summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2015-02-12 01:12:31 +0100
committerTails developers <amnesia@boum.org>2015-02-12 01:12:31 +0100
commit8f47aa8179b71037df024148100fbb5ca561f92e (patch)
tree828644bf1343d41af19424b36d874e0337ddc04c /debian/changelog
parent689d43a8df18b103cc7e4766ac1dd73c7fe74d32 (diff)
Update changelog for 1.3~rc1.
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog154
1 files changed, 151 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index d3c526f..1cb2cdc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,156 @@
-tails (1.3) UNRELEASED; urgency=medium
+tails (1.3~rc1) unstable; urgency=medium
- * Placeholder for next major release.
+ * Major new features
+ - Install the electrum bitcoin client from wheezy-backports, and
+ add a persistence preset for the Live user's bitcoin wallet. If
+ electrum is started without the persistence preset enabled, a
+ warning is hown. (Closes: #6739)
+
+ * Hardening
+ - Sandbox the Tor Browser using AppArmor. From now on it can only
+ access the "~/Tor Browser" (default) and "~/Persistent/Tor
+ Browser" directories; the latter is only created if the
+ persistence preset is enabled. Both have bookmarks added in
+ GTK's file chooser, and GNOME's Places menu. (Closes: #5525)
+ - Install a custom-built Tor package with Seccomp enabled but
+ enable it when no pluggable transport is used. (Closes:
+ #8174)
+
+ * Bugfixes
+ - Have tor_bootstrap_progress echo 0 if no matching log line is
+ found. (Closes: #8257)
+ - Always pass arguments through wrappers (connect-socks, totem,
+ wget, whois) with "$@". $* doesn't handle arguments with
+ e.g. embedded spaces correctly. (Closes: #8603, #8830)
+
+ * Minor improvements
+ - Install obfs4proxy instead of obfsproxy, which adds support for
+ the obfs4 pluggable transport to Tor. (Closes: #7980)
+ - Install GnuPG v2 and associated tools from wheezy-backports,
+ primarily for its improved support for OpenPGP smartcards. It
+ lives side-by-side with GnuPG v1, which still is the
+ default. (Closes: #6241)
+ - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
+ #7999)
+ - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
+ - Install keyringer from Debian Jessie. (Closes: #7752)
+ - Install pulseaudio-utils.
+ - Remove all traces of Polipo: we don't use it anymore. This
+ closes #5379 and #6115 because:
+ * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
+ * Wrap wget with torsocks. (Closes: #6623)
+ * Wrap Totem to torify it with torsocks. (Closes: #8219)
+ * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
+ (Closes: #8680)
+ - Use torsocks for whois and Gobby, instead of torify.
+ - Produce the Tails image in hybrid mode (again) so that the same
+ image can be installed both on DVD *and* "hard disks" like USB
+ storage and similar. (Closes: #8510)
+ - Refactor the Unsafe and I2P browser code into a common shell
+ library. A lot of duplicated code is now shared, and the code
+ has been cleaned up and made more reliable. Several
+ optimizations of memory usage and startup time were also
+ implemented. (Closes: #7951)
+ - Invert Exit and About in gpgApplet context menu. This is a
+ short-term workaround for making it harder to exit the
+ application by mistake (e.g. a double right-click). (Closes:
+ #7450)
+ - Implement new touchpad settings. This enables tap-to-click,
+ 2-fingers scrolling, and disable while typing. We don't enable
+ reverse scrolling nor horizontal scrolling. (Closes: #7779)
+ - Include the mount(8) output and live-additional-software.conf in
+ WhisperBack bug reports (Closes: #8719, #8491).
+ - Reduce brightness and saturation of background color. (Closes:
+ #7963)
+ - Have ALSA output sound via PulseAudio by default. This gives us
+ centralized sound volume controls, and... allows to easily, and
+ automatically, test that audio output works from Tor Browser,
+ thanks to the PulseAudio integration into the GNOME sound
+ control center.
+ - Import the new Tails signing key, which we will use for Tails
+ 1.3.1, and have Tails Upgrader trust both it and the "old"
+ (current) Tails signing key. (Closes: #8732)
+ - tails-security-check: error out when passed an invalid CA file.
