cause; and
      disable timesyncd, as we have our own time synchronization mechanism.
      They are not enabled by default in Jessie, but may be in Stretch,
      so let's be explicit about it.
    - Mask hwclock-save.service, to avoid sync'ing the system clock
      to the hardware clock on shutdown (Closes: #9363).
    - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
      (Closes: #9963)
    - Explicitly use tor@default.service when it's the one we mean.
    - Refactor GNOME/X env exporting to Tails' shell library, and grab
      more of useful bits of the desktop session environment.
      Then, use the result in the test suite's remote shell.
    - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
      automatically (Closes: #10609).
    - Have systemd hardening let Tor modify its configuration (needed by Tor
      Launcher), and start obfs4proy (Closes: #10696, #10724).
    - Bump extensions.adblockplus.currentVersion and
      extensions.enigmail.configuredVersion to match what we currently get
      on Jessie.
    - I2P: switch from 'service' to 'systemctl' where possible.

 -- Tails developers <tails@boum.org>  Mon, 25 Jan 2016 18:06:33 +0100

tails (1.8.2) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.0.7.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u2.
    - Upgrade foomatic-filters to 4.0.17-1+deb7u1.
    - Upgrade git to 1:1.7.10.4-1+wheezy2.
    - Upgrade Icedove to 38.5.0-1~deb7u1.
    - Upgrade libxml2-related packages to 2.8.0+dfsg1-7+wheezy5.
    - Upgrade OpenSSL-related packages to 1.0.1e-2+deb7u19.
    - Upgrade libsmbclient to 2:3.6.6-6+deb7u6.

 -- Tails developers <tails@boum.org>  Sat, 09 Jan 2016 16:27:27 +0100

tails (1.8.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.0.6.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u1
    - Upgrade gdkpixbuf to 2.26.1-1+deb7u3
    - Upgrade bind9 tools to 1:9.8.4.dfsg.P1-6+nmu2+deb7u8

  * Bugfixes
    - Fix time synchronization in bridge mode by refreshing our patch
      against Tor's AppArmor profile.

 -- Tails developers <tails@boum.org>  Fri, 18 Dec 2015 19:05:18 +0000

tails (1.8) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
    - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
    - Upgrade wpasupplicant to 1.0-3+deb7u3.
    - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
    - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
    - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
    - Upgrade dpkg to 1.16.17.
    - Upgrade gnutls26 to 2.12.20-8+deb7u4.
    - Upgrade Icedove to 1:38.0.1-1~deb7u1.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u18.

  * Bugfixes
    - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
      should work again. Note that the documentation has not been
      adapted to the slight changes in the Electrum account setup
      wizard yet.

  * Minor improvements
    - Upgrade I2P to 0.9.23-2~deb7u+1.
    - Rebase our patch against the Tor Browser AppArmor profile on top
      of the one shipped in torbrowser-launcher 0.2.1-2.
    - Warn if the claws-mail persistence is enabled and contains a
      Claws Mail configuration when starting icedove. (Closes: #10458)
    - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
      #10739)
    - Remove the Claws Mail persistence feature from the Persistence
      Assistant. (Closes: #10742)

  * Build system
    - Simplify ISO image naming rules by using the base rule we use
      for Jenkins all the time, except when building from a tag
      (i.e. building a release).  (Closes: #10349)

  * Test suite
    - Lower the waiting time for USB installation in the test suite.
      So far we were waiting up to one hour, which is just the same as
      our Jenkins inactivity timeout, so in practice when Tails
      Installer fails and displays an error message, instead of
      reporting that the job failed (which is the point of the
      exercise) we abort the job due to this timeout which
      communicates less clearly that there's probably a bug. (Closes:
      #10718)
    - Remove the check for the sound icon in the systray in the
      Windows Camouflage tests. (Closes: #10493)
    - Retry running whois when "LIMIT EXCEEDED" is in its output for
      increased robustness. (Closes: #10523)
    - Make Seahorse tests more robust. (Closes: #9095, #10501)
    - Make the handling of Pidgin's account manager more robust.
      (Closes: #10506)

 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2015 23:07:19 +0100

tails (1.7) unstable; urgency=medium

  * Major new features and changes
    - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
    - Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
      improvements via the Torbirdy add-on, and complete persistence
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Tails in a future
      release. (Closes: #6151, #9498, #10285)
    - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
      enabled similar (but inferior) functionality for *all*
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)
    - Add an option to Tails Greeter which disables networking
      completely. This is useful when intending to use Tails for
      offline work only. (Closes: #6811)

  * Security fixes
    - Fix CVE-2015-7665, which could lead to a network interface's IP
      address being exposed through wget. (Closes: #10364)
    - Prevent a symlink attack on ~/.xsession-errors via
      tails-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)
    - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
    - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
    - Upgrade unzip to 6.0-8+deb7u4.

  * Bugfixes
    - Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)
    - Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)

  * Minor improvements
    - Rework the wordings of the various installation and upgrade
      options available in Tails installer in Wheezy. (Closes: #9672)
    - Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)
    - Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.
    - Update the Tails signing key. (Closes: #10012)
    - Update the Tails APT repo signing key. (Closes: #10419)
    - Install the nmh package. (Closes: #10457)
    - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.

  * Test suite
    - Add initial automated tests for Icedove. (Closes: #10332)
    - Add automated tests of the MAC spoofing feature. (Closes: #6302)
    - Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)
    - Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)
    - Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)
    - Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:
      #10219)
    - Extract TBB languages from the Tails source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)
    - Automatically test that tails-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.
    - Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)
    - Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via `--out`. (Closes: #10342)
    - Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)
    - Add more automatic tests for I2P. (Closes: #6406)
    - Bump the Tor circuit retry count to 10. (Closes: #10375)
    - Clean up dependencies: (Closes: #10208)
      * libxslt1-dev
      * radvd
      * x11-apps

 -- Tails developers <tails@boum.org>  Tue, 03 Nov 2015 01:09:41 +0100

tails (1.6) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
    - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
    - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
    - Upgrade libslp1 to 1.2.1-9+deb7u1.
    - Upgrade ssl-cert to 1.0.32+deb7u1.

  * Bugfixes
    - Fix a corner case for the MAC spoofing panic mode. If panic mode
      failed to disable the specific device that couldn't be spoofed
      (by unloading the module) we disable networking. Previously we
      only stopped NetworkManager. The problem is that NM isn't even
      started at this time, but will specifically be started when
      we're done with MAC spoofing. Therefore, let's completely
      disable NetworkManager so it cannot possibly be
      started. (Closes: #10160)
    - Avoid use of uninitialized value in restricted-network-detector.
      If NetworkManager decides that a wireless connection has timed
      out before "supplicant connection state" has occued, our idea of
      the state is `undef`, so it cannot be used in a string
      comparison. Hence, let's initialize the state to the empty
      string instead of `undef`. Also fix the state
      recording. Apparently NetworkManager can say a few different
      things when it logs the device state transitions. (Closes:
      #7689)

  * Minor improvements
    - Remove workaround for localizing search engine plugins. The
      workaround has recently become unnecessary, possibly due to the
      changes made for the seach bar after the Tor Browser was rebased
      on Firefox 38esr. (Closes: #9146)
    - Refer to the I2P Browser in the I2P notifications. Instead of
      some obscure links that won't work in the Tor Browser, where
      users likely will try them, and which I believe will open them
      by default. (Closes: #10182)
    - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
      enforce mode. (Closes: #9830)

  * Test suite
    - Test that udev-watchdog is monitoring the correct device when
      booted from USB. (Closes: #9890)
    - Remove unused 'gksu' step. This causes a false-positive to be
      found for #5330. (Closes: #9877)
    - Make --capture capture individual videos for failed scenarios
      only, and --capture-all to capture videos for all scenarios.
      (Closes: #10148)
    - Use the more efficient x264 encoding when capturing videos using
      the --capture* options. (Closes: #10001)
    - Make --old-iso default to --iso if omitted. Using the same ISO
      for the USB upgrade tests most often still does what we want,
      e.g. test that the current version of Tails being tested has a
      working Tails installer. Hence this seems like a reasonable
      default. (Closes: #10147)
    - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
      throw a new dedicated FindAnyFailed exception if these fail
      instead. Rjb::throw doesn't block Ruby's execution until the
      Java exception has been received by Ruby, so strange things can
      happen and we must avoid it. (Closes: #9633)
    - Fix the Download Management page in our browsers. Without the
      browser.download.panel.shown pref set, the progress being made
      will not update until after the browser has been restarted.
      (Closes: #8159)
    - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
      that deals with debugging instead of printing it to STDERR via
      the `--debug` option (which now has been removed). This gives us
      the full flexibility of Cucumber's formatter system, e.g. one
      easy-to-read formatter can print to the terminal, while we get
      the full debug log printed to a file. (Closes: #9491)
    - Import logging module in otr-bot.py. Our otr-bot.py does not use
      logging but the jabberbot library makes logging calls, causing a
      one-off message “No handlers could be found for logger
      "jabberbot"” to be printed to the console. This commit
      effectively prevents logging/outputting anything to the terminal
      which is at a level lower than CRITICAL. (Closes: 9375)
    - Force new Tor circuit and reload web site on browser
      timeouts. (Closes: #10116)
    - Focus Pidgin's buddy list before trying to access the tools
      menu. (Closes: #10217)
    - Optimize IRC test using waitAny. If connecting to IRC fails,
      such as when OFTC is blocking Tor, waiting 60 seconds to connect
      while a a Reconnect button is visible is sub-optimal. It would
      be better to try forcing a new Tor circuit and clicking the
      reconnect button. (Closes: #9653)
    - Wait for (and focus if necessary) Pidgin's Certificate windows.
      (Closes: #10222)

 -- Tails developers <tails@boum.org>  Sun, 20 Sep 2015 17:47:26 +0000

tails (1.5.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
    - Upgrade libnss3 to 2:3.14.5-1+deb7u5.

  * Bugfixes
    - Refresh Tor Browser AppArmor profile patch. The old one doesn't
      apply on top of testing's torbrowser-launcher anymore.

  * Build system
    - Make sure Jenkins creates new jobs to build the testing branch
      after freezes. (Closes: #9925)

 -- Tails developers <tails@boum.org>  Fri, 28 Aug 2015 01:52:14 +0200

tails (1.5) unstable; urgency=medium

  * Major new features and changes
    - Move LAN web browsing from Tor Browser to the Unsafe Browser,
      and forbid access to the LAN from the former. (Closes: #7976)
    - Install a 32-bit GRUB EFI boot loader. This at least works
      on some Intel Baytrail systems. (Closes: #8471)

  * Security fixes
    - Upgrade Tor Browser to 5.0, and integrate it:
      · Disable Tiles in all browsers' new tab page.
      · Don't use geo-specific search engine prefs in our browsers.
      · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
        Marketplace), and the "Share this page" button in the Tool bar.
      · Generate localized Wikipedia search engine plugin icons so the
        English and localized versions can be distinguished in the new
        search bar. (Closes: #9955)
    - Fix panic mode on MAC spoofing failure. (Closes: #9531)
    - Deny Tor Browser access to global tmp directories with AppArmor,
      and give it its own $TMPDIR. (Closes: #9558)
    - Tails Installer: don't use a predictable file name for the subprocess
      error log. (Closes: #9349)
    - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
      which is too wide-open.
    - Use aliases so that our AppArmor policy applies to
      /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
      it applies to /. And accordingly:
      · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
      · Install rsyslog from wheezy-backports, since the version from Wheezy
        conflicts with AppArmor 2.9.
      · Stop installing systemd for now: the migration work is being done in
        the feature/jessie branch, and it conflicts with rsyslog from
        wheezy-backports.
      · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
      · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
      · Take into account aufs whiteouts in the system_tor profile.
      · Adjust the Vidalia profile to take into account Live-specific paths.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
    - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    - Upgrade libexpat1 to 2.1.0-1+deb7u2.
    - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  * Bugfixes
    - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.

  * Minor improvements
    - Tails Installer: let the user know when it has rejected a candidate
      destination device because it is too small. (Closes: #9130)
    - Tails Installer: prevent users from trying to "upgrade" a device
      that contains no Tails, or that was not installed with Tails Installer.
      (Closes: #5623)
    - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
      support for the OTRv3 protocol and for multiple concurrent connections
      to the same account. (Closes: #9513)
    - Skip warning dialog when starting Tor Browser while being offline,
      in case it is already running. Thanks to Austin English for the patch!
      (Closes: #7525)
    - Install the apparmor-profiles package (Closes: #9539), but don't ship
      a bunch of AppArmor profiles we don't use, to avoid increasing
      boot time. (Closes: #9757)
    - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
      of patching /etc/apparmor.d/tunables/home.
    - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
      is actually used as the read-write branch of the root filesystem's union
      mount, is visible. As a consequence:
      · One can now inspect how much space is used, at a given time, in the
        read-write branch of the root filesystem's union mount.
      · We can make sure our AppArmor policy works fine when that filesystem
        is visible, which is safer in case e.g. live-boot's behavior changes
        under our feet in the future... or in case these "hidden" files are
        actually accessible somehow already.

  * Build system
    - Add our jenkins-tools repository as a Git submodule, and replace
      check_po.sh with a symlink pointing to the same script in that submodule.
      Adjust the automated test suite accordingly. (Closes: #9567)
    - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
      particular the inclusion of the Tor Browser 5.0 series has recently
      increased the amount of space needed to build Tails. (Closes: #9901)

  * Test suite
    - Test that the Tor Browser cannot access LAN resources.
    - Test that the Unsafe Browser can access the LAN.
    - Installer: test new behavior when trying to upgrade an empty device, and
      when attempting to upgrade a non-Tails FAT partition on GPT; also, take
      into account that all unsupported upgrade scenarios now trigger
      the same behavior.
    - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
      on failure. (Closes: #9518, #9709)
    - run_test_suite: remove control chars from log file even when cucumber
      exits with non-zero. (Closes: #9376)
    - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
    - Use custom exception when 'execute_successfully' fails.
    - Retry looking up whois info on transient failure. (Closes: #9668)
    - Retry wget on transient failure. (Closes: #9715)
    - Test that Tor Browser cannot access files in /tmp.
    - Allow running the test suite without ntp installed. There are other means
      to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
      (Closes: #9651)
    - Bump timeout in the Totem feature.
    - Grep memory dump using the --text option. This is necessary with recent
      versions of grep, such as the one in current Debian sid, otherwise it
      will count only one occurrence of the pattern we're looking for.
      (Closes: #9759)
    - Include execute_successfully's error in the exception, instead
      of writing it to stdout via puts. (Closes: #9795)
    - Test that udev-watchdog is actually monitoring the correct device.
      (Closes: #5560)
    - IUK: workaround weird Archive::Tar behaviour on current sid.
    - Test the SocksPort:s given in torrc in the Unsafe Browser.
      This way we don't get any sneaky errors in case we change them and
      forget to update this test.
    - Directly verify AppArmor blocking of the Tor Browser by looking in
      the audit log: Firefox 38 does no longer provide any graphical feedback
      when the kernel blocks its access to files the user wants to access.
    - Update browser-related automated test suite images, and workaround
      weirdness introduced by the new Tor Browser fonts.
    - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
      via alternate, live-boot generated paths.
    - Adjust tests to cope with our new AppArmor aliases.
    - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)

 -- Tails developers <tails@boum.org>  Mon, 10 Aug 2015 19:12:58 +0200

tails (1.4.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
      isolation bugfix. (Closes: #9560)
    - AppArmor: deny Tor Browser access to the list of recently used files.
      (Closes: #9126)
    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
    - Upgrade Linux to 3.16.7-ckt11-1.
    - Upgrade CUPS to 1.5.3-5+deb7u6.
    - Upgrade FUSE to 2.9.0-2+deb7u2.
    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.

  * Bugfixes
    - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
    - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
      (Closes: #9416)
    - Partially fix the truncated notifications issue. (#7249)

  * Minor improvements
    - Disable the hwclock.sh initscript at reboot/shutdown time.
      This is an additional safety measure to ensure that the hardware clock
      is not modified. (Closes: #9364)
    - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
      (Closes: #9417)
    - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
      profile shipped with torbrowser-launcher 0.2.0-1.
    - Add the jessie/updates APT repo and set appropriate pinning.
    - Upgrade Electrum to 1.9.8-4~bpo70+1.
    - Upgrade kernel firmware packages to 0.44.

  * Build system
    - Install the Linux kernel from Debian Jessie. (Closes: #9341)
    - Remove files that are not under version control when building in Jenkins.
      (Closes: #9406)
    - Don't modify files in the source tree before having possibly merged
      the base branch into it. (Closes: #9406)
    - Make it so eatmydata is actually used during a greater part of the build
      process. This includes using eatmydata from wheezy-backports.
      (Closes: #9419, #9523)
    - release script: adjust to support current Debian sid.

  * Test suite
    - Test the system clock sanity check we do at boot. (Closes: #9377)
    - Remove the impossible "Clock way in the past" scenarios.
      Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
      these scenarios cannot happen, and since we test that it works they
      can be safely removed.
    - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
    - Pidgin: retry looking for the roadmap URL in the topic.
    - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
      (Closes: #9317)
    - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
    - Check that notification-daemon is running when looking for notifications
      fails. (Closes: #9332)
    - Allow using the cucumber formatters however we want. (Closes: #9424)
    - Enable Spice in the guest, and blacklist the psmouse kernel module,
      to help with lost mouse events. (Closes: #9425)
    - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
    - Test that Seahorse is configured to use the correct keyserver.
      (Closes: #9339)
    - Always export TMPDIR back to the test suite's shell environment.
      (Closes: #9479)
    - Make OpenPGP tests more reliable:
      · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
      · Retry accessing menus in Seahorse on failure. (Closes: #9344)
    - Focus the Pidgin conversation window before any attempt to interact
      with it. (Closes: #9317)
    - Use convertkey from the (backported to Jessie) Debian package,
      instead of our own copy of that script. (Closes: #9066)
    - Make the memory erasure tests more robust (Closes: #9329):
      · Bump /proc/sys/vm/min_free_kbytes when running fillram.
      · Actually set oom_adj for the remote shell when running fillram.
      · Try to be more sure that we OOM kill fillram.
      · Run fillram as non-root.
    - Only try to build the storage pool if TailsToasterStorage isn't found.
      (Closes: #9568)

 -- Tails developers <tails@boum.org>  Sun, 28 Jun 2015 19:46:25 +0200

tails (1.4) unstable; urgency=medium

  * Major new features
    - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
      introduces many major new features for usability, security and
      privacy. Unfortunately its per-tab circuit view did not make it
      into Tails yet since it requires exposing more Tor state to the
      user running the Tor Browser than we are currently comfortable
      with. (Closes: #9031, #9369)
    - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
      bundled with the Tor Browser, we patch it so that circuits used
      for SOCKSAuth streams have their lifetime increased indefinitely
      while in active use. This currently only affects the Tor Browser
      in Tails, and should improve the experience on certain web sites
      that otherwise would switch language or log you out every ten
      minutes or so when Tor switches circuit. (Closes: #7934)

  * Security fixes
    - tor-browser wrapper script: avoid offering avenues to arbitrary
      code execution to e.g. an exploited Pidgin. AppArmor Ux rules
      don't sanitize $PATH, which can lead to an exploited application
      (that's allowed to run this script unconfined, e.g. Pidgin)
      having this script run arbitrary code, violating that
      application's confinement. Let's prevent that by setting PATH to
      a list of directories where only root can write. (Closes: #9370)
    - Upgrade Linux to 3.16.7-ckt9-3.
    - Upgrade curl to 7.26.0-1+wheezy13.
    - Upgrade dpkg to 1.16.16.
    - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
    - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
    - Upgrade openldap to 2.4.31-2.
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
    - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
    - Upgrade libtasn1-3 to 2.13-2+deb7u2.
    - Upgrade libx11 to 2:1.5.0-1+deb7u2.
    - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
    - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
    - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
    - Upgrade ppp to 2.4.5-5.1+deb7u2.

  * Bugfixes
    - Disable security warnings when connecting to POP3 and IMAP ports.
      (Closes: #9327)
    - Make the Windows 8 browser theme compatible with the Unsafe and I2P
      browsers. (Closes: #9138)
    - Hide Torbutton's "Tor Network Settings..." context menu entry.
      (Closes: #7647)
    - Upgrade the syslinux packages to support booting Tails on
      Chromebook C720-2800. (Closes: #9044)
    - Enable localization in Tails Upgrader. (Closes: #9190)
    - Make sure the system clock isn't before the build date during
      early boot. Our live-config hook that imports our signing keys
      depend on that the system clock isn't before the date when the
      keys where created. (Closes: #9149)
    - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
      us from getting GNOME's default keyserver in addition to our
      own. (Closes: #9233)
    - Prevent Firefox from crashing when Orca is enabled: grant
      it access to assistive technologies in its Apparmor
      profile. (Closes: #9261)
    - Add Jessie APT source. (Closes: #9278)
    - Fix set_simple_config_key(). If the key already existed in the
      config file before the call, all other lines would be removed
      due to the sed option -n and p combo. (Closes: #9122)
    - Remove illegal instance of local outside of function definition.
      Together with `set -e` that error has prevented this script from
      restarting Vidalia, like it should. (Closes: #9328)

  * Minor improvements
    - Upgrade I2P to 0.9.19-3~deb7u+1.
    - Install Tor Browser's bundled Torbutton instead of custom .deb.
      As of Torbutton 1.9.1.0 everything we need has been upstreamed.
    - Install Tor Browser's bundled Tor Launcher instead of our
      in-tree version. With Tor 0.2.6.x our custom patches for the
      ClientTransportPlugin hacks are not needed any more. (Closes:
      #7283)
    - Don't install msmtp and mutt. (Closes: #8727)
    - Install fonts-linuxlibertine for improved Vietnamese support in
      LibreOffice. (Closes: #8996)
    - Remove obsoletete #i2p-help IRC channel from the Pidgin
      configuration (Closes: #9137)
    - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
      Bliminse for the patch. (Closes: #9069).
    - Install printer-driver-gutenprint to support more printer
      models. (Closes: #8994).
    - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
    - Hide the Tor logo in Tor Launcher. (Closes: #8696)
    - Remove useless log() instance in tails-unblock-network. (Closes:
      #9034)
    - Install cdrdao: this enables Brasero to burn combined data/audio
      CDs and to do byte-to-byte disc copy.
    - Hide access to the Add-ons manager in the Unsafe Browser. It's
      currently broken (#9307) but we any way do not want users to
      install add-ons in the Unsafe Browser. (Closes: #9305)
    - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
      The default value of this option activates warnings on ports
      23,109,110,143. This commit disables the warnings for POP3 and
      IMAP as these could be equally used in encrypted StartTLS
      connections. (Closes: #9327)
    - Completely rework how we localize our browser by generating our
      branding add-on, and search plugins programatically. This
      improves the localization for the ar, es, fa, ko, nl, pl, ru,
      tr, vi and zh_CN locales by localizing the Startpage and
      Disconnect.me search plugins. Following Tor Browser 4.5's recent
      switch, we now use Disconnect.me as the default search
      engine. (Closes: #9309)
    * Actively set Google as the Unsafe Browser's default search
      engine.

