summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2011-11-20 13:11:48 +0100
committerTails developers <amnesia@boum.org>2011-11-20 13:11:48 +0100
commit483e961fdb2ebdb8650e74e936f08c0fdefd5a89 (patch)
tree02c6b04f330f1d58455dccc0abfe340ff2f0e926
parentd9a26d285a8f581fcd66c4917d98c936b1d0b8df (diff)
parentffed3c6dd041fa25411932cc3c2224317b0a97f5 (diff)
Merge branch 'master' into doc-rework
Conflicts: wiki/src/doc/about/features.mdwn wiki/src/download.de.po wiki/src/download.es.po wiki/src/todo/restructure_the_website_navigation.mdwn
-rwxr-xr-xauto/build1
-rw-r--r--config/amnesia2
-rwxr-xr-xconfig/binary_local-hooks/10-syslinux_remove_buggy_help9
-rwxr-xr-xconfig/binary_local-hooks/20-syslinux_i18n4
-rw-r--r--config/chroot_apt/preferences8
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d10
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files3
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh24
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/11-empty-dns-cache.sh (renamed from config/chroot_local-includes/etc/NetworkManager/dispatcher.d/61-empty-dns-cache.sh)0
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh196
l---------config/chroot_local-includes/etc/NetworkManager/dispatcher.d/21-empty-dns-cache.sh1
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/50-htp.sh210
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-sighup.sh50
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh14
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-vidalia.sh25
-rw-r--r--config/chroot_local-includes/etc/default/htpdate2
-rw-r--r--config/chroot_local-includes/etc/default/kexec8
-rw-r--r--config/chroot_local-includes/etc/environment5
-rw-r--r--config/chroot_local-includes/etc/firewall.conf15
-rw-r--r--config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js1
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome.manifest27
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome/cookiesafe.jarbin232813 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHiddenMenuItems.js129
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHttpObserver.js521
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSLast10Hosts.js129
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSPermManager.js322
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSTempExceptions.js137
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCookieSafe.js316
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSHiddenMenuItems.xptbin280 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSLast10Hosts.xptbin261 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSPermManager.xptbin385 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSTempExceptions.xptbin274 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICookieSafe.xptbin254 -> 0 bytes
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/defaults/preferences/cookiesafe.js27
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.js168
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.rdf135
-rw-r--r--config/chroot_local-includes/etc/iceweasel/profile/user.js2
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/htpdate87
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-reconfigure-kexec27
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd25
-rwxr-xr-xconfig/chroot_local-includes/etc/lsb-base-logging.sh70
-rw-r--r--config/chroot_local-includes/etc/memlockd.cfg14
-rw-r--r--config/chroot_local-includes/etc/tor/torrc9
-rw-r--r--config/chroot_local-includes/etc/whisperback/config.py2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-get-bootinfo31
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-htp-notify-user91
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-security-check-wrapper14
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-start-i2p4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/fillram7
-rw-r--r--config/chroot_local-includes/usr/local/sbin/htpdate12
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper9
-rw-r--r--config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes3
-rwxr-xr-xconfig/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/sdmem14
-rw-r--r--config/chroot_local-includes/usr/share/locale/ar/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/de/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/en/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/es/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/fr/LC_MESSAGES/tails-htp-notify-user.po32
-rw-r--r--config/chroot_local-includes/usr/share/locale/it/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/pt/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/locale/zh/LC_MESSAGES/tails-htp-notify-user.po30
-rw-r--r--config/chroot_local-includes/usr/share/tails-htp-notify-user/messages.pot30
-rw-r--r--config/chroot_local-packageslists/tails-common.list12
-rw-r--r--config/chroot_local-patches/torsocks_claws-mail.diff12
-rw-r--r--debian/changelog64
-rw-r--r--wiki/src/bugs/Error_404_while_downloading_Tails_0.8.1_via_HTTP.mdwn2
-rw-r--r--wiki/src/bugs/FireGPG_may_be_unsafe.mdwn2
-rw-r--r--wiki/src/bugs/Tails_has_a_distinct_startup_signature.mdwn2
-rw-r--r--wiki/src/bugs/Tor-time-syncronization_fail.mdwn2
-rw-r--r--wiki/src/bugs/Tor_connection_error.mdwn3
-rw-r--r--wiki/src/bugs/__34__Clock_is_approx._6_months_after_the_release_date__34___but_it_was_set_correctly.mdwn3
-rw-r--r--wiki/src/bugs/boot_error_at_startup_on_xp.mdwn11
-rw-r--r--wiki/src/bugs/sdmem_does_not_clear_all_memory.mdwn6
-rw-r--r--wiki/src/contribute/design.mdwn10
-rw-r--r--wiki/src/contribute/faq.mdwn70
-rw-r--r--wiki/src/contribute/release_process.mdwn16
-rw-r--r--wiki/src/contribute/release_process/test.mdwn18
-rw-r--r--wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn10
-rw-r--r--wiki/src/doc/about/features.de.po3
-rw-r--r--wiki/src/doc/about/features.es.po3
-rw-r--r--wiki/src/doc/about/features.fr.po3
-rw-r--r--wiki/src/doc/about/features.mdwn1
-rw-r--r--wiki/src/doc/about/trust.de.po4
-rw-r--r--wiki/src/doc/about/trust.es.po4
-rw-r--r--wiki/src/doc/about/trust.fr.po6
-rw-r--r--wiki/src/doc/about/trust.mdwn2
-rw-r--r--wiki/src/doc/walkthrough.de.po2
-rw-r--r--wiki/src/download.de.po4
-rw-r--r--wiki/src/download.es.po19
-rw-r--r--wiki/src/download.fr.po52
-rw-r--r--wiki/src/download.html2
-rw-r--r--wiki/src/inc/stable_i386_date.de.po4
-rw-r--r--wiki/src/inc/stable_i386_date.es.po4
-rw-r--r--wiki/src/inc/stable_i386_date.fr.po8
-rw-r--r--wiki/src/inc/stable_i386_date.html2
-rw-r--r--wiki/src/inc/stable_i386_hash.html2
-rw-r--r--wiki/src/inc/stable_i386_iso_sig_url.html2
-rw-r--r--wiki/src/inc/stable_i386_iso_url.html2
-rw-r--r--wiki/src/inc/stable_i386_torrent_sig_url.html2
-rw-r--r--wiki/src/inc/stable_i386_torrent_url.html2
-rw-r--r--wiki/src/inc/stable_i386_version.html2
-rw-r--r--wiki/src/inc/trace2
-rw-r--r--wiki/src/index.es.po4
-rw-r--r--wiki/src/index.fr.po4
-rw-r--r--wiki/src/local.css6
-rw-r--r--wiki/src/news/version_0.9.mdwn89
-rw-r--r--wiki/src/security/Numerous_security_holes_in_0.8.1.de.po81
-rw-r--r--wiki/src/security/Numerous_security_holes_in_0.8.1.es.po81
-rw-r--r--wiki/src/security/Numerous_security_holes_in_0.8.1.fr.po81
-rw-r--r--wiki/src/security/Numerous_security_holes_in_0.8.1.mdwn23
-rw-r--r--wiki/src/security/Upgrade_Tor.de.po4
-rw-r--r--wiki/src/security/Upgrade_Tor.es.po4
-rw-r--r--wiki/src/security/Upgrade_Tor.fr.po4
-rw-r--r--wiki/src/security/Upgrade_Tor.mdwn2
-rw-r--r--wiki/src/todo/64-bit_or_PAE_Kernel_to_access_higher_memory.mdwn9
-rw-r--r--wiki/src/todo/Easy_USB_wipe__47__write_new_.iso_procedure_with_Disk_Utility.mdwn23
-rw-r--r--wiki/src/todo/Fight_evercookies.mdwn7
-rw-r--r--wiki/src/todo/Iceweasel_5.x.mdwn48
-rw-r--r--wiki/src/todo/Return_of_Icedove__63__.mdwn15
-rw-r--r--wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn2
-rw-r--r--wiki/src/todo/Tor-less_Tails.mdwn14
-rw-r--r--wiki/src/todo/Torbutton_toggling.mdwn11
-rw-r--r--wiki/src/todo/add_support_for_free_wifi_hotspots.mdwn7
-rw-r--r--wiki/src/todo/hplip_package_required_for_printing_on_some_HP_printers.mdwn2
-rw-r--r--wiki/src/todo/html5_ready_browser.mdwn17
-rw-r--r--wiki/src/todo/iceweasel_addon_-_CS_Lite.mdwn4
-rw-r--r--wiki/src/todo/iceweasel_addon_-_NoScript.mdwn10
-rw-r--r--wiki/src/todo/iceweasel_should_support_LAN_webservers.mdwn22
-rw-r--r--wiki/src/todo/improve_the_forum.mdwn18
-rw-r--r--wiki/src/todo/include_audio_and_video_streaming_software.mdwn4
-rw-r--r--wiki/src/todo/install_MAT.mdwn2
-rw-r--r--wiki/src/todo/localization_at_runtime.mdwn21
-rw-r--r--wiki/src/todo/mesh_networking.mdwn7
-rw-r--r--wiki/src/todo/press_section.mdwn3
-rw-r--r--wiki/src/todo/remove_the_htp_user_firewall_exception.mdwn2
-rw-r--r--wiki/src/todo/rethink_timezones.mdwn4
-rw-r--r--wiki/src/todo/support_Torbutton_new_identity_feature.mdwn2
-rw-r--r--wiki/src/todo/symmetric_OpenPGP_vs_recent_Iceweasel.mdwn37
-rw-r--r--wiki/src/todo/upgrade_TrueCrypt_to_7.1.mdwn2
-rw-r--r--wiki/src/todo/usb_install_and_upgrade.mdwn5
-rw-r--r--wiki/src/todo/windows_theme.mdwn8
-rw-r--r--wiki/src/torrents/files/tails-i386-0.8.1.iso.pgp17
-rw-r--r--wiki/src/torrents/files/tails-i386-0.8.1.torrentbin46782 -> 0 bytes
-rw-r--r--wiki/src/torrents/files/tails-i386-0.8.1.torrent.pgp17
-rw-r--r--wiki/src/torrents/files/tails-i386-0.9.iso.pgp17
-rw-r--r--wiki/src/torrents/files/tails-i386-0.9.packages (renamed from wiki/src/torrents/files/tails-i386-0.8.1.packages)82
-rw-r--r--wiki/src/torrents/files/tails-i386-0.9.torrentbin0 -> 46296 bytes
-rw-r--r--wiki/src/torrents/files/tails-i386-0.9.torrent.pgp17
148 files changed, 1584 insertions, 2827 deletions
diff --git a/auto/build b/auto/build
index 1bfc8bd..021d3f5 100755
--- a/auto/build
+++ b/auto/build
@@ -49,6 +49,7 @@ chmod -R go+rX config/chroot_sources
# build the image
: ${MKSQUASHFS_OPTIONS:='-comp xz'}
+MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes"
export MKSQUASHFS_OPTIONS
case "$LB_BINARY_IMAGES" in
diff --git a/config/amnesia b/config/amnesia
index f79bd64..bcbf7d1 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
-AMNESIA_APPEND="noswap live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000"
+AMNESIA_APPEND="noswap live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash"
# Options passed to isohybrid
# Default: "-entry 4 -type 1c"
diff --git a/config/binary_local-hooks/10-syslinux_remove_buggy_help b/config/binary_local-hooks/10-syslinux_remove_buggy_help
index 6d4d2c1..5961f96 100755
--- a/config/binary_local-hooks/10-syslinux_remove_buggy_help
+++ b/config/binary_local-hooks/10-syslinux_remove_buggy_help
@@ -29,11 +29,6 @@ case "${LB_BINARY_IMAGES}" in
;;
esac
-# Remove help menu entry from menu.cfg
+# Remove help menu entry from menu.cfg (and every line after)
CFG_FILE="${SYSLINUX_PATH}/menu.cfg"
-ORIG_CFG_FILE="${CFG_FILE}.orig"
-mv "${CFG_FILE}" "${ORIG_CFG_FILE}"
-HELP_START="`grep --color=never --line-number --max-count=1 '^label help$' "${ORIG_CFG_FILE}" | awk -F':' '{print $1}'`"
-KEEP_LINES="$(($HELP_START - 1))"
-head -n "$KEEP_LINES" "${ORIG_CFG_FILE}" > "${CFG_FILE}"
-rm -f "${ORIG_CFG_FILE}"
+perl -pni -E 'exit if m{^label[[:blank:]]+help$}' "${CFG_FILE}"
diff --git a/config/binary_local-hooks/20-syslinux_i18n b/config/binary_local-hooks/20-syslinux_i18n
index 5aa7e9b..75e1192 100755
--- a/config/binary_local-hooks/20-syslinux_i18n
+++ b/config/binary_local-hooks/20-syslinux_i18n
@@ -63,7 +63,7 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
case "${LANG_CODE}" in
ar)
LANG_NAME='^Arabic'
- LANG_APPEND='locales=ar_EG.UTF-8'
+ LANG_APPEND='locales=ar_EG.UTF-8 keyboard-layouts=us,ara'
;;
de)
LANG_NAME='^German'
@@ -91,7 +91,7 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
;;
ru)
LANG_NAME='^Russian'
- LANG_APPEND='locales=ru'
+ LANG_APPEND='locales=ru keyboard-layouts=us,ru'
;;
zh)
LANG_NAME='^Chinese'
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 78c68e1..8a641d4 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -34,6 +34,10 @@ Package: msva-perl
Pin: origin backports.debian.org
Pin-Priority: 999
+Package: plymouth
+Pin: release o=Debian,a=unstable
+Pin-Priority: 999
+
Package: squashfs-tools
Pin: origin backports.debian.org
Pin-Priority: 999
@@ -142,6 +146,10 @@ Package: laptop-mode-tools
Pin: release o=Debian,a=unstable
Pin-Priority: 999
+Package: xul-ext-cookie-monster
+Pin: release o=Debian,a=unstable
+Pin-Priority: 999
+
Package: xul-ext-https-everywhere
Pin: release o=Debian,a=unstable
Pin-Priority: 999
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index 14af7e6..f31f0a2 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -8,6 +8,8 @@ update-rc.d tails-kexec stop 85 0 6 .
update-rc.d tails-wifi start 17 S .
update-rc.d memlockd start 22 2 3 4 5 .
update-rc.d tails-sdmem-on-media-removal start 23 2 3 4 5 . stop 01 0 6
+update-rc.d tails-reconfigure-kexec defaults
+update-rc.d tails-reconfigure-memlockd defaults
# we run Tor ourselves after HTP via NetworkManager hooks
update-rc.d tor disable
@@ -28,3 +30,11 @@ update-rc.d kexec-load stop 18 0 6 .
# the i2p script manually.
update-rc.d -f i2p remove
+
+# we only want hdparm so that laptop-mode-tools can use it
+update-rc.d hdparm disable
+
+# don't use plymouth at shutdown/reboot
+# (plymouth.postinst creates links using update-rc.d,
+# so we cannot disable the links it creates by using LSB headers)
+rm -f /etc/rc[06].d/*plymouth
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index 80a57fc..8451321 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -5,6 +5,8 @@ echo "Removing unwanted files"
# Get AMNESIA_SUPPORTED_LANGUAGES
. /usr/share/amnesia/build/variables
+rm -f /usr/share/icons/gnome/icon-theme.cache
+
rm -rf \
/usr/share/inkscape/examples \
/usr/share/inkscape/tutorials
@@ -20,6 +22,7 @@ find /usr/share/scribus-ng/translations \
-exec rm "{}" \;
rm -rf /tmp/*
+find /usr -name "*.pyc" -print0 | xargs -0r rm -f
# truncate logs
for file in $(find /var/log/ -type f); do
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
new file mode 100755
index 0000000..949ad9f
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# We don't start Tor automatically so *this* is the time
+# when it is supposed to start.
+
+# Run only when the interface is not "lo":
+if [ $1 = "lo" ]; then
+ exit 0
+fi
+
+# Run whenever an interface gets "up", not otherwise:
+if [ $2 != "up" ]; then
+ exit 0
+fi
+
+# Workaround https://trac.torproject.org/projects/tor/ticket/2355
+if grep -qw bridge /proc/cmdline; then
+ rm -f /var/lib/tor/*
+fi
+
+# A SIGHUP should be enough but there's a bug in Tor. Details:
+# * https://trac.torproject.org/projects/tor/ticket/1247
+# * https://tails.boum.org/bugs/tor_vs_networkmanager/
+service tor restart
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/61-empty-dns-cache.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/11-empty-dns-cache.sh
index 6de570a..6de570a 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/61-empty-dns-cache.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/11-empty-dns-cache.sh
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
new file mode 100755
index 0000000..439713d
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+
+# Rationale: Tor needs a somewhat accurate clock to work.
+# If the clock is wrong enough to prevent it from opening circuits,
+# we set the time to the middle of the valid time interval found
+# in the Tor consensus, and we restart it.
+# In any case, we use HTP to ask more accurate time information to
+# a few authenticated HTTPS servers.
+
+
+### Init variables
+
+TORDATE_DIR=/var/run/tordate
+TORDATE_DONE_FILE=${TORDATE_DIR}/done
+TOR_DIR=/var/lib/tor
+TOR_CONSENSUS=${TOR_DIR}/cached-consensus
+TOR_UNVERIFIED_CONSENSUS=${TOR_DIR}/unverified-consensus
+TOR_DESCRIPTORS=${TOR_DIR}/cached-descriptors
+INOTIFY_TIMEOUT=60
+DATE_RE='[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]'
+VERSION_FILE=/etc/amnesia/version
+
+
+### Exit conditions
+
+# Run only when the interface is not "lo":
+if [ "$1" = "lo" ]; then
+ exit 0
+fi
+
+# Run whenever an interface gets "up", not otherwise:
+if [ "$2" != "up" ]; then
+ exit 0
+fi
+
+# Do not run twice
+if [ -e "$TORDATE_DONE_FILE" ]; then
+ exit 0
+fi
+
+
+### Create status directory
+install -o root -g root -m 0755 -d ${TORDATE_DIR}
+
+
+### Functions
+
+log() {
+ logger -t time "$@"
+}
+
+tor_is_working() {
+ [ -e $TOR_DESCRIPTORS ]
+}
+
+has_consensus() {
+ grep -qs "^valid-until ${DATE_RE}"'$' ${TOR_CONSENSUS} \
+ ${TOR_UNVERIFIED_CONSENSUS}
+}
+
+has_only_unverified_consensus() {
+ has_consensus && [ ! -e ${TOR_CONSENSUS} ]
+}
+
+wait_for_tor_consensus() {
+ log "Waiting for the Tor consensus file to contain a valid time interval"
+ while :; do
+ if has_consensus; then
+ break;
+ fi
+
+ inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
+ done
+}
+
+wait_for_working_tor() {
+ log "Waiting for Tor to be working (i.e. cached descriptors exist)"
+ while :; do
+ if tor_is_working; then
+ break;
+ fi
+
+ inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
+ done
+}
+
+date_points_are_sane() {
+ local vstart="$1"
+ local vend="$2"
+
+ vendchk=$(date -ud "${vstart} -0300" +'%F %T')
+ [ "${vend}" = "${vendchk}" ]
+}
+
+time_is_in_valid_tor_range() {
+ local curdate="$1"
+ local vstart="$2"
+
+ vendcons=$(date -ud "${vstart} -0230" +'%F %T')
+ order="${vstart}
+${curdate}
+${vendcons}"
+ ordersrt=$(echo "${order}" | sort)
+
+ [ "${order}" = "${ordersrt}" ]
+}
+
+restart_tor() {
+ if service tor status >/dev/null; then
+ log "Restarting Tor service"
+ service tor restart
+ fi
+}
+
+maybe_set_time_from_tor_consensus() {
+ if [ ! -e ${TOR_CONSENSUS} ]; then
+ log "We do not have a Tor consensus so we cannot set the system time according to it."
+ return
+ fi
+
+ # Get various date points in Tor's format, and do some sanity checks
+ vstart=$(sed -n "/^valid-after \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
+ vend=$(sed -n "/^valid-until \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
+ vmid=$(date -ud "${vstart} -0130" +'%F %T')
+ log "Tor: valid-after=${vstart} | valid-until=${vend}"
+
+ if ! date_points_are_sane "${vstart}" "${vend}"; then
+ log "Unexpected valid-until: [${vend}] is not [${vstart} + 3h]"
+ return
+ fi
+
+ curdate=$(date -u +'%F %T')
+ log "Current time is ${curdate}"
+
+ if time_is_in_valid_tor_range "${curdate}" "${vstart}"; then
+ log "Current time is in valid Tor range"
+ return
+ fi
+
+ log "Current time is not in valid Tor range, setting to middle of this range: [${vmid}]"
+ date -us "${vmid}" 1>/dev/null
+
+ # Tor is unreliable with picking a circuit after time change
+ restart_tor
+}
+
+release_date() {
+ # outputs something like 20111013
+ sed -n -e '1s/^.* - \([0-9]\+\)$/\1/p;q' "$VERSION_FILE"
+}
+
+is_clock_way_off() {
+ local release_date_secs="$(date -d "$(release_date)" '+%s')"
+ local current_date_secs="$(date '+%s')"
+
+ if [ "$current_date_secs" -lt "$release_date_secs" ]; then
+ log "Clock is before the release date"
+ return 0
+ fi
+ if [ "$(($release_date_secs + 15552000))" -lt "$current_date_secs" ]; then
+ log "Clock is more than 6 months after the release date"
+ return 0
+ fi
+ return 1
+}
+
+
+### Main
+
+# Delegate time setting to other daemons if Tor connections work
+if tor_is_working; then
+ log "Tor has already opened a circuit"
+else
+ wait_for_tor_consensus
+ # If Tor cannot verify the consensus this is probably because all
+ # authority certificates are "expired" due to a clock far off into
+ # the future.seen as invalid. In that case let's set the clock to
+ # the release date.
+ if is_clock_way_off && has_only_unverified_consensus; then
+ log "It seems the clock is so badly off that Tor couldn't verify the consensus. Setting system time to the release date, restarting Tor and fetching a new consensus..."
+ date --set="$(release_date)" > /dev/null
+ service tor stop
+ rm -f "${TOR_UNVERIFIED_CONSENSUS}"
+ service tor start
+ wait_for_tor_consensus
+ fi
+ maybe_set_time_from_tor_consensus
+fi
+
+wait_for_working_tor
+
+touch $TORDATE_DONE_FILE
+
+log "Restarting htpdate"
+service htpdate restart
+log "htpdate service restarted with return code $?"
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/21-empty-dns-cache.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/21-empty-dns-cache.sh
new file mode 120000
index 0000000..96f74ef
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/21-empty-dns-cache.sh
@@ -0,0 +1 @@
+11-empty-dns-cache.sh \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/50-htp.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/50-htp.sh
deleted file mode 100755
index 37768f4..0000000
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/50-htp.sh
+++ /dev/null
@@ -1,210 +0,0 @@
-#!/bin/sh
-
-# Rationale: Tor needs a somewhat accurate clock to work, and for that
-# HTP is currently the only practically usable solution when one wants
-# to authenticate the servers providing the time. We then need to get
-# the IPs of a bunch of HTTPS servers.
-
-# However, since all DNS lookups are normally made through the Tor
-# network, which we are not connected to at this point, we use the
-# local DNS servers obtained through DHCP, if possible, or the OpenDNS
-# ones otherwise.
-
-# To limit fingerprinting possibilities, we do not want to send HTTP
-# requests aimed at an IP-based virtualhost such as https://IP/, but
-# rather to the usual hostname (e.g. https://www.eff.org/) as any
-# "normal" user would do. Once we have got the HTTPS servers IPs, we
-# write these to /etc/hosts so the system resolver knows about them.
-# htpdate is then run, and we eventually remove the added entries from
-# /etc/hosts.
-
-# Note that all network operations (host, htpdate) are done with the
-# htp user, who has an exception in the firewall configuration
-# granting it direct access to the needed network ports.
-
-# That's why we tell the htpdate script to drops priviledges and run
-# as the htp user all operations but the actual setting of time, which
-# has to be done as root.
-
-
-### Init variables
-
-LOG=/var/log/htpdate.log
-DONE_FILE=/var/lib/live/htp-done
-SUCCESS_FILE=/var/lib/live/htp-success
-VERSION_FILE=/etc/amnesia/version
-
-HTP_POOL="
- www.torproject.org
- mail.riseup.net
- encrypted.google.com
- ssl.scroogle.org
-"
-
-BEGIN_MAGIC='### BEGIN HTP HOSTS'
-END_MAGIC='### END HTP HOSTS'
-
-if [ -n "$DHCP4_DOMAIN_NAME_SERVERS" ]; then
- NAME_SERVERS="$DHCP4_DOMAIN_NAME_SERVERS"
-else
- NAME_SERVERS="208.67.222.222 208.67.220.220"
-fi
-
-
-### Exit conditions
-
-# Run only when the interface is not "lo":
-if [ "$1" = "lo" ]; then
- exit 0
-fi
-
-# Run whenever an interface gets "up", not otherwise:
-if [ "$2" != "up" ]; then
- exit 0
-fi
-
-# Do not run if we already successed:
-if [ -e "$SUCCESS_FILE" ]; then
- exit 0
-fi
-
-
-### Delete previous state file
-rm -f "$DONE_FILE"
-
-
-### Create log file
-
-# The htp user needs to write to this file.
-# The $LIVE_USERNAME user needs to read this file.
-touch "$LOG"
-chown htp:nogroup "$LOG"
-chmod 644 "$LOG"
-
-
-### Run tails-htp-notify-user (the sooner, the better)
-
-# Get LIVE_USERNAME
-. /etc/live/config.d/username
-
-export DISPLAY=':0.0'
-export XAUTHORITY="$(echo /var/run/gdm3/auth-for-$LIVE_USERNAME-*/database)"
-exec /bin/su -c /usr/local/bin/tails-htp-notify-user "$LIVE_USERNAME" &
-
-
-### Functions
-
-log() {
- echo "$@" >> "${LOG}"
-}
-
-quit() {
- local exit_code="$1"
- shift
- local message="$@"
-
- echo "$exit_code" >> "$DONE_FILE"
- if [ "$exit_code" -eq 0 ]; then
- touch "$SUCCESS_FILE"
- fi
- log "$message"
- exit $exit_code
-}
-
-cleanup_etc_hosts() {
- log "Cleaning /etc/hosts"
-
- # remove all lines between markers
- sed -e "/$BEGIN_MAGIC/,/$END_MAGIC/d" -i /etc/hosts
-}
-
-dns_query_cmd() {
- local host="$1"
- local ns cmd
-
- cmd=""
- for ns in $NAME_SERVERS; do
- cmd="${cmd:+$cmd || }host '$host' '$ns'"
- done
- echo "$cmd"
-}
-
-add_nameservers_to_etc_hosts() {
- trap "cleanup_etc_hosts" EXIT
-
- echo "$BEGIN_MAGIC" >> /etc/hosts
-
- for HTP_HOST in $HTP_POOL; do
- # ensure we only get the domain if given a true url
- HTP_HOST=${HTP_HOST%%/*}
- IP=$(sudo -u htp sh -c "$(dns_query_cmd "$HTP_HOST")" |
- awk '/ has address / { print $4 ; quit }')
- if [ -z "$IP" ]; then
- echo "$END_MAGIC" >> /etc/hosts
- quit 17 "Failed to resolve $HTP_HOST"
- fi
- echo "$IP $HTP_HOST" >> /etc/hosts
- done
-
- echo "$END_MAGIC" >> /etc/hosts
-}
-
-run_htpdate() {
- /usr/local/sbin/htpdate \
- -d \
- -l "$LOG" \
- -a "$HTTP_USER_AGENT" \
- -f \
- -p \
- -u htp \
- -t 1 \
- $HTP_POOL
-}
-
-release_date() {
- # outputs something like 20111013
- sed -n -e '1s/^.* - \([0-9]\+\)$/\1/p;q' "$VERSION_FILE"
-}
-
-is_clock_way_off() {
- local release_date_secs="$(date -d "$(release_date)" '+%s')"
- local current_date_secs="$(date '+%s')"
-
- if [ "$current_date_secs" -lt "$release_date_secs" ]; then
- log "Clock is before the release date"
- return 0
- fi
- if [ "$(($release_date_secs + 259200))" -lt "$current_date_secs" ]; then
- log "Clock is approx. 6 months after the release date"
- return 0
- fi
- return 1
-}
-
-### Main
-
-HTTP_USER_AGENT="$(/usr/local/bin/getTorbuttonUserAgent)"
-
-if [ -z "$HTTP_USER_AGENT" ]; then
- quit 1 "getTorbuttonUserAgent failed."
