Seite drucken - Tails: Anonym im Internet

PC-Ecke => # Security Center => Software (PC-Sicherheit) => Thema gestartet von: SiLæncer am 09 Januar, 2012, 13:00

Titel: Tails: Anonym im Internet
Beitrag von: SiLæncer am 09 Januar, 2012, 13:00

Tails (http://tails.boum.org/) ist eine Linux-Distribution, die als Live-System von CD oder USB-Stick läuft und besonderen Wert auf den Schutz der Privatsphäre des Anwenders legt. Sämtlicher Internet-Verkehr wird über das Tor-Netzwerk geleitet und so anonymisiert; als Live-System hinterlässt Tails (kurz für "The Amnesic Incognito Live System") keine Spuren auf dem verwendeten PC. Werkzeuge zur Verschlüsselung von Dateien und E-Mail sind enthalten. Beim Herunterfahren löscht Tails den Hauptspeicher.

Die neue Version 0.10 des Debian-basierten Live-Systems behebt diverse Sicherheitslücken (http://tails.boum.org/security/Numerous_security_holes_in_0.9/index.de.html) der Vorversion. Tor wurde auf Version 0.2.2.35 aktualisiert, Iceweasel (die Debian-Variante von Firefox) auf 9.0, der Linux-Kernel auf 3.1.6. Weitere Neuerungen nennen die Release Notes (http://tails.boum.org/news/version_0.10/); hier wird auch auf einen bekannten Bug hingewiesen, dass das Löschen des Hauptspeichers im Bereich zwischen 2 und 4 GByte nicht immer zuverlässig funktioniert. Tails steht als ISO-Image samt Installationsanleitung zum Download (http://tails.boum.org/download/index.de.html) bereit.

Quelle : www.heise.de

Titel: Re: Tails: Anonym im Internet
Beitrag von: Jürgen am 10 Januar, 2012, 01:13

Zitat

Beim Herunterfahren löscht Tails den Hauptspeicher.

Komisch, mein Hauptspeicher löscht sich wenige Millisekunden nach Strom aus von ganz allein.
Und einen Warmstart oder suspend to RAM würde man in diesem Zusammenhang sicher nicht als Herunterfahren bezeichnen, denn das bzw. den (bedingt sicherheitsrelevanten) Unterschied erfährt ja stets das gerade aktive Betriebssystem.

Auch sollte sich kein modernes Betriebssystem unerkannt dazu verleiten lassen, einen eventuell vorhandenen Flash-Speicher als RAM-Erweiterung zu nutzen. Nicht einmal Windows macht das unbemerkt.
Statt dessen wäre es unglaublich wichtig zu wissen, befände man sich ungewollt auf einer virtuellen Maschine. Darauf ließe sich bestimmt sogar ein ganz normal wirkender Boot-Vorgang simulieren.

Insbesondere habe ich noch nie von irgendwelchen Erfolgen gehört, aus stromlos gewordener RAM irgendwelche Datenreste wiederherzustellen.
Das ist nämlich aus (mindestens) zwei Gründen praktisch aussichtslos:
- die Speicherzellen sind nicht zerstörungsfrei direkt kontaktierbar, sondern nur über integrierte Treiberstufen, die selbst digital funktionieren und so ein Auslesen eventuell verbliebener Restladungen unmöglich machen. Ein Wiedereinschalten der Spalten- und Zeilen-Treiber-Stromversorgung ist nicht unabhängig möglich, und so wäre es danach selbst für Esoteriker endgültig vorbei
- die extrem feinen Strukturen und dabei unvermeidliche mechanische und elektrische Streuungen würden ein analoges Auswerten solcher Restladungen spätestens nach wenigen Sekunden völlig im Rauschen untergehen lassen.
Übrigens würde eine aktivierte Energie-Dispersion solche theoretischen Restspuren noch stärker verdecken.

Anders sieht das, zumindest prinzipiell, bei dauerhaften Speichern aus, Flash und Harddisks beispielsweise.
Sofern die Controllerfirmware das erlaubte, wäre es theoretisch denkbar, analoge Unterschiede einzelner Bitfolgen abzufragen, die nicht von ihrem aktuellen sondern von ihrem vorherigen Zustand herrühren.

Also, was soll der Quatsch, von wegen Hauptspeicher löschen beim Herunterfahren?
Da gibt es ganz andere Stellen allein im PC, wo ein Übeltäter Daten verstecken könnte, wie z.B. diverse Firmware-Bereiche, CMOS-Speicher, EAROMs usw.
Wenn's aber gegen Warmstart-Risiken geht, vergesst bitte den Grafikspeicher nicht. Es gab schon vor Jahren "gute" Tools, die darin überwintern konnten.
Und residente DOS-Viren, die ein Reset samt Diskettenwechsel überstehen, gibt's noch viel länger.
Und es gibt sicher noch viel mehr kleinere RAM-Bereiche zum Verstecken, u.a. in Form von Controller-Puffern.

Titel: Re: Tails: Anonym im Internet
Beitrag von: Theos am 10 Januar, 2012, 18:28

Zitat von: Jürgen am 10 Januar, 2012, 01:13

Zitat
Beim Herunterfahren löscht Tails den Hauptspeicher.
Komisch, mein Hauptspeicher löscht sich wenige Millisekunden nach Strom aus von ganz allein.

ich würde mal auf die swap partition tippen.

Zitat von: Jürgen am 10 Januar, 2012, 01:13

Insbesondere habe ich noch nie von irgendwelchen Erfolgen gehört, aus stromlos gewordener RAM irgendwelche Datenreste wiederherzustellen.

Ich meine mich zu erinnern, dass es dazu schon irgendwann mal ein proof of concept gab:
Da wurde der speicher sehr stark heruntergekühlt, und dann konnte man ihn noch ein paar sekunden nach dem abschalten auslesen.

Titel: Re: Tails: Anonym im Internet
Beitrag von: Jürgen am 11 Januar, 2012, 04:41

Auf eine eventuell vorhandene Swap-Partition sollte ein Live-System, das auf Sicherheit und Datenschutz Wert legt, überhaupt nicht zugreifen.
Man will ja gerade die Platte nicht anrühren, das ist doch der eigentliche Sinn.
Außerdem wäre die Swap auch nicht wirklich als "Hauptspeicher" zu bezeichnen.

Auch von schnellem Vereisen halte ich nichts, weil das erstens auf den Chip nicht gleichmäßig genug wirkt und zweitens, wenn man's mit der Eile übertreibt, den Chip sogar durch thermisch verursachte Kräfte zerstört.
Die Extremübertakter mit Helium & Co. kennen das Problem (mit CPUs) und kühlen daher nie gar zu schnell ab.

So bleibt also die Frage letztlich offen, wie viele Sekunden den Spionen blieben, den RAM-Baustein schockzufrosten, in irgendeine mystische Testapparatur einzubauen und auszulesen.
Berücksichtige dabei, dass sich die Selbstentladung in weiten Grenzen nach der Temperatur in Kelvin richtet, also eine Absenkung um z.B. 30° nur etwa um 10% verzögert.
Dazu kommt, dass die Wärmeleitfähigkeit heutiger RAM-Bausteine relativ schlecht (und ungleichmäßig) ist, die Wirkung im Chip erst verzögert einsetzt.
Das läuft genau umgekehrt wie bei Erwärmung unter sehr hoher Last, nämlich mit genau derselben Wärmeleitfähigkeit.
So ein Speicherchip erhitzt sich ja auch nicht um 'zig Grad pro Sekunde.