  * Build system
    - Encode in Git which APT suites to include when building Tails.
      (Closes: #8654)
    - Clean up the list of packages we install. (Closes: #6073)
    - Run auto/{build,clean,config} under `set -x' for improved
      debugging.
    - Zero-pad our ISO images so their size is divisible by 2048.
      The data part of an ISO image's sectors is 2048 bytes, which
      implies that ISO images should always have a size divisible
      by 2048. Some applications, e.g. VirtualBox, use this as a sanity
      check, treating ISO images for which this isn't true as garbage.
      Our isohybrid post-processing does not ensure this,
      however. Also Output ISO size before/after isohybrid'ing and
      truncate'ing it. This will help detect if/when truncate is
      needed at all, so that we can report back to syslinux
      maintainers more useful information. (Closes: #8891)
    - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
      goal here is to avoid Tor Browser tarballs being deleted by
      apt-cacher-ng's daily expiration cronjob: they're not listed in
      any APT repo's index file, so acng will be quite eager to clean
      them up.

  * Test suite
    - Bring dependency checks up-to-date (Closes: #8988).
    - Adapt test suite to be run on Debian Jessie, which includes
      removing various Wheezy-specific workarounds, adding a few
      specific to Jessie, migrating from ffmpeg to libav, and
      more. (Closes: #8165)
    - Test that MAT can see that a PDF is dirty (Closes: #9136).
    - Allow throwing Timeout::Error in try_for() blocks, as well as
      nested try_for() (Closes: #9189, #9290).
    - Read test suite configuration files from the features/config/local.d
      directory. (Closes: #9220)
    - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
      zombie processes from appearing. (Closes: #9139)
    - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
      it to properly clean up. (Closes: #8707)
    - Split SSH & SFTP configs in the test suite. (Closes: #9257)
    - Improve how we start subprocesses in the test suite, mostly by
      bypassing the shell for greater security and robustness (Closes:
      #9253)
    - Add Electrum test feature. (Closes #8963)
    - Test that Tails Installer detects when USB devices are
      removed. (Closes: #9131)
    - Test Tails Installer with devices which are too small. (Closes:
      #9129)
    - Test that the Report an Error launcher works in German. (Closes:
      #9143)
    - Verify that no extensions are installed in the Unsafe Browser
      using about:support instead of about:addons, which is broken
      (#9307). (Closes: #9306)
    - Retry GNOME application menu actions when they glitch. The
      GNOME application menus seem to have issues with clicks or
      hovering actions not registering, and hence sometimes submenus
      are not opened when they should, and sometimes clicks on the
      final application shortcut are lost. There seems to be a
      correlation between this and CPU load on the host running the
      test suite. We workaround this by simply re-trying the last
      action when it seems to fail. (Closes: #8928)
    - Work around Seahorse GUI glitchiness (Closes: #9343):
      * When Seahorse appears to be frozen--apparently due to network
        issues--it can often be worked around by refreshing the screen
        or activating a new window.
      * Open Seahorse's preferences dialog using the mouse.
      * Access menu entries with the mouse.
    - Wait for systray icons to finish loading before interacting with
      the systray. (Closes: #9258)
    - Test suite configuration: generalize local.d support to *.d. We
      now load features/config/*.d/*.yml.
    - Use code blocks in "After Scenario" hooks. This is much simpler
      to use (and more readable!) compared to hooking functions and
      arguments like we used to do.
    - Create filesystem share sources in the temporary directory and
      make them world-readable. (Closes: #8950)

 -- Tails developers <tails@boum.org>  Mon, 11 May 2015 16:45:04 +0200

tails (1.3.2) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u16.

  * Bugfixes
    - Make Florence usable with touchpads by forcing syndaemon to
      always use the `-t` option, which only disables tapping and
      scrolling and not mouse movements (Closes: #9011).
    - Make tails-spoof-mac log the correct macchanger exit code on
      failure (Closes: #8687).
    - Tails Installer:
      · Ignore devices with less than 3.5 GB of storage since they
        do not fit a Tails installation (Closes: #6538).
      · Remove devices from the device list as they are unplugged
        (Closes: #8691).

  * Minor improvements
    - Install obfs4proxy 0.0.4-1~tpo1, which adds support for
      client-mode ScrambleSuit.
    - Don't start Vidalia if Windows Camouflage is enabled. (Closes:
      #7400)
    - I2P Browser:
      · Remove "Add-ons" from the Tools menu, and hide "Keyboard
        Shortcuts" and "Take a Tour" since they point to resources on
        the open Internet (Closes: #7970).
      · Hide TorButton button from the customize toolbar options, and
        remove configs whose only purpose was to make Torbutton "green"
        (Closes: #8893).

  * Test suite
    - New tests:
      · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server"
        (Closes: #6308).
      · Verify that Tails' Tor binary has the expected Tor authorities
        hard coded (Closes: #8960).
    - Improvements:
      · Programmatically determine the supported languages when testing
        the Unsafe Browser (Closes: #8918).
      · Rename --temp-dir to --tmpdir and make it behave more like
        mktemp, and honour TMPDIR if set in the environment. (Closes:
        #8709).
    - Bugfixes:
      · Make --temp-dir (now --tmpdir) actually work.

 -- Tails developers <tails@boum.org>  Mon, 30 Mar 2015 16:54:20 +0200

tails (1.3.1) unstable; urgency=medium

  * Security fixes
    - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses:
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
    - Upgrade Linux to 3.16.7-ckt7-1.
    - Upgrade libxfont to 1:1.4.5-5.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u15.
    - Upgrade tcpdump to 4.3.0-1+deb7u2.
    - Upgrade bsdtar to 3.0.4-3+wheezy1.
    - Upgrade CUPS to 1.5.3-5+deb7u5.
    - Upgrade file and libmagic to 5.11-2+deb7u8.
    - Upgrade GnuPG to 1.4.12-7+deb7u7.
    - Upgrade libarchive to 3.0.4-3+wheezy1.
    - Upgrade libav to 6:0.8.17-1.
    - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1.
    - Upgrade libgcrypt11 1.5.0-5+deb7u3.
    - Upgrade libgnutls26 to 2.12.20-8+deb7u3.
    - Upgrade libgtk2-perl to 2:1.244-1+deb7u1.
    - Upgrade ICU to 4.8.1.1-12+deb7u2.
    - Upgrade NSS to 2:3.14.5-1+deb7u4.
    - Upgrade libssh2 to 1.4.2-1.1+deb7u1.

  * Bugfixes
    - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include:
      · Directory authority changes.
      · Fix assertion errors that may trigger under high DNS load.
      · No longer break on HUP with seccomp2 enabled.
      · and more - please consult the upstream changelog.
    - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly
      (Closes: #8964, #6985). Changes include:
      · Ask about bridges before proxy in wizard.
      · Hide logo if TOR_HIDE_BROWSER_LOGO set.
      · Remove firewall prompt from wizard.
      · Feedback when “Copy Tor Log” is clicked.
      · Improve behavior if tor exits.
      · Add option to hide TBB's logo
      · Change "Tor Browser Bundle" to "Tor Browser"
      · Update translations from Transifex.
    - Fix the Tor Launcher killer. (Closes: #9067)
    - Allow Seahorse to communicate with keyservers when run from Tails
      OpenPGP Applet. (Closes: #6394)
    - SSH client: don't proxy connections to 172.17.* to 172.31.*.
      (Closes: #6558)
    - Repair config/chroot_local-packages feature, that was broken in Tails 1.3
      by 19-install-tor-browser-AppArmor-profile. (Closes: #8910)
    - language_statistics.sh: count original words instead of translated words.
      Otherwise we get >100% translation if translated strings are longer than
      original strings. (Closes: #9016)

  * Minor improvements
    - Only ship the new Tails signing key, and have Tails Upgrader stop trusting
      the old one. Update the documentation and test suite accordingly.
      (Closes: #8735, #8736, #8882, #8769, #8951)
    - Polish and harden a bit the WhisperBack configuration (Closes: #8991):
      · Only allow the `amnesia' user to run tails-debugging info as root
        with no arguments.
      · Fix spelling and grammar mistakes, improve phrasing a bit.
      · Quote variables consistently.

  * Test suite
    - New tests:
      · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user
        chatroom. (Closes: #8002)
      · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001)
      · Check that Pidgin only responds to the expected CTCP requests.
        (Closes: #8966)
      · Fetching keys using Seahorse started via the OpenPGP Applet.
      · Sync'ing keys using Seahorse.
    - Bugfixes:
      · Fix a race condition between the remote shell's and Tails Greeter's
        startup, by making sure the remote shell is ready before we start
        GDM. (Closes: #8941)
      · Kill virt-viewer properly. (Closes: #9070)
      · Make sure the display is stopped on destroy_and_undefine().
        Where we had it earlier, it could be skipped if anything else in the
        block threw an exception.
      · Fix wrong use of "$@". (Closes: #9071)
      · Enable the pipefail option in run_test_suite.
      · Improve the GNOME screenshot test's robustness. (Closes: #8952)
    - Refactoring:
      · turn the focus_pidgin_window() helper into a more generic
        VM.focus_xorg_window() one.
      · Reorganize the Display class.
      · Use clearer method to check process status in the Display class.
    - New developer-oriented features:
      · Add a --log-to-file option to run_test_suite. (Closes: #8894)
      · Add helpers for generating random strings.
      · Make it possible to hook arbitrary calls on scenario end. This is useful
        for dynamically adding cleanup functions, instead of having
        to explicitly deal with them in some After hook.

 -- Tails developers <tails@boum.org>  Mon, 23 Mar 2015 12:34:56 +0000

tails (1.3) unstable; urgency=medium

  * Major new features
    - Produce the Tails image in hybrid mode (again) so that the same
      image can be installed both on DVD *and* "hard disks" like USB
      storage and similar. (Closes: #8510)
    - Confine the Tor Browser using AppArmor. (Closes: #5525)
    - Install the Electrum bitcoin client from wheezy-backports, and
      add a persistence preset for the Live user's bitcoin wallet. If
      electrum is started without the persistence preset enabled, a
      warning is shown. (Closes: #6739)

  * Security fixes
    - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr)
      (Closes: #8938).

  * Bugfixes
    - Have tor_bootstrap_progress echo 0 if no matching log line is
      found. (Closes: #8257)
    - Always pass arguments through wrappers (connect-socks, totem,
      wget, whois) with "$@". $* doesn't handle arguments with
      e.g. embedded spaces correctly. (Closes: #8603, #8830)
    - Upgrade Linux to 3.16.7-ckt4-3.

  * Minor improvements
    - Install a custom-built Tor package with Seccomp enabled;
      enable the Seccomp sandbox when no pluggable transport is used.
      (Closes: #8174)
    - Install obfs4proxy instead of obfsproxy, which adds support for
      the obfs4 Tor pluggable transport. (Closes: #7980)
    - Install GnuPG v2 and associated tools from wheezy-backports,
      primarily for its improved support for OpenPGP smartcards. It
      lives side-by-side with GnuPG v1, which still is the
      default. (Closes: #6241)
    - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
      #7999)
    - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
    - Install keyringer from Debian Jessie. (Closes: #7752)
    - Install pulseaudio-utils.
    - Remove all traces of Polipo: we don't use it anymore. This
      closes #5379 and #6115 because:
      * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
      * Wrap wget with torsocks. (Closes: #6623)
      * Wrap Totem to torify it with torsocks. (Closes: #8219)
      * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
        (Closes: #8680)
    - Use torsocks for whois and Gobby, instead of torify.
    - Upgrade I2P to 0.9.18-1~deb7u+1.
    - Refactor the Unsafe and I2P browser code into a common shell
      library. A lot of duplicated code is now shared, and the code
      has been cleaned up and made more reliable. Several
      optimizations of memory usage and startup time were also
      implemented. (Closes: #7951)
    - Invert Exit and About in gpgApplet context menu. This is a
      short-term workaround for making it harder to exit the
      application by mistake (e.g. a double right-click). (Closes:
      #7450)
    - Implement new touchpad settings. This enables tap-to-click,
      2-fingers scrolling, and disable while typing. We don't enable
      reverse scrolling nor horizontal scrolling. (Closes: #7779)
    - Include the mount(8) output and live-additional-software.conf in
      WhisperBack bug reports (Closes: #8719, #8491).
    - Reduce brightness and saturation of background color. (Closes:
      #7963)
    - Have ALSA output sound via PulseAudio by default. This gives us
      centralized sound volume controls, and... allows to easily, and
      automatically, test that audio output works from Tor Browser,
      thanks to the PulseAudio integration into the GNOME sound
      control center.
    - Import the new Tails signing key, which we will use for Tails
      1.3.1, and have Tails Upgrader trust both it and the "old"
      (current) Tails signing key. (Closes: #8732)
    - tails-security-check: error out when passed an invalid CA file.
      Unfortunately, the underlying HTTPS stack we use here fails open
      in those case, so we have to check it ourselves. Currently, we
      check that the file exists, is readable, is a plain file and is
      not empty. Also support specifying the CA file via an
      environment variable. This will ease development and bug-fixing
      quite a bit.
    - Fix racy code in Tails Installer that sometimes made the
      automated test suite stall for scenarios installing Tails
      to USB disks. (Closes: #6092)
    - Make it possible to use Tails Upgrader to upgrade a Tails
      installation that has cruft files on the system partition.
      (Closes: #7678)

  * Build system
    - Install syslinux-utils from our builder-wheezy APT repository in
      Vagrant. We need version 6.03~pre20 to make the Tails ISO image
      in hybrid mode
    - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
    - Revert "Workaround build failure in lb_source, after creating
      the ISO." This is not needed anymore given the move to the Tor
      SOCKS proxy. (Closes: #5307)
    - Remove the bootstrap stage usage option and disable all
      live-build caching in Vagrant. It introduces complexity and
      potential for strange build inconsistencies for a meager
      reduction in build time. (Closes: #8725)
    - Hardcode the mirrors used at build and boot time in auto/config.
      Our stuff will be more consistent, easier to reproduce, and our
      QA process will be more reliable if we all use the same mirrors
      at build time as the ones we configure in the ISO. E.g. we won't
      have issues such as #8715 again. (Closes: #8726)
    - Don't attempt to retrieve source packages from local-packages so
      local packages can be installed via
      config/chroot_local-packages. (Closes: #8756)
    - Use our own Tor Browser archive when building an ISO. (Closes:
      #8125)

  * Test suite
    - Use libguestfs instead of parted when creating partitions and
      filsystems, and to check that only the expected files
      persist. We also switch to qcow2 as the default disk image
      format everywhere to reduce disk usage, enable us to use
      snapshots that includes the disks (in the future), and to use
      the same steps for creating disks in all tests. (Closes: #8673)
    - Automatically test that Tails ignores persistence volumes stored
      on non-removable media, and doesn't enable swaps. (Closes:
      #7822)
    - Actually make sure that Tails can boot from live systems stored
      on a hard drive. Running the 'I start Tails from DVD ...' step
      will override the earlier 'the computer is set to boot from ide
      drive "live_hd"' step, so let's make the "from DVD" part
      optional; it will be the default any way.
    - Make it possible to use an old iso with different persistence
      presets. (Closes: #8091)
    - Hide the cursor between steps when navigating the GNOME
      applications menu. This makes it a bit more robust, again:
      sometimes the cursor is partially hiding the menu entry we're
      looking for, hence preventing Sikuli from finding it (in
      particular when it's "Accessories", since we've just clicked on
      "Applications" which is nearby). (Closes: #8875)
    - Ensure that the test will fail if "apt-get X" commands fail.
    - Test 'Tor is ready' notification in a separate scenario. (Closes:
      #8714)
    - Add automated tests for torified wget and whois. This should
      help us identify future regressions such as #8603 in their
      torifying wrappers.
    - Add automated test for opening an URL from Pidgin.
    - And add automated tests for the Tor Browser's AppArmor
      sandboxing.
    - Test that "Report an Error Launcher" opens the support
      documentation.
    - Test that the Unsafe Browser:
      * starts in various locales.
      * complains when DNS isn't configured.
      * tears down its chroot on shutdown.
      * runs as the correct user.
      * has no plugins or add-ons installed.
      * has no unexpected bookmarks.
      * has no proxy configured.
    - Bump the "I2P router console is ready" timeout in its test to
      deal with slow Internet connections.
    - Make the automatic tests of gpgApplet more robust by relying
      more on graphical elements instead of keyboard shortcuts and
      static sleep():s. (Closes: #5632)
    - Make sure that enough disk space is available when creating
      virtual storage media. (Closes: #8907)
    - Test that the Unsafe Browser doesn't generate any non-user
      initiated traffic, and in particular that it doesn't check for
      upgrades, which is a regression test for #8694. (Closes: #8702)
    - Various robustness improvements to the Synaptic tests. (Closes:
      #8742)
    - Automatically test Git. (Closes: #6307)
    - Automatically test GNOME Screenshot, which is a regression test
      for #8087. (Closes: #8688)
    - Fix a quoting issue with `tails_persistence_enabled?`. (Closes:
      #8919)
    - Introduce an improved configuration system that also can store
      local secrets, like user credentials needed for some
      tests. (Closes: #6301, #8188)
    - Actually verify that we successfully set the time in our time
      syncing tests. (Closes: #5836)
    - Automatically test Tor. This includes normal functionality and
      the use pluggable transports, that our Tor enforcement is
      effective (e.g. only the Tor network or configured bridges are
      contacted) and that our stream isolation configuration is
      working. (Closes: #5644, #6305, #7821)

 -- Tails developers <tails@boum.org>  Mon, 23 Feb 2015 17:14:00 +0100

tails (1.2.3) unstable; urgency=medium

  * Security fixes
    - Upgrade Linux to 3.16.7-ckt2-1.
    - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr)
      (Closes: #8700).
    - Fail safe by entering panic mode if macchanger exits with an
      error, since in this situation we have to treat the
      driver/device state as undefined. Also, we previously just
      exited the script in this case, not triggering the panic mode
      and potentially leaking the real MAC address (Closes: #8571).
    - Disable upgrade checking in the Unsafe Browser. Until now the
      Unsafe Browser has checked for upgrades of the Tor Browser in
      the clear (Closes: #8694).

  * Bugfixes
    - Fix startup of the Unsafe Browser in some locales (Closes: #8693).
    - Wait for notification-daemon to run before showing the MAC
      spoofing panic mode notifications. Without this, the "Network
      card disabled" notification is sometimes lost when MAC spoofing
      fails. Unfortunately this only improves the situation, but
      doesn't fix it completely (see #8685).
    - Log that we're going to stop NetworkManager before trying to do
      it in the MAC spoofing scripts. Without this we wouldn't get the
      log message in case stopping NetworkManager fails (thanks to
      `set -e`).
    - Set GNOME Screenshot preferences to save the screenshots in
      /home/amnesia (Closes: #8087).
    - Do not suspend to RAM when closing the lid on battery power
      (Closes: #8071).
    - Properly update the Tails Installer's status when plugging in a
      USB drive after it has started (Closes: #8353).
    - Make rsync compare file contents by using --checksum for more
      reliable generation of the squashfs filesystem in
      IUKs. Previously it used the default, which is checking
      timestamps and file size, but that doesn't play well with the
      Tor browser files, that have a fixed mtime, which could result
      in updated files not ending up in the IUK.

  * Minor improvements
    - Finish migrating tails-security-check's and tails-iuk's pinning
      to our website's new X.509 certificate authority (Closes: #8404).

  * Build system
    - Update to Vagrant build box tails-builder-20141201. The only
      change is the removal of a reference to an ISO image which
      doesn't exist (except on the system that generated the build
      box) which causes an error for some users (Closes: #7644).
    - Generate the list of packages used during build, after building
      with Jenkins (Closes: #8518). This allows tracking their status
      on the Debian reproducible build front:
      https://reproducible.debian.net/index_pkg_sets.html#tails

  * Automated test suite
    - Check PO files with i18nspector (Closes: #8359).
    - Fix the expected image of a check.tp.o failure. Previously we
      looked for the "Sorry. You are not using Tor." text, but it
      seems it recently changed enough for Sikuli to not find it. To
      prevent future errors of the same kind we'll look for the
      crossed-over onion icon instead (Closes: #8533).
    - Bump timeout when waiting for Tor to re-bootstrap. We have a
      dreaded issue with timeouts that are multiple of 2 minutes, and
      then Tor succeeds soon after, so in order to allow for this
      timeout to be reached twice, and then possibly succeed, let's
      use N*2 minutes + 30 seconds, with N=2.

 -- Tails developers <tails@boum.org>  Wed, 14 Jan 2015 16:12:26 +0100

tails (1.2.2) unstable; urgency=medium

  * Bugfixes
    - Create a CA bundle for Tails Upgrader at ISO build time, and
      patch Tails Upgrader to use it. Specifically this will make it
      possible to check for Tails upgrades after our website changes
      certificate around the 2014 to 2015 transition (Partially fixes
      #8404).

 -- Tails developers <tails@boum.org>  Mon, 15 Dec 2014 10:05:17 +0100

tails (1.2.1) unstable; urgency=low

  * Security fixes
    - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1.
    - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr).