-fi
-
-# Beware: this string is used and parsed in tails-htp-notify-user
-log "HTP NetworkManager hook: here we go"
-log "Will use these nameservers: $NAME_SERVERS"
-
-add_nameservers_to_etc_hosts
-
-run_htpdate
-HTPDATE_RET=$?
-
-# If the clock is already too badly off, htpdate might have fail because
-# SSL certificates will not be verifiable. In that case let's set the clock to
-# the release date and try again.
-if [ "$HTPDATE_RET" -ne 0 ] && is_clock_way_off; then
- date --set="$(release_date)" > /dev/null
- run_htpdate
- HTPDATE_RET=$?
-fi
-
-quit $HTPDATE_RET "htpdate exited with return code $HTPDATE_RET"
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-sighup.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-sighup.sh
deleted file mode 100755
index 8e7067a..0000000
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-sighup.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#! /bin/sh
-
-# Run only when the interface is not "lo":
-if [ $1 = "lo" ]; then
- exit 0
-fi
-
-# Run whenever an interface gets "up", not otherwise:
-if [ $2 != "up" ]; then
- exit 0
-fi
-
-PIDFILE=/var/run/tor/tor.pid
-
-# Get LIVE_USERNAME
-. /etc/live/config.d/username
-
-# Workaround https://trac.torproject.org/projects/tor/ticket/2355
-if grep -qw bridge /proc/cmdline; then
- rm -f /var/lib/tor/*
-fi
-
-# We don't start Tor automatically anymore so *this* is the time when
-# it is supposed to start.
-# Note: as we disabled the initscript automatic startup, we cannot use
-# invoke-rc.d: it would silently ignore our request. That's why we use
-# the good old direct initscript invocation rather than any fancy
-# frontend.
-if [ -r "${PIDFILE}" ]; then
- # A SIGHUP should be enough but there's a bug in Tor. Details:
- # * https://bugs.torproject.org/flyspray/index.php?do=details&id=1247
- # * https://tails.boum.org/bugs/tor_vs_networkmanager/
- /etc/init.d/tor restart
-else
- /etc/init.d/tor start
-fi
-
-# Restart ttdnsd
-service ttdnsd restart
-
-# Restart Vidalia because it does not automatically reconnect to the new
-# Tor instance. Use kill+start as:
-# - X-GNOME-AutoRestart does not exist in Lenny's Gnome
-# - we do not start Vidalia automatically anymore and *this* is the time
-# when it is supposed to start.
-killall vidalia
-sleep 2 # give lckdo a chance to release the lockfile
-export DISPLAY=':0.0'
-export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
-exec /bin/su -c /usr/local/bin/vidalia-wrapper "${LIVE_USERNAME}" &
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
new file mode 100755
index 0000000..f4676fd
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+# Run only when the interface is not "lo":
+if [ $1 = "lo" ]; then
+ exit 0
+fi
+
+# Run whenever an interface gets "up", not otherwise:
+if [ $2 != "up" ]; then
+ exit 0
+fi
+
+# Restart ttdnsd
+service ttdnsd restart
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-vidalia.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-vidalia.sh
new file mode 100755
index 0000000..1339eef
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-vidalia.sh
@@ -0,0 +1,25 @@
+#! /bin/sh
+
+# Run only when the interface is not "lo":
+if [ $1 = "lo" ]; then
+ exit 0
+fi
+
+# Run whenever an interface gets "up", not otherwise:
+if [ $2 != "up" ]; then
+ exit 0
+fi
+
+# Get LIVE_USERNAME
+. /etc/live/config.d/username
+
+# Restart Vidalia because it does not automatically reconnect to the new
+# Tor instance. Use kill+start as:
+# - X-GNOME-AutoRestart does not exist in Lenny's Gnome
+# - we do not start Vidalia automatically anymore and *this* is the time
+# when it is supposed to start.
+killall vidalia
+sleep 2 # give lckdo a chance to release the lockfile
+export DISPLAY=':0.0'
+export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
+exec /bin/su -c /usr/local/bin/vidalia-wrapper "${LIVE_USERNAME}" &
diff --git a/config/chroot_local-includes/etc/default/htpdate b/config/chroot_local-includes/etc/default/htpdate
new file mode 100644
index 0000000..cabd80c
--- /dev/null
+++ b/config/chroot_local-includes/etc/default/htpdate
@@ -0,0 +1,2 @@
+HTP_POOL="www.torproject.org mail.riseup.net encrypted.google.com ssl.scroogle.org"
+HTTP_USER_AGENT="$(/usr/local/bin/getTorbuttonUserAgent)"
diff --git a/config/chroot_local-includes/etc/default/kexec b/config/chroot_local-includes/etc/default/kexec
index 02fc4c0..504b21e 100644
--- a/config/chroot_local-includes/etc/default/kexec
+++ b/config/chroot_local-includes/etc/default/kexec
@@ -1,12 +1,14 @@
# Defaults for kexec initscript
-# sourced by /etc/init.d/kexec and /etc/init.d/kexec-load
+# sourced by kexec-tools.config, /etc/init.d/kexec and /etc/init.d/kexec-load
# Load a kexec kernel (true/false)
LOAD_KEXEC=true
# Kernel and initrd image
-KERNEL_IMAGE="/vmlinuz"
-INITRD="/initrd.img"
+# Unused: tails-reconfigure-kexec appends the correct values to this file
+# at boot time.
+KERNEL_IMAGE=/vmlinux
+INITRD=/initrd.img
# If empty, use current /proc/cmdline
APPEND="quiet"
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
index 75d1bc2..3ea1f6b 100644
--- a/config/chroot_local-includes/etc/environment
+++ b/config/chroot_local-includes/etc/environment
@@ -2,3 +2,8 @@ http_proxy=http://127.0.0.1:8118
HTTP_PROXY=http://127.0.0.1:8118
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
+
+# Torbutton "New identity" feature uses those environment variables
+TOR_CONTROL_COOKIE_AUTH_FILE='/var/run/tor/control.authcookie'
+TOR_CONTROL_HOST='127.0.0.1'
+TOR_CONTROL_PORT='9051'
diff --git a/config/chroot_local-includes/etc/firewall.conf b/config/chroot_local-includes/etc/firewall.conf
index d2d32cb..27b3d47 100644
--- a/config/chroot_local-includes/etc/firewall.conf
+++ b/config/chroot_local-includes/etc/firewall.conf
@@ -12,18 +12,11 @@
# Established outgoing connections are accepted.
[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-# Note: this must run before traffic is dispatched to the lan rule.
-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j ACCEPT
-
# Internal network connections are accepted.
[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
# Local network connections should not go through Tor but DNS shall be
-# rejected - apart for the htp user.
+# rejected.
[0:0] -N lan
[0:0] -A lan -p TCP --dport domain -j REJECT
[0:0] -A lan -p UDP --dport domain -j REJECT
@@ -65,12 +58,6 @@ COMMIT
# i2p is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner i2psvc -j RETURN
-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j RETURN
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j RETURN
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j RETURN
-
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j REDIRECT --to-ports 9040
diff --git a/config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js b/config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js
index 3a5a120..ec27a54 100644
--- a/config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js
+++ b/config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js
@@ -28,6 +28,7 @@ pref("browser.chrome.site_icons", false);
pref("browser.chrome.image_icons.max_size", 0);
pref("browser.download.manager.closeWhenDone", true);
pref("browser.download.manager.retention", 0);
+pref("browser.download.useDownloadDir", false);
pref("browser.formfill.enable", false);
pref("browser.history_expire_days", 0);
pref("browser.history_expire_days.mirror", 0);
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome.manifest b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome.manifest
deleted file mode 100644
index dc8a8bf..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome.manifest
+++ /dev/null
@@ -1,27 +0,0 @@
-overlay chrome://browser/content/browser.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-overlay chrome://navigator/content/navigator.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-overlay chrome://messenger/content/messenger.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-overlay chrome://messenger/content/messageWindow.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-overlay chrome://emusic/content/startup.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-overlay chrome://songbird/content/xul/mainScriptsOverlay.xul chrome://cookiesafe/content/cookiesafeOverlay.xul
-
-content cookiesafe jar:chrome/cookiesafe.jar!/content/cookiesafe/
-
-skin cookiesafe classic/1.0 jar:chrome/cookiesafe.jar!/skin/classic/cookiesafe/
-
-locale cookiesafe en-US jar:chrome/cookiesafe.jar!/locale/en-US/cookiesafe/
-locale cookiesafe bg-BG jar:chrome/cookiesafe.jar!/locale/bg-BG/cookiesafe/
-locale cookiesafe de-DE jar:chrome/cookiesafe.jar!/locale/de-DE/cookiesafe/
-locale cookiesafe es-ES jar:chrome/cookiesafe.jar!/locale/es-ES/cookiesafe/
-locale cookiesafe fr-FR jar:chrome/cookiesafe.jar!/locale/fr-FR/cookiesafe/
-locale cookiesafe hu-HU jar:chrome/cookiesafe.jar!/locale/hu-HU/cookiesafe/
-locale cookiesafe it-IT jar:chrome/cookiesafe.jar!/locale/it-IT/cookiesafe/
-locale cookiesafe ja-JP jar:chrome/cookiesafe.jar!/locale/ja-JP/cookiesafe/
-locale cookiesafe ko-KR jar:chrome/cookiesafe.jar!/locale/ko-KR/cookiesafe/
-locale cookiesafe nl-NL jar:chrome/cookiesafe.jar!/locale/nl-NL/cookiesafe/
-locale cookiesafe pl-PL jar:chrome/cookiesafe.jar!/locale/pl-PL/cookiesafe/
-locale cookiesafe pt-BR jar:chrome/cookiesafe.jar!/locale/pt-BR/cookiesafe/
-locale cookiesafe ro-RO jar:chrome/cookiesafe.jar!/locale/ro-RO/cookiesafe/
-locale cookiesafe ru-RU jar:chrome/cookiesafe.jar!/locale/ru-RU/cookiesafe/
-locale cookiesafe uk-UA jar:chrome/cookiesafe.jar!/locale/uk-UA/cookiesafe/
-locale cookiesafe zh-CN jar:chrome/cookiesafe.jar!/locale/zh-CN/cookiesafe/
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome/cookiesafe.jar b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome/cookiesafe.jar
deleted file mode 100644
index 844757f..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/chrome/cookiesafe.jar
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHiddenMenuItems.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHiddenMenuItems.js
deleted file mode 100644
index e640cfd..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHiddenMenuItems.js
+++ /dev/null
@@ -1,129 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-const CSHIDDENMENUITEMS_CONTRACTID = '@mozilla.org/CSHiddenMenuItems;1';
-const CSHIDDENMENUITEMS_CID = Components.ID('{a7cdbbe6-4e52-4675-884e-b85bb46dac17}');
-const CSHIDDENMENUITEMS_IID = Components.interfaces.nsICSHiddenMenuItems;
-const CSHIDDENMENUITEMS_SERVICENAME = 'CS Hidden Menu Items';
-
-var nsCSHiddenMenuItems = {
-
- testHiddenMenuItems: function(id) {
- var prefs = this.getPrefs();
- var ids = prefs.getCharPref('hiddenMenuItems');
- return (ids.indexOf(id)!=-1) ? true : false;
- },
-
- getHiddenMenuItems: function() {
- var prefs = this.getPrefs();
- var ids = prefs.getCharPref('hiddenMenuItems');
- return ids;
- },
-
- addHiddenMenuItems: function(id) {
- var found = this.testHiddenMenuItems(id);
- if (!found) {
- var prefs = this.getPrefs();
- var ids = prefs.getCharPref('hiddenMenuItems').split(' ');
- ids.push(id);
-
- //filter out all of the null values
- ids = ids.filter(function(value) { return value; });
-
- prefs.setCharPref('hiddenMenuItems',ids.join(' '));
- }
- },
-
- removeHiddenMenuItems: function(id) {
- var prefs = this.getPrefs();
- var ids = prefs.getCharPref('hiddenMenuItems').split(' ');
- ids = ids.filter(function(value) { return value != id; });
- prefs.setCharPref('hiddenMenuItems',ids.join(' '));
- },
-
- clearHiddenMenuItems: function() {
- var prefs = this.getPrefs();
- prefs.setCharPref('hiddenMenuItems','');
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- QueryInterface: function(iid) {
- if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(CSHIDDENMENUITEMS_IID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- }
-};
-
-var nsCSHiddenMenuItemsModule = {
-
- registerSelf: function(compMgr, fileSpec, location, type) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(CSHIDDENMENUITEMS_CID,
- CSHIDDENMENUITEMS_SERVICENAME,
- CSHIDDENMENUITEMS_CONTRACTID,
- fileSpec,location,type);
- },
-
- unregisterSelf: function (compMgr, fileSpec, location) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.unregisterFactoryLocation(CSHIDDENMENUITEMS_CID,fileSpec);
- },
-
- getClassObject: function(compMgr, cid, iid) {
- if (!cid.equals(CSHIDDENMENUITEMS_CID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- if (!iid.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
- return this.nsCSHiddenMenuItemsFactory;
- },
-
- canUnload: function(compMgr) {
- return true;
- },
-
- nsCSHiddenMenuItemsFactory: {
-
- createInstance: function(outer, iid) {
- if (outer != null)
- throw Components.results.NS_ERROR_NO_AGGREGATION;
- if (!iid.equals(CSHIDDENMENUITEMS_IID) &&
- !iid.equals(Components.interfaces.nsISupports))
- throw Components.results.NS_ERROR_INVALID_ARG;
- return nsCSHiddenMenuItems;
- }
- }
-};
-
-function NSGetModule(comMgr, fileSpec) { return nsCSHiddenMenuItemsModule; }
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHttpObserver.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHttpObserver.js
deleted file mode 100644
index a8468de..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSHttpObserver.js
+++ /dev/null
@@ -1,521 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-var cookiesafeCookieObserver = {
-
- init: function() {
- var os = this.getObserver();
- os.addObserver(this, 'cookie-changed', false);
- os.addObserver(this, 'cookie-rejected', false);
- },
-
- uninit: function() {
- var os = this.getObserver();
- os.removeObserver(this, 'cookie-changed');
- os.removeObserver(this, 'cookie-rejected');
- },
-
- QueryInterface : function(aIID) {
- if (aIID.equals(Components.interfaces.nsISupports) ||
- aIID.equals(Components.interfaces.nsIObserver))
- return this;
- throw Components.results.NS_NOINTERFACE;
- },
-
- getObserver: function() {
- return Components.classes["@mozilla.org/observer-service;1"].
- getService(Components.interfaces.nsIObserverService);
- },
-
- getCS: function() {
- return Components.classes['@mozilla.org/CookieSafe;1'].
- createInstance(Components.interfaces.nsICookieSafe);
- },
-
- getCSLast10Hosts: function() {
- return Components.classes['@mozilla.org/CSLast10Hosts;1'].
- getService(Components.interfaces.nsICSLast10Hosts);
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- getConsole: function() {
- return Components.classes["@mozilla.org/consoleservice;1"].
- getService(Components.interfaces.nsIConsoleService);
- },
-
- getStrBundle: function() {
- return Components.classes['@mozilla.org/intl/stringbundle;1'].
- getService(Components.interfaces.nsIStringBundleService).
- createBundle('chrome://cookiesafe/locale/cookiesafe.properties');
- },
-
- observe: function(aSubject, aTopic, aData) {
- var cs = this.getCS();
- var lastten = this.getCSLast10Hosts();
- var prefs = this.getPrefs();
- var console = prefs.getBoolPref('logNotifications');
-
- if (aSubject) {
- if (aTopic=='cookie-rejected') {
- aSubject.QueryInterface(Components.interfaces.nsIURI);
- }
-
- if (aSubject instanceof Components.interfaces.nsIURI ||
- aSubject instanceof Components.interfaces.nsICookie) {
- var host = (aSubject.host) ? aSubject.host : 'scheme:file';
- var base = cs.removeSub(host);
- lastten.addLastTenHosts(base);
- }
- }
-
- if (console) {
- this.logCookie(aSubject,aData,host);
- }
- },
-
- logCookie: function(aSubject,aData,host) {
- var bdl = this.getStrBundle();
-
- //create title
- var title;
- if (!aData) {
- title = bdl.GetStringFromName('cookiesafe.lCookieBlocked');
- } else if (aData=='added') {
- title = bdl.GetStringFromName('cookiesafe.lCookieAdded');
- } else if (aData=='changed') {
- title = bdl.GetStringFromName('cookiesafe.lCookieChanged');
- } else if (aData=='deleted') {
- title = bdl.GetStringFromName('cookiesafe.lCookieDeleted');
- } else if (aData=='cleared') {
- title = bdl.GetStringFromName('cookiesafe.lCookiesCleared');
- }
-
- //create message
- var msg = title;
- if (aData=='added' || aData=='changed' || aData=='deleted') {
- var exp = new Date();
- if (aSubject.expires) {
- exp.setTime(aSubject.expires * 1000);
- } else {
- exp = bdl.GetStringFromName('cookiesafe.lSession');
- }
- msg += '\n'+bdl.GetStringFromName('cookiesafe.lHost')+': '+host+'\n'+
- bdl.GetStringFromName('cookiesafe.lName')+': '+aSubject.name+'\n'+
- bdl.GetStringFromName('cookiesafe.lValue')+': '+aSubject.value+'\n'+
- bdl.GetStringFromName('cookiesafe.lExpires')+': '+exp;
- } else if (!aData) {
- msg += '\n'+bdl.GetStringFromName('cookiesafe.lHost')+': '+host+'\n'+
- bdl.GetStringFromName('cookiesafe.lUrl')+': '+aSubject.spec;
- }
-
- var csl = this.getConsole();
- csl.logStringMessage(msg);
- }
-};
-
-var cookiesafeShutdown = {
-
- QueryInterface : function(aIID) {
- if (aIID.equals(Components.interfaces.nsISupports) ||
- aIID.equals(Components.interfaces.nsIObserver))
- return this;
- throw Components.results.NS_NOINTERFACE;
- },
-
- getObserver: function() {
- return Components.classes["@mozilla.org/observer-service;1"].
- getService(Components.interfaces.nsIObserverService);
- },
-
- init: function() {
- var os = this.getObserver();
- os.addObserver(this, 'quit-application', false);
- },
-
- uninit: function() {
- var os = this.getObserver();
- os.removeObserver(this, 'quit-application');
- },
-
- observe: function(aSubject, aTopic, aData) {
- if (aTopic == 'quit-application') {
- //unregister observer for quit-application notifications
- this.uninit();
-
- //unregister the cookie observers
- cookiesafeCookieObserver.uninit();
-
- //only uninit the http observer for Thunderbird
- var brows = this.getAppInfo();
- if (brows.name=='Thunderbird') csHttpObserver.uninit();
-
- //perform cleanup for CS Lite shutdown
- this.exit();
- }
- },
-
- exit: function() {
- //remove temp exceptions
- this.removeTempExceptions();
-
- //clear last 10 hosts array
- var lastten = this.getCSLast10Hosts();
- lastten.clearLastTenHosts();
-
- //clear all cookies and exceptions
- var prefs = this.getPrefs();
- var clck = prefs.getBoolPref('clearCookies');
- var clex = prefs.getBoolPref('clearExceptions');
- if (clck) this.clearCookies2();
- if (clex) this.clearExceptions2();
-
- //check if browser is TB2 and close db connection if possible
- var brows = this.getAppInfo();
- var num = parseInt(brows.version);
- if (brows.name=='Thunderbird' && num==2) {
- var permMngr = this.getPermManager();
- permMngr.closeDB();
- }
- },
-
- getCSLast10Hosts: function() {
- return Components.classes['@mozilla.org/CSLast10Hosts;1'].
- getService(Components.interfaces.nsICSLast10Hosts);
- },
-
- getCSTempExceptions: function() {
- return Components.classes['@mozilla.org/CSTempExceptions;1'].
- getService(Components.interfaces.nsICSTempExceptions);
- },
-
- getAppInfo: function() {
- return Components.classes['@mozilla.org/xre/app-info;1'].
- createInstance(Components.interfaces.nsIXULAppInfo);
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- getCookieManager: function() {
- return Components.classes["@mozilla.org/cookiemanager;1"].
- getService(Components.interfaces.nsICookieManager);
- },
-
- getPermManager: function() {
- //check if browser is TB2
- var brows = this.getAppInfo();
- var num = parseInt(brows.version);
- if (brows.name=='Thunderbird' && num==2) {
- return Components.classes["@mozilla.org/CSPermManager;1"].
- getService(Components.interfaces.nsICSPermManager);
- } else {
- return Components.classes["@mozilla.org/permissionmanager;1"].
- getService(Components.interfaces.nsIPermissionManager);
- }
- },
-
- removeTempExceptions: function() {
- var tempExc = this.getCSTempExceptions();
- var perms = tempExc.getTempExceptions();
- if (!perms) return false;
-
- //remove temp exceptions
- perms = perms.split(' ');
- var mngr = this.getPermManager();
- for (var i=0; i<perms.length; ++i) {
- if (!perms[i]) continue;
- try {
- mngr.remove(perms[i],'cookie');
- } catch(e) {
- continue;
- }
- }
-
- //this clears the temp array and the tempExceptions char pref
- tempExc.clearTempExceptions();
- return false;
- },
-
- clearCookies2: function() {
- var mngr = this.getCookieManager();
- mngr.removeAll();
- },
-
- clearExceptions2: function() {
- var exc,perms,temp;
- var mngr = this.getPermManager();
- if (mngr instanceof Components.interfaces.nsIPermissionManager) {
- perms = mngr.enumerator;
- while (('hasMoreElements' in perms && perms.hasMoreElements()) ||
- ('hasMore' in perms && perms.hasMore())) {
- exc = perms.getNext();
- exc.QueryInterface(Components.interfaces.nsIPermission);
- if (exc.type=='cookie') {
- mngr.remove(exc.host,'cookie');
- }
- }
- } else { //for TB2 only
- mngr.removeAll();
- }
- }
-};
-
-var csHttpObserver = {
-
- QueryInterface : function(aIID) {
- if (aIID.equals(Components.interfaces.nsISupports) ||
- aIID.equals(Components.interfaces.nsIObserver))
- return this;
- throw Components.results.NS_NOINTERFACE;
- },
-
- getObserver: function() {
- return Components.classes["@mozilla.org/observer-service;1"].
- getService(Components.interfaces.nsIObserverService);
- },
-
- getAppInfo: function() {
- return Components.classes['@mozilla.org/xre/app-info;1'].
- createInstance(Components.interfaces.nsIXULAppInfo);
- },
-
- getCS: function() {
- return Components.classes['@mozilla.org/CookieSafe;1'].
- createInstance(Components.interfaces.nsICookieSafe);
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- getGlobalPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("network.cookie.");
- },
-
- getCookieManager2: function() {
- return Components.classes["@mozilla.org/cookiemanager;1"].
- getService(Components.interfaces.nsICookieManager2);
- },
-
- getCookieService: function() {
- return Components.classes["@mozilla.org/cookieService;1"].
- getService(Components.interfaces.nsICookieService);
- },
-
- testPermission: function(host) {
- var url = (host=='scheme:file') ? 'file:///cookiesafe' : 'http://'+host;
- var uri = this.getURI(url);
- var mngr = this.getPermManager();
- var action = mngr.testPermission(uri,'cookie');
- return action;
- },
-
- getURI: function(url) {
- return Components.classes["@mozilla.org/network/io-service;1"].
- getService(Components.interfaces.nsIIOService).
- newURI(url,null,null);
- },
-
- getPermManager: function() {
- //check if browser is TB2
- var brows = this.getAppInfo();
- var num = parseInt(brows.version);
- if (brows.name=='Thunderbird' && num==2) {
- return Components.classes["@mozilla.org/CSPermManager;1"].
- getService(Components.interfaces.nsICSPermManager);
- } else {
- return Components.classes["@mozilla.org/permissionmanager;1"].
- getService(Components.interfaces.nsIPermissionManager);
- }
- },
-
- init: function() {
- var os = this.getObserver();
- os.addObserver(this, 'http-on-modify-request', false);
- os.addObserver(this, 'http-on-examine-response', false);
- os.addObserver(this, 'http-on-examine-merged-response', false);
- },
-
- uninit: function() {
- var os = this.getObserver();
- os.removeObserver(this, 'http-on-modify-request');
- os.removeObserver(this, 'http-on-examine-response');
- os.removeObserver(this, 'http-on-examine-merged-response');
- },
-
- observe: function(aSubject, aTopic, aData) {
- if (aTopic == 'app-startup') {
- //register quit-application observer for cookiesafe shutdown tasks
- cookiesafeShutdown.init();
-
- //register cookie observers for last 10 hosts and cookie logging
- cookiesafeCookieObserver.init();
-
- //only init the http observer for Thunderbird
- var brows = this.getAppInfo();
- if (brows.name=='Thunderbird') this.init();
- return false;
- }
-
- try {
- var httpChannel = aSubject.QueryInterface(Components.interfaces.nsIHttpChannel);
- var channelInternal = aSubject.QueryInterface(Components.interfaces.nsIHttpChannelInternal);
- var channel = aSubject.QueryInterface(Components.interfaces.nsIChannel);
- } catch(e) {
- return false;
- }
-
- /*Thunderbird will automatically strip cookie headers from channels using the https
- protocol. There is presently NO solution for https uris so we can just return
- instead of trying to process the https cookie headers which will stripped anyway.*/
-
- if (channel.URI.scheme.substr(0,4) != 'http') return false;
-
- //make sure user wants CS to process cookies in TB, if more than one http
- //observer is active at a time there could be conflicts with other extensions
- var prefs = this.getPrefs();
- if (!prefs.getBoolPref('processTBCookies')) return false;
-
- //test whether uri host has permission to set or receive cookies
- var action = this.testPermission(channel.URI.host);
-
- var gPrefs = this.getGlobalPrefs();
- var behavior = gPrefs.getIntPref('cookieBehavior');
-
- if (aTopic=='http-on-modify-request') {
- try {
- var reqHead = httpChannel.getRequestHeader("Cookie");
- } catch(e) {
- return false;
- }
-
- if (!reqHead) {
- if (action==1 || action==8 || (behavior==0 && !action)) {
- var cksrv = this.getCookieService();
- var ckstr = cksrv.getCookieString(channel.URI,null);
- httpChannel.setRequestHeader("Cookie",ckstr,false);
- }
- }
- }
-
- if (aTopic=='http-on-examine-response' || aTopic=='http-on-examine-merged-response') {
- try {
- var resHead = httpChannel.getResponseHeader("Set-Cookie");
- } catch(e) {
- return false;
- }
-
- if (resHead) {
- if (action==1 || action==8 || (behavior==0 && !action)) {
- var ck,exp;
- var cs = this.getCS();
- var mngr = this.getCookieManager2();
- var dt = new Date();
- var time = dt.getTime();
- var cookies = resHead.split('\n');
- for (var i=0; i<cookies.length; ++i) {
- ck = cs.formatCookieString(cookies[i],channel.URI);
- exp = (action==8) ? 0 : ck.expires; //ck.expires is readonly so we use a new variable here
- if ('cookieExists' in mngr) {
- mngr.add(ck.host,ck.path,ck.name,ck.value,ck.isSecure,true,
- (!exp) ? true : false,
- (!exp) ? parseInt(time / 1000) + 86400 : exp);
- } else {
- mngr.add(ck.host,ck.path,ck.name,ck.value,ck.isSecure,
- (!exp) ? true : false,
- (!exp) ? parseInt(time / 1000) + 86400 : exp);
- }
- }
- httpChannel.setResponseHeader("Set-Cookie","",false);
- }
- }
- }
- return false;
- }
-};
-
-var csHttpModule = {
-
- registerSelf: function (compMgr, fileSpec, location, type) {
- var compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(this.myCID,
- this.myName,
- this.myProgID,
- fileSpec,
- location,
- type);
-
- var catMgr = Components.classes["@mozilla.org/categorymanager;1"].