Um so auch nur einige Sekunden zu gewinnen, müsste man also sehr weit unterhalb der minimalen Lagertemperatur arbeiten, was definitiv destruktiv wäre.

Rechne doch einfach einmal aus, wie lange es dauert, aus einem heute üblichen RAM-Baustein bei vollem Takt auch nur 10% auszulesen.
Latenzen nicht vergessen...

Passt nicht.
So schnell ist niemand.

Solche Tests sind zuletzt mit Sicherheit mit uralten Chips gemacht worden, als die noch DIL Keramikgehäuse hatten und man den Takt fast noch hören konnte.
Beziehungsweise mit den strahlungsgehärteten Military- und Raumfahrt-Varianten, die aktueller Ware stets um etliche Generationen hinterherhinken.
Und das olle Zeugs konnte ganz früher noch direkt von außen adressiert und gelesen werden, ohne interne Treiberstufen und ohne wait states.

4get it, this is about 4getting IT...

Jürgen

Titel: Anonymisierungs-Distribution Tails 0.10.1 erschienen
Beitrag von: SiLæncer am 03 Februar, 2012, 20:00

Das Linux-Live-System Tails will den Benutzern das sichere anonyme Browsen im Web und die Verwendung von Kryptografie auf dem aktuellen Stand der Technik ermöglichen.

Die neu erschienene Version 0.10.1 von Tails enthält einige Updates und Korrekturen. Der Kernel wurde auf Version 3.2 aktualisiert, der Webbrowser Iceweasel auf Basis von Firefox 9 nutzt jetzt standardmäßig die Suchmaschine Startpage und die Zeitsynchronisation wurde wesentlich verbessert.

Tails sorgt dafür, dass jeder Web-Zugriff ausschließlich über das Tor-Netzwerk erfolgt. Zugriffe, die auf andere Weise erfolgen, werden erst gar nicht zugelassen. Somit funktionieren unter Tails auch nur Anwendungen, die mit Tor umgehen können. Da Tails eine Live-CD oder ein Live-USB-Stick ist, bietet es den Benutzern die Möglichkeit, einen beliebigen, auch öffentlichen, Rechner zu nutzen, ohne Spuren zu hinterlassen. Es wird nicht auf lokale Festplatten zugegriffen, und beim Beenden wird auch das RAM gelöscht. Es ist aber möglich, Dateien auf einer externen Festplatte oder einem Stick zu speichern, wenn man das wünscht.

Das zweite Fundament von Tails ist die Verschlüsselung. So kann man externe Festplatten oder USB-Speicher mit LUKS verschlüsseln, Web-Zugriffe werden so weit wie möglich verschlüsselt, und sowohl E-Mails als auch Dokumente können signiert und verschlüsselt werden. Zum Arbeiten sind auf dem System sowohl eine Office-Suite als auch andere Werkzeuge vorhanden, wie man sie auch auf einem Standard-Debian-System finden kann.

Tails beruht auf Debian, unter anderem, weil seine Entwickler tief in Debian verwurzelt sind. Es wird ausschließlich als Live-CD eingesetzt. Ähnliche Projekte gab und gibt es bereits einige, darunter die auf OpenBSD beruhende Anonym.OS LiveCD, Ubuntu Privacy Remix und das ebenfalls auf Debian aufsetzende Privatix. Die letzteren beiden scheinen noch aktiv zu sein. Tails wurde nach eigenen Angaben von diesen inspiriert, sieht sich vor allem aber als geistiger Nachfolger der eingestellten Incognito Live-CD.

Quelle : http://www.pro-linux.de/

Titel: Tails 0.10.2
Beitrag von: SiLæncer am 10 April, 2012, 20:30

Whats new: >>

Notable user-visible changes include:

Iceweasel
Update to 10.0.2-1.
Fix FoxyProxy configuration so not all urls containing "i2p" are sent through I2P.
Fix the JavaScript toggles in the local copy of the documentation.

Software
Upgrade I2P to 0.8.13.

Hardware support
Upgrade Linux kernel to 3.2.7-1.
Install firmware-libertas. This adds support for wireless network cards with Marvell Libertas 8xxx chips supported by the libertas_cs, libertas_sdio, libertas_spi, libertas_tf_usb, mwl8k and usb8xxx drivers.

Miscellaneous
Grant the default user full access to automounted VirtualBox shared folders.

https://tails.boum.org/about/index.de.html

Titel: Tails 0.11
Beitrag von: SiLæncer am 27 April, 2012, 20:45

Notable user-visible changes include:

Tails Greeter, the login screen which obsoletes the language selection boot menu. Tails Greeter also adds some new options:
Activating persistence (see below).
Setting a sudo password. Unlike earlier Tails releases, full sudo access via an empty password is not available any more. In fact, full sudo access is disabled per default, but can be enabled by setting this password. See the documentation for details.

Tails USB installer. This graphical user interface mostly obsoletes our old instructions of cat'ing the .iso directly onto a block device. All of the USB drive must be dedicated to Tails; a bit of extra space is reserved so that future Tails releases will fit when upgrading, and the rest can be used for persistence (see below) or manually formatted if the user so wishes. See the USB installation documentation for details.

Persistence can optionally be used when running Tails from a USB drive. Application configurations and arbitrary directories can be made persistent. See the persistence documentation for details.

iceweasel
Install iceweasel 10.0.4esr-1 (Extended Support Release).
Search plugins: replace Debian-provided DuckDuckGo search plugin with the "HTML SSL" one; add ixquick.com; remove Scroogle.
Enable TLS false start.

Vidalia: upgrade to 0.2.17-1+tails1

Internationalization:
Install all available iceweasel l10n packages.
Add fonts for Hebrew, Thai, Khmer, Lao and Korean languages.
Add bidi support.
Don't purge locales anymore.
Don't remove any Scribus translations anymore.

Hardware support
Linux 3.2.15-1 (linux-image-3.2.0-2-amd64).
Fix low sound level on MacBook5,2.
Disable laptop-mode-tools automatic modules. This modules set often needs some amount of hardware-specific tweaking to work properly. This makes them rather not well suited for a Live system.

Software
Install GNOME keyring.
Install the Traverso multitrack audio recorder and editor.

Miscellaneous
NetworkManager is now started at PostLogin time by tails-greeter, rather than as a system service.
Pidgin: don't use the OFTC hidden service anymore. It proved to be quite unreliable, being sometimes down for days.
Do not display storage volumes on Desktop. This workarounds a usability issue when persistence is enabled, and paves the way towards GNOME3's empty Desktop.
Don't build hybrid ISO images anymore. They boot less reliably on a variety of hardware, and are made less useful by us shipping a USB installer from now on.

https://tails.boum.org/about/index.de.html

Titel: Anonymisierungs-OS Tails wird erwachsen
Beitrag von: SiLæncer am 01 Mai, 2014, 11:00

Tails wurde dadurch bekannt, dass Edward Snowden es für seine Whistleblower-Aktivitäten genutzt haben soll. Mit Version 1.0 passiert die Distribution einen wichtigen Meilenstein: Die Entwickler sehen ihre Anonymisierungs-Software nun als ausgereift an.

