summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2015-07-07 22:19:06 +0000
committerintrigeri <intrigeri@boum.org>2015-07-07 22:19:06 +0000
commit867270aff031614a352b4a0b1f43ae6970c1338c (patch)
treebe1ce88138fd80bbda4bcc465b74a09e63a1156c
parent4d8b649dcde7a98bcd45bae82df568c61a13765b (diff)
parent12d9125ca4854a5153b14cf4734b176fee8eb2f7 (diff)
Merge branch 'feature/jessie' into feature/jessie+32-bit-UEFI
-rw-r--r--config/APT_overlays.d/feature-9381-ship-amd64-syslinux0
-rwxr-xr-xconfig/binary_local-hooks/40-include_syslinux_in_ISO_filesystem39
-rw-r--r--config/chroot_apt/preferences12
-rwxr-xr-xconfig/chroot_local-hooks/03-dpkg-architectures7
-rw-r--r--config/chroot_local-includes/etc/apt/apt.conf.d/13architectures1
-rw-r--r--config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla8
-rw-r--r--config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js1
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/live-persist29
l---------config/chroot_sources/jessie-backports.binary1
-rw-r--r--config/chroot_sources/jessie-backports.chroot1
-rw-r--r--features/images/GnomeApplicationsDeletePersistentVolume.pngbin2318 -> 2803 bytes
-rw-r--r--features/images/GnomeApplicationsSynaptic.pngbin4194 -> 4219 bytes
-rw-r--r--features/images/GnomeApplicationsTerminal.pngbin2009 -> 2220 bytes
-rw-r--r--features/images/GnomeFileDiagTypeFilename.pngbin905 -> 1259 bytes
-rw-r--r--features/images/GnomePlaces.pngbin1055 -> 1056 bytes
-rw-r--r--features/images/GnomePlacesWithoutTorBrowserPersistent.pngbin5558 -> 5785 bytes
-rw-r--r--features/images/GnomeWindowTitleBarRightEdge.pngbin351 -> 342 bytes
-rw-r--r--features/images/PersistenceWizardDeletionStart.pngbin2598 -> 2781 bytes
-rw-r--r--features/images/PersistenceWizardDone.pngbin2950 -> 3195 bytes
-rw-r--r--features/images/PersistenceWizardPresets.pngbin4131 -> 4835 bytes
-rw-r--r--features/images/PersistenceWizardStart.pngbin3526 -> 3156 bytes
-rw-r--r--features/images/PersistenceWizardWindow.pngbin2472 -> 0 bytes
-rw-r--r--features/images/SynapticPackageList.pngbin4611 -> 3994 bytes
-rw-r--r--features/images/TailsGreeterPersistence.pngbin1473 -> 1312 bytes
-rw-r--r--features/images/TailsGreeterPersistenceReadOnly.pngbin1559 -> 1394 bytes
-rw-r--r--features/images/TorBrowserUnableToConnect.pngbin0 -> 2290 bytes
-rw-r--r--features/images/UnsafeBrowserHelloLANWebServer.pngbin0 -> 2275 bytes
-rw-r--r--features/step_definitions/common_steps.rb59
-rw-r--r--features/step_definitions/firewall_leaks.rb3
-rw-r--r--features/step_definitions/pidgin.rb2
-rw-r--r--features/step_definitions/tor.rb3
-rw-r--r--features/step_definitions/torified_browsing.rb6
-rw-r--r--features/step_definitions/torified_gnupg.rb95
-rw-r--r--features/step_definitions/usb.rb2
-rw-r--r--features/support/extra_hooks.rb28
-rw-r--r--features/support/helpers/firewall_helper.rb23
-rw-r--r--features/support/helpers/vm_helper.rb15
-rw-r--r--features/support/hooks.rb6
-rw-r--r--features/torified_browsing.feature9
-rw-r--r--features/unsafe_browser.feature6
-rw-r--r--wiki/src/blueprint/Linux_containers.mdwn2
-rw-r--r--wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn18
-rw-r--r--wiki/src/blueprint/monthly_meeting.mdwn11
-rw-r--r--wiki/src/blueprint/persistent_Tor_state.mdwn6
-rw-r--r--wiki/src/blueprint/report_2015_06.mdwn68
-rw-r--r--wiki/src/blueprint/report_2015_07.mdwn16
-rw-r--r--wiki/src/contribute/APT_repository.mdwn11
-rw-r--r--wiki/src/contribute/calendar.mdwn27
-rw-r--r--wiki/src/contribute/how/donate.de.po2
-rw-r--r--wiki/src/contribute/how/donate.fr.po2
-rw-r--r--wiki/src/contribute/how/donate.pt.po2
-rw-r--r--wiki/src/contribute/release_process.mdwn95
-rw-r--r--wiki/src/contribute/release_process/tails-iuk.mdwn21
-rw-r--r--wiki/src/contribute/release_process/test.mdwn14
-rw-r--r--wiki/src/contribute/release_schedule.mdwn14
-rw-r--r--wiki/src/doc/about/features.fr.po15
-rw-r--r--wiki/src/doc/about/warning.fr.po8
-rw-r--r--wiki/src/doc/advanced_topics.index.mdwn1
-rw-r--r--wiki/src/doc/advanced_topics/lan.mdwn74
-rw-r--r--wiki/src/doc/anonymous_internet/Tor_Browser.mdwn8
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser.mdwn8
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.mdwn3
-rw-r--r--wiki/src/doc/first_steps/installation.fr.po19
-rw-r--r--wiki/src/inc/stable_i386_date.de.po4
-rw-r--r--wiki/src/inc/stable_i386_date.fr.po8
-rw-r--r--wiki/src/inc/stable_i386_date.html2
-rw-r--r--wiki/src/inc/stable_i386_date.pt.po11
-rw-r--r--wiki/src/inc/trace2
-rw-r--r--wiki/src/news/version_1.4.1.de.po17
-rw-r--r--wiki/src/news/version_1.4.1.fr.po17
-rw-r--r--wiki/src/news/version_1.4.1.mdwn2
-rw-r--r--wiki/src/news/version_1.4.1.pt.po17
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.de.po21
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.fr.po21
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.mdwn10
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.pt.po21
-rw-r--r--wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml15
-rw-r--r--wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml.pgp26
78 files changed, 674 insertions, 321 deletions
diff --git a/config/APT_overlays.d/feature-9381-ship-amd64-syslinux b/config/APT_overlays.d/feature-9381-ship-amd64-syslinux
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/feature-9381-ship-amd64-syslinux
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index aed5f33c..4991739 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -21,23 +21,44 @@ Set_defaults
# Seems like we'll have work to do
Echo_message 'including syslinux in the ISO filesystem'
-# Variables
+### Functions
+
+syslinux_deb_version_in_chroot () {
+ chroot chroot dpkg-query -W -f='${Version}\n' syslinux
+}
+
+### Variables
LINUX_BINARY_UTILS_DIR='binary/utils/linux'
WIN32_BINARY_UTILS_DIR='binary/utils/win32'
BINARY_MBR_DIR='binary/utils/mbr'
CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
CHROOT_SYSLINUX_MBR='chroot/usr/lib/SYSLINUX/gptmbr.bin'
CHROOT_TEMP_APT_SOURCES='chroot/etc/apt/sources.list.d/tmp-deb-src.list'
+SYSLINUX_DEB_VERSION_IN_CHROOT=$(syslinux_deb_version_in_chroot)
-# Functions
-
-syslinux_deb_version_in_chroot () {
- chroot chroot dpkg-query -W -f='${Version}\n' syslinux
-}
-
-# Main
+### Main
mkdir -p "$LINUX_BINARY_UTILS_DIR" "$WIN32_BINARY_UTILS_DIR" "$BINARY_MBR_DIR"
+
+# Copy 32-bit syslinux binary
cp "$CHROOT_SYSLINUX_BIN" "$LINUX_BINARY_UTILS_DIR/"
+
+# Copy 64-bit syslinux binary
+(
+ olddir=$(pwd)
+ workdir=$(mktemp -d)
+ cd "$workdir"
+ chroot="$olddir/chroot"
+ Chroot "$chroot" \
+ apt-get --yes download \
+ syslinux:amd64="$SYSLINUX_DEB_VERSION_IN_CHROOT"
+ dpkg-deb --extract "$chroot"/syslinux_*.deb .
+ rm "$chroot"/syslinux_*.deb
+ cp ./usr/bin/syslinux "$olddir/$LINUX_BINARY_UTILS_DIR/syslinux-amd64"
+ cd "$olddir"
+ rm -r "$workdir"
+)
+
+# Copy syslinux MBR
cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
@@ -47,7 +68,7 @@ cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
> "$CHROOT_TEMP_APT_SOURCES"
Chroot chroot apt-get --yes update
Chroot chroot apt-get --yes install dpkg-dev
-Chroot chroot apt-get source syslinux="$(syslinux_deb_version_in_chroot)"
+Chroot chroot apt-get source syslinux="$SYSLINUX_DEB_VERSION_IN_CHROOT"
cp chroot/syslinux-*/bios/win32/syslinux.exe "$WIN32_BINARY_UTILS_DIR/"
rm -r chroot/syslinux*
rm "$CHROOT_TEMP_APT_SOURCES"
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index bb94691..a7fb45d 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -55,7 +55,7 @@ Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: libnet-dbus-perl
-Pin: release o=Debian,a=jessie-backports
+Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: linux-base
@@ -156,6 +156,16 @@ Package: liveusb-creator
Pin: release o=Tails,n=feature-jessie
Pin-Priority: 1006
+Explanation: override our Wheezy-specific package
+Package: python-dbus
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
+
+Explanation: override our Wheezy-specific package
+Package: python-dbus-dev
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
+
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tails-greeter
Pin: release o=Tails,n=feature-jessie
diff --git a/config/chroot_local-hooks/03-dpkg-architectures b/config/chroot_local-hooks/03-dpkg-architectures
new file mode 100755
index 0000000..654a8ac
--- /dev/null
+++ b/config/chroot_local-hooks/03-dpkg-architectures
@@ -0,0 +1,7 @@
+#! /bin/sh
+
+set -e
+
+echo "Configuring dpkg architectures"
+
+dpkg --add-architecture amd64
diff --git a/config/chroot_local-includes/etc/apt/apt.conf.d/13architectures b/config/chroot_local-includes/etc/apt/apt.conf.d/13architectures
new file mode 100644
index 0000000..0c4c6c4
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/apt.conf.d/13architectures
@@ -0,0 +1 @@
+APT::Architectures {"i386"; "amd64";};
diff --git a/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla b/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
index 672ad75..93e04cb 100644
--- a/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
+++ b/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
@@ -1,14 +1,16 @@
[Modify internal storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.change-system-internal
+Action=org.freedesktop.udisks2.modify-device-system
ResultAny=yes
+ResultActive=yes
+ResultInactive=yes
[Mount internal storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.filesystem-mount-system-internal
+Action=org.freedesktop.udisks2.filesystem-mount-system
ResultAny=yes
[Unlock encrypted storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.luks-unlock
+Action=org.freedesktop.udisks2.encrypted-unlock-system
ResultAny=yes
diff --git a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
index a66445b..a71f6e5 100644
--- a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
+++ b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
@@ -78,4 +78,3 @@ pref("extensions.update.enabled", false);
pref("layout.spellcheckDefault", 0);
pref("network.dns.disableIPv6", true);
pref("security.warn_submit_insecure", true);
-pref("network.proxy.no_proxies_on", "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16");
diff --git a/config/chroot_local-includes/usr/local/sbin/live-persist b/config/chroot_local-includes/usr/local/sbin/live-persist
index b835ca9..1db4dac 100755
--- a/config/chroot_local-includes/usr/local/sbin/live-persist
+++ b/config/chroot_local-includes/usr/local/sbin/live-persist
@@ -69,35 +69,6 @@ warning ()
echo "warning: ${@}" >&2
}
-dbus_udisks_get_attribute ()
-{
- local dev="${1}"
- local attribute="${2}"
- local re='^[[:space:]]*variant[[:space:]]\+string[[:space:]]\+"\(.*\)"$'
- dbus-send --system --print-reply --dest=org.freedesktop.UDisks \
- /org/freedesktop/UDisks/devices/$(basename ${dev}) \
- org.freedesktop.DBus.Properties.Get \
- string:org.freedesktop.UDisks.Device \
- string:"${attribute}" 2>/dev/null | \
- grep -e "${re}" | sed "s|${re}|\1|"
-}
-
-# We override the following two functions from live-helpers since old
-# blkid (i.e. util-linux and libblkid1) doesn't support GPT. We use dbus
-# instead (which should be available in user-space).