  * Bugfixes
    - Install syslinux-utils, to get isohybrid back (Closes: #8155).
    - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which
      includes a patch that restores mouse scrolling in KVM/Spice
      (Closes: 7426).
    - Set Torbutton logging preferences to the defaults (Closes:
      #8160). With the default settings, no site-specific information is
      logged.
    - Use the correct stack of rootfs:s for the chroot browsers (Closes:
      #8152, #8158). After installing incremental upgrades Tails' root
      filesystem consists of a stack squashfs:s, not only
      filesystem.squashfs. When not stacking them correct we may end up
      using the Tor Browser (Firefox) from an older version of Tails, or
      with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to
      1.2, when we migrated from Iceweasel to the Tor Browser. Based on
      a patch contributed by sanic.
    - Use the Tor Browser for MIME type that GNOME associates with
      Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX
      etc. should be possible again.
    - Update patch to include all Intel CPU microcodes (Closes: #8189).
    - AppArmor: allow Pidgin to run Tor Browser unconfined, with
      scrubbed environment (Closes: #8186). Links opened in Pidgin are
      now handled by the Tor Browser.
    - Install all localized Iceweasel search plugins (Closes: #8139).
    - When generating the boot profile, ignore directories in
      process_IN_ACCESS as well (Closes: #7925). This allows ut to
      update the squashfs-ordering again in Tails 1.2.1.
    - gpgApplet: Don't pass already encoded data to GTK2 (Closes:
      #7968). It's now possible to clearsign text including non-ASCII
      characters.
    - Do not run the PulseAudio initscript, neither at startup nor
      shutdown (Closes: #8082).

  * Minor improvements
    - Upgrade I2P to 0.9.17-1~deb7u+1.
    - Make GnuPG configuration closer to the best practices one
      (Closes: #7512).
    - Have GnuPG directly use the Tor SOCKS port (Closes: #7416).
    - Remove TrueCrypt support and documentat how to open TrueCrypt
      volumes using cryptsetup (Closes: #5373).
    - Install hopenpgp-tools from Debian Jessie.

  * Build system
    - Add gettext >= 0.18.3 as a Tails build dependency. We need it for
      xgettext JavaScript support in feature/jessie.

  * Automated test suite
    - Don't click to open a sub-menu in the GNOME applications menu
      (Closes: #8140).
    - When testing the Windows camouflage, look for individual systray
      applets, to avoid relying on their ordering (Closes: #8059).
    - Focus the Pidgin Buddy List before looking for something
      happening in it (Closes: #8161).
    - Remove workaround for showing the TBB's menu bar (Closes #8028).

 -- Tails developers <tails@boum.org>  Tue, 02 Dec 2014 11:34:03 +0100

tails (1.2) unstable; urgency=medium

  * Major new features
    - Migrate from Iceweasel to the Tor Browser from the Tor Browser
      Bundle 4.0 (based on Firefox 31.2.0esr). This fixes the POODLE
      vulnerability.
      The installation in Tails is made global (multi-profile), uses
      the system-wide Tor instance, disables the Tor Browser updater,
      and keeps the desired deviations previously present in Iceweasel,
      e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
      we run it as a standalone XUL application), among other things.
    - Install AppArmor's userspace tools and apparmor-profiles-extra
      from Wheezy Backports, and enable the AppArmor Linux Security
      Module. This adds Mandatory Access Control for several critical
      applications in Tails, including Tor, Vidalia, Pidgin, Evince
      and Totem.
    - Isolate I2P traffic from the Tor Browser by adding a dedicated
      I2P Browser. It is set up similarly to the Unsafe Browser,
      but further disables features that are irrelevant for I2P, like
      search plugins and the AdBlock Plus addon, while keeping Tor Browser
      security features like the NoScript and Torbutton addons.
    - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.

  * Security fixes
    - Disable TCP timestamps (Closes: #6579).

  * Bugfixes
    - Remove expired Pidgin certificates (Closes: #7730).
    - Use sudo instead of gksudo for running tails-upgrade-frontend to
      make stderr more easily accessible (Closes: #7431).
    - Run tails-persistence-setup with sudo instead of gksudo to make
      stderr more easily accessible, and allow the desktop user to
      pass the --verbose parameter (Closes: #7623).
    - Disable CUPS in the Unsafe Browser. This will prevent the
      browser from hanging for several minutes when accidentally
      pressing CTRL+P or trying to go to File -> Print (Closes: #7771).

  * Minor improvements
    - Install Linux 3.16-3 (version 3.16.5-1) from Debian
      unstable (Closes: #7886, #8100).
    - Transition away from TrueCrypt: install cryptsetup and friends
      from wheezy-backports (Closes: #5932), and make it clear that
      TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
    - Install Monkeysign dependencies for qrcodes scanning.
    - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
      the new syslinux-efi package.
    - Upgrade I2P to 0.9.15-1~deb7u+1
    - Enable Wheezy proposed-updates APT repository and setup APT
      pinnings to install packages from it.
    - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
      should make Tor a bit harder to exploit. It is only be enabled
      when when no special Tor configuration is requested in Tails
      Greeter due to incompatibility with pluggable transports.
    - Start I2P automatically when the network connects via a
      NetworkManager hook, and "i2p" is present on the kernel command
      line. The router console is no longer opened automatically, but
      can be accessed through the I2P Browser (Closes: #7732).
    - Simplify the IPv6 ferm rules (Closes: #7668).
    - Include persistence.conf in WhisperBack reports (Closes: #7461)
    - Pin packages from testing to 500, so that they can be upgraded.
    - Don't set Torbutton environment vars globally (Closes: #5648).
    - Enable VirtualBox guest additions by default (Closes: #5730). In
      particular this enables VirtualBox's display management service.
    - In the Unsafe Browser, hide option for "Tor Browser Health
      report", and the "Get Addons" section in the Addon manager
      (Closes: #7952).
    - Show Pidgin's formatting toolbar (Closes: #7356). Having the
      formatting toolbar displayed in Pidgin makes the OTR status more
      explicit by displaying it with words.

  * Automated test suite
    - Add --pause-on-fail to ease VM state debugging when tests
      misbehave.
    - Add execute_successfully() and assert_vmcommand_success() for
      added robustness when executing some command in the testing VM.
    - Use Test::Unit::Assertions instead of our home-made assert().
    - Add test for persistent browser bookmarks.
    - Add basic tests for Pidgin, Totem and Evince, including their
      AppArmor enforcement.
    - Factorize some common step pattern into single steps.
    - Factorize running a command in GNOME Terminal.
    - Add common steps to copy a file and test for its existence.
    - Add a wait_and_double_click Sikuli helper method.
    - Add a VM.file_content method, to avoid repeating ourselves, and
      use it whenever easily doable.
    - Drop test that diffs syslinux' exithelp.cfg: we don't ship this
      file anymore.
    - In the Unsafe Browser tests, rely on subtle timing less (Closes:
      #8009).
    - Use the same logic to determine when Tor is working in the test
      suite as in Tails itself. The idea is to avoid spamming the Tor
      control port during bootstrap, since we've seen problems with
      that already.

 -- Tails developers <tails@boum.org>  Wed, 15 Oct 2014 18:34:50 +0200

tails (1.1.2) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.8.0esr-0+tails3~bpo70+1
      (fixes Mozilla#1064636).
    - Install Linux 3.16-1 from sid (Closes: #7886).
    - Upgrade file to 5.11-2+deb7u5 (fixes CVE-2014-0207,
      CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479,
      CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 and CVE-2014-3587).
    - Upgrade curl to 7.26.0-1+wheezy10 (fixes CVE-2014-3613 and
      CVE-2014-3620).
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u2
      (fixes CVE-2014-0591).
    - Upgrade gnupg to 1.4.12-7+deb7u6 (fixes CVE-2014-5270).
    - Upgrade apt to 0.9.7.9+deb7u5 (fixes CVE-2014-0487,
      CVE-2014-0488, CVE-2014-0489, CVE-2014-0490, and
      CVE-2014-6273.).
    - Upgrade dbus to 1.6.8-1+deb7u4 (fixes CVE-2014-3635,
      CVE-2014-3636, CVE-2014-3637, CVE-2014-3638 and CVE-2014-3639).
    - Upgrade libav-based pacakges to 6:0.8.16-1 (fixes
      CVE-2013-7020).
    - Upgrade bash to 4.2+dfsg-0.1+deb7u1 (fixes CVE-2014-6271).

 -- Tails developers <tails@boum.org>  Tue, 23 Sep 2014 23:01:40 -0700

tails (1.1.1) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
      (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
      Also import the Tor Browser profile at commit
      271b64b889e5c549196c3ee91c888de88148560f from
      ttp/tor-browser-24.8.0esr-3.x-1.
    - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
    - Upgrade I2P to 0.9.14.1-1~deb7u+1.
    - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
      and CVE-2014-4943).
    - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
      CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
    - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
      CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
    - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
      CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
      CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
      CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
      CVE-2014-4345).
    - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
      CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
      CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
      CVE-2013-3674 and CVE-2014-2263.
    - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
    - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
    - Prevent dhclient from sending the hostname over the network
      (Closes: #7688).
    - Override the hostname provided by the DHCP server (Closes: #7769).
    - Add an I2P boot parameter. Without adding "i2p" to the kernel
      command line, I2P will not be accessible for the Live user.
    - Stricter I2P firewall rules:
      * deny I2P from accessing the LAN
      * deny I2P from accessing the loopback device, except for select
        whitelisted services
      * allow I2P access to the Internet
      The ACCEPT rules will only be enabled when the string 'i2p' is
      passed at the boot prompt. The rules which DENY or REJECT
      access for the 'i2psvc' user will always be applied.
    - Disable I2P plugins, since it doesn't make much sense without
      persistence, and should eliminate some attack vectors.
    - Disable I2P's BOB port. No maintained I2P application uses it.

  * Bugfixes
    - Fix condition clause in tails-security-check (Closes: #7657).
    - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
    - Prevent Tails Installer from updating the system partition
      properties on MBR partitions (Closes: #7716).

  * Minor improvements
    - Upgrade to Torbutton 1.6.12.1.
    - Install gnome-user-guide (Closes: #7618).
    - Install cups-pk-helper (Closes: #7636).
    - Update the SquashFS sort file.
    - Compress the SquashFS more aggressively (Closes: #7706).
    - I2P: Keep POP3 email on server. The default in the I2P webmail
      app was to keep mail on the server, but that setting was changed
      recently. This configuration setting (susimail.config) will only
      be copied over in I2P 0.9.14 and newer.
    - Add a Close button to the Tails Installer launcher window.

  * Build system
    - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
    - Consistently use the same Debian mirror.
    - Disable runtime APT proxy configuration when using APT in
      binary_local-hooks (Closes: #7691).

  * Automated test suite
    - Automatically test hostname leaks (Closes: #7712).
    - Move autotest live-config hook to be run last. This way we'll
      notice if some earlier live-config hook cancels all hooks by
      running the automated test suite since the remote shell won't be
      running in that case.
    - Test that the I2P boot parameter does what it's supposed to do
      (Closes: #7760).
    - Start applications by using the GNOME Applications menu instead
      of the GNOME Run Dialog (Closes: #5550, #7060).

 -- Tails developers <tails@boum.org>  Sun, 31 Aug 2014 20:49:28 +0000

tails (1.1) unstable; urgency=medium

  * Rebase on Debian Wheezy
    - Upgrade literally thousands of packages.
    - Migrate to GNOME3 fallback mode.
    - Install LibreOffice instead of OpenOffice.
    - Remove custom LSB logging: Wheezy has fancy colored init
      logging.

  * Major new features
    - UEFI boot support.
    - Replace the Windows XP camouflage with an experimental Windows 8
      camouflage.
    - Install Linux 3.14.12-1 from Debian unstable.
    - Bring back VirtualBox guest modules, installed from Wheezy
      backports. Full functionality is only available when using the
      32-bit kernel.

  * Security fixes
    - Fix write access to boot medium via udisks (#6172).
    - Don't allow the desktop user to pass arguments to
      tails-upgrade-frontend (Closes: #7410).
    - Make persistent file permissions safer (Closes #7443):
      * Make the content of /etc/skel non-world-readable. Otherwise,
        such files may be copied to /home/amnesia, and in turn to the
        persistent volume, with unsafe permissions. That's no big deal
        in /home/amnesia (that is itself not world-readable), *but*
        the root of the persistent volume has to be world-readable.
      * Have activate_custom_mounts create new directories with safe
        permissions.
      * Set strict permissions on /home/amnesia (Closes: #7463).
      * Fix permissions on persistent directories that were created
        with unsafe permissions (Closes: #7458).
      * Fix files ownership while copying persistence (Closes: #7216).
        The previous instructions to copy the persistent data were
        creating personal files that belong to root. I don't think
        there is a way of preserving the original ownership using
        Nautilus (unless doing a "move" instead of a "copy" but that's
        not what we are trying to do here).
    - Disable FoxyProxy's proxy:// protocol handler (Closes: #7479).
      FoxyProxy adds the proxy:// protocol handler, which can be used
      to configure the proxy via an URI. A malicious web page can
      include (or a malicious exit node can inject) some JavaScript
      code to visit such an URI and disable or otherwise change
      Iceweasel's proxy settings. While using this to disable
      proxying will be dealt with safely by our firewall, this could
      be used to defeat stream isolation, although the user must be
      tricked into accepting the new proxy settings.
    - Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1
      (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
    - Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
    - Upgrade libav-based packages to 0.8.13-1 (fixes CVE-2014-4609).
    - Upgrade to libxml2 2.8.0+dfsg1-7+wheezy1 (fixes CVE-2014-0191).
    - Upgrade to dbus 1.6.8-1+deb7u3 (fixes CVE-2014-3477,
      CVE-2014-3532 and CVE-2014-3533).

  * Bugfixes
    - Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In
      feature/regular-gnupg-agent, we installed the regular GnuPG
      agent so that it is used instead of GNOME keyring's one. This is
      not enough on Wheezy, so let's disable the starting of the "gpg"
      component of GNOME keyring.
    - Make sure /etc/default/locale exists, with a sensible default
      value (Closes: #7333). Before Tails Greeter's PostLogin script
      are run, /etc/default/locale does not exist on Wheezy. Our
      tails-kexec initscript (and quite a few other scripts we run)
      depends on this file to exist. So, let's make sure it exists,
      with a sensible default value.
    - Create the tails-persistence-setup user with the same UID/GID it
      had on Tails/Squeeze. (Closes: #7343) Else, our various checks
      for safe access rights on persistence.conf fail.
    - Revert back to browsing the offline documentation using Iceweasel
      instead of Yelp (Closes: #7390, #7285).
    - Make the new NetworkManager configuration directory persistent,
      when the old one was, but disable the old one (Closes: #7338).
    - Before running tails-upgrade-frontend, chdir to a world-readable
      place (Closes: #7641). In particular, Archive::Tar::Wrapper,
      when called by tails-install-iuk, wants to chdir back to the
      original cwd after it has chdir'd elsewhere to do its job.

  * Minor improvements
    - Install seahorse-nautilus, replacing seahorse-plugins (Closes #5516).
    - Install hledger (custom backport, for now): our accountants need this.
    - Install stable Scribus instead of scribus-ng.
    - Install the printer driver for Epson Inkjet that use ESC/P-R.
    - Install the BookletImposer PDF imposition toolkit. It's tiny,
      and really helpful e.g. when producing booklets.
    - Install gtkhash and nautilus-gtkhash (Closes #6763).
    - Import new version of Tor Launcher:
      · Now based on upstream Tor Launcher 0.2.5.4.
      · Tor bug #11772: Proxy Type menu not set correctly
      · Tor bug #11699: Change &amp;#160 to &#160; in network-settings.dtd
      · Correctly handle startup paths that contain dot.
    - Upgrade to Torbutton 1.6.9.0.
    - Avoid shipping python2.6 in addition to python2.7.
    - Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in
      Debian since Squeeze, now is a good time to drop the obsolete
      0.4 implementation.
    - Require a bit less free memory before checking for upgrades with
      Tails Upgrader. The general goal is to avoid displaying "Not
      enough memory available to check for upgrades" too often due to
      over-cautious memory requirements checked in the wrapper.
    - Make Tails Greeter's help window resolution-aware. Previously it
      used a static 800x600 which was problematic on lower resolutions,
      and sub-optimal on higher resolutions. Now it adapts itself
      according to the screen resolution.
    - Whisperback now sanitizes attached logs better with respect to
      DMI data, IPv6 addresses, and serial numbers (Closes #6797,
      #6798, #6804).
    - Integrate the new logo in Tails Installer (Closes #7095)
    - Also install linux-base and linux-compiler-gcc-4.8-x86 from
      sid. This way, we can get rid of our linux-compiler-gcc-4.8-x86
      3.12, and it makes things a bit more consistent.
    - Include the syslinux binary, and its MBR, in the ISO filesystem.
      This in turn allows Tails Installer to use this binary and MBR,
      which is critical for avoiding problems (such as #7345) on
      "Upgrade from ISO".
    - Include syslinux.exe for win32 in utils/win32/ on the ISO
      filesystem (Closes: #7425).
    - Tails Installer:
      * Add consistent margins in GUI.
      * Always reset the target drive's MBR, without asking for
        confirmation, after installing or upgrading.
      * Install the bootloader using the syslinux binary found on the
        target device, once the Live OS has been extracted/copied
        there.
    - Enable double-clicking to pick entries in the language or
      keyboard layout lists in Tails Greeter.
    - Install backport of shared-mime-info 1.3 (Closes: #7079).
    - Make sanity-check prompts closable in Tails Persistence Setup
      (Closes: #7119).
    - Fix quick search in Tails Greeter's Other languages window
      (Closes: #5387).
    - Install systemd. It is not enabled by default, but having it
      around will help doing the migration work.
    - Enable AppArmor on the kernel command-line. This is a no-op
      without the userspace tools and with no profile shipped, but it
      will make it easier to fix this part of the situation.

  * Build system
    - Bump Vagrant builder's memory for RAM builds. Wheezy requires
      more space to build, and the resulting image is larger.
    - Fix Vagrant compatibility issue. Some classes' methods/fields
      have been renamed between Vagrant versions, so we need a simple
      compatibility layer to support all versions. Without this, it's
      not possible to issue e.g. a `build` command to an already
      running (i.e. `vm:up`:ed) Vagrant instance.
    - Move cpu and mem checks to the `build` task. Previously, when
      they were checked in `vm:up` *only* when issued while the VM
      already is up, so these checks weren't run if one issues a
      `build` when the VM is off. Now we'll fail earlier with a more
      informative error message, and it looks like a more logical home
      for them too.
    - Fix buggy memory checks for RAM building. We have to take into
      account which state the Vagrant VM is in for determining *where*
      we check if enough memory is available for a RAM build. If it's
      off, we check the host; if it's on we check the VM. Previously
      we always checked the host, which doesn't make sense when the VM
      is already started.

  * Automated test suite
    - Bump the tester VM's RAM by 256 MiB. There is not enough free
      RAM to run Tails Upgrader with just 1 GiB of RAM after the
      migration to Wheezy.
    - Always adjust OOM and memory overcommit settings. The kernel
      freezes seem to also happen for the amd64 kernel when filling
      the memory.
    - Add option to make Sikuli rety on FindFailed. This makes it
      possible to update manu images for Sikuli in just *one* test
      suite run, by continuously updating outdated pictures as we go.
    - Actually run "Upgrade from ISO" from a USB drive running the old
      version. That's what users do, and is buggy.
    - Automatically test persistent directories permissions (Closes: #7560).
    - Use read-write persistence when testing upgraded USB
      installations.  Otherwise e.g. the permission fixes won't get
      applied, and the subsequent steps testing the permissions will
      fail.
    - Actually check that the ISO's Tails is installed. The step
      "Tails is installed on USB drive $TARGET" only checks that the
      *running* Tails is installed on $TARGET, which obviously fails
      when doing an upgrade from ISO running an old Tails. That it
      worked for the same scenario running the current Tails is just
      coincidental.
    - Use OpenJDK 7 to run our test suite (Closes #7175).
    - Use qemu-system-x86_64 directly, instead of kvm, for running the
      automated test suite (Closes: #7605).

 -- Tails developers <tails@boum.org>  Sun, 20 Jul 2014 23:16:13 +0200

tails (1.0.1) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.6.0esr-0+tails1~bpo60+1
      (Firefox 24.6.0esr + Iceweasel patches + Torbrowser patches).
      Also import the Tor Browser profile at commit
      90ba8fbaf6f23494f1a0e38d63153b3b7e65d3d3 from
      ttp/tor-browser-24.6.0esr-3.x-1.
    - Install Linux 3.14 from Debian unstable (fixes CVE-2014-3153 and
      others).
    - Install openssl from Squeeze LTS (fixes CVE-2014-0076,
      CVE-2014-0195, CVE-2014-0221, CVE-2014-3470 and CVE-2014-0224).
    - Install GnuTLS from Squeeze LTS (fixes CVE-2014-3466.).

  * Minor improvements
    - Add Squeeze LTS APT sources. It has been given a low pinning
      priority so explicit pinning must be used to actually install
      anything from it.
    - Upgrade Tor to 0.2.4.22-1~d60.squeeze+1.
    - Upgrade I2P to 0.9.13-1~deb6u+1.

 -- Tails developers <tails@boum.org>  Sun, 08 Jun 2014 19:14:00 +0200

tails (1.0) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1
      (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches).
    - Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1:
      * Based on 0.2.4.21-1~d60.squeeze+1.
      * Backport the fix for Tor bug #11464. It adds client-side blacklists for
        all Tor directory authority keys that was vulnerable to Heartbleed.
        This protects clients in case attackers were able to compromise a
        majority of the authority signing and identity keys.

   * Bugfixes
    - Disable inbound I2P connections. Tails already restricts incoming
      connections, but this change tells I2P about it.
    - Fix link to the system requirements documentation page in the Tails
      Upgrader error shown when too little RAM is available.

  * Minor improvements
    - Upgrade I2P to 0.9.12-2~deb6u+1.
    - Import TorBrowser profile. This was forgotten in Tails 0.23 and even
      though we didn't explicitly set those preferences in that release
      they defaulted to the same values. This future-proofs us in case the
      defaults would ever change.
    - Import new custom version of tor-launcher:
      * Based on upstream Tor Launcher 0.2.5.3.
      * Improve how Tor Launcher handles incomplete translation.
        (Tor bug #11483; more future-proof fix for Tails bug #6885)
      * Remove the bridge settings prompt. (Tor bug #11482; closes Tails
        bug #6934,)
      * Always show bridge help button. (Tor bug #11484)
    - Integrate the new Tails logo into various places:
      * The website
      * The boot splash
      * The "About Tails" dialog

  * Build system
    - Use the stable APT suite when building from the stable Git branch
      (Closes: #7022).