- getService(Components.interfaces.nsICategoryManager);
- catMgr.addCategoryEntry("app-startup", this.myName, this.myProgID, true, true);
- },
-
- getClassObject: function (compMgr, cid, iid) {
- return this.csHttpFactory;
- },
-
- myCID: Components.ID("{559f36d9-ef06-42ae-8378-846d452cd244}"),
-
- myProgID: "@mozilla.org/csHttpObserver;1",
-
- myName: "CookieSafe Http Observer",
-
- csHttpFactory: {
- QueryInterface: function (aIID) {
- if (!aIID.equals(Components.interfaces.nsISupports) &&
- !aIID.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- },
-
- createInstance: function (outer, iid) {
- return csHttpObserver;
- }
- },
-
- canUnload: function(compMgr) {
- return true;
- }
-};
-
-function NSGetModule(compMgr, fileSpec) {
- return csHttpModule;
-}
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSLast10Hosts.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSLast10Hosts.js
deleted file mode 100644
index 1d47d48..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSLast10Hosts.js
+++ /dev/null
@@ -1,129 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-const CSLAST10HOSTS_CONTRACTID = '@mozilla.org/CSLast10Hosts;1';
-const CSLAST10HOSTS_CID = Components.ID('{d4295e7f-ac82-47d5-ab40-a3781cb49980}');
-const CSLAST10HOSTS_IID = Components.interfaces.nsICSLast10Hosts;
-const CSLAST10HOSTS_SERVICENAME = 'CS Last 10 Hosts';
-
-var nsCSLast10Hosts = {
-
- hosts: [],
-
- testLastTenHosts: function(host) {
- for (var i=0; i<this.hosts.length; ++i) {
- if (this.hosts[i]==host) return true;
- }
-
- return false;
- },
-
- getLastTenHosts: function() {
- return this.hosts.join(' ');
- },
-
- addLastTenHosts: function(host) {
- var found = this.testLastTenHosts(host);
- if (!found) {
- this.hosts.unshift(host);
- }
-
- //make sure the hosts array length does not exceed the numOfHosts pref
- var prefs = this.getPrefs();
- var num = parseInt(prefs.getIntPref('numOfHosts'));
- while (this.hosts.length > num) {
- this.hosts.pop();
- }
- },
-
- removeLastTenHosts: function(host) {
- this.hosts = this.hosts.filter(function(value) {
- return value != host;
- });
- },
-
- clearLastTenHosts: function() {
- this.hosts = [];
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- QueryInterface: function(iid) {
- if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(CSLAST10HOSTS_IID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- }
-};
-
-var nsCSLast10HostsModule = {
-
- registerSelf: function(compMgr, fileSpec, location, type) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(CSLAST10HOSTS_CID,
- CSLAST10HOSTS_SERVICENAME,
- CSLAST10HOSTS_CONTRACTID,
- fileSpec,location,type);
- },
-
- unregisterSelf: function (compMgr, fileSpec, location) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.unregisterFactoryLocation(CSLAST10HOSTS_CID,fileSpec);
- },
-
- getClassObject: function(compMgr, cid, iid) {
- if (!cid.equals(CSLAST10HOSTS_CID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- if (!iid.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
- return this.nsCSLast10HostsFactory;
- },
-
- canUnload: function(compMgr) {
- return true;
- },
-
- nsCSLast10HostsFactory: {
-
- createInstance: function(outer, iid) {
- if (outer != null)
- throw Components.results.NS_ERROR_NO_AGGREGATION;
- if (!iid.equals(CSLAST10HOSTS_IID) &&
- !iid.equals(Components.interfaces.nsISupports))
- throw Components.results.NS_ERROR_INVALID_ARG;
- return nsCSLast10Hosts;
- }
- }
-};
-
-function NSGetModule(comMgr, fileSpec) { return nsCSLast10HostsModule; }
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSPermManager.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSPermManager.js
deleted file mode 100644
index aca0f76..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSPermManager.js
+++ /dev/null
@@ -1,322 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-const CSPERMMANAGER_CONTRACTID = '@mozilla.org/CSPermManager;1';
-const CSPERMMANAGER_CID = Components.ID('{4b0a4425-e9d8-441c-a34b-1867d8ca2d3b}');
-const CSPERMMANAGER_IID = Components.interfaces.nsICSPermManager;
-const CSPERMMANAGER_SERVICENAME = 'CSPermManager';
-
-var nsCSPermManager = {
-
- _DB: null,
-
- UNKNOWN_ACTION: 0,
- ALLOW_ACTION: 1,
- DENY_ACTION: 2,
-
- closeDB: function() {
- if (this._DB && 'close' in this._DB) {
- this._DB.close();
- }
- },
-
- add: function(uri,type,permission) {
- if (!this._DB) this.openDatabaseConnection();
-
- if (this._DB) {
- var host = (uri.host) ? uri.host : 'scheme:file';
- var found = this.testPermission(uri,type);
- this._DB.beginTransaction();
-
- if (!found) {
- try {
- this._DB.executeSimpleSQL("INSERT INTO cookies VALUES('"+host+"','"+permission+"')");
- } catch(e) { }
- } else if (found != permission) {
- try {
- this._DB.executeSimpleSQL("REPLACE INTO cookies VALUES('"+host+"','"+permission+"')");
- } catch(e) { }
- }
-
- this._DB.commitTransaction();
- }
- },
-
- remove: function(host,type) {
- if (!this._DB) this.openDatabaseConnection();
-
- if (this._DB) {
- this._DB.beginTransaction();
-
- try {
- this._DB.executeSimpleSQL("DELETE FROM cookies WHERE host = '"+host+"'");
- } catch(e) { }
-
- this._DB.commitTransaction();
- }
- },
-
- removeAll: function() {
- if (!this._DB) this.openDatabaseConnection();
-
- if (this._DB) {
- this._DB.beginTransaction();
-
- try {
- this._DB.executeSimpleSQL("DELETE FROM cookies");
- } catch(e) { }
-
- this._DB.commitTransaction();
- }
- },
-
- testPermission: function(uri,type) {
- if (!this._DB) this.openDatabaseConnection();
- if (!this._DB) return false;
-
- var found = 0;
- var host = (uri.host) ? uri.host : 'scheme:file';
- this._DB.beginTransaction();
-
- var stmt = this._DB.createStatement("SELECT * FROM cookies WHERE host = '"+host+"'");
- while (stmt.executeStep()) {
- if (stmt.getString(1)) found = stmt.getString(1);
- break;
- }
- stmt.reset();
-
- //if not found then test for base domain
- if (found==0) {
- var cs = this.getCS();
- var base = cs.removeSub(host);
- if (base!=host) {
- var stmt = this._DB.createStatement("SELECT * FROM cookies WHERE host = '"+base+"'");
- while (stmt.executeStep()) {
- if (stmt.getString(1)) found = stmt.getString(1);
- break;
- }
- stmt.reset();
- }
- }
-
- this._DB.commitTransaction();
- return found;
- },
-
- getAllPermissions: function() {
- if (!this._DB) this.openDatabaseConnection();
- if (!this._DB) return '';
-
- var entries = [];
- this._DB.beginTransaction();
-
- var stmt = this._DB.createStatement("SELECT * FROM cookies");
- while (stmt.executeStep()) {
- if (stmt.getString(0) && stmt.getString(1)) {
- entries.push(stmt.getString(0) + '|' + stmt.getString(1));
- }
- }
- stmt.reset();
-
- this._DB.commitTransaction();
- return entries.join(' ');
- },
-
- copyCSDBToProfile: function() {
- //get nsIFile for profile folder
- var profile = this.getProfile();
- profile.append('cshostperm.sqlite');
-
- //get location of jar file
- var chromeuri = this.getURI('chrome://cookiesafe/content/sqlite/cshostperm.sqlite');
- var jaruri = this.getJarURI(chromeuri);
-
- //the uri of the base jar file is needed here so query nsIJARURI
- jaruri.QueryInterface(Components.interfaces.nsIJARURI);
- var jarfile = this.urlToFile(jaruri.JARFile.spec);
-
- var zipReader = this.getZipReaderForFile(jarfile);
-
- try {
- var entry;
- var entries = zipReader.findEntries('\*cshostperm.sqlite\$');
- if ('init' in zipReader) {
- while (entries.hasMoreElements()) {
- entry = entries.getNext();
- entry.QueryInterface(Components.interfaces.nsIZipEntry);
- zipReader.extract(entry.name,profile);
- break;
- }
- } else {
- while (entries.hasMore()) {
- entry = entries.getNext();
- zipReader.extract(entry,profile);
- break;
- }
- }
- } catch (e) {
- throw e;
- }
-
- zipReader.close();
- },
-
- getURI: function(url) {
- return Components.classes["@mozilla.org/network/io-service;1"].
- getService(Components.interfaces.nsIIOService).
- newURI(url,null,null);
- },
-
- getJarURI: function(uri) {
- return Components.classes['@mozilla.org/chrome/chrome-registry;1'].
- getService(Components.interfaces.nsIChromeRegistry).
- convertChromeURL(uri);
- },
-
- urlToFile: function(url) {
- return Components.classes['@mozilla.org/network/protocol;1?name=file'].
- createInstance(Components.interfaces.nsIFileProtocolHandler).
- getFileFromURLSpec(url);
- },
-
- getZipReaderForFile: function(zipFile) {
- try {
- var zipReader = Components.classes["@mozilla.org/libjar/zip-reader;1"].
- createInstance(Components.interfaces.nsIZipReader);
-
- if ('init' in zipReader) {
- zipReader.init(zipFile);
- zipReader.open();
- } else {
- zipReader.open(zipFile);
- }
- } catch (e) {
- zipReader.close();
- throw e;
- }
- return zipReader;
- },
-
- getProfile: function() {
- return Components.classes["@mozilla.org/file/directory_service;1"].
- getService(Components.interfaces.nsIProperties).
- get("ProfD", Components.interfaces.nsIFile);
- },
-
- getDBService: function() {
- return Components.classes["@mozilla.org/storage/service;1"].
- getService(Components.interfaces.mozIStorageService);
- },
-
- openDatabaseConnection: function() {
- var dbfile = this.getProfile();
- dbfile.append("cshostperm.sqlite");
- if (!dbfile.exists()) {
- this.copyCSDBToProfile();
- if (!dbfile.exists()) return false;
- }
-
- var dbService = this.getDBService();
- this._DB = dbService.openDatabase(dbfile);
-
- if (!this._DB.tableExists("cookies")) {
- this._DB.createTable("cookies", "host STRING PRIMARY KEY, type INTEGER");
- }
- return false;
- },
-
- getCS: function() {
- return Components.classes['@mozilla.org/CookieSafe;1'].
- createInstance(Components.interfaces.nsICookieSafe);
- },
-
- getCSHiddenMenuItems: function() {
- return Components.classes['@mozilla.org/CSHiddenMenuItems;1'].
- createInstance(Components.interfaces.nsICSHiddenMenuItems);
- },
-
- getCSLast10Hosts: function() {
- return Components.classes['@mozilla.org/CSLast10Hosts;1'].
- getService(Components.interfaces.nsICSLast10Hosts);
- },
-
- getCSTempExceptions: function() {
- return Components.classes['@mozilla.org/CSTempExceptions;1'].
- getService(Components.interfaces.nsICSTempExceptions);
- },
-
- QueryInterface: function(iid) {
- if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(CSPERMMANAGER_IID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- }
-};
-
-var nsCSPermManagerModule = {
-
- registerSelf: function(compMgr, fileSpec, location, type) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(CSPERMMANAGER_CID,
- CSPERMMANAGER_SERVICENAME,
- CSPERMMANAGER_CONTRACTID,
- fileSpec,location,type);
- },
-
- unregisterSelf: function (compMgr, fileSpec, location) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.unregisterFactoryLocation(CSPERMMANAGER_CID,fileSpec);
- },
-
- getClassObject: function(compMgr, cid, iid) {
- if (!cid.equals(CSPERMMANAGER_CID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- if (!iid.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
- return this.nsCSPermManagerFactory;
- },
-
- canUnload: function(compMgr) {
- return true;
- },
-
- nsCSPermManagerFactory: {
-
- createInstance: function(outer, iid) {
- if (outer != null)
- throw Components.results.NS_ERROR_NO_AGGREGATION;
- if (!iid.equals(CSPERMMANAGER_IID) &&
- !iid.equals(Components.interfaces.nsISupports))
- throw Components.results.NS_ERROR_INVALID_ARG;
- return nsCSPermManager;
- }
- }
-};
-
-function NSGetModule(comMgr, fileSpec) { return nsCSPermManagerModule; }
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSTempExceptions.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSTempExceptions.js
deleted file mode 100644
index 5b108e9..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCSTempExceptions.js
+++ /dev/null
@@ -1,137 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-const CSTEMPEXCEPTIONS_CONTRACTID = '@mozilla.org/CSTempExceptions;1';
-const CSTEMPEXCEPTIONS_CID = Components.ID('{8742629c-8f6a-4787-9c44-2db49b392531}');
-const CSTEMPEXCEPTIONS_IID = Components.interfaces.nsICSTempExceptions;
-const CSTEMPEXCEPTIONS_SERVICENAME = 'CS Temp Exceptions';
-
-var nsCSTempExceptions = {
-
- hosts: [],
-
- testTempExceptions: function(host) {
- for (var i=0; i<this.hosts.length; ++i) {
- if (this.hosts[i]==host) return true;
- }
-
- return false;
- },
-
- getTempExceptions: function() {
- return this.hosts.join(' ');
- },
-
- addTempExceptions: function(host) {
- var found = this.testTempExceptions(host);
- if (!found) {
- this.hosts.push(host);
- }
-
- //keep track of temp exceptions in a char pref in case browser
- //crashes before all of the temp exceptions have been cleared
- var prefs = this.getPrefs();
- prefs.setCharPref('tempExceptions',this.hosts.join(' '));
- },
-
- removeTempExceptions: function(host) {
- this.hosts = this.hosts.filter(function(value) {
- return value != host;
- });
-
- //keep track of temp exceptions in a char pref in case browser
- //crashes before all of the temp exceptions have been cleared
- var prefs = this.getPrefs();
- prefs.setCharPref('tempExceptions',this.hosts.join(' '));
- },
-
- clearTempExceptions: function() {
- this.hosts = [];
-
- //keep track of temp exceptions in a char pref in case browser
- //crashes before all of the temp exceptions have been cleared
- var prefs = this.getPrefs();
- prefs.setCharPref('tempExceptions','');
- },
-
- getPrefs: function() {
- return Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch("cookiesafe.");
- },
-
- QueryInterface: function(iid) {
- if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(CSTEMPEXCEPTIONS_IID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- }
-};
-
-var nsCSTempExceptionsModule = {
-
- registerSelf: function(compMgr, fileSpec, location, type) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(CSTEMPEXCEPTIONS_CID,
- CSTEMPEXCEPTIONS_SERVICENAME,
- CSTEMPEXCEPTIONS_CONTRACTID,
- fileSpec,location,type);
- },
-
- unregisterSelf: function (compMgr, fileSpec, location) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.unregisterFactoryLocation(CSTEMPEXCEPTIONS_CID,fileSpec);
- },
-
- getClassObject: function(compMgr, cid, iid) {
- if (!cid.equals(CSTEMPEXCEPTIONS_CID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- if (!iid.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
- return this.nsCSTempExceptionsFactory;
- },
-
- canUnload: function(compMgr) {
- return true;
- },
-
- nsCSTempExceptionsFactory: {
-
- createInstance: function(outer, iid) {
- if (outer != null)
- throw Components.results.NS_ERROR_NO_AGGREGATION;
- if (!iid.equals(CSTEMPEXCEPTIONS_IID) &&
- !iid.equals(Components.interfaces.nsISupports))
- throw Components.results.NS_ERROR_INVALID_ARG;
- return nsCSTempExceptions;
- }
- }
-};
-
-function NSGetModule(comMgr, fileSpec) { return nsCSTempExceptionsModule; }
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCookieSafe.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCookieSafe.js
deleted file mode 100644
index 0b815f2..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsCookieSafe.js
+++ /dev/null
@@ -1,316 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-
-const COOKIESAFE_CONTRACTID = '@mozilla.org/CookieSafe;1';
-const COOKIESAFE_CID = Components.ID('{d3b60080-fd35-4507-a5a2-70c3560b3874}');
-const COOKIESAFE_IID = Components.interfaces.nsICookieSafe;
-const COOKIESAFE_SERVICENAME = 'CookieSafe';
-
-var nsCookieSafe = {
-
- removeSub: function(host) {
- if (!host || host.indexOf('.')==-1) return host;
-
- //remove port number if found
- host = host.replace(/\:.*$/g,'');
-
- var testip = host.replace(/\./g,'');
- if (!isNaN(testip)) return host;
-
- var domain = host.split('.');
- if (domain.length<3) return domain.join('.');
-
- try {
- var sld = domain[domain.length-2];
- var ext = domain[domain.length-1];
- if ((sld in this && this[sld].indexOf(' '+ext+' ')!=-1) ||
- (sld=='co' || sld=='com' || sld=='org')) {
- return domain[domain.length-3]+'.'+domain[domain.length-2]+'.'+domain[domain.length-1];
- } else {
- return domain[domain.length-2]+'.'+domain[domain.length-1];
- }
- } catch(e) {
- return domain[domain.length-2]+'.'+domain[domain.length-1];
- }
- },
-
- formatCookieString: function(ckstr,uri) {
- var url = uri.QueryInterface(Components.interfaces.nsIURL);
-
- //setup cookie object to appear as nsICookie
- var cookie = {
- name: null,
- value: null,
- isDomain: false,
- host: uri.host,
- path: url.directory,
- isSecure: false,
- expires: 0
- };
-
- var dt = new Date();
- var time = dt.getTime();
-
- ckstr = ckstr.replace(/\; /g,'\;');
- var values = ckstr.split('\;');
-
- for (var i=0; i<values.length; ++i) {
- if (values[i].substr(0,6).toLowerCase()=='domain') {
- cookie.host = values[i].substr(values[i].indexOf('=')+1);
- }
- if (values[i].substr(0,4).toLowerCase()=='path') {
- cookie.path = values[i].substr(values[i].indexOf('=')+1);
- }
- if (values[i].substr(0,7).toLowerCase()=='expires') {
- var expStr = values[i].substr(values[i].indexOf('=')+1);
- expStr = expStr.replace(/\-/g,' ');
- var exp = parseInt(Date.parse(expStr));
- cookie.expires = (exp < time) ? 0 : exp / 1000;
- }
- if (values[i].substr(0,6).toLowerCase()=='secure') {
- cookie.isSecure = true;
- }
- }
-
- cookie.name = values[0].substr(0,values[0].indexOf('='));
- cookie.value = values[0].substr(values[0].indexOf('=')+1);
- if (cookie.host.charAt(0)=='.') cookie.isDomain = true;
-
- return cookie;
- },
-
- /** BEGIN ORGANIZATIONAL SECOND LEVEL DOMAINS **/
- ab: ' ca ',
- ac: ' ac at be cn id il in jp kr nz th uk za ',
- ad: ' jp ',
- adm: ' br ',
- adv: ' br ',
- agro: ' pl ',
- ah: ' cn ',
- aid: ' pl ',
- alt: ' za ',
- am: ' br ',
- ar: ' com ',
- arq: ' br ',
- art: ' br ',
- arts: ' ro ',
- asn: ' au ',
- asso: ' fr mc ',
- atm: ' pl ',
- auto: ' pl ',
- bbs: ' tr ',
- bc: ' ca ',
- bio: ' br ',
- biz: ' pl ',
- bj: ' cn ',
- br: ' com ',
- cn: ' com ',
- cng: ' br ',
- cnt: ' br ',
- co: ' ac at bw ck cr id il im in je jp ke kr ls ma nz th ug uk uz ve vi za zm zw ',
- com: ' af ag ar au bd bh bn bo br bz cn co cu do ec eg et fj fr gi gt hk jm kh ly mm mt mx my na nf ng ni np om pa pe ph pk pl pr py qa ro ru sa sb sg sv tj tr tw ua uy vc vn ',
- cq: ' cn ',
- cri: ' nz ',
- ecn: ' br ',
- ed: ' jp ',
- edu: ' ar au cn hk mm mx pl tr za ',
- eng: ' br ',
- esp: ' br ',
- etc: ' br ',
- eti: ' br ',
- eu: ' com lv ',
- fin: ' ec ',
- firm: ' ro ',
- fm: ' br ',
- fot: ' br ',
- fst: ' br ',
- g12: ' br ',
- gb: ' com net ',
- gd: ' cn ',
- gen: ' nz ',
- gmina: ' pl ',
- go: ' jp kr th ',
- gob: ' mx ',
- gov: ' ar br cn ec il in mm mx sg tr uk za ',
- govt: ' nz ',
- gr: ' jp ',
- gs: ' cn ',
- gsm: ' pl ',
- gv: ' ac at ',
- gx: ' cn ',
- gz: ' cn ',
- hb: ' cn ',
- he: ' cn ',
- hi: ' cn ',
- hk: ' cn ',
- hl: ' cn ',
- hn: ' cn ',
- hu: ' com ',
- id: ' au ',
- ind: ' br ',
- inf: ' br ',
- info: ' pl ro ',
- iwi: ' nz ',
- jl: ' cn ',
- jor: ' br ',
- js: ' cn ',
- k12: ' il tr ',
- lel: ' br ',
- lg: ' jp ',
- ln: ' cn ',
- ltd: ' uk ',
- mail: ' pl ',
- maori: ' nz ',
- mb: ' ca ',
- me: ' uk ',
- med: ' br ec ',
- media: ' pl ',
- mi: ' th ',
- miasta: ' pl ',
- mil: ' br ec nz pl tr za ',
- mo: ' cn ',
- muni: ' il ',
- nb: ' ca ',
- ne: ' jp kr ',
- net: ' ar au br cn ec hk id il in mm mx nz pl ru sg th tr tw za ',
- nf: ' ca ',
- ngo: ' za ',
- nm: ' cn kr ',
- no: ' com ',
- nom: ' br pl ro za ',
- ns: ' ca ',
- nt: ' ca ro ',
- ntr: ' br ',
- nx: ' cn ',
- odo: ' br ',
- off: ' ai ',
- on: ' ca ',
- or: ' ac at jp kr th ',
- org: ' ar au br cn ec hk il in mm mx nz pl ro ru sg tr tw uk za ',
- pc: ' pl ',
- pe: ' ca ',
- plc: ' uk ',
- ppg: ' br ',
- presse: ' fr ',
- priv: ' pl ',
- pro: ' br ',
- psc: ' br ',
- psi: ' br ',
- qc: ' ca com ',
- qh: ' cn ',
- re: ' kr ',
- realestate: ' pl ',
- rec: ' br ro ',
- rel: ' pl ',
- sa: ' com ',
- sc: ' cn ',
- school: ' nz za ',
- se: ' com net ',
- sh: ' cn ',
- shop: ' pl ',
- sk: ' ca ',
- sklep: ' pl ',
- slg: ' br ',
- sn: ' cn ',
- sos: ' pl ',
- store: ' ro ',
- targi: ' pl ',
- tj: ' cn ',
- tm: ' fr mc pl ro za ',
- tmp: ' br ',
- tourism: ' pl ',
- travel: ' pl ',
- tur: ' br ',
- turystyka: ' pl ',
- tv: ' br ',
- tw: ' cn ',
- uk: ' co com net ',
- us: ' com ca ',
- uy: ' com ',
- vet: ' br ',
- web: ' za ',
- www: ' ro ',
- xj: ' cn ',
- xz: ' cn ',
- yk: ' ca ',
- yn: ' cn ',
- za: ' com ',
- zj: ' cn ',
- zlg: ' br ',
- /** END ORGANIZATIONAL SECOND LEVEL DOMAINS **/
-
- QueryInterface: function(iid) {
- if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(COOKIESAFE_IID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- }
-};
-
-var nsCookieSafeModule = {
-
- registerSelf: function(compMgr, fileSpec, location, type) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.registerFactoryLocation(COOKIESAFE_CID,
- COOKIESAFE_SERVICENAME,
- COOKIESAFE_CONTRACTID,
- fileSpec,location,type);
- },
-
- unregisterSelf: function (compMgr, fileSpec, location) {
- compMgr = compMgr.QueryInterface(Components.interfaces.nsIComponentRegistrar);
- compMgr.unregisterFactoryLocation(COOKIESAFE_CID,fileSpec);
- },
-
- getClassObject: function(compMgr, cid, iid) {
- if (!cid.equals(COOKIESAFE_CID))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- if (!iid.equals(Components.interfaces.nsIFactory))
- throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
- return this.nsCookieSafeFactory;
- },
-
- canUnload: function(compMgr) {
- return true;
- },
-
- nsCookieSafeFactory: {
-
- createInstance: function(outer, iid) {
- if (outer != null)
- throw Components.results.NS_ERROR_NO_AGGREGATION;
- if (!iid.equals(COOKIESAFE_IID) &&
- !iid.equals(Components.interfaces.nsISupports))
- throw Components.results.NS_ERROR_INVALID_ARG;
- return nsCookieSafe;
- }
- }
-};
-
-function NSGetModule(comMgr, fileSpec) { return nsCookieSafeModule; }
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSHiddenMenuItems.xpt b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSHiddenMenuItems.xpt
deleted file mode 100644
index f10201d..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSHiddenMenuItems.xpt
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSLast10Hosts.xpt b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSLast10Hosts.xpt
deleted file mode 100644
index 2e7a095..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSLast10Hosts.xpt
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSPermManager.xpt b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSPermManager.xpt
deleted file mode 100644
index a42d30a..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSPermManager.xpt
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSTempExceptions.xpt b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSTempExceptions.xpt
deleted file mode 100644
index c46b060..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICSTempExceptions.xpt
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICookieSafe.xpt b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICookieSafe.xpt
deleted file mode 100644
index 91eccca..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/components/nsICookieSafe.xpt
+++ /dev/null
Binary files differ
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/defaults/preferences/cookiesafe.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/defaults/preferences/cookiesafe.js
deleted file mode 100644
index 1b61824..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/defaults/preferences/cookiesafe.js
+++ /dev/null
@@ -1,27 +0,0 @@
-pref('extensions.{00084897-021a-4361-8423-083407a033e0}.description','chrome://cookiesafe/locale/cookiesafe.properties');
-pref('cookiesafe.defaultSkin','chrome://cookiesafe/skin/');
-pref('cookiesafe.tempExceptions','');
-pref('cookiesafe.hiddenMenuItems','');
-pref('cookiesafe.numOfHosts',10);
-pref('cookiesafe.globalBehavior',0);
-pref('cookiesafe.lastUpdate',0);
-pref('cookiesafe.autoUpdate',0);
-pref('cookiesafe.updateBehavior',0);
-pref('cookiesafe.blockUntrusted',true);
-pref('cookiesafe.hideContext',true);
-pref('cookiesafe.hideStatus',false);
-pref('cookiesafe.hideChanged',false);
-pref('cookiesafe.hideBlocked',false);
-pref('cookiesafe.autoRefresh',true);
-pref('cookiesafe.promptClear',true);
-pref('cookiesafe.promptMenuItem',true);
-pref('cookiesafe.promptDomain',false);
-pref('cookiesafe.hideMenuItem',false);
-pref('cookiesafe.clearCookies',false);
-pref('cookiesafe.clearExceptions',false);
-pref('cookiesafe.promptGlobal',true);
-pref('cookiesafe.logNotifications',false);
-pref('cookiesafe.disableOnStartup',false);
-pref('cookiesafe.processTBCookies',true);
-pref('cookiesafe.useBrowserDialogs',false);
-pref('network.cookie.blockFutureCookies',false); \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.js b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.js
deleted file mode 100644
index f4b832c..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.js
+++ /dev/null
@@ -1,168 +0,0 @@
-/***************************************************************************
-Name: CS Lite
-Description: Control cookie permissions.