-get_gpt_name ()
-{
- local dev="${1}"
- dbus_udisks_get_attribute ${dev} partition-label
-}
-
-is_gpt_device ()
-{
- local dev="${1}"
- [ "$(dbus_udisks_get_attribute ${dev} partition-scheme)" = "gpt" ]
-}
-
-
# We override live-boot's logging facilities to get more useful error messages
log_warning_msg ()
{
diff --git a/config/chroot_sources/jessie-backports.binary b/config/chroot_sources/jessie-backports.binary
new file mode 120000
index 0000000..1df23c8
--- /dev/null
+++ b/config/chroot_sources/jessie-backports.binary
@@ -0,0 +1 @@
+jessie-backports.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie-backports.chroot b/config/chroot_sources/jessie-backports.chroot
new file mode 100644
index 0000000..60015be
--- /dev/null
+++ b/config/chroot_sources/jessie-backports.chroot
@@ -0,0 +1 @@
+deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
diff --git a/features/images/GnomeApplicationsDeletePersistentVolume.png b/features/images/GnomeApplicationsDeletePersistentVolume.png
index c76c20b..b65d8df 100644
--- a/features/images/GnomeApplicationsDeletePersistentVolume.png
+++ b/features/images/GnomeApplicationsDeletePersistentVolume.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSynaptic.png b/features/images/GnomeApplicationsSynaptic.png
index 2594000..7f46105 100644
--- a/features/images/GnomeApplicationsSynaptic.png
+++ b/features/images/GnomeApplicationsSynaptic.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTerminal.png b/features/images/GnomeApplicationsTerminal.png
index 6256b3a..62dd716 100644
--- a/features/images/GnomeApplicationsTerminal.png
+++ b/features/images/GnomeApplicationsTerminal.png
Binary files differ
diff --git a/features/images/GnomeFileDiagTypeFilename.png b/features/images/GnomeFileDiagTypeFilename.png
index 2139695..85c3c59 100644
--- a/features/images/GnomeFileDiagTypeFilename.png
+++ b/features/images/GnomeFileDiagTypeFilename.png
Binary files differ
diff --git a/features/images/GnomePlaces.png b/features/images/GnomePlaces.png
index 98036cc..476bf23 100644
--- a/features/images/GnomePlaces.png
+++ b/features/images/GnomePlaces.png
Binary files differ
diff --git a/features/images/GnomePlacesWithoutTorBrowserPersistent.png b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
index 710cb5d..2ab18a3 100644
--- a/features/images/GnomePlacesWithoutTorBrowserPersistent.png
+++ b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
Binary files differ
diff --git a/features/images/GnomeWindowTitleBarRightEdge.png b/features/images/GnomeWindowTitleBarRightEdge.png
index 220c0a2..894caab 100644
--- a/features/images/GnomeWindowTitleBarRightEdge.png
+++ b/features/images/GnomeWindowTitleBarRightEdge.png
Binary files differ
diff --git a/features/images/PersistenceWizardDeletionStart.png b/features/images/PersistenceWizardDeletionStart.png
index a444057..a93fbb9 100644
--- a/features/images/PersistenceWizardDeletionStart.png
+++ b/features/images/PersistenceWizardDeletionStart.png
Binary files differ
diff --git a/features/images/PersistenceWizardDone.png b/features/images/PersistenceWizardDone.png
index 4a95bf1..baa6c35 100644
--- a/features/images/PersistenceWizardDone.png
+++ b/features/images/PersistenceWizardDone.png
Binary files differ
diff --git a/features/images/PersistenceWizardPresets.png b/features/images/PersistenceWizardPresets.png
index 9019836..f8349a9 100644
--- a/features/images/PersistenceWizardPresets.png
+++ b/features/images/PersistenceWizardPresets.png
Binary files differ
diff --git a/features/images/PersistenceWizardStart.png b/features/images/PersistenceWizardStart.png
index edd8187..c34668e 100644
--- a/features/images/PersistenceWizardStart.png
+++ b/features/images/PersistenceWizardStart.png
Binary files differ
diff --git a/features/images/PersistenceWizardWindow.png b/features/images/PersistenceWizardWindow.png
deleted file mode 100644
index 340dfa9..0000000
--- a/features/images/PersistenceWizardWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticPackageList.png b/features/images/SynapticPackageList.png
index cf0cbc7..21f07d0 100644
--- a/features/images/SynapticPackageList.png
+++ b/features/images/SynapticPackageList.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistence.png b/features/images/TailsGreeterPersistence.png
index 59679bf..201b5f1 100644
--- a/features/images/TailsGreeterPersistence.png
+++ b/features/images/TailsGreeterPersistence.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistenceReadOnly.png b/features/images/TailsGreeterPersistenceReadOnly.png
index a93ab09..43ef556 100644
--- a/features/images/TailsGreeterPersistenceReadOnly.png
+++ b/features/images/TailsGreeterPersistenceReadOnly.png
Binary files differ
diff --git a/features/images/TorBrowserUnableToConnect.png b/features/images/TorBrowserUnableToConnect.png
new file mode 100644
index 0000000..6155d8c
--- /dev/null
+++ b/features/images/TorBrowserUnableToConnect.png
Binary files differ
diff --git a/features/images/UnsafeBrowserHelloLANWebServer.png b/features/images/UnsafeBrowserHelloLANWebServer.png
new file mode 100644
index 0000000..4e2c1ab
--- /dev/null
+++ b/features/images/UnsafeBrowserHelloLANWebServer.png
Binary files differ
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 5702a13..68261d5 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -451,7 +451,8 @@ end
Then /^all Internet traffic has only flowed through Tor$/ do
next if @skip_steps_while_restoring_background
- leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_all_tor_nodes)
+ leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
+ :accepted_hosts => get_all_tor_nodes)
leaks.assert_no_leaks
end
@@ -534,7 +535,7 @@ end
Given /^I shutdown Tails and wait for the computer to power off$/ do
next if @skip_steps_while_restoring_background
- @vm.execute("poweroff")
+ @vm.spawn("poweroff")
step 'Tails eventually shuts down'
end
@@ -1009,6 +1010,60 @@ When /^I accept to import the key with Seahorse$/ do
@screen.wait_and_click("TorBrowserOkButton.png", 10)
end
+Given /^a web server is running on the LAN$/ do
+ next if @skip_steps_while_restoring_background
+ web_server_ip_addr = $vmnet.bridge_ip_addr
+ web_server_port = 8000
+ @web_server_url = "http://#{web_server_ip_addr}:#{web_server_port}"
+ web_server_hello_msg = "Welcome to the LAN web server!"
+
+ # I've tested ruby Thread:s, fork(), etc. but nothing works due to
+ # various strange limitations in the ruby interpreter. For instance,
+ # apparently concurrent IO has serious limits in the thread
+ # scheduler (e.g. sikuli's wait() would block WEBrick from reading
+ # from its socket), and fork():ing results in a lot of complex
+ # cucumber stuff (like our hooks!) ending up in the child process,
+ # breaking stuff in the parent process. After asking some supposed
+ # ruby pros, I've settled on the following.
+ code = <<-EOF
+ require "webrick"
+ STDOUT.reopen("/dev/null", "w")
+ STDERR.reopen("/dev/null", "w")
+ server = WEBrick::HTTPServer.new(:BindAddress => "#{web_server_ip_addr}",
+ :Port => #{web_server_port},
+ :DocumentRoot => "/dev/null")
+ server.mount_proc("/") do |req, res|
+ res.body = "#{web_server_hello_msg}"
+ end
+ server.start
+EOF
+ proc = IO.popen(['ruby', '-e', code])
+ try_for(10, :msg => "It seems the LAN web server failed to start") do
+ Process.kill(0, proc.pid) == 1
+ end
+
+ add_after_scenario_hook { Process.kill("TERM", proc.pid) }
+
+ # It seems necessary to actually check that the LAN server is
+ # serving, possibly because it isn't doing so reliably when setting
+ # up. If e.g. the Unsafe Browser (which *should* be able to access
+ # the web server) tries to access it too early, Firefox seems to
+ # take some random amount of time to retry fetching. Curl gives a
+ # more consistent result, so let's rely on that instead. Note that
+ # this forces us to capture traffic *after* this step in case
+ # accessing this server matters, like when testing the Tor Browser..
+ try_for(30, :msg => "Something is wrong with the LAN web server") do
+ msg = @vm.execute_successfully("curl #{@web_server_url}",
+ LIVE_USER).stdout.chomp
+ web_server_hello_msg == msg
+ end
+end
+
+When /^I open a page on the LAN web server in the (.*)$/ do |browser|
+ next if @skip_steps_while_restoring_background
+ step "I open the address \"#{@web_server_url}\" in the #{browser}"
+end
+
Then /^I force Tor to use a new circuit( in Vidalia)?$/ do |with_vidalia|
if with_vidalia
assert_equal('gnome', @theme, "Vidalia is not available in the #{@theme} theme.")
diff --git a/features/step_definitions/firewall_leaks.rb b/features/step_definitions/firewall_leaks.rb
index 3174d0d..3af9268 100644
--- a/features/step_definitions/firewall_leaks.rb
+++ b/features/step_definitions/firewall_leaks.rb
@@ -1,6 +1,7 @@
Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
next if @skip_steps_while_restoring_background
- leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_all_tor_nodes)
+ leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
+ :accepted_hosts => get_all_tor_nodes)
case type.downcase
when 'ipv4 tcp'
if leaks.ipv4_tcp_leaks.empty?
diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb
index a879840..7267400 100644
--- a/features/step_definitions/pidgin.rb
+++ b/features/step_definitions/pidgin.rb
@@ -302,7 +302,7 @@ Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account|
# Sometimes the OFTC welcome notice window pops up over the buddy list one...
begin
@vm.focus_window('Buddy List')
- rescue Test::Unit::AssertionFailedError
+ rescue ExecutionFailedInVM
# Sometimes focusing the window with xdotool will fail with the
# conversation window right on top of it. We'll try to close the
# conversation window. At worst, the test will still fail...
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index 797908b..0e3cd80 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -369,7 +369,8 @@ When /^all Internet traffic has only flowed through the configured pluggable tra
next if @skip_steps_while_restoring_background
assert_not_nil(@bridge_hosts, "No bridges has been configured via the " +
"'I configure some ... bridges in Tor Launcher' step")
- leaks = FirewallLeakCheck.new(@sniffer.pcap_file, @bridge_hosts)
+ leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
+ :accepted_hosts => @bridge_hosts)
leaks.assert_no_leaks
end
diff --git a/features/step_definitions/torified_browsing.rb b/features/step_definitions/torified_browsing.rb
new file mode 100644
index 0000000..694e6ad
--- /dev/null
+++ b/features/step_definitions/torified_browsing.rb
@@ -0,0 +1,6 @@
+When /^no traffic has flowed to the LAN$/ do
+ next if @skip_steps_while_restoring_background
+ leaks = FirewallLeakCheck.new(@sniffer.pcap_file, :ignore_lan => false)
+ assert(not(leaks.ipv4_tcp_leaks.include?(@lan_host)),
+ "Traffic was sent to LAN host #{@lan_host}")
+end
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index c8bade2..968a91b 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -50,9 +50,20 @@ When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signat
else
importopts = ''
end
- @gnupg_recv_key_res = @vm.execute_successfully(
- "gpg --batch #{importopts} --recv-key '#{keyid}'",
- LIVE_USER)
+ tries = 0
+ until tries == $config["MAX_NEW_TOR_CIRCUIT_RETRIES"] do
+ begin
+ @gnupg_recv_key_res = @vm.execute_successfully(
+ "gpg --batch #{importopts} --recv-key '#{keyid}'",
+ LIVE_USER)
+ break
+ rescue ExecutionFailedInVM
+ tries += 1
+ STDERR.puts "Forcing new Tor circuit... (attempt ##{tries})" if $config["DEBUG"]
+ step 'I force Tor to use a new circuit'
+ end
+ end
+ assert(tries <= $config["MAX_NEW_TOR_CIRCUIT_RETRIES"], "Fetching keys with the GnuPG CLI did not succeed after retrying #{tries} times")
end
When /^the GnuPG fetch is successful$/ do
@@ -101,13 +112,31 @@ end
Then /^I synchronize keys in Seahorse$/ do
next if @skip_steps_while_restoring_background
- step "process \"seahorse\" is running"
- @screen.wait_and_click("SeahorseWindow.png", 10)
- seahorse_menu_click_helper('SeahorseRemoteMenu.png', 'SeahorseRemoteMenuSync.png', 'seahorse')
- seahorse_wait_helper('SeahorseSyncKeys.png')
- @screen.type("s", Sikuli::KeyModifier.ALT) # Button: Sync
- seahorse_wait_helper('SeahorseSynchronizing.png')
- seahorse_wait_helper('SeahorseWindow.png', 5*60)
+ tries = 0
+ until tries == $config["MAX_NEW_TOR_CIRCUIT_RETRIES"] do
+ begin
+ step 'process "seahorse" is running'
+ @screen.wait_and_click("SeahorseWindow.png", 10)
+ seahorse_menu_click_helper('SeahorseRemoteMenu.png', 'SeahorseRemoteMenuSync.png', 'seahorse')
+ seahorse_wait_helper('SeahorseSyncKeys.png')
+ @screen.type("s", Sikuli::KeyModifier.ALT) # Button: Sync
+ seahorse_wait_helper('SeahorseSynchronizing.png')
+ seahorse_wait_helper('SeahorseWindow.png', 5*60)
+ break
+ rescue OpenPGPKeyserverCommunicationError
+ tries += 1
+ @screen.wait_and_click('GnomeCloseButton.png', 20)
+ if @screen.exists('SeahorseSynchronizing.png')
+ # Seahorse is likely to segfault if we end up here.