(http://3.f.ix.de/imgs/18/1/2/1/4/1/8/0/tails-logo-6f61e2533cba56e3.png)

Mit Tails 1.0 sehen die Entwickler der Linux-Distribution ihre Anonymisierungssoftware als ausgereift an. Die neue Version schließt eine Anzahl von Lücken im beiliegenden Iceweasel-Browser, in OpenSSH, in Java und auch in der OpenSSL-Bibliothek. Unter anderem enthält die neue Version eine Client-seitige Blacklist für bestimmte Tor-Knoten. Diese soll Schlüssel von der Benutzung ausschließen, die durch den Heartbleed-Bug kompromittiert sein könnten.

Tails ist ein Live-System, das für anonymes Surfen von DVD oder USB-Stick gestartet wird, um keine Spuren auf dem installierten Betriebssystem zu hinterlassen, das auf dem Rechner installiert ist. Die Linux-Distribution bündelt die Anonymisierungssoftware Tor mit Verschlüsselungsprogrammen wie TrueCrypt und LUKS. Außerdem enthält es GnuPG zum Ver- und Entschlüsseln von E-Mails.

Als einen der Gründe für den Wechsel der Versionsnummer geben die Entwickler auch an, dass Tails in den vergangenen anderthalb Jahren seine Nutzerbasis vervierfacht habe. Grund dafür dürften die Snowden-Enthüllungen gewesen sein. Tails ist als die Methode bekannt geworden, die Edward Snowden seinen Vertrauten empfohlen haben soll, um sicher zu kommunizieren.

Tails 1.0 (https://tails.boum.org/news/version_1.0/index.en.html) basiert auf der älteren Debian-Version 6 "Squeeze", welche unter der Bezeichnung oldstable nur noch mit sicherheitsrelevanten Updates versorgt wird. Mit dem Erscheinen von Tails 1.1 im Juni wollen die Entwickler auf das aktuelle Debian 7 "Wheezy" umsteigen.

Tails-Installationen auf USB-Sticks oder SD-Karten können den automatischen Updater der Distribution benutzen, um die Installationen auf den neuesten Stand zu bringen. Damit bleiben eigene Daten, die verschlüsselt im dauerhaften Speicher des Sticks oder der Karte gespeichert wurden, erhalten.

Quelle : www.heise.de

Titel: Tails: Schadcode über Anonymisierungsdienst I2P
Beitrag von: SiLæncer am 28 Juli, 2014, 15:45

Über einen Fehler in I2P kann man laut Exodus Intelligence (dem Exploit-Dealer, der die Lücke entdeckt hatte) Schadcode auf einem Tails-System ausführen und den Nutzer enttarnen. Auch die aktuelle Version von Tails ist angreifebar.

Die Exploit-Dealer von Exodus Intelligence hat weitere Details zu der offenen Lücke in der Anonymisierungs-Distribution Tails bekannt gegeben. Diese betrifft unter anderem die neueste Tails-Version 1.1. Über eine Schwachstelle im der Distribution beigefügten Tool Invisible Internet Project (I2P) kann ein Angreifer Schadcode auf dem Tails-System ausführen und so die Identität des Nutzers aufdecken. I2P ist eine Alternative zum bekannteren Anonymisierungs-Netzwerk Tor und liegt der Tails-Distribution schon seit einigen Versionen bei. Es wird wie Tor dazu genutzt, die IP des Anwenders beim Surfen zu verschleiern.

Der ganze Artikel (http://www.heise.de/newsticker/meldung/Anonymisierungs-Distribution-Tails-Schadcode-ueber-Anonymisierungsdienst-I2P-2269154.html)

Quelle : www.heise.de

Titel: Tails 1.5
Beitrag von: SiLæncer am 17 August, 2015, 18:00

Release Notes

This release fixes numerous security issues (https://tails.boum.org/security/Numerous_security_holes_in_1.4.1/) and all users must upgrade as soon as possible.

New features

Disable access to the local network in the Tor Browser. You should now use the Unsafe Browser to access the local network.

Upgrades and changes

Install Tor Browser 5.0 (based on Firefox 38esr).
Install a 32-bit GRUB EFI boot loader. Tails should now start on some tablets with Intel Bay Trail processors among others.
Let the user know when Tails Installer has rejected a device because it is too small.

There are numerous other changes that might not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog (https://git-tails.immerda.ch/tails/plain/debian/changelog).

Fixed problems

Our AppArmor setup has been audited and improved in various ways which should harden the system.
The network should now be properly disabled when MAC address spoofing fails.

Known issues

See the current list of known issues (https://tails.boum.org/support/known_issues/).

[close]

https://tails.boum.org/

Titel: Tails 1.5.1
Beitrag von: SiLæncer am 28 August, 2015, 21:30

Whats new:>>

Install Tor Browser 5.0.2 (based on Firefox ESR 38.2.1).

https://tails.boum.org/

Titel: Tails 1.6
Beitrag von: SiLæncer am 22 September, 2015, 21:30

Whats new:>>

Upgrades and changes

Upgrade Tor Browser to version 5.0.3 (based on Firefox 38.3.0 ESR).
Upgrade I2P to version 0.9.22 and enable its AppArmor profile.

There are numerous other changes that might not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog.

Fixed problems

Fix several issues related to MAC address spoofing:

If MAC address spoofing fails on a network interface and this interface cannot be disabled, then all networking is now completely disabled.
A notification is displayed if MAC address spoofing causes network issues, for example if a network only allows connections from a list of authorized MAC addresses.

https://tails.boum.org/

Titel: Tails 1.7
Beitrag von: SiLæncer am 04 November, 2015, 06:00

Changelog

New features

You can now start Tails in offline mode to disable all networking for additional security. Doing so can be useful when working on sensitive documents.

We added Icedove, a rebranded version of the Mozilla Thunderbird email client.

Icedove is currently a technology preview. It is safe to use in the context of Tails but it will be better integrated in future versions until we remove ?Claws Mail. Users of Claws Mail should refer to our instructions to migrate their data from Claws Mail to Icedove.

Upgrades and changes

Improve the wording of the first screen of Tails Installer.

Restart Tor automatically if connecting to the Tor network takes too long. (#9516)

Update several firmware packages which might improve hardware compatibility.

Update the Tails signing key which is now valid until 2017.

Update Tor Browser to 5.0.4.

Update Tor to 0.2.7.4.

Fixed problems

Prevent wget from leaking the IP address when using the FTP protocol. (#10364)

Prevent symlink attack on ~/.xsession-errors via tails-debugging-info which could be used by the amnesia user to bypass read permissions on any file. (#10333)

Force synchronization of data on the USB stick at the end of automatic upgrades. This might fix some reliability bugs in automatic upgrades.

Make the "I2P is ready" notification more reliable.

Known issues

See the current list of known issues (https://tails.boum.org/support/known_issues/index.de.html).

[close]

https://tails.boum.org/

Titel: Tails 1.8
Beitrag von: SiLæncer am 16 Dezember, 2015, 05:00

Changelog

Changes

New features

Icedove a rebranded version of Mozilla Thunderbird is now the official email client in Tails, replacing Claws Mail.

Claws Mail will be removed from Tails in version 2.0 (2016-01-26). If you have been using Claws Mail and activated its persistence feature, follow our instructions to migrate your data to Icedove.

Upgrades and changes

Electrum from 1.9.8 to 2.5.4. Now Electrum should work again in Tails.

Tor Browser to 5.0.5.

Tor to 0.2.7.6.

I2P to 0.9.23.

Icedove from 31.8 to 38.4.