  * Test suite
    - Add test for the #7022 fix.

 -- Tails developers <tails@boum.org>  Sun, 27 Apr 2014 19:34:01 +0200

tails (0.23) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.4.0esr-0+tails1~bpo60+1
      (Firefox 24.4.0esr + Iceweasel patches + Torbrowser patches).

  * Major new features
    - Spoof the network interfaces' MAC address by default (Closes: #5421),
      as designed on https://tails.boum.org/contribute/design/MAC_address/.
    - Rework the way to configure how Tor connects to the network
      (bridges, proxy, fascist firewall): add an option to Tails Greeter,
      start Tor Launcher when needed (Closes: #5920, #5343).

  * Bugfixes
    - Additional software: do not crash when persistence is disabled
      (Closes: #6440).
    - Upgrade Pidgin to 2.10.9, that fixes some regressions introduced
      in the 2.10.8 security update (Closes: #6661).
    - Wait for Tor to have fully bootstrapped, plus a bit more time,
      before checking for upgrades (Closes: #6728) and unfixed known
      security issues.
    - Disable the Intel Management Engine Interface driver (Closes: #6460).
      We don't need it in Tails, it might be dangerous, and it causes bugs
      on various hardware such as systems that reboot when asked to shut down
    - Add a launcher for the Tails documentation. This makes it available
      in Windows Camouflage mode (Closes: #5374, #6767).
    - Remove the obsolete wikileaks.de account from Pidgin (Closes: #6807).

  * Minor improvements
    - Upgrade Tor to 0.2.4.21-1~d60.squeeze+1.
    - Upgrade obfsproxy to 0.2.6-2~~squeeze+1.
    - Upgrade I2P to 0.9.11-1deb6u1.
    - Install 64-bit kernel instead of the 686-pae one (Closes: #5456).
      This is a necessary first step towards UEFI boot support.
    - Install Monkeysign (in a not-so-functional shape yet).
    - Disable the autologin text consoles (Closes: #5588). This was one of
      the blockers before a screen saver can be installed
      in a meaningful way (#5684).
    - Don't localize the text consoles anymore: it is broken on Wheezy,
      the intended users can as well use loadkeys, and we now do not have
      to trust setupcon to be safe for being run as root by the desktop user.
    - Make it possible to manually start IBus.
    - Reintroduce the possibility to switch identities in the Tor Browser,
      using a filtering proxy in front of the Tor ControlPort to avoid giving
      full control over Tor to the desktop user (Closes: #6383).
    - Incremental upgrades improvements:
      · Drop the Tails Upgrader launcher, to limit users' confusion
        (Closes: #6513).
      · Lock down sudo credentials a bit.
      · Hide debugging information (Closes: #6505).
      · Include ~/.xsession-errors in WhisperBack bug reports.
        This captures the Tails Upgrader errors and debugging information.
      · Report more precisely why an incremental upgrade cannot be done
        (Closes: #6575).
      · Various user interface and phrasing improvements.
    - Don't install the Cookie Monster browser extension (Closes: #6790).
    - Add a browser bookmark pointing to Tor's Stack Exchange (Closes: #6632).
    - Remove the preconfigured #tor channel from the Pidgin: apparently,
      too many Tails users go ask Tails questions there, without making
      it clear that they are running Tails, hence creating a user-support
      nightmare (Closes: #6679).
    - Use (most of) Tor Browser's mozconfig (Closes: #6474).
    - Rebase the browser on top of iceweasel 24.3.0esr-1, to get
      the certificate authorities added by Debian back (Closes: #6704).
    - Give access to the relevant documentation pages from Tails Greeter.
    - Hide Tails Greeter's password mismatch warning when entry is changed.
    - Persistent Volume Assistant:
      · Take into account our installer is now called Tails Installer.
      · Optimize window height (Closes: #5458).
      · Display device paths in a more user-friendly way (Closes: #5311).

  * Build system
    - Ease updating POT and PO files at release time, and importing translations
      from Transifex (Closes: #6288, #6207).
    - Drop custom poedit backport, install it from squeeze-backports-sloppy.
    - Make ISO and IUK smaller (Closes: #6390, #6425):
      · Exclude more files from being included in the ISO.
      · Remove *.pyc later so that they are not recreated.
      · Truncate log files later so that they are not filled again.
      · At ISO build time, set mtime to the epoch for large files whose content
        generally does not change between releases. This forces rsync
        to compare the actual content of these files, when preparing an IUK,
        instead of blindly adding it to the IUK merely because the mtime
        has changed, while the content is the same.
    - Make local hooks logging consistent.

  * Test suite
    - Migrate from JRuby to native Ruby + rjb.
    - The test suite can now be run on Debian Wheezy + backports.
    - Fix buggy "persistence is not enabled" step (Closes: #5465).
    - Use IPv6 private address as of RFC 4193 for the test suite's virtual
      network. Otherwise dnsmasq from Wheezy complains, as it is not capable
      of handling public IPv6 addresses.
    - Delete volumes after each scenario unless tagged @keep_volumes.
    - Add an anti-test to make sure the memory erasure test works fine.
    - A *lot* of bugfixes, simplifications and robustness improvements.

 -- Tails developers <tails@boum.org>  Tue, 18 Mar 2014 00:58:50 +0100

tails (0.22.1) unstable; urgency=medium

  * Security fixes
    - Upgrade the web browser to 24.3.0esr-0+tails1~bpo60+2
      (Firefox 24.3.0esr + Iceweasel patches + Torbrowser patches).
    - Upgrade NSS to 3.14.5-1~bpo60+1.
    - Upgrade Pidgin to 2.10.8.
    - Workaround browser size fingerprinting issue by using small icons
      in the web browser's navigation toolbar (Closes: #6377).
      We're actually hit by Tor#9268, and this is the best workaround gk
      and I were able to find when discussing this on Tor#10095.

  * Major new features
    - Check for upgrades availability using Tails Upgrader, and propose
      to apply an incremental upgrade whenever possible (Closes: #6014).
      · Run tails-update-frontend at session login time.
      · Have tails-security-check only report unfixed security issues.
      · Greatly improve the Tails Upgrader UI and strings phrasing.
      · Enable startup notification for Tails Upgrader.
    - Install Linux 3.12 (3.12.6-2) from Debian testing. Unfortunately,
      this breaks the memory wipe feature on some hardware (#6460), but
      it fixes quite a few security issues, and improves hardware support.
    - Update the build system to be compatible with Vagrant 1.2 and 1.3,
      in addition to the already supported versions (Closes: #6221).
      Thanks to David Isaac Wolinsky <isaac.wolinsky@gmail.com>.

  * Bugfixes
    - Do not start IBus for languages that don't need it. This fixes
      the keybindings problems introduced in 0.22 (Closes: #6478).
      Thanks to WinterFairy.
    - Disable network.proxy.socks_remote_dns in the Unsafe Browser.
      Bugfix against 0.22 (Closes: #6479).
    - Fetch Tor Browser User-Agent from its own prefs, rather than from
      the obsolete Torbutton ones. Bugfix against 0.22 (Closes: #6477).
    - Upgrade Vagrant basebox to include up-to-date Debian archive keys
      (Closes: #6515, #6527).
    - Do not use a non-working proxy for downloading the Vagrant basebox
      (Closes: #6514).
    - Use IE's icon in Windows camouflage mode.
      Bugfix against 0.22 (Closes: #6536).
    - Support "upgrading" a partial Tails installation (Closes: #6438)
      and fix missing confirmation dialog in Tails Installer (Closes: #6437).
      Thanks to Andres Gomez Ramirez <andres.gomez@cern.ch>.
    - Fix browser homepage in Spanish locales (Closes: #6612).

  * Minor improvements
    - Tor 0.2.4 is stable! Adapt APT sources accordingly.
    - Update Tor Browser to 24.2.0esr-1+tails1, that uses its own NSS
      library instead of the system one.
    - Update Torbutton to 1.6.5.3.
    - Do not start Tor Browser automatically, but notify when Tor is ready.
      Warn the user when they attempt to start Tor Browser before Tor is ready.
    - Import Tor Browser profile at
      3ed5d9511e783deb86835803a6f40e7d5a182a12 from ttp/tor-browser-24.2.0esr-1.
    - Use http.debian.net for Vagrant builds, instead of the mostly broken
      (and soon obsolete) cdn.debian.net.
    - Phrasing and UI improvements in tails-upgrade-frontend.
    - Style and robustness improvements in tails-security-check.
    - Make room for upcoming UEFI support in Tails Installer.

 -- Tails developers <tails@boum.org>  Wed, 29 Jan 2014 15:08:13 +0100

tails (0.22) unstable; urgency=medium

  [Tails developers]
  * Security fixes
    - Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
    - Stop migrating persistence configuration and access rights. Instead,
      disable all persistence configuration files if the mountpoint has wrong
      access rights (Closes: #6413).
    - Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting
      the browser, such as CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.

  * Major improvements
    - Switch to Iceweasel 24 (Closes: #6370).
      · Resync' (most) Iceweasel prefs with TBB 3.0-beta-1 and get rid
        of many obsolete or default settings.
      · Disable WebRTC (Closes: #6468).
      · Import TorBrowser profile at commit
        51bf06502c46ee6c1f587459e8370aef11a3422d from the tor-browser-24.2.0esr-1
        branch at https://git.torproject.org/tor-browser.git.
    - Switch to Torbutton 1.6.5 (Closes: #6371).
      · Prevent Torbutton from asking users to "upgrade TBB".
      · Use the same Tor SOCKS port as the TBB (9151) for our web browser.
        This should be enough to avoid being affected by Tor#8511.
      · Disable Torbutton 1.6's check for Tor.
        Unfortunately, the new check.torproject.org breaks the remote Tor
        check. We cannot use the local Tor check with the control port. So,
        the shortest and sanest path to fixing the check issue, because the
        remote Tor check is broken" seems to simply disable this check.
        Patch submitted upstream as Tor#10216.
    - Prepare incremental upgrades to be the next default way to upgrade Tails,
      on point-releases at least.

  * Bugfixes
    - Deny X authentication only after Vidalia exits (Closes: #6389).
    - Disable DPMS screen blanking (Closes: #5617).
    - Fix checking of the persistent volume's ACL.
    - Sanitize more IP and MAC addresses in bug reports (Closes: #6391).
    - Do not fail USB upgrade when the "tmp" directory exists on the
      destination device.
    - Tails Installer: list devices with isohybrid Tails installed
      (Closes: #6462).

  * Minor improvements
    - Create a configuration file for additional software if needed
      (Closes: #6436).
    - Translations all over the place.
    - Enable favicons in Iceweasel.
    - Do not propose to make permanent NoScript exceptions.
      In Tails, every such thing is temporary, so better only display the menu
      entry that's about temporarily allowing something.
    - Clearer warning when deleting persistent volume (thanks to Andres Gomez
      Ramirez <andres.gomez@cern.ch> for the patch).
    - Make wording in Tails Installer more consistent.

  [ WinterFairy ]
  * Use IBus instead of SCIM (Closes: #5624, #6206).
    It makes it possible to input passwords in pinentry for at least Japanese,
    Chinese and Korean languages.
  * Add an import-translation script.
    This automates the importation process of completed translations
    from Transifex.
  * Always list optimal keyboard layout in the greeter (Closes: #5741).
  * Fix on-the-fly translation of the greeter in various languages
    (Closes: #5469).

  [ Kytv]
  * Update I2P to 0.9.8.1 (Closes: #6080, #5889).
  * Improve I2P configuration:
    - Disable IPv6 support in a nicer way.
    - Disable i2cp (allows java clients to communicate from outside the JVM). If
      this is unset an exception for port 7654 would need to be added to ferm.
    - Disable "in-network" updates (this is also done in the regular I2P
      packages).
    - Disable the outproxies. Access to the Internet is already routed through
      Tor so these are unnecessary. If end-users have a good reason to go
      through one of the I2P outproxies they can turn them back on.
  * Add a couple of default I2P IRC channels to Pidgin.
  * Allow access to the local 'eepsite' through FoxyProxy.
  * Add firewall exceptions for the standard I2P ports.

 -- Tails developers <tails@boum.org>  Sat, 30 Nov 2013 16:47:18 +0100

tails (0.21) unstable; urgency=low

  * Security fixes
    - Don't grant access to the Tor control port for the desktop user
      (amnesia). Else, an attacker able to run arbitrary code as this user
      could obtain the public IP with a get_info command.
      · Vidalia is now run as a dedicated user.
      · Remove the amnesia user from the debian-tor group.
      · Remove the Vidalia launcher in the Applications menu.
        The Vidalia instance it starts is useless, since it can't connect
        to the Tor control port.
    - Don't allow the desktop user to directly change persistence settings.
      Else, an attacker able to run arbitrary code as this user could
      leverage this feature to gain persistent root access, as long as
      persistence is enabled.
      · Fully rework the persistent filesystem and files ownership
        and permissions.
      · Run the Persistent Volume Assistant as a dedicated user, that is
        granted the relevant udisks and filesystem -level credentials.
      · At persistence activation time, don't trust existing persistence
        configuration files, migrate to the new ownership and permissions,
        migrate every known-safe existing settings and backup what's left.
        Warn the user when not all persistence settings could be migrated.
      · Persistent Volume Assistant uses the new ownership and permissions
        scheme when initializing a new persistent volume, and refuses to
        read persistence.conf if it, or the parent directory, hasn't the
        expected permissions.
      · Make boot medium 'system internal' for udisks with bilibop.
        Once Tails is based on Wheezy, this will further complete the
        protection (see #6172 for details).
    - Update Iceweasel to 17.0.10esr-0+tails2~bpo60+1.
    - Update Torbutton to 1.5.2-2, including a patch cherry-picked from
      upstream to make window resizing closer to what the design says.

  * Major new features
    - Add a persistence preset for printing settings (Closes: #5686).
      Reload CUPS configuration after persistence activation.
    - Support SD card connected through a SDIO host adapter (Closes: #6324).
      · Rebrand Tails USB installer to Tails installer.
      · Display devices brand, model and size in the Installer
        (Closes: #6292).
      · Ask for confirmation before installing Tails onto a device
        (Closes: #6293).
      · Add support for SDIO and MMC block devices to the Tails Installer
        (Closes: #5744) and the Persistent Volume Assistant (Closes: #6325).
      · Arm the udev watchdog when booted from SD (plugged in SDIO) too
        (Closes: #6327).

  * Minor improvements
    - Provide a consistent path to the persistent volume mountpoint
      (Closes: #5854).
    - Add a KeePassX launcher to the top GNOME panel (Closes: #6290).
    - Rework bug reporting workflow: point the desktop launcher to
      the troubleshooting page.
    - Make /home world-readable at build time, regardless of the Git
      working copy permissions. This makes the build process more robust
      against strict umasks.
    - Add signing capabilities to the tails-build script (Closes: #6267).
      This is in turn used to sign ISO images built by our Jenkins setup
      (Closes: #6193).
    - Simplify the ikiwiki setup and make more pages translatable.
    - Exclude the version string in GnuPG's ASCII armored output.
    - Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting
      data with GnuPG.
    - Use the same custom Startpage search URL than the TBB.
      This apparently disables the new broken "family" filter.
    - Update AdBlock Plus patterns.
    - Install Linux from Debian testing.
      (That is, the same version that was shipped in 0.20.1.)

  * Test suite
    - Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use.
    - Adapt tests to match the Control Port access security fix:
      · Take into account that the amnesia user isn't part of the debian-tor
        group anymore.
      · Run as root the checks to see if a process is running: this
        is required to see other users' processes.

 -- Tails developers <tails@boum.org>  Sat, 26 Oct 2013 23:42:46 +0200

tails (0.20.1) unstable; urgency=low

  * Major new features
  - Install Tor 0.2.4.17-rc-1~d60.squeeze+1 from the Tor project's repository.
  - Install Iceweasel 17.0.9esr with Torbrowser patches.
  - Install Linux kernel 3.10-3 (version 3.10.11-1) from sid.

  * Bugfixes
  - Remount persistence devices read-only at shutdown/reboot time
    (Closes: #6228).
  - Greeter: display a warning icon on admin password mismatch and on
    persistence unlocking failure. Thanks to Andres Gomez Ramirez
    <andres.gomez@cern.ch> for the fix!
  - Don't torsocksify Pidgin.
    Instead we disable Pidgin's GNOME integration to get the "Global proxy
    configuration", which we set to use Tor. This fixes the I2P IRC account.
  - Additional software: fix typo in notification.
  - Allow installing "Priority: standard" packages that we do not install
    by default: remove them late in the build process instead of assigning
    them a -1 APT pinning level.

  * Minor improvements
  - Update AdBlock Plus patterns.
  - Use more unique ISO file name when building from Jenkins.
  - Additional software: point to the system log on upgrade failure.
  - Set SOCKS5_USER and SOCKS5_PASSWORD in the connect-socks wrapper (used
    by Git). Else, Tor 0.2.4's IsolateSOCKSAuth and connect-proxy
    sometimes play together in some way that makes connect-proxy ask for
    a password to connect to the SocksPort. SOCKS5_USER and
    SOCKS5_PASSWORD are passed through unchanged if they were manually set
    by the user already.
  - Use our custom connect-socks wrapper for SSH. Else, Tor 0.2.4's
    IsolateSOCKSAuth and connect-proxy sometimes play together in some way
    that makes connect-proxy ask for a password to connect to the
    SocksPort. Note that connect-socks uses the default SocksPort too, so
    no change here wrt. our connection isolation design.

  * Localization
  - Import new translations from Transifex.

  * Test suite
  - Fix old ISO checking for consistent error reporting.
  - Remove custom persistence test from manual test suite.
    It was removed for the GUI in t-p-s 0.33.

 -- Tails developers <tails@boum.org>  Sun, 15 Sep 2013 15:49:36 +0200

tails (0.20) unstable; urgency=low

  * Major new features
  - Install Linux kernel 3.10.3-1 from Debian unstable.
  - Iceweasel 17.0.8esr + Torbrowser patches.

  * Bugfixes
  - Prevent Iceweasel from displaying a warning when leaving HTTPS web sites.
  - Make Iceweasel use the correct, localized search engine.
  - Fix Git access to https:// repositories.

  * Minor improvements
  - Install Dasher, a predictive text entry tool.
  - Add a wrapper around TrueCrypt which displays a warning about it soon
    being deprecated in Tails.
  - Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP.
    Many of the other protocols Pidgin support are broken in Tails and
    haven't got any security auditting.
  - Disable the pre-defined Pidgin accounts so they do not auto-connect
    on Pidgin start.
  - Include information about Alsa in WhisperBack reports.
  - Explicitly restrict access to ptrace. While this setting was enabled
    by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1.
    It's unclear what will happen next, so let's explicitly enable it ourselves.
  - Do not display dialog when a message is sent in Claws Mail.
  - Sync iceweasel preferences with the Torbrowser's.

  * Localization
  - Many translation updates all over the place.
  - Merge all Tails-related POT files into one, and make use of intltoolize
    for better integration with Transifex.

 -- Tails developers <tails@boum.org>  Tue, 30 Jul 2013 14:19:57 +0200

tails (0.19) unstable; urgency=low

  * Major new features
  - Install Linux kernel 3.9.5-1 from Debian unstable.
    Features of particular interest for Tails are the Yama LSM
    (ptrace scope restrictions) and improved hardware support.
    As a corollary, install initramfs-tools from there too.
  - Iceweasel 17.0.7esr + Torbrowser patches.
  - Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of
    wireless device. Next steps are described on the
    todo/protect_against_external_bus_memory_forensics ticket.

  * Bugfixes
  - Fix write access to boot medium at the block device level,
    by installing bilibop-udev. Thanks to quidame for his support.
  - tails-greeter l10n-related fixes, thanks to winterfairy:
    · Fix so translations is applied on password mismatch messages.
    · Separate forward and login buttons and make them translatable.
  - Fix link to documentation when no sudo password is set.
  - gpgApplet: partial fix for clipboard emptying after a wrong passphrase
    was entered.
  - Workaround aufs bug in Unsafe Browser script.

  * Minor improvements
  - Drop GNOME proxy settings: we did not find any use of it we were keen
    to support, other than two programs (Seahorse, Pidgin) that are now run
    with torsocks.
  - Format newly created persistent volumes as ext4.
  - GnuPG: don't connect to the keyserver specified by the key owner.
    This feature opens the door to a variety of subtle attacks.
  - GnuPG: locate keys only from local keyrings.
    This is probably the default, but better safe than sorry.
  - Install virt-what from Wheezy.
    The version from Squeeze does not detect at least Parallels for Mac v.8.
  - Upgrade live-boot and live-config to the 3.0.x final version from Wheezy.
    · Remove /live and /lib/live/image compatibility symlinks.
    · Add /live/overlay -> /lib/live/mount/overlay symlink.
      The live-boot changes (commit d2b2a461) brought to fix Debian bug
      #696495 revert some of our previous changes (commit 77dab1cb), and as
      a result, at the time live-persist runs, no tmpfs is mounted on
      /live/overlay, which breaks the aufs mount. So, let's just ensure
      /live/overlay points to a tmpfs.
    · Really disable policykit and sudo live-config hooks.
      ... by making it believe they've already been run.
      This workarounds new live-config's default behavior.

  * Localization
  - Many translation updates all over the place.

  * Test suite
  - Re-enable previously disabled boot device permissions test.

 -- Tails developers <tails@boum.org>  Wed, 26 Jun 2013 12:36:20 +0200

tails (0.18) unstable; urgency=low

  * New features
  - Support obfs3 bridges.
  - Automatically install a custom list of additional packages chosen by
    the user at the beginning of every working session, and upgrade them
    once a network connection is established (technology preview).