+ @screen.click('SeahorseSynchronizing.png')
+ @screen.type(Sikuli::Key.ESC)
+ end
+ seahorse_wait_helper('SeahorseWindow.png')
+ STDERR.puts "Forcing new Tor circuit... (attempt ##{tries})" if $config["DEBUG"]
+ step 'I force Tor to use a new circuit'
+ end
+ end
+ assert(tries <= $config["MAX_NEW_TOR_CIRCUIT_RETRIES"], "Syncing keys in Seahorse did not succeed after retrying #{tries} times")
end
When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the Tails OpenPGP Applet)?$/ do |keyid, withgpgapplet|
@@ -118,23 +147,37 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the Tails OpenPGP A
step "I start Seahorse"
end
step "Seahorse has opened"
- @screen.wait_and_click("SeahorseWindow.png", 10)
- seahorse_menu_click_helper('SeahorseRemoteMenu.png', 'SeahorseRemoteMenuFind.png', 'seahorse')
- seahorse_wait_helper('SeahorseFindKeysWindow.png', 10)
- # Seahorse doesn't seem to support searching for fingerprints
- @screen.type(keyid + Sikuli::Key.ENTER)
- begin
- seahorse_wait_helper('SeahorseFoundKeyResult.png', 5*60)
- rescue FindFailed
- # We may end up here if Seahorse appears to be "frozen".
- # Sometimes--but not always--if we click another window
- # the main Seahorse window will unfreeze, allowing us
- # to continue normally.
- @screen.click("SeahorseSearch.png")
+ tries = 0
+ until tries == $config["MAX_NEW_TOR_CIRCUIT_RETRIES"] do
+ begin
+ @screen.wait_and_click("SeahorseWindow.png", 10)
+ seahorse_menu_click_helper('SeahorseRemoteMenu.png', 'SeahorseRemoteMenuFind.png', 'seahorse')
+ seahorse_wait_helper('SeahorseFindKeysWindow.png', 10)
+ # Seahorse doesn't seem to support searching for fingerprints
+ @screen.type(keyid + Sikuli::Key.ENTER)
+ begin
+ seahorse_wait_helper('SeahorseFoundKeyResult.png', 5*60)
+ rescue FindFailed
+ # We may end up here if Seahorse appears to be "frozen".
+ # Sometimes--but not always--if we click another window
+ # the main Seahorse window will unfreeze, allowing us
+ # to continue normally.
+ @screen.click("SeahorseSearch.png")
+ end
+ @screen.click("SeahorseKeyResultWindow.png")
+ @screen.click("SeahorseFoundKeyResult.png")
+ @screen.click("SeahorseImport.png")
+ break
+ rescue OpenPGPKeyserverCommunicationError
+ tries += 1
+ @screen.wait_and_click('GnomeCloseButton.png', 20)
+ @screen.type(Sikuli::Key.ESC)
+ @screen.type("w", Sikuli::KeyModifier.CTRL)
+ STDERR.puts "Forcing new Tor circuit... (attempt ##{tries})" if $config["DEBUG"]
+ step 'I force Tor to use a new circuit'
+ end
end
- @screen.click("SeahorseKeyResultWindow.png")
- @screen.click("SeahorseFoundKeyResult.png")
- @screen.click("SeahorseImport.png")
+ assert(tries <= $config["MAX_NEW_TOR_CIRCUIT_RETRIES"], "Fetching keys in Seahorse did not succeed after retrying #{tries} times")
end
Then /^Seahorse is configured to use the correct keyserver$/ do
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index 0d29656..9385f27 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -202,7 +202,6 @@ end
Given /^I create a persistent partition with password "([^"]+)"$/ do |pwd|
next if @skip_steps_while_restoring_background
step 'I start "ConfigurePersistentVolume" via the GNOME "Tails" applications menu'
- @screen.wait_for_gnome_window('PersistenceWizardWindow.png', 40)
@screen.wait('PersistenceWizardStart.png', 20)
@screen.type(pwd + "\t" + pwd + Sikuli::Key.ENTER)
@screen.wait('PersistenceWizardPresets.png', 300)
@@ -606,7 +605,6 @@ end
When /^I delete the persistent partition$/ do
next if @skip_steps_while_restoring_background
step 'I start "DeletePersistentVolume" via the GNOME "Tails" applications menu'
- @screen.wait_for_gnome_window("PersistenceWizardWindow.png", 40)
@screen.wait("PersistenceWizardDeletionStart.png", 20)
@screen.type(" ")
@screen.wait("PersistenceWizardDone.png", 120)
diff --git a/features/support/extra_hooks.rb b/features/support/extra_hooks.rb
index e98603b..c479759 100644
--- a/features/support/extra_hooks.rb
+++ b/features/support/extra_hooks.rb
@@ -1,6 +1,28 @@
-# Sort of inspired by Cucumber::RbSupport::RbHook, but really we just
-# want an object with a 'tag_expressions' attribute to make
-# accept_hook?() (used below) happy.
+# Make the code below work with cucumber >= 2.0. Once we stop
+# supporting <2.0 we should probably do this differently, but this way
+# we can easily support both at the same time.
+begin
+ if not(Cucumber::Core::Ast::Feature.instance_methods.include?(:accept_hook?))
+ require 'gherkin/tag_expression'
+ class Cucumber::Core::Ast::Feature
+ # Code inspired by Cucumber::Core::Test::Case.match_tags?() in
+ # cucumber-ruby-core 1.1.3, lib/cucumber/core/test/case.rb:~59.
+ def accept_hook?(hook)
+ tag_expr = Gherkin::TagExpression.new(hook.tag_expressions.flatten)
+ tags = @tags.map do |t|
+ Gherkin::Formatter::Model::Tag.new(t.name, t.line)
+ end
+ tag_expr.evaluate(tags)
+ end
+ end
+ end
+rescue NameError => e
+ raise e if e.to_s != "uninitialized constant Cucumber::Core"
+end
+
+# Sort of inspired by Cucumber::RbSupport::RbHook (from cucumber
+# < 2.0) but really we just want an object with a 'tag_expressions'
+# attribute to make accept_hook?() (used below) happy.
class SimpleHook
attr_reader :tag_expressions
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index 04e6853..7383cdf 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -36,7 +36,9 @@ end
class FirewallLeakCheck
attr_reader :ipv4_tcp_leaks, :ipv4_nontcp_leaks, :ipv6_leaks, :nonip_leaks
- def initialize(pcap_file, hosts)
+ def initialize(pcap_file, options = {})
+ options[:accepted_hosts] ||= []
+ options[:ignore_lan] ||= true
@pcap_file = pcap_file
packets = PacketFu::PcapFile.new.file_to_array(:filename => @pcap_file)
ipv4_tcp_packets = []
@@ -57,11 +59,14 @@ class FirewallLeakCheck
raise "Found something in the pcap file that cannot be parsed"
end
end
- ipv4_tcp_hosts = get_public_hosts_from_ippackets ipv4_tcp_packets
- accepted = Set.new(hosts)
+ ipv4_tcp_hosts = filter_hosts_from_ippackets(ipv4_tcp_packets,
+ options[:ignore_lan])
+ accepted = Set.new(options[:accepted_hosts])
@ipv4_tcp_leaks = ipv4_tcp_hosts.select { |host| !accepted.member?(host) }
- @ipv4_nontcp_leaks = get_public_hosts_from_ippackets ipv4_nontcp_packets
- @ipv6_leaks = get_public_hosts_from_ippackets ipv6_packets
+ @ipv4_nontcp_leaks = filter_hosts_from_ippackets(ipv4_nontcp_packets,
+ options[:ignore_lan])
+ @ipv6_leaks = filter_hosts_from_ippackets(ipv6_packets,
+ options[:ignore_lan])
@nonip_leaks = nonip_packets
end
@@ -71,9 +76,9 @@ class FirewallLeakCheck
puts "Full network capture available at: #{pcap_copy}"
end
- # Returns a list of all unique non-LAN destination IP addresses
- # found in `packets`.
- def get_public_hosts_from_ippackets(packets)
+ # Returns a list of all unique destination IP addresses found in
+ # `packets`. Exclude LAN hosts if ignore_lan is set.
+ def filter_hosts_from_ippackets(packets, ignore_lan)
hosts = []
packets.each do |p|
candidate = nil
@@ -86,7 +91,7 @@ class FirewallLeakCheck
raise "Expected an IP{v4,v6} packet, but got something else:\n" +
p.peek_format
end
- if candidate != nil and IPAddr.new(candidate).public?
+ if candidate != nil and (not(ignore_lan) or IPAddr.new(candidate).public?)
hosts << candidate
end
end
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 06d0f34..7025967 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -1,6 +1,9 @@
require 'libvirt'
require 'rexml/document'
+class ExecutionFailedInVM < StandardError
+end
+
class VMNet
attr_reader :net_name, :net
@@ -37,6 +40,11 @@ class VMNet
@net.bridge_name
end
+ def bridge_ip_addr
+ net_xml = REXML::Document.new(@net.xml_desc)
+ net_xml.elements['network/ip'].attributes['address']
+ end
+
def bridge_mac
File.open("/sys/class/net/#{bridge_name}/address", "rb").read.chomp
end
@@ -367,7 +375,12 @@ EOF
def execute_successfully(cmd, user = "root")
p = execute(cmd, user)
- assert_vmcommand_success(p)
+ begin
+ assert_vmcommand_success(p)
+ rescue Test::Unit::AssertionFailedError => e
+ puts e
+ raise ExecutionFailedInVM
+ end
return p
end
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index add453a..dce0502 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -109,7 +109,7 @@ end
# AfterScenario
After('@product') do |scenario|
- if (scenario.status != :passed)
+ if scenario.failed?
time_of_fail = Time.now - TIME_AT_START
secs = "%02d" % (time_of_fail % 60)
mins = "%02d" % ((time_of_fail / 60) % 60)
@@ -141,14 +141,14 @@ end
After('@product', '@check_tor_leaks') do |scenario|
@tor_leaks_sniffer.stop
- if (scenario.status == :passed)
+ if scenario.passed?
if @bridge_hosts.nil?
expected_tor_nodes = get_all_tor_nodes
else
expected_tor_nodes = @bridge_hosts
end
leaks = FirewallLeakCheck.new(@tor_leaks_sniffer.pcap_file,
- expected_tor_nodes)
+ :accepted_hosts => expected_tor_nodes)
leaks.assert_no_leaks
end
@tor_leaks_sniffer.clear
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 96451cb..c21ee4e 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -15,6 +15,15 @@ Feature: Browsing the web using the Tor Browser
And all notifications have disappeared
And I save the state so the background can be restored next scenario
+ Scenario: The Tor Browser cannot access the LAN
+ Given a web server is running on the LAN
+ And I capture all network traffic
+ When I start the Tor Browser
+ And the Tor Browser has started and loaded the startup page
+ And I open a page on the LAN web server in the Tor Browser
+ Then I see "TorBrowserUnableToConnect.png" after at most 20 seconds
+ And no traffic has flowed to the LAN
+
@check_tor_leaks
Scenario: The Tor Browser directory is usable
Then the amnesiac Tor Browser directory exists
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index 64b9b01..957d4f6 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -15,6 +15,12 @@ Feature: Browsing the web using the Unsafe Browser
And available upgrades have been checked
And I save the state so the background can be restored next scenario
+ Scenario: The Unsafe Browser can access the LAN
+ Given a web server is running on the LAN
+ When I successfully start the Unsafe Browser
+ And I open a page on the LAN web server in the Unsafe Browser
+ Then I see "UnsafeBrowserHelloLANWebServer.png" after at most 20 seconds
+
Scenario: Starting the Unsafe Browser works as it should.
