summaryrefslogtreecommitdiffstats
path: root/wiki/src/news/test_2.10-rc1.mdwn
blob: 192fc491b61719c2b3bab33aedb00a49e9ed6a46 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
[[!meta title="Call for testing: 2.10~rc1"]]

[[!meta date="2017-01-13 01:02:03"]]

[[!tag announce]]

You can help Tails! The first release candidate for the upcoming version 2.10 is
out. Please test it and report any issue. We are particularly interested in
feedback and problems relating to:

* OnionShare
* Tor Browser's per-tab circuit view
* Problems with OnionCircuits
* Problems with Tor Launcher (when configuring Tor bridges, proxy etc.)

[[!toc levels=1]]

How to test Tails 2.10~rc1?
==========================

**Keep in mind that this is a test image.** We tested
that it is not broken in obvious ways, but it might still contain
undiscovered issues.

But test wildly!

If you find anything that is not working as it should, please [[report to
us|doc/first_steps/bug_reporting]]! Bonus points if you first check if it is a
<a href="#known_issues">known issue of this release</a> or a
[[longstanding known issue|support/known_issues]].

Download and install
--------------------

<a class="download-file" href="https://tails.boum.org/torrents/files/tails-i386-2.10~rc1.torrent" >Tails 2.10~rc1 torrent</a>

<a class="download-file use-mirror-pool" href="http://dl.amnesia.boum.org/tails/alpha/tails-i386-2.10~rc1/tails-i386-2.10~rc1.iso" >Tails 2.10~rc1 ISO image</a>
<span class="openpgp-small-link">[[OpenPGP signature|torrents/files/tails-i386-2.10~rc1.iso.sig]]</span>

To install 2.10~rc1, follow our usual [[installation instructions|install]],
skipping the **Download and verify** step.

Upgrade from 2.9.1
------------------

1. Start Tails 2.9.1 on a USB stick installed using *Tails Installer* and
   [[set an administration password|doc/first_steps/startup_options/administration_password]].

1. Run this command in a <span class="application">Root
   Terminal</span> to select the "alpha" upgrade channel
   and start the upgrade:

       echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
            tails-upgrade-frontend-wrapper

1. After the upgrade is installed, restart Tails and choose
   <span class="menuchoice">
     <span class="guimenu">Applications</span>&nbsp;▸
     <span class="guisubmenu">Tails</span>&nbsp;▸
     <span class="guimenuitem">About Tails</span>
   </span>
   to verify that you are running Tails 2.10~rc1.

What's new since 2.9.1?
=======================

Changes since Tails 2.9.1 are:

  * Major new features and changes
    - Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes:
      [[!tails_ticket 11886]]).
    - Install OnionShare from jessie-backports. Also install
      python3-stem from jessie-backports to allow the use of ephemeral
      onion services (Closes: [[!tails_ticket 7870]]).
    - Completely rewrite tor-controlport-filter. Now we can safely
      support OnionShare, Tor Browser's per-tab circuit view and
      similar.
      * Port to python3.
      * Handle multiple sessions simultaneously.
      * Separate data (filters) from code.
      * Use python3-stem to allow our filter to be a lot more
        oblivious of the control language (Closes:
        [[!tails_ticket 6788]]).
      * Allow restricting STREAM events to only those generated by the
        subscribed client application.
      * Allow rewriting commands and responses arbitrarily.
      * Make tor-controlport-filter reusable for others by e.g. making
        it possible to pass the listen port, and Tor control
        cookie/socket paths as arguments (Closes:
        [[!tails_ticket 6742]]). We hear Whonix plan to use it! :)
    - Upgrade Tor to 0.2.9.8-2~d80.jessie+1, the new stable series
      (Closes: [[!tails_ticket 12012]]).

  * Security fixes
    - Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.