  * Iceweasel
  - Upgrade to Iceweasel 17.0.6esr-0+tails1~bpo60+1.
  - Update Torbrowser patches to current maint-2.4 branch (567682b).
  - Isolate DOM storage to first party URI, and enable DOM storage:
    don't set dom.storage.enabled anymore, and set Torbutton's
    disable_domstorage to false.
  - Isolate the image cache per url bar domain.
  - Torbutton 1.5.2, and various prefs hacks to fix breakage:
    · Add .saved version of the Torbutton preferences the TBB also sets.
    · Set TOR_SOCKS_HOST and TOR_SOCKS_PORT.
    · Move some prefs (network.proxy.*, extensions.autoDisableScopes,
      extensions.foxyproxy.last-version) to user.js.
      Else, with Torbutton 1.5.x, these ones are not taken into account.
    · Set network.proxy.socks_version.
      Else we get the meaningless user_pref("network.proxy.socks_version", 9063);
      in prefs.js after the initial startup.
    · Set extensions.foxyproxy.socks_remote_dns to true.
      Else, it overrides the various ways we set network.proxy.socks_remote_dns,
      which in turn makes Torbutton think it should start in non-Tor mode.
    · Also pass the TOR_SOCKS_* environment variables to iceweasel when
      generating the profile: Torbutton behaves differently depending on
      these variables, so we don't want the initial profile generation to be
      done without them. In practice, this has no implication that we could
      see right now, but better safe than sorry.
    · Import all version overrides from the TBB prefs.
      Else, the User-Agent sent in the HTTP headers is fine, but real
      values leak with JavaScript, as demonstrated by ip-check's "Browser
      type" test.
    · Move a bunch of settings to user_pref(), that are not applied otherwise.
      For some, this fixes a regression in 0.18~rc1.
      For other, the  bug was already present in Tails 0.17.2.
  - HTTPS Everywhere 3.2.
  - Update prefs to match the TBB's, fix bugs, and take advantage of the latest
    Torbrowser patches:
    · Increase pipeline randomization.
    · Fix @font-face handling of local() fonts.
      Also disable fallback font rendering.
    · Explicitly disable SPDY v2 and v3.
    · Update http pipelining prefs.
  - Make prefs organization closer to the TBB's:
    · Remove Torbutton prefs that we set at their default value.
    · Import Torbutton preferences from the TBB.
    · Organize iceweasel config files in sections the same way as the TBB.
  - Cleanup prefs:
    · Don't set extensions.torbutton.clear_cookies nor
      extensions.torbutton.saved.share_proxy_settings:
      we don't care about toggling anymore.
    · Don't set extensions.torbutton.saved.download_retention nor
      extensions.torbutton.saved.search_suggest:
      these settings are not used in Torbutton anymore.
  - Update unsafe browser prefs mangling accordingly.
  - Move network.protocol-handler.warn-external.* to user_pref().
    Else they're not applied.
    These prefs are actually ignored by Firefox these days -- the TBB
    design doc reads "They are set still anyway out of respect for the
    dead". Let's go on doing the same.
  - Update extensions.adblockplus.currentVersion.
  - Fetch xul-ext-https-everywhere (3.2-2) and xul-ext-noscript (2.6.6.1-1)
    from Debian unstable. They were uploaded there, and accordingly removed
    from experimental.

  * Bugfixes
  - Linux 3.2.41-2+deb7u2.
  - Fixed swapped filenames of tails-{reboot,shutdown}.desktop.
    Thanks to Mikko Harhanen for the patch.
  - Only add ClientTransportPlugin to torrc when bridge mode is enabled.
    This should bring back support for proxies of type other than obfsproxy.

  * Minor improvements
  - Set kernel.dmesg_restrict=1, and make /proc/<pid>/ invisible
    and restricted for other users. It makes it slightly harder for an attacker
    to gather information that may allow them to escalate privileges.
  - Install gnome-screenshot.
  - Don't disable IPv6 on all network interfaces anymore.
    It turns out the IPv6 leaks we wanted to fix actually don't exist.
  - Add a "About Tails" launcher in the System menu.
  - Install GNOME accessibility themes.
  - Use 'Getting started...' as the homepage for Tails documentation button.
  - Stop relying on the obsolete /live/image compatibility symlink.
  - Disable audio preview in Nautilus.
  - Wheezy was released => Squeeze is now oldstable.
  - Pick Tor from deb.torproject.org regardless of the release name they
    advertise. At some point we needed it, their APT repository still thought
    that stable == Squeeze.
  - Add Wheezy APT sources.
  - Install Linux and related packages from Wheezy.
    Debian sid just got Linux 3.8, and we don't want to switch to a new kernel
    yet.
  - Fetch laptop-mode-tools from Wheezy.
    Wheezy has the version we've been installing in 0.18~rc1,
    while a newer one was uploaded to sid in the meantime.
  - Fetch a few packages from Wheezy instead of unstable.
    Namely: spice-vdagent, libregexp-common-perl, macchanger, service-wrapper,
    libservice-wrapper-java and libservice-wrapper-jni.
    Wheezy has the versions we've been installing for a while, so let's
    avoid having unstable push a newer one to us uselessly at some point.
    Note that at the time of this writing, the versions in sid and in Wheezy
    are the same, so this commit is effectively a no-op as of today: it is
    merely a safeguard for the future.

  * Localization
  - Many translation updates all over the place.

  * Build process
  - Make Vagrant's build-tails script support Jenkins too.

  * Test suite
  - Fix Unsafe Browser test broken by hidepid.

 -- Tails developers <tails@boum.org>  Mon, 13 May 2013 22:17:38 +0200

tails (0.17.2) unstable; urgency=low

  * Iceweasel
  - Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
  - Stop displaying obsolete context menu entries ("Open Tor URL" and friends).

  * Hardware support
  - Update Linux to 3.2.41-2

  * Bugfixes
  - Use more reliable OpenPGP keyservers:
    · use the hkps pool in GnuPG (and import their SSL CA)
    · use hkp://pool.sks-keyservers.net in Seahorse (as it does not support
      hkps yet)
  - Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.)
    from resetting the system partition's attributes when manipulating the
    partition table. To this end, backport the relevant bugfix from Wheezy
    into parted 2.3-5+tails1. This allowed to remove the sgdisk-based
    workaround in tais-persistence-setup, and to stop installing
    python-parted. All this is a first needed step to fix
    todo/make_system_disk_read-only in a future release.

  * Minor improvements
  - Disable NoScript's HTML5 media click-to-play for better user experience.

  * Localization
  - Tails USB installer: update translations for French, German, Spanish,
    Finnish, Greek, Italian, Latvian, Dutch, Polish and Chinese.
  - Tails Greeter: update translations for Farsi, Chinese, French;
    new translations: Finnish, Norwegian Bokmål, Galician.
  - tails-persistence-setup: update Farsi and Chinese translations;
    import new translations for Finnish and Swedish.
  - WhisperBack: update translations for Arabic, French, German, Greek,
    Spanish, Korean, Polish, Russian. New translations: Finnish, Chinese.

  * Build process
  - Add automated testing framework (Sikuli, Cucumber, libvirt -based)
    with a bunch of tests.

 -- Tails developers <amnesia@boum.org>  Sun, 07 Apr 2013 12:17:26 +0200

tails (0.17.1) unstable; urgency=low

  * Iceweasel
  - Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1.

  * Hardware support
  - Update Linux to 3.2.39-2.
    It includes the drm and agp subsystems from Linux 3.4.29.
  - Don't install xserver-xorg-video-rendition backport.
    xserver-xorg-video-rendition has been removed from squeeze-backports
    due to an upstream tarball mismatch discover when merging backports
    into the main Debian archive, and xserver-xorg-video-all still depends
    on it, so we explicitly install all drivers from -all but -rendition
    as a (hopefully temporary) workaround.

  * Minor improvements
  - Remove Indymedia IRC account, until we ship a version of Pidgin
    with SASL support, that is when Tails is based on Wheezy.

  * Build system
  - Don't ship the wiki's todo and bugs on ISO images.

 -- Tails developers <amnesia@boum.org>  Thu, 21 Mar 2013 18:54:11 +0100

tails (0.17) unstable; urgency=low

  * New features
  - Install the KeePassX password manager, with a configuration and
    documentation that makes it easy to persist the password database.

  * Iceweasel
  - Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1.
  - Install xul-ext-adblock-plus from squeeze-backports.
  - Do not allow listing all available fonts.
    Set browser.display.max_font_attempts and browser.display.max_font_count
    to enable the Torbrowser Limit-the-number-of-fonts-per-document patch.
  - Set default spellchecker dictionary to English (USA),
    and localize it according to locale with our custom branding extension.
  - Disable the add-ons automatic update feature.
  - Make the generated profile world-readable.
  - Remove NoScript click-to-play confirmation.
  - Sync some prefs set by Torbutton, to be ready when it stops setting these.
  - Disable navigation timing.
  - Disable SPDY. It stores state and may have keepalive issues.
  - More aggressive iceweasel HTTP pipelining settings.
  - Enable WebGL (as click-to-play only).
  - Disable network.http.connection-retry-timeout.
  - Disable full path information for plugins.
  - Remove NoScript blocks of WebFonts.
  - Disable DOM storage in Torbutton.
    Since we don't apply the 0026-Isolate-DOM-storage-to-first-party-URI.patch
    Torbrowser patch yet, and still disable DOM storage, we need to tell
    Torbutton not to use it.
  - Synchronize iceweasel's general.useragent.override with TBB based on FF17.
    The User-Agent settings are not kept up-to-date anymore in Torbutton, so
    we have to keep in sync manually with TBB's settings.
  - Remove obsolete APT pining for Torbutton.
    It's not maintained in Debian anymore, so we now fetch it from our own
    APT repository.
  - Fetch FoxyProxy from Debian experimental and libnspr4-0d from
    squeeze-backports, for compatibility with Iceweasel 17.
  - Rebase bookmarks file on top of the default iceweasel 17 one.
  - Explicitly disable AdBlock Plus "correct typos" feature.
    This feature connects to http://urlfixer.org/.
    It is disabled by default in 2.2-1, but let's be careful.

  * Minor improvements
  - Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1.
    Accordingly update the 9980-permissions hook, live-persist,
    unsafe-browser and boot-profile.
    Add compatibility symlinks from /live to /lib/live, and from /live/image
    to /lib/live/mount/medium, to ease the transition.
  - Check for errors when sourcing live-boot files, e.g. to detect when
    they have been renamed upstream.
  - Don't add "quiet" to the kernel command-line ourselves.
    Else, it appears twice as live-build's lb_binary_syslinux adds it too.
    Historically, we've been adding it ourselves on top of that because
    lb_binary_yaboot does not add it, but since we gave up the PowerPC support
    attempt, we're now only interested in syslinux, so let's make it easier
    for the general case, e.g. when one wants to remove the "quiet" parameter
    as suggested by our "Tails does not start" debugging documentation.
  - Upgrade I2P to 0.9.4.

  * Bugfixes
  - Many bugfixes brought by the Debian Squeeze 6.0.7 point-release.
  - Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse
    as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail,
    and brings support for OpenPGP smartcards.
  - Enable I2P hidden mode.
    Else, killing I2P ungracefully is bad for the I2P network.
  - live-persist: move error() function before the first potential usecase.
  - Add missing executable bit on restart-tor and restart-vidalia.
  - Add shutdown and reboot launchers to the menu.
    This workarounds the lack of a shutdown helper applet in camouflage mode.
  - Remove Pidgin's MXit and Sametime support.
    ... at least until CVE-2013-0273, CVE-2013-0272 and CVE-2013-0271 are
    fixed in Debian stable. While we're at it, don't force file removal in
    these "set -e" build scripts: fail hard, instead of silently ignoring
    the fact that files may have moved or disappeared.

  * Hardware support
  - Install recent Intel and AMD microcode from squeeze-backports,
    explicitly excluding the iucode-tool package that's not a good idea
    for Live systems.
  - Install firmware loader for Qualcomm Gobi USB chipsets.
    This is needed to have various mobile broadband chipsets work.
  - Upgrade barry to 0.18.3-5~bpo60+1.
    This much improved new version supports more hardware & ISP,
    and does not display dozens of spurious error messages at boot time.

  * Build system
  - Remove APT local cache (/Var/cache/apt/{,src}pkgcache.bin).

 -- Tails developers <amnesia@boum.org>  Sat, 23 Feb 2013 10:37:57 +0100

tails (0.16) unstable; urgency=low

  * Minor improvements
  - Replace the too-easy-to-misclick shutdown button with a better
    "Shutdown Helper" Gnome applet.
  - Display ~/Persistent in GNOME Places and GtkFileChooser if it is mounted.
  - Set Unsafe Browser's window title to "Unsafe Browser".
  - Install ekeyd to support the EntropyKey.
  - Install font for Sinhala.
  - Update Poedit to 1.5.4.
  - Kill Vidalia when restarting Tor.
    Doing this as early as possible exposes Vidalia's "broken onion" icon
    to users less.
  - Hide the persistence setup launchers in kiosk mode.
  - Add a shell library for Tor functions.
    These are shared among multiple of our scripts.
  - Install dictionaries for supported languages.
    Install hunspell dictionaries when possible,
    fall back on myspell ones else.

  * Bugfixes
  - Disable IPv6 on all network interfaces.
    This is a workaround for the IPv6 link-local multicast leak that was recently
    discovered. Tails has no local service that listens on IPv6, so there should be
    no regression, hopefully, unless one wants to play with OnionCat and VoIP,
    but those of us should know how to workaround this anyway.
  - live-persist: Fix variable mismatch, fixing probe white-list.
    Tails may previously have been able to list GPT partitions labelled
    "TailsData" on hard drives (!) as valid persistence volumes...
  - live-persist: Fix --media option when no devices are attached.
    Earlier, if it was set to e.g. 'removable-usb' and no USB storage was
    connected, $whitelistdev would be empty, which is interpreted like
    all devices are ok by the rest of the code.
  - Fix SCIM in the autostarted web browser: save IM environment variables
    to a file during Desktop session startup, and export them into the
    autostarted browser's environment.
  - Talk of DVD, not of CD, in the shutdown messages.
  - Make tordate work in bridge mode with an incorrect clock.
    When using a bridge Tor reports TLS cert lifetime errors (e.g. when
    the system clock is way off) with severity "info", but when no bridge
    is used the severity is "warn". tordate/20-time.sh depends on grepping
    these error messages, so we termporarily increase Tor's logging
    severity when using bridge mode. If we don't do this tordate will
    sleep forever, leaving Tor in a non-working state.
    · White-list root to use Tor's ControlPort.
    · Add logging for is_clock_way_off().
    · Remove Tor's log before time syncing.
      We depend on grepping stuff from the Tor log (especially for
      tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
    · Stop Tor before messing with its log or data dir.
  - live-persist: limit searched devices the same way as live-boot.
    If no --media argument is specified, use live-boot's
    "(live-media|bootfrom)=removable(|-usb)" argument to limit devices
    searched for a persistent volume.
  - tails-greeter: do not pass media=removable to live-persist.
    Now that we have autodetection with kernel command-line,
    it should not be needed anymore.
  - Start memlockd after configuring it,
    instead of starting it before and restarting it after.
    This avoids running memlockd twice, and prevents other possibly
    surprising race-conditions.
    As a consequence, also have tails-sdmem-on-media-removal start after the
    memlockd service *and* tails-reconfigure-memlockd: to start the watchdog,
    we need memlockd to be properly configured *and* running.

  * iceweasel
  - Set iceweasel homepage to the news section on the Tails website.
    ... using the localized one when possible.
  - Hide the iceweasel add-on bar by default.
    Now that we don't want to ship the Monkeysphere addon anymore,
    that was the only one displayed in there, we can as well hide the whole bar.
  - Don't hide the AdBlock-Plus button in the add-on bar anymore. Now that
    we hide the whole addon bar, we can get rid of this old
    UX improvement.
  - Do not install a placeholder (fake) FireGPG iceweasel extension anymore.
    It was shipped from 0.10 (early 2012) to 0.15 (late November),
    so the migration period should be over now.
  - Don't install xul-ext-monkeysphere anymore.
    The implication of the current keyserver policy are not well
    understood, Monkeysphere is little used in Tails, and we're not sure
    anymore it would be our first bet for the web browser profile with no
    CA. Let's keep the various configuration bits (e.g. FoxyProxy,
    patching MSVA), though, so that advanced users who are used to have
    Monkeysphere in Tails just have to install the package.

  * Build system
  - Install the "standard" task with tasksel for better consistency in the
    Tails ISO images built in various environments.
  - Install p7zip-full. It's a dep by file-roller, but we explicily use it
    elsewhere, and it's better to be safe than sorry.
  - Remove pinning of libvpx0 to sid.
    This package is part of Squeeze, and not from testing/sid.
    We have been shipping the version from Squeeze for a while.
  - Remove config/chroot_local-packages/ from .gitignore.
    The documented way for "external" contributors to add custom packages
    is to put them in chroot_local-packages, and once we pull we import
    any such package into our APT repo and rewrite the
    history appropriately.
    Also, the ability to add packages in there and not see them in "git
    status" makes it very easy to build tainted ISO images with
    non-standard packages, which makes some of us fear can lead to hard to
    debug situations.
  - Make it clearer what can and cannot be done in terms of local packages.

 -- Tails developers <amnesia@boum.org>  Thu, 10 Jan 2013 12:47:42 +0100

tails (0.15) unstable; urgency=low

  * Major new features
  - Persistence for browser bookmarks.
  - Support for obfsproxy bridges.

  * Minor improvements
  - Add the Hangul (Korean) Input Method Engine for SCIM.
  - Add vendor-specific dpkg origin information. This makes dpkg-vendor
    return correct information.
  - Install pcscd and libccid from squeeze-backports. This is needed to
    support, to some extent, some OpenPGP SmartCard readers.
  - Install HPIJS PPD files and the IJS driver (hpijs).
    This adds support for some printers, such as Xerox DocumentCenter400.
  - Optimize fonts display for LCD.
  - Update TrueCrypt to version 7.1a.

  * Bugfixes
  - Do not use pdnsd anymore. It has been orphaned in Debian, has quite
    some bugs in there, and apparently Tor's DNSPort's own caching is
    be good enough.
  - Remove useless iceweasel cookies exceptions. They are useless as
    per-session cookies are allowed.
  - Do not run setupcon on X. This call is only needed on the Linux
    console, no need to annoy the user with a weird "Press enter to
    activate this console" when the open a root shell in a GNOME
    Terminal.
  - Allow the tails-iuk-get-target-file user to connect to the SOCKSPort
    dedicated for Tails-specific software.
  - Fix gpgApplet menu display in Windows camouflage mode.
  - Fix Tor reaching an inactive state if it's restarted in "bridge mode",
    e.g. during the time sync' process.

  * Iceweasel
  - Update iceweasel to 10.0.11esr-1+tails1.
  - User profile is now generated at build time in order to support persistent
    bookmarks.
  - Update HTTPS Everywhere to version 3.0.4.
  - Update NoScript to version 2.6.
  - Fix bookmark to I2P router console.
  - Re-enable Monkeysphere extension to connect to the validation agent.

  * Localization
  - The Tails USB installer, tails-persistence-setup and tails-greeter
    are now translated into Bulgarian.
  - Update Chinese translation for tails-greeter.
  - Update Euskadi translation for WhisperBack.

  * Build system
  - Custom packages are now retrieved from Tails APT repository instead
    of bloating the Git repository.
  - Allow '~' in wiki filenames. This makes it possible to ship
    update-description files for release candidates.
  - Document how to create incremental update kit.
  - Handle release candidates when generating custom APT sources.
  - Remove pinning for xul-ext-adblock-plus.
    It is obsolete since we've added this package to our APT repository.

 -- Tails developers <amnesia@boum.org>  Sun, 25 Nov 2012 12:59:17 +0100

tails (0.14) unstable; urgency=low

  * Major new features
  - Enable Tor stream isolation; several new SocksPorts with
    appropriate Isolate* options have been added for different use
    cases (i.e. applications). All application's have been
    reconfigured to use these new SocksPorts, which should increase
    anonymity by making it more difficulte to correlate traffic from
    different applications or "online identities".
  - The web browser now has the anonymity enhancing patches from the
    TorBrowser applied.
  - gpgApplet can now handle public-key cryptography.
  - Install an additional, PAE-enabled kernel with NX-bit
    support. This kernel is auto-selected when the hardware supports
    it and will:
    * provide executable space protection, preventing certain types of
      buffer overflows from being exploitable.
    * enable more than 4 GiB of system memory.
    * make all processors/cores available, including their
      power-saving functionality.
  - Add a persistence preset for NetworkManager connections.

  * Minor improvements
  - On kexec reboot, make the boot quiet only if debug=wipemem was not
    enabled.
  - Update torproject.org's APT repo key.
  - Update the embedded Tails signing key.
  - Use symlinks instead of duplicating localized searchplugins.
  - Rewrite Tails firewall using ferm. Tails firewall was written in
    very unsophisticated iptables-save/restore format. As more feature
    creeped in, it started to be quite unreadable.
  - Optimize VirtualBox modules build at runtime to avoid installing the
    userspace utils N times.
  - Drop most of Vidalia's configuration. Our custom lines just caused
    trouble (with multiple SocksPorts) and the default works well.
  - Blacklist PC speaker module. On some computers, having the pcspkr
    module loaded means loud beeps at bootup, shutdown and when using
    the console. As it draws useless attention to Tails users, it is
    better to prevent Linux from loading it by default.
  - Remove all addons from the Unsafe Browser. No addons are essential
    for the Unsafe Browser's intent. If anything they will modify the
    network fingerprint compared to a normal Iceweasel install, which
    is undesirable.
  - Prevent some unwanted packages to be installed at all, rather than
    uninstalling them later. This should speed up the build a bit.
  - Add a symlink from /etc/live/config to /etc/live/config.d. This
    makes the system compatible with live-config 3.0.4-1, without
    breaking backward compatibility with various parts of the system
    that use the old path.
  - Do not run unecessary scripts during shutdown sequence, to make
    shutdown faster.
  - Make live-persist deal with persistent ~/.gconf subdirs so that
    any options saved therein actually get persistent.
  - Prevent memlockd unload on shutdown, to make sure that all
    necessary tools for memory wiping are available when the new
    kernel has kexec'd.
  - Patch initscripts headers instead of fiddling with update-rc.d. We
    now let insserv figure out the correct ordering for the services
    during startup and shutdown, i.e. use dependency-based boot
    sequencing.
  - Remove the last absolute path in our isolinux config, which makes
    it easier to migrate from isolinux to syslinux (just rename the
    directory), and hence might make it easier for 3rd party USB
    installers (like the Universal USB Installer) to support Tails.