When I successfully start the Unsafe Browser
Then the Unsafe Browser runs as the expected user
diff --git a/wiki/src/blueprint/Linux_containers.mdwn b/wiki/src/blueprint/Linux_containers.mdwn
index c5bbcd7..e773199 100644
--- a/wiki/src/blueprint/Linux_containers.mdwn
+++ b/wiki/src/blueprint/Linux_containers.mdwn
@@ -83,3 +83,5 @@ Other resources
good summary of the threats and solutions, as of August 2014
* [Linux Container Security](http://mjg59.dreamwidth.org/33170.html),
by Matthew Garrett
+* [Oz](https://github.com/subgraph/oz) is a sandboxing system targeting
+ everyday workstation applications. By Subgraph.
diff --git a/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn b/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
index 401f2ca..fbe5714 100644
--- a/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
+++ b/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
@@ -13,7 +13,7 @@ the [[automatically build ISOs|autobuild_specs]] ([[!tails_ticket 5288]]).
Running the full test suite on 1 isotester hosted on Lizard takes
around 8 hours.
We intend to run __4 isotesters__, so at the moment we would be able
-to run __16 full test suites__ per day.
+to run __12 full test suites__ per day.
We have 2 isobuilders on Lizard, that build a total of a bit less than
__400 ISOs/month__ (that's __an average of 13 ISOs/day__).
@@ -22,7 +22,7 @@ on the activity.
We usually build the _stable_, _devel_, _experimental_,
_feature/jessie_ (+ _testing_ sometimes) and a bunch of other
-branches
+branches.
This numbers are expected to grow when the automated builds will be
put in production. It's difficult to guess what would the maximum
@@ -36,11 +36,11 @@ more isotesters. If a machine is dedicated to that usage, we can throw
in faster CPUs and run the test suite on bare metal, which would
speed up the test process. That's [[!tails_ticket 9264]].
-So in the discussion, we have to think to a deployment that might
-have two iterations with different computational powers (those
+So in this discussion, we have to think to a deployment that might
+have two iterations with different computational powers (and thus
different amounts of tests/day possible), and the defined
implementation should be modular enough to handle both of them without
-too much changes.
+too many changes.
# Questions
@@ -62,17 +62,17 @@ and tested:
* for base branches, we could envisage to run the full test suite on
every automatically built ISO (every git push and daily builds) if
- we think that is relevant.
+ we think that is relevant;
* for feature branches, we could run the full test suite only on the
daily builds, and either only the automated tests related to the
branch on every git push, and/or a subset of the whole test suite.
-We can also consider testing only the feature branch that are marked
-as ReadyforQA as a beginning, even if that doesn't cover Scenario 2
+We can also consider testing only the feature branches that are marked
+as *Ready for QA* as a beginning, even if that doesn't cover Scenario 2
(developers).
We can also maybe find more ways to split the automated test suite in
-faster subsets of feature depending on the context, define priorities
+faster subsets of features depending on the context, define priorities
for built ISO and/or tests.
<a id="how-to-run-the-tests"></a>
diff --git a/wiki/src/blueprint/monthly_meeting.mdwn b/wiki/src/blueprint/monthly_meeting.mdwn
index 770cb5e..daeff4d 100644
--- a/wiki/src/blueprint/monthly_meeting.mdwn
+++ b/wiki/src/blueprint/monthly_meeting.mdwn
@@ -1,6 +1,6 @@
[[!meta title="Agenda for the next contributors meeting"]]
-[[Official place and date are in the calendar.|contribute/calendar]]
+Official place and date are [[in the calendar|contribute/calendar]].
Availability and plans for the next weeks
=========================================
@@ -8,9 +8,16 @@ Availability and plans for the next weeks
- Volunteers to handle "[Hole in the
roof](https://labs.riseup.net/code/versions/198)" tickets this
month
- - Volunteers to handle important tickets flagged for next release, but without assignee
+ - Volunteers to handle important tickets flagged for next release,
+ but without assignee
- Availability and plans for monthly low-hanging fruits meeting
- Availability and plans until the next meeting
Discussions
===========
+
+* [[!tails_ticket 9530 desc="Consider using
+ hkp://ha.pool.sks-keyservers.net in non-hkps-enabled software"]]
+* [[!tails_ticket 9529 desc="Ping PayPal donors regularly?"]]
+* [[!tails_ticket 8864 desc="Consider flagging first boot after installing"]]
+* [[!tails_ticket 7151 desc="Accept donations via micropayment systems"]]
diff --git a/wiki/src/blueprint/persistent_Tor_state.mdwn b/wiki/src/blueprint/persistent_Tor_state.mdwn
index 75ea46871..8d0deb2 100644
--- a/wiki/src/blueprint/persistent_Tor_state.mdwn
+++ b/wiki/src/blueprint/persistent_Tor_state.mdwn
@@ -194,7 +194,11 @@ less fingerprintable.
persisted, and possibly proposing to enable this setting for them).
* Persist the Tor `state` file only (not the consensus etc.)
* Name of the persistent Tor state file to be used:
- `hash(per-Tails device secret, N bits of location-based information)`
+ `hash(per-Tails device secret, N bits of location-based information, SSID)`.
+ By adding the SSID, we prevent attackers from being able to spoof only
+ the MAC address of the router to reuse a given Tor state; they also
+ have to spoof the SSID which is visible to the user and might be
+ detected as malicious.
* `tordate` remains unchanged for now
* Add a NetworkManager hook that generates a random per-Tails device
secret, and stores it into persistence, if the Tor state persistence
diff --git a/wiki/src/blueprint/report_2015_06.mdwn b/wiki/src/blueprint/report_2015_06.mdwn
index 7edb706..fc1fb26 100644
--- a/wiki/src/blueprint/report_2015_06.mdwn
+++ b/wiki/src/blueprint/report_2015_06.mdwn
@@ -1,69 +1,91 @@
[[!meta title="Tails report for June, 2015"]]
-FIXME Edito
+[[Tails 1.4.1|https://tails.boum.org/contribute/calendar]] has been postponed (because Firefox changed their schedule) and will be released sometime in the beginning of July. So once again, this report will give non-code news :)
[[!toc]]
-Releases
-========
-
-* [[Tails 1.4.1 was released on June 30, 2015|news/version_1.4.1]] (minor release).
-
-* The next release (1.5) is [[planned for August 11|https://tails.boum.org/contribute/calendar/]].
-
-Code
-====
-
-FIXME
-
Documentation and Website
=========================
-FIXME
+* We added a warning in the [[OpenPGP app documentation|https://tails.boum.org/doc/encryption_and_privacy/gpgapplet]] about non-ASCII characters being badly supported.
+
+* A small note about non-free firmware was added to our [[licence page|https://tails.boum.org/doc/about/license]].
User Experience
===============
-FIXME
+* People are working on the [[Greeter mockups|https://mailman.boum.org/pipermail/tails-ux/2015-June/000437.html]].
+
+FIXME more ?
Infrastructure
==============
-* Our test suite covers FIXME scenarios, FIXME more that in April.
+* Our test suite covers 185 scenarios, 3 more that in May. We removed outdated scenario again, so there are more than 3 new tests :)
+
+* We decided to archive publicly the tails-support mailing list, since external websites were archiving it anyway.
* FIXME more?
Funding
=======
-FIXME
+* If you want to help us develop and maintain Tails, please [[donate|https://tails.boum.org/contribute/how/donate]] :)
Outreach
========
-* [[A workshop about Tails|http://www.lacantine-brest.net/event/atelier-datalove-tails-x-tor/]] happened in Brest, France, June FIXME_DATE.
+* [[A workshop about Tails|http://www.lacantine-brest.net/event/atelier-datalove-tails-x-tor/]] happened in Brest, France, June 18th.
+
+* Tchou and Fiodor Tonti gave [[a talk about Tails and UX|https://www.passageenseine.org/fr/programme/2015/jeudi-18-juin/grande-salle/atelier-design-tails]] in Pas Sage en Seine 2015 at NUMA in Paris, France on June 18th. [[The video is online|https://www.passageenseine.org/fr/archives-et-videos/]] and good feedback already arrived :)
-FIXME
+* [[A workshop about Tor and Tails|https://jardin-entropique.eu.org/ateliers]] happened in Rennes, France, during the Jardin entropique event, June 28th.
Upcoming events
---------------
-FIXME
+* A talk about Tails will take place during [[DebConf15|http://debconf15.debconf.org/]] in Heidelberg, Germany, in August.
+
+* Please let us know if you organize an event about Tails, we'll be glad to announce it :)
On-going discussions
====================
-FIXME
+* [[We discussed our release versioning|https://mailman.boum.org/pipermail/tails-dev/2015-June/009132.html]] and found a new way to do it: always increment the first number with major Debian version, or whenever it makes sense for Tails only (user-visible changes); second number: even for bugfix releases, odd for major ones; add an extra 3rd number for emergency releases.
+
+* intrigeri started a discussion about [[tightening a bit the Evince and Totem AppArmor policy|https://mailman.boum.org/pipermail/tails-dev/2015-June/009007.html]].
+
+* genghiskant proposed [[making a fork of Tails without non-free firmware|https://mailman.boum.org/pipermail/tails-dev/2015-June/009023.html]].
+
+* We're talking about the design of a [[persistent Tor state|https://mailman.boum.org/pipermail/tails-dev/2015-June/009095.html]].
+
+* We're also discussing the [[automated tests specification|https://mailman.boum.org/pipermail/tails-dev/2015-June/009123.html]].
Press and testimonials
======================
-FIXME
+* 2015-06-20: In [The state of encryption tools, 2 years after Snowden leaks](https://www.dailydot.com/politics/encryption-since-snowden-trending-up/) Patrick Howell O'Neill from the Daily Dot studies the adoption rate of encryption tools such as Tor, Tails, and OpenPGP since the beginning of the Snowden revelations.
Translation
===========
-FIXME
+All website PO files
+--------------------
+
+ - de: 18% (1256) strings translated, 0% strings fuzzy, 17% words translated
+ - fr: 45% (3046) strings translated, 2% strings fuzzy, 43% words translated
+ - pt: 28% (1861) strings translated, 3% strings fuzzy, 26% words translated
+
+Total original words: 76665
+
+[[Core PO files|contribute/l10n_tricks/core_po_files.txt]]
+--------------------------------------
+
+ - de: 60% (791) strings translated, 1% strings fuzzy, 68% words translated
+ - fr: 91% (1205) strings translated, 4% strings fuzzy, 92% words translated
+ - pt: 84% (1119) strings translated, 8% strings fuzzy, 87% words translated
+
+Total original words: 14258
Metrics
=======
diff --git a/wiki/src/blueprint/report_2015_07.mdwn b/wiki/src/blueprint/report_2015_07.mdwn
index 0020bb5..9907529 100644
--- a/wiki/src/blueprint/report_2015_07.mdwn
+++ b/wiki/src/blueprint/report_2015_07.mdwn
@@ -2,11 +2,23 @@
FIXME Edito
-No release this month, the next release (1.5) is [[planned for August 11|https://tails.boum.org/contribute/calendar/]].
