summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes
Commit message (Collapse)AuthorAgeFilesLines
* WIP: ISOanonym2017-03-257-329/+21
|
* Update uBlock Origin patterns + settings file.anonym2017-03-061-2108/+3649
|
* Make notification action ids unique, in case it helps with the weird ↵intrigeri2017-03-053-3/+6
| | | | behaviour we see when multiple notifications with actions are displayed at the same time. (refs: #12193)
* Merge branch 'stable' into feature/12193-notify-if-32-bitintrigeri2017-03-052-17/+17
|\
| * Merge remote-tracking branch 'origin/feature/12283-tor-browser-6.5.1' into ↵intrigeri2017-03-052-17/+17
| |\ | | | | | | | | | stable (fix-committed: #12283)
| | * Upgrade Tor Browser to 6.5.1-build2.anonym2017-03-042-17/+17
| | | | | | | | | | | | Will-fix: #12283
* | | Merge branch 'stable' into feature/12193-notify-if-32-bitintrigeri2017-03-054-4/+9
|\ \ \ | |/ /
| * | Merge remote-tracking branch 'origin/stable' into stableanonym2017-03-053-3/+8
| |\ \
| | * | Disable modules we blacklist for security reasons.anonym2017-03-032-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Blacklisted (via `blacklist MODULENAME`) modules are only blocked from being loaded during the boot process, but are still loadable with an explicit `modprobe MODULENAME`, and (worse!) via kernel module auto-loading.
| | * | Disable modules for more uncommon network protocol.anonym2017-03-031-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are the ones recommended by CIS in its "4.6 Uncommon Network Protocols" section, in: https://benchmarks.cisecurity.org/tools2/linux/cis_red_hat_enterprise_linux_7_benchmark_v1.1.0.pdf Why not being more CIS compliant? :) Refs: #6457
| | * | Fix CVE-2017-6074 by disabling the 'dccp' module.anonym2017-03-031-0/+1
| | |/ | | | | | | | | | | | | | | | For details, see: http://seclists.org/oss-sec/2017/q1/471 Will-fix: #12280
| * | Allow the tails-install-iuk user to run "/usr/bin/nocache /bin/cp *" as root ↵intrigeri2017-03-031-1/+1
| |/ | | | | | | (refs: #8449).
* | tails-*-notify-user scripts: start doc viewer in a subprocess.anonym2017-03-043-14/+20
| | | | | | | | | | | | Since we `exec()` into `tails-documentation`, these scripts will block until the documentation browser is closed (unless it was already started).
* | Merge branch 'stable' into feature/12193-notify-if-32-bitintrigeri2017-03-034-2/+81
|\ \ | |/
| * Merge remote-tracking branch 'origin/feature/12271-i2p-removal-notification' ↵intrigeri2017-03-034-2/+81
| |\ | | | | | | | | | into stable (Fix-committed: #12271, #12269).
| | * s/amnesia/$LIVE_USERNAME/anonym2017-03-011-1/+4
| | |
| | * Remove useless comment.anonym2017-03-011-1/+0
| | |
| | * Tor Browser: don't show offline warning when opening local documentation.anonym2017-03-012-1/+3
| | | | | | | | | | | | Will-fix: #12269
| | * Add anchor and point to it via tails-documentation.anonym2017-02-282-1/+6
| | |
| | * Notify I2P users that I2P will be removed in Tails 2.12.anonym2017-02-282-0/+70
| | | | | | | | | | | | Will-fix: #12271
* | | tails-virt-notify-user: use the tails-documentation helper to improve UX ↵intrigeri2017-03-031-2/+3
| | | | | | | | | | | | when one is not connected to Tor yet, and display localized doc when available.
* | | tails-32-bit-notify-user: display the local news, and a localized version if ↵intrigeri2017-03-031-2/+2
| | | | | | | | | | | | | | | | | | available (refs: #12193). This will make this work even when offline.
* | | tails-32-bit-notify-user: make decisions based on the CPU architecture, not ↵intrigeri2017-03-021-4/+2
| | | | | | | | | | | | | | | | | | | | | the running kernel one (refs: #12193). Otherwise, manually picking the 32-bit kernel on 64-bit hardware would result in the notification being shown.
* | | Merge remote-tracking branch 'origin/stable' into feature/12193-notify-if-32-bitintrigeri2017-03-023-15/+103
|\ \ \ | |/ /
| * | Merge remote-tracking branch 'origin/bugfix/12208-ferm-fix' into stable ↵intrigeri2017-03-021-1/+1
| |\ \ | | | | | | | | | | | | (Fix-committed: #12208)
| | * | Ferm: use the variable when referring to the Live user.anonym2017-02-241-1/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | The firewall will fail to start during early boot otherwise since the "amnesia" user hasn't been created yet. Refs: #7018 Will-fix: #12208
| * | Merge remote-tracking branch 'origin/bugfix/12169-disable-proposed-updates' ↵intrigeri2017-03-021-0/+5
| |\ \ | | | | | | | | | | | | into stable (Fix-committed: #12169)
| | * \ Merge remote-tracking branch 'origin/stable' into ↵anonym2017-02-182-62/+91
| | |\ \ | | | |/ | | | | | | | | bugfix/12169-disable-proposed-updates
| | * | Make regular expression stricter.anonym2017-02-171-1/+1
| | | |
| | * | Remove empty APT source files.anonym2017-01-251-0/+2
| | | |
| | * | Disable -proposed-updates at boot time.anonym2017-01-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a Debian point release happens right after a freeze but we have decided to enable it before the freeze to get (at least most of) it, then we get in the situation where -proposed-updates is enabled in the final release, which we don't want. We only want it enabled at build time. Will-fix: #12169
| * | | Remote shell: initiate group membershipanonym2017-01-251-0/+1
| | | | | | | | | | | | | | | | Without this minor group membership is not effective.