  * Bugfixes
  - Include `seq` in the ramdisk environment: it is used to wipe more
    memory. This fixes the long-standing bug about Tails not cleaning
    all memory on shutdown.
  - Fix Yelp crashing on internal links
  - Allow amnesia user to use Tor's TransPort. This firewall exception
    is necessary for applications that doesn't have in-built SOCKS
    support and cannot use torsocks. One such example is Claws Mail,
    which uses tsocks since torsocks makes it leak the hostname. This
    exception, together with Tor's automatic .onion mapping makes
    Claws Mail able to use hidden service mail providers again.
  - Force threads locking support in Python DBus binding. Without this
    liveusb-creator doesn't work with a PAE-enabled kernel.
  - Fix localized search plugins for 'es' and 'pt'
  - Fix live-boot's readahead, which caused an unnecessary pause
    during boot.
  - Factorize GCC wanted / available version numbers in VirtualBox
    modules building hook. This, incidentally, fixes a bug caused by
    duplication and not updating all instances.
  - Fix tordate vs. Tor 0.2.3.x. Since 0.2.3.x Tor doesn't download a
    consensus for clocks that are more than 30 days in the past or 2
    days in the future (see commits f4c1fa2 and 87622e4 in Tor's git
    repo). For such clock skews we set the time to the Tor authority's
    cert's valid-after date to ensure that a consensus can be
    downloaded.

  * Tor
  - Update to version 0.2.3.24-rc-1~~squeeze+1, a new major
    version. It's not a stable release, but we have been assured by
    the Tor developers that this is the right move.
  - Stop setting custom value for the Tor LongLivedPorts
    setting. Gobby's port was upstreamed in Tor 0.2.3.x.

  * Iceweasel
  - Update to 10.0.10esr-1+tails1, which has all the anonymity enhancing
    patches from the TorBrowser applied.
  - Install iceweasel from our own repo, http://deb.tails.boum.org.
  - Fix Iceweasel's file associations. No more should you be suggested
    to open a PDF in the GIMP.

  * htpdate
  - Use curl instead of wget, and add a --proxy option passed through
    to curl.
  - Remove the --fullrequest option, we don't need it anymore.
  - Remove --dns-timeout option, we don't need it anymore.
  - Change --proxy handling to support Debian Squeeze's curl.
  - Clarify what happens if --proxy is not used.
  - Compute the median of the diffs more correctly.

  * Hardware support
  - Update Linux to 3.2.32-1.

  * Software
  - Update vidalia to 0.2.20-1+tails1.
  - Update bundled WhisperBack package to 1.6.2:
    * Raise the socket library timeout to 120 seconds
    * Use smtplib's timeout parameter
    * Fix error output when calling send a 2nd time
  - Update liveusb-creator to 3.11.6-3.
  - Update i2p to 0.9.2.
  - Update tails-persistence-setup to 0.20-1, which should make it
    possible to install Tails on large (>= 32 GiB) USB drives.
  - Install console-setup and keyboard-configuration from unstable
    (required by new initramfs-tools).
  - Update tails-greeter to 0.7.3:
    * Import pt_BR translation.
    * Let langpanel usable during option selection stage
    * Print less debugging messages by default
    (below are changes in tails-greeter 0.7.2:)
    * Use correct test operators.
    * Generate language codes of available locales at package build
      time.
    * Read list of language codes from where we have saved it at
      package build time.
    * Drop tails-lang-helper, not used anymore.
    * Do not compile locales at login time anymore. Tails now ships
      locales-all.
  - Import live-config{,-sysvinit} 3.0.8-1. live-config >= 3.0.9-1
    has basically nothing useful for us, and it migrates to new paths
    brought by live-boot 3.0~b7, which we're not ready for yet (see:
    todo/newer_live-boot).

  * Localization
  - Fix Tails specific Iceweasel localization for pt-BR
  - Add Japanese input system: scim-anthy.
  - whisperback is now also translated into German, Hebrew, Hungarian,
    Italian and Korean.
  - tails-persistence-setup is now also translated into Arabic.
  - tails-greeter is now also translated into Arabic, Hebrew, Basque,
    Hungarian, Italian and Chinese.

  * Build system
  - Catch more errors in during build time:
    - Ensure that all local hooks start with 'set -e'.
    - Fail hard if adduser fails in local hooks.
    - Fail hard if 'rm' fails in local hooks.
  - vagrant: Ensure we have the set of Perl packages needed by our
    Ikiwiki
  - vagrant: Configure live-build to ship with ftp.us.debian.org.
    Using cdn.debian.net leads to bad interactions with Tor.
  - vagrant: Don't use gzip compression when building from a tag, i.e.
    a release.
  - vagrant: Optionally use bootstrap stage cache for faster builds
    via the 'cache' build option.
  - vagrant: Make sure release builds are clean, i.e. they don't use
    any potentially dangerous build options.
  - vagrant: Disable live-build package caching. This build system is
    meant to use an external caching proxy, so live-build's cache just
    wastes RAM (for in-memory builds) or disk space.
  - vagrant: use aufs magic instead of copying source into tmpfs.
    This reduces the amount of RAM required for building Tails in.
  - vagrant: Allow in-memory builds when a VM with enough memory is
    already started.

 -- Tails developers <amnesia@boum.org>  Sat, 10 Nov 2012 12:34:56 +0000

tails (0.13) unstable; urgency=low

  * Major new features
  - Use white-list/principle of least privelege approach for local services.
    Only users that need a certain local (i.e. hosted on loopback) service
    (according to our use cases) are granted access to it by our firewall;
    all other users are denied access.
  - Ship a first version of the incremental update system. Updates are not
    currently triggered automatically, but this will allow tests to be done
    on larger scales.

  * Minor improvements
  - Enable four workspaces in the Windows XP camouflage. This allows
    users to quickly switch to a more innocent looking workspace in case
    they are working on sensitive data and attract unwanted attention.
    The workspace switcher applet isn't there, though, since there's no
    such thing in Windows XP, so switching is only possible via keyboard
    shortcuts.
  - Ship with precompiled locales instead of generating them upon login.
  - Add support for wireless regulation.
  - Use color for Git output, not intended for machine consumption,
    written to the terminal.
  - Have ttdnsd use OpenDNS. Using Google's DNS servers was very
    glitchy, and rarely succeeded when it should. It can probably be
    attributed to Google's DNS, which is known to take issue with Tor
    exits.
  - Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
  - Include GDM logs and dmidecode informations in the reports.
  - Allow to modify language and layout in the "Advanced options" screen
    of the greeter.
  - GnuPG: bump cert-digest-algo to SHA512.
  - Update torproject.org's APT repo key.

  * Bugfixes
  - Make Claws Mail save local/POP emails in its dot-directory. The
    default is to save them at ~/Mail, which isn't included in our
    current Claws Mail persistence preset.
  - Fix the System Monitor applet.
  - Remove broken ttdnsd from the default DNS resolution loop.
  - Hide the 'TailsData' partition in desktop applications.
  - Ship unrar-free again, so that the GNOME archive manager knows about
    it.
  - Ship with an empty whitelist for Noscript.
  - Disable FoxyProxy's advertisement on proxy error page.
  - Fix slow browsing experience for offline documentation.
  - Raise the socket timeout to 120 seconds in WhisperBack.
  - Enable the ikiwiki trail plugin for the locally built wiki too.

  * Iceweasel
  - Upgrade iceweasel to 10.0.6esr-1 (Extended Support Release) and install it
    and its dependencies from squeeze-backports.

  * Hardware support
  - Upgrade Linux to 3.2.23-1.

  * Software
  - Update tor to version 0.2.2.39.
  - Update Iceweasel to version 10.0.7esr-2.
  - Update i2p to version 0.9.1.

  * Build system
  - vagrant: Install Ikiwiki from Debian unstable. The 'mirrorlist'
    patches have finally been merged in upstream Ikiwiki. So instead of
    building Ikiwiki by hand, we can now install the package directly
    from Debian unstable.
  - Do not build the ikiwiki forum on the bundled static website copy.

 -- Tails developers <amnesia@boum.org>  Mon, 17 Sep 2012 15:19:25 +0200

tails (0.12.1) unstable; urgency=low

  This is a brown paper bag release to fix two major problems introduced in
  Tails 0.12.

  * Iceweasel
  - Upgrade Torbutton to 1.4.6.
  - Upgrade AdBlock Plus to 2.1.
  - Update AdBlock Plus patterns.

  * Hardware support
  - Upgrade Linux to 3.2.21-3 (linux-image-3.2.0-3-486).

  * Software
  - Install MAT from Debian backports, drop custom package.
  - Install python-pdfrw to re-add PDF support to the MAT.
  - Upgrade tails-greeter to 0.7.1, which fixes the race condition that
    broke administration password and locale settings on some systems.

  * Boot
  - Remove the Tails specific plymouth theme. The theme interfers heavily with
    the boot process on some hardware.

 -- Tails developers <amnesia@boum.org>  Mon, 17 Sep 2012 13:06:03 +0200

tails (0.12) unstable; urgency=low

  * Major new features
  - Add the Unsafe Web Browser, which has direct access to the Internet and
    can be used to login to captive portals.
  - The (previously experimental, now deemed stable) Windows camouflage can now
    be enabled via a check box in Tails greeter.

  * Tor
  - Upgrade to 0.2.2.37-1~~squeeze+1.

  * Iceweasel
  - Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release) and install it
    and its dependencies from squeeze-backports.
  - Add a bookmark for the offline Tails documentation.
  - Update AdBlock patterns.

  * Persistence
  - Allow using larger USB drives by increasing the mkfs timeout to 10 minutes.
  - Tell the user what's going on when the Tails boot device cannot be found.

  * Hardware support
  - Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).

  * Software
  - Install rfkill.
  - Install torsocks. Note that this makes `torify' use `torsocks' instead of
    `tsocks'. The `tsocks' binary is dropped to avoid problems, but remaining
    files (the library) are kept since ttdnsd depends on them.
  - Fetch live-config-sysvinit from sid so that it matches live-config version.
  - Update virtualbox backports to 4.1.10-dfsg-1~bpo60+1.
  - Install pciutils (needed by virtualbox-guest-utils).
  - Install mousetweaks. This is needed to use the mouse accessibility settings
    in System -> Preferences -> Mouse -> Accessibility.
  - Install the "hardlink" files deduplicator.
  - Do not install cryptkeeper anymore. See todo/remove_cryptkeeper for reason.
    Users of cryptkeeper are encouraged to install cryptkeeper via `apt-get
    update; apt-get install --yes cryptkeeper`, open their volume and move
    their to Tails' built-in persistence instead, as a one-time migration.
  - Upgrade I2P to version 0.9.
  - Don't install GParted. GNOME Disk Utility has been on par with GParted
    since Squeeze was released.
  - Upgrade live-boot to 3.0~a27-1+tails2~1.gbp319fe6.
  - Upgrade live-config to 3.0~a39-1 and install it from Debian experimental.
  - Upgrade tails-greeter to 0.7.
  - Upgrade tails-persistence-setup to 0.17-1.
  - Install libyaml-libyaml-perl.
  - Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1.
  - Fetch python-pdfrw from backports, drop custom package.

  * Internationalization
  - The Tails website and documentation now has a (partial) Portuguese
    translation.

  * Build system
  - Tails can now be built without using a HTTP proxy.
  - Tails can now easily be built by using Vagrant. See the updated
    contribute/build page for instructions.

  * Boot
  - Remove obsolete noswap boot parameter. live-boot now handles swap on an
    opt-in basis.
  - The squashfs.sort files generated with boot-profile should now be ok which
    makes the generate images boot noticeably faster on optical media. See
    bugs/weird_squashfs.sort_entries for more information.
  - Set Tails specific syslinux and plymouth themes.
  - Add NVidia KMS video drivers to the initrd in order to show our shiny new
    plymouth theme on more systems.

 -- Tails developers <amnesia@boum.org>  Mon, 11 Jun 2012 13:37:00 +0200

tails (0.11) unstable; urgency=low

  * Major new features
  - Do not grant the desktop user root credentials by default.
  - A graphical boot menu (tails-greeter 0.6.3) allows choosing among
    many languages, and setting an optional sudoer password.
  - Support opt-in targeted persistence
    · tails-persistence-setup 0.14-1
    · live-boot 3.0~a25-1+tails1~5.gbp48d06c
    · live-config 3.0~a35-1
  - USB installer: liveusb-creator 3.11.6-1

  * iceweasel
  - Install iceweasel 10.0.4esr-1 (Extended Support Release).
    Let's stop tracking a too fast moving target.
    Debian Wheezy will ship ESR versions.
  - Install needed dependencies from squeeze-backports.
  - Search plugins:
    · Remove bing.
      bing appeared due to our upgrading iceweasel.
      Removing it makes things consistent with the way they have been
      until now, that is: let's keep only the general search engines
      we've been asked to add, plus Google, and a few specialized ones.
    · Replace Debian-provided DuckDuckGo search plugin with the "HTML SSL"
      one, version 20110219. This is the non-JavaScript, SSL, POST flavour.
    · Add ixquick.com.
    · Install localized search engines in the correct place.
      No need to copy them around at boot time anymore.
    · Remove Scroogle. RIP.
  - Enable TLS false start, like the TBB does since December.
  - Adblock Plus: don't count and save filter hits, supress first run dialog.
  - Install neither the GreaseMonkey add-on, nor any GreaseMonkey script.
    YouTube's HTML5 opt-in program is over.
    HTML5 video support is now autodetected and used.

  * Vidalia
  - Upgrade to 0.2.17-1+tails1: drop Do-not-warn-about-Tor-version.patch,
    applied upstream.
  - Set SkipVersionCheck=true.
    Thanks to chiiph for implementing this upstream (needs Vidalia 0.2.16+).

  * Internationalization
  - Install all available iceweasel l10n packages.
  - Remove syslinux language choosing menu.
    tails-greeter allows choosing a non-English language.
  - Add fonts for Hebrew, Thai, Khmer, Lao and Korean languages.
  - Add bidi support.
  - Setup text console at profile time.
    Context: Tails runs with text console autologin on.
    These consoles now wait, using a "Press enter to activate this console"
    message, for the user. When they press enter in there, they should have chosen
    their preferred keyboard layout in tails-greeter by now. Then, we run setupcon.
    As a result, the resulting shell is properly localized, and setupcon
    sets the correct keyboard layout, both according to the preferences expressed by
    the user in tails-greeter.
  - Don't use localepurge, don't remove any Scribus translations anymore,
    don't localize environment at live-config time:
    tails-greeter allows us to support many, many more languages.

  * Hardware support
  - Linux 3.2.15-1 (linux-image-3.2.0-2-amd64).
  - Fix low sound level on MacBook5,2.
  - Disable laptop-mode-tools automatic modules. This modules set often
    needs some amount of hardware-specific tweaking to work properly.
    This makes them rather not well suited for a Live system.

  * Software
  - Install GNOME keyring.
    This is needed so that NetworkManager remembers the WEP/WPA secrets
    for the time of a Tails session. Initialize GNOME keyring at user
    creation time.
  - Install usbutils to have the lsusb command.
  - Install the Traverso multitrack audio recorder and editor.

  * Miscellaneous
  - GNOME Terminal: keep 8192 scrollback lines instead of the smallish
    default.
  - Replaced tails-wifi initscript with laptop-mode-tools matching feature.
  - Disable gdomap service.
  - Fetch klibc-utils and libklibc from sid.
    The last initramfs-tools depends on these.
  - Set root password to "root" if debug=root is passed on the
    kernel cmdline. Allow setting root password on kernel cmdline via
    rootpw=. Looks like we implemented this feature twice.
  - Append a space on the kernel command line. This eases manually adding
    more options.
  - Rename sudoers.d snippets to match naming scheme.
    Sudo credentials that shall be unconditionally granted to the Tails
    default user are named zzz_*, to make sure they are applied.
  - WhisperBack: also include /var/log/live-persist and
    /var/lib/gdm3/tails.persistence.
  - Add a wrapper to torify whois.
  - Rework the VirtualBox guest modules building hook to support
    multiple kernels.
  - Consistently wait for nm-applet when waiting for user session to come up.
    Waiting for gnome-panel or notification-daemon worked worse.
  - Don't start the NetworkManager system service via init.
    Some Tails NM hooks need the user to be logged in to run properly.
    That's why tails-greeter starts NetworkManager at PostLogin time.
  - Also lock /bin/echo into memory. For some reason, kexec-load needs it.
  - Pidgin: don't use the OFTC hidden service anymore.
    It proved to be quite unreliable, being sometimes down for days.
  - Do not display storage volumes on Desktop, by disabling
    /apps/nautilus/desktop/volumes_visible GConf entry. Enabling that
    GConf setting avoids displaying the bind-mounted persistent
    directories on the Desktop, and reduces user confusion. It also is
    a first step towards a bigger UI change: GNOME3 does not manage the
    Desktop anymore, so volume icons and other Desktop icons are meant to
    disappear anyway. It implies we'll have to move all Desktop icons
    elsewhere. Let's start this move now: this will smooth the UI change
    Wheezy will carry for our users, by applying some of it progressively.

  * Build system
  - Don't build hybrid ISO images anymore. They boot less reliably on
    a variety of hardware, and are made less useful by us shipping
    a USB installer from now on.
  - Append .conf to live-config configuration filenames:
    live-config >3.0~a36-1 only takes into account files named *.conf
    in there. Accordingly update scripts that source these files.
  - Remove long-obsolete home-refresh script and its configuration.

  * Virtualization support
  - Support Spice and QXL: install the Spice agent from Debian sid,
    install xserver-xorg-video-qxl from squeeze-backports.

 -- Tails developers <amnesia@boum.org>  Tue, 17 Apr 2012 14:54:00 +0200

tails (0.10.2) unstable; urgency=low

  * Iceweasel
  - Update to 10.0.2-1.
  - Disable HTTPS-Everywhere's SSL Observatory (plus first-run pop-up).
  - Revert "FoxyProxy: don't enclose regexps between ^ and $."
    Currently "http://www.i2p2.de" (and everything similar) is captured by
    the I2P filter, which is incorrect. It seems isMultiLine="false" does
    *not* make RE into ^RE$ any longer.
  - Remove file:// from NoScript's exception lists.
    This will fix the JavaScript toggles in the local copy of the documentation.
  - Update AdBlock patterns.

  * Software
  - Upgrade I2P to 0.8.13.
  - Install libvpx0 from sid.
  - Fetch klibc-utils and libklibc from sid.
    The last initramfs-tools depends on these.

  * Hardware support
  - Upgrade Linux kernel to 3.2.7-1.
  - Install firmware-libertas.
    This adds support for wireless network cards with Marvell Libertas
    8xxx chips supported by the libertas_cs, libertas_sdio, libertas_spi,
    libertas_tf_usb, mwl8k and usb8xxx drivers.

  * Miscellaneous
  - Revert "Set time to middle of [valid-after, fresh-until] from consensus."
    This reverts commit 18d23a500b9412b4b0fbe4e38a9398eb1a3eadef.
    With this vmid clocks that are E minutes back in time may cause issues
    (temporary Tor outages) after consensus updates that happen at the
    (60-E):th minute or later during any hour. Full analysis:
    https://mailman.boum.org/pipermail/tails-dev/2012-January/000873.html
  - Add the default user to the vboxsf group.
    This will allow the user to get full access to automounted VirtualBox
    shared folders as they are mounted with guid vboxsf and rwx group
    permissions.

 -- Tails developers <amnesia@boum.org>  Thu, 01 Mar 2012 20:26:21 +0100

tails (0.10.1) unstable; urgency=low

  * Iceweasel
  - Make Startpage the default web search engine. Scroogle does not look
    reliable enough these days.

  * Software
  - Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation).
  - Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI).

  * Hardware support
  - Upgrade Linux kernel to 3.2.1-2

  * Time synchronization
    Serious rework that should fix most, if not all, of the infamous
    time-sync' related bugs some Tails users have experienced recently.
    - Make htpdate more resilient by using three server pools, and
      allowing some failure ratio.
    - Set time from Tor's unverified-consensus if needed.
    - Set time to middle of [valid-after, fresh-until] from consensus.
    - Many robustness, performance and fingerprinting-resistance improvements.
    - Display time-sync' notification much earlier.

  * Miscellaneous
  - Fix access to "dumb" git:// protocol by using a connect-socks wrapper
    as GIT_PROXY_COMMAND.
  - SSH client: fix access to SSH servers on the Internet by correcting
    Host / ProxyCommand usage.
  - Pidgin: use OFTC hidden service to workaround Tor blocking.
  - Claws Mail: disable draft autosaving.
    When composing PGP encrypted email, drafts are saved back to
    the server in plaintext. This includes both autosaved and manually
    saved drafts.
  - tails-security-check-wrapper: avoid eating all memory when offline.

 -- Tails developers <amnesia@boum.org>  Sat, 28 Jan 2012 10:00:31 +0100

tails (0.10) unstable; urgency=low

  * Tor: upgrade to 0.2.2.35-1.

  * Iceweasel
  - Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
  - Update Torbutton to 1.4.5.1-1.
  - Support viewing any YouTube video that is available in HTML5 format:
    install xul-ext-greasemonkey and the "Permanently Enable HTML5 on
    YouTube" GreaseMonkey script.
  - Stop using Polipo in Iceweasel. Its SOCKS support was fixed.
  - Install from Debian sid the iceweasel extensions we ship,
    for compatibility with FF9.
  - Use Scroogle (any languages) instead of Scroogle (English only) when
    booted in English. Many users choose English because their own
    language is not supported yet; let's not hide them search results in
    their own language.
  - Install Iceweasel language packs from Debian unstable:
    unfortunately they are not shipped on the mozilla.debian.net repository.
  - Install the NoScript Firefox extension; configure it the same way as
    the TBB does.
  - Disable third-party cookies.
    They can be used to track users, which is bad. Besides, this is what
    TBB has been doing for years.
  - FoxyProxy: allow direct connections to RFC1918 IPs.

  * Do not transparent proxy outgoing Internet connections through Tor.
  - Torify the SSH client using connect-proxy to all IPs but RFC1918 ones.
  - Torify APT using Polipo HTTP.
  - Torify wget in wgetrc.
  - Torify gobby clients using torsocks. It does not support proxies yet.
  - Torify tails-security-check using LWP::UserAgent's SOCKS proxy support.
  - Fix enabling of GNOME's HTTP proxy.

  * Software
  - Upgrade Vidalia to 0.2.15-1+tails1.
    · New upstream release.
    · Do not warn about Tor version.
  - Upgrade MAT to 0.2.2-1~bpo60+1.
  - Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1,
    built against the ABI of X.Org backports.
  - Upgrade I2P to 0.8.11 using KillYourTV's Squeeze packages;
    additionally, fix its start script that was broken by the tordate merge.
  - Install unar (The Unarchiver) instead of the non-free unrar.
  - Install Nautilus Wipe instead of custom Nautilus scripts.

