Diffstat (limited to 'debian/changelog')
1 files changed, 232 insertions, 11 deletions
diff --git a/debian/changelog b/debian/changelog
index 24f9c16..2e883b4 100644
@@ -1,19 +1,240 @@
-tails (2.10) UNRELEASED; urgency=medium
+tails (2.12) UNRELEASED; urgency=medium
- * Dummy entry.
- * Tails Greeter: use gdm-password instead of gdm-autologin,
- to fix switching to the VT where the desktop session lives
- on Stretch (Closes: #11694)
- * Tails Greeter: Fix more options scrolledwindow size in Stretch
- (Closes: #11919)
+ * Dummy.
- -- bertagaz <bertagaz@haze> Tue, 15 Nov 2016 23:19:34 +0100
+ -- anonym <firstname.lastname@example.org> Wed, 25 Jan 2017 01:32:33 +0100
-tails (2.7.2) UNRELEASED; urgency=medium
+tails (2.11) UNRELEASED; urgency=medium
- * Dummy entry.
+ * Dummy.
- -- Tails developers <email@example.com> Thu, 01 Dec 2016 04:44:26 +0100
+ -- anonym <firstname.lastname@example.org> Tue, 24 Jan 2017 14:01:50 +0100
+tails (2.10) unstable; urgency=medium
+ * Major new features and changes
+ - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
+ - Install OnionShare from jessie-backports. Also install
+ python3-stem from jessie-backports to allow the use of ephemeral
+ onion services (Closes: #7870).
+ - Completely rewrite tor-controlport-filter. Now we can safely
+ support OnionShare, Tor Browser's per-tab circuit view and
+ * Port to python3.
+ * Handle multiple sessions simultaneously.
+ * Separate data (filters) from code.
+ * Use python3-stem to allow our filter to be a lot more
+ oblivious of the control language (Closes: #6788).
+ * Allow restricting STREAM events to only those generated by the
+ subscribed client application.
+ * Allow rewriting commands and responses arbitrarily.
+ * Make tor-controlport-filter reusable for others by e.g. making
+ it possible to pass the listen port, and Tor control
+ cookie/socket paths as arguments (Closes: #6742). We hear
+ Whonix plan to use it! :)
+ - Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series
+ (Closes: #12012).
+ * Security fixes
+ - Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159)
+ - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
+ - Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9.
+ - Upgrade pcscd to 1.8.13-1+deb8u1.
+ - Upgrade libgd3 to 2.1.0-5+deb8u8.
+ - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4.
+ - Upgrade tor to 0.2.9.9-1~d80.jessie+1.
+ - Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2.
+ * Minor improvements
+ - Enable and use the Debian Jessie proposed-updates APT
+ repository, anticipating on the Jessie 8.7 point-release
+ (Closes: #12124).
+ - Enable the per-tab circuit view in Tor Browser (Closes: #9365).
+ - Change syslinux menu entries from "Live" to "Tails" (Closes:
+ #11975). Also replace the confusing "failsafe" wording with
+ "Troubleshooting Mode" (Closes: #11365).
+ - Make OnionCircuits use the filtered control port (Closes:
+ - Make tor-launcher use the filtered control port.
+ - Run OnionCircuits directly as the Live user, instead of a
+ separate user. This will make it compatible with the Orca screen
+ reader (Closes: #11197).
+ - Run tor-controlport-filter on port 9051, and the unfiltered one
+ on 9052. This simplifies client configurations and assumptions
+ made in many applications that use Tor's ControlPort. It's the
+ exception that we connect to the unfiltered version, so this
+ seems like the more sane approach.
+ - Remove tor-arm (Nyx) (Closes: #9811).
+ - Remove AddTrust_External_Root.pem from our website CA bundle. We
+ now only use Let's Encrypt (Closes: #11811).
+ - Configure APT to use Debian's Onion services instead of the
+ clearnet ones (Closes: #11556).
+ - Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
+ incidentally also makes our filter lists lighter by
+ de-duplicating common patterns among the EasyList filters
+ (Closes: #6908). Thanks to spriver for this first major code
+ - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
+ Jessie backports (Closes: #11899).
