Thema: Tails: Anonym im Internet

[SiLæncer]

Whats new:>>

Upgrades and changes

    Upgrade Tor Browser to 5.0.7

Known issues

    Automatic upgrades are much slower to apply than before. Expect the upgrade to take around an hour after the download is finished.

https://tails.boum.org/

[SiLæncer]

Spoiler

New features

    Tails now uses the GNOME Shell desktop environment, in its Classic mode. GNOME Shell provides a modern, simple, and actively developed desktop environment. The Classic mode keeps the traditional Applications, Places menu, and windows list. Accessibility and non-Latin input sources are also better integrated.

Upgrades and changes

    Debian 8 upgrades most included software, for example:
        Many core GNOME utilities from 3.4 to 3.14: Files, Disks, Videos, etc.
        LibreOffice from 3.5 to 4.3
        PiTiVi from 0.15 to 0.93
        Git from 1.7.10 to 2.1.4
        Poedit from 1.5.4 to 1.6.10
        Liferea from 1.8.6 to 1.10

    Update Tor Browser to 5.5 (based on Firefox 38.6.0 ESR):
        Add Japanese support.

    Remove the Windows camouflage which is currently broken in GNOME Shell. We started working on adding it back but your help is needed!

    Change to systemd as init system and use it to:
        Sandbox many services using Linux namespaces and make them harder to exploit.
        Make the launching of Tor and the memory wipe on shutdown more robust.
        Sanitize our code base by replacing many custom scripts.

    Update most firmware packages which might improve hardware compatibility.

    Notify the user if Tails is running from a non-free virtualization software.

    Remove Claws Mail, replaced by Icedove, a rebranded version of Mozilla Thunderbird.

Fixed problems

    HiDPI displays are better supported. (#8659)

    Remove the option to open a download with an external application in Tor Browser as this is usually impossible due to the AppArmor confinement. (#9285)

    Close Vidalia before restarting Tor.

    Allow Videos to access the DVD drive. (#10455, #9990)

    Allow configuring printers without administration password. (#8443)

Known issues

    Tor Browser 5.5 introduces protection against fingerprinting but due to an oversight it is not enabled in Tails 2.0. However, this is not so bad for Tails users since each Tails system has the same fonts installed, and hence will look identical, so this only means that it's easy to distinguish whether a user of Tor Browser 5.5 uses Tails or not. That is already easy given that Tails has the AdBlock Plus extension enabled, unlike the normal Tor Browser.

[close]

https://tails.boum.org/

[SiLæncer]

Upgrades and changes

    Upgrade Tor Browser to 5.5.2.

Fixed problems

    Fix regression breaking boot on 32-bit UEFI platforms. (#11007)

Known issues

See the current list of known issues.

https://tails.boum.org/

[SiLæncer]

Release Notes

New features

    Add support for viewing DVDs with DRM protection. (#7674)

Upgrades and changes

    Replace Vidalia, which has been unmaintained for years, with:
        a system status icon indicating whether Tails is connected to Tor or not,
        Onion Circuits to display a list of the current Tor circuits and connections.

    Automatically save the database of KeePassX after every change to prevent data loss when shutting down. (#11147)

    Update Tor Browser to 5.5.3.
        Improve Japanese-style glyph display.

    Upgrade I2P to 0.9.24.

    Disable the Alt + Shift and Left Shift + Right Shift keyboard shortcuts that used to switch to the next keyboard layout. You can still use Meta + Space to change keyboard layout. (#11042)

Fixed problems

    Fix optional PGP key feature of WhisperBack. (#11033)

    Fix saving of WhisperBack report to a file when offline. (#11133)

    Make Git verify the integrity of transferred objects. (#11107)

For more details, see also our changelog.

Known issues

    While there is an automatic upgrade from Tails 2.2~rc1 to 2.2, it will not be detected by default since Tails 2.2~rc1 think it already is 2.2 (see the 2.2~rc1 announcement). To fix this, run the following command:

Code: [Auswählen]

sudo sed -i 's/^TAILS_VERSION_ID="2.2"$/TAILS_VERSION_ID="2.2~rc1"/' \ /etc/os-release && \ tails-upgrade-frontend-wrapper

[close]

https://tails.boum.org/

[SiLæncer]

Whats new:>>

    Upgrade Tor Browser to 5.5.4.

