diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 243 |
1 files changed, 232 insertions, 11 deletions
diff --git a/debian/changelog b/debian/changelog index 24f9c16..2e883b4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,19 +1,240 @@ -tails (2.10) UNRELEASED; urgency=medium +tails (2.12) UNRELEASED; urgency=medium - * Dummy entry. - * Tails Greeter: use gdm-password instead of gdm-autologin, - to fix switching to the VT where the desktop session lives - on Stretch (Closes: #11694) - * Tails Greeter: Fix more options scrolledwindow size in Stretch - (Closes: #11919) + * Dummy. - -- bertagaz <bertagaz@haze> Tue, 15 Nov 2016 23:19:34 +0100 + -- anonym <anonym@riseup.net> Wed, 25 Jan 2017 01:32:33 +0100 -tails (2.7.2) UNRELEASED; urgency=medium +tails (2.11) UNRELEASED; urgency=medium - * Dummy entry. + * Dummy. - -- Tails developers <tails@boum.org> Thu, 01 Dec 2016 04:44:26 +0100 + -- anonym <anonym@riseup.net> Tue, 24 Jan 2017 14:01:50 +0100 + +tails (2.10) unstable; urgency=medium + + * Major new features and changes + - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886). + - Install OnionShare from jessie-backports. Also install + python3-stem from jessie-backports to allow the use of ephemeral + onion services (Closes: #7870). + - Completely rewrite tor-controlport-filter. Now we can safely + support OnionShare, Tor Browser's per-tab circuit view and + similar. + * Port to python3. + * Handle multiple sessions simultaneously. + * Separate data (filters) from code. + * Use python3-stem to allow our filter to be a lot more + oblivious of the control language (Closes: #6788). + * Allow restricting STREAM events to only those generated by the + subscribed client application. + * Allow rewriting commands and responses arbitrarily. + * Make tor-controlport-filter reusable for others by e.g. making + it possible to pass the listen port, and Tor control + cookie/socket paths as arguments (Closes: #6742). We hear + Whonix plan to use it! :) + - Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series + (Closes: #12012). + + * Security fixes + - Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159) + - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s. + - Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9. + - Upgrade pcscd to 1.8.13-1+deb8u1. + - Upgrade libgd3 to 2.1.0-5+deb8u8. + - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4. + - Upgrade tor to 0.2.9.9-1~d80.jessie+1. + - Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2. + + * Minor improvements + - Enable and use the Debian Jessie proposed-updates APT + repository, anticipating on the Jessie 8.7 point-release + (Closes: #12124). + - Enable the per-tab circuit view in Tor Browser (Closes: #9365). + - Change syslinux menu entries from "Live" to "Tails" (Closes: + #11975). Also replace the confusing "failsafe" wording with + "Troubleshooting Mode" (Closes: #11365). + - Make OnionCircuits use the filtered control port (Closes: + #9001). + - Make tor-launcher use the filtered control port. + - Run OnionCircuits directly as the Live user, instead of a + separate user. This will make it compatible with the Orca screen + reader (Closes: #11197). + - Run tor-controlport-filter on port 9051, and the unfiltered one + on 9052. This simplifies client configurations and assumptions + made in many applications that use Tor's ControlPort. It's the + exception that we connect to the unfiltered version, so this + seems like the more sane approach. + - Remove tor-arm (Nyx) (Closes: #9811). + - Remove AddTrust_External_Root.pem from our website CA bundle. We + now only use Let's Encrypt (Closes: #11811). + - Configure APT to use Debian's Onion services instead of the + clearnet ones (Closes: #11556). + - Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This + incidentally also makes our filter lists lighter by + de-duplicating common patterns among the EasyList filters + (Closes: #6908). Thanks to spriver for this first major code + contribution! + - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from + Jessie backports (Closes: #11899). + - Add support for exFAT (Closes: #9659). + - Disable unprivileged BPF. Since upgrading to kernel 4.6, + unprivileged users can use the bpf() syscall, which is a + security concern, even with JIT disabled. So we disable that. + This feature wasn't available before Linux 4.6, so disabling it + should not cause any regressions (Closes: #11827). + - Add and enable AppArmor profiles for OnionCircuits and OnoinShare. + - Raise the maximum number of loop devices to 32 (Closes: #12065). + - Drop kernel.dmesg_restrict customization: it's enabled by + default since 4.8.4-1~exp1 (Closes: #11886). + - Upgrade Electrum to 2.7.9-1. + - Make the Electrum proxy configuration apply after upgrading to + 2.7.9-1. These changes incidentally makes Electrum behave nicer: + users will now not be presented the network configuration part + of the setup wizard -- a server will be picked randomly, and + Electrum will auto-connect. The automated test suite is adjusted + accordingly (Closes: #12140). + - Remove unused Browser profile seed file localstore.rdf which was + made obsolete in Firefox 34. + - Tor Browser: switch from pt-PT to pt-BR langpack. The upstream + Tor Browser did this in version 6.5 (Refs: #12159). + + * Bugfixes + - Tails Greeter: + * use gdm-password instead of gdm-autologin, to fix switching to + the VT where the desktop session lives on Stretch (Closes: + #11694) + * Fix more options scrolledwindow size in Stretch (Closes: + #11919) + - Tails Installer: remove unused code warning about missing + extlinux in Tails Installer (Closes: #11196). + - Update APT pinning to cover all binary packages built from + src:mesa so we ensure installing mesa from jessie-backports + (Closes: #11853). + - Install xserver-xorg-video-amdgpu. This should help supporting + newer AMD graphics adapters. (Closes #11850) + - Fix firewall startup during early boot, by referring to the + "amnesia" user via its UID (Closes: #7018). + - Include all amd64-microcodes. + - refresh-translations: ignore + config/chroot_local-includes/usr/share/doc/tails/website/. + Otherwise, if the website has been built already, PO tools + complain that there are files with translatable strings in + there, which are not listed in POTFILES.in. + - Make uBlock Origin's button appear on first run. Otherwise it + will only appear on browser runs after the first one. This bug + also affected Adblock Plus (Closes: #12145). + + * Build system + - Be more careful when unmounting the tmpfs used as workspace + during builds, fixing an issue that made Jenkins' ISO builders + prone to failures (Closes: #12009). + - Upgrade the Vagrant basebox to 20170105. The only big change is + that we now install the backported kernel in the builder VM, to + make building possible on Debian Sid (Closes: #12081). + - Ensure the VirtualBox guest DKMS modules are built for the + kernel we want them for. In some situations, depending on the + version of the running kernel, the modules would not be built + for the 686 kernel, which is the one that needs the VirtualBox + guest modules. This commit ensures the VirtualBox guest modules + are built and installed regardless of the how the build + environment looks like (Closes: #12139). + + * Test suite + - Replace the filesystem shares support with a helper for easily + sharing files from the host to the guest using virtual disks + (Closes: #5571). + - Do not test sending email when testing POP3. We cannot clean + that email up (easily) since when we use POP3 deletions won't + affect the remote inbox, only our local one, resulting in the + quota being reached eventually (Closes: #12006). + - Have APT tests configure APT to use non-onion sources. Our test + suite uses Chutney to create a virtual, private Tor network, and + thus doesn't support connections to Onion services running in + the real Tor network (Refs: #11556). + - Allow connections to Tor's control port during stream isolation + tests, but only for those applications where we expect that. + - Fix Electrum tests after upgrading to 2.7.9-1. + - Make encryption.feature pass for Tails 2.10~rc1. + - Adapt tests after the Donation campaign was disabled (Refs: + #12134). + - Fix 'The "Tails documentation" link on the Desktop works' + scenario. The TailsOfflineDocHomepage.png image doesn't match + what we see any more (I have no clue why), so let's use Dogtail + and solve this once and for all, hopefully. + - Work around Tails freezing during memory wiping. These + workarounds should be reverted once #11786 is fixed + properly. (Refs: #10776, #11786) + - Support both xtigervncviewer and xtightvncviewer for --view. + xtightvncviewer is a transitional package in Sid, which depends + on tigervnc-viewer (which ships xtigervncviewer), so by keeping + the dep and supporting both binaries, --view will work on both + Sid and Jessie (Closes: #12129). + - Test suite: bump image after upgrading to Tor Browser 6.5 (Refs: + #12159). + - Add debugging info for when PacketFu misbehaves, and be more + careful when to save pcap artifacts (Refs: #11508). + + -- Tails developers <tails@boum.org> Mon, 23 Jan 2017 11:38:37 +0100 + +tails (2.9.1) unstable; urgency=medium + + * Security fixes + - Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay + close attention you'll see that we import -build1 but there was + a -build2. The only change is Tor Button 1.9.5.13 which makes + some changes to the donation campaign banner in `about:tor`, + which we safely can skip. (Closes: #12028) + - Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029) + - Upgrade APT-related packages to 1.0.9.8.4. + + * Minor improvements + - Switch to DuckDuckGo as the default search engine in the tor + Browser. This is what Tor Browser has, and Disconnect.me (the + previous default) has been re-directing to DDG for some time, + which has been confusing users. In addition, we localize the DDG + user interface for the locales with availablelangpacks. (Closes: + #11913) + - Improve the display name for the Wikipedia search plugin. + - Enable contrib and non-free for our own APT repos. + - Upgrade Tor to 0.2.8.10. (Closes: #12015) + - Upgrade obfs4proxy to 0.0.7-1~tpo1. + + * Bugfixes + - AppArmor Totem profile: add permissions needed to avoid warning + on startup. (Closes: #11984) + - Upgrade the VirtualBox Guest additions and modules to version + 5.1.8. This should prevent Xorg from crashing unless the video + memory for the VMs are significantly bumped. (Closes: #11965) + Users will still have to enable I/O APIC due to a bug in Linux. + - Drop unwanted search plugins from the Tor Browser langpacks. + Otherwise they are only removed from English locales. Note that + the langpacks contain copies of the English plugins, not + localized versions, so we actually lose nothing. + + * Test suite + - Add support for SikuliX, which recently hit Debian Unstable, + while still supporting Sikuli for Jessie users. (Closes: #11991) + - Fix some instances where we were trying to use the mouse outside + of the Sikuli screen. + - Use "TorBirdy" instead of "amnesia branding" as the "anchor" + addon. I.e. the addon that we use to find the other ones. The + "amnesia branding" addon has been removed, so we must use + something else. (Fixup: #11906) + - Dogtailify "the support documentation page opens in Tor Browser" + step. We previously relied on Sikuli, and the image was made + outdated thanks to our donation campaign. No more! (Closes: + #11911) + - Resolve dl.amnesia.boum.org instead of picking a static address. + Just hours after updating the dustri.org IP address, its web + server went down => test suite failures. Let's make this test as + robust as actually downloading the Tails ISO image -- if that + fails, we probably have more serious problems on our hands than + a failing test suite. (Closes: #11960) + - Switch MAT scenario from testing PDFs to PNGs. Also add + anti-test and test using using a tool *different* from MAT, the + tool being tested here. (Closes: #11901) + + -- Tails Developers <tails@boum.org> Wed, 14 Dec 2016 13:19:16 +0100 tails (2.7.1) unstable; urgency=medium |