+ - Add support for exFAT (Closes: #9659).
+ - Disable unprivileged BPF. Since upgrading to kernel 4.6,
+ unprivileged users can use the bpf() syscall, which is a
+ security concern, even with JIT disabled. So we disable that.
+ This feature wasn't available before Linux 4.6, so disabling it
+ should not cause any regressions (Closes: #11827).
+ - Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
+ - Raise the maximum number of loop devices to 32 (Closes: #12065).
+ - Drop kernel.dmesg_restrict customization: it's enabled by
+ default since 4.8.4-1~exp1 (Closes: #11886).
+ - Upgrade Electrum to 2.7.9-1.
+ - Make the Electrum proxy configuration apply after upgrading to
+ 2.7.9-1. These changes incidentally makes Electrum behave nicer:
+ users will now not be presented the network configuration part
+ of the setup wizard -- a server will be picked randomly, and
+ Electrum will auto-connect. The automated test suite is adjusted
+ accordingly (Closes: #12140).
+ - Remove unused Browser profile seed file localstore.rdf which was
+ made obsolete in Firefox 34.
+ - Tor Browser: switch from pt-PT to pt-BR langpack. The upstream
+ Tor Browser did this in version 6.5 (Refs: #12159).
+ * Bugfixes
+ - Tails Greeter:
+ * use gdm-password instead of gdm-autologin, to fix switching to
+ the VT where the desktop session lives on Stretch (Closes:
+ * Fix more options scrolledwindow size in Stretch (Closes:
+ - Tails Installer: remove unused code warning about missing
+ extlinux in Tails Installer (Closes: #11196).
+ - Update APT pinning to cover all binary packages built from
+ src:mesa so we ensure installing mesa from jessie-backports
+ (Closes: #11853).
+ - Install xserver-xorg-video-amdgpu. This should help supporting
+ newer AMD graphics adapters. (Closes #11850)
+ - Fix firewall startup during early boot, by referring to the
+ "amnesia" user via its UID (Closes: #7018).
+ - Include all amd64-microcodes.
+ - refresh-translations: ignore
+ Otherwise, if the website has been built already, PO tools
+ complain that there are files with translatable strings in
+ there, which are not listed in POTFILES.in.
+ - Make uBlock Origin's button appear on first run. Otherwise it
+ will only appear on browser runs after the first one. This bug
+ also affected Adblock Plus (Closes: #12145).
+ * Build system
+ - Be more careful when unmounting the tmpfs used as workspace
+ during builds, fixing an issue that made Jenkins' ISO builders
+ prone to failures (Closes: #12009).
+ - Upgrade the Vagrant basebox to 20170105. The only big change is
+ that we now install the backported kernel in the builder VM, to
+ make building possible on Debian Sid (Closes: #12081).
+ - Ensure the VirtualBox guest DKMS modules are built for the
+ kernel we want them for. In some situations, depending on the
+ version of the running kernel, the modules would not be built
+ for the 686 kernel, which is the one that needs the VirtualBox
+ guest modules. This commit ensures the VirtualBox guest modules
+ are built and installed regardless of the how the build
+ environment looks like (Closes: #12139).
+ * Test suite
+ - Replace the filesystem shares support with a helper for easily
+ sharing files from the host to the guest using virtual disks
+ (Closes: #5571).
+ - Do not test sending email when testing POP3. We cannot clean
+ that email up (easily) since when we use POP3 deletions won't
+ affect the remote inbox, only our local one, resulting in the
+ quota being reached eventually (Closes: #12006).
+ - Have APT tests configure APT to use non-onion sources. Our test
+ suite uses Chutney to create a virtual, private Tor network, and
+ thus doesn't support connections to Onion services running in
+ the real Tor network (Refs: #11556).
+ - Allow connections to Tor's control port during stream isolation
+ tests, but only for those applications where we expect that.
+ - Fix Electrum tests after upgrading to 2.7.9-1.
+ - Make encryption.feature pass for Tails 2.10~rc1.