Known issues

See the current list of known issues.

https://tails.boum.org/

[SiLæncer]

Changelog

* Security fixes
    - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
    - Upgrade icedove to 38.7.0-1~deb8u1
    - Upgrade git to 1:2.1.4-2.1+deb8u2
    - Upgrade libgd3 to 2.1.0-5+deb8u1
    - Upgrade pidgin-otr to 4.0.1-1+deb8u1
    - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
    - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
    - Upgrade openssh to 1:6.7p1-5+deb8u2

  * Bugfixes
    - Refresh Tor Browser's AppArmor profile patch against the one from
      torbrowser-launcher 0.2.4-1. (Fixes: #11264)
    - Pull monkeysphere from stretch to avoid failing to install under
      eatmydata. (Fixes: #11170)
    - Start gpg-agent with no-grab option due to issues with pinentry and
      GNOME's top bar. (Fixes: #11038)
    - Tails Installer: Update error message to match new name of 'Clone
      & Install'. (Fixes: #11238)
    - Onion Circuits:
      * Cope with a missing geoipdb. (Fixes: #11203)
      * Make both panes of the window scrollable. (Fixes #11192)
    - WhisperBack: Workaround socks bug. When the Tor fails to connect to
      the host, WisperBack used to display a ValueError.  This is caused by
      a socks bug that is solved in upstream's master but not in Tails.
      This commit workarounds this bug Unclear error message in WhisperBack
      when failing to connect to the server. (Fixes: #11136)

  * Minor improvements
    - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
      and fixes to various packages . (Fixes: #11232)
    - Upgrade I2P to 0.9.25. (Fixes: #11363)
    - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
      passwords from the clipboard. (Fixes: #11239)
    - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
      (Fixes: #11273)
    - Make the Tor Status "disconnected" icon more contrasted with the
      "connected" one. (Fixes: #11199)

  * Test suite
    - Add UTF-8 support to OTR Bot. (Fixes: #10866)
    - Don't explicitly depend on openjdk-7-jre or any JRE for that
      matter. Sikuli will pull in a suitable one, so depending on one
      ourselves is only risks causing trouble. (Fixes: #11335)

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

New features

    We enabled the automatic account configuration of Icedove which discovers the correct parameters to connect to your email provider based on your email address. We improved it to rely only on secure protocol and we are working on sharing these improvements with Mozilla so that users of Thunderbird outside Tails can benefit from them as well.

    ?autoconfig.png

Upgrades and changes

    Update Tor Browser to 6.0.1, based on Firefox 45.

    Remove the preconfigured #tails IRC channel. Join us on XMPP instead!

    Always display minimize and maximize buttons in titlebars. (#11270)

    Remove GNOME Tweak Tool and hledger. You can add them back using the Additional software packages persistence feature.

    Use secure HKPS OpenPGP key server in Enigmail.

    Harden our firewall by rejecting RELATED packets and restricting Tor to only send NEW TCP syn packets. (#11391)

    Harden our kernel by:
        Setting various security-related kernel options: slab_nomerge slub_debug=FZ
        mce=0 vsyscall=none. (#11143)
        Removing the .map files of the kernel. (#10951)

Fixed problems

    Update the DRM and Mesa graphical libraries. This should fix recent problems with starting Tails on some hardware. (#11303)

    Some printers that stopped working in Tails 2.0 should work again. (#10965)

    Enable Packetization Layer Path MTU Discovery for IPv4. This should make the connections to obfs4 Tor bridges more reliable. (#9268)

    Remove our custom ciphers and MACs settings for SSH. This should fix connectivity issues with other distributions such as OpenBSD. (##7315)

    Fix the translations of Tails Upgrader. (#10221)

    Fix displaying the details of a circuit in Onion Circuits when using Tor bridges. (#11195)

For more details, read our changelog.
Known issues

    The automatic account configuration of Icedove freezes when connecting to some email providers. (#11486)

    In some cases sending an email with Icedove results in the error: "The message could not be sent using Outgoing server (SMTP) mail.riseup.net for an unknown reason." When this happens, simply click "Ok" and try again and it should work. (#10933)

    The update of the Mesa graphical library introduce new problems at least on AMD HD 7770 and nVidia GT 930M.