-Author: Ron Beckman
-Homepage: http://addons.mozilla.org
-
-Install.js script inspired by code from MonkeeSage, Pike, Henrik Gemal and Stephen Clavering
-
-Copyright (C) 2007 Ron Beckman
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to:
-
-Free Software Foundation, Inc.
-51 Franklin Street
-Fifth Floor
-Boston, MA 02110-1301
-USA
-***************************************************************************/
-
-var XpiInstaller = {
-
- // --- Editable items begin ---
- extFullName : 'CS Lite', // The name displayed to the user (don't include the version)
- extShortName : 'cookiesafe', // The leafname of the JAR file (without the .jar part)
- extVersion : '1.4',
- extAuthor : 'Ron Beckman',
- extLocaleNames : ['en-US','bg-BG','de-DE','es-ES','fr-FR','hu-HU','it-IT','ja-JP','ko-KR','nl-NL','pl-PL','pt-BR','ro-RO','ru-RU','uk-UA','zh-CN'],
- extSkinNames : ['classic'], // e.g., ['classic','modern']
- extPreferences : ['cookiesafe.js'], // e.g., ['extension.js']
- extComponents : ['nsCSHttpObserver.js','nsCookieSafe.js','nsICookieSafe.xpt','nsCSTempExceptions.js','nsICSTempExceptions.xpt','nsCSHiddenMenuItems.js','nsICSHiddenMenuItems.xpt','nsCSLast10Hosts.js','nsICSLast10Hosts.xpt','nsCSPermManager.js','nsICSPermManager.xpt'],
- extPostInstallMessage: null, // Set to null for no post-install message
- // --- Editable items end ---
-
- profileInstall : true,
- silentInstall : false,
-
- install: function() {
-
- var jarName = this.extShortName + '.jar';
- var profileDir = Install.getFolder('Profile','chrome');
- var globalDir = Install.getFolder('Chrome');
-
- // Parse HTTP arguments
- this.parseArguments();
-
- // Check if extension is already installed in profile
- if (File.exists(Install.getFolder(profileDir, jarName))) {
- if (!this.silentInstall) {
- Install.alert('Updating existing Profile install of ' +
- this.extFullName + ' to version ' + this.extVersion + '.');
- }
- this.profileInstall = true;
- }
- else if (!this.silentInstall) {
- // Ask user for install location, profile or browser dir?
- this.profileInstall = Install.confirm('Install ' + this.extFullName + ' ' +
- this.extVersion + ' to the Profile directory [OK] or ' +
- 'the Browser directory [Cancel]?');
- }
-
- // Init install
- var dispName = this.extFullName + ' ' + this.extVersion;
- var regName = '/' + this.extAuthor + '/' + this.extShortName;
- Install.initInstall(dispName, regName, this.extVersion);
-
- // Find directory to install into
- var installPath;
- if (this.profileInstall) {
- installPath = profileDir;
- }
- else {
- installPath = globalDir;
- }
-
- // Add JAR file
- Install.addFile(null, 'chrome/' + jarName, installPath, null);
-
- // Register chrome
- var jarPath = Install.getFolder(installPath, jarName);
- var installType = (this.profileInstall ? Install.PROFILE_CHROME : Install.DELAYED_CHROME);
-
- // Register content
- Install.registerChrome(Install.CONTENT | installType, jarPath,
- 'content/' + this.extShortName + '/');
-
- // Register locales
- var regPath;
- for (var i=0; i<this.extLocaleNames.length; ++i) {
- if (confirm('Do you want to install ('+this.extLocaleNames[i]+') locale as default translation?')) {
- regPath = 'locale/' + this.extLocaleNames[i] + '/' + this.extShortName + '/';
- Install.registerChrome(Install.LOCALE | installType, jarPath, regPath);
- break;
- }
- }
- if (!regPath) {
- regPath = 'locale/' + this.extLocaleNames[0] + '/' + this.extShortName + '/';
- Install.registerChrome(Install.LOCALE | installType, jarPath, regPath);
- }
-
- // Register skins
- for (var skin in this.extSkinNames) {
- var regPath = 'skin/' + this.extSkinNames[skin] + '/' + this.extShortName + '/';
- Install.registerChrome(Install.SKIN | installType, jarPath, regPath);
- }
-
- // Copy component files
- for (var comp in this.extComponents) {
- var compFolder = getFolder('Program','components/');
- addFile(this.extAuthor, 'components/' +
- this.extComponents[comp], compFolder, null);
- }
-
- // Copy preference files
- for (var pref in this.extPreferences) {
- var prefFolder = getFolder('Program','defaults/pref/');
- addFile(this.extAuthor, 'defaults/preferences/' +
- this.extPreferences[pref], prefFolder, null);
- }
-
- // Perform install
- var err = Install.performInstall();
- if (err == Install.SUCCESS || err == Install.REBOOT_NEEDED) {
- if (!this.silentInstall && this.extPostInstallMessage) {
- Install.alert('The ' + this.extFullName + ' ' + this.extVersion +
- ' extension has been ' + 'succesfully installed.\n\n' +
- jarPath + '\n\n' + this.extPostInstallMessage);
- }
- }
- else {
- this.handleError(err);
- return;
- }
- },
-
- parseArguments: function() {
- // Can't use string handling in install, so use if statement instead
- var args = Install.arguments;
- if (args == 'p=0') {
- this.profileInstall = false;
- this.silentInstall = true;
- }
- else if (args == 'p=1') {
- this.profileInstall = true;
- this.silentInstall = true;
- }
- },
-
- handleError: function(err) {
- if (!this.silentInstall) {
- Install.alert('Error: Could not install ' + this.extFullName + ' ' + this.extVersion +
- ' (Error code: ' + err + ')');
- }
- Install.cancelInstall(err);
- }
-};
-
-XpiInstaller.install();
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.rdf b/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.rdf
deleted file mode 100644
index d0c609b..0000000
--- a/config/chroot_local-includes/etc/iceweasel/profile/extensions/{00084897-021a-4361-8423-083407a033e0}/install.rdf
+++ /dev/null
@@ -1,135 +0,0 @@
-<?xml version="1.0"?>
-
-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-
- <Description about="urn:mozilla:install-manifest">
-
- <em:id>{00084897-021a-4361-8423-083407a033e0}</em:id>
- <em:name>CS Lite</em:name>
- <em:version>1.4</em:version>
- <em:description>Control cookie permissions.</em:description>
- <em:creator>Ron Beckman</em:creator>
- <em:homepageURL>http://addons.mozilla.org</em:homepageURL>
- <em:iconURL>chrome://cookiesafe/skin/cookiesafe.gif</em:iconURL>
- <em:aboutURL>chrome://cookiesafe/content/cookiesafeAbout.xul</em:aboutURL>
- <em:optionsURL>chrome://cookiesafe/content/cookiesafeOptions.xul</em:optionsURL>
- <!--<em:updateURL>https://forum.softwareblaze.com/cslite/update.rdf</em:updateURL>-->
-
- <em:contributor>Matt Go (Sweets icons)</em:contributor>
- <em:contributor>Digital Studio Art (Simple icons)</em:contributor>
- <em:contributor>Hand icons inspired by a Forrest Walter design</em:contributor>
- <em:contributor>Blocklist maintained by Alan Baxter</em:contributor>
- <em:contributor>Fingli (bg-BG)</em:contributor>
- <em:contributor>Richard (de-DE)</em:contributor>
- <em:contributor>Proyecto Nave (es-ES)</em:contributor>
- <em:contributor>Menet (fr-FR)</em:contributor>
- <em:contributor>Cashman (hu-HU)</em:contributor>
- <em:contributor>Bluviolin (it-IT)</em:contributor>
- <em:contributor>Drry (ja-JP)</em:contributor>
- <em:contributor>Wtspout (ko-KR)</em:contributor>
- <em:contributor>Markh (nl-NL)</em:contributor>
- <em:contributor>Skiff (pl-PL)</em:contributor>
- <em:contributor>Alberto Eidh (pt-BR)</em:contributor>
- <em:contributor>FunAlien (ru-RU)</em:contributor>
- <em:contributor>Myroslav (uk-UA)</em:contributor>
- <em:contributor>Fracsh / Firewire (zh-CN)</em:contributor>
-
- <em:file>
- <Description about="urn:mozilla:extension:file:cookiesafe.jar">
- <em:package>content/cookiesafe/</em:package>
- <em:skin>skin/classic/cookiesafe/</em:skin>
- <em:locale>locale/en-US/cookiesafe/</em:locale>
- <em:locale>locale/bg-BG/cookiesafe/</em:locale>
- <em:locale>locale/de-DE/cookiesafe/</em:locale>
- <em:locale>locale/es-ES/cookiesafe/</em:locale>
- <em:locale>locale/fr-FR/cookiesafe/</em:locale>
- <em:locale>locale/hu-HU/cookiesafe/</em:locale>
- <em:locale>locale/it-IT/cookiesafe/</em:locale>
- <em:locale>locale/ja-JP/cookiesafe/</em:locale>
- <em:locale>locale/ko-KR/cookiesafe/</em:locale>
- <em:locale>locale/nl-NL/cookiesafe/</em:locale>
- <em:locale>locale/pl-PL/cookiesafe/</em:locale>
- <em:locale>locale/pt-BR/cookiesafe/</em:locale>
- <em:locale>locale/ro-RO/cookiesafe/</em:locale>
- <em:locale>locale/ru-RU/cookiesafe/</em:locale>
- <em:locale>locale/uk-UA/cookiesafe/</em:locale>
- <em:locale>locale/zh-CN/cookiesafe/</em:locale>
- </Description>
- </em:file>
-
- <!-- Mozilla Firefox -->
- <em:targetApplication>
- <Description>
- <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
- <em:minVersion>2.0</em:minVersion>
- <em:maxVersion>3.5.16</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- Mozilla Suite (no longer supported)
- <em:targetApplication>
- <Description>
- <em:id>{86c18b42-e466-45a9-ae7a-9b95ba6f5640}</em:id>
- <em:minVersion>1.7</em:minVersion>
- <em:maxVersion>1.8b1</em:maxVersion>
- </Description>
- </em:targetApplication>
- Mozilla Suite (no longer supported) -->
-
- <!-- Flock -->
- <em:targetApplication>
- <Description>
- <em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
- <em:minVersion>1.0</em:minVersion>
- <em:maxVersion>1.2</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- SeaMonkey -->
- <em:targetApplication>
- <Description>
- <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
- <em:minVersion>1.1</em:minVersion>
- <em:maxVersion>2.0a3</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- Netscape -->
- <em:targetApplication>
- <Description>
- <em:id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</em:id>
- <em:minVersion>9.0</em:minVersion>
- <em:maxVersion>9.0.*</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- Thunderbird -->
- <em:targetApplication>
- <Description>
- <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
- <em:minVersion>2.0</em:minVersion>
- <em:maxVersion>3.0b2pre</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- eMusic RDM -->
- <em:targetApplication>
- <Description>
- <em:id>dlm@emusic.com</em:id>
- <em:minVersion>1.0</em:minVersion>
- <em:maxVersion>1.0.*</em:maxVersion>
- </Description>
- </em:targetApplication>
-
- <!-- Songbird -->
- <em:targetApplication>
- <Description>
- <em:id>songbird@songbirdnest.com</em:id>
- <em:minVersion>0.4</em:minVersion>
- <em:maxVersion>1.0</em:maxVersion>
- </Description>
- </em:targetApplication>
- </Description>
-
-</RDF>
diff --git a/config/chroot_local-includes/etc/iceweasel/profile/user.js b/config/chroot_local-includes/etc/iceweasel/profile/user.js
index 7b94ca1..7fd5817 100644
--- a/config/chroot_local-includes/etc/iceweasel/profile/user.js
+++ b/config/chroot_local-includes/etc/iceweasel/profile/user.js
@@ -8,8 +8,6 @@ user_pref("extensions.firegpg.gmail_enabled", false);
user_pref("extensions.firegpg.gpg_version", "FIREGPG_VERSION");
user_pref("extensions.firegpg.keyserver", "hkp://2eghzlv2wwcq7u7y.onion");
user_pref("extensions.firegpg.show_website", false);
-// Prevents potential plaintext leak through javascript when decrypting
-user_pref("extensions.firegpg.result_always_in_new_window", true);
// Block read and write access to the history in non-Tor mode
user_pref("extensions.torbutton.block_nthread", true);
diff --git a/config/chroot_local-includes/etc/init.d/htpdate b/config/chroot_local-includes/etc/init.d/htpdate
new file mode 100755
index 0000000..27dc84d
--- /dev/null
+++ b/config/chroot_local-includes/etc/init.d/htpdate
@@ -0,0 +1,87 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: htpdate
+# Default-Start:
+# Default-Stop:
+# Required-Start: mountkernfs $local_fs
+# Required-Stop:
+# Short-Description: Set time using HTP
+# Description: Set time using HTP
+### END INIT INFO
+
+DESC="Setting time using HTP"
+NAME=htpdate
+SCRIPTNAME=/etc/init.d/$NAME
+HTP_DIR=/var/run/$NAME
+PIDFILE=$HTP_DIR/pid
+HTP_SUCCESS_FILE=$HTP_DIR/success
+LOG=/var/log/$NAME.log
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+# Create status directory and log file
+install -o root -g root -m 0755 -d ${HTP_DIR}
+install -o htp -g nogroup -m 0644 /dev/null ${LOG}
+
+# Source configuration
+. /etc/default/$NAME
+
+# Sanity checks
+if [ -z "$HTTP_USER_AGENT" ]; then
+ log "HTTP_USER_AGENT is not set."
+ exit 2
+fi
+if [ -z "$HTP_POOL" ]; then
+ log "HTP_POOL is not set"
+ exit 3
+fi
+
+log() {
+ echo "$@" >> "${LOG}"
+}
+
+do_start() {
+ start-stop-daemon -S -q -p ${PIDFILE} -bm -x /usr/local/sbin/htpdate -- \
+ -d \
+ -l "$LOG" \
+ -a "$HTTP_USER_AGENT" \
+ -f \
+ -p \
+ -u htp \
+ -T "$HTP_SUCCESS_FILE" \
+ $HTP_POOL
+}
+
+do_stop() {
+ start-stop-daemon -K -q -p ${PIDFILE}
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "$DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ do_stop
+ ;;
+ restart)
+ do_stop
+ do_start
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME (start|stop|restart)" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec b/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec
new file mode 100755
index 0000000..119ed8c
--- /dev/null
+++ b/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec
@@ -0,0 +1,27 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: tails-reconfigure-kexec
+# Required-Start: $local_fs
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Reconfigure kexec depending on running kernel
+# Description: Reconfigure kexec depending on running kernel
+### END INIT INFO
+
+KEXEC_CONF=/etc/default/kexec
+
+case "$1" in
+ start)
+ echo "KERNEL_IMAGE=\"$(/usr/local/bin/tails-get-bootinfo kernel)\"" >> "$KEXEC_CONF"
+ echo "INITRD=\"$(/usr/local/bin/tails-get-bootinfo initrd)\"" >> "$KEXEC_CONF"
+ if grep -qw debug=wipemem /proc/cmdline; then
+ echo 'APPEND="${APPEND} sdmemdebug=1"' >> "$KEXEC_CONF"
+ fi
+ ;;
+ *)
+ echo "Usage: $0 start" >&2
+ exit 3
+ ;;
+esac
+exit 0
diff --git a/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd b/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd
new file mode 100755
index 0000000..aff6849
--- /dev/null
+++ b/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd
@@ -0,0 +1,25 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: tails-reconfigure-memlockd
+# Required-Start: $local_fs memlockd
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Reconfigure memlockd depending on running kernel
+# Description: Reconfigure memlockd depending on running kernel
+### END INIT INFO
+
+MEMLOCKD_CONF=/etc/memlockd.cfg
+
+case "$1" in
+ start)
+ /usr/local/bin/tails-get-bootinfo kernel >> "$MEMLOCKD_CONF"
+ /usr/local/bin/tails-get-bootinfo initrd >> "$MEMLOCKD_CONF"
+ service memlockd restart
+ ;;
+ *)
+ echo "Usage: $0 start" >&2
+ exit 3
+ ;;
+esac
+exit 0
diff --git a/config/chroot_local-includes/etc/lsb-base-logging.sh b/config/chroot_local-includes/etc/lsb-base-logging.sh
new file mode 100755
index 0000000..ff1d74c
--- /dev/null
+++ b/config/chroot_local-includes/etc/lsb-base-logging.sh
@@ -0,0 +1,70 @@
+# Colour our init scripts output
+
+# int log_end_message (int exitstatus)
+log_end_msg () {
+ # If no arguments were passed, return
+ if [ -z "${1:-}" ]; then
+ return 1
+ fi
+
+ retval=$1
+
+ log_end_msg_pre "$@"
+
+ # Only do the fancy stuff if we have an appropriate terminal
+ # and if /usr is already mounted
+ if log_use_fancy_output; then
+ RED=`$TPUT setaf 1`
+ GREEN=`$TPUT setaf 2`
+ YELLOW=`$TPUT setaf 3`
+ NORMAL=`$TPUT sgr0`
+ $TPUT hpa $((`$TPUT cols` - 12))
+ else
+ RED=''
+ GREEN=''
+ YELLOW=''
+ NORMAL=''
+ fi
+
+ if [ $1 -eq 0 ]; then
+ /bin/echo -e " [ ${GREEN}OK${NORMAL} ]"
+ elif [ $1 -eq 255 ]; then
+ /bin/echo -e " [${YELLOW}WARNING!${NORMAL}]"
+ else
+ /bin/echo -e " [ ${RED}FAILED${NORMAL} ]"
+ fi
+ log_end_msg_post "$@"
+ return $retval
+}
+
+log_action_end_msg () {
+ log_action_end_msg_pre "$@"
+ if [ -z "${2:-}" ]; then
+ end=""
+ else
+ end=" ($2)"
+ fi
+
+ /bin/echo -n "${end}"
+
+ # Only do the fancy stuff if we have an appropriate terminal
+ # and if /usr is already mounted
+ if log_use_fancy_output; then
+ RED=`$TPUT setaf 1`
+ BLUE=`$TPUT setaf 4`
+ NORMAL=`$TPUT sgr0`
+ $TPUT hpa $((`$TPUT cols` - 12))
+ else
+ RED=''
+ BLUE=''
+ NORMAL=''
+ fi
+
+
+ if [ $1 -eq 0 ]; then
+ /bin/echo -e " [ ${BLUE}DONE${NORMAL} ]"
+ else
+ /bin/echo -e " [ ${RED}FAILED${NORMAL} ]"
+ fi
+ log_action_end_msg_post "$@"
+}
diff --git a/config/chroot_local-includes/etc/memlockd.cfg b/config/chroot_local-includes/etc/memlockd.cfg
index 1618885..853d0c6 100644
--- a/config/chroot_local-includes/etc/memlockd.cfg
+++ b/config/chroot_local-includes/etc/memlockd.cfg
@@ -1,11 +1,11 @@
-+/bin/sh
-/etc/init.d/tails-kexec
-/etc/init.d/kexec-load
-+/bin/stty
+/bin/cat
++/bin/chvt
++/bin/sh
+/bin/sleep
-+/sbin/kexec
++/bin/stty
/etc/default/locale
-/vmlinuz
-/initrd.img
+/etc/init.d/kexec-load
+/etc/init.d/tails-kexec
++/sbin/kexec
+/usr/bin/eject
++/usr/bin/pkill
diff --git a/config/chroot_local-includes/etc/tor/torrc b/config/chroot_local-includes/etc/tor/torrc
index 39a3d40..c42eb76 100644
--- a/config/chroot_local-includes/etc/tor/torrc
+++ b/config/chroot_local-includes/etc/tor/torrc
@@ -50,6 +50,11 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+ControlPort 9051
+ControlListenAddress 127.0.0.1
+
############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
@@ -159,5 +164,9 @@ TransListenAddress 127.0.0.1
## Misc
AvoidDiskWrites 1
+## We don't care if applications do their own DNS lookups since our Tor
+## enforcement will handle it safely.
+WarnUnsafeSocks 0
+
## Default list for 0.2.1.30 + 6523 (gobby)
LongLivedPorts 21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300
diff --git a/config/chroot_local-includes/etc/whisperback/config.py b/config/chroot_local-includes/etc/whisperback/config.py
index 43dfb9b..c61711c 100644
--- a/config/chroot_local-includes/etc/whisperback/config.py
+++ b/config/chroot_local-includes/etc/whisperback/config.py
@@ -40,7 +40,7 @@ import random
# This section defines the recepient parameters
# The address of the recipient
-to_address = "amnesia@boum.org"
+to_address = "tails@boum.org"
# The fingerprint of the recipient's GPG key
to_fingerprint = "09F6BC8FEEC9D8EE005DBAA41D2975EDF93E735F"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-get-bootinfo b/config/chroot_local-includes/usr/local/bin/tails-get-bootinfo
new file mode 100755
index 0000000..9261e9d
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/tails-get-bootinfo
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+LIVE_IMAGE_MOUNTPOINT=/live/image
+for arg in $(cat /proc/cmdline) ; do
+ case "$arg" in
+ BOOT_IMAGE=*)
+ kernel="${arg#BOOT_IMAGE=}"
+ ;;
+ initrd=*)
+ initrd="${arg#initrd=}"
+ ;;
+ esac
+done
+
+# Sanity checks
+[ -n "$kernel" ] || exit 4
+[ -n "$initrd" ] || exit 5
+
+case "$1" in
+ kernel)
+ echo "${LIVE_IMAGE_MOUNTPOINT}${kernel}"
+ ;;
+ initrd)
+ echo "${LIVE_IMAGE_MOUNTPOINT}${initrd}"
+ ;;
+ *)
+ usage "$0 kernel|initrd"
+ exit 3
+esac
+
+exit 0
diff --git a/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user b/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user
deleted file mode 100755
index c3ec52f..0000000
--- a/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use 5.10.1;
-
-#man{{{
-
-=head1 NAME
-
-tails-htp-notify-user
-
-=head1 VERSION
-
-Version X.XX
-
-=head1 AUTHOR
-
-Tails dev team <amnesia@boum.org>
-See https://tails.boum.org/.
-
-=cut
-
-#}}}
-
-use Data::Dumper;
-use Desktop::Notify;
-use English '-no_match_vars';
-use Locale::gettext;
-use POSIX;
-
-### initialization
-setlocale(LC_MESSAGES, "");
-textdomain("tails-htp-notify-user");
-my $htp_done_file = '/var/lib/live/htp-done';
-my $htp_success_file = '/var/lib/live/htp-success';
-my $htp_log_file = '/var/log/htpdate.log';
-my $debug;
-
-### Enabling debug mode until the Squeeze regression is sorted out.
-$debug = 1;
-
-### subroutines
-
-sub debug { say STDERR $_[0] unless $debug; }
-
-### main
-
-exit 0 if -e $htp_success_file;
-
-my $notify = Desktop::Notify->new()
- or die "Failed creating Desktop::Notify object.";
-debug('$notify:' . "\n" . Dumper($notify));
-
-my $summary = gettext("Synchronizing the system's clock");
-my $body = gettext("Tor needs an accurate clock to work properly. Please wait...");
-
-my $notification = $notify->create(summary => $summary,
- body => $body,
- timeout => 0)
- or die "Failed to create notification object";
-debug('$notification:' . "\n" . Dumper($notification));
-
-$notification->show() or warn "Failed showing notification.";
-until (-e $htp_done_file) {
- sleep 1;
-}
-
-# in case htpdate went fine, close the 'Please wait...' notification
-if (-e $htp_success_file) {
- $notification->close();
-}
-# in case htpdate failed, notify the user with the corresponding logs
-else {
- open(my $htp_log, '<', $htp_log_file)
- or die "Can not open file '$htp_log_file': $OS_ERROR";
- my $last_log;
- while (<$htp_log>) {
- if ($_ =~ /^HTP NetworkManager hook: here we go/) {
- $last_log = '';
- next;
- }
- $last_log .= $_;
- }
- my $failure_summary = gettext("Failed to synchronize the clock!");
- my $failure_body = $last_log;
- my $failure_notification = $notify->create(summary => $failure_summary,
- body => $failure_body,
- timeout => 0);
- $failure_notification->show();
-}
diff --git a/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper b/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper
index 1bd778f..e79d288 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper
+++ b/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper
@@ -1,9 +1,15 @@
#!/bin/sh
-# wait for HTP to finish
-until [ -e /var/lib/live/htp-done ]; do
- sleep 1
+TORDATE_DIR=/var/run/tordate
+TORDATE_DONE_FILE="${TORDATE_DIR}/done"
+INOTIFY_TIMEOUT=60
+
+# wait for a guarantee that time is in Tor valid range
+while :; do
+ if [ -e "$TORDATE_DONE_FILE" ]; then
+ break
+ fi
+ inotifywait -q -t "$INOTIFY_TIMEOUT" -e create --format %w%f "$TORDATE_DIR"
done
-sleep 120
exec /usr/local/bin/tails-security-check
diff --git a/config/chroot_local-includes/usr/local/bin/tails-start-i2p b/config/chroot_local-includes/usr/local/bin/tails-start-i2p
index 058ba44..260154d 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-start-i2p
+++ b/config/chroot_local-includes/usr/local/bin/tails-start-i2p
@@ -7,7 +7,7 @@ use warnings;
=head1 NAME
-tails-htp-notify-user
+tails-start-i2p
=head1 VERSION
@@ -68,7 +68,7 @@ my $notification = $notify->create(summary => $summary,
$notification->show();
-my $htp_success_file = '/var/lib/live/htp-success';
+my $htp_success_file = '/var/run/htpdate/success';
my $htp_wait = 0;
# There was a "fix" in i2p 0.8.8 for handling clock jumps and skews which seems
diff --git a/config/chroot_local-includes/usr/local/sbin/fillram b/config/chroot_local-includes/usr/local/sbin/fillram
new file mode 100755
index 0000000..94247eb
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/fillram
@@ -0,0 +1,7 @@
+#!/usr/bin/python
+
+# NB: this program is subject to the system's per-process memory limits.
+
+string = ""
+while True:
+ string = string + "wipe_didnt_work\n"
diff --git a/config/chroot_local-includes/usr/local/sbin/htpdate b/config/chroot_local-includes/usr/local/sbin/htpdate
index d099a94..2e92c74 100644
--- a/config/chroot_local-includes/usr/local/sbin/htpdate
+++ b/config/chroot_local-includes/usr/local/sbin/htpdate
@@ -53,8 +53,9 @@ my $ssl_protocol = 'TLSv1'; # will be passed to wget's --secure-protocol
my $useragent = "htpdate/$VERSION";
my $userid = ''; # userid for proxy servers
my $dns_timeout;
+my $res_file;
-our ($opt_d, $opt_h, $opt_q, $opt_x, $opt_u, $opt_a, $opt_f, $opt_l, $opt_p, $opt_t);
+our ($opt_d, $opt_h, $opt_q, $opt_x, $opt_u, $opt_a, $opt_f, $opt_l, $opt_p, $opt_t, $opt_T);
sub message {
my @msg = @_;
@@ -82,7 +83,7 @@ sub error (@_) {
sub parseCommandLine () {
# specify valid switches
- getopts('dhqxfpu:a:l:t:') || usage();
+ getopts('dhqxfpu:a:l:t:T:') || usage();
usage() if $opt_h;
usage() unless $ARGV[0];
@@ -96,6 +97,7 @@ sub parseCommandLine () {
$quiet = 1 if $opt_q;
$set_date = 0 if $opt_x;
$dns_timeout = $opt_t if $opt_t;
+ $res_file = $opt_T if $opt_T;
my @urls;
foreach my $url (@ARGV) {
@@ -113,7 +115,7 @@ sub usage () {
print STDERR <<USAGE;
htpdate version $VERSION
-Usage: $0 [-dhqxf] [-u userid] [-a useragent] [-t dns_timeout] <URL> [<URL> ...]