+ - Adapt tests after the Donation campaign was disabled (Refs:
+ - Fix 'The "Tails documentation" link on the Desktop works'
+ scenario. The TailsOfflineDocHomepage.png image doesn't match
+ what we see any more (I have no clue why), so let's use Dogtail
+ and solve this once and for all, hopefully.
+ - Work around Tails freezing during memory wiping. These
+ workarounds should be reverted once #11786 is fixed
+ properly. (Refs: #10776, #11786)
+ - Support both xtigervncviewer and xtightvncviewer for --view.
+ xtightvncviewer is a transitional package in Sid, which depends
+ on tigervnc-viewer (which ships xtigervncviewer), so by keeping
+ the dep and supporting both binaries, --view will work on both
+ Sid and Jessie (Closes: #12129).
+ - Test suite: bump image after upgrading to Tor Browser 6.5 (Refs:
+ - Add debugging info for when PacketFu misbehaves, and be more
+ careful when to save pcap artifacts (Refs: #11508).
+ -- Tails developers <email@example.com> Mon, 23 Jan 2017 11:38:37 +0100
+tails (2.9.1) unstable; urgency=medium
+ * Security fixes
+ - Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay
+ close attention you'll see that we import -build1 but there was
+ a -build2. The only change is Tor Button 126.96.36.199 which makes
+ some changes to the donation campaign banner in `about:tor`,
+ which we safely can skip. (Closes: #12028)
+ - Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029)
+ - Upgrade APT-related packages to 188.8.131.52.4.
+ * Minor improvements
+ - Switch to DuckDuckGo as the default search engine in the tor
+ Browser. This is what Tor Browser has, and Disconnect.me (the
+ previous default) has been re-directing to DDG for some time,
+ which has been confusing users. In addition, we localize the DDG
+ user interface for the locales with availablelangpacks. (Closes:
+ - Improve the display name for the Wikipedia search plugin.
+ - Enable contrib and non-free for our own APT repos.
+ - Upgrade Tor to 0.2.8.10. (Closes: #12015)
+ - Upgrade obfs4proxy to 0.0.7-1~tpo1.
+ * Bugfixes
+ - AppArmor Totem profile: add permissions needed to avoid warning
+ on startup. (Closes: #11984)
+ - Upgrade the VirtualBox Guest additions and modules to version
+ 5.1.8. This should prevent Xorg from crashing unless the video
+ memory for the VMs are significantly bumped. (Closes: #11965)
+ Users will still have to enable I/O APIC due to a bug in Linux.
+ - Drop unwanted search plugins from the Tor Browser langpacks.
+ Otherwise they are only removed from English locales. Note that
+ the langpacks contain copies of the English plugins, not
+ localized versions, so we actually lose nothing.
+ * Test suite
+ - Add support for SikuliX, which recently hit Debian Unstable,
+ while still supporting Sikuli for Jessie users. (Closes: #11991)
+ - Fix some instances where we were trying to use the mouse outside
+ of the Sikuli screen.
+ - Use "TorBirdy" instead of "amnesia branding" as the "anchor"
+ addon. I.e. the addon that we use to find the other ones. The
+ "amnesia branding" addon has been removed, so we must use
+ something else. (Fixup: #11906)
+ - Dogtailify "the support documentation page opens in Tor Browser"
+ step. We previously relied on Sikuli, and the image was made
+ outdated thanks to our donation campaign. No more! (Closes:
+ - Resolve dl.amnesia.boum.org instead of picking a static address.
+ Just hours after updating the dustri.org IP address, its web
+ server went down => test suite failures. Let's make this test as
+ robust as actually downloading the Tails ISO image -- if that
+ fails, we probably have more serious problems on our hands than
+ a failing test suite. (Closes: #11960)
+ - Switch MAT scenario from testing PDFs to PNGs. Also add
+ anti-test and test using using a tool *different* from MAT, the
+ tool being tested here. (Closes: #11901)
+ -- Tails Developers <firstname.lastname@example.org> Wed, 14 Dec 2016 13:19:16 +0100
tails (2.7.1) unstable; urgency=medium