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

tails (2.5) unstable; urgency=medium

  * Major new features and changes
    - Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
      · Fix long delay causing bad UX in the autoconfig wizard,
        when it does not manage to guess proper settings on some domains.
        (Closes: #11486)
      · Better support sending email through some ISPs, such as Riseup.
        (Closes: #10933)
      · Fix spurious error message when creating an account and providing
        its password. (Closes: #11550)

  * Security fixes
    - Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
    - Upgrade GIMP to 2.8.14-1+deb8u1.
    - Upgrade libav to 6:11.7-1~deb8u1.
    - Upgrade expat to 2.1.0-6+deb8u3.
    - Upgrade libgd3 to 2.1.0-5+deb8u6.
    - Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
    - Upgrade perl to 5.20.2-3+deb8u6.
    - Upgrade Pidgin to 2.11.0-0+deb8u1.
    - Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
    - Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
    - Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
    - Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
    - Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.

  * Minor improvements
    - htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
      timeout for HTTP operations for more robust time synchronization.
      (Closes: #11577)
    - Hide settings panel for the Online Accounts component of GNOME,
      that we don't support. (Closes: #11545)
    - Vastly improve graphics performance in KVM guest with QXL driver.
      (Closes: #11500)
    - Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
      (Closes: #11489)

  * Build system
    - Wrap Pidgin in a more maintainable way. (Closes: #11567)

  * Test suite
    - Add a test scenario for the persistence "dotfiles" feature.
      (Closes: #10840)
    - Improve robustness of most APT, Git, SFTP and SSH scenarios,
      enough to enable them on Jenkins. (Closes: #10444, #10496, #10498)
    - Improve robustness of checking for persistence partition. (Closes: #11558)
    - Treat Tails booting from /dev/sda as OK, to support all cases
      including a weird one caused by hybrid ISO images. (Closes: #10504)
    - Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
    - Only query A records when exercising DNS lookups, to improve robustness.

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

New features

    We enabled address space layout randomization in the Linux kernel (kASLR) to improve protection from buffer overflow attacks.

    We installed rngd to improve the entropy of the random numbers generated on computers that have a hardware random number generator.

Upgrades and changes

    Upgrade Tor to 0.2.8.7.

    Upgrade Tor Browser to 6.0.5.

    Upgrade to Linux 4.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

    Upgrade Icedove to 45.2.0.

    Upgrade Tor Birdy to 0.2.0.

    Upgrade Electrum to 2.6.4.

    Install firmware for Intel SST sound cards (firmware-intel-sound).

    Install firmware for Texas Instruments Wi-Fi interfaces (firmware-ti-connectivity).

    Remove non-free APT repositories. We documented how to configure additional APT repositories using the persistent volume.

    Use a dedicated page as the homepage of Tor Browser so we can customize it for our users.

    Set up the trigger for RAM erasure on shutdown earlier in the boot process. This should speed up shutdown and make RAM erasure more robust.

Fixed problems

    Disable the automatic configuration of Icedove when using OAuth. This should fix the automatic configuration for GMail accounts. (#11536)

    Make the Disable all networking and Tor bridge mode options of Tails Greeter more robust. (#11593)

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

Changes
New features

    Ship LetsEncrypt intermedite SSL certificate so that our tools will be able to go on authenticating our website when its certifcate will be updated.

Upgrades and changes

    Upgrade Tor to 0.2.8.9.

    Upgrade Tor Browser to 6.0.6.

    Upgrade to Linux 4.7.

    Upgrade Icedove to 45.4.0.

Fixed problems

    Synaptic installs packages with the correct architecture.
    Set default spelling to en_US in Icedove.

Known issues

    Users setting their Tor Browser security slider to High will have to click on a link to see the result of the search they done with the search box.

[close]

https://tails.boum.org/

[SiLæncer]

Whats new:>>

Upgrade Tor Browser to 6.0.7

https://tails.boum.org/

[SiLæncer]

Changelog

* Security fixes
    - Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay
      close attention you'll see that we import -build1 but there was
      a -build2. The only change is Tor Button 1.9.5.13 which makes
      some changes to the donation campaign banner in `about:tor`,
      which we safely can skip. (Closes: #12028)
    - Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029)
    - Upgrade APT-related packages to 1.0.9.8.4.