+1.4.1 was postponed and arrived in July.
[[!toc]]
+Releases
+========
+
+* [[Tails 1.4.1 was released on July FIXME, 2015|news/version_1.4.1]] (minor release).
+
+* The next release (1.5) is [[planned for August 11|https://tails.boum.org/contribute/calendar/]].
+
+Code
+====
+
+FIXME
+
Documentation and Website
=========================
@@ -37,6 +49,8 @@ FIXME
Upcoming events
---------------
+* A talk about Tails will take place during [[DebConf15|http://debconf15.debconf.org/]] in Heidelberg, Germany, in August.
+
FIXME
On-going discussions
diff --git a/wiki/src/contribute/APT_repository.mdwn b/wiki/src/contribute/APT_repository.mdwn
index 0355c31..031bb81 100644
--- a/wiki/src/contribute/APT_repository.mdwn
+++ b/wiki/src/contribute/APT_repository.mdwn
@@ -214,7 +214,7 @@ operation must be done on the APT suites.
git checkout "$DST" && \
git merge "$SRC" && \
ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite "$SRC" "$DST" && \
+ tails-merge-suite "$SRC" "$DST"
3. Restore the `config/base_branch` if needed:
@@ -309,15 +309,8 @@ Then, the APT suite corresponding to the branch that was used to
prepare the release must be copied to the new empty APT suite that
just appeared:
-If this is a major release:
-
- $ ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite testing $TAG
-
-Else, if this is a point-release:
-
$ ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite stable $TAG
+ tails-merge-suite "$RELEASE_BRANCH" "$TAG"
<a id="workflow-post-release"></a>
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index 0f5c2fc..f548a0d 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -1,17 +1,6 @@
[[!meta title="Calendar"]]
-* 2015-06-22: freeze for Tails 1.4.1.
-
-* 2015-06-29:
- - All branches targeting Tails 1.4.1 must be merged into the
- `stable` branch by noon CEST.
- - The candidate new Tor Browser is hopefully out so we can
- import it.
- - Build and upload Tails 1.4.1 ISO image and IUKs.
- - Start testing Tails 1.4.1 during late CEST if everything
- went smoothly.
-
-* 2015-06-30: Release 1.4.1
+* 2015-07-02 or a bit later: Release 1.4.1
- anonym is the RM until June 17
- intrigeri is the RM from June 17 to the release
- Finish testing Tails 1.4.1 by the afternoon, CEST.
@@ -56,17 +45,17 @@
* 2015-09-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-* 2015-09-22: Release 1.5.1 (anonym is the RM)
+* 2015-09-22: Release 1.6 (anonym is the RM)
-* 2015-11-03: Release 1.6 (anonym is the RM)
+* 2015-11-03: Release 1.7 (anonym is the RM)
-* 2015-12-15: Release 1.6.1 (anonym is the RM)
+* 2015-12-15: Release 1.8 (anonym is the RM)
-* 2016-01-26 (?): Release 1.7
+* 2016-01-26 (?): Release 1.9
-* 2016-03-08 (?): Release 1.7.1
+* 2016-03-08 (?): Release 1.10
-* 2016-04-19 (?): Release 1.8
+* 2016-04-19 (?): Release 1.11
-* 2016-05-31 (?): Release 1.8.1
+* 2016-05-31 (?): Release 1.12
diff --git a/wiki/src/contribute/how/donate.de.po b/wiki/src/contribute/how/donate.de.po
index a10a183..3e96e7e 100644
--- a/wiki/src/contribute/how/donate.de.po
+++ b/wiki/src/contribute/how/donate.de.po
@@ -134,7 +134,7 @@ msgid ""
"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
"anonymous</a>.</p>\n"
msgstr ""
-"<p>Bitcoin ist <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">nicht\n"
+"<p>Bitcoin ist <a href=\"https://bitcoin.org/de/faq#ist-bitcoin-anonym\">nicht\n"
"anonym</a>.</p>\n"
#. type: Plain text
diff --git a/wiki/src/contribute/how/donate.fr.po b/wiki/src/contribute/how/donate.fr.po
index 941eaa8..fc3c586 100644
--- a/wiki/src/contribute/how/donate.fr.po
+++ b/wiki/src/contribute/how/donate.fr.po
@@ -134,7 +134,7 @@ msgid ""
"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
"anonymous</a>.</p>\n"
msgstr ""
-"<p>Bitcoin n'est <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">pas\n"
+"<p>Bitcoin n'est <a href=\"https://bitcoin.org/fr/faq#bitcoin-est-il-anonyme\">pas\n"
"anonyme</a>.</p>\n"
#. type: Plain text
diff --git a/wiki/src/contribute/how/donate.pt.po b/wiki/src/contribute/how/donate.pt.po
index f6332bc..5942318 100644
--- a/wiki/src/contribute/how/donate.pt.po
+++ b/wiki/src/contribute/how/donate.pt.po
@@ -128,7 +128,7 @@ msgid ""
"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
"anonymous</a>.</p>\n"
msgstr ""
-"<p>Bitcoin <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">não\n"
+"<p>Bitcoin <a href=\"https://bitcoin.org/pt_BR/faq#bitcoin-e-anonimo\">não\n"
"é anônimo</a>.</p>\n"
#. type: Plain text
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 685ead9..32997e3 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -10,7 +10,7 @@ Environment
Export the following environment variables to be able to copy'n'paste
the scripts snippets found on this page:
-* version numbers:
+* version numbers (see [[contribute/release_schedule#versioning]]):
export VERSION=$(dpkg-parsechangelog -SVersion)
export TAG=$(echo "$VERSION" | sed -e 's,~,-,')
@@ -151,7 +151,7 @@ and then run the `import-translations` script that is in the
main Tails repository. For example:
cd whisperback
- ../tails/import-translations
+ "$RELEASE_CHECKOUT"/import-translations
If the `import-translations` script fails to import translations for
the current package, manually copy updated PO files from the
@@ -163,7 +163,7 @@ Add and commit.
Then check the PO files:
- ./wiki/src/contribute/l10n_tricks/check_po.sh
+ "$RELEASE_CHECKOUT"/wiki/src/contribute/l10n_tricks/check_po.sh
Correct any displayed error, then commit the changes if any.
@@ -175,6 +175,7 @@ the release branch's APT suite:
* [[perl5lib]]
* [[persistence-setup]]
* [[tails-iuk]]
+* [[tor]]
* whisperback:
* follow [upstream release process](https://git-tails.immerda.ch/whisperback/plain/HACKING)
* build a Debian package
@@ -187,16 +188,13 @@ See the dedicated page: [[tor-browser]]
Update PO files
---------------
-Pull updated translations for languages translated in Transifex:
-
- ./import-translations
-
-Refresh the code PO files:
-
- ./refresh-translations
-
-Commit the result, including new PO files:
+Pull updated translations for languages translated in Transifex,
+refresh the code PO files,
+and commit the result, including new PO files:
+ cd "$RELEASE_CHECKOUT" && \
+ ./import-translations && \
+ ./refresh-translations && \
git add po && git commit -m 'Update PO files.'
When preparing an actual release
@@ -374,7 +372,8 @@ signatures, like the defaults we set in Tails:
Tag the release in Git
======================
- git tag -u "$TAILS_SIGNATURE_KEY" -m "tagging version ${VERSION}" "${TAG}"
+ git tag -u "$TAILS_SIGNATURE_KEY" \
+ -m "tagging version ${VERSION}" "${TAG}" && \
git push --tags
(Pushing the tag is needed so that the APT repository is updated, and
@@ -447,9 +446,13 @@ Build the final image
Then all included files should be up-to-date and the versioned APT
suite should be ready, so it is time to:
-* tag the release *again*, with all included files in
-* `git push --tags`
-* build the final image!
+* tag the release *again*, with all included files in:
+
+ git tag -f -u "$TAILS_SIGNATURE_KEY" \
+ -m "tagging version ${VERSION}" "${TAG}" && \
+ git push --tags -f
+
+* build the final image!
<a id="prepare-iuk"></a>
@@ -458,12 +461,14 @@ Generate the OpenPGP signatures and Torrents
First, create a directory with a suitable name and go there:
- mkdir "$ISOS/tails-i386-$VERSION" && cd "$ISOS/tails-i386-$VERSION"
+ mkdir "$ISOS/tails-i386-$VERSION" && \
+ cd "$ISOS/tails-i386-$VERSION"
Second, copy the built image to this brand new directory.
Then, rename it:
- mv "$ARTIFACTS/tails-i386-${RELEASE_BRANCH}-$VERSION-"*".iso" "$ISOS/tails-i386-$VERSION/tails-i386-$VERSION.iso"
+ mv "$ARTIFACTS/tails-i386-${RELEASE_BRANCH}-$VERSION-"*".iso" \
+ "$ISOS/tails-i386-$VERSION/tails-i386-$VERSION.iso"
Third, generate detached OpenPGP signatures for the image to be
published, in the same directory as the image and with a `.sig`
@@ -631,10 +636,14 @@ Test them with a BitTorrent client running in a different place.
scp "$ISOS/tails-i386-$VERSION.torrent" \
bittorrent.lizard: && \
- ssh bittorrent.lizard transmission-remote --add tails-i386-$VERSION.torrent
+ ssh bittorrent.lizard \
+ transmission-remote --add tails-i386-$VERSION.torrent \
+ --find /var/lib/transmission-daemon/downloads/
-Publish the ISO over HTTP
--------------------------
+<a id="publish-iuk"></a>
+
+Publish the ISO and IUK over HTTP
+---------------------------------
Upload the images to the primary rsync mirror. Best practice is to first
let bittorrent.lizard download the image, and then copy it from there to
@@ -646,9 +655,16 @@ rsync.lizard:
rsync.lizard:
# set DIST to either 'alpha' (for RC:s) or 'stable' (for actual releases)
ssh rsync.lizard << EOF
- chown -R root:rsync_tails tails-i386-$VERSION
- chmod -R u=rwX,go=rX tails-i386-$VERSION
- sudo mv tails-i386-$VERSION /srv/rsync/tails/tails/$DIST/
+ chown -R root:rsync_tails \
+ tails-i386-$VERSION \
+ Tails_i386_${PREVIOUS_VERSION}_to_${VERSION}.iuk && \
+ chmod -R u=rwX,go=rX \
+ tails-i386-$VERSION \
+ Tails_i386_${PREVIOUS_VERSION}_to_${VERSION}.iuk && \
+ sudo mv tails-i386-$VERSION \
+ /srv/rsync/tails/tails/$DIST/ && \
+ sudo mv Tails_i386_${PREVIOUS_VERSION}_to_${VERSION}.iuk \
+ /srv/rsync/tails/tails/$DIST/iuk/
EOF
Update the time in `project/trace` file on the primary rsync mirror
@@ -660,28 +676,22 @@ and on the live wiki (even for a release candidate):
echo $TRACE_TIME > "$MASTER_CHECKOUT/wiki/src/inc/trace" &&
(
cd "$MASTER_CHECKOUT" && \
- git commit wiki/src/inc/trace -m "Updating trace file after uploading $VERSION."
+ git commit wiki/src/inc/trace \
+ -m "Updating trace file after uploading $VERSION." && \
+ git push origin master
)
-<a id="publish-iuk"></a>
-
-Publish the IUKs
-----------------
-
-Same as for the ISO, but the IUKs should land into
-`/srv/rsync/tails/tails/$DIST/iuk/`.
-
Wait for the HTTP mirrors to catch up
-------------------------------------
Wait for the next rsync pull.
+Test downloading the ISO and IUK over HTTP.
+
Make sure every webserver listed in the `dl.amnesia.boum.org` round
robin pool has the new version. Drop those that are lagging behind and
notify their administrators.
-Test downloading the ISO and IUK over HTTP.
-
Update the website and Git repository
=====================================
@@ -734,9 +744,10 @@ Update the [[support/known_issues]] page:
- Remove older known issues that are fixed by the new release.
Write the announcement for the release in
-`news/version_$TAG.mdwn`, including:
+`wiki/src/news/version_$TAG.mdwn`, including:
-- The content of the "Changes" section must live in `inc/release_notes/$TAG.mdwn`.