| * | | Dogtail: use the remote shell's new Python session feature.anonym2017-01-251-12/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... to significantly improve Dogtail's performance by saving state and reusing it between Dogtail commands. This is a massive commit, and it changes the semantics of the creation of Dogtail objects. Previously they just created the code that then would be run once an actionable method was called (.wait, .click etc), but now it works like in Python, that Dogtail will try to find the graphical element upon object creation. Will-fix: #12059
| * | | Remote shell: extend with persistent Python 2.7 per-user sessions.anonym2017-01-251-12/+86
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * "persistent": effects (e.g. assignments) survive between separate remote shell python commands. * "Python 2.7": because that is what Dogtail needs. * "per-user": the `dogtail` module must be imported as the user running the applications you intend to have Dogtail interact with. This will allow us to optimize the performance of Dogtail significantly, as well as reduce the code complexity of the Dogtail wrapper. Refs: #12059
* | | Notify the user if running on a 32-bit processor, that won't be supported in ↵intrigeri2017-01-302-0/+76
|/ / | | | | | | Tails 3.0 anymore (refs: #12193).
* | Merge remote-tracking branch 'origin/stable' into ↵anonym2017-01-258-945/+1550
|\ \ | |/ | | | | test/11887-remote-shell-file-operations
| * Update uBlock Origin patterns + settings file.anonym2017-01-231-905/+1525
| |
| * Tor Browser: switch from pt-PT to pt-BR langpack.anonym2017-01-211-1/+1
| | | | | | | | | | | | The upstream Tor Browser did this in version 6.5. Refs: #12159
| * Upgrade Tor Browser to 6.5-build3.anonym2017-01-212-17/+17
| | | | | | | | Will-fix: #12159
| * Merge remote-tracking branch ↵intrigeri2017-01-161-2/+1
| |\ | | | | | | | | | 'origin/bugfix/12143-onionshare-gui-apparmor-fix' into testing (Fix-committed: #12143)
| | * Remove superfluous AppArmor rule.anonym2017-01-161-1/+0
| | | | | | | | | | | | | | | The pattern `[^.]*` matches a subset of `[^.]**`, so we only need to keep the latter.
| | * Make onionshare-gui able to access folders beneath $HOME.anonym2017-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Without this change e.g. ~/Documents is inaccessible. To be honest, this does not makes sense to me, as my interpretation of the old patterns clearly should allow subfolders and files therein. Will-fix: #12143
| * | Merge remote-tracking branch 'origin/bugfix/12140-electrum-proxy' into ↵intrigeri2017-01-161-0/+2
| |\ \ | | | | | | | | | | | | testing (Fix-committed: #12140)
| | * | Make the Electrum proxy configuration apply after upgrading to 2.7.9-1.anonym2017-01-151-0/+2
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without these changes, our proxy configuration is ignored, and Electrum will try an unproxied connection which our firewall will block. These changes incidentally makes Electrum behave nicer: users will now not be presented the network configuration part of the setup wizard -- a server will be picked randomly, and Electrum will auto-connect. The automated test suite is adjusted accordingly. Will-fix: #12140
| * | Remove unused Browser profile seed file.anonym2017-01-151-20/+0
| | | | | | | | | | | | | | | | | | | | | | | | localstore.rdf was made obsolete in Firefox 34: http://kb.mozillazine.org/Localstore.rdf Apparently the default UI is good enough for us.
| * | Make uBlock Origin's button appear also on first run.anonym2017-01-151-0/+4
| |/ | | | | | | | | | | Otherwise it will only appear on browser runs after the first one. Will-fix: #12145
* | Merge remote-tracking branch 'origin/testing' into ↵anonym2017-01-1627-196372/+97791
|\ \ | |/ | | | | test/11887-remote-shell-file-operations
| * Merge remote-tracking branch 'origin/devel' into ↵anonym2017-01-1223-184/+956
| |\ | | | | | | | | | feature/9833-replace-adblock-with-ublock
| | * Merge remote-tracking branch 'origin/feature/11556-apt-with-onions' into develanonym2017-01-111-6/+16
| | |\ | | | | | | | | | | | | Fix-committed: #11556
| | | * At boot time, point APT sources to Onion services (refs: #11556).intrigeri2017-01-101-6/+16
| | | |