  * Hardware support
  - Upgrade Linux kernel to 3.1.6-1.
  - Upgrade to X.Org from squeeze-backports.
  - Install more, and more recent b43 firmwares.
  - Upgrade barry to 0.15-1.2~bpo60+1.

  * Internationalization
  - Add basic language support for Russian, Farsi and Vietnamese.
  - Install some Indic fonts.
  - Install some Russian fonts.
  - Add Alt+Shift shortcut to switch keyboard layout.

  * Miscellaneous
  - Support booting in "Windows XP -like camouflage mode":
    · Install homebrewn local .debs for a Windows XP look-alike Gnome theme.
    · Add the "Windows XP Bliss" desktop wallpaper.
    · Added a script that's sets up Gnome to look like Microsoft Windows XP.
    · Add Windows XP "camouflage" icons for some programs.
    · Make Iceweasel use the IE icon when Windows XP camouflage is enabled.
    · Add special launcher icons for the Windows XP theme so that they're
      not too big.
  - Decrease Florence focus zoom to 1.2.
  - Do not fetch APT translation files. Running apt-get update is heavy enough.
  - Add MSN support thanks to msn-pecan.
  - Add custom SSH client configuration:
    · Prefer strong ciphers and MACs.
    · Enable maximum compression level.
     · Explicitly disable X11 forwarding.
    · Connect as root by default, to prevent fingerprinting when username
      was not specified.
  - Replace flawed FireGPG with a home-made GnuPG encryption applet;
    install a feature-stripped FireGPG that redirects users to
    the documentation, and don't run Seahorse applet anymore.
  - Enable Seahorse's GnuPG agent.
  - Blank screen when lid is closed, rather than shutting down the system.
    The shutdown "feature" has caused data losses for too many people, it seems.
    There are many other ways a Tails system can be shut down in a hurry
    these days.
  - Import Tails signing key into the keyring.
  - Fix bug in the Pidgin nick generation that resulted in the nick
    "XXX_NICK_XXX" once out of twenty.
  - Pre-configure the #tor IRC discussion channel in Pidgin.
  - Fix "technology preview" of bridge support: it was broken by tordate merge.
  - Install dependencies of our USB installer to ease its development.
  - Make vidalia NM hook sleep only if Vidalia is already running.
  - Reintroduce the htpdate notification, telling users when it's safe
    to use Tor Hidden Services.
  - htpdate: omit -f argument to not download full pages.
  - htpdate: write success file even when not within {min,max}adjust.
    Otherwise htpdate will not "succeed" when the time diff is 0 (i.e.
    the clock was already correct) so the success file cannot be used
    as an indicator that the system time now is correct, which arguably
    is its most important purpose.

  * Build system
  - Name built images according to git tag.

 -- Tails developers <tails@boum.org>  Wed, 04 Jan 2012 09:56:38 +0100

tails (0.9) unstable; urgency=low

  * Tor
  - Upgrade to 0.2.2.34 (fixes CVE-2011-2768, CVE-2011-2769).

  * Iceweasel
  - Upgrade to 3.5.16-11 (fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
  - Upgrade FireGPG to 0.8-1+tails2: notify users that the FireGPG Text
    Editor is the only safe place for performing cryptographic operations,
    and make it impossible to do otherwise. Other ways open up several
    severe attacks through JavaScript (e.g. leaking plaintext when
    decrypting, signing messages written by the attacker).
  - Install Cookie Monster extension instead of CS Lite.
  - Always ask where to save files.
  - Upgrade Torbutton to 1.4.4.1-1, which includes support for the in-browser
    "New identity" feature.

  * Software
  - Install MAT, the metadata anonymisation toolkit.
  - Upgrade TrueCrypt to 7.1.
  - Upgrade WhisperBack to 1.5~rc1 (leads the user by the hand if an error
    occurs while sending the bugreport, proposes to save it after 2 faild
    attempts, numerous bugfixes).
  - Linux: upgrade to linux-image-3.0.0-2-486 (version 3.0.0-6); fixes
    a great number of bugs and security issues.

  * Miscellaneous
  - Fully rework date and time setting system.
  - Remove the htp user firewall exception.
  - Saner keyboard layouts for Arabic and Russian.
  - Use Plymouth text-only splash screen at boot time.
  - Color the init scripts output.
  - Suppress Tor's warning about applications doing their own DNS lookups.
    This is totally safe due to our Tor enforcement.
  - Disable hdparm boot-time service.
    We only want hdparm so that laptop-mode-tools can use it.
  - Run Claws Mail using torify.
    It's not as good as if Claws Mail supported SOCKS proxies itself,
    but still better than relying on the transparent netfilter torification.
  - Install HPLIP and hpcups for better printing support.

  * Erase memory at shutdown
  - Run many sdmem instances at once.
    In hope of erasing more memory until we come up with a proper fix for
    [[bugs/sdmem_does_not_clear_all_memory]].
  - Kill gdm3 instead of using its initscript on brutal shutdown.
  - Use absolute path to eject for more robust memory wipe on boot medium removal.

  * Space savings
  - Exclude kernel and initramfs from being put into the SquashFS.
    Those files are already shipped where they are needed, that is in the ISO
    filesystem. Adapt kexec and memlockd bits.
  - Do not ship the GNOME icon theme cache.
  - Do not ship .pyc files.
  - Do not ship NEWS.Debian.gz files.

  * Build system
  - Re-implement hook that modifies syslinux config to make future
    development easier.

 -- Tails developers <amnesia@boum.org>  Tue, 01 Nov 2011 13:26:38 +0100

tails (0.8.1) unstable; urgency=low

  * Iceweasel
    - Update to 3.5.16-10 (fixes DSA-2313-1).
    - FireGPG: force crypto action results to appear in a new window, otherwise
      JavaScript can steal decrypted plaintext. Advice: always use FireGPG's
      text editor when writing text you want to encrypt. If you write it in a
      textbox the plaintext can be stolen through JavaScript before it is
      encrypted in the same way.
    - Update HTTPS Everywhere extension to 1.0.3-1.
    - Stop using the small version of the Tor check page. The small version
      incorrectly tells Tails users to upgrade their Torbrowser, which has
      confused some users.

  * Software
    - Update Linux to 3.0.0-2 (fixes DSA-2310-1, CVE-2011-2905, CVE-2011-2909,
      CVE-2011-2723, CVE-2011-2699, CVE-2011-1162, CVE-2011-1161).
    - Update usb-modeswitch to 1.1.9-2~bpo60+1 and usb-modeswitch-data to
      20110805-1~bpo60+1 from Debian backports. This adds support for a few
      devices such as Pantech UMW190 CDMA modem.
    - Install libregexp-common-perl 2011041701-3 from Debian unstable. This
      fixes the bug: [[bugs/msva_does_not_use_configured_keyserver]].
    - Install hdparm so the hard drives can be spinned down in order to save
      battery power.
    - Install barry-util for better BlackBerry integration.
    - Debian security upgrades: OpenOffice.org (DSA-2315-1), openjdk-6
      (DSA-2311-1), policykit-1 (DSA-2319-1)

   * Protecting against memory recovery
    - Set more appropriate Linux VM config before wiping memory. These
      parameters should make the wipe process more robust and efficient.

 -- Tails developers <amnesia@boum.org>  Sun, 16 Oct 2011 11:31:18 +0200

tails (0.8) unstable; urgency=low

  * Rebase on the Debian Squeeze 6.0.2.1 point-release.

  * Tor
    - Update to 0.2.2.33-1.
    - Disabled ControlPort in favour of ControlSocket.
    - Add port 6523 (Gobby) to Tor's LongLivedPorts list.

  * I2P
    - Update to 0.8.8.
    - Start script now depends on HTP since I2P breaks if the clock jumps or is
      too skewed during bootstrap.

  * Iceweasel
    - Update to 3.5.16-9 (fixes CVE-2011-2374, CVE-2011-2376, CVE-2011-2365,
      CVE-2011-2373, CVE-2011-2371, CVE-2011-0083, CVE-2011-2363, CVE-2011-0085,
      CVE-2011-2362, CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984,
      CVE-2011-2983).
    - Enable HTTP pipelining (like TBB).
    - Update HTTPS Everywhere extension to 1.0.1-1 from Debian unstable.
    - Suppress FoxyProxy update prompts.
    - Prevent FoxyProxy from "phoning home" after a detected upgrade.
    - Fixed a bunch of buggy regular expressions in FoxyProxy's configuration.
      See [[bugs/exploitable_typo_in_url_regex?]] for details. Note that none of
      these issues are critical due to the transparent proxy.
    - Add DuckDuckGo SSL search engine.

  * Torbutton
    - Update to torbutton 1.4.3-1 from Debian unstable.
    - Don't show Torbutton status in the status bar as it's now displayed in the
      toolbar instead.

  * Pidgin
    - More random looking nicks in pidgin.
    - Add IRC account on chat.wikileaks.de:9999.

  * HTP
    - Upgrade htpdate script (taken from Git 7797fe9) that allows setting wget's
      --dns-timeout option.

  * Software
    - Update Linux to 3.0.0-1. -686 is now deprecated in favour of -486 and
      -686-pae; the world is not ready for -pae yet, so we now ship -486.
    - Update OpenSSL to 0.9.8o-4squeeze2 (fixes CVE-2011-1945 (revoke
      compromised DigiNotar certificates), CVE-2011-1945).
    - Update Vidalia to 0.2.14-1+tails1 custom package.
    - Install accessibility tools:
      - gnome-mag: screen magnifier
      - gnome-orca: text-to-speech
    - Replace the onBoard virtual keyboard with Florence.
    - Install the PiTIVi non-linear audio/video editor.
    - Install ttdnsd.
    - Install tor-arm.
    - Install lzma.

  * Arbitrary DNS queries
    - Tor can not handle all types of DNS queries, so if the Tor resolver fails
      we fallback to ttdnsd. This is now possible with Tor 0.2.2.x, since we
      fixed Tor bug #3369.

  * Hardware support
    - Install ipheth-utils for iPhone tethering.
    - Install xserver-xorg-input-vmmouse (for mouse integration with the host OS
      in VMWare and KVM).
    - Install virtualbox-ose 4.x guest packages from Debian backports.

  * Miscellaneous
    - Switch gpg to use keys.indymedia.org's hidden service, without SSL.
      The keys.indymedia.org SSL certificate is now self-signed. The hidden
      service gives a good enough way to authenticate the server and encrypts
      the connection, and just removes the certificates management issue.
    - The squashfs is now compressed using XZ which reduces the image size quite
      drastically.
    - Remove Windows autorun.bat and autorun.inf. These files did open a static
      copy of our website, which is not accessible any longer.

  * Build system
    - Use the Git branch instead of the Debian version into the built image's
      filename.
    - Allow replacing efficient XZ compression with quicker gzip.
    - Build and install documentation into the chroot (-> filesystem.squashfs).
      Rationale: our static website cannot be copied to a FAT32 filesystem due
      to filenames being too long. This means the documentation cannot be
      browsed offline from outside Tails. However, our installer creates GPT
      hidden partitions, so the doc would not be browseable from outside Tails
      anyway. The only usecase we really break by doing so is browsing the
      documentation while running a non-Tails system, from a Tails CD.

 -- Tails developers <amnesia@boum.org>  Thu, 09 Sep 2011 11:31:18 +0200

tails (0.7.2) unstable; urgency=high

  * Iceweasel
  - Disable Torbutton's external application launch warning.
    ... which advises using Tails. Tails *is* running Tails.
  - FoxyProxy: install from Debian instead of the older one we previously
    shipped.

  * Software
  - haveged: install an official Debian backport instead of a custom backport.
  - unrar: install the version from Debian's non-free repository.
    Users report unrar-free does not work well enough.

 -- Tails developers <amnesia@boum.org>  Sun, 12 Jun 2011 15:34:56 +0200

tails (0.7.1) unstable; urgency=high

  * Vidalia: new 0.2.12-2+tails1 custom package.

  * Iceweasel
  - Don't show Foxyproxy's status / icon in FF statusbar to prevent users
    from accidentaly / unconsciously put their anonymity at risk.
  - "amnesia branding" extension: bump Iceweasel compatibility to 4.0 to ease
    development of future releases.

  * Software
  - Upgrade Linux kernel to Debian's 2.6.32-33: fixes tons of bugs,
    including the infamous missing mouse cursor one. Oh, and it closes
    a few security holes at well.
  - Install unrar-free.
  - Do not install pppoeconf (superseeded by NetworkManager).
  - Upgrade macchanger to Debian testing package to ease development of
    future Tails releases.
  - Debian security upgrades: x11-xserver-utils (DSA-2213-1), isc-dhcp
    (DSA-2216-1), libmodplug (DSA-2226-1), openjdk-6 (DSA-2224-1).

  * Protecting against memory recovery
  - Add Italian translation for tails-kexec. Thanks to Marco A. Calamari.
  - Make it clear what it may mean if the system does not power off
    automatically.
  - Use kexec's --reset-vga option that might fix display corruption issues
    on some hardware.

  * WhisperBack (encrypted bug reporting software)
  - Upgrade WhisperBack to 1.4.1:
    localizes the documentation wiki's URL,
    uses WebKit to display the bug reporting help page,
    now is usable on really small screens.
  - Extract wiki's supported languages at build time, save this
    information to /etc/amnesia/environment, source this file into the
    Live user's environment so that WhisperBack 1.4+ can make good use
    of it.

  * Miscellaneous
  - Fix boot in Chinese.
  - Install mobile-broadband-provider-info for better 3G support.
  - Add back GNOME system icons to menus.
  - tails-security-check: avoid generating double-slashes in the Atom
    feeds URL.
  - Remove "vga=788" boot parameter which breaks the boot on some hardware.
  - Remove now useless "splash" boot parameter.
  - Fix a bunch of i386-isms.
  - Pass the noswap option to the kernel. This does not change actual Tails
    behaviour but prevents users from unnecessarily worrying because of
    the "Activating swap" boot message.
  - Make use of check.torproject.org's Arabic version.

  * Build system
  - Enable squeeze-backports. It is now ready and will be used soon.
  - Install eatmydata in the chroot.
  - Convert ikiwiki setup files to YAML.

 -- Tails developers <amnesia@boum.org>  Fri, 29 Apr 2011 17:14:53 +0200

tails (0.7) unstable; urgency=low

  * Hardware support
  - Install foomatic-filters-ppds to support more printers.
  - Give the default user the right to manage printers.

  * Software
  - Deinstall unwanted packages newly pulled by recent live-build.

 -- Tails developers <amnesia@boum.org>  Wed, 06 Apr 2011 22:58:51 +0200

tails (0.7~rc2) unstable; urgency=low

  ** SNAPSHOT build @824f39248a08f9e190146980fb1eb0e55d483d71 **

  * Rebase on Debian Squeeze 6.0.1 point-release.

  * Vidalia: new 0.2.10-3+tails5 custom package..

  * Hardware support
  - Install usb-modeswitch and modemmanager to support mobile broadband
    devices such as 3G USB dongles. Thanks to Marco A. Calamari for the
    suggestion.

  * Misc
  - Website relocated to https://tails.boum.org/ => adapt various places.
  - Configure keyboard layout accordingly to the chosen language for
    Italian and Portuguese.

 -- Tails developers <amnesia@boum.org>  Fri, 25 Mar 2011 15:44:25 +0100

tails (0.7~rc1) UNRELEASED; urgency=low

  ** SNAPSHOT build @98987f111fc097a699b526eeaef46bc75be5290a **

  * Rebase on Debian Squeeze.

  * T(A)ILS has been renamed to Tails.

  * Protecting against memory recovery
    New, safer way to wipe memory on shutdown which is now also used when
    the boot media is physically removed.

  * Tor
  - Update to 0.2.1.30-1.

  * Iceweasel
  - Add HTTPS Everywhere 0.9.4 extension.
  - Better preserve Anonymity Set: spoof US English Browser and timezone
    the same way as the Tor Browser Bundle, disable favicons and picture
    iconification.
  - Install AdBlock Plus extension from Debian.
  - Add Tor-related bookmarks.
  - Support FTP, thanks to FoxyProxy.
  - Update AdBlock patterns.
  - Disable geolocation and the offline cache.

  * Software
  - Update Vidalia to 0.2.10-3+tails4.
  - Install gnome-disk-utility (Palimpsest) and Seahorse plugins.
  - Add opt-in i2p support with Iceweasel integration through FoxyProxy.
  - onBoard: fix "really quits when clicking the close window icon" bug.
  - Optionally install TrueCrypt at boot time.
  - Install laptop-mode-tools for better use of battery-powered hardware.
  - Replace xsane with simple-scan which is part of GNOME and way easier
    to use.
  - Upgrade WhisperBack to 1.3.1 (bugfixes, French translation).
  - Install scribus-ng instead of scribus. It is far less buggy in Squeeze.

  * Firewall
  - Drop incoming packets by default.
  - Forbid queries to DNS resolvers on the LAN.
  - Set output policy to drop (defense-in-depth).

  * Hardware support
  - Install Atheros and Broadcom wireless firmwares.
  - Install libsane-hpaio and sane-utils, respectively needed for
    multi-function peripherals and some SCSI scanners.

  * live-boot 2.0.15-1+tails1.35f1a14
  - Cherry-pick our fromiso= bugfixes from upstream 3.x branch.

  * Miscellaneous
  - Many tiny user interface improvements.
  - More robust HTP time synchronization wrt. network failures.
    Also, display the logs when the clock synchronization fails.
  - Disable GNOME automatic media mounting and opening to protect against
    a class of attacks that was recently put under the spotlights.
    Also, this feature was breaking the "no trace is left on local
    storage devices unless explicitly asked" part of Tails specification.
  - Make configuration more similar to the Tor Browser Bundle's one.
  - GnuPG: default to stronger digest algorithms.
  - Many more or less proper hacks to get the built image size under 700MB.
  - Compress the initramfs using LZMA for faster boot.

  * Build system
  - Run lb build inside eatmydata fsync-less environment to greatly improve
    build time.

 -- Tails developers <amnesia@boum.org>  Fri, 11 Mar 2011 15:52:19 +0100

tails (0.6.2) unstable; urgency=high

  * Tor: upgrade to 0.2.1.29 (fixes CVE-2011-0427).
  * Software
  - Upgrade Linux kernel, dpkg, libc6, NSS, OpenSSL, libxml2 (fixes various
    security issues).
  - Upgrade Claws Mail to 3.7.6 (new backport).
  - Install Liferea, tcpdump and tcpflow.
  * Seahorse: use hkp:// transport as it does not support hkps://.
  * FireGPG: use hkps:// to connect to the configured keyserver.
  * Build system: take note of the Debian Live tools versions being used
    to make next point-release process faster.
  * APT: don't ship package indices.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 19 Jan 2011 16:59:43 +0100

tails (0.6.1) unstable; urgency=low

  * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676)
  * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues)
  * FireGPG: use the same keyserver as the one configured in gpg.conf.
  * Seahorse: use same keyserver as in gpg.conf.
  * HTP: display the logs when the clock synchronization fails.
  * Update HTP configuration: www.google.com now redirects to
    encrypted.google.com.
  * Use the light version of the "Are you using Tor?" webpage.
  * Update AdBlock patterns.

 -- T(A)ILS developers <amnesia@boum.org>  Fri, 24 Dec 2010 13:28:29 +0100

tails (0.6) unstable; urgency=low

  * Releasing 0.6.

  * New OpenPGP signing-only key. Details are on the website:
    https://amnesia.boum.org/GnuPG_key/

  * Iceweasel
  - Fixed torbutton has migrated to testing, remove custom package.

  * HTP
  - Query ssl.scroogle.org instead of lists.debian.org.
  - Don't run when the interface that has gone up is the loopback one.

  * Nautilus scripts
  - Add shortcut to securely erase free space in a partition.
  - The nautilus-wipe shortcut user interface is now translatable.

  * Misc
  - Really fix virtualization warning display.
  - More accurate APT pinning.
  - Disable Debian sid APT source again since a fixed live-config has
    migrated to Squeeze since then.

  * live-boot: upgrade to 2.0.8-1+tails1.13926a
  - Sometimes fixes the smem at shutdown bug.
  - Now possible to create a second partition on the USB stick T(A)ILS is
    running from.

  * Hardware support
  - Support RT2860 wireless chipsets by installing firmware-ralink from
    Debian Backports.
  - Install firmware-linux-nonfree from backports.
  - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at
    build time.

  * Build system
  - Install live-build and live-helper from Squeeze.
  - Update SquashFS sort file.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 20 Oct 2010 19:53:17 +0200

tails (0.6~rc3) UNRELEASED; urgency=low

  ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d **

  * Iceweasel
  - Autostart Iceweasel with the GNOME session. This workarounds the
    "Iceweasel first page is not loaded" bug.

  * HTP
  - Upgrade htpdate script (taken from Git 7797fe9).

  * Misc
  - Disable ssh-agent auto-starting with X session: gnome-keyring is
    more user-friendly.
  - Fix virtualization warning display.
  - Boot profile hook: write desktop file to /etc/skel.

  * Build system
  - Convert build system to live-build 2.0.1.
  - APT: fetch live-build and live-helper from Debian Live snapshots.
  - Remove dependency on live-build functions in chroot_local-hooks.
    This makes the build environment more robust and less dependent on
    live-build internals.
  - Remove hand-made rcS.d/S41tails-wifi: a hook now does this.
  - Measure time used by the lh build command.
  - Fix boot profile hook.
  - Boot profiling: wait a bit more: the current list does not include
    /usr/sbin/tor.

 -- T(A)ILS developers <amnesia@boum.org>  Sat, 02 Oct 2010 23:06:46 +0200

tails (0.6~rc2) UNRELEASED; urgency=low

  ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 **

  * Iceweasel
  - Refreshed AdBlock patterns (20100926).
  - Set network.dns.disableIPv6 to true (untested yet)
  - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug,
    disable extensions.torbutton.spoof_english again.

  * Software
  - WhisperBack: upgrade to 1.3~beta3 (main change:  let the user provide
    optional email address and OpenPGP key).
  - Remove mc.
  - Update haveged backport to 0.9-3~amnesia+lenny1.
  - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs
    in persistency and smem-on-shutdown.
  - Update custom htpdate script. Taken from commit d778a6094cb3 in our
    custom Git repository:  fixes setting of date/time.