  * Minor improvements
    - Switch to DuckDuckGo as the default search engine in the tor
      Browser. This is what Tor Browser has, and Disconnect.me (the
      previous default) has been re-directing to DDG for some time,
      which has been confusing users. In addition, we localize the DDG
      user interface for the locales with availablelangpacks. (Closes:
      #11913)
    - Improve the display name for the Wikipedia search plugin.
    - Enable contrib and non-free for our own APT repos.
    - Upgrade Tor to 0.2.8.10. (Closes: #12015)
    - Upgrade obfs4proxy to 0.0.7-1~tpo1.

  * Bugfixes
    - AppArmor Totem profile: add permissions needed to avoid warning
      on startup. (Closes: #11984)
    - Upgrade the VirtualBox Guest additions and modules to version
      5.1.8. This should prevent Xorg from crashing unless the video
      memory for the VMs are significantly bumped. (Closes: #11965)
      Users will still have to enable I/O APIC due to a bug in Linux.
    - Drop unwanted search plugins from the Tor Browser langpacks.
      Otherwise they are only removed from English locales. Note that
      the langpacks contain copies of the English plugins, not
      localized versions, so we actually lose nothing.

  * Test suite
    - Add support for SikuliX, which recently hit Debian Unstable,
      while still supporting Sikuli for Jessie users. (Closes: #11991)
    - Fix some instances where we were trying to use the mouse outside
      of the Sikuli screen.
    - Use "TorBirdy" instead of "amnesia branding" as the "anchor"
      addon.  I.e. the addon that we use to find the other ones. The
      "amnesia branding" addon has been removed, so we must use
      something else. (Fixup: #11906)
    - Dogtailify "the support documentation page opens in Tor Browser"
      step. We previously relied on Sikuli, and the image was made
      outdated thanks to our donation campaign. No more! (Closes:
      #11911)
    - Resolve dl.amnesia.boum.org instead of picking a static address.
      Just hours after updating the dustri.org IP address, its web
      server went down => test suite failures. Let's make this test as
      robust as actually downloading the Tails ISO image -- if that
      fails, we probably have more serious problems on our hands than
      a failing test suite. (Closes: #11960)
    - Switch MAT scenario from testing PDFs to PNGs. Also add
      anti-test and test using using a tool *different* from MAT, the
      tool being tested here. (Closes: #11901)

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

tails (2.10.1) UNRELEASED; urgency=medium

  * Dummy.

 -- anonym <anonym@riseup.net>  Tue, 24 Jan 2017 14:01:50 +0100

tails (2.10) unstable; urgency=medium

  * Major new features and changes
    - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
    - Install OnionShare from jessie-backports. Also install
      python3-stem from jessie-backports to allow the use of ephemeral
      onion services (Closes: #7870).
    - Completely rewrite tor-controlport-filter. Now we can safely
      support OnionShare, Tor Browser's per-tab circuit view and
      similar.
      * Port to python3.
      * Handle multiple sessions simultaneously.
      * Separate data (filters) from code.
      * Use python3-stem to allow our filter to be a lot more
        oblivious of the control language (Closes: #6788).
      * Allow restricting STREAM events to only those generated by the
        subscribed client application.
      * Allow rewriting commands and responses arbitrarily.
      * Make tor-controlport-filter reusable for others by e.g. making
        it possible to pass the listen port, and Tor control
        cookie/socket paths as arguments (Closes: #6742). We hear
        Whonix plan to use it! :)
    - Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series
      (Closes: #12012).

  * Security fixes
    - Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159)
    - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
    - Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9.
    - Upgrade pcscd to 1.8.13-1+deb8u1.
    - Upgrade libgd3 to 2.1.0-5+deb8u8.
    - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4.
    - Upgrade tor to 0.2.9.9-1~d80.jessie+1.
    - Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2.