+- The content of the "Changes" section must live in
+ `wiki/src/inc/release_notes/$TAG.mdwn`.
- Update the `meta title` directive.
- Update the `meta date` directive.
- Make sure there's an `announce` tag to have an email sent to the
@@ -748,15 +759,17 @@ Write the announcement for the release in
- Document known issues.
Write an announcement listing the security bugs affecting the previous
-version in `security/` in order to let the users of the old versions
+version in
+`wiki/src/security/Numerous_security_holes_in_${PREVIOUS_VERSION}.mdwn`
+in order to let the users of the old versions
know that they have to upgrade. Date it a few days before the ISO
image to be released was *built*. Including:
- the list of CVE fixed in Linux since the one shipped in the previous
release of Tails:
- <http://ftp-master.metadata.debian.org/changelogs/main/l/linux/unstable_changelog>
+ <http://metadata.ftp-master.debian.org/changelogs/main/l/linux/stable_changelog>
- the list of DSA fixed in packages we ship since those that were in
- the previous release of Tails: <http://security.debian.org/>
+ the previous release of Tails: <https://www.debian.org/security/#DSAS>
- the list of BSA fixed in packages we ship since those that were in
the previous release of Tails:
<https://lists.debian.org/debian-backports-announce/>
@@ -939,7 +952,7 @@ to do it.
Amnesia news
------------
-The release announcement are automatically sent to `amensia-news@`
+The release announcement are automatically sent to `amnesia-news@`
(thanks to the `announce` flag) on an hourly basis, but it will be
stuck in the moderation
queue. [Log in](https://mailman.boum.org/admindb/amnesia-news) and
diff --git a/wiki/src/contribute/release_process/tails-iuk.mdwn b/wiki/src/contribute/release_process/tails-iuk.mdwn
index bf52477..26bdcd7 100644
--- a/wiki/src/contribute/release_process/tails-iuk.mdwn
+++ b/wiki/src/contribute/release_process/tails-iuk.mdwn
@@ -17,20 +17,13 @@ Install build-dependencies from Debian:
libdist-zilla-perl libdist-zilla-plugins-cjm-perl \
libdist-zilla-plugin-changelogfromgit-perl \
libdist-zilla-plugin-installguide-perl \
+ libdist-zilla-plugin-localemsgfmt-perl \
libdist-zilla-plugin-test-perl-critic-perl \
libdist-zilla-plugin-test-notabs-perl \
libdist-zilla-plugin-git-perl \
liblocale-msgfmt-perl libmoosex-has-sugar-perl \
dh-make-perl
-If running something older than Jessie:
-
- apt-get install libtest-bdd-cucumber/wheezy-backports
-
-Install build-dependencies that are not in Debian yet:
-
- DEB_BUILD_OPTIONS=nocheck dh-make-perl --build --install --cpan Dist::Zilla::Plugin::LocaleMsgfmt
-
Update POT and PO files
=======================
@@ -81,9 +74,9 @@ Checkout the branch with Debian package specifics and import the new
upstream tarball, update `debian/changelog`:
git checkout debian && \
- git-import-orig --upstream-vcs-tag=$VERSION \
+ gbp import-orig --upstream-vcs-tag=$VERSION \
../Tails-IUK-$VERSION.tar.gz && \
- git-dch --auto && \
+ gbp dch --auto && \
dch -e
(Do not forget to set the appropriate release.)
@@ -99,12 +92,8 @@ Build a Debian package (use a Wheezy chroot with the right version of
`tails-perl5lib` installed), add a signed tag to the repository and
push the changes:
- git-buildpackage
-
-If everything is fine, add a signed tag to the repository and push the
-changes:
-
- git-buildpackage --git-tag-only --git-sign-tags && \
+ gbp buildpackage && \
+ gbp buildpackage --git-tag-only --git-sign-tags && \
git push origin master:master \
debian:debian \
pristine-tar:pristine-tar \
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index baf0a57..96a114c 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -96,11 +96,6 @@ tracked by tickets prefixed with `todo/test_suite:`.
* Running `getTorBrowserUserAgent` should produce the User-Agent set by the
installed version of Torbutton, and used in the Tor Browser.
-## Functionality
-
-* Browsing (by IP) a HTTP or HTTPS server on the LAN should be possible.
-* Browsing (by IP) a FTP server on the LAN should be possible.
-
# Tor
* The version of Tor should be the latest stable one, which is the highest version number
@@ -223,6 +218,10 @@ Start I2P by appending `i2p` to the kernel command line.
* Make sure the Tails repository unversioned suites (e.g. `testing`,
`stable` and `devel`) are *not* in APT sources.
+# Unsafe Web Browser
+
+* Browsing (by IP) a FTP server on the LAN should be possible.
+
<a id="incremental-upgrades"></a>
# Incremental upgrades
@@ -288,7 +287,8 @@ Start I2P by appending `i2p` to the kernel command line.
# Windows Camouflage
-Enable Windows camouflage via the Tails Greeter checkbox and:
+Enable I2P in the boot loader menu, and enable Windows camouflage via
+the Tails Greeter checkbox, and then:
* Tails OpenPGP Applet's context menu should look readable
* The Tor Browser, Unsafe Browser and I2P Browser should all use the
@@ -359,5 +359,3 @@ language. You *really* have to reboot between each language.
* Check that all seems well during init:
- `systemctl --failed --all` should say `0 loaded units listed`
- the output of `journalctl` should seem OK.
-* MAT should be able to clean a PDF file, such as:
- <http://examples.itextpdf.com/results/part3/chapter12/pdf_metadata.pdf>
diff --git a/wiki/src/contribute/release_schedule.mdwn b/wiki/src/contribute/release_schedule.mdwn
index 6054b72..bf86ad6 100644
--- a/wiki/src/contribute/release_schedule.mdwn
+++ b/wiki/src/contribute/release_schedule.mdwn
@@ -60,3 +60,17 @@ Remaining issues
================
* When to run the test suite: RC1 and/or RC2?
+
+<a id="versioning"></a>
+
+Versioning scheme
+=================
+
+* We always increment the first number when switching to a new major
+ release of Debian.
+* We also increment the first number whenever it make sense for Tails
+ only (user-visible changes).
+* The second number is even for bugfix releases, and odd for major ones.
+* We allow ourselves to skip numbers if we release two major or two
+ minor releases in a row (eg. 1.7 followed by 1.9).
+* We add an extra, third number for emergency releases.
diff --git a/wiki/src/doc/about/features.fr.po b/wiki/src/doc/about/features.fr.po
index 8afb591..854a123 100644
--- a/wiki/src/doc/about/features.fr.po
+++ b/wiki/src/doc/about/features.fr.po
@@ -6,11 +6,10 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-29 08:55+0200\n"
-"PO-Revision-Date: 2015-06-14 00:17+0100\n"
+"POT-Creation-Date: 2015-05-11 14:31+0000\n"
+"PO-Revision-Date: 2015-07-01 13:26+0200\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -230,10 +229,6 @@ msgid ""
"%27s_Secret_Sharing) using [gfshare](http://www.digital-scurf.org/software/"
"libgfshare) and [ssss](http://point-at-infinity.org/ssss/)"
msgstr ""
-"[Shamir's Secret Sharing](https://fr.wikipedia.org/wiki/Partage_de_cl"
-"%C3%A9_secr%C3%A8te_de_Shamir) un algorithme de cryptographie utilisant "
-"[gfshare](http://www.digital-scurf.org/software/libgfshare) et [ssss](http://"
-"point-at-infinity.org/ssss/)"
#. type: Bullet: '* '
msgid ""
@@ -308,7 +303,7 @@ msgid ""
"installable in Tails."
msgstr ""
"Vous pouvez [[installer des logiciels supplémentaires|doc/advanced_topics/"
-"additional_software]] dans Tails : tous les logiciels packagés pour Debian "
+"additional_software]] dans Tails : tous les logiciels empaquetés pour Debian "
"sont installables dans Tails."
#. type: Title =
@@ -361,8 +356,8 @@ msgstr ""
#. type: Bullet: '* '
msgid "Some [[contribute/design/application_isolation]] with AppArmor"
msgstr ""
-"Quelques [[isolations d’applications|contribute/design/"
-"application_isolation]] grâce à AppArmor"
+"Quelques [[applications confinées|contribute/design/application_isolation]] "
+"grâce à AppArmor"
#. type: Bullet: '* '
msgid ""
diff --git a/wiki/src/doc/about/warning.fr.po b/wiki/src/doc/about/warning.fr.po
index 2755999..2fae78f 100644
--- a/wiki/src/doc/about/warning.fr.po
+++ b/wiki/src/doc/about/warning.fr.po
@@ -7,10 +7,9 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2015-02-24 09:18+0100\n"
-"PO-Revision-Date: 2015-01-25 10:17+0100\n"
+"PO-Revision-Date: 2015-07-01 19:16-0000\n"
"Last-Translator: amnesia <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -618,6 +617,11 @@ msgid ""
"solutions to separate different contextual identities. **Shutdown and "
"restart Tails instead.**"
msgstr ""
+"Comme expliqué dans notre documentation sur [[Vidalia|anonymous_internet/"
+"vidalia#new_identity]] et sur le [[navigateur Tor|anonymous_internet/"
+"Tor_Browser#new_identity]], leurs fonctions **Nouvelle identité** ne sont "
+"pas des solutions parfaites pour séparer différentes identités "
+"contextuelles. **Redémarrer Tails à la place.**"
#. type: Title =
#, no-wrap
diff --git a/wiki/src/doc/advanced_topics.index.mdwn b/wiki/src/doc/advanced_topics.index.mdwn
index ffa7510..df7d865 100644
--- a/wiki/src/doc/advanced_topics.index.mdwn
+++ b/wiki/src/doc/advanced_topics.index.mdwn
@@ -4,5 +4,6 @@
- [[!traillink <span_class="application">VirtualBox</span>|advanced_topics/virtualization/virtualbox]]
- [[!traillink <span_class="application">GNOME_Boxes</span>|advanced_topics/virtualization/boxes]]
- [[!traillink <span_class="application">virt-manager</span>|advanced_topics/virtualization/virt-manager]]
+ - [[!traillink Accessing_resources_on_the_local_network|advanced_topics/lan]]
- [[!traillink Enable_a_wireless_device|advanced_topics/wireless_devices]]
- [[!traillink Backing_up_OpenPGP_secret_keys_on_paper_using_<span_class="application">paperkey</span>|advanced_topics/paperkey]]
diff --git a/wiki/src/doc/advanced_topics/lan.mdwn b/wiki/src/doc/advanced_topics/lan.mdwn
new file mode 100644
index 0000000..52afc03
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/lan.mdwn
@@ -0,0 +1,74 @@
+[[!meta title="Accessing resources on the local network"]]
+
+The term "local network" here refers to the set of computers and devices
+that can be reached directly from your computer without going through
+the Internet. For example, your home router, your network printer, or
+the intranet of your company are most likely on your
+local network, also called LAN for Local Area Network. In technical
+terms, this refers to the set of IP addresses defined in
+[RFC1918](https://tools.ietf.org/html/rfc1918).
+
+[[!toc]]
+
+Security considerations
+=======================
+
+Accessing resources on the local network can be useful in the context of
+Tails, for example to exchange documents with someone on the same local
+network without going through the Internet.
+
+But an application that can connect to both resources on the
+Internet (going through Tor) and resources on the local network (without going
+through Tor) can break your anonymity. For example, if a website that
+you visit anonymously using <span class="application">Tor Browser</span> could also connect to other
+web pages that are specific to your local network, then this information
+could reveal where you are. This is why <span class="application">Tor Browser</span> is prevented from
+accessing the local network in Tails.
+
+This page describes some of the security measures built in Tails to
+protect from such attacks and explains how to access some types of
+resources on the local network.
+
+<div class="caution">
+
+<p>Connections made to the local network are not anonymous and do not go
+through Tor.</p>
+
+</div>
+
+<a id="browser"></a>
+
+Browsing web pages on the local network
+=======================================
+
+It is impossible to access web pages on the local network using <span class="application">Tor
+Browser</span>. This prevents websites on the Internet from deducing your
+location from the content of other web pages that might be specific to your local
+network.
+
+To access web pages on the local network, use the [[<span class="application">Unsafe
+Browser</span>|anonymous_internet/unsafe_browser]] instead.