  * Build system
  - Bugfix: failed builds are now (hopefully) detected.
  - Fix permissions on files in /etc/apt/ that are preserved in the image.
  - Install version 2.0~a21-1 of live-build and live-helper in the image.
    We are too late in the release process to upgrade to current Squeeze
    version (2.0~a29-1).

  * Misc
  - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 29 Sep 2010 19:23:17 +0200

tails (0.6~1.gbpef2878) UNRELEASED; urgency=low

  ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa **

  * Hardware support
  - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1)
    from backports.org. This should support far more hardware and
    especially a lot of wireless adapters.
  - Add firmware for RTL8192 wireless adapters.
  - Enable power management on all wireless interfaces on boot.

  * Software
  - Install inkscape.
  - Install poedit.
  - Install gfshare and ssss: two complementary implementations
    of Shamir's Secret Sharing.
  - Install tor-geoipdb.
  - Remove dialog, mc and xterm.

  * Iceweasel
  - Set extensions.torbutton.spoof_english to its default true value
    in order to workaround a security issue:
    https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/

  * Monkeysphere
  - Install the Iceweasel extension.
  - Use a hkps:// keyserver.

  * GnuPG
  - Install gnupg from backports.org so that hkps:// is supported.
  - Use a hkps:// keyserver.
  - Proxy traffic via polipo.
  - Prefer up-to-date digests and ciphers.

  * Vidalia: rebased our custom package against 0.2.10.

  * Build system
  - Built images are now named like this:
    tails-i386-lenny-0.5-20100925.iso
  - Use live-helper support for isohybrid options instead of doing the
    conversion ourselves. The default binary image type we build is now
    iso-hybrid.
  - Remove .deb built by m-a after they have been installed.
  - Setup custom GConf settings at build time rather than at boot time.
  - Move $HOME files to /etc/skel and let adduser deal with permissions.
  - Convert to live-boot / live-config / live-build 2.x branches.
  - Replaced our custom live-initramfs with a custom live-boot package;
    included version is 2.0.5-1+tails2.6797e8 from our Git repository:
    git clone git://git.immerda.ch/tails_live-boot.git
  - Install live-config* from the live-snapshots Lenny repository.
    Rationale: live-config binary packages differ depending on the target
    distribution, so that using Squeeze's live-config does not produce
    fully-working Lenny images.
  - Rename custom scripts, packages lists and syslinux menu entries from
    the amnesia-* namespace to the tails-* one.

  * HTP
  - Use (authenticated) HTP instead of NTP.
  - The htpdate script that is used comes from commit 43f5f83c0 in our
    custom repository:  git://git.immerda.ch/tails_htp.git
  - Start Tor and Vidalia only once HTP is done.

  * Misc
  - Fix IPv6 firewall restore file. It was previously not used at all.
  - Use ftp.us.debian.org instead of the buggy GeoIP-powered
    cdn.debian.net.
  - Gedit: don't autocreate backup copies.
  - Build images with syslinux>=4.01 that has better isohybrid support.
  - amnesia-security-check: got rid of the dependency on File::Slurp.
  - Take into account the migration of backports.org to backports.debian.org.
  - Make GnuPG key import errors fatal on boot.
  - Warn the user when T(A)ILS is running inside a virtual machine.
  - DNS cache: forget automapped .onion:s on Tor restart.

  * Documentation: imported Incognito's walkthrough, converted to
    Markdown, started the needed adaptation work.

 -- T(A)ILS developers <amnesia@boum.org>  Sun, 26 Sep 2010 11:06:50 +0200

tails (0.5) unstable; urgency=low

  * The project has merged efforts with Incognito.
    It is now to be called "The (Amnesic) Incognito Live System".
    In short: T(A)ILS.

  * Community
  - Created the amnesia-news mailing-list.
  - Added a forum to the website.
  - Created a chatroom on IRC: #tails on irc.oftc.net

  * Fixed bugs
  - Workaround nasty NetworkManager vs. Tor bug that often
    prevented the system to connect to the Tor network: restart Tor and Vidalia
    when a network interface goes up.
  - onBoard now autodetects the keyboard layout... at least once some
    keys have been pressed.
  - New windows don't open in background anymore, thanks to
    a patched Metacity.
  - Memory wiping at shutdown is now lightning fast, and does not prevent
    the computer to halt anymore.
  - GNOME panel icons are right-aligned again.
  - Fixed permissions on APT config files.
  - Repaired mouse integration when running inside VirtualBox.

  * Iceweasel
  - Torbutton: redirect to Scroogle when presented a Google captcha.
  - Revamped bookmarks
      . moved T(A)ILS own website to the personal toolbar
      . moved webmail links (that are expected to be more than 3 soon)
        to a dedicated folder.
  - Don't show AdBlock Plus icon in the toolbar.
  - Adblock Plus: updated patterns, configured to only update subscriptions
    once a year. Which means never, hopefully, as users do update their
    Live system on a regular basis, don't they?

  * Vidalia: rebased our custom package against 0.2.8.

  * Claws Mail
  - Install Claws Mail from backports.org to use the X.509 CA
    certificates provided by Debian.
  - Enable PGP modules with basic configuration:
      . Automatically check signatures.
      . Use gpg-agent to manage passwords.
      . Display warning on start-up if GnuPG doesn't work.
  - Set the IO timeout to 120s (i.e. the double of the default 60s).

  * Pidgin
  - Automatically connect to irc.oftc.net with a randomized nickname,
    so as not to advertize the use of T(A)ILS; this nickname is made of:
     . a random firstname picked from the 2000 most registered by the U.S.
       social security administration in the 70s;
     . two random digits.
    Good old irc.indymedia.org is still configured - with same nickname -
    but is not enabled by default anymore.
  - Disabled MSN support, that is far too often affected by security flaws.

  * Build $HOME programmatically
  - Migrated all GConf settings, including the GNOME panel configuration,
    to XML files that are loaded at boot time.
  - Configure iceweasel profile skeleton in /etc/iceweasel.
    A brand new profile is setup from this skeleton once iceweasel is
    started after boot.
      . build sqlite files at build time from plain SQL.
      . FireGPG: hard-code current firegpg version at build time to prevent
        the extension to think it was just updated.
      . stop shipping binary NSS files. These were here only to
        install CaCert's certificate, that is actually shipped by Debian's
        patched libnss.

  * Build system
  - Updated Debian Live snapshots APT repository URL.
  - Purge all devel packages at the end of the chroot configuration.
  - Make sure the hook that fixes permissions runs last.
  - Remove unwanted Iceweasel search plugins at build time.

  * Misc
  - Added a progress bar for boot time file readahead.
  - Readahead more (~37MB) stuff in foreground at boot time.
  - Make the APT pinning persist in the Live image.
  - localepurge: keep locales for all supported languages,
    don't bother when installing new packages.
  - Removed syslinux help menu: these help pages are either buggy or
    not understandable by non-geeks.
  - Fixed Windows autorun.
  - Disable a few live-initramfs scripts to improve boot time.
  - Firewall: forbid any IPv6 communication with the outside.
  - Virtualization support: install open-vm-tools.
  - WhisperBack: updated to 1.2.1, add a random bug ID to the sent
    mail subject.
  - Prompt for CD removal on shutdown, not for USB device.

  * live-initramfs: new package built from our Git (e2890a04ff) repository.
  - Merged upstream changes up to 1.177.2-1.
  - New noprompt=usb feature.
  - Fix buggy memory wiping and shutdown.
  - Really reboot when asked, rather than shutting down the system.

  * onBoard
  - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1).
  - Added an entry in the Applications menu.

  * Software
  - Install vim-nox with basic configuration
  - Install pwgen
  - Install monkeysphere and msva-perl
  - Replaced randomsound with haveged as an additional source of entropy.

  * Hardware support
  - Build ralink rt2570 wifi modules.
  - Build rt2860 wifi modules from Squeeze. This supports the RT2860
    wireless adapter, found particularly in the ASUS EeePC model 901
    and above.
  - Build broadcom-sta-source wifi modules.
  - Bugfix: cpufreq modules were not properly added to /etc/modules.
  - Use 800x600 mode on boot rather than 1024x768 for compatibility
    with smaller displays.

 -- amnesia <amnesia@boum.org>  Fri, 30 Apr 2010 16:14:13 +0200

amnesia (0.4.2) unstable; urgency=low

  New release, mainly aimed at fixing live-initramfs security issue
  (Debian bug #568750), with an additional set of small enhancements as
  a bonus.

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 8b96e5a6cf8abc)
  - based on new 1.173.1-1 upstream release
  - fixed live-media=removable behaviour so that filesystem images found
    on non-removable storage are really never used (Debian bug #568750)

  * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1)

  * APT: consistently use the GeoIP-powered cdn.debian.net

  * Software: make room so that {alpha, future} Squeeze images fit on
    700MB CD-ROM
  - only install OpenOffice.org's calc, draw, impress, math and writer
    components
  - removed OpenOffice.org's English hyphenation and thesaurus
  - removed hunspell, wonder why it was ever added

  * Boot
  - explicitly disable persistence, better safe than sorry
  - removed compulsory 15s timeout, live-initramfs knows how to wait for
    the Live media to be ready

  * Build system: don't cache rootfs anymore

 -- amnesia <amnesia@boum.org>  Sun, 07 Feb 2010 18:28:16 +0100

amnesia (0.4.1) unstable; urgency=low

  * Brown paper bag bugfix release: have amnesia-security-check use
    entries publication time, rather than update time... else tagging
    a security issue as fixed, after releasing a new version, make this
    issue be announced to every user of this new, fixed version.

 -- amnesia <amnesia@boum.org>  Sat, 06 Feb 2010 03:58:41 +0100

amnesia (0.4) unstable; urgency=low

  * We now only build and ship "Hybrid" ISO images, which can be either
    burnt on CD-ROM or dd'd to a USB stick or hard disk.

  * l10n: we now build and ship multilingual images; initially supported
    (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it,
    pt, es
  - install Iceweasel's and OpenOffice.org's l10n packages for every
    supported language
  - stop installing localized help for OpenOffice.org, we can't afford it
    for enough languages
  - when possible, Iceweasel's homepage and default search engine are localized
  - added Iceweasel's "any language" Scroogle SSL search engine
  - when the documentation icon is clicked, display the local wiki in
    currently used language, if available
  - the Nautilus wipe script is now translatable
  - added gnome-keyboard-applet to the Gnome panel

  * software
  - replaced Icedove with claws mail, in a bit rough way; see
    https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best
    practices and configuration advices
  - virtual keyboard: install onBoard instead of kvkbd
  - Tor controller: install Vidalia instead of TorK
  - install only chosen parts of Gnome, rather than gnome-desktop-environment
  - do not install xdialog, which is unused and not in Squeeze
  - stop installing grub as it breaks Squeeze builds (see Debian bug #467620)
  - install live-helper from snapshots repository into the Live image

  * Iceweasel
  - do not install the NoScript extension anymore: it is not strictly
    necessary but bloodily annoying

  * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting.
  - added dependency on python-gnutls
  - install the SMTP hidden relay's certificate

  * amnesia-security-check: new program that tells users that the amnesia
    version they are running is affected by security flaws, and which ones
    they are; this program is run at Gnome session startup, after sleeping
    2 minutes to let Tor a chance to initialize.
    Technical details:
  - Perl
  - uses the Desktop Notifications framework
  - fetches the security atom feed from the wiki
  - verifies the server certificate against its known CA
  - tries fetching the localized feed; if it fails, fetch the default
    (English) feed

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 40e957c4b89099e06421)
  - at shutdown time, ask the user to unplug the CD / USB stick, then run
    smem, wait for it to finish, then attempt to immediately halt

  * build system
  - bumped dependency on live-helper to >= 2.0a6 and adapted our config
  - generate hybrid ISO images by default, when installed syslinux is
    recent enough
  - stop trying to support building several images in a row, it is still
    broken and less needed now that we ship hybrid ISO images
  - scripts/config: specify distribution when initializing defaults
  - updated Debian Live APT repository's signing key

  * PowerPC
  - disable virtualbox packages installing and module building on !i386
    && !amd64, as PowerPC is not a supported guest architecture
  - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb

  * Squeeze
  - rough beginnings of a scratch Squeeze branch, currently unsupported
  - install gobby-infinote

  * misc
  - updated GnuPG key with up-to-date signatures
  - more improvements on boot time from CD
  - enhanced the wipe in Nautilus UI (now asks for confirmation and
    reports success or failure)
  - removed the "restart Tor" launcher from the Gnome panel

 -- amnesia <amnesia@boum.org>  Fri, 05 Feb 2010 22:28:04 +0100

amnesia (0.3) unstable; urgency=low

  * software: removed openvpn, added
  - Audacity
  - cups
  - Git
  - Gobby
  - GParted
  - lvm2 (with disabled initscript as it slows-down too much the boot in certain
    circumstances)
  - NetworkManager 0.7 (from backports.org) to support non-DHCP networking
  - ntfsprogs
  - randomsound to enhance the kernel's random pool
  * Tor
  - install the latest stable release from deb.torproject.org
  - ifupdown script now uses SIGHUP signal rather than a whole tor
    restart, so that in the middle of it vidalia won't start it's own
    tor
  - configure Gnome proxy to use Tor
  * iceweasel
  - adblockplus: upgraded to 1.0.2
  - adblockplus: subscribe to US and DE EasyList extensions, updated patterns
  - firegpg is now installed from Debian Squeeze rather than manually; current
    version is then 0.7.10
  - firegpg: use better keyserver ... namely pool.sks-keyservers.net
  - added bookmark to Amnesia's own website
  - use a custom "amnesiabranding" extension to localize the default search
    engine and homepage depending on the current locale
  - updated noscript whitelist
  - disable overriden homepage redirect on iceweasel upgrade
  * pidgin
  - nicer default configuration with verified irc.indymedia.org's SSL cert
  - do not parse incoming messages for formatting
  - hide formatting toolbar
  * hardware compatibility
  - b43-fwcutter
  - beginning of support for the ppc architecture
  - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel
    modules
  * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built
    from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git
    repository
  - securely erases RAM on shutdown using smem
  - fixes the noprompt bug when running from USB
  - disables local swap partitions usage, wrongly enabled by upstream
  * fully support for running as a guest system in VirtualBox
  - install guest utils and X11 drivers
  - build virtualbox-ose kernel modules at image build time
  * documentation
  - new (translatable) wiki, using ikiwiki, with integrated bugs and todo
    tracking system a static version of the wiki is included in generated
    images and linked from the Desktop
  * build system
  - adapt for live-helper 2.0, and depend on it
  - get amnesia version from debian/changelog
  - include the full version in ISO volume name
  - save .list, .packages and .buildlog
  - scripts/clean: cleanup any created dir in binary_local-includes
  - updated Debian Live snapshot packages repository URL and signing key
  - remove duplicated apt/preferences file, the live-helper bug has been
    fixed
  * l10n: beginning of support for --language=en
  * misc
  - improved boot time on CD by ordering files in the squashfs in the order they
    are used during boot
  - added a amnesia-version script to built images, that outputs the current
    image's version
  - added a amnesia-debug script that prepares a tarball with information that
    could be useful for developpers
  - updated Amnesia GnuPG key to a new 4096R one
  - set time with NTP when a network interface is brought up
  - import amnesia's GnuPG pubkey into the live session user's keyring
  - do not ask DHCP for a specific hostname
  - install localepurge, only keep en, fr, de and es locales, which reduces the
    generated images' size by 100MB
  - added a hook to replace /sbin/swapon with a script that only runs
    /bin/true
  - moved networking hooks responsibility from ifupdown to NetworkManager

 -- amnesia <amnesia@boum.org>  Thu, 26 Nov 2009 11:17:08 +0100

amnesia (0.2) unstable; urgency=low

  * imported /home/amnesia, then:
  - more user-friendly shell, umask 077
  - updated panel, added launcher to restart Tor
  - mv $HOME/bin/* /usr/local/bin/
  - removed metacity sessions
  - removed gstreamer's registry, better keep this dynamically updated
  - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated
  - removed .gnome/gnome-vfs/.trash_entry_cache
  - removed kconf_update log
  - removed and excluded Epiphany configuration (not installed)
  - cleanup .kde
  * iceweasel
  - enable caching in RAM
  - explicitly disable ssl v2, and enable ssl v3 + tls
  - removed prefs for the non-installed webdeveloper
  - removed the SSL Blacklist extension (not so useful, licensing issues)
  - deep profile directory cleanup
  - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled
    AddBlock Plus and CS Lite to allow upgrading them
  - updated pluginreg.dat and localstore.rdf
  - moved some settings to user.js
  - made cookie/JavaScript whitelists more consistent
  - force httpS on whitelisted sites
  - NoScript: marked google and gmail as untrusted
  - some user interface tweaks, mainly for NoScript
  - FireGPG: disable the buggy auto-detection feature, the link to firegpg's
    homepage in generated pgp messages and the GMail interface (which won't
    work without JavaScript anyway)
  - updated blocklist.xml
  - removed and excluded a bunch of files in the profile directory
  * icedove: clean the profile directory up just like we did for iceweasel
  * software: install msmtp and mutt
  * home-refresh
  - use rsync rather than tar
  * documentation
  - various fixes
  - reviewed pidgin-otr security (see TODO)
  * build system
  - stop calling home-refresh in lh_build
  - include home-refresh in generated images
  - gitignore update
  - fix permissions on local includes at build time
  - updated scripts/{build,clean} wrt. new $HOME handling
  - scripts/{build,config}: stop guessing BASEDIR, we must be run from
    the root of the source directory anyway
  - stop storing /etc/amnesia/version in Git, delete it at clean time
  * release
  - converted Changelog to the Debian format and location, updated
    build scripts accordingly
  - added a README symlink at the root of the source directory
  - basic debian/ directory (not working for building packages yet,
    but at least we can now use git-dch)
  - added debian/gbp.conf with our custom options for git-dch
  - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used
    by developpers' scripts
  - added ./release script: a wrapper around git-dch, git-commit and git-tag

 -- amnesia <amnesia@boum.org>  Tue, 23 Jun 2009 14:42:03 +0200

amnesia (0.1) UNRELEASED; urgency=low

  * Forked Privatix 9.03.15, by Markus Mandalka:
  http://mandalka.name/privatix/index.html.en
  Everything has since been rewritten or so heavily changed that nothing
  remains from the original code... apart of a bunch of Gnome settings.
  * hardware support:
  - install a bunch of non-free wifi firmwares
  - install xsane and add the live user to the scanner group
  - install aircrack-ng
  - install xserver-xorg-video-geode on i386 (eCafe support)
  - install xserver-xorg-video-all
  - install firmware-linux from backports.org
  - install system-config-printer
  - added instructions in README.eCAFE to support the Hercules eCAFE EC-800
    netbook
  * APT:
  - configure pinning to support installing chosen packages from
    squeeze; the APT source for testing is hardcoded in chroot_sources/,
    since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks
  - give backports.org priority 200, so that we track upgrades of packages
    installed from there
  * release: include the Changelog and TODO in the generated images,
  in the   /usr/share/doc/amnesia/ directory
  * software: install gnomebaker when building Gnome-based live OS, to
  easily clone myself when running from CD
  * build system
  - build i386 images when the build host is amd64
  - added a version file: /etc/amnesia/version
  - use snapshot live-* packages inside the images
  - setup timezone depending on the chosen build locale
  - rely on standard live-initramfs adduser to do our user setup
    (including sudo vs. Gnome/KDE, etc.)
  - stop "supporting" KDE
  - allow building several images at once
  - migrated most of lh_config invocations to scripts/config
  - append "noprompt" so that halting/rebooting work with splashy
  - moved our own variables to config/amnesia, using the namespace
    $AMNESIA_*
  * iceweasel
  - default search engine is now Scroogle SSL, configured to search pages
    in French language; the English one is also installed
  - never ask to save passwords or forms content
  - configured the torbutton extension to use polipo
  - installed the CACert root certificate
  - installed the SSL Blacklist extension and the blacklist data
  - installed the FireGPG extension
  - installed the CS Lite extension
  - installed the NoScript extension
  - NoScript, CS Lite: replaced the default whitelists with a list of
    trusted, non-commercial Internet Service Providers
  - configure extensions (add to prefs.js):
    user_pref("extensions.torbutton.startup", true);
    user_pref("extensions.torbutton.startup_state", 1);
    user_pref("extensions.torbutton.tor_enabled", true);
    user_pref("noscript.notify.hide", true);
    user_pref("capability.policy.maonoscript.sites", "about:
      about:blank about:certerror about:config about:credits
      about:neterror about:plugins about:privatebrowsing
      about:sessionrestore chrome: resource:");
    user_pref("extensions.firegpg.no_updates", true);
  - install the NoScript plugin from Debian squeeze
  - delete urlclassifier3.sqlite on $HOME refresh: as we disabled
    "safebrowsing", this huge file is of no use
  - torbutton: install newer version from Squeeze
  * linux: removed non-686 kernel flavours when building i386 images
  * compatibility: append "live-media=removable live-media-timeout=15", to
    prevent blindly booting another debian-live installed on the hard disk
  * software: added
  - gnome-app-install
  - iwconfig
  - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
  - kvkbd: virtual keyboard (installed from backports.org)
  - sshfs (and added live user to the fuse group)
  - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
  - scribus
  * Tor
  - enable the transparent proxy, the DNS resolver, and the control port
  - save authentication cookie to /tmp/control_auth_cookie, so that the
    live user can use Tork and co.
  - autostart Tork with Gnome
  - Tork: installed, disabled most notifications and startup tips
  - added a restart tor hook to if-up.d (used by Network Manager as well),
    so that Tor does work immediately even if the network cable was
    plugged late in/after the boot process
  * $HOME
  - added a nautilus-script to wipe files and directories
  - bash with working completion for the live user
  * polipo: install and configure this HTTP proxy to forward requests
  through Tor
  * DNS: install and configure pdnsd to forward any DNS request through
  the Tor resolver
  * firewall: force every outgoing TCP connection through the Tor
  transparent proxy, discard any outgoing UDP connection
  * misc
  - set syslinux timeout to 4 seconds
  - use splashy for more user-friendly boot/halt sequences

 -- amnesia <amnesia@boum.org>  Sat, 20 Jun 2009 21:09:15 +0200