  * Minor improvements
    - Enable and use the Debian Jessie proposed-updates APT
      repository, anticipating on the Jessie 8.7 point-release
      (Closes: #12124).
    - Enable the per-tab circuit view in Tor Browser (Closes: #9365).
    - Change syslinux menu entries from "Live" to "Tails" (Closes:
      #11975). Also replace the confusing "failsafe" wording with
      "Troubleshooting Mode" (Closes: #11365).
    - Make OnionCircuits use the filtered control port (Closes:
      #9001).
    - Make  tor-launcher use the filtered control port.
    - Run OnionCircuits directly as the Live user, instead of a
      separate user. This will make it compatible with the Orca screen
      reader (Closes: #11197).
    - Run tor-controlport-filter on port 9051, and the unfiltered one
      on 9052. This simplifies client configurations and assumptions
      made in many applications that use Tor's ControlPort. It's the
      exception that we connect to the unfiltered version, so this
      seems like the more sane approach.
    - Remove tor-arm (Nyx) (Closes: #9811).
    - Remove AddTrust_External_Root.pem from our website CA bundle. We
      now only use Let's Encrypt (Closes: #11811).
    - Configure APT to use Debian's Onion services instead of the
      clearnet ones (Closes: #11556).
    - Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
      incidentally also makes our filter lists lighter by
      de-duplicating common patterns among the EasyList filters
      (Closes: #6908). Thanks to spriver for this first major code
      contribution!
    - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
      Jessie backports (Closes: #11899).
    - Add support for exFAT (Closes: #9659).
    - Disable unprivileged BPF. Since upgrading to kernel 4.6,
      unprivileged users can use the bpf() syscall, which is a
      security concern, even with JIT disabled. So we disable that.
      This feature wasn't available before Linux 4.6, so disabling it
      should not cause any regressions (Closes: #11827).
    - Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
    - Raise the maximum number of loop devices to 32 (Closes: #12065).
    - Drop kernel.dmesg_restrict customization: it's enabled by
      default since 4.8.4-1~exp1 (Closes: #11886).
    - Upgrade Electrum to 2.7.9-1.
    - Make the Electrum proxy configuration apply after upgrading to
      2.7.9-1. These changes incidentally makes Electrum behave nicer:
      users will now not be presented the network configuration part
      of the setup wizard -- a server will be picked randomly, and
      Electrum will auto-connect. The automated test suite is adjusted
      accordingly (Closes: #12140).
    - Remove unused Browser profile seed file localstore.rdf which was
      made obsolete in Firefox 34.
    - Tor Browser: switch from pt-PT to pt-BR langpack. The upstream
      Tor Browser did this in version 6.5 (Refs: #12159).

  * Bugfixes
    - Tails Greeter:
      * use gdm-password instead of gdm-autologin, to fix switching to
        the VT where the desktop session lives on Stretch (Closes:
        #11694)
      * Fix more options scrolledwindow size in Stretch (Closes:
        #11919)
    - Tails Installer: remove unused code warning about missing
      extlinux in Tails Installer (Closes: #11196).
    - Update APT pinning to cover all binary packages built from
      src:mesa so we ensure installing mesa from jessie-backports
      (Closes: #11853).
    - Install xserver-xorg-video-amdgpu. This should help supporting
      newer AMD graphics adapters. (Closes #11850)
    - Fix firewall startup during early boot, by referring to the
      "amnesia" user via its UID (Closes: #7018).
    - Include all amd64-microcodes.
    - refresh-translations: ignore
      config/chroot_local-includes/usr/share/doc/tails/website/.
      Otherwise, if the website has been built already, PO tools
      complain that there are files with translatable strings in
      there, which are not listed in POTFILES.in.
    - Make uBlock Origin's button appear on first run. Otherwise it
      will only appear on browser runs after the first one. This bug
      also affected Adblock Plus (Closes: #12145).

  * Build system
    - Be more careful when unmounting the tmpfs used as workspace
      during builds, fixing an issue that made Jenkins' ISO builders
      prone to failures (Closes: #12009).
    - Upgrade the Vagrant basebox to 20170105. The only big change is
      that we now install the backported kernel in the builder VM, to
      make building possible on Debian Sid (Closes: #12081).
    - Ensure the VirtualBox guest DKMS modules are built for the
      kernel we want them for. In some situations, depending on the
      version of the running kernel, the modules would not be built
      for the 686 kernel, which is the one that needs the VirtualBox
      guest modules.  This commit ensures the VirtualBox guest modules
      are built and installed regardless of the how the build
      environment looks like (Closes: #12139).