Enigmail from 1.7.2 to 1.8.2.

Known issues

Incremental upgrades are much slower to apply than before. You can expect it to take around an hour after the upgrade has been downloaded. See 10757 for details.

If your system clock is incorrect, then bridge mode will not work. One way to work around this is to correct the system before connecting to the network, which will require setting an administration password.

[close]

https://tails.boum.org/

Titel: Tails 1.8.1
Beitrag von: SiLæncer am 20 Dezember, 2015, 09:30

Whats new:>>

Upgrades and changes

Tor Browser to 5.0.6

Fixed problems

Fix time synchronization in bridge mode.

Known issues

Automatic upgrades are much slower to apply than before. Expect the upgrade to take around an hour after the download is finished. See #10757 (https://labs.riseup.net/code/issues/10757) for details.

https://tails.boum.org/

Titel: Tails 1.8.2
Beitrag von: SiLæncer am 10 Januar, 2016, 13:00

Whats new:>>

Upgrades and changes

Upgrade Tor Browser to 5.0.7

Known issues

Automatic upgrades are much slower to apply than before. Expect the upgrade to take around an hour after the download is finished.

https://tails.boum.org/

Titel: Tails 2.0
Beitrag von: SiLæncer am 27 Januar, 2016, 06:00

Spoiler

New features

Tails now uses the GNOME Shell desktop environment, in its Classic mode. GNOME Shell provides a modern, simple, and actively developed desktop environment. The Classic mode keeps the traditional Applications, Places menu, and windows list. Accessibility and non-Latin input sources are also better integrated.

Upgrades and changes

Debian 8 upgrades most included software, for example:
Many core GNOME utilities from 3.4 to 3.14: Files, Disks, Videos, etc.
LibreOffice from 3.5 to 4.3
PiTiVi from 0.15 to 0.93
Git from 1.7.10 to 2.1.4
Poedit from 1.5.4 to 1.6.10
Liferea from 1.8.6 to 1.10

Update Tor Browser to 5.5 (based on Firefox 38.6.0 ESR):
Add Japanese support.

Remove the Windows camouflage which is currently broken in GNOME Shell. We started working on adding it back but your help is needed!

Change to systemd as init system and use it to:
Sandbox many services using Linux namespaces and make them harder to exploit.
Make the launching of Tor and the memory wipe on shutdown more robust.
Sanitize our code base by replacing many custom scripts.

Update most firmware packages which might improve hardware compatibility.

Notify the user if Tails is running from a non-free virtualization software.

Remove Claws Mail, replaced by Icedove, a rebranded version of Mozilla Thunderbird.

Fixed problems

HiDPI displays are better supported. (#8659)

Remove the option to open a download with an external application in Tor Browser as this is usually impossible due to the AppArmor confinement. (#9285)

Close Vidalia before restarting Tor.

Allow Videos to access the DVD drive. (#10455, #9990)

Allow configuring printers without administration password. (#8443)

Known issues

Tor Browser 5.5 introduces protection against fingerprinting but due to an oversight it is not enabled in Tails 2.0. However, this is not so bad for Tails users since each Tails system has the same fonts installed, and hence will look identical, so this only means that it's easy to distinguish whether a user of Tor Browser 5.5 uses Tails or not. That is already easy given that Tails has the AdBlock Plus extension enabled, unlike the normal Tor Browser.

[close]

https://tails.boum.org/

Titel: Tails 2.0.1
Beitrag von: SiLæncer am 13 Februar, 2016, 21:30

Upgrades and changes

Upgrade Tor Browser to 5.5.2.

Fixed problems

Fix regression breaking boot on 32-bit UEFI platforms. (#11007)

Known issues

See the current list of known issues. (https://tails.boum.org/support/known_issues/index.de.html)

https://tails.boum.org/

Titel: Tails 2.2
Beitrag von: SiLæncer am 09 März, 2016, 21:00

Release Notes

New features

Add support for viewing DVDs with DRM protection. (#7674)

Upgrades and changes

Replace Vidalia, which has been unmaintained for years, with:
a system status icon indicating whether Tails is connected to Tor or not,
Onion Circuits to display a list of the current Tor circuits and connections.

Automatically save the database of KeePassX after every change to prevent data loss when shutting down. (#11147)

Update Tor Browser to 5.5.3.
Improve Japanese-style glyph display.

Upgrade I2P to 0.9.24.

Disable the Alt + Shift and Left Shift + Right Shift keyboard shortcuts that used to switch to the next keyboard layout. You can still use Meta + Space to change keyboard layout. (#11042)

Fixed problems

Fix optional PGP key feature of WhisperBack. (#11033)

Fix saving of WhisperBack report to a file when offline. (#11133)

Make Git verify the integrity of transferred objects. (#11107)

For more details, see also our changelog (https://git-tails.immerda.ch/tails/plain/debian/changelog).

Known issues

While there is an automatic upgrade from Tails 2.2~rc1 to 2.2, it will not be detected by default since Tails 2.2~rc1 think it already is 2.2 (see the 2.2~rc1 announcement). To fix this, run the following command:

Code: [Auswählen]

sudo sed -i 's/^TAILS_VERSION_ID="2.2"$/TAILS_VERSION_ID="2.2~rc1"/' \ /etc/os-release && \ tails-upgrade-frontend-wrapper

[close]

https://tails.boum.org/

Titel: Tails 2.2.1
Beitrag von: SiLæncer am 19 März, 2016, 10:00

Whats new:>>

Upgrade Tor Browser to 5.5.4.

Known issues

See the current list of known issues (https://tails.boum.org/support/known_issues/index.de.html).

https://tails.boum.org/

Titel: Tails 2.3
Beitrag von: SiLæncer am 26 April, 2016, 20:00

Changelog

* Security fixes
- Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
- Upgrade icedove to 38.7.0-1~deb8u1
- Upgrade git to 1:2.1.4-2.1+deb8u2
- Upgrade libgd3 to 2.1.0-5+deb8u1
- Upgrade pidgin-otr to 4.0.1-1+deb8u1
- Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
- Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
- Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
- Upgrade openssh to 1:6.7p1-5+deb8u2

* Bugfixes
- Refresh Tor Browser's AppArmor profile patch against the one from
torbrowser-launcher 0.2.4-1. (Fixes: #11264)
- Pull monkeysphere from stretch to avoid failing to install under
eatmydata. (Fixes: #11170)
- Start gpg-agent with no-grab option due to issues with pinentry and
GNOME's top bar. (Fixes: #11038)
- Tails Installer: Update error message to match new name of 'Clone
& Install'. (Fixes: #11238)
- Onion Circuits:
* Cope with a missing geoipdb. (Fixes: #11203)
* Make both panes of the window scrollable. (Fixes #11192)
- WhisperBack: Workaround socks bug. When the Tor fails to connect to
the host, WisperBack used to display a ValueError. This is caused by
a socks bug that is solved in upstream's master but not in Tails.
This commit workarounds this bug Unclear error message in WhisperBack
when failing to connect to the server. (Fixes: #11136)

* Minor improvements
- Upgrade to Debian 8.4, a Debian point release with many minor upgrades
and fixes to various packages . (Fixes: #11232)
- Upgrade I2P to 0.9.25. (Fixes: #11363)
- Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
passwords from the clipboard. (Fixes: #11239)
- config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
(Fixes: #11273)
- Make the Tor Status "disconnected" icon more contrasted with the
"connected" one. (Fixes: #11199)

* Test suite
- Add UTF-8 support to OTR Bot. (Fixes: #10866)
- Don't explicitly depend on openjdk-7-jre or any JRE for that
matter. Sikuli will pull in a suitable one, so depending on one
ourselves is only risks causing trouble. (Fixes: #11335)

[close]

https://tails.boum.org/

Titel: Tails 2.4
Beitrag von: SiLæncer am 08 Juni, 2016, 06:00

Changelog

New features

We enabled the automatic account configuration of Icedove which discovers the correct parameters to connect to your email provider based on your email address. We improved it to rely only on secure protocol and we are working on sharing these improvements with Mozilla so that users of Thunderbird outside Tails can benefit from them as well.