+
+<a id="http"></a>
+
+Downloading files from web pages on the local network
+=====================================================
+
+[[!inline pages="doc/anonymous_internet/unsafe_browser/chroot.inline" raw="yes"]]
+
+To download files from web pages on the local network, you can use the
+`curl` command instead. For example, to download a document available on
+the local network at <span class="filename">http://192.168.1.40/document.pdf</span>
+execute the following command:
+
+ curl http://192.168.1.40/document.pdf
+
+<a id="ftp"></a>
+
+Downloading files from an FTP server on the local network
+=========================================================
+
+To connect to an FTP server on the local network choose
+<span class="menuchoice">
+ <span class="guimenu">Places</span>&nbsp;▸
+ <span class="guimenuitem">Connect to Server&hellip;</span></span>.
diff --git a/wiki/src/doc/anonymous_internet/Tor_Browser.mdwn b/wiki/src/doc/anonymous_internet/Tor_Browser.mdwn
index ef42776..b3d42ba 100644
--- a/wiki/src/doc/anonymous_internet/Tor_Browser.mdwn
+++ b/wiki/src/doc/anonymous_internet/Tor_Browser.mdwn
@@ -14,6 +14,14 @@ Here are a few things worth mentioning in the context of Tails.
[[!toc levels=2]]
+<div class="tip">
+
+<p>If you want to browse web pages on your local network, refer to our
+documentation on [[accessing resources on the local
+network|advanced_topics/lan]].</p>
+
+</div>
+
<a id="confinement"></a>
AppArmor confinement
diff --git a/wiki/src/doc/anonymous_internet/unsafe_browser.mdwn b/wiki/src/doc/anonymous_internet/unsafe_browser.mdwn
index 87b2db3..60eb309 100644
--- a/wiki/src/doc/anonymous_internet/unsafe_browser.mdwn
+++ b/wiki/src/doc/anonymous_internet/unsafe_browser.mdwn
@@ -23,16 +23,14 @@ to differentiate it from [[<span class="application">Tor Browser</span>|Tor_Brow
<div class="caution">
<p><strong>The <span class="application">Unsafe Browser</span> is not
-anonymous</strong>. Use it only to log in to captive portals.</p>
+anonymous</strong>. Use it only to log in to captive portals or to
+[[browse web pages on the local network|advanced_topics/lan#browser]].</p>
</div>
<div class="note">
-<p>As a consequence, if you download files using the <span
-class="application">Unsafe Browser</span> it is not possible to access
-them outside of the <span class="application">Unsafe Browser</span>
-itself.</p>
+[[!inline pages="doc/anonymous_internet/unsafe_browser/chroot.inline" raw="yes"]]
</div>
diff --git a/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.mdwn b/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.mdwn
new file mode 100644
index 0000000..32abf5e
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.mdwn
@@ -0,0 +1,3 @@
+<p>If you download files using the <span class="application">Unsafe
+Browser</span> it is not possible to access them outside of the <span
+class="application">Unsafe Browser</span> itself.</p>
diff --git a/wiki/src/doc/first_steps/installation.fr.po b/wiki/src/doc/first_steps/installation.fr.po
index 56606e7..93041e9 100644
--- a/wiki/src/doc/first_steps/installation.fr.po
+++ b/wiki/src/doc/first_steps/installation.fr.po
@@ -7,10 +7,9 @@ msgid ""
msgstr ""
"Project-Id-Version: SACKAGE VERSION\n"
"POT-Creation-Date: 2015-04-24 23:21+0300\n"
-"PO-Revision-Date: 2014-10-08 08:58-0000\n"
+"PO-Revision-Date: 2015-07-01 19:32-0000\n"
"Last-Translator: \n"
"Language-Team: SLANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -33,7 +32,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "<div class=\"tip\">\n"
-msgstr ""
+msgstr "<div class=\"tip\">\n"
#. type: Plain text
#, no-wrap
@@ -49,12 +48,12 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "</div>\n"
-msgstr ""
+msgstr "</div>\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"note\">\n"
-msgstr ""
+msgstr "<div class=\"note\">\n"
#. type: Plain text
#, no-wrap
@@ -72,6 +71,10 @@ msgid ""
"another operating system or partition on the same device if you want to benefit\n"
"from [[automatic upgrades|upgrade]] or create a [[persistent encrypted volume|persistence]].</p>\n"
msgstr ""
+"<p>Tails nécessite une clé USB ou une carte SD dédiée. Il est impossible d'ajouter\n"
+"un autre système d'exploitation ou une autre partition sur le même périphérique si\n"
+"vous voulez bénéficier des [[mises à jour automatiques|upgrade]] ou créer un\n"
+"[[volume persistant chiffré|persistence]].</p>\n"
#. type: Plain text
#, no-wrap
@@ -160,7 +163,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid " <div class=\"caution\">\n"
-msgstr ""
+msgstr " <div class=\"caution\">\n"
#. type: Plain text
#, no-wrap
@@ -188,7 +191,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid " </div>\n"
-msgstr ""
+msgstr " </div>\n"
#. type: Bullet: '6. '
msgid ""
@@ -209,7 +212,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "<div class=\"next\">\n"
-msgstr ""
+msgstr "<div class=\"next\">\n"
#. type: Plain text
#, no-wrap
diff --git a/wiki/src/inc/stable_i386_date.de.po b/wiki/src/inc/stable_i386_date.de.po
index a0b1e77..0322f63 100644
--- a/wiki/src/inc/stable_i386_date.de.po
+++ b/wiki/src/inc/stable_i386_date.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-28 21:22+0200\n"
+"POT-Creation-Date: 2015-07-03 09:49+0200\n"
"PO-Revision-Date: 2012-11-25 14:23+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,5 +17,5 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: outside any tag (error?)
-msgid "June 30, 2015"
+msgid "July 3, 2015"
msgstr ""
diff --git a/wiki/src/inc/stable_i386_date.fr.po b/wiki/src/inc/stable_i386_date.fr.po
index 22c7fe9..157b0e0 100644
--- a/wiki/src/inc/stable_i386_date.fr.po
+++ b/wiki/src/inc/stable_i386_date.fr.po
@@ -6,8 +6,8 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-28 21:22+0200\n"
-"PO-Revision-Date: 2015-06-28 21:24+0200\n"
+"POT-Creation-Date: 2015-07-03 09:49+0200\n"
+"PO-Revision-Date: 2015-07-03 09:49+0200\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
@@ -17,5 +17,5 @@ msgstr ""
"X-Generator: Poedit 1.5.4\n"
#. type: Content of: outside any tag (error?)
-msgid "June 30, 2015"
-msgstr "30 juin 2015"
+msgid "July 3, 2015"
+msgstr "3 juillet 2015"
diff --git a/wiki/src/inc/stable_i386_date.html b/wiki/src/inc/stable_i386_date.html
index fa36496..cd06dd4 100644
--- a/wiki/src/inc/stable_i386_date.html
+++ b/wiki/src/inc/stable_i386_date.html
@@ -1 +1 @@
-June 30, 2015
+July 3, 2015
diff --git a/wiki/src/inc/stable_i386_date.pt.po b/wiki/src/inc/stable_i386_date.pt.po
index 17fc734..67a1c6d 100644
--- a/wiki/src/inc/stable_i386_date.pt.po
+++ b/wiki/src/inc/stable_i386_date.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-28 21:22+0200\n"
+"POT-Creation-Date: 2015-07-03 09:49+0200\n"
"PO-Revision-Date: 2014-07-30 18:11-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,10 +16,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: outside any tag (error?)
-msgid "June 30, 2015"
-msgstr ""
-
#, fuzzy
-#~| msgid "July 22, 2014"
-#~ msgid "May 12, 2015"
-#~ msgstr "22 de julho de 2014"
+#| msgid "July 22, 2014"
+msgid "July 3, 2015"
+msgstr "22 de julho de 2014"
diff --git a/wiki/src/inc/trace b/wiki/src/inc/trace
index 15c246f..c95823d 100644
--- a/wiki/src/inc/trace
+++ b/wiki/src/inc/trace
@@ -1 +1 @@
-1431369002
+1435614769
diff --git a/wiki/src/news/version_1.4.1.de.po b/wiki/src/news/version_1.4.1.de.po
index d32d373..4dbc541 100644
--- a/wiki/src/news/version_1.4.1.de.po
+++ b/wiki/src/news/version_1.4.1.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 12:35+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
-msgid "[[!meta date=\"Tue Jun 30 12:34:56 2015\"]]\n"
+msgid "[[!meta date=\"Fri Jul 03 12:34:56 2015\"]]\n"
msgstr ""
#. type: Plain text
@@ -37,9 +37,9 @@ msgstr ""
#. type: Plain text
msgid ""
-"This release fixes [[numerous security "
-"issues|security/Numerous_security_holes_in_1.4]] and all users must "
-"[[upgrade|doc/first_steps/upgrade]] as soon as possible."
+"This release fixes [[numerous security issues|security/"
+"Numerous_security_holes_in_1.4]] and all users must [[upgrade|doc/"
+"first_steps/upgrade]] as soon as possible."
msgstr ""
#. type: Plain text
@@ -81,7 +81,8 @@ msgid "What's coming up?"
msgstr ""
#. type: Plain text
-msgid "The next Tails release is [[scheduled|contribute/calendar]] for August 11."
+msgid ""
+"The next Tails release is [[scheduled|contribute/calendar]] for August 11."
msgstr ""
#. type: Plain text
@@ -90,6 +91,6 @@ msgstr ""
#. type: Plain text
msgid ""
-"Do you want to help? There are many ways [[**you** can contribute to "
-"Tails|contribute]]. If you want to help, come talk to us!"
+"Do you want to help? There are many ways [[**you** can contribute to Tails|"
+"contribute]]. If you want to help, come talk to us!"
msgstr ""
diff --git a/wiki/src/news/version_1.4.1.fr.po b/wiki/src/news/version_1.4.1.fr.po
index d32d373..4dbc541 100644
--- a/wiki/src/news/version_1.4.1.fr.po
+++ b/wiki/src/news/version_1.4.1.fr.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 12:35+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
-msgid "[[!meta date=\"Tue Jun 30 12:34:56 2015\"]]\n"
+msgid "[[!meta date=\"Fri Jul 03 12:34:56 2015\"]]\n"
msgstr ""
#. type: Plain text
@@ -37,9 +37,9 @@ msgstr ""
#. type: Plain text
msgid ""
-"This release fixes [[numerous security "
-"issues|security/Numerous_security_holes_in_1.4]] and all users must "
-"[[upgrade|doc/first_steps/upgrade]] as soon as possible."
+"This release fixes [[numerous security issues|security/"
+"Numerous_security_holes_in_1.4]] and all users must [[upgrade|doc/"
+"first_steps/upgrade]] as soon as possible."
msgstr ""
#. type: Plain text
@@ -81,7 +81,8 @@ msgid "What's coming up?"
msgstr ""
#. type: Plain text
-msgid "The next Tails release is [[scheduled|contribute/calendar]] for August 11."
+msgid ""
+"The next Tails release is [[scheduled|contribute/calendar]] for August 11."
msgstr ""
#. type: Plain text
@@ -90,6 +91,6 @@ msgstr ""
#. type: Plain text
msgid ""
-"Do you want to help? There are many ways [[**you** can contribute to "
-"Tails|contribute]]. If you want to help, come talk to us!"
+"Do you want to help? There are many ways [[**you** can contribute to Tails|"
+"contribute]]. If you want to help, come talk to us!"
msgstr ""
diff --git a/wiki/src/news/version_1.4.1.mdwn b/wiki/src/news/version_1.4.1.mdwn
index 089f9be..e1b9d8d 100644
--- a/wiki/src/news/version_1.4.1.mdwn
+++ b/wiki/src/news/version_1.4.1.mdwn
@@ -1,4 +1,4 @@
-[[!meta date="Tue Jun 30 12:34:56 2015"]]
+[[!meta date="Fri Jul 03 12:34:56 2015"]]
[[!meta title="Tails 1.4.1 is out"]]
[[!tag announce]]
diff --git a/wiki/src/news/version_1.4.1.pt.po b/wiki/src/news/version_1.4.1.pt.po
index d32d373..4dbc541 100644
--- a/wiki/src/news/version_1.4.1.pt.po
+++ b/wiki/src/news/version_1.4.1.pt.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 12:35+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
-msgid "[[!meta date=\"Tue Jun 30 12:34:56 2015\"]]\n"
+msgid "[[!meta date=\"Fri Jul 03 12:34:56 2015\"]]\n"
msgstr ""
#. type: Plain text
@@ -37,9 +37,9 @@ msgstr ""
#. type: Plain text
msgid ""
-"This release fixes [[numerous security "
-"issues|security/Numerous_security_holes_in_1.4]] and all users must "
-"[[upgrade|doc/first_steps/upgrade]] as soon as possible."