  * Test suite
    - Replace the filesystem shares support with a helper for easily
      sharing files from the host to the guest using virtual disks
      (Closes: #5571).
    - Do not test sending email when testing POP3. We cannot clean
      that email up (easily) since when we use POP3 deletions won't
      affect the remote inbox, only our local one, resulting in the
      quota being reached eventually (Closes: #12006).
    - Have APT tests configure APT to use non-onion sources. Our test
      suite uses Chutney to create a virtual, private Tor network, and
      thus doesn't support connections to Onion services running in
      the real Tor network (Refs: #11556).
    - Allow connections to Tor's control port during stream isolation
      tests, but only for those applications where we expect that.
    - Fix Electrum tests after upgrading to 2.7.9-1.
    - Make encryption.feature pass for Tails 2.10~rc1.
    - Adapt tests after the Donation campaign was disabled (Refs:
      #12134).
    - Fix 'The "Tails documentation" link on the Desktop works'
      scenario. The TailsOfflineDocHomepage.png image doesn't match
      what we see any more (I have no clue why), so let's use Dogtail
      and solve this once and for all, hopefully.
    - Work around Tails freezing during memory wiping. These
      workarounds should be reverted once #11786 is fixed
      properly. (Refs: #10776, #11786)
    - Support both xtigervncviewer and xtightvncviewer for --view.
      xtightvncviewer is a transitional package in Sid, which depends
      on tigervnc-viewer (which ships xtigervncviewer), so by keeping
      the dep and supporting both binaries, --view will work on both
      Sid and Jessie (Closes: #12129).
    - Test suite: bump image after upgrading to Tor Browser 6.5 (Refs:
      #12159).
    - Add debugging info for when PacketFu misbehaves, and be more
      careful when to save pcap artifacts (Refs: #11508).

 -- Tails developers <tails@boum.org>  Mon, 23 Jan 2017 11:38:37 +0100

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

tails (3.0~beta1) experimental; urgency=medium

  * All changes brought by Tails 2.7.1, 2.9.1 and 2.10.

  * Major new features and changes
    - Redesigned Tails Greeter.
    - Upgrade to a new snapshot (2017013002) of the Debian and Torproject
      APT repositories.
    - Upgrade Linux to 4.9.0-1.

  * Security fixes
    - Reject packets sent on the LAN to the NetBIOS name service
      (Closes: #11944).
    - Seahorse: use the Tor OnionBalance hidden service pool,
      which provides transport encryption and authentication of the keyserver.

  * Minor improvements
    - Include adwaita-qt* and enable it by default, so that Qt applications
      integrate nicely into a GNOME environment (Closes: #11790).
    - Add support for the TREZOR hardware wallet in Electrum (Closes: #10964).
    - AppArmor: allow all programs to read /etc/tor/torsocks.conf via
      abstractions/base, to ease maintenance.
    - Don't (try to) bind the Power button to the shutdown action
      (Closes: #12004).
    - Enable natural scrolling (Closes: #11969).
    - Update uBlock Origin patterns + settings file.
    - live-persist: remove Squeeze → Wheezy migration code.
    - Update pre-existing persistent GnuPG configuration on login
      (Closes: #12201).
    - Upgrader: use the alpha channel when the next version will be an
      alpha, beta, or RC. This will allow users of 3.0~betaN to upgrade to
      the next beta or RC, without having to type any command-line
      (Closes: #12206).

  * Bugfixes
    - Fix "upgrade from ISO" when run from a 32-bit system,
      such as Tails 2.x (Closes: #11873).
    - Fix ability to read videos over HTTPS with Totem (Closes: #11963).
    - Re-introduce default directories in $HOME, which fixes
      Spice file transfers (Closes: #11968).
    - Re-enable tap-to-click (Closes: #11993).
    - Lower systemd's DefaultTimeoutStopSec, to get rid of a long delay
      before memory wiping starts. This also prevents shutdown from ever
      being blocked by any buggy service that takes a while to stop
      (Closes: #12061).
    - Drop Jessie APT sources.
    - Re-add VirtualBox DKMS modules.
    - Fix GnuPG communication with keyservers, by using the Tor OnionBalance
      hidden service pool (Closes: #12202).
    - Fix Enigmail communication with keyservers, by teaching Torbirdy
      not to break it (Closes: #11948):
      · Patch Torbirdy to allow not breaking keyserver communication when
        using GnuPG v2.1+, and to use a better default keyserver.
      · Torbirdy: enable the new behaviour made possible by the aforementioned
        patch (extensions.enigmail.already_torified).
      · Torbirdy: drop our custom keyserver configuration, since the
        aforementioned patch makes it the default.