?autoconfig.png

Upgrades and changes

Update Tor Browser to 6.0.1, based on Firefox 45.

Remove the preconfigured #tails IRC channel. Join us on XMPP instead!

Always display minimize and maximize buttons in titlebars. (#11270)

Remove GNOME Tweak Tool and hledger. You can add them back using the Additional software packages persistence feature.

Use secure HKPS OpenPGP key server in Enigmail.

Harden our firewall by rejecting RELATED packets and restricting Tor to only send NEW TCP syn packets. (#11391)

Harden our kernel by:
Setting various security-related kernel options: slab_nomerge slub_debug=FZ
mce=0 vsyscall=none. (#11143)
Removing the .map files of the kernel. (#10951)

Fixed problems

Update the DRM and Mesa graphical libraries. This should fix recent problems with starting Tails on some hardware. (#11303)

Some printers that stopped working in Tails 2.0 should work again. (#10965)

Enable Packetization Layer Path MTU Discovery for IPv4. This should make the connections to obfs4 Tor bridges more reliable. (#9268)

Remove our custom ciphers and MACs settings for SSH. This should fix connectivity issues with other distributions such as OpenBSD. (##7315)

Fix the translations of Tails Upgrader. (#10221)

Fix displaying the details of a circuit in Onion Circuits when using Tor bridges. (#11195)

For more details, read our changelog.
Known issues

The automatic account configuration of Icedove freezes when connecting to some email providers. (#11486)

In some cases sending an email with Icedove results in the error: "The message could not be sent using Outgoing server (SMTP) mail.riseup.net for an unknown reason." When this happens, simply click "Ok" and try again and it should work. (#10933)

The update of the Mesa graphical library introduce new problems at least on AMD HD 7770 and nVidia GT 930M.

[close]

https://tails.boum.org/

Titel: Tails 2.5
Beitrag von: SiLæncer am 03 August, 2016, 06:00

Changelog

tails (2.5) unstable; urgency=medium

* Major new features and changes
- Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
· Fix long delay causing bad UX in the autoconfig wizard,
when it does not manage to guess proper settings on some domains.
(Closes: #11486)
· Better support sending email through some ISPs, such as Riseup.
(Closes: #10933)
· Fix spurious error message when creating an account and providing
its password. (Closes: #11550)

* Security fixes
- Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
- Upgrade GIMP to 2.8.14-1+deb8u1.
- Upgrade libav to 6:11.7-1~deb8u1.
- Upgrade expat to 2.1.0-6+deb8u3.
- Upgrade libgd3 to 2.1.0-5+deb8u6.
- Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
- Upgrade perl to 5.20.2-3+deb8u6.
- Upgrade Pidgin to 2.11.0-0+deb8u1.
- Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
- Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
- Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
- Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
- Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.

* Minor improvements
- htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
timeout for HTTP operations for more robust time synchronization.
(Closes: #11577)
- Hide settings panel for the Online Accounts component of GNOME,
that we don't support. (Closes: #11545)
- Vastly improve graphics performance in KVM guest with QXL driver.
(Closes: #11500)
- Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
(Closes: #11489)

* Build system
- Wrap Pidgin in a more maintainable way. (Closes: #11567)

* Test suite
- Add a test scenario for the persistence "dotfiles" feature.
(Closes: #10840)
- Improve robustness of most APT, Git, SFTP and SSH scenarios,
enough to enable them on Jenkins. (Closes: #10444, #10496, #10498)
- Improve robustness of checking for persistence partition. (Closes: #11558)
- Treat Tails booting from /dev/sda as OK, to support all cases
including a weird one caused by hybrid ISO images. (Closes: #10504)
- Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
- Only query A records when exercising DNS lookups, to improve robustness.

[close]

https://tails.boum.org/

Titel: Tails 2.6
Beitrag von: SiLæncer am 21 September, 2016, 13:39

Changelog

New features

We enabled address space layout randomization in the Linux kernel (kASLR) to improve protection from buffer overflow attacks.

We installed rngd to improve the entropy of the random numbers generated on computers that have a hardware random number generator.

Upgrades and changes

Upgrade Tor to 0.2.8.7.

Upgrade Tor Browser to 6.0.5.

Upgrade to Linux 4.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

Upgrade Icedove to 45.2.0.

Upgrade Tor Birdy to 0.2.0.

Upgrade Electrum to 2.6.4.

Install firmware for Intel SST sound cards (firmware-intel-sound).

Install firmware for Texas Instruments Wi-Fi interfaces (firmware-ti-connectivity).

Remove non-free APT repositories. We documented how to configure additional APT repositories using the persistent volume.

Use a dedicated page as the homepage of Tor Browser so we can customize it for our users.

Set up the trigger for RAM erasure on shutdown earlier in the boot process. This should speed up shutdown and make RAM erasure more robust.

Fixed problems

Disable the automatic configuration of Icedove when using OAuth. This should fix the automatic configuration for GMail accounts. (#11536)

Make the Disable all networking and Tor bridge mode options of Tails Greeter more robust. (#11593)

[close]

https://tails.boum.org/

Titel: Tails 2.7
Beitrag von: SiLæncer am 15 November, 2016, 20:00

Changelog

Changes
New features

Ship LetsEncrypt intermedite SSL certificate so that our tools will be able to go on authenticating our website when its certifcate will be updated.

Upgrades and changes

Upgrade Tor to 0.2.8.9.

Upgrade Tor Browser to 6.0.6.

Upgrade to Linux 4.7.

Upgrade Icedove to 45.4.0.

Fixed problems

Synaptic installs packages with the correct architecture.
Set default spelling to en_US in Icedove.

Known issues

Users setting their Tor Browser security slider to High will have to click on a link to see the result of the search they done with the search box.

[close]

https://tails.boum.org/

Titel: Tails 2.7.1
Beitrag von: SiLæncer am 01 Dezember, 2016, 14:00

Whats new:>>

Upgrade Tor Browser to 6.0.7

https://tails.boum.org/

Titel: Tails 2.9.1
Beitrag von: SiLæncer am 15 Dezember, 2016, 06:00

Changelog

* Security fixes
- Upgrade Tor Browser to 6.0.8 based on Firefox 45.6. If you pay
close attention you'll see that we import -build1 but there was
a -build2. The only change is Tor Button 1.9.5.13 which makes
some changes to the donation campaign banner in `about:tor`,
which we safely can skip. (Closes: #12028)
- Upgrade Icedove to 45.5.1-1~deb8u1+tails1. (Closes: #12029)
- Upgrade APT-related packages to 1.0.9.8.4.