+Usage: $0 [-dhqxf] [-u userid] [-a useragent] [-t dns_timeout] [-T success_file] <URL> [<URL> ...]
-d debug
-h show this help
@@ -125,6 +127,7 @@ Usage: $0 [-dhqxf] [-u userid] [-a useragent] [-t dns_timeout] <URL> [<URL> ...]
-l log to this file rather than to STDOUT
-p paranoid mode: don't set time unless all servers could be reached
-t DNS timeout for wget
+ -T create this file after setting time successfully
e.g. $0 -x http://www.microsoft.com/ https://check.torproject.org/
@@ -238,6 +241,9 @@ sub adjustDate {
error "An error occured setting the time\n@output";
}
close($fd);
+ open my $res_h, '>>', $res_file or die "Cannot open res file $res_file: $!";
+ print $res_h "$diff\n";
+ close $res_h;
$> = getpwnam($opt_u) if $opt_u;
}
}
diff --git a/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper b/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
index eb7b5d6..5600c83 100755
--- a/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
+++ b/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
@@ -47,11 +47,14 @@ do_stop() {
# Really make sure that the CD is ejected
# FIXME: this might not be necessary with future kernel/udev
if [ "${DEV_TYPE}" = "cd" ]; then
- eject -i off "${BOOT_DEVICE}" 2>&1 >/dev/null || true
- eject -m "${BOOT_DEVICE}" 2>&1 >/dev/null || true
+ /usr/bin/eject -i off "${BOOT_DEVICE}" 2>&1 >/dev/null || true
+ /usr/bin/eject -m "${BOOT_DEVICE}" 2>&1 >/dev/null || true
fi
- /etc/init.d/gdm3 stop 2>&1 >/dev/null || true
+ /usr/bin/pkill gdm3 2>&1 >/dev/null || true
+ # TODO-Wheezy: after Squeeze, kbd is replaced by console-tools,
+ # and chvt is now shipped in /usr/bin/chvt (adapt memlockd.cfg too)
+ /bin/chvt 1
/etc/init.d/kexec-load stop 2>&1 >/dev/null || true
/etc/init.d/tails-kexec stop 2>&1 >/dev/null || true
}
diff --git a/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes b/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes
new file mode 100644
index 0000000..14bf4e9
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes
@@ -0,0 +1,3 @@
+boot/initrd.img-*
+boot/vmlinux-*
+boot/vmlinuz-*
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/sdmem b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/sdmem
index d98eee8..ed95adc 100755
--- a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/sdmem
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/sdmem
@@ -26,11 +26,17 @@ esac
if [ -n "${sdmem}" ] ; then
tweak_sysctl
- if [ -n "${sdmemopts}" ] ; then
- /usr/bin/sdmem "-${sdmemopts}"
- else
- /usr/bin/sdmem -v
+ if [ -z "${sdmemopts}" ] ; then
+ sdmemopts="v"
fi
+ for i in $(seq 0 30) ; do /usr/bin/sdmem "-${sdmemopts}" & done
+ # Wait for at least one sdmem job to complete.
+ /usr/bin/sdmem "-${sdmemopts}"
+fi
+
+if [ "${sdmemdebug}" = 1 ] ; then
+ echo "Going to sleep 10 minutes. Happy dumping!"
+ sleep 600
fi
case "${sdmem}" in
diff --git a/config/chroot_local-includes/usr/share/locale/ar/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/ar/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/ar/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/de/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/de/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/de/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/en/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/en/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/en/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/es/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/es/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/es/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/fr/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/fr/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index 639316c..0000000
--- a/config/chroot_local-includes/usr/share/locale/fr/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,32 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: 2010-12-23 15:52+0100\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr "Mise à jour de l'horloge système..."
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-"Tor a besoin d'une horloge bien réglée pour fonctionner correctement. "
-"Veuillez patienter..."
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr "Échec de la mise à jour de l'horloge !"
diff --git a/config/chroot_local-includes/usr/share/locale/it/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/it/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/it/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/pt/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/pt/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/pt/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/locale/zh/LC_MESSAGES/tails-htp-notify-user.po b/config/chroot_local-includes/usr/share/locale/zh/LC_MESSAGES/tails-htp-notify-user.po
deleted file mode 100644
index c786ac1..0000000
--- a/config/chroot_local-includes/usr/share/locale/zh/LC_MESSAGES/tails-htp-notify-user.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-04-29 15:28+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-includes/usr/share/tails-htp-notify-user/messages.pot b/config/chroot_local-includes/usr/share/tails-htp-notify-user/messages.pot
deleted file mode 100644
index 04ca2d3..0000000
--- a/config/chroot_local-includes/usr/share/tails-htp-notify-user/messages.pot
+++ /dev/null
@@ -1,30 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-07-09 15:40+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:55
-msgid "Synchronizing the system's clock"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:56
-msgid "Tor needs an accurate clock to work properly. Please wait..."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/bin/tails-htp-notify-user:85
-msgid "Failed to synchronize the clock!"
-msgstr ""
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index bdb445c..0fe7e1c 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -30,6 +30,8 @@ pv
live-build
# needed for initramfs-tools' COMPRESS=lzma
lzma
+# needed by tordate
+inotify-tools
### Software
@@ -135,6 +137,7 @@ parted
pidgin
pidgin-otr
pitivi
+plymouth
poedit
polipo
ppp
@@ -167,6 +170,7 @@ vidalia
vim-nox
wireless-tools
xul-ext-adblock-plus
+xul-ext-cookie-monster
xul-ext-firegpg
xul-ext-https-everywhere
xul-ext-monkeysphere
@@ -232,3 +236,11 @@ usb-modeswitch
### Printing support
foomatic-filters-ppds
+hplip
+hplip-cups
+
+### Make the MAT more powerful
+libimage-exiftool-perl
+python-cairo
+python-mutagen
+python-poppler
diff --git a/config/chroot_local-patches/torsocks_claws-mail.diff b/config/chroot_local-patches/torsocks_claws-mail.diff
new file mode 100644
index 0000000..2142ebb
--- /dev/null
+++ b/config/chroot_local-patches/torsocks_claws-mail.diff
@@ -0,0 +1,12 @@
+diff -Naur usr.orig/share/applications/claws-mail.desktop usr/share/applications/claws-mail.desktop
+--- chroot.orig/usr/share/applications/claws-mail.desktop 2011-10-17 14:46:00.278241354 +0200
++++ chroot/usr/share/applications/claws-mail.desktop 2011-10-17 14:47:01.782963288 +0200
+@@ -5,7 +5,7 @@
+ Comment=E-Mail client
+ Comment[ja]=Żҥ᡼륯饤
+ Comment[es]=Cliente de correo
+-Exec=claws-mail
++Exec=torify claws-mail
+ Icon=claws-mail
+ Terminal=false
+ Type=Application
diff --git a/debian/changelog b/debian/changelog
index 6a115a7..7c68baa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,65 @@
+tails (0.9) unstable; urgency=low
+
+ * Tor
+ - Upgrade to 0.2.2.34 (fixes CVE-2011-2768, CVE-2011-2769).
+
+ * Iceweasel
+ - Upgrade to 3.5.16-11 (fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
+ - Upgrade FireGPG to 0.8-1+tails2: notify users that the FireGPG Text
+ Editor is the only safe place for performing cryptographic operations,
+ and make it impossible to do otherwise. Other ways open up several
+ severe attacks through JavaScript (e.g. leaking plaintext when
+ decrypting, signing messages written by the attacker).
+ - Install Cookie Monster extension instead of CS Lite.
+ - Always ask where to save files.
+ - Upgrade Torbutton to 1.4.4.1-1, which includes support for the in-browser
+ "New identity" feature.
+
+ * Software
+ - Install MAT, the metadata anonymisation toolkit.
+ - Upgrade TrueCrypt to 7.1.
+ - Upgrade WhisperBack to 1.5~rc1 (leads the user by the hand if an error
+ occurs while sending the bugreport, proposes to save it after 2 faild
+ attempts, numerous bugfixes).
+ - Linux: upgrade to linux-image-3.0.0-2-486 (version 3.0.0-6); fixes
+ a great number of bugs and security issues.
+
+ * Miscellaneous
+ - Fully rework date and time setting system.
+ - Remove the htp user firewall exception.
+ - Saner keyboard layouts for Arabic and Russian.
+ - Use Plymouth text-only splash screen at boot time.
+ - Color the init scripts output.
+ - Suppress Tor's warning about applications doing their own DNS lookups.
+ This is totally safe due to our Tor enforcement.
+ - Disable hdparm boot-time service.
+ We only want hdparm so that laptop-mode-tools can use it.
+ - Run Claws Mail using torify.
+ It's not as good as if Claws Mail supported SOCKS proxies itself,
+ but still better than relying on the transparent netfilter torification.
+ - Install HPLIP and hpcups for better printing support.
+
+ * Erase memory at shutdown
+ - Run many sdmem instances at once.
+ In hope of erasing more memory until we come up with a proper fix for
+ [[bugs/sdmem_does_not_clear_all_memory]].
+ - Kill gdm3 instead of using its initscript on brutal shutdown.
+ - Use absolute path to eject for more robust memory wipe on boot medium removal.
+
+ * Space savings
+ - Exclude kernel and initramfs from being put into the SquashFS.
+ Those files are already shipped where they are needed, that is in the ISO
+ filesystem. Adapt kexec and memlockd bits.
+ - Do not ship the GNOME icon theme cache.
+ - Do not ship .pyc files.
+ - Do not ship NEWS.Debian.gz files.
+
+ * Build system
+ - Re-implement hook that modifies syslinux config to make future
+ development easier.
+
+ -- Tails developers <amnesia@boum.org> Tue, 01 Nov 2011 13:26:38 +0100
+
tails (0.8.1) unstable; urgency=low
* Iceweasel
@@ -30,6 +92,8 @@ tails (0.8.1) unstable; urgency=low
- Set more appropriate Linux VM config before wiping memory. These
parameters should make the wipe process more robust and efficient.
+ -- Tails developers <amnesia@boum.org> Sun, 16 Oct 2011 11:31:18 +0200
+
tails (0.8) unstable; urgency=low
* Rebase on the Debian Squeeze 6.0.2.1 point-release.
diff --git a/wiki/src/bugs/Error_404_while_downloading_Tails_0.8.1_via_HTTP.mdwn b/wiki/src/bugs/Error_404_while_downloading_Tails_0.8.1_via_HTTP.mdwn
index 533439b..59c045b 100644
--- a/wiki/src/bugs/Error_404_while_downloading_Tails_0.8.1_via_HTTP.mdwn
+++ b/wiki/src/bugs/Error_404_while_downloading_Tails_0.8.1_via_HTTP.mdwn
@@ -16,3 +16,5 @@ Thanks to the team
>Until the mirror system is repaired, you can find a valid link here :
> <https://archive.torproject.org/amnesia.boum.org/tails/stable/tails-i386-0.8.1/>
+
+[[done]]
diff --git a/wiki/src/bugs/FireGPG_may_be_unsafe.mdwn b/wiki/src/bugs/FireGPG_may_be_unsafe.mdwn
index 979c6e2..4e4b0cc 100644
--- a/wiki/src/bugs/FireGPG_may_be_unsafe.mdwn
+++ b/wiki/src/bugs/FireGPG_may_be_unsafe.mdwn
@@ -61,7 +61,7 @@ It is unclear whether there is any facility for this in FireGPG. The FireGPG
API may enable it, so it should definitely be disabled (it's disabled by
default in Tails), but who knows what other stuff is in there.
-> A set of mitigations are [[!taglink pending]] for 0.9.
+> A set of mitigations are [[done]] in 0.9.
> Fixing this for real implies to
> [[remove FireGPG|todo/symmetric_OpenPGP_vs_recent_Iceweasel]], which will
> come later.
diff --git a/wiki/src/bugs/Tails_has_a_distinct_startup_signature.mdwn b/wiki/src/bugs/Tails_has_a_distinct_startup_signature.mdwn
index b07f8ef..00469be 100644
--- a/wiki/src/bugs/Tails_has_a_distinct_startup_signature.mdwn
+++ b/wiki/src/bugs/Tails_has_a_distinct_startup_signature.mdwn
@@ -13,5 +13,5 @@ This should be patched to not make ANY connections at startup beyond the expecte
> Take a look at how the Haven Project does this. It keeps network cards down until explicitly turned on by the user. ["No Network Activity by Default" section](https://www.haven-project.org/overview.html). THP uses [upstart](http://upstart.ubuntu.com/) to accomplish this. Even a single ARP from the computer running TAILS will give away the MAC and presence of a live computer. Also see the [[todo/macchanger]] todo.
->> Fixed in devel branch, [[!taglink pending]] for 0.9.
+>> Fixed in devel branch, [[done]] in 0.9.
>> See [[todo/remove_the_htp_user_firewall_exception]] for details.
diff --git a/wiki/src/bugs/Tor-time-syncronization_fail.mdwn b/wiki/src/bugs/Tor-time-syncronization_fail.mdwn
index c55cfa3..5e34980 100644
--- a/wiki/src/bugs/Tor-time-syncronization_fail.mdwn
+++ b/wiki/src/bugs/Tor-time-syncronization_fail.mdwn
@@ -4,5 +4,5 @@ Question/workaround: is it possible to disable the "Tor-time-syncronization"?
Thanks :)
>> Likely to be fixed in feature/tordate and thus devel branches,
->> [[!taglink pending]] for 0.9.
+>> [[done]] in 0.9.
>> See [[todo/remove_the_htp_user_firewall_exception]] for details.
diff --git a/wiki/src/bugs/Tor_connection_error.mdwn b/wiki/src/bugs/Tor_connection_error.mdwn
new file mode 100644
index 0000000..35d202d
--- /dev/null
+++ b/wiki/src/bugs/Tor_connection_error.mdwn
@@ -0,0 +1,3 @@
+Booting into Tails 0.9 and connection to the Tor network never happens. Vidalia message is "Loading authority certificates" and it never progresses from there. Showing the Tor network shows no systems at all. No problem connecting with the previous Tails version on the same system, network, etc.
+
+> Does it happen consistently, or was it just once?
diff --git a/wiki/src/bugs/__34__Clock_is_approx._6_months_after_the_release_date__34___but_it_was_set_correctly.mdwn b/wiki/src/bugs/__34__Clock_is_approx._6_months_after_the_release_date__34___but_it_was_set_correctly.mdwn
index 1f9d3b4..1df3da0 100644
--- a/wiki/src/bugs/__34__Clock_is_approx._6_months_after_the_release_date__34___but_it_was_set_correctly.mdwn
+++ b/wiki/src/bugs/__34__Clock_is_approx._6_months_after_the_release_date__34___but_it_was_set_correctly.mdwn
@@ -72,5 +72,6 @@ DNS resolution aside, you still need to apply this patch:
>>> Right. Applied to feature/tordate branch, thanks!
-[[!tag pending]]
+[[done]] in 0.9.
+
diff --git a/wiki/src/bugs/boot_error_at_startup_on_xp.mdwn b/wiki/src/bugs/boot_error_at_startup_on_xp.mdwn
new file mode 100644
index 0000000..0f053a5
--- /dev/null
+++ b/wiki/src/bugs/boot_error_at_startup_on_xp.mdwn
@@ -0,0 +1,11 @@
+intalled with unebootin on xp when i reboot it just give a blank screen. tried formatting again and installing still no luck! any ideas thanx.
+
+
+
+intalled with unebootin on xp when i reboot it just give a blank screen. i hit enter after a minute it says boot error. tried formatting again and installing still no luck! any ideas thanx.
+
+
+> Installing with unetbootin is not supported. Our [[download]]
+> page has the pointers you need to the right documentation.
+
+[[done]]
diff --git a/wiki/src/bugs/sdmem_does_not_clear_all_memory.mdwn b/wiki/src/bugs/sdmem_does_not_clear_all_memory.mdwn
index b912894..7b1e290 100644
--- a/wiki/src/bugs/sdmem_does_not_clear_all_memory.mdwn
+++ b/wiki/src/bugs/sdmem_does_not_clear_all_memory.mdwn
@@ -44,6 +44,12 @@ enabled in the Debian kernel, and its enabling was refused in
[[!debbug 556365]] for good reasons (i.e. this feature is actually
pretty bad at testing memory) that have nothing to do with our
usecase. We are trying to have this changed in [[!debbug 646361]].
+If this is refused, we'll have to build our own kernels; do we really
+want to go this way? If we do, [grml's kernel building
+infrastructure](http://git.grml.org/?p=grml-kernel.git) is great, and
+workarounds the numerous bugs that make kernel-package currently
+unusable ([[!debbug 629245]], [[!debbug 639251]], [[!debbug
+638012]])... by not using it at all.
On the long run, if the Linux kernel does not wipe whatever memory
pages it allocates to use for its own data structures, the kexec'd
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 0797809..f343b5d 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -961,11 +961,9 @@ installed extensions. Java support is disabled.
Iceweasel is shipped with some extensions to help users manage their
browsing experience. The Torbutton settings treat all cookies as
-session cookies by default; the [CS
-Lite](https://addons.mozilla.org/fr/firefox/addon/5207/)
-(until Tails 0.8) (PENDING-FOR-0.9 [Cookie
-Monster](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster))
-provides more
+session cookies by default; the [Cookie
+Monster](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster)
+extension provides more
fine-grained cookie control for users who need it. This prevents the
known leak of browsing informations cookies can lead to. The [Adblock
plus](https://addons.mozilla.org/fr/firefox/addon/1865/) extension
@@ -1061,7 +1059,7 @@ SHA256.
- [[!tails_gitweb config/chroot_local-includes/etc/skel/.gnupg/gpg.conf]]
- [[!tails_gitweb config/chroot_local-includes/usr/share/amnesia/gconf/apps_seahorse.xml]]
- [[!tails_gitweb config/chroot_local-includes/etc/iceweasel/profile/user.js]]
-- hkpms [announce](https://lists.riseup.net/www/arc/monkeysphere/2010-12/msg00001.html)
+- hkpms [announcement](https://lists.riseup.net/www/arc/monkeysphere/2010-12/msg00001.html)
- [hkpms in the Monkeysphere issue tracker](https://labs.riseup.net/code/issues/2016)
- hkpms is [available in Debian experimental](http://packages.debian.org/source/experimental/msva-perl)
diff --git a/wiki/src/contribute/faq.mdwn b/wiki/src/contribute/faq.mdwn
index a60c844..2a87ce3 100644
--- a/wiki/src/contribute/faq.mdwn
+++ b/wiki/src/contribute/faq.mdwn
@@ -10,6 +10,41 @@ Most of the times we are asked such a question, the answer is
So, before asking this question, please be kind enough to use our
website search functionality to look for XYZ :)
+Why doesn't Tails ship software XYZ?
+====================================
+
+First of all, please ask yourself, seriously, why should Tails ship
+software XYZ.
+
+There are many, many possible reasons why Tails does not ship software
+XYZ.
+
+0. It may have licensing issues that prohibit us from shipping it (or
+ shipping modified versions of it, which is just as bad).
+0. It may not be part of Debian stable, or even part of Debian, or
+ even packaged for Debian.
+0. It may be in conflict with our [[specification|contribute/design]],
+ or it may satisfy use cases Tails is not supposed to support.
+0. It may have privacy or anonymity issues. Was it ever audited in
+ this context?
+
+Also, generally we try not to add too much software into Tails,
+and are very careful before adding more stuff:
+
+* More software implies more security issues.
+* We do care about backward compatibility. Removing a software package
+ is problematic, even if it should be removed due to e.g. security
+ concerns, since users may have come to rely on it. In these cases we
+ really want to provide them with suitable alternatives.
+* Tails ISO image size matters.
+
+To end with, it might be that we simply have not thought of software
+XYZ yet. Reading our [[design document|contribute/design]] may help
+you understand which use cases Tails covers and hence which types of
+software we may consider. If you feel that XYZ would fill up an empty
+space, please [[suggest it to us|todo]] and give valid points for its
+inclusion.
+
Why isn't Tails based on system XYZ?
====================================
@@ -105,41 +140,6 @@ and more distribution vendors enable those options, it seems safe to
bet serious attackers take this into account, and design their
exploits accordingly.
-Why doesn't Tails ship software XYZ?
-====================================
-
-First of all, please ask yourself, seriously, why should Tails ship
-software XYZ.
-
-There are many, many possible reasons why Tails does not ship software
-XYZ.
-
-0. It may have licensing issues that prohibit us from shipping it (or
- shipping modified versions of it, which is just as bad).
-0. It may not be part of Debian stable, or even part of Debian, or
- even packaged for Debian.
-0. It may be in conflict with our [[specification|contribute/design]],
- or it may satisfy use cases Tails is not supposed to support.
-0. It may have privacy or anonymity issues. Was it ever audited in
- this context?
-
-Also, generally we try not to add too much software into Tails,
-and are very careful before adding more stuff:
-
-* More software implies more security issues.
-* We do care about backward compatibility. Removing a software package
- is problematic, even if it should be removed due to e.g. security
- concerns, since users may have come to rely on it. In these cases we
- really want to provide them with suitable alternatives.
-* Tails ISO image size matters.
-
-To end with, it might be that we simply have not thought of software
-XYZ yet. Reading our [[design document|contribute/design]] may help
-you understand which use cases Tails covers and hence which types of
-software we may consider. If you feel that XYZ would fill up an empty
-space, please [[suggest it to us|todo]] and give valid points for its
-inclusion.
-
Why does Tails ship an obsolete Firefox / Iceweasel?
====================================================
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index fafc9b6..edd22b8 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -181,14 +181,14 @@ Update todo and bugs tags:
Update the [[doc/about/features]] page.
-Write the announce for the release in `news/version_X.Y.mdwn`. Use the
-meta directive to set the post title to "Tails X.Y was released" so
+Write the announcement for the release in `news/version_X.Y.mdwn`. Use the
+meta directive to set the post title to "Tails X.Y is out" so
that aggregators (such as Planet Debian Derivatives) display a more
catchy title.
-Write an announce listing the security bugs affecting the previous
+Write an announcement listing the security bugs affecting the previous
version in `security/` in order to let the users of the old versions
-know that they have to upgrade. This announce page shall be dated back
+know that they have to upgrade. This announcement page shall be dated back
to a few days before the one to be released was *built*.
Then add the updated `debian/changelog` and you should be ready to
@@ -199,6 +199,14 @@ record the last commit before tagging happens:
Go wild!
========
+Push
+----
+
Push the last commits and the release tag to our Git repository:
git push --tags
+
+IRC
+---
+
+Update the topic in our [[chatroom|chat]].
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index f4eb147..04ac87f 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -156,6 +156,24 @@ steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].
* `modinfo vboxguest` should work
* test in VirtualBox
+# I2P
+
+* Make sure that I2P is up-to-date, at least if the
+ [changelogs](http://www.i2p2.de/announcements.html) mention that
+ security critical bugs were fixed.
+* Check that "Applications -> Internet -> I2P" works:
+ - You get the "Starting I2P..." pop-up.
+ - The router console opens in Iceweasel upon success.
+ - You get the "I2P failed to start" pop-up on failure (e.g. no
+ network so tordate failed).
+* Check that I2P connects to the network:
+ - The numbers in the "Peers" section of the router console should be
+ non-zero.
+ - You should get "Network: Firewalled" in the "General" section
+ (implying that the I2P network is reachable but UDP is blocked).
+* Check that you can reach some eepsites within Iceweasel, like
+ <http://www.i2p2.i2p> and <http://forum.i2p>.