  * Removed features
    - Don't install gnome-system-log anymore (Closes: #12133).
      It's deprecated in GNOME, and mostly useless anyway as it's not
      Journal-aware. It's replacement (gnome-logs) is not usable
      enough in the context of Tails, and most users who can read logs
      should manage to do it with journalctl, so don't install it either.
    - Drop multiarch handling: Tails 3.0 will be amd64-only (Closes: #11961).

  * Build system
    - Disable eatmydata usage and caching: in current Stretch, debootstrap fails
      if we use eatmydata + the operation mode picked by live-build when caching
      is enabled (Closes: #12052).
    - Bump disk space (and memory for in-RAM builds) requirements.
    - Follow replacement of python-reportbug with python3-reportbug.
    - Don't try to deinstall packages that are unknown on Stretch.
    - Move AppArmor aliases to a dedicated file, and include it.
      This will avoid maintaining these settings as a patch.
    - Don't attempt to remove the usr.bin.chromium-browser AppArmor profile:
      it's not shipped in Debian anymore.

  * Test suite
    - Add optional pause() notification (Closes: #12175).
    - Make the remote shell's file operations robust (Closes: #11887).
    - Update a number of test cases for Stretch, sometimes by converting
      them to Dogtail.
    - Drop usage and tests of read-only persistence.
      We won't have this option anymore, and it's not even sure we'll
      reintroduce it (Refs: #12093, Closes: #12055).
    - Adjust CONFIGURED_KEYSERVER_HOSTNAME to match current settings.
    - Test suite: clean up disks between features.

  * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
    - Adjust dpkg-divert path: it has moved.
    - Replace xfonts-wqy with fonts-wqy-microhei + fonts-wqy-zenhei.
      The former was removed from Debian testing, and the latter are recommended
      by task-chinese-s-desktop and task-chinese-t-desktop.
    - Install virtualbox* from sid.
      It was removed from testing due to https://bugs.debian.org/794466.
    - Drop deprecated settings from org/gnome/settings-daemon/plugins/power.
    - Update settings name in org/gnome/desktop/peripherals/touchpad, and drop
      deprecated ones.
    - Adjust to changed Liferea's .desktop filename.
    - Also torify Liferea when started via its (new) D-Bus service.
    - Install hunspell-pt-br instead of hunspell-pt-pt.
      Tor Browser 6.5 moved from pt-PT to pt-BR, which is fine vs
      spellcheckers in Jessie since its hunspell-pt provides both -pt and
      -br, but in Stretch they are separate packages.
    - AppArmor: adjust usr.sbin.cupsd profile so it loads successfully
      (Closes: #12116).
    - Migrate from netstat to ss.
    - Update extensions.enigmail.configuredVersion.
    - Remove the jessie-proposed-updates APT sources.

 -- Tails developers <tails@boum.org>  Wed, 01 Feb 2017 19:23:03 +0000

[close]

https://tails.boum.org/

[SiLæncer]

Changelog

  * Security fixes
    - Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
      #12283)
    - Fix CVE-2017-6074 (local root privilege escalation) by disabling
      the 'dccp' module. (Closes: #12280)
    - Disable kernel modules for some uncommon network protocol. These
      are the ones recommended by CIS. (Part of: #6457)
    - Disable modules we blacklist for security reasons. Blacklisted
      (via `blacklist MODULENAME`) modules are only blocked from being
      loaded during the boot process, but are still loadable with an
      explicit `modprobe MODULENAME`, and (worse!) via kernel module
      auto-loading.
    - Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
    - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u7.
    - Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
    - Upgrade libgd3 to 2.1.0-5+deb8u9.
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
    - Upgrade liblcms2-2 to 2.6-3+deb8u1.
    - Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
    - Upgrade login to 1:4.2-3+deb8u3.
    - Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
    - Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
    - Upgrade openssl to 1.0.1t-1+deb8u6.
    - Upgrade tcpdump to 4.9.0-1~deb8u1.
    - Upgrade vim to 2:7.4.488-7+deb8u2.
    - Upgrade libreoffice to 1:4.3.3-2+deb8u6.