* Minor improvements
- Switch to DuckDuckGo as the default search engine in the tor
Browser. This is what Tor Browser has, and Disconnect.me (the
previous default) has been re-directing to DDG for some time,
which has been confusing users. In addition, we localize the DDG
user interface for the locales with availablelangpacks. (Closes:
#11913)
- Improve the display name for the Wikipedia search plugin.
- Enable contrib and non-free for our own APT repos.
- Upgrade Tor to 0.2.8.10. (Closes: #12015)
- Upgrade obfs4proxy to 0.0.7-1~tpo1.

* Bugfixes
- AppArmor Totem profile: add permissions needed to avoid warning
on startup. (Closes: #11984)
- Upgrade the VirtualBox Guest additions and modules to version
5.1.8. This should prevent Xorg from crashing unless the video
memory for the VMs are significantly bumped. (Closes: #11965)
Users will still have to enable I/O APIC due to a bug in Linux.
- Drop unwanted search plugins from the Tor Browser langpacks.
Otherwise they are only removed from English locales. Note that
the langpacks contain copies of the English plugins, not
localized versions, so we actually lose nothing.

* Test suite
- Add support for SikuliX, which recently hit Debian Unstable,
while still supporting Sikuli for Jessie users. (Closes: #11991)
- Fix some instances where we were trying to use the mouse outside
of the Sikuli screen.
- Use "TorBirdy" instead of "amnesia branding" as the "anchor"
addon. I.e. the addon that we use to find the other ones. The
"amnesia branding" addon has been removed, so we must use
something else. (Fixup: #11906)
- Dogtailify "the support documentation page opens in Tor Browser"
step. We previously relied on Sikuli, and the image was made
outdated thanks to our donation campaign. No more! (Closes:
#11911)
- Resolve dl.amnesia.boum.org instead of picking a static address.
Just hours after updating the dustri.org IP address, its web
server went down => test suite failures. Let's make this test as
robust as actually downloading the Tails ISO image -- if that
fails, we probably have more serious problems on our hands than
a failing test suite. (Closes: #11960)
- Switch MAT scenario from testing PDFs to PNGs. Also add
anti-test and test using using a tool *different* from MAT, the
tool being tested here. (Closes: #11901)

[close]

https://tails.boum.org/

Titel: Tails 2.10
Beitrag von: SiLæncer am 25 Januar, 2017, 05:00

Changelog

tails (2.10.1) UNRELEASED; urgency=medium

* Dummy.

-- anonym <anonym@riseup.net> Tue, 24 Jan 2017 14:01:50 +0100

tails (2.10) unstable; urgency=medium

* Major new features and changes
- Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
- Install OnionShare from jessie-backports. Also install
python3-stem from jessie-backports to allow the use of ephemeral
onion services (Closes: #7870).
- Completely rewrite tor-controlport-filter. Now we can safely
support OnionShare, Tor Browser's per-tab circuit view and
similar.
* Port to python3.
* Handle multiple sessions simultaneously.
* Separate data (filters) from code.
* Use python3-stem to allow our filter to be a lot more
oblivious of the control language (Closes: #6788).
* Allow restricting STREAM events to only those generated by the
subscribed client application.
* Allow rewriting commands and responses arbitrarily.
* Make tor-controlport-filter reusable for others by e.g. making
it possible to pass the listen port, and Tor control
cookie/socket paths as arguments (Closes: #6742). We hear
Whonix plan to use it! :)
- Upgrade Tor to 0.2.9.9-1~d80.jessie+1, the new stable series
(Closes: #12012).

* Security fixes
- Upgrade Tor Browser to 6.5 based on Firefox 45.7 (Closes: #12159)
- Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.
- Upgrade bind9-packages to 1:9.9.5.dfsg-9+deb8u9.
- Upgrade pcscd to 1.8.13-1+deb8u1.
- Upgrade libgd3 to 2.1.0-5+deb8u8.
- Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u4.
- Upgrade tor to 0.2.9.9-1~d80.jessie+1.
- Upgrade samba-libs to 2:4.2.14+dfsg-0+deb8u2.

* Minor improvements
- Enable and use the Debian Jessie proposed-updates APT
repository, anticipating on the Jessie 8.7 point-release
(Closes: #12124).
- Enable the per-tab circuit view in Tor Browser (Closes: #9365).
- Change syslinux menu entries from "Live" to "Tails" (Closes:
#11975). Also replace the confusing "failsafe" wording with
"Troubleshooting Mode" (Closes: #11365).
- Make OnionCircuits use the filtered control port (Closes:
#9001).
- Make tor-launcher use the filtered control port.
- Run OnionCircuits directly as the Live user, instead of a
separate user. This will make it compatible with the Orca screen
reader (Closes: #11197).
- Run tor-controlport-filter on port 9051, and the unfiltered one
on 9052. This simplifies client configurations and assumptions
made in many applications that use Tor's ControlPort. It's the
exception that we connect to the unfiltered version, so this
seems like the more sane approach.
- Remove tor-arm (Nyx) (Closes: #9811).
- Remove AddTrust_External_Root.pem from our website CA bundle. We
now only use Let's Encrypt (Closes: #11811).
- Configure APT to use Debian's Onion services instead of the
clearnet ones (Closes: #11556).
- Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
incidentally also makes our filter lists lighter by
de-duplicating common patterns among the EasyList filters
(Closes: #6908). Thanks to spriver for this first major code
contribution!
- Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
Jessie backports (Closes: #11899).
- Add support for exFAT (Closes: #9659).
- Disable unprivileged BPF. Since upgrading to kernel 4.6,
unprivileged users can use the bpf() syscall, which is a
security concern, even with JIT disabled. So we disable that.
This feature wasn't available before Linux 4.6, so disabling it
should not cause any regressions (Closes: #11827).
- Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
- Raise the maximum number of loop devices to 32 (Closes: #12065).
- Drop kernel.dmesg_restrict customization: it's enabled by
default since 4.8.4-1~exp1 (Closes: #11886).
- Upgrade Electrum to 2.7.9-1.
- Make the Electrum proxy configuration apply after upgrading to
2.7.9-1. These changes incidentally makes Electrum behave nicer:
users will now not be presented the network configuration part
of the setup wizard -- a server will be picked randomly, and
Electrum will auto-connect. The automated test suite is adjusted
accordingly (Closes: #12140).
- Remove unused Browser profile seed file localstore.rdf which was
made obsolete in Firefox 34.
- Tor Browser: switch from pt-PT to pt-BR langpack. The upstream
Tor Browser did this in version 6.5 (Refs: #12159).

* Bugfixes
- Tails Greeter:
* use gdm-password instead of gdm-autologin, to fix switching to
the VT where the desktop session lives on Stretch (Closes:
#11694)
* Fix more options scrolledwindow size in Stretch (Closes:
#11919)
- Tails Installer: remove unused code warning about missing
extlinux in Tails Installer (Closes: #11196).
- Update APT pinning to cover all binary packages built from
src:mesa so we ensure installing mesa from jessie-backports
(Closes: #11853).
- Install xserver-xorg-video-amdgpu. This should help supporting
newer AMD graphics adapters. (Closes #11850)
- Fix firewall startup during early boot, by referring to the
"amnesia" user via its UID (Closes: #7018).
- Include all amd64-microcodes.
- refresh-translations: ignore
config/chroot_local-includes/usr/share/doc/tails/website/.
Otherwise, if the website has been built already, PO tools
complain that there are files with translatable strings in
there, which are not listed in POTFILES.in.
- Make uBlock Origin's button appear on first run. Otherwise it
will only appear on browser runs after the first one. This bug
also affected Adblock Plus (Closes: #12145).