+
# Misc
* Check that links to the online website (`Mirror:`) at the bottom of
diff --git a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
index b4ae362..32a5ec8 100644
--- a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
+++ b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
@@ -21,17 +21,11 @@ Then install this image on a 2nd USB stick
# 1. fill the RAM with a known pattern
* boot on Tails
-* add `fillram.py` which contains:
-
- string=""
- while True:
- string = string + "wipe_didnt_work\n"
-
-* launch it a few times in parallel (on a 32-bit architecture the
+* launch fillram a few times in parallel (on a 32-bit architecture the
address space of a given process is usually limited at 3 GiB - or
less, depends on the kernel configuration)
- $ for i in $(seq 0 31) ; do python fillram.py & done
+ # for i in $(seq 0 31) ; do fillram & done ; watch free -m
# 2. test that you can get the pattern
diff --git a/wiki/src/doc/about/features.de.po b/wiki/src/doc/about/features.de.po
index 9e92cb4..a3b59fb 100644
--- a/wiki/src/doc/about/features.de.po
+++ b/wiki/src/doc/about/features.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-09-21 12:39-0600\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -143,6 +143,7 @@ msgid ""
" using [gfshare](http://www.digital-scurf.org/software/libgfshare)\n"
" and [ssss](http://point-at-infinity.org/ssss/)\n"
"* [Liferea](http://liferea.sourceforge.net/) feed aggregator\n"
+"* [MAT](https://mat.boum.org/) to anonymize metadata in files\n"
msgstr ""
"* [Firefox](http://getfirefox.com) vorkonfiguriert mit:\n"
" - [Torbutton](https://www.torproject.org/torbutton) für anonymes Surfen\n"
diff --git a/wiki/src/doc/about/features.es.po b/wiki/src/doc/about/features.es.po
index 5f4295e..b62f2c8 100644
--- a/wiki/src/doc/about/features.es.po
+++ b/wiki/src/doc/about/features.es.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-09-21 12:39-0600\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -103,6 +103,7 @@ msgid ""
" using [gfshare](http://www.digital-scurf.org/software/libgfshare)\n"
" and [ssss](http://point-at-infinity.org/ssss/)\n"
"* [Liferea](http://liferea.sourceforge.net/) feed aggregator\n"
+"* [MAT](https://mat.boum.org/) to anonymize metadata in files\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/doc/about/features.fr.po b/wiki/src/doc/about/features.fr.po
index 3c2ae4e..1875eb1 100644
--- a/wiki/src/doc/about/features.fr.po
+++ b/wiki/src/doc/about/features.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-09-21 12:39-0600\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
"PO-Revision-Date: 2011-04-17 15:34+0200\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -153,6 +153,7 @@ msgid ""
" using [gfshare](http://www.digital-scurf.org/software/libgfshare)\n"
" and [ssss](http://point-at-infinity.org/ssss/)\n"
"* [Liferea](http://liferea.sourceforge.net/) feed aggregator\n"
+"* [MAT](https://mat.boum.org/) to anonymize metadata in files\n"
msgstr ""
"* [Tor](https://www.torproject.org) et son contrôleur graphique\n"
" [Vidalia](https://www.torproject.org/vidalia/)\n"
diff --git a/wiki/src/doc/about/features.mdwn b/wiki/src/doc/about/features.mdwn
index bc7ea9b..9e2d2ec 100644
--- a/wiki/src/doc/about/features.mdwn
+++ b/wiki/src/doc/about/features.mdwn
@@ -70,6 +70,7 @@ Encryption & Privacy
* [Florence](http://florence.sourceforge.net/)
virtual keyboard as a countermeasure against hardware
[keyloggers](http://en.wikipedia.org/wiki/Keylogger)
+* [MAT](https://mat.boum.org/) to anonymize metadata in files
The full packages list can be found in the [BitTorrent files download
directory](/torrents/files/) (look for files with the `.packages`
diff --git a/wiki/src/doc/about/trust.de.po b/wiki/src/doc/about/trust.de.po
index 5dcdc83..a22475f 100644
--- a/wiki/src/doc/about/trust.de.po
+++ b/wiki/src/doc/about/trust.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-31 13:06-0600\n"
+"POT-Creation-Date: 2011-11-14 18:45-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -127,7 +127,7 @@ msgid ""
"One could say that Tails is the union of Debian and Tor. What we do, "
"essentially, is gluing it all together. Hence, if you trust Debian and The "
"Tor Project, what remains to establish trust for Tails is to trust our \"glue"
-"\". As has been mentioned, Tails if Free software, so it's source code is "
+"\". As has been mentioned, Tails is Free software, so its source code is "
"completely open for inspection, and it's mainly comprised by a specification "
"of which Debian software packages to install, and how they should be "
"configured. While Tails surely doesn't get the same amount of attention as "
diff --git a/wiki/src/doc/about/trust.es.po b/wiki/src/doc/about/trust.es.po
index 5dcdc83..a22475f 100644
--- a/wiki/src/doc/about/trust.es.po
+++ b/wiki/src/doc/about/trust.es.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-31 13:06-0600\n"
+"POT-Creation-Date: 2011-11-14 18:45-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -127,7 +127,7 @@ msgid ""
"One could say that Tails is the union of Debian and Tor. What we do, "
"essentially, is gluing it all together. Hence, if you trust Debian and The "
"Tor Project, what remains to establish trust for Tails is to trust our \"glue"
-"\". As has been mentioned, Tails if Free software, so it's source code is "
+"\". As has been mentioned, Tails is Free software, so its source code is "
"completely open for inspection, and it's mainly comprised by a specification "
"of which Debian software packages to install, and how they should be "
"configured. While Tails surely doesn't get the same amount of attention as "
diff --git a/wiki/src/doc/about/trust.fr.po b/wiki/src/doc/about/trust.fr.po
index d0702c9..61263ff 100644
--- a/wiki/src/doc/about/trust.fr.po
+++ b/wiki/src/doc/about/trust.fr.po
@@ -6,8 +6,8 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-31 13:06-0600\n"
-"PO-Revision-Date: 2011-11-01 09:03+0100\n"
+"POT-Creation-Date: 2011-11-14 18:45-0800\n"
+"PO-Revision-Date: 2011-11-16 10:34+0100\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
@@ -197,7 +197,7 @@ msgid ""
"One could say that Tails is the union of Debian and Tor. What we do, "
"essentially, is gluing it all together. Hence, if you trust Debian and The "
"Tor Project, what remains to establish trust for Tails is to trust our \"glue"
-"\". As has been mentioned, Tails if Free software, so it's source code is "
+"\". As has been mentioned, Tails is Free software, so its source code is "
"completely open for inspection, and it's mainly comprised by a specification "
"of which Debian software packages to install, and how they should be "
"configured. While Tails surely doesn't get the same amount of attention as "
diff --git a/wiki/src/doc/about/trust.mdwn b/wiki/src/doc/about/trust.mdwn
index e34e1ce..175da14 100644
--- a/wiki/src/doc/about/trust.mdwn
+++ b/wiki/src/doc/about/trust.mdwn
@@ -79,7 +79,7 @@ Trusting Tails
One could say that Tails is the union of Debian and Tor. What we do,
essentially, is gluing it all together. Hence, if you trust Debian and
The Tor Project, what remains to establish trust for Tails is to trust
-our "glue". As has been mentioned, Tails if Free software, so it's
+our "glue". As has been mentioned, Tails is Free software, so its
source code is completely open for inspection, and it's mainly
comprised by a specification of which Debian software packages to
install, and how they should be configured. While Tails surely doesn't
diff --git a/wiki/src/doc/walkthrough.de.po b/wiki/src/doc/walkthrough.de.po
index ca33097..5c7fd43 100644
--- a/wiki/src/doc/walkthrough.de.po
+++ b/wiki/src/doc/walkthrough.de.po
@@ -24,7 +24,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
-"**WARNING**: this documentation is still a work in progress. It is thus\n"
+"**WARNUNG**: this documentation is still a work in progress. It is thus\n"
"incomplete, plenty of it lies on some points, and lacks screenshots. Originally\n"
"written for Incognito, it has not been fully adapted for Tails yet. Outdated\n"
"section are marked with **FIXME**. Please do **not** take them as true.\n"
diff --git a/wiki/src/download.de.po b/wiki/src/download.de.po
index dc6e7c5..d32e89a 100644
--- a/wiki/src/download.de.po
+++ b/wiki/src/download.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-11-19 16:05+0100\n"
+"POT-Creation-Date: 2011-11-12 15:26-0800\n"
"PO-Revision-Date: 2011-06-13 19:01+0200\n"
"Last-Translator: Schreppe <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -415,7 +415,7 @@ msgstr ""
#, no-wrap
msgid ""
"cd [the ISO image directory]\n"
-"gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso\n"
+"gpg --verify tails-i386-0.9.iso.pgp tails-i386-0.9.iso\n"
msgstr ""
#. type: Content of: <div><div><p>
diff --git a/wiki/src/download.es.po b/wiki/src/download.es.po
index 94a841c..6acaac5 100644
--- a/wiki/src/download.es.po
+++ b/wiki/src/download.es.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-11-19 16:05+0100\n"
+"POT-Creation-Date: 2011-11-17 14:25-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: Rodrigo Andrade <planetaskoria@gmail.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -54,6 +54,7 @@ msgstr ""
#. type: Content of: <div><div><h1>
msgid "Download the ISO image"
+<<<<<<< HEAD
msgstr "Descargar la imagen ISO"
#. type: Content of: <div><div><p>
@@ -61,11 +62,17 @@ msgid ""
"You will download Tails in the form of an <span class=\"definition\">[[!"
"wikipedia ISO_image desc=\"ISO image\"]]</span>: a single file that you will "
"later burn on a CD or installed onto a USB stick."
+=======
+>>>>>>> master
msgstr ""
#. type: Content of: <div><div><div><h2>
msgid "Direct download"
+<<<<<<< HEAD
msgstr "Descarga directa"
+=======
+msgstr ""
+>>>>>>> master
#. type: Content of: <div><div><div><h3>
msgid "Latest release"
@@ -104,7 +111,11 @@ msgstr ""
#. type: Content of: <div><div><div><h2>
msgid "BitTorrent download"
+<<<<<<< HEAD
msgstr "Descarga por BitTorrent"
+=======
+msgstr ""
+>>>>>>> master
#. type: Content of: <div><div><div><p>
msgid ""
@@ -132,7 +143,11 @@ msgstr ""
#. type: Content of: <div><div><h1>
msgid "Verify the ISO image"
+<<<<<<< HEAD
msgstr "Verificar la imagen ISO"
+=======
+msgstr ""
+>>>>>>> master
#. type: Content of: <div><div><p>
msgid ""
@@ -373,7 +388,7 @@ msgstr ""
#, no-wrap
msgid ""
"cd [the ISO image directory]\n"
-"gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso\n"
+"gpg --verify tails-i386-0.9.iso.pgp tails-i386-0.9.iso\n"
msgstr ""
#. type: Content of: <div><div><p>
diff --git a/wiki/src/download.fr.po b/wiki/src/download.fr.po
index ccb9d15..4f5baa0 100644
--- a/wiki/src/download.fr.po
+++ b/wiki/src/download.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: Tails-download-fr\n"
-"POT-Creation-Date: 2011-10-16 17:54-0600\n"
+"POT-Creation-Date: 2011-11-12 15:26-0800\n"
"PO-Revision-Date: 2011-10-17 03:53+0200\n"
"Last-Translator: \n"
"Language-Team: tavu <tav@tav.net>\n"
@@ -444,10 +444,13 @@ msgid "Then start the cryptographic verification, it can take several minutes:"
msgstr "Lancez alors la vérification, qui peut prendre plusieurs minutes:"
#. type: Content of: <div><div><pre>
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "cd [the ISO image directory]\n"
+#| "gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso\n"
msgid ""
"cd [the ISO image directory]\n"
-"gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso\n"
+"gpg --verify tails-i386-0.9.iso.pgp tails-i386-0.9.iso\n"
msgstr ""
"cd [le répertoire contenant l'image ISO]\n"
"gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso\n"
@@ -621,8 +624,10 @@ msgid ""
"graphical frontends for both Windows and Mac OS X. This also make it "
"possible to check the cryptographic signature with those operating systems:"
msgstr ""
-"GnuPG est une implémentation d'OpenPGP comportant une interface graphique pour\n"
-"Windows et Mac OS X, qui rend possible la vérification de signatures cryptographiques avec ces systèmes d'exploitation :"
+"GnuPG est une implémentation d'OpenPGP comportant une interface graphique "
+"pour\n"
+"Windows et Mac OS X, qui rend possible la vérification de signatures "
+"cryptographiques avec ces systèmes d'exploitation :"
#. type: Content of: <div><div><ul><li>
msgid "[[Gpg4win|http://www.gpg4win.org/]], for Windows"
@@ -725,7 +730,9 @@ msgstr ""
#. type: Content of: <div><div><ul><li>
msgid "[[Trusting Tails signing key|doc/trusting_tails_signing_key]]"
-msgstr "[[Faire confiance à la clef de signature Tails|doc/trusting_tails_signing_key]]"
+msgstr ""
+"[[Faire confiance à la clef de signature Tails|doc/"
+"trusting_tails_signing_key]]"
#. type: Content of: <div><div><h1>
msgid "Burn a CD or install onto a USB stick"
@@ -746,13 +753,17 @@ msgstr "Graver un CD"
#. type: Content of: <div><div><ul><li>
msgid ""
"CDs are read-only so your Tails can't be altered by a virus or an attacker."
-msgstr "Les CD sont en \"lecture seule\" ; votre Tails ne peut donc pas être modifié par un virus ou un attaquant."
+msgstr ""
+"Les CD sont en \"lecture seule\" ; votre Tails ne peut donc pas être modifié "
+"par un virus ou un attaquant."
#. type: Content of: <div><div><ul><li>
msgid ""
"CDs are cheap but you will need to burn a new CD each time you will update "
"your Tails version (hint: CD-RW)."
-msgstr "Les CD sont moins cher mais vous devrez graver un nouveau CD pour chaque nouvelle version de Tails (astuce: utiliser un CD-RW)."
+msgstr ""
+"Les CD sont moins cher mais vous devrez graver un nouveau CD pour chaque "
+"nouvelle version de Tails (astuce: utiliser un CD-RW)."
#. type: Content of: <div><div><p>
msgid ""
@@ -762,11 +773,15 @@ msgid ""
"the Ubuntu ISO image by the Tails ISO image you downloaded and ignore the "
"part on verifying the data integrity since you've already done that."
msgstr ""
-"Pour des instructions détaillées sur la gravure d'image ISO sous Linux, Windows\n"
+"Pour des instructions détaillées sur la gravure d'image ISO sous Linux, "
+"Windows\n"
"et MAC OS X, vous pouvez consulter <a\n"
-"href=\"https://help.ubuntu.com/community/BurningIsoHowto\">la documentation Ubuntu\n"
-"correspondante</a>, en remplaçant simplement l'image ISO d'Ubuntu par celle de\n"
-"Tails et en ignorant la partie concernant la vérification du fichier, vu que vous l'avez déjà effectuée."
+"href=\"https://help.ubuntu.com/community/BurningIsoHowto\">la documentation "
+"Ubuntu\n"
+"correspondante</a>, en remplaçant simplement l'image ISO d'Ubuntu par celle "
+"de\n"
+"Tails et en ignorant la partie concernant la vérification du fichier, vu que "
+"vous l'avez déjà effectuée."
#. type: Content of: <div><div><h2>
msgid "Installing onto a USB stick"
@@ -775,13 +790,16 @@ msgstr "Installer sur une clef USB"
#. type: Content of: <div><div><p>
msgid ""
"<strong>The content of the USB stick will be lost in the operation.</strong>"
-msgstr "<strong>Le contenu de la clef sera effacé lors de cette opération !</strong>"
+msgstr ""
+"<strong>Le contenu de la clef sera effacé lors de cette opération !</strong>"
#. type: Content of: <div><div><ul><li>
msgid ""
"An attacker with physical access to your USB stick or through a virus could "
"alter your Tails."
-msgstr "Un attaquant peut avoir un accès physique à votre clef USB, ou au travers d'un virus, modifier votre Tails."
+msgstr ""
+"Un attaquant peut avoir un accès physique à votre clef USB, ou au travers "
+"d'un virus, modifier votre Tails."
#. type: Content of: <div><div><ul><li>
msgid "USB sticks can be reused across Tails versions."
@@ -870,8 +888,10 @@ msgid ""
"be automatically notified of the security holes affecting the version you "
"are using at the startup of a new Tails session."
msgstr ""
-"Référez vous à notre flux [[sécurité |/security]] pour des infos détaillées sur\n"
-"les failles de sécurité affectant Tails. Par ailleurs, au démarrage de Tails,\n"
+"Référez vous à notre flux [[sécurité |/security]] pour des infos détaillées "
+"sur\n"
+"les failles de sécurité affectant Tails. Par ailleurs, au démarrage de "
+"Tails,\n"
"vous serez informé des failles concernant la version que vous utilisez."
#. type: Content of: <div><div><p>
diff --git a/wiki/src/download.html b/wiki/src/download.html
index e69e74b..26fe994 100644
--- a/wiki/src/download.html
+++ b/wiki/src/download.html
@@ -245,7 +245,7 @@ gpg: unchanged: 2
<pre>
cd [the ISO image directory]
-gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso
+gpg --verify tails-i386-0.9.iso.pgp tails-i386-0.9.iso
</pre>
<p><strong>If the ISO image is correct</strong> the output will tell you
diff --git a/wiki/src/inc/stable_i386_date.de.po b/wiki/src/inc/stable_i386_date.de.po
index 18aab34..5ee0a52 100644
--- a/wiki/src/inc/stable_i386_date.de.po
+++ b/wiki/src/inc/stable_i386_date.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-15 17:34+0300\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,5 +17,5 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: outside any tag (error?)
-msgid "October 16, 2011"
+msgid "November 11, 2011"
msgstr ""
diff --git a/wiki/src/inc/stable_i386_date.es.po b/wiki/src/inc/stable_i386_date.es.po
index 18aab34..5ee0a52 100644
--- a/wiki/src/inc/stable_i386_date.es.po
+++ b/wiki/src/inc/stable_i386_date.es.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-15 17:34+0300\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,5 +17,5 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: outside any tag (error?)
-msgid "October 16, 2011"
+msgid "November 11, 2011"
msgstr ""
diff --git a/wiki/src/inc/stable_i386_date.fr.po b/wiki/src/inc/stable_i386_date.fr.po
index d17e724..af5bf78 100644
--- a/wiki/src/inc/stable_i386_date.fr.po
+++ b/wiki/src/inc/stable_i386_date.fr.po
@@ -7,8 +7,8 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-15 17:34+0300\n"
-"PO-Revision-Date: 2011-10-15 17:56+0200\n"
+"POT-Creation-Date: 2011-11-11 15:08+0100\n"
+"PO-Revision-Date: 2011-11-11 15:09+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
@@ -17,5 +17,5 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: outside any tag (error?)
-msgid "October 16, 2011"
-msgstr "16 octobre 2011"
+msgid "November 11, 2011"
+msgstr "11 novembre 2011"
diff --git a/wiki/src/inc/stable_i386_date.html b/wiki/src/inc/stable_i386_date.html
index 5c06fe5..6456a2f 100644
--- a/wiki/src/inc/stable_i386_date.html
+++ b/wiki/src/inc/stable_i386_date.html
@@ -1 +1 @@
-October 16, 2011
+November 11, 2011
diff --git a/wiki/src/inc/stable_i386_hash.html b/wiki/src/inc/stable_i386_hash.html
index 7a7ca0e..973b278 100644
--- a/wiki/src/inc/stable_i386_hash.html
+++ b/wiki/src/inc/stable_i386_hash.html
@@ -1 +1 @@
-47337323651b061cf0e1dd4d43f3c77924ef0971e2369e6f196770ccd5f8af89 \ No newline at end of file
+9a87c60fd5f116e7422ab29d604e12c9c2a0b024bc21bedddb4c9a3e29add641 \ No newline at end of file
diff --git a/wiki/src/inc/stable_i386_iso_sig_url.html b/wiki/src/inc/stable_i386_iso_sig_url.html
index 0ca47fc..3fd0ecf 100644
--- a/wiki/src/inc/stable_i386_iso_sig_url.html
+++ b/wiki/src/inc/stable_i386_iso_sig_url.html
@@ -1 +1 @@
-http://dl.amnesia.boum.org/tails/stable/tails-i386-0.8.1/tails-i386-0.8.1.iso.pgp
+http://dl.amnesia.boum.org/tails/stable/tails-i386-0.9/tails-i386-0.9.iso.pgp
diff --git a/wiki/src/inc/stable_i386_iso_url.html b/wiki/src/inc/stable_i386_iso_url.html
index f23fbcb..c653e8a 100644
--- a/wiki/src/inc/stable_i386_iso_url.html
+++ b/wiki/src/inc/stable_i386_iso_url.html
@@ -1 +1 @@
-http://dl.amnesia.boum.org/tails/stable/tails-i386-0.8.1/tails-i386-0.8.1.iso
+http://dl.amnesia.boum.org/tails/stable/tails-i386-0.9/tails-i386-0.9.iso
diff --git a/wiki/src/inc/stable_i386_torrent_sig_url.html b/wiki/src/inc/stable_i386_torrent_sig_url.html
index e0cb392..3175001 100644
--- a/wiki/src/inc/stable_i386_torrent_sig_url.html
+++ b/wiki/src/inc/stable_i386_torrent_sig_url.html
@@ -1 +1 @@
-http://tails.boum.org/torrents/files/tails-i386-0.8.1.torrent.pgp
+http://tails.boum.org/torrents/files/tails-i386-0.9.torrent.pgp
diff --git a/wiki/src/inc/stable_i386_torrent_url.html b/wiki/src/inc/stable_i386_torrent_url.html
index 3a28bda..9ed97e3 100644
--- a/wiki/src/inc/stable_i386_torrent_url.html
+++ b/wiki/src/inc/stable_i386_torrent_url.html
@@ -1 +1 @@
-http://tails.boum.org/torrents/files/tails-i386-0.8.1.torrent \ No newline at end of file
+http://tails.boum.org/torrents/files/tails-i386-0.9.torrent \ No newline at end of file
diff --git a/wiki/src/inc/stable_i386_version.html b/wiki/src/inc/stable_i386_version.html
index c18d72b..9a7d84f 100644
--- a/wiki/src/inc/stable_i386_version.html
+++ b/wiki/src/inc/stable_i386_version.html
@@ -1 +1 @@
-0.8.1 \ No newline at end of file
+0.9 \ No newline at end of file
diff --git a/wiki/src/inc/trace b/wiki/src/inc/trace
index 35c01b2..ad3780c 100644
--- a/wiki/src/inc/trace
+++ b/wiki/src/inc/trace
@@ -1 +1 @@
-1318692566
+1321036361
diff --git a/wiki/src/index.es.po b/wiki/src/index.es.po
index 3d53317..95309a8 100644
--- a/wiki/src/index.es.po
+++ b/wiki/src/index.es.po
@@ -29,13 +29,13 @@ msgstr ""
#. type: Content of: <div><div><p>
msgid "It helps you to:"
-msgstr ""
+msgstr "Te ayuda a:"
#. type: Content of: <div><div><ul><li>
msgid ""
"<strong>use the Internet anonymously</strong> almost anywhere you go and on "
"any computer:"
-msgstr ""
+msgstr "<strong>usar Internet anonimamente</strong> casi a donde quiera que vayas y en cualquier computadora: "
#. type: Content of: <div><div><ul><li>
#, fuzzy
diff --git a/wiki/src/index.fr.po b/wiki/src/index.fr.po
index 6e4c223..325602a 100644
--- a/wiki/src/index.fr.po
+++ b/wiki/src/index.fr.po
@@ -28,7 +28,7 @@ msgid ""
msgstr ""
"Tails est un <span class=\"definition\">[[!wikipedia_fr live_CD]]</span> ou <span "
"class=\"definition\">[[!wikipedia_fr live_USB]]</span> dont le "
-"but est de préserver votre <strong>vie privée</strong> et <strong>anonymat</"
+"but est de préserver votre <strong>vie privée</strong> et votre <strong>anonymat</"
"strong>."
#. type: Content of: <div><div><p>
@@ -58,7 +58,7 @@ msgid ""
"<strong>use state-of-the-art cryptographic tools</strong> to encrypt your "
"files, emails and chat conversations."
msgstr ""
-"<strong>ne pas laisser de traces</strong> sur l'odinateur utilisé, à moins "
+"<strong>ne pas laisser de traces</strong> sur l'ordinateur utilisé, à moins "
"que vous ne le demandiez explicitement."
#. type: Content of: <div><div><p>
diff --git a/wiki/src/local.css b/wiki/src/local.css
index f730a54..dc2f556 100644
--- a/wiki/src/local.css
+++ b/wiki/src/local.css
@@ -101,7 +101,7 @@ tbody th, tbody td, tfoot th, tfoot td {
input[type="text"], input[type="password"], input[type="select"],
input[type="search"], #editcontent {
font-size: 1em;
- width: 70%;
+ width: 65%;
display: block;
}
@@ -229,7 +229,7 @@ parentlinks {
#page-contribute #talk,
#page-download #bittorrent, #page-download #http {
display: inline-block;
- width: 34%;
+ width: 32%;
vertical-align: top;
}
@@ -537,7 +537,7 @@ input#searchbox:focus {
border-bottom:thin dotted darkgrey;
border-right:thin dotted darkgrey;
float:none;
- margin:1em;
+ margin:1em 0;
max-width:40%;
padding:0 1em 0 1em;
}
diff --git a/wiki/src/news/version_0.9.mdwn b/wiki/src/news/version_0.9.mdwn
new file mode 100644
index 0000000..12a2ee6
--- /dev/null
+++ b/wiki/src/news/version_0.9.mdwn
@@ -0,0 +1,89 @@
+[[!meta date="Fri Nov 11 01:23:45 2011"]]
+[[!meta title="Tails 0.9 is out"]]
+
+The Amnesic Incognito Live System, version 0.9, is out.
+
+All users must upgrade as soon as possible.
+
+[[!toc levels=1]]
+
+# Changes
+
+Notable user-visible changes include:
+
+* Tor
+ - Upgrade to 0.2.2.34. This fixes CVE-2011-2768 and CVE-2011-2769
+ which prompted for manual updates for users of Tails 0.8.1.
+ - Suppress Tor's warning about applications doing their own DNS
+ lookups. Some users have reported concerns about these warnings,
+ but it should be noted that they are completely harmless inside
+ Tails as its system DNS resolver is Torified.
+
+* Linux 3.0.0-6, which fixed a great number of bugs and security issues.
+
+* Iceweasel
+ - Upgrade to 3.5.16-11 ((fixes CVE-2011-3647, CVE-2011-3648,
+ CVE-2011-3650).
+ - Torbutton: upgrade to 1.4.4.1-1, including support for the
+ in-browser "New identity" feature.
+ - FireGPG: upgrade to 0.8-1+tails2. Users are notified that the
+ FireGPG Text Editor is the only safe place for performing
+ cryptographic operations, and these operations has been disabled
+ in other places. Performing them outside of the editor opens up
+ several severe attacks through JavaScript (e.g. leaking plaintext
+ when decrypting, signing messages written by the attacker).
+ - Replace CS Lite with Cookie Monster for cookie management. Cookie
+ Monster has an arguably nicer interface, is being actively
+ maintained and is packaged in Debian.
+
+* Software
+ - Install [MAT](https://mat.boum.org/), the Metadata Anonymisation
+ Toolkit. Its goal is to remove file metadata which otherwise
+ could leak information about you in the documents and media files
+ you publish. This is the result of a Tails developer's suggestion
+ for GSoC 2011, although it ended up being mentored by The Tor
+ Project.
+ - Upgrade WhisperBack to 1.5~rc1. Users are guided how to send their
+ bug reports through alternative channels upon errors sending
+ them. This will make bug reporting easier when there's no network
+ connection available.
+ - Upgrade TrueCrypt to 7.1.
+
+* Miscellaneous
+ - The date and time setting system was completely reworked. This
+ should prevent time syncing issues that may prevent Tor from
+ working properly, which some users have reported. The new system
+ will not leave a fingerprintable network signature, like the old
+ system did. Previously that signature could be used to identify
+ who is using Tails (but *not* deanonymize them).
+ - Erase memory at shutdown: run many instances of the memory
+ wiper. Due to architectural limitations of i386 a process cannot
+ access all memory at the same time, and hence a single memory wipe
+ instance cannot clear all memory.
+ - Saner keyboard layouts for Arabic and Russian.
+ - Use Plymouth text-only splash screen at boot time.
+
+Plus the usual bunch of minor bug reports and improvements.
+
+See the [online
+Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.9)
+for technical details.
+
+# I want to try it / to upgrade!
+
+See the [[Getting started]] page.
+
+# Known issue
+
+The memory erasure on Tails shutdown cannot guarantee that all memory
+in the 2 GB to 4 GB region is wiped. The improvements made in Tails
+0.9 should at least make the situation better than previously.
+
+# A glimpse towards the future
+
+Were do we go from here? Have a look to our [[contribute/roadmap]] to
+see where we are heading to.
+
+Would you want to help? As explained in our [["how to contribute"
+documentation|contribute]], here are many ways **you** can contribute
+to Tails: no need to be a hardcore developer.
diff --git a/wiki/src/security/Numerous_security_holes_in_0.8.1.de.po b/wiki/src/security/Numerous_security_holes_in_0.8.1.de.po
new file mode 100644
index 0000000..fcead1b
--- /dev/null
+++ b/wiki/src/security/Numerous_security_holes_in_0.8.1.de.po
@@ -0,0 +1,81 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta date=\"Thu Nov 10 00:00:00 2011\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Numerous security holes in Tails 0.8.1\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!tag security/fixed]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid "The following security holes affect Tails 0.8.1."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"We **strongly** urge you to [[upgrade to Tails 0.9|news/version_0.9]] as "
+"soon as possible in case you are still using an older version."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Details\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"These are Debian security announces; details can be found on the [Debian "
+"security page](http://security.debian.org/):"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "openssl (DSA-2343)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "iceweasel (DSA-2341)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "nss (DSA-2339)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "ffmpeg (DSA-2336)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "tor (DSA-2331)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "freetype (DSA-2328)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "pam (DSA-2326)"
+msgstr ""
diff --git a/wiki/src/security/Numerous_security_holes_in_0.8.1.es.po b/wiki/src/security/Numerous_security_holes_in_0.8.1.es.po
new file mode 100644
index 0000000..fcead1b
--- /dev/null
+++ b/wiki/src/security/Numerous_security_holes_in_0.8.1.es.po
@@ -0,0 +1,81 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta date=\"Thu Nov 10 00:00:00 2011\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Numerous security holes in Tails 0.8.1\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!tag security/fixed]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid "The following security holes affect Tails 0.8.1."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"We **strongly** urge you to [[upgrade to Tails 0.9|news/version_0.9]] as "
+"soon as possible in case you are still using an older version."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Details\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"These are Debian security announces; details can be found on the [Debian "
+"security page](http://security.debian.org/):"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "openssl (DSA-2343)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "iceweasel (DSA-2341)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "nss (DSA-2339)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "ffmpeg (DSA-2336)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "tor (DSA-2331)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "freetype (DSA-2328)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "pam (DSA-2326)"
+msgstr ""
diff --git a/wiki/src/security/Numerous_security_holes_in_0.8.1.fr.po b/wiki/src/security/Numerous_security_holes_in_0.8.1.fr.po
new file mode 100644
index 0000000..fcead1b
--- /dev/null
+++ b/wiki/src/security/Numerous_security_holes_in_0.8.1.fr.po
@@ -0,0 +1,81 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2011-11-11 18:44-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta date=\"Thu Nov 10 00:00:00 2011\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Numerous security holes in Tails 0.8.1\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!tag security/fixed]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid "The following security holes affect Tails 0.8.1."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"We **strongly** urge you to [[upgrade to Tails 0.9|news/version_0.9]] as "
+"soon as possible in case you are still using an older version."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Details\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"These are Debian security announces; details can be found on the [Debian "
+"security page](http://security.debian.org/):"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "openssl (DSA-2343)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "iceweasel (DSA-2341)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "nss (DSA-2339)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "ffmpeg (DSA-2336)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "tor (DSA-2331)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "freetype (DSA-2328)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "pam (DSA-2326)"
+msgstr ""
diff --git a/wiki/src/security/Numerous_security_holes_in_0.8.1.mdwn b/wiki/src/security/Numerous_security_holes_in_0.8.1.mdwn
new file mode 100644
index 0000000..da98ed8
--- /dev/null
+++ b/wiki/src/security/Numerous_security_holes_in_0.8.1.mdwn
@@ -0,0 +1,23 @@
+[[!meta date="Thu Nov 10 00:00:00 2011"]]
+[[!meta title="Numerous security holes in Tails 0.8.1"]]
+
+[[!tag security/fixed]]
+
+The following security holes affect Tails 0.8.1.