+"This release fixes [[numerous security issues|security/"
+"Numerous_security_holes_in_1.4]] and all users must [[upgrade|doc/"
+"first_steps/upgrade]] as soon as possible."
msgstr ""
#. type: Plain text
@@ -81,7 +81,8 @@ msgid "What's coming up?"
msgstr ""
#. type: Plain text
-msgid "The next Tails release is [[scheduled|contribute/calendar]] for August 11."
+msgid ""
+"The next Tails release is [[scheduled|contribute/calendar]] for August 11."
msgstr ""
#. type: Plain text
@@ -90,6 +91,6 @@ msgstr ""
#. type: Plain text
msgid ""
-"Do you want to help? There are many ways [[**you** can contribute to "
-"Tails|contribute]]. If you want to help, come talk to us!"
+"Do you want to help? There are many ways [[**you** can contribute to Tails|"
+"contribute]]. If you want to help, come talk to us!"
msgstr ""
diff --git a/wiki/src/security/Numerous_security_holes_in_1.4.de.po b/wiki/src/security/Numerous_security_holes_in_1.4.de.po
index 782556c..dec7b55 100644
--- a/wiki/src/security/Numerous_security_holes_in_1.4.de.po
+++ b/wiki/src/security/Numerous_security_holes_in_1.4.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 09:56+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,13 +32,14 @@ msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
-msgid "Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
+msgid ""
+"Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
msgstr ""
#. type: Plain text
msgid ""
-"We **strongly** encourage you to [[upgrade to "
-"Tails 1.4.1|news/version_1.4.1]] as soon as possible."
+"We **strongly** encourage you to [[upgrade to Tails 1.4.1|news/"
+"version_1.4.1]] as soon as possible."
msgstr ""
#. type: Title =
@@ -47,7 +48,14 @@ msgid "Details\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "Tor Browser: [[!mfsa2015 XXX]]"
+msgid ""
+"Tor Browser: [[!mfsa2015 71]], [[!mfsa2015 70]], [[!mfsa2015 69]], [[!"
+"mfsa2015 66]], [[!mfsa2015 65]], [[!mfsa2015 64]], [[!mfsa2015 61]],"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!mfsa2015 59]]\n"
msgstr ""
#. type: Bullet: ' - '
@@ -71,7 +79,8 @@ msgid " [[!cve CVE-2015-4000]]\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
+msgid ""
+"CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
msgstr ""
#. type: Bullet: ' - '
diff --git a/wiki/src/security/Numerous_security_holes_in_1.4.fr.po b/wiki/src/security/Numerous_security_holes_in_1.4.fr.po
index 782556c..dec7b55 100644
--- a/wiki/src/security/Numerous_security_holes_in_1.4.fr.po
+++ b/wiki/src/security/Numerous_security_holes_in_1.4.fr.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 09:56+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,13 +32,14 @@ msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
-msgid "Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
+msgid ""
+"Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
msgstr ""
#. type: Plain text
msgid ""
-"We **strongly** encourage you to [[upgrade to "
-"Tails 1.4.1|news/version_1.4.1]] as soon as possible."
+"We **strongly** encourage you to [[upgrade to Tails 1.4.1|news/"
+"version_1.4.1]] as soon as possible."
msgstr ""
#. type: Title =
@@ -47,7 +48,14 @@ msgid "Details\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "Tor Browser: [[!mfsa2015 XXX]]"
+msgid ""
+"Tor Browser: [[!mfsa2015 71]], [[!mfsa2015 70]], [[!mfsa2015 69]], [[!"
+"mfsa2015 66]], [[!mfsa2015 65]], [[!mfsa2015 64]], [[!mfsa2015 61]],"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!mfsa2015 59]]\n"
msgstr ""
#. type: Bullet: ' - '
@@ -71,7 +79,8 @@ msgid " [[!cve CVE-2015-4000]]\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
+msgid ""
+"CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
msgstr ""
#. type: Bullet: ' - '
diff --git a/wiki/src/security/Numerous_security_holes_in_1.4.mdwn b/wiki/src/security/Numerous_security_holes_in_1.4.mdwn
index 06071ce..f084d83 100644
--- a/wiki/src/security/Numerous_security_holes_in_1.4.mdwn
+++ b/wiki/src/security/Numerous_security_holes_in_1.4.mdwn
@@ -12,7 +12,15 @@ Tails 1.4.1|news/version_1.4.1]] as soon as possible.
Details
=======
- - Tor Browser: [[!mfsa2015 XXX]]
+ - Tor Browser:
+ [[!mfsa2015 71]],
+ [[!mfsa2015 70]],
+ [[!mfsa2015 69]],
+ [[!mfsa2015 66]],
+ [[!mfsa2015 65]],
+ [[!mfsa2015 64]],
+ [[!mfsa2015 61]],
+ [[!mfsa2015 59]]
- Linux: [[!debsa2015 3290]], [[!cve CVE-2015-3636]]
- p7zip: [[!debsa2015 3289]]
- OpenSSL: [[!debsa2015 3287]], [[!cve CVE-2014-8176]], [[!cve
diff --git a/wiki/src/security/Numerous_security_holes_in_1.4.pt.po b/wiki/src/security/Numerous_security_holes_in_1.4.pt.po
index 782556c..dec7b55 100644
--- a/wiki/src/security/Numerous_security_holes_in_1.4.pt.po
+++ b/wiki/src/security/Numerous_security_holes_in_1.4.pt.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-06-30 09:19+0200\n"
+"POT-Creation-Date: 2015-07-03 09:56+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,13 +32,14 @@ msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
-msgid "Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
+msgid ""
+"Several security holes that affect Tails 1.4 are now fixed in Tails 1.4.1."
msgstr ""
#. type: Plain text
msgid ""
-"We **strongly** encourage you to [[upgrade to "
-"Tails 1.4.1|news/version_1.4.1]] as soon as possible."
+"We **strongly** encourage you to [[upgrade to Tails 1.4.1|news/"
+"version_1.4.1]] as soon as possible."
msgstr ""
#. type: Title =
@@ -47,7 +48,14 @@ msgid "Details\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "Tor Browser: [[!mfsa2015 XXX]]"
+msgid ""
+"Tor Browser: [[!mfsa2015 71]], [[!mfsa2015 70]], [[!mfsa2015 69]], [[!"
+"mfsa2015 66]], [[!mfsa2015 65]], [[!mfsa2015 64]], [[!mfsa2015 61]],"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!mfsa2015 59]]\n"
msgstr ""
#. type: Bullet: ' - '
@@ -71,7 +79,8 @@ msgid " [[!cve CVE-2015-4000]]\n"
msgstr ""
#. type: Bullet: ' - '
-msgid "CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
+msgid ""
+"CUPS: [[!debsa2015 3283]], [[!cve CVE-2015-1158]], [[!cve CVE-2015-1159]]"
msgstr ""
#. type: Bullet: ' - '
diff --git a/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml b/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml
index 2dc3976..9fb1b77 100644
--- a/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml
+++ b/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml
@@ -3,3 +3,18 @@ build-target: i386
channel: alpha
product-name: Tails
product-version: '1.4'
+upgrades:
+- details-url: https://tails.boum.org/news/version_1.4.1/
+ type: major
+ upgrade-paths:
+ - target-files:
+ - sha256: c7bf55250ca7a7ad897fd219af6ef3d4768be54fb3e2537abb3da8f7f4ed8913
+ size: 970584064
+ url: http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4.1/tails-i386-1.4.1.iso
+ type: full
+ - target-files:
+ - sha256: 78ead22bec100e6d9effe303a76fd1868c76baa42bcfda94db4adb62cebe1a81
+ size: 180469760
+ url: http://dl.amnesia.boum.org/tails/stable/iuk/Tails_i386_1.4_to_1.4.1.iuk
+ type: incremental
+ version: 1.4.1
diff --git a/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml.pgp b/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml.pgp
index 1a5a17c..fae4455 100644
--- a/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml.pgp
+++ b/wiki/src/upgrade/v1/Tails/1.4/i386/alpha/upgrades.yml.pgp
@@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
-iQIcBAABCgAGBQJVDw62AAoJEDyD3LUvaZxWPnwQAL9fmQqhIz5qfaR0kYy3V1yo
-naseAJoTfiEFfsu+wEtaQI9arfEhYJXa3w0e0j8sjZNqgiIwehzz7rG+lVvVSSy9
-e5OGeJQm/EfX7Z11yQclOB1l/Len4xjdb+7qtbaEcuG4iFRdMYhEbG0hBWNbYnrz
-DhPNBA/SnZyQSxEcISh7n5iWqhTtlVfy7RHvsIP+VmeRJKXe3aZkg+mCvXy8uFWz
-1hG/XVakSi+ttQQlojcu6BGcu2D7AjErh4DE8sXU5uNZoj7MPBWPEkOn5jvg6FRE
-GFRTce7cZxkbcw4Fjw581xUq6fzrPuc6tmwa1uYY9DrE1m55B2Eh9JkuBhFm5A7r
-1NoXZnFtweOYkVAPILhgJDGGLHtuH0Kz4TFwPLkpsHvTdAh123bQq73/2s8C5Gp4
-Hl7t3dVcAEQFoWb7mslW0uqHOK3RpMk3eRzZYgcxf8hbERKueb7C6evRs23xE8jr
-bLT+TjsFYKfpebaIyf35FAmzP6r7R9PTFN7QfVmDvv+/adGYGOtEIxyWVc2QcxtC
-I7bVavzSfBrwKwlwbRQQPaUHPAfksSx15OIC1LsiNs/0YHM+S2YmEmoQ6ehhXQdR
-wBFgmu+Wydx8GbtaLvuVQgcLDc8tXfLX2jYDubo5Bp0FnvYIYh5hwAL+IBWeWfzO
-EhfgV0AQ7Ki5olc29fDA
-=uvqH
+iQIcBAABCgAGBQJVklCzAAoJEDyD3LUvaZxWVVgQAMTXcwYBwXjkzLsSor3LCN+H
+e9suCNV31k/FZL+Rv2+GvlDz32+Q5AK+pQluZDBGzTMUkeCib9udIBrbDEdj6Y/z
+hWM1bN6nSPnFAakkDW030qE3cDN5nGux+sCKlF1hBJnKmyZhLOFr9DsVmxK7YoAN
+UxdoBF76V7vaYeag7aEkYr34LEu4AWnW5X8kGM/8gj/VEdeAWSf/25JrSdWKxD4h
+J/g9PskbxkRjPJcnJCr6zAxkGk6aYiCeiNYLh5ag0jrXGcJx/7KMYbIVolJNumwj
+KR8OK1c0qf3tKVD0RCnS3NNfkKWr36g0AJn2kz+YSbqtNIojv8nn6se0mrjg+HkI
+hqoKZjSTUDatdMFS12xno336re5sREqUwWZKjPOL2nGe0BOIVMcX1sRMEzV3oJaQ
+htnYyjBlbjLmZkcpoq1Y5lka4CR2RM5le2dWW0ayYkVslTMRO3nOM9PP+X13cdQ7
+XaauwlELSY+qcokj4dv4zSr0xUPhXRwJwYyNrRREb1QWxyDDfl7sXyS/F+7F6Sgt
+k3Nm8WDkazXWkim2XfyZCeWX6HzSeZ6xEZY2BiAG8EBw//YXaRiYVGckDcOS/GoP
+3MWHYzCS3sogHMWeEXYJfBww3/D/Whb3xFWmPLFPk9CsI1QrzA2WVhHBSVqpyibn
+uu5ObzHkPygacoS79J10
+=M4ly
-----END PGP SIGNATURE-----