* Build system
- Be more careful when unmounting the tmpfs used as workspace
during builds, fixing an issue that made Jenkins' ISO builders
prone to failures (Closes: #12009).
- Upgrade the Vagrant basebox to 20170105. The only big change is
that we now install the backported kernel in the builder VM, to
make building possible on Debian Sid (Closes: #12081).
- Ensure the VirtualBox guest DKMS modules are built for the
kernel we want them for. In some situations, depending on the
version of the running kernel, the modules would not be built
for the 686 kernel, which is the one that needs the VirtualBox
guest modules. This commit ensures the VirtualBox guest modules
are built and installed regardless of the how the build
environment looks like (Closes: #12139).

* Test suite
- Replace the filesystem shares support with a helper for easily
sharing files from the host to the guest using virtual disks
(Closes: #5571).
- Do not test sending email when testing POP3. We cannot clean
that email up (easily) since when we use POP3 deletions won't
affect the remote inbox, only our local one, resulting in the
quota being reached eventually (Closes: #12006).
- Have APT tests configure APT to use non-onion sources. Our test
suite uses Chutney to create a virtual, private Tor network, and
thus doesn't support connections to Onion services running in
the real Tor network (Refs: #11556).
- Allow connections to Tor's control port during stream isolation
tests, but only for those applications where we expect that.
- Fix Electrum tests after upgrading to 2.7.9-1.
- Make encryption.feature pass for Tails 2.10~rc1.
- Adapt tests after the Donation campaign was disabled (Refs:
#12134).
- Fix 'The "Tails documentation" link on the Desktop works'
scenario. The TailsOfflineDocHomepage.png image doesn't match
what we see any more (I have no clue why), so let's use Dogtail
and solve this once and for all, hopefully.
- Work around Tails freezing during memory wiping. These
workarounds should be reverted once #11786 is fixed
properly. (Refs: #10776, #11786)
- Support both xtigervncviewer and xtightvncviewer for --view.
xtightvncviewer is a transitional package in Sid, which depends
on tigervnc-viewer (which ships xtigervncviewer), so by keeping
the dep and supporting both binaries, --view will work on both
Sid and Jessie (Closes: #12129).
- Test suite: bump image after upgrading to Tor Browser 6.5 (Refs:
#12159).
- Add debugging info for when PacketFu misbehaves, and be more
careful when to save pcap artifacts (Refs: #11508).

-- Tails developers <tails@boum.org> Mon, 23 Jan 2017 11:38:37 +0100

[close]

https://tails.boum.org/

Titel: Tails 3.0 Beta 1
Beitrag von: SiLæncer am 06 Februar, 2017, 13:30

Changelog

tails (3.0~beta1) experimental; urgency=medium

* All changes brought by Tails 2.7.1, 2.9.1 and 2.10.

* Major new features and changes
- Redesigned Tails Greeter.
- Upgrade to a new snapshot (2017013002) of the Debian and Torproject
APT repositories.
- Upgrade Linux to 4.9.0-1.

* Security fixes
- Reject packets sent on the LAN to the NetBIOS name service
(Closes: #11944).
- Seahorse: use the Tor OnionBalance hidden service pool,
which provides transport encryption and authentication of the keyserver.

* Minor improvements
- Include adwaita-qt* and enable it by default, so that Qt applications
integrate nicely into a GNOME environment (Closes: #11790).
- Add support for the TREZOR hardware wallet in Electrum (Closes: #10964).
- AppArmor: allow all programs to read /etc/tor/torsocks.conf via
abstractions/base, to ease maintenance.
- Don't (try to) bind the Power button to the shutdown action
(Closes: #12004).
- Enable natural scrolling (Closes: #11969).
- Update uBlock Origin patterns + settings file.
- live-persist: remove Squeeze → Wheezy migration code.
- Update pre-existing persistent GnuPG configuration on login
(Closes: #12201).
- Upgrader: use the alpha channel when the next version will be an
alpha, beta, or RC. This will allow users of 3.0~betaN to upgrade to
the next beta or RC, without having to type any command-line
(Closes: #12206).

* Bugfixes
- Fix "upgrade from ISO" when run from a 32-bit system,
such as Tails 2.x (Closes: #11873).
- Fix ability to read videos over HTTPS with Totem (Closes: #11963).
- Re-introduce default directories in $HOME, which fixes
Spice file transfers (Closes: #11968).
- Re-enable tap-to-click (Closes: #11993).
- Lower systemd's DefaultTimeoutStopSec, to get rid of a long delay
before memory wiping starts. This also prevents shutdown from ever
being blocked by any buggy service that takes a while to stop
(Closes: #12061).
- Drop Jessie APT sources.
- Re-add VirtualBox DKMS modules.
- Fix GnuPG communication with keyservers, by using the Tor OnionBalance
hidden service pool (Closes: #12202).
- Fix Enigmail communication with keyservers, by teaching Torbirdy
not to break it (Closes: #11948):
· Patch Torbirdy to allow not breaking keyserver communication when
using GnuPG v2.1+, and to use a better default keyserver.
· Torbirdy: enable the new behaviour made possible by the aforementioned
patch (extensions.enigmail.already_torified).
· Torbirdy: drop our custom keyserver configuration, since the
aforementioned patch makes it the default.

* Removed features
- Don't install gnome-system-log anymore (Closes: #12133).
It's deprecated in GNOME, and mostly useless anyway as it's not
Journal-aware. It's replacement (gnome-logs) is not usable
enough in the context of Tails, and most users who can read logs
should manage to do it with journalctl, so don't install it either.
- Drop multiarch handling: Tails 3.0 will be amd64-only (Closes: #11961).

* Build system
- Disable eatmydata usage and caching: in current Stretch, debootstrap fails
if we use eatmydata + the operation mode picked by live-build when caching
is enabled (Closes: #12052).
- Bump disk space (and memory for in-RAM builds) requirements.
- Follow replacement of python-reportbug with python3-reportbug.
- Don't try to deinstall packages that are unknown on Stretch.
- Move AppArmor aliases to a dedicated file, and include it.
This will avoid maintaining these settings as a patch.
- Don't attempt to remove the usr.bin.chromium-browser AppArmor profile:
it's not shipped in Debian anymore.

* Test suite
- Add optional pause() notification (Closes: #12175).
- Make the remote shell's file operations robust (Closes: #11887).
- Update a number of test cases for Stretch, sometimes by converting
them to Dogtail.
- Drop usage and tests of read-only persistence.
We won't have this option anymore, and it's not even sure we'll
reintroduce it (Refs: #12093, Closes: #12055).
- Adjust CONFIGURED_KEYSERVER_HOSTNAME to match current settings.
- Test suite: clean up disks between features.

* Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
- Adjust dpkg-divert path: it has moved.
- Replace xfonts-wqy with fonts-wqy-microhei + fonts-wqy-zenhei.
The former was removed from Debian testing, and the latter are recommended
by task-chinese-s-desktop and task-chinese-t-desktop.
- Install virtualbox* from sid.
It was removed from testing due to https://bugs.debian.org/794466.
- Drop deprecated settings from org/gnome/settings-daemon/plugins/power.
- Update settings name in org/gnome/desktop/peripherals/touchpad, and drop
deprecated ones.
- Adjust to changed Liferea's .desktop filename.
- Also torify Liferea when started via its (new) D-Bus service.
- Install hunspell-pt-br instead of hunspell-pt-pt.
Tor Browser 6.5 moved from pt-PT to pt-BR, which is fine vs
spellcheckers in Jessie since its hunspell-pt provides both -pt and
-br, but in Stretch they are separate packages.
- AppArmor: adjust usr.sbin.cupsd profile so it loads successfully
(Closes: #12116).
- Migrate from netstat to ss.
- Update extensions.enigmail.configuredVersion.
- Remove the jessie-proposed-updates APT sources.