+
+We **strongly** urge you to [[upgrade to Tails 0.9|news/version_0.9]]
+as soon as possible in case you are still using an older version.
+
+Details
+=======
+
+These are Debian security announces; details can be found on the
+[Debian security page](http://security.debian.org/):
+
+ - openssl (DSA-2343)
+ - iceweasel (DSA-2341)
+ - nss (DSA-2339)
+ - ffmpeg (DSA-2336)
+ - tor (DSA-2331)
+ - freetype (DSA-2328)
+ - pam (DSA-2326)
diff --git a/wiki/src/security/Upgrade_Tor.de.po b/wiki/src/security/Upgrade_Tor.de.po
index c25ded5..f8c8044 100644
--- a/wiki/src/security/Upgrade_Tor.de.po
+++ b/wiki/src/security/Upgrade_Tor.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-30 16:40+0100\n"
+"POT-Creation-Date: 2011-11-12 00:12-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,7 +28,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
-msgid "[[!tag security/current]]\n"
+msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/security/Upgrade_Tor.es.po b/wiki/src/security/Upgrade_Tor.es.po
index c25ded5..f8c8044 100644
--- a/wiki/src/security/Upgrade_Tor.es.po
+++ b/wiki/src/security/Upgrade_Tor.es.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-30 16:40+0100\n"
+"POT-Creation-Date: 2011-11-12 00:12-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,7 +28,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
-msgid "[[!tag security/current]]\n"
+msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/security/Upgrade_Tor.fr.po b/wiki/src/security/Upgrade_Tor.fr.po
index 0e7fe74..eff6901 100644
--- a/wiki/src/security/Upgrade_Tor.fr.po
+++ b/wiki/src/security/Upgrade_Tor.fr.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-10-30 16:40+0100\n"
+"POT-Creation-Date: 2011-11-12 00:12-0800\n"
"PO-Revision-Date: 2011-10-30 16:36+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,7 +28,7 @@ msgstr "[[!meta title=\"Vous devez mettre Tor à jour pour corriger une vulnéra
#. type: Plain text
#, no-wrap
-msgid "[[!tag security/current]]\n"
+msgid "[[!tag security/fixed]]\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/security/Upgrade_Tor.mdwn b/wiki/src/security/Upgrade_Tor.mdwn
index 05ded02..042609b 100644
--- a/wiki/src/security/Upgrade_Tor.mdwn
+++ b/wiki/src/security/Upgrade_Tor.mdwn
@@ -1,7 +1,7 @@
[[!meta date="Sun Oct 30 15:12:13 2011"]]
[[!meta title="You have to upgrade Tor to fix a critical anonymity vulnerability"]]
-[[!tag security/current]]
+[[!tag security/fixed]]
The version of Tor
currently shipped in Tails does not protect your anonymity as it should.
diff --git a/wiki/src/todo/64-bit_or_PAE_Kernel_to_access_higher_memory.mdwn b/wiki/src/todo/64-bit_or_PAE_Kernel_to_access_higher_memory.mdwn
new file mode 100644
index 0000000..bdf8a54
--- /dev/null
+++ b/wiki/src/todo/64-bit_or_PAE_Kernel_to_access_higher_memory.mdwn
@@ -0,0 +1,9 @@
+I need tails to be able to access more than 2.6 GB of ram. The current Kernel doesn't have or support the PAE kernel extension. Could you make a 64-bit version of tails or at least upgrade the current kernel to support PAE so that we can use more than 2.6 GB of ram?
+
+thank you,
+
+anon
+
+> Already being worked on, see [[nx_bit]].
+
+[[!tag todo/done]]
diff --git a/wiki/src/todo/Easy_USB_wipe__47__write_new_.iso_procedure_with_Disk_Utility.mdwn b/wiki/src/todo/Easy_USB_wipe__47__write_new_.iso_procedure_with_Disk_Utility.mdwn
new file mode 100644
index 0000000..0851fa6
--- /dev/null
+++ b/wiki/src/todo/Easy_USB_wipe__47__write_new_.iso_procedure_with_Disk_Utility.mdwn
@@ -0,0 +1,23 @@
+If the System Administration utility Disk Utility (on Ubuntu 10.10 is version 2.30.1 2004-2009 Red Hat, Inc.) is added to TAILS, then it is easy to update an existing USB flash drive with a new .iso in a few steps:
+
+1) Run Disk Utility with the USB plugged into a Linux Live CD/USB session. Find the USB to be reformatted and burned with the new TAILS .iso. and remember its device name, /dev/sdx where x is a an alphabet letter.
+
+2) Locate the top window pane in the Disk Utility window.
+
+3) Click on Format Drive, and choose (click) on Don't partition, and then Format. This will wipe the USB and ready it for burning the new TAILS .iso.
+
+4) From the root account or from issuing the command:
+ $ sudo -i
+to get the root account's prompt:
+ #
+issue the command:
+ # dd if=<path-to-TAILS-.iso> of=/dev/sdx
+where x is replaced by an alphabet letter which does not include a numeral [0-9] at the end, a partition, but the entire device name from the top window of Disk Utility.
+
+Note: root access is required to mount any hard drive containing the downloaded/verified TAILS .iso from which to run the dd command above.
+
+> I wonder why this would be better than [[our existing
+> documentation|doc/installing_onto_a_usb_stick/linux]].
+> Maybe you've missed it? Closing.
+
+[[!tag todo/done]]
diff --git a/wiki/src/todo/Fight_evercookies.mdwn b/wiki/src/todo/Fight_evercookies.mdwn
new file mode 100644
index 0000000..37c808b
--- /dev/null
+++ b/wiki/src/todo/Fight_evercookies.mdwn
@@ -0,0 +1,7 @@
+The web browser in Tails 0.9 is subject to evercookies, both after
+closing the browser and after using Torbutton's new identity feature:
+[test site](http://samy.pl/evercookie/).
+
+We should test if the TBB has the same problem, and possible solutions.
+
+[[!tag todo/test todo/research]]
diff --git a/wiki/src/todo/Iceweasel_5.x.mdwn b/wiki/src/todo/Iceweasel_5.x.mdwn
index bce8ca9..68c4385 100644
--- a/wiki/src/todo/Iceweasel_5.x.mdwn
+++ b/wiki/src/todo/Iceweasel_5.x.mdwn
@@ -6,20 +6,50 @@ Mozilla team's APT repository.
Next things to do
=================
-[[!tag todo/wait todo/code]]
+Extensions
+----------
Some of our extensions are not marked as compatible with FF5:
-- FoxyProxy: sid's 2.22.6-1 is compatible with FF4, but not marked as
- compatible with FF5; tracked by [[!debbug 634071]]
- Monkeysphere 0.6 is not marked as compatible with FF5; it mostly
works with FF5, though, as we [reported to
upstream](https://labs.riseup.net/code/issues/3314) and to Debian
- ([[!debbug 638585]])
+ ([[!debbug 638585]]). Let's fix this for real. [[!tag todo/code]]
-Some other extensions are in a much worse state wrt. FF4+:
+The FireGPG extension does not work in FF4+; work [[is being
+done|todo/symmetric_OpenPGP_vs_recent_Iceweasel]] to get rid of it
+anyway. Let's [[!taglink todo/wait]] for that part to be finished.
-- CS Lite 1.4: unmaintained, not compatible with FF4+, needs to be
- upgraded or replaced, see [[todo/iceweasel_addon_-_CS_Lite]]
-- FireGPG presumably does not work in FF4+; work [[is being
- done|todo/symmetric_OpenPGP_vs_recent_Iceweasel]] to find a solution.
+Configuration
+-------------
+
+### Toolbars
+
+It would be great to:
+
+* Hide the HTTPS Everywhere and FoxyProxy icons from the
+ Navigation Toolbar.
+* Hide the menu bar (and therefore hide the bookmarks icon from the
+ Navigation Toolbar).
+
+Such settings are normally saved in `localstore.rdf`, but putting such
+a customized file in `/etc/iceweasel/pref/` or
+`/etc/iceweasel/profile/` does not work, => [[!taglink todo/research]]
+how to seed this aspect of the configuration for new profiles.
+
+This is probably not blocking at all, though.
+
+A `localstore.rdf` file that would suit us would contain:
+
+ <?xml version="1.0"?>
+ <RDF:RDF xmlns:NC="http://home.netscape.com/NC-rdf#"
+ xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+ <RDF:Description RDF:about="chrome://browser/content/browser.xul#toolbar-menubar"
+ autohide="true" />
+ <RDF:Description RDF:about="chrome://browser/content/browser.xul#nav-bar"
+ currentset="unified-back-forward-button,torbutton-button,urlbar-container,reload-button,stop-button,urlbar-search-splitter,search-container,home-button,fullscreenflex,window-controls,torbutton-context-menu,cookiemonster-status" />
+ <RDF:Description RDF:about="chrome://browser/content/browser.xul">
+ <NC:persist RDF:resource="chrome://browser/content/browser.xul#nav-bar"/>
+ <NC:persist RDF:resource="chrome://browser/content/browser.xul#toolbar-menubar"/>
+ </RDF:Description>
+ </RDF:RDF>
diff --git a/wiki/src/todo/Return_of_Icedove__63__.mdwn b/wiki/src/todo/Return_of_Icedove__63__.mdwn
index 13326c1..29db894 100644
--- a/wiki/src/todo/Return_of_Icedove__63__.mdwn
+++ b/wiki/src/todo/Return_of_Icedove__63__.mdwn
@@ -64,3 +64,18 @@ found answers
* how much size does Icedove + Enigmail + l10n packages add to the
SquashFS compared to Claws Mail? -> *9MB* (as of Tails pre-0.8 devel
branch with XZ SquashFS compression)
+
+Notes from the latest discussion
+--------------------------------
+
+Thunderbird 5.0 improves the autoconfig: at least now it is possible to stop it,
+see <http://kb.mozillazine.org/Thunderbird_5.0_-_New_Features_and_Changes#Account_setup>.
+
+We could ask Tor to block all plain text port (23, 110, 143) but that would
+prevent the use of StartTLS.
+
+For the moment, we propose instead to try (not spending too much time on it) to
+code some patches on their upstream version. One option could be to disable the
+steps of the autoconfig wizard corresponding to cleartext. Let us
+[[!tag todo/research]] what exactly we want to patch to make the
+autoconfig sane.
diff --git a/wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn b/wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn
index 8e4991a..14ecdd4 100644
--- a/wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn
+++ b/wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn
@@ -23,7 +23,7 @@ significantly, which probably is when wheezy is due, a clean looking
graphical splash can be shipped with DRM support.
Quickly implemented in `feature/plymouth`.
-Merged into devel branch => [[!taglink pending]] for 0.9.
+[[!taglink todo/done]] in 0.9.
Left to do
==========
diff --git a/wiki/src/todo/Tor-less_Tails.mdwn b/wiki/src/todo/Tor-less_Tails.mdwn
new file mode 100644
index 0000000..15e73bc
--- /dev/null
+++ b/wiki/src/todo/Tor-less_Tails.mdwn
@@ -0,0 +1,14 @@
+The Tails distro is a very good Linux distro apart from the tor bundle. I find myself using it even when I don't need tor. And I like using Tails better than Ubuntu. I know I could download Debian but Debian is not as polished as Tails; in addition, debian seems kinda raw and is not as usuable out of the box like Tails is. Could you please make a version of Tails without all the security and lock-down stuff. You really have something good here that might be able to compete head-to-head with some of the other distros out there like Linux Mint and Ubuntu.
+
+Please seriously consider & I dont believe I am alone in this desire.
+
+anon.
+
+> I don't think what you ask for is part of Tails mission,
+> and we've got already more than enough on our todo list.
+> Please try [Debian Live](http://live.debian.net/) systems,
+> either the main, official one, or
+> [others](http://live.debian.net/project/downstream).
+> they're much better than what you seem to think.
+
+[[!tag todo/done]]
diff --git a/wiki/src/todo/Torbutton_toggling.mdwn b/wiki/src/todo/Torbutton_toggling.mdwn
index 616bae8..eb434ec 100644
--- a/wiki/src/todo/Torbutton_toggling.mdwn
+++ b/wiki/src/todo/Torbutton_toggling.mdwn
@@ -1,5 +1,3 @@
-[[!tag todo/discuss]]
-
In Tails <=0.7.2 (with Torbutton <1.4) we allowed toggling Torbutton
to enable full javascript for pages it breaks etc. We made it more
difficult to toggle by mistake by setting torbutton.locked_mode=true,
@@ -13,3 +11,12 @@ The question is, do we even want to support toggling at all at this
point, i.e. Tails 0.8 and on? That might just confuse our users as
Tor really can't be disabled thanks to our
[[firewall|contribute/design/Tor_enforcement]].
+
+> We decided not to support toggling anymore. Main reasons:
+> * interface clarity
+> * Torbutton will get rid of toggling completely.
+>
+> The remaining issue will be dealt with otherwise:
+> [[todo/iceweasel_should_support_LAN_webservers]].
+
+[[!tag todo/done]]
diff --git a/wiki/src/todo/add_support_for_free_wifi_hotspots.mdwn b/wiki/src/todo/add_support_for_free_wifi_hotspots.mdwn
index 71d20c5..d14f8bf 100644
--- a/wiki/src/todo/add_support_for_free_wifi_hotspots.mdwn
+++ b/wiki/src/todo/add_support_for_free_wifi_hotspots.mdwn
@@ -83,6 +83,13 @@ browser.
It should be noted that such a "unsafe browser" needs non-Torified
DNS resolution.
+Captive portal detection
+------------------------
+
+### Ask ioerror
+
+Seems like he is working on captive portal detection.
+
Beta testers
============
diff --git a/wiki/src/todo/hplip_package_required_for_printing_on_some_HP_printers.mdwn b/wiki/src/todo/hplip_package_required_for_printing_on_some_HP_printers.mdwn
index 0f6eec9..d3d98e2 100644
--- a/wiki/src/todo/hplip_package_required_for_printing_on_some_HP_printers.mdwn
+++ b/wiki/src/todo/hplip_package_required_for_printing_on_some_HP_printers.mdwn
@@ -4,4 +4,4 @@ please include the (free) hplip package. It is required for printing on many HP
Thanks!
-> [[!taglink pending]] for 0.9.
+> done in 0.9. [[!tag todo/done]]
diff --git a/wiki/src/todo/html5_ready_browser.mdwn b/wiki/src/todo/html5_ready_browser.mdwn
index 2a62850..4793ac0 100644
--- a/wiki/src/todo/html5_ready_browser.mdwn
+++ b/wiki/src/todo/html5_ready_browser.mdwn
@@ -21,13 +21,14 @@ flash carries.
# Implementation
-To support the youtube usecase, we additionally need to opt-in for
-the html5 experimentation, which requires installing a cookie
-(researched at [[!tor_bug 3347]] for TBB).
-Automatically adding something like `&webm=1` (or similar) to URLs,
-e.g. using a HTTPS-Everywhere custom rule or a [greasemonkey
-script](https://www.userscripts.org/scripts/review/105433), could be a
-better alternative.
+This is now implemented in our `feature/ff4`, that uses
+a [greasemonkey
+script](https://www.userscripts.org/scripts/review/105433) to opt-in
+for the YouTube HTML5 trial program. For the record, this problem is
+being researched at [[!tor_bug 3347]] for TBB.
-[[!tag todo/research]]
+Will be shipped once [[other bits|todo/Iceweasel_5.x]] are ready,
+hopefully in Tails 0.10.
+
+[[!tag pending]]
diff --git a/wiki/src/todo/iceweasel_addon_-_CS_Lite.mdwn b/wiki/src/todo/iceweasel_addon_-_CS_Lite.mdwn
index e737bab..28ea9d2 100644
--- a/wiki/src/todo/iceweasel_addon_-_CS_Lite.mdwn
+++ b/wiki/src/todo/iceweasel_addon_-_CS_Lite.mdwn
@@ -6,7 +6,9 @@ better than CS Lite, aka. maintained and nicer UI; it's been uploaded
to Debian recently ([[!debbug 623970]]). Let's switch to it.
> Merged branch `feature/cookie-monster` into devel: installs Cookie
-> Monster instead of CS Lite => [[!taglink pending]] for 0.9.
+> Monster instead of CS Lite.
+
+>> [[!taglink todo/done]] in 0.9.
If in the end we want to keep CS Lite, we should package this one or
similar. Someone filed an ITP for it: [[!debbug 636399]].
diff --git a/wiki/src/todo/iceweasel_addon_-_NoScript.mdwn b/wiki/src/todo/iceweasel_addon_-_NoScript.mdwn
index 85a2015..4f9fd4a 100644
--- a/wiki/src/todo/iceweasel_addon_-_NoScript.mdwn
+++ b/wiki/src/todo/iceweasel_addon_-_NoScript.mdwn
@@ -1,5 +1,3 @@
-[[!tag todo/code]]
-
This is what's said about [NoScript](http://noscript.net/) in the
[Torbutton FAQ](https://www.torproject.org/torbutton/torbutton-faq.html.en#recommendedextensions):
@@ -26,7 +24,7 @@ users."
Configuration
=============
-Since this plugin will confuse the uninitiated, and since Torbuttin
+Since this plugin will confuse the uninitiated, and since Torbutton
already blocks all known JavaScript issues, NoScript should be
configured to allow all sites per default. It's either up to the user
to blacklist domains, or disable all sites per default and then
@@ -46,3 +44,9 @@ configuration](https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/con
Also see hardening suggestions on [[!tor_bug 3461]].
+
+> Our `feature/noscript` branch has this: NoScript +
+> TBB configuration. Needs to be tested extensively before we release
+> it, but it seems to work.
+
+[[!tag todo/test]]
diff --git a/wiki/src/todo/iceweasel_should_support_LAN_webservers.mdwn b/wiki/src/todo/iceweasel_should_support_LAN_webservers.mdwn
index 5181d0a..c026cdb 100644
--- a/wiki/src/todo/iceweasel_should_support_LAN_webservers.mdwn
+++ b/wiki/src/todo/iceweasel_should_support_LAN_webservers.mdwn
@@ -1,6 +1,16 @@
(As long as they are pointed to by IP rather than by hostname),
Iceweasel should allow connecting to webservers in the LAN.
+This is a usecase we really want to support and we want to find a solution that
+would not make that optional.
+
+We couldn't think about an attack which would be made possible by allowing this:
+- if an attacker in control of both local and online resources tries to
+ deanonymized a local user accessing online resources, this user could be
+ anonymized anyways by other means;
+- if an attacker tries to force the access to local resources from online
+ resources, the Tor client will discard them anyways.
+
# A bit of context
A workaround was available before Torbutton 1.4, that is before Tails
@@ -17,9 +27,15 @@ Iceweasel profile; granting direct (no-proxy) access to RFC-1918 IPs
should be pretty easy to implement using FoxyProxy:
`config/chroot_local-includes/etc/iceweasel/profile/foxyproxy.xml`.
-Rationale: accessing ressources on the LAN is a usecase that can
+Rationale: accessing resources on the LAN is a usecase that can
benefit from the protections offered by Torbutton aside of proxy
-settings. These ressources and/or the link to them may not be
+settings. These resources and/or the link to them may not be
fully trusted.
-[[!tag todo/code todo/easy]]
+If only doing this still allows an adversary to de-anonymize users (while they
+could not do in another way) it might also be necessary to modify Torbutton to
+treat RFC-1918 IPs as 'local' and not 'online', just as it does for local URLs
+such as 'file:///'. We will mail tor-talk to share our plan and ask about how
+risky that would be.
+
+[[!tag todo/code todo/easy todo/research]]
diff --git a/wiki/src/todo/improve_the_forum.mdwn b/wiki/src/todo/improve_the_forum.mdwn
index f71d3d6..31ebc29 100644
--- a/wiki/src/todo/improve_the_forum.mdwn
+++ b/wiki/src/todo/improve_the_forum.mdwn
@@ -55,6 +55,24 @@ Possible candidates
<http://wiki.osqa.net/display/docs/OSQA+Installation+and+Upgrade+Guides#OSQAInstallationandUpgradeGuides-EmailSubscriptions>
<http://jira.osqa.net/browse/OSQA-45>
+### Askbot
+
+- [homepage](http://askbot.org/)
+- used by Fedora on [Ask Fedora](http://ask.fedoraproject.org/questions/)
+- Python + Django
+- Does not allow anonymous posting, see
+ <http://askbot.org/en/question/500/ask-questions-anonymously-without-any-login>
+- Seems to have good enough email notifications, see
+ <http://askbot.org/en/question/639/default-email-settings>
+ <http://askbot.org/en/question/501/is-it-possible-to-subscribe-to-a-particular-tag>
+
+### Q2A
+
+- [homepage](http://www.question2answer.org/)
+- only dependencies are PHP / MySQL
+- few features
+- Anonymous posting seems possible.
+
### Shapado
- Seems to be a pain to install / maintain / get hosted. Ruby
diff --git a/wiki/src/todo/include_audio_and_video_streaming_software.mdwn b/wiki/src/todo/include_audio_and_video_streaming_software.mdwn
index 2a6da50..1e5f9a2 100644
--- a/wiki/src/todo/include_audio_and_video_streaming_software.mdwn
+++ b/wiki/src/todo/include_audio_and_video_streaming_software.mdwn
@@ -1,6 +1,4 @@
In order to allow our users to publish audio and video content in real-time we
might consider including audio and/or video streaming software into Tails.
-[[!tag todo/discuss todo/research]]
-
-> It would be great.
+> It would be great. Need to [[!taglink todo/research]] which one(s).
diff --git a/wiki/src/todo/install_MAT.mdwn b/wiki/src/todo/install_MAT.mdwn
index 7e8f30d..a22b5a6 100644
--- a/wiki/src/todo/install_MAT.mdwn
+++ b/wiki/src/todo/install_MAT.mdwn
@@ -8,4 +8,4 @@ APT repository:
deb http://gaffer.ptitcanardnoir.org/intrigeri/debian/mat/ squeeze-backports main
-> [[!taglink pending]] for Tails 0.9
+> [[!taglink todo/done]] in Tails 0.9
diff --git a/wiki/src/todo/localization_at_runtime.mdwn b/wiki/src/todo/localization_at_runtime.mdwn
index 7dc8c52..2ecda94 100644
--- a/wiki/src/todo/localization_at_runtime.mdwn
+++ b/wiki/src/todo/localization_at_runtime.mdwn
@@ -43,7 +43,18 @@ Resources
[904-locales-extra](http://live.debian.net/gitweb?p=live-config-staging.git;a=blob;f=scripts/config/904-locales-extra)
hook that installs a locale-dependent packages set at boot-time in
order to better support the `ja_JP`, `ko_KR` and `zh_CN` locales.
-- a set of font packages that might be relevant:
+
+## Fonts
+
+### Indic
+
+Fonts for all languages used in India: [[!debpkg ttf-indic-fonts]]
+metapackage (done in `feature/more_languages` branch).
+
+### Misc
+
+Other font packages that might be relevant:
+
* ttf-unifont - TrueType version of the GNU Unifont (it has most
possible glyphs but is ugly => nice fallback font)
* ttf-wqy-zenhei - "WenQuanYi Zen Hei" A Hei-Ti Style (sans-serif) Chinese font
@@ -51,16 +62,10 @@ Resources
* fonts-ipafont-gothic - Japanese OpenType font set, IPA Gothic font
* fonts-ipafont-mincho - Japanese OpenType font set, IPA Mincho font
* fonts-vlgothic - Japanese TrueType font from Vine Linux
- * ttf-arphic-ukai - AR PL UKai" Chinese Unicode TrueType font collection Kaiti style
- * ttf-arphic-uming - "AR PL UMing" Chinese Unicode TrueType font collection Mingti style
* ttf-khmeros - KhmerOS Unicode fonts for the Khmer language of Cambodia
- * ttf-oriya-fonts - Free TrueType fonts for the Oriya language
* ttf-sil-padauk - smart Unicode font for languages in Myanmar
* ttf-tmuni - font for Tibetan, Dzongkha and Ladakhi (OpenType Unicode)
- * ttf-sinhala-lklug - Unicode Sinhala font by Lanka Linux User Grou
- * ttf-telugu-fonts - Free TrueType fonts for the Telugu language
+ * ttf-sinhala-lklug - Unicode Sinhala font by Lanka Linux User Group
* ttf-kannada-fonts - Free TrueType fonts for the Kannada language
* ttf-sil-scheherazade - smart Unicode font for Arabic
* ttf-ancient-fonts - Unicode Fonts for Ancient Scripts
- * ttf-farsiweb - FarsiWeb free TrueType Farsi fonts (only font
- installed by `task-persian-desktop`)
diff --git a/wiki/src/todo/mesh_networking.mdwn b/wiki/src/todo/mesh_networking.mdwn
new file mode 100644
index 0000000..539f8ae
--- /dev/null
+++ b/wiki/src/todo/mesh_networking.mdwn
@@ -0,0 +1,7 @@
+http://o11s.org/trac/wiki/HOWTO
+
+Sorry for the brevity of this page. This is more of a placeholder for me to write up later on this weekend. If you have ideas, etc. please feel free to add!
+
+> Ten days have passed, any update on this?
+
+[[wishlist]]
diff --git a/wiki/src/todo/press_section.mdwn b/wiki/src/todo/press_section.mdwn
index e5c6777..33b086d 100644
--- a/wiki/src/todo/press_section.mdwn
+++ b/wiki/src/todo/press_section.mdwn
@@ -3,3 +3,6 @@
Add a "Tails in the media" section on our website, similar to [the one
on the Tor project
website](https://www.torproject.org/press/inthemedia.html.en).
+
+* A Tails 0.8 CD was shipped with the [Linux Pratique
+ #68](http://www.linux-pratique.com/index.php/2011/10/28/linux-pratique-n°68-–-novembredecembre-2011-–-chez-votre-marchand-de-journaux) magazine.
diff --git a/wiki/src/todo/remove_the_htp_user_firewall_exception.mdwn b/wiki/src/todo/remove_the_htp_user_firewall_exception.mdwn
index 4e759cc..c9a14de 100644
--- a/wiki/src/todo/remove_the_htp_user_firewall_exception.mdwn
+++ b/wiki/src/todo/remove_the_htp_user_firewall_exception.mdwn
@@ -1,7 +1,7 @@
[[!toc levels=2]]
What's described bellow was implemented in `feature/tordate` Git
-branch, merged into devel, pending for Tails 0.9.
+branch, merged into devel, released in Tails 0.9.