  * Minor improvements
    - import-translations: also import PO files for French from
      Transifex. The translation team for French switched to Transifex
      even for our custom programs:
      https://mailman.boum.org/pipermail/tails-l10n/2016-November/004312.html
    - Notify the user, if running on a 32-bit processor, that it won't
      be supported in Tails 3.0 anymore. (Closes: #12193)
    - Notify I2P users that I2P will be removed in Tails
      2.12. (Closes: #12271)

  * Bugfixes
    - Disable -proposed-updates at boot time. If a Debian point
      release happens right after a freeze but we have decided to
      enable it before the freeze to get (at least most of) it, then
      we get in the situation where -proposed-updates is enabled in
      the final release, which we don't want. We only want it enabled
      at build time. (Closes: #12169)
    - Ferm: Use the variable when referring to the Live user. The
      firewall will fail to start during early boot otherwise since
      the "amnesia" user hasn't been created yet. (Closes: #12208)
    - Tor Browser: Don't show offline warning when opening local
      documentation. (Closes: #12269)
    - tails-virt-notify-user: use the tails-documentation helper to
      improve UX when one is not connected to Tor yet, and display
      localized doc when available.
    - Fix rare issue causing automatic upgrades to not apply properly
      (Closes: #8449, and hopefully #11839 as well):
      * Allow the tails-install-iuk user to run "/usr/bin/nocache
        /bin/cp *" as root.
      * Install tails-iuk 2.8, which will use nocache for various file
        operations, and sync writes to the installation medium.
    - Install Linux 4.8.15 to prevent GNOME from freezing with Intel
      GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
      of other small bugs)

  * Build system
    - Add 'offline' option, making it possible to build Tails offline
      (if all needed resources are present in your cache). (Closes:
      #12272)

  * Test suite
    - Encapsulate exec_helper's class to not "pollute" the global
      namespace with all our helpers. This is an example of how we can
      work towards #9030.
    - Extend remote shell with *safe* file operations. Now we can
      read/write/append *any* characters without worrying that it will
      do crazy things by being passed through the shell, as was the
      case before.  This commit also:
      * adds some better reporting of errors happening on the server
        side by communicating back the exception thrown.
      * removes the `user` parameter from the VM.file_* methods. They
        were not used, any way, and simply do not feel like they
        fit. I think the only reason we had it initially was because
        it was implemented via the command interface, where a user
        concept makes a lot of sense.
    - debug_log() Dogtail script content on failure.
    - Add a very precise timestamp to each debug_log().
    - Make robust_notification_wait() ensure the applet is closed. In
      robust_notification_wait() when we close the notification
      applet, other windows may change position, creating a racy
      situation for any immediately following action aimed at one such
      window. (Closes: #10381)
    - Fix I2P's Pidgin test. The initial conversation (that determines
      the title of the conversation window) is now made by a different
      IRC service than before.
    - Use lossless compression for the VNC viewer with --view.
      Otherwise the VNC viewer is not a good place to extract test
      suite images from, at least with xtigervncviewer.
    - Add optional pause() notification feature to the test suite. It
      will run a user-configurable arbitrary shell command when
      pause() is called, e.g. on failure when --interactive-debugging
      is used. This is pretty useful when multitasking with long test
      suite runs, so you immediately are notified when a test fails
      (or when you reached a temporary pause() breakpoint).  (Closes:
      #12175)
    - Add the possibility to run Python code in a persistent session
      in the remote shell and use this for Dogtail to significantly
      improve its performance by saving state and reusing it between
      commands. This changes the semantics of the creation of Dogtail
      objects. Previously they just created the code that then would
      be run once an actionable method was called (.wait, .click etc),
      but now it works like in Python, that Dogtail will try to find
      the graphical element upon object creation. (Closes: #12059)
    - Test that we don't ship any -proposed-updates APT sources.
      (Closes: #12169)
    - Make force_new_tor_circuit() respect NEWNYM rate limiting.
    - Add retry magic for lost click when opening Tails' documentation
      from the desktop launcher. (Closes: #12131)

[close]

https://tails.boum.org/