+ Unfortunately, the underlying HTTPS stack we use here fails open
+ in those case, so we have to check it ourselves. Currently, we
+ check that the file exists, is readable, is a plain file and is
+ not empty. Also support specifying the CA file via an
+ environment variable. This will ease development and bug-fixing
+ quite a bit.
+ - Fix racy code in Tails Installer that sometimes made the
+ automated test suite stall when for scenarios installing Tails
+ to USB disks. (Closes: #6092)
+ - Make it possible use Tails Upgrader to upgrade a Tails
+ installation that has cruft files on the system partition.
+ (Closes: #7678)
+
+ * Build system
+ - Install syslinux-utils from our builder-wheezy APT repository in
+ Vagrant. We need version 6.03~pre20 to make the Tails ISO image
+ in hybrid mode
+ - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
+ - Revert "Workaround build failure in lb_source, after creating
+ the ISO." This is not needed anymore given the move to the Tor
+ SOCKS proxy. (Closes: #5307)
+ - Remove the bootstrap stage usage option and disable all
+ live-build caching in Vagrant. It introduces complexity and
+ potential for strange build inconsistencies for a meager
+ reduction in build time. (Closes: #8725)
+ - Hardcode the mirrors used at build and boot time in auto/config.
+ Our stuff will be more consistent, easier to reproduce, and our
+ QA process will be more reliable if we all use the same mirrors
+ at build time as the one we configure in the ISO. E.g. we won't
+ have issues such as #8715 again. (Closes: #8726)
+ - Don't attempt to retrieve source packages from local-packages so
+ local packages can be installed via
+ config/chroot_local-packages. (Closes: #8756)
- -- Tails developers <tails@boum.org> Wed, 15 Oct 2014 20:47:37 +0200
+ * Test suite
+ - Use libguestfs instead of parted when creating partitions and
+ filsystems, and to check that only the expected files
+ persist. We also switch to qcow2 as the default disk image
+ format everywhere to reduce disk usage, enable us to use
+ snapshots that includes the disks (in the future), and to use
+ the same steps for creating disks in all tests. (Closes: #8673)
+ - Automatically test that Tails ignores persistence volumes stored
+ on non-removable media, and doesn't enable swaps. (Closes:
+ #7822)
+ - Actually make sure that Tails can boot from live systems stored
+ on a hard drive. Running the 'I start Tails from DVD ...' step
+ will override the earlier 'the computer is set to boot from ide
+ drive "live_hd"' step, so let's make the "from DVD" part
+ optional; it will be the default any way.
+ - Make it possible to use an old iso with different persistence
+ presets. (Closes: #8091)
+ - Hide the cursor between steps when navigating the GNOME
+ applications menu. This makes it a bit more robust, again:
+ sometimes the cursor is partially hiding the menu entry we're
+ looking for, hence preventing Sikuli from finding it (in
+ particular when it's "Accessories", since we've just clicked on
+ "Applications" which is nearby). (Closes: #8875)
+ - Ensure that the test will fail if "apt-get X" commands fail.
+ - Test 'Tor is ready' notification in a separate scenario. (Closes:
+ #8714)
+ - Add automated tests for torified wget and whois. This should
+ help us identify future regressions such as #8603 in their
+ torifying wrappers.
+ - Add automated test for opening an URL from Pidgin.
+ - And add automated tests for the Tor Browser's AppArmor
+ sandboxing.
+ - Test that "Report an Error Launcher" opens the support
+ documentation.
+ - Test that the Unsafe Browser:
+ * starts in various locales.
+ * complains when DNS isn't configured.
+ * tear down its chroot on shutdown.
+ * runs as the correct user.
+ * has no plugins or add-ons installed.
+ * has no unexpected bookmarks.
+ * has no proxy configured.
+ - Bump the "I2P router console is ready" timeout in its test to
+ deal with slow Internet connections.
+
+ -- Tails developers <tails@boum.org> Wed, 11 Feb 2015 22:41:08 +0100
tails (1.2.3) unstable; urgency=medium