Left to do
==========
diff --git a/wiki/src/todo/rethink_timezones.mdwn b/wiki/src/todo/rethink_timezones.mdwn
index fe3adca..334a136 100644
--- a/wiki/src/todo/rethink_timezones.mdwn
+++ b/wiki/src/todo/rethink_timezones.mdwn
@@ -20,6 +20,6 @@ user who happen to speak the same languages as her. Until now, Tails
does not try to conceal the fact it is being used. Shall / can we
reasonably change this?
-What does the Tor Browser Bundle do wrt. timezones?
+FWIW, the Tor Browser Bundle sets UTC for everybody, too.
-[[!tag todo/discuss todo/research]]
+[[!tag todo/done]]
diff --git a/wiki/src/todo/support_Torbutton_new_identity_feature.mdwn b/wiki/src/todo/support_Torbutton_new_identity_feature.mdwn
index b88f2ec..903bf6c 100644
--- a/wiki/src/todo/support_Torbutton_new_identity_feature.mdwn
+++ b/wiki/src/todo/support_Torbutton_new_identity_feature.mdwn
@@ -9,4 +9,4 @@ We asked upstream for `ControlSocket`:
* `CookieAuthentication` - *blocking* - [[!tor_bug 3968]]) support -
fixed in Torbutton 1.4.4
-> [[!taglink pending]] for Tails 0.9
+> [[!taglink todo/done]] in Tails 0.9
diff --git a/wiki/src/todo/symmetric_OpenPGP_vs_recent_Iceweasel.mdwn b/wiki/src/todo/symmetric_OpenPGP_vs_recent_Iceweasel.mdwn
index 05cab3f..442d438 100644
--- a/wiki/src/todo/symmetric_OpenPGP_vs_recent_Iceweasel.mdwn
+++ b/wiki/src/todo/symmetric_OpenPGP_vs_recent_Iceweasel.mdwn
@@ -17,12 +17,28 @@ FF4+](http://blog.getfiregpg.org/2011/04/01/firegpg-and-firefox-4/)
We need to find a way to support symmetric OpenPGP encryption in
Tails.
-Implementation ideas
-====================
+Work in progress
+================
+
+The Seahorse applet already knows how to *decrypt* symmetrically
+encrypted text.
+
+We're writing a simplistic GUI to symmetrically encrypt text,
+see `bugfix/remove_firegpg` branch. Time to [[!taglink todo/test]].
+
+On the long run, we hope Seahorse gets support for symmetric
+encryption, and seahorse-plugins to be relived upstream.
+See details below.
+
+Archive: implementation ideas
+=============================
Port FireGPG to recent Firefox/Iceweasel releases
-------------------------------------------------
+**Dismissed**: the webbrowser is too much of a scary place to run
+GnuPG operations in.
+
As of June 2011, the most active FireGPG fork is [darkpixel's
one](https://github.com/firegpg/firegpg). It recently merged
[bit's branch](https://github.com/bit/firegpg) in, that adds
@@ -42,7 +58,7 @@ We therefore need to build the IPC extension against the Iceweasel 5
source code and test the result. Note that a "simple" clone of the
Mercurial mozilla-release repository seems not enough as it lacks the
`obj-ff-release` directory. Is this directory generated when compiling
-Firefox itself? [[!tag todo/test]]
+Firefox itself?
The [Html Validator compilation
instructions](http://www.htmlpedia.org/wiki/FirefoxCompilation) have
@@ -53,13 +69,19 @@ Find another user-interface that provides the missing feature
-------------------------------------------------------------
This could be a nice middle-term workaround.
-We need to [[!taglink todo/research]] this.
### Local GUI
Writing a simplistic GUI able to symmetrically encrypt/decrypt text
should be quite quick.
+Hints:
+
+* May be needed to show *all* of GPG's output to the user: one can be
+ burnt by GPG-wrapper GUIs misleading about what GPG thinks.
+* A message may be signed and encrypted using
+ `gpg --symmetric --sign`
+
### Local webapp
* Herbert Hanewinkel's OpenPGP Message Encryption in JavaScript:
@@ -69,8 +91,11 @@ should be quite quick.
- [homepage](http://qooxdoo.org/contrib/project/crypto)
- only supports encryption
-Add symmetric encryption / decryption support to GNOME
-------------------------------------------------------
+Add symmetric encryption support to GNOME
+-----------------------------------------
+
+The Seahorse applet already knows how to *decrypt* symmetrically
+encrypted text. So the missing bit is symmetric *encryption*.
This would be the perfect long-term solution, but we probably lack the
time and energy needed to implement it.
diff --git a/wiki/src/todo/upgrade_TrueCrypt_to_7.1.mdwn b/wiki/src/todo/upgrade_TrueCrypt_to_7.1.mdwn
index a575d04..28b9f8e 100644
--- a/wiki/src/todo/upgrade_TrueCrypt_to_7.1.mdwn
+++ b/wiki/src/todo/upgrade_TrueCrypt_to_7.1.mdwn
@@ -1,4 +1,4 @@
Done in `feature/truecrypt-7.1` branch. Automated installation and
usage now need to be tested before merging into devel.
-> [[!taglink pending]] for Tails 0.9
+> [[!taglink todo/done]] in Tails 0.9
diff --git a/wiki/src/todo/usb_install_and_upgrade.mdwn b/wiki/src/todo/usb_install_and_upgrade.mdwn
index 5db38ee..a695e7a 100644
--- a/wiki/src/todo/usb_install_and_upgrade.mdwn
+++ b/wiki/src/todo/usb_install_and_upgrade.mdwn
@@ -511,9 +511,10 @@ Now, let's upgrade an USB stick:
Then fiddle with GRUB or EXTLINUX.
On boot, the new squashfs gets properly integrated. But *whiteouts* are not
-working. It looks like the `live-boot` mount options miss the `wh` attribute.
+working. It looks like the `live-boot` 2.x mount options miss the `wh` attribute.
But wait, booting with `break=top` and modifying `/scripts/live` to replace
-`roopt=rr` by `roopt=rr+wh` is enough to do the trick!
+`roopt=rr` by `roopt=rr+wh` is enough to do the trick! Therefore,
+we've added the `wh` attribute to `live-boot` 3.x.
Initial test is pretty conclusive!
diff --git a/wiki/src/todo/windows_theme.mdwn b/wiki/src/todo/windows_theme.mdwn
index 121cdea..ea43fcb 100644
--- a/wiki/src/todo/windows_theme.mdwn
+++ b/wiki/src/todo/windows_theme.mdwn
@@ -151,3 +151,11 @@ remains is:
this type of icon.
* The desktop icons lack localization.
+
+# Windows 7 Theme
+
+
+* [Win2-7](http://gnome-look.org/content/show.php/Win2-7+Pack?content=113264)
+ from [GNOME-Look.org](http://gnome-look.org). Waiting for a response
+ from the person who posted to see if backporting to Debian 6 is
+ possible and/or the limitations/issues that may be encountered.
diff --git a/wiki/src/torrents/files/tails-i386-0.8.1.iso.pgp b/wiki/src/torrents/files/tails-i386-0.8.1.iso.pgp
deleted file mode 100644
index fba479f..0000000
--- a/wiki/src/torrents/files/tails-i386-0.8.1.iso.pgp
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQIcBAABCgAGBQJOmaJpAAoJEBICghy+LNnBMEcP/16hyqQUDBz8r3/syjSRqJSW
-jmIxxWpC8Ax2R+8Hx0wu4rHbFfKF+M8JCKphLk6l42/VIV5a7nnJVbMsJgwkFOgg
-e0mMcvQP0JA8ER4BUXDWyHSu+80UHz/a6z/yMSA85Btz6syfcZ87O069DK+EYi18
-qFNMyO8JtbQzCdIOgnevzoJ5Dts1rDUf1gAxM/MJj34HBwO3iMussrIoXaPmFAXG
-xbxcd/b8MRM1i+K7us25yPH/K0SV93KwzFoIxMo03sCvUn+ICbh7JxAZwvcqGtGD
-jSMjm2NOaNtuT0K5uRdvJw4UkwgWF3hrHQ8rXeUsMSGrMjkGv1lWyyHVHqSyCTWG
-Uzsh5uSTo50s/nxSe+1sqbTnZPMcwk5sW+UsnPek5/3VSFpn6b/zAN+rkpuQWzCy
-edJOJ44oIh0b5bvjn3cIEmyn3hQ1mzEGGrbpCnlaBizzzUruq5A7UK6nTAz3Wjgv
-Ym4B22WEChbMW4u4EMNi4aJfG8iZZ1+jESLShGbGwfCOM2A/9FcSDYuQO2zJWiIo
-1X34UggZ4yBFM1uMTGAY6R4S4C7D7aYPlBD8JfSeLUq/bOVBka1tCYPoEiReXuVM
-lD6Gvv9OUvebVi2SJmeyAEy9JfbDvZCSZIiLwXkhyanZGU7ESeR/f831RfG7Iyvt
-7XBmQ91phlwYaJflnHbl
-=fVKw
------END PGP SIGNATURE-----
diff --git a/wiki/src/torrents/files/tails-i386-0.8.1.torrent b/wiki/src/torrents/files/tails-i386-0.8.1.torrent
deleted file mode 100644
index 9524224..0000000
--- a/wiki/src/torrents/files/tails-i386-0.8.1.torrent
+++ /dev/null
Binary files differ
diff --git a/wiki/src/torrents/files/tails-i386-0.8.1.torrent.pgp b/wiki/src/torrents/files/tails-i386-0.8.1.torrent.pgp
deleted file mode 100644
index 284728d..0000000
--- a/wiki/src/torrents/files/tails-i386-0.8.1.torrent.pgp
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQIcBAABCgAGBQJOmaL2AAoJEBICghy+LNnBfBYP/3MQotuiibQThAMke8KlYfLp
-rJXDwdwxPcOrYtQrvsC/zNS9zw8GOIAkKKVk9jm/u1qvXmplvyjQILRzXE6o3tqV
-noj4Z8y7u1PWvMAi+o/LBMPwDT6t2Sxct/XL6gUo4n2SzZBwUoyByq/yuvksHIqQ
-GwXWLLui96nEXIcWftRy3jUxhrH38nOrvEgPCIm663DkAAashmWfIT2jbJKBS15U
-WK/OQTbIef2qZZ6h57d9VAFqQRrNtLHMWzmxAR09zU341/OLyb3R73sXurogOxOc
-gs7f+1Q6TvITgw4VF06MG7gwnRZq/mGt2v/EaWz4uF27fMHWt24XMINawwwjFlkk
-CD4rG7Mr0Zh7eTxsFoD1M4xQD7x+bIqctgakzziLgl42vnIraTErlHqcGf3v178E
-RcVI7HeCgqnTfO3ehWBUzEeCEOb4DjjXTxFoo6Nol0BENUHNX4i/2th3xSmUZcvb
-k5aB6RkAm4Ff6LKN/2HDeRnBBt1u77nEKs+b4uQqTgZXCBMorE8CldbWGY6INkt8
-2g1+hSW+thr+t0Zy0Z9FtS7rHtnYSIkxBzm0Zi2lgSvE+sAPWhS/JVugmMufitf/
-uIc5H4M40BClEzvHKxkqffX5LyvvBED81tXLbMb41dOgwB/gHsYX3dEvESY8kLNx
-nLT7fBaZjWh+4fd6e23r
-=6Z0u
------END PGP SIGNATURE-----
diff --git a/wiki/src/torrents/files/tails-i386-0.9.iso.pgp b/wiki/src/torrents/files/tails-i386-0.9.iso.pgp
new file mode 100644
index 0000000..417d2b6
--- /dev/null
+++ b/wiki/src/torrents/files/tails-i386-0.9.iso.pgp
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQIcBAABCgAGBQJOvTILAAoJEBICghy+LNnBIjsQAKyRXSLTU59Ec6j8NcCYsBtg
+doGx6S3iapPXmH1zmz+qaoB3eA9cbu4AWzBTXxtGkxWqBJ7aBV8c92Wg8rmcNSXc
+Cgvj6tpyJx38rKkkhkMNY61cDno4iWaF6ZuV0M5LFlMBIRR1ebkYbgmSvGcyCZuq
+itQxiHV4fnPYd5Xnef1AVsdRD/aHrALwwkOtYHxxapj1KShN3nJUQCMgrGhmKF7x
+fu6Kc9B86RC7R8IQSpwiplA6WJw8uBlYm+HTJUER+1RzIddgX7/qI5O3YpDphZxK
+1lohTNWju1ViUf7UkRHkn+BMigsrdHHOZGSjHYxas5U97MhPYuK2y9A9R3T1GQwz
+brJYskUaxsgZDsK21zl+sPntTP4zI2/k/NQ9b+eneAH7JPQpeyRILbYNjKaJxnwD
+TYVunIMdIaCYiF9MnBFU3XM/Xkqecm0bx4NsJ8TaBYPPrYQx4L/yXxihr5lCyhW9
+MVr7h1PKCZ9gUeiD514t1Zbhpkn7vC0ppsRbt0iO79hKpgVgLLKFKJfUje51QaYe
+cauKQB1rv0pHijzmxjDJ1mWvNED8HpMMQIqpoZsD22D5BIAR5lT+8pTtPyQC6qcO
+MRIihYVCITbFEFaOjQ+IRGoFp7YrKVN3Q1B49UFAsm5tcQeOPCGV9w9iEyZegC8/
+67wD6XU72f3hOUSiN+vb
+=m0w1
+-----END PGP SIGNATURE-----
diff --git a/wiki/src/torrents/files/tails-i386-0.8.1.packages b/wiki/src/torrents/files/tails-i386-0.9.packages
index 709b1b7..f74d0b1 100644
--- a/wiki/src/torrents/files/tails-i386-0.8.1.packages
+++ b/wiki/src/torrents/files/tails-i386-0.9.packages
@@ -85,16 +85,16 @@ expect 5.44.1.15-4
file 5.04-5
file-roller 2.30.2-2
findutils 4.4.2-1+b1
-firmware-atheros 0.33
+firmware-atheros 0.34
firmware-b43-installer 4.150.10.5-4
-firmware-brcm80211 0.33
-firmware-ipw2x00 0.33
-firmware-iwlwifi 0.33
-firmware-linux 0.33
+firmware-brcm80211 0.34
+firmware-ipw2x00 0.34
+firmware-iwlwifi 0.34
+firmware-linux 0.34
firmware-linux-free 3
-firmware-linux-nonfree 0.33
-firmware-ralink 0.33
-firmware-realtek 0.33
+firmware-linux-nonfree 0.34
+firmware-ralink 0.34
+firmware-realtek 0.34
florence 0.5.0-3~bpo60+1
fontconfig 2.8.0-2.1
fontconfig-config 2.8.0-2.1
@@ -117,6 +117,7 @@ geoip-database 1.4.7~beta6+dfsg-1
gettext 0.18.1.1-3
gettext-base 0.18.1.1-3
ghostscript 8.71~dfsg2-9
+ghostscript-cups 8.71~dfsg2-9
gimp 2.6.10-1
gimp-data 2.6.10-1
git 1:1.7.2.5-3
@@ -177,9 +178,12 @@ hdparm 9.32-1
hicolor-icon-theme 0.12-1
host 1:9.7.3.dfsg-1~squeeze3
hostname 3.04
+hplip 3.10.6-2
+hplip-cups 3.10.6-2
+hplip-data 3.10.6-2
i2p 0.8.8+repack-1ppa1
i2p-router 0.8.8+repack-1ppa1
-iceweasel 3.5.16-10
+iceweasel 3.5.16-11
iceweasel-l10n-ar 1:3.5.15+debian-1
iceweasel-l10n-de 1:3.5.15+debian-1
iceweasel-l10n-es-es 1:3.5.15+debian-1
@@ -193,6 +197,7 @@ info 4.13a.dfsg.1-6
initramfs-tools 0.99
initscripts 2.88dsf-13.1
inkscape 0.47.0-2+b1
+inotify-tools 3.13-3
insserv 1.14.0-2
install-info 4.13a.dfsg.1-6
ipheth-utils 1.0-3
@@ -210,7 +215,7 @@ kbd 1.15.2-2
kexec-tools 1:2.0.1-4
keyboard-configuration 1.68+squeeze2
klibc-utils 1.5.20-1+squeeze1
-laptop-mode-tools 1.58-3
+laptop-mode-tools 1.60-1
less 436-1
liba52-0.7.4 0.7.4-14
libaa1 1.4p5-38
@@ -237,9 +242,9 @@ libavahi-common3 0.6.27-2+squeeze1
libavahi-glib1 0.6.27-2+squeeze1
libavahi-ui0 0.6.27-2+squeeze1
libavc1394-0 0.5.3-1+b2
-libavcodec52 4:0.5.4-1
-libavformat52 4:0.5.4-1
-libavutil49 4:0.5.4-1
+libavcodec52 4:0.5.5-1
+libavformat52 4:0.5.5-1
+libavutil49 4:0.5.5-1
libbabl-0.0-0 0.0.22-1
libbarry0 0.15-1.1~bpo60+1~tails0
libbind9-60 1:9.7.3.dfsg-1~squeeze3
@@ -367,7 +372,7 @@ libflac8 1.2.1-2+b1
libflite1 1.4-release-2
libfontconfig1 2.8.0-2.1
libfontenc1 1:1.0.5-2
-libfreetype6 2.4.2-2.1+squeeze1
+libfreetype6 2.4.2-2.1+squeeze2
libfs6 2:1.0.2-1
libfuse2 2.8.4-1.1
libgail-common 2.20.1-2
@@ -484,9 +489,11 @@ libiec61883-0 1.2.0-0.1
libieee1284-3 0.2.11-6
libijs-0.35 0.35-7
libilmbase6 1.0.1-3
+libimage-exiftool-perl 8.15-1
libimobiledevice1 1.0.2-1
libinfgtk-0.4-0 0.4.1-4
libinfinity-0.4-0 0.4.1-4
+libinotifytools0 3.13-3
libio-multiplex-perl 1.10-1
libio-socket-ssl-perl 1.43-1~bpo60+1
libiptcdata0 1.0.4-1+b1
@@ -538,7 +545,7 @@ libmms0 0.6-1+squeeze1
libmng1 1.0.10-1+b1
libmodplug1 1:0.8.8.1-1+squeeze1
libmouse-perl 0.64-1
-libmozjs2d 1.9.1.16-10
+libmozjs2d 1.9.1.16-11
libmpcdec6 2:0.1~r459-1
libmpeg2-4 0.4.1-3
libmpfr4 3.0.0-2
@@ -564,7 +571,7 @@ libnm-glib2 0.8.1-6+squeeze1
libnm-util1 0.8.1-6+squeeze1
libnotify1 0.5.0-2
libnspr4-0d 4.8.6-1
-libnss3-1d 3.12.8-1+squeeze3
+libnss3-1d 3.12.8-1+squeeze4
libntfs-3g75 1:2010.3.6-1
libntfs10 2.0.0-1+b1
libntlm0 1.2-1
@@ -582,9 +589,9 @@ libopenspc0 0.3.99a-2
liborbit2 1:2.14.18-0.1
liborc-0.4-0 1:0.4.6-2
libotr2 3.2.0-2
-libpam-modules 1.1.1-6.1
-libpam-runtime 1.1.1-6.1
-libpam0g 1.1.1-6.1
+libpam-modules 1.1.1-6.1+squeeze1
+libpam-runtime 1.1.1-6.1+squeeze1
+libpam0g 1.1.1-6.1+squeeze1
libpanel-applet2-0 2.30.2-2
libpango1.0-0 1.28.3-1+squeeze2
libpango1.0-common 1.28.3-1+squeeze2
@@ -610,7 +617,7 @@ libpoppler-glib4 0.12.4-1.2
libpoppler5 0.12.4-1.2
libpopt0 1.16-1
libportaudio2 19+svn20071022-3.2
-libpostproc51 4:0.5.4-1
+libpostproc51 4:0.5.5-1
libproxy0 0.3.1-2
libpth20 2.0.7-16
libpulse-mainloop-glib0 0.9.21-3+squeeze1
@@ -669,12 +676,12 @@ libspectre1 0.2.6-1
libspeex1 1.2~rc1-1
libsqlite3-0 3.7.3-1
libss2 1.41.12-4stable1
-libssl0.9.8 0.9.8o-4squeeze3
+libssl0.9.8 0.9.8o-4squeeze4
libstartup-notification0 0.10-1
libstdc++6 4.4.5-8
libstlport4.6ldbl 4.6.2-7
libsub-name-perl 0.04-1
-libswscale0 4:0.5.4-1
+libswscale0 4:0.5.5-1
libsysfs2 2.1.0+repack-1
libt1-5 5.1.2-3
libtag1-vanilla 1.6.3-1
@@ -788,7 +795,7 @@ liferea 1.6.4-1
liferea-data 1.6.4-1
linux-base 3.3
linux-image-2.6-486 3.0.0+40
-linux-image-3.0.0-2-486 3.0.0-5
+linux-image-3.0.0-2-486 3.0.0-6
linux-image-486 3.0.0+40
linux-sound-base 1.0.23+dfsg-2
live-boot 2.0.15-1+tails1.35f1a14
@@ -808,6 +815,7 @@ lzma 4.43-14
macchanger 1.5.0-9
man-db 2.5.7-8
manpages 3.27-1
+mat 0.1-1~4.gbp70ebf7~bpo60+1
mawk 1.3.3-15
memlockd 0.05
menu 2.1.44
@@ -860,7 +868,7 @@ openoffice.org-math 1:3.2.1-11+squeeze4
openoffice.org-style-galaxy 1:3.2.1-11+squeeze4
openoffice.org-writer 1:3.2.1-11+squeeze4
openssh-client 1:5.5p1-6+squeeze1
-openssl 0.9.8o-4squeeze3
+openssl 0.9.8o-4squeeze4
p7zip-full 9.04~dfsg.1-1
parted 2.3-5
passwd 1:4.1.4.2+svn3283-2+squeeze1
@@ -874,6 +882,7 @@ pidgin 2.7.3-1+squeeze1
pidgin-data 2.7.3-1+squeeze1
pidgin-otr 3.2.0-5
pitivi 0.13.4-3
+plymouth 0.8.3-20
poedit 1.4.2-5
policykit-1 0.96-4+squeeze1
policykit-1-gnome 0.96-3
@@ -906,13 +915,19 @@ python-gobject 2.21.4+is.2.21.3-1
python-gst0.10 0.10.19-1
python-gtk2 2.17.0-4
python-gtksourceview2 2.10.1-1
+python-hachoir-core 1.3.3-3
+python-hachoir-parser 1.3.2-2
python-httplib2 0.6.0-4
+python-imaging 1.1.7-2
python-libxml2 2.7.8.dfsg-2+squeeze1
python-louis 2.0.0-1
python-minimal 2.6.6-3+squeeze6
+python-mutagen 1.19-2
python-notify 0.1.1-2+b2
python-numpy 1:1.4.1-5
+python-pexpect 2.3-1
python-pkg-resources 0.6.14-4
+python-poppler 0.12.1-1+b1
python-pyatspi 1.30.1-3
python-pygoocanvas 0.14.1-1+b1
python-pyinotify 0.8.9-1
@@ -967,9 +982,9 @@ tcpd 7.6.q-19
tcpdump 4.1.1-1
tcpflow 0.21.ds1-6
tk8.5 8.5.8-1
-tor 0.2.2.33-1~~squeeze+1
+tor 0.2.2.34-1~~squeeze+1
tor-arm 1.4.2.4-1~bpo60+1
-tor-geoipdb 0.2.2.33-1~~squeeze+1
+tor-geoipdb 0.2.2.34-1~~squeeze+1
totem 2.30.2-6
totem-common 2.30.2-6
totem-gstreamer 2.30.2-6
@@ -999,8 +1014,8 @@ unrar 1:3.9.10-1
update-inetd 4.38+nmu1+squeeze1
upower 0.9.5-5
ure 1.6.1+OOo3.2.1-11+squeeze4
-usb-modeswitch 1.1.9-2~bpo60+1
-usb-modeswitch-data 20110805-1~bpo60+1
+usb-modeswitch 1.2.0+repack0-1~bpo60+1
+usb-modeswitch-data 20111023-1~bpo60+1
usbmuxd 1.0.4-1
user-setup 1.38
util-linux 2.17.2-9
@@ -1014,7 +1029,7 @@ virtualbox-guest-utils 4.0.10-dfsg-1~bpo60+1
virtualbox-guest-x11 4.0.10-dfsg-1~bpo60+1
wget 1.12-2.1
whiptail 0.52.11-1
-whisperback 1.4.2
+whisperback 1.5
whois 5.0.10
wireless-tools 30~pre9-5
wpasupplicant 0.6.10-2.1
@@ -1083,11 +1098,12 @@ xserver-xorg-video-vmware 1:11.0.1-2
xserver-xorg-video-voodoo 1:1.2.3-2
xsltproc 1.1.26-6
xul-ext-adblock-plus 1.2.1-1
-xul-ext-firegpg 0.8-1
-xul-ext-https-everywhere 1.0.3-1
+xul-ext-cookie-monster 1.1.0-1
+xul-ext-firegpg 0.8-1+tails2
+xul-ext-https-everywhere 1.1-1
xul-ext-monkeysphere 0.4-1
-xul-ext-torbutton 1.4.3-1
-xulrunner-1.9.1 1.9.1.16-10
+xul-ext-torbutton 1.4.4.1-1
+xulrunner-1.9.1 1.9.1.16-11
xz-utils 5.0.0-2
yelp 2.30.1+webkit-1
zd1211-firmware 2.21.0.0-1
diff --git a/wiki/src/torrents/files/tails-i386-0.9.torrent b/wiki/src/torrents/files/tails-i386-0.9.torrent
new file mode 100644
index 0000000..429c3b5
--- /dev/null
+++ b/wiki/src/torrents/files/tails-i386-0.9.torrent
Binary files differ
diff --git a/wiki/src/torrents/files/tails-i386-0.9.torrent.pgp b/wiki/src/torrents/files/tails-i386-0.9.torrent.pgp
new file mode 100644
index 0000000..1fe121a
--- /dev/null
+++ b/wiki/src/torrents/files/tails-i386-0.9.torrent.pgp
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQIcBAABCgAGBQJOvTJIAAoJEBICghy+LNnBj6AP/1Xh0VTqcQr7sP6bG6DQAw9H
+BG/xquIVCgmDktyCivM3iVmfhDA0opjGFIEXPGxcIiQuI8/45qlmkJ+UMffIDbGx
+cKXEwyDfjx13b1uNLcZdQbGLIGLqEZgdGqaOs58L+BDPJXaJtQqTiyY8jAXbVePo
+i9+UmhuhcfzGVNW7wPuDNiPpjagTVeSsxbCfUtqw2Oe9Sdu/2iBOn3OjN4lPAiW4
+093dbpXFkgdyHKJeJD+nV17vFHiiIsTaR6wJ3Q93ychqt2LxSLUmnBavsVZSmsLJ
+daMqoOuG8S9NTo5gRlA4RDF0Y62dTcvKAS7/RZd/zYofUqcBxkEYoHUAb+24M7za
+mRMEZGTjT0tznrc18WPBD7Ff3gWZ6vuk3ROfI1DhYqYj2stRyRxaOfynVTjB4I2f
+z3Z5NuvkiFJxjuoVil+OptCQeHpCt+F6//dBpBRVN6jdAa+PnpSCBaUT1DByRqaA
+U1ZSu3ipRpUzunkuuK1mB5IPlKRPsnPutPVBezcD2GknOIMqTGLZ8OsfIn3UVB0o
+5p9oysOcBN0E2l3xbPG3J2M2ZqVrBtiQPTLiZHpw7phKv5GhgCVLRx7A1wNh7+U/
+bXO7Bqm7v6QanjrKYCx/nSjQT7NLxsg7VfCrO3SWlh4CeSjq4aTiUNUC0/AtvAWX
+cWRKvoqUvrB0bz2DP4cx
+=dcPz
+-----END PGP SIGNATURE-----