  * Minor improvements
    - Enable and use the Debian Jessie proposed-updates APT
      repository, anticipating on the Jessie 8.7 point-release
      (Closes: [[!tails_ticket 12124]]).
    - Enable the per-tab circuit view in Tor Browser (Closes:
      [[!tails_ticket 9365]]).
    - Change syslinux menu entries from "Live" to "Tails" (Closes:
      [[!tails_ticket 11975]]). Also replace the confusing "failsafe"
      wording with "Troubleshooting Mode" (Closes:
      [[!tails_ticket 11365]]).
    - Make OnionCircuits use the filtered control port (Closes:
      [[!tails_ticket 9001]]).
    - Make  tor-launcher use the filtered control port.
    - Run OnionCircuits directly as the Live user, instead of a
      separate user. This will make it compatible with the Orca screen
      reader (Closes: [[!tails_ticket 11197]]).
    - Run tor-controlport-filter on port 9051, and the unfiltered one
      on 9052. This simplifies client configurations and assumptions
      made in many applications that use Tor's ControlPort. It's the
      exception that we connect to the unfiltered version, so this
      seems like the more sane approach.
    - Remove tor-arm (Nyx) (Closes: [[!tails_ticket 9811]]).
    - Remove AddTrust_External_Root.pem from our website CA bundle. We
      now only use Let's Encrypt (Closes: [[!tails_ticket 11811]]).
    - Configure APT to use Debian's Onion services instead of the
      clearnet ones (Closes: [[!tails_ticket 11556]]).
    - Replaced AdBlock Plus with uBlock Origin (Closes:
      [[!tails_ticket 9833]]). This incidentally also makes our filter
      lists lighter by de-duplicating common patterns among the
      EasyList filters (Closes: [[!tails_ticket 6908]]). Thanks to
      spriver for this first major code contribution!
    - Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
      Jessie backports (Closes: [[!tails_ticket 11899]]).
    - Add support for exFAT (Closes: [[!tails_ticket 9659]]).
    - Disable unprivileged BPF. Since upgrading to kernel 4.6,
      unprivileged users can use the bpf() syscall, which is a
      security concern, even with JIT disabled. So we disable that.
      This feature wasn't available before Linux 4.6, so disabling it
      should not cause any regressions (Closes: [[!tails_ticket 11827]]).
    - Add and enable AppArmor profiles for OnionCircuits and OnionShare.
    - Raise the maximum number of loop devices to 32 (Closes:
      [[!tails_ticket 12065]]).
    - Drop kernel.dmesg_restrict customization: it's enabled by
      default since 4.8.4-1~exp1 (Closes: [[!tails_ticket 11886]]).
    - Upgrade Electrum to 2.7.9-1.

  * Bugfixes
    - Tails Greeter:
      * use gdm-password instead of gdm-autologin, to fix switching to
        the VT where the desktop session lives on Stretch (Closes:
        [[!tails_ticket 11694]])
      * Fix more options scrolledwindow size in Stretch (Closes:
        [[!tails_ticket 11919]])
    - Tails Installer: remove unused code warning about missing
      extlinux in Tails Installer (Closes: [[!tails_ticket 11196]]).
    - Update APT pinning to cover all binary packages built from
      src:mesa so we ensure installing mesa from jessie-backports
      (Closes: [[!tails_ticket 11853]]).
    - Install xserver-xorg-video-amdgpu. This should help supporting
      newer AMD graphics adapters. (Closes [[!tails_ticket 11850]])
    - Fix firewall startup during early boot, by referring to the
      "amnesia" user via its UID (Closes: [[!tails_ticket 7018]]).
    - Include all amd64-microcodes.

For more details, see also our [changelog](https://git-tails.immerda.ch/tails/plain/debian/changelog?h=testing).

<a id="known_issues"></a>

# Known issues in 2.10~rc1

* There are no VirtualBox guest modules ([[!tails_ticket 12139]]).

* Electrum won't automatically connect since it lacks proxy
  configuration ([[!tails_ticket 12140]]). Simply selecting the
  `SOCKS5` proxy in the Network options is enough to get it working
  again.

* [[Longstanding known issues|support/known_issues]]