-- Tails developers <tails@boum.org> Wed, 01 Feb 2017 19:23:03 +0000

[close]

https://tails.boum.org/

Titel: Tails 2.11
Beitrag von: SiLæncer am 08 März, 2017, 06:00

Changelog

* Security fixes
- Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
#12283)
- Fix CVE-2017-6074 (local root privilege escalation) by disabling
the 'dccp' module. (Closes: #12280)
- Disable kernel modules for some uncommon network protocol. These
are the ones recommended by CIS. (Part of: #6457)
- Disable modules we blacklist for security reasons. Blacklisted
(via `blacklist MODULENAME`) modules are only blocked from being
loaded during the boot process, but are still loadable with an
explicit `modprobe MODULENAME`, and (worse!) via kernel module
auto-loading.
- Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
- Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
- Upgrade imagemagick to 8:6.8.9.9-5+deb8u7.
- Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
- Upgrade libgd3 to 2.1.0-5+deb8u9.
- Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
- Upgrade liblcms2-2 to 2.6-3+deb8u1.
- Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
- Upgrade login to 1:4.2-3+deb8u3.
- Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
- Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
- Upgrade openssl to 1.0.1t-1+deb8u6.
- Upgrade tcpdump to 4.9.0-1~deb8u1.
- Upgrade vim to 2:7.4.488-7+deb8u2.
- Upgrade libreoffice to 1:4.3.3-2+deb8u6.

* Minor improvements
- import-translations: also import PO files for French from
Transifex. The translation team for French switched to Transifex
even for our custom programs:
https://mailman.boum.org/pipermail/tails-l10n/2016-November/004312.html
- Notify the user, if running on a 32-bit processor, that it won't
be supported in Tails 3.0 anymore. (Closes: #12193)
- Notify I2P users that I2P will be removed in Tails
2.12. (Closes: #12271)

* Bugfixes
- Disable -proposed-updates at boot time. If a Debian point
release happens right after a freeze but we have decided to
enable it before the freeze to get (at least most of) it, then
we get in the situation where -proposed-updates is enabled in
the final release, which we don't want. We only want it enabled
at build time. (Closes: #12169)
- Ferm: Use the variable when referring to the Live user. The
firewall will fail to start during early boot otherwise since
the "amnesia" user hasn't been created yet. (Closes: #12208)
- Tor Browser: Don't show offline warning when opening local
documentation. (Closes: #12269)
- tails-virt-notify-user: use the tails-documentation helper to
improve UX when one is not connected to Tor yet, and display
localized doc when available.
- Fix rare issue causing automatic upgrades to not apply properly
(Closes: #8449, and hopefully #11839 as well):
* Allow the tails-install-iuk user to run "/usr/bin/nocache
/bin/cp *" as root.
* Install tails-iuk 2.8, which will use nocache for various file
operations, and sync writes to the installation medium.
- Install Linux 4.8.15 to prevent GNOME from freezing with Intel
GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
of other small bugs)

* Build system
- Add 'offline' option, making it possible to build Tails offline
(if all needed resources are present in your cache). (Closes:
#12272)

* Test suite
- Encapsulate exec_helper's class to not "pollute" the global
namespace with all our helpers. This is an example of how we can
work towards #9030.
- Extend remote shell with *safe* file operations. Now we can
read/write/append *any* characters without worrying that it will
do crazy things by being passed through the shell, as was the
case before. This commit also:
* adds some better reporting of errors happening on the server
side by communicating back the exception thrown.
* removes the `user` parameter from the VM.file_* methods. They
were not used, any way, and simply do not feel like they
fit. I think the only reason we had it initially was because
it was implemented via the command interface, where a user
concept makes a lot of sense.
- debug_log() Dogtail script content on failure.
- Add a very precise timestamp to each debug_log().
- Make robust_notification_wait() ensure the applet is closed. In
robust_notification_wait() when we close the notification
applet, other windows may change position, creating a racy
situation for any immediately following action aimed at one such
window. (Closes: #10381)
- Fix I2P's Pidgin test. The initial conversation (that determines
the title of the conversation window) is now made by a different
IRC service than before.
- Use lossless compression for the VNC viewer with --view.
Otherwise the VNC viewer is not a good place to extract test
suite images from, at least with xtigervncviewer.
- Add optional pause() notification feature to the test suite. It
will run a user-configurable arbitrary shell command when
pause() is called, e.g. on failure when --interactive-debugging
is used. This is pretty useful when multitasking with long test
suite runs, so you immediately are notified when a test fails
(or when you reached a temporary pause() breakpoint). (Closes:
#12175)
- Add the possibility to run Python code in a persistent session
in the remote shell and use this for Dogtail to significantly
improve its performance by saving state and reusing it between
commands. This changes the semantics of the creation of Dogtail
objects. Previously they just created the code that then would
be run once an actionable method was called (.wait, .click etc),
but now it works like in Python, that Dogtail will try to find
the graphical element upon object creation. (Closes: #12059)
- Test that we don't ship any -proposed-updates APT sources.
(Closes: #12169)
- Make force_new_tor_circuit() respect NEWNYM rate limiting.
- Add retry magic for lost click when opening Tails' documentation
from the desktop launcher. (Closes: #12131)

[close]

https://tails.boum.org/

Titel: Tails 3.0 Beta 2
Beitrag von: SiLæncer am 11 März, 2017, 20:00

Whats new:>>

All changes brought by Tails 2.11.
Upgrade to current Debian 9 (Stretch).
Upgrade Linux to 4.9.0-2 (version 4.9.13-1).
Make it possible to start graphical applications in the Root Terminal.
Improve styling of the GNOME Shell window list.

https://tails.boum.org/

Titel: Tails 2.12 rc1
Beitrag von: SiLæncer am 09 April, 2017, 13:00

Changelog

What's new since 2.11?

Changes since Tails 2.11 are:

Major changes
Completely remove I2P. :( We have decided to remove I2P (see #11276) due to our failure of finding someone interested in maintaining it in Tails (Closes: #12263).
Upgrade the Linux kernel to 4.9.0-0.bpo.2 (Closes: #12122).

Security fixes
Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction. See https://labs.riseup.net/code/issues/9949#note-23 for details (Closes: #12125).
Protect against CVE-2017-2636 by disabling the n-hdlc kernel module (Closes: #12315).
Ensure /etc/resolv.conf is owned by root:root in the SquashFS. lb_chroot_resolv will "cp -a" it from the source tree, so it inherits its ownership from the whoever cloned the Git repository. This has two problems. First, this results in unsafe permissions on this file (e.g. a Vagrant build results in the 'amnesia' user having write access to it).

Minor improvements
Don't add the live user to the "audio" group. This should not be needed on a modern Linux desktop system anymore (Closes: #12209).
Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT repository (Closes: #12307).
Install virtualbox-guest-* from sid. The version currently in jessie-backports is not compatible with Linux 4.9, and there's basically no chance that it gets updated (the maintainer asked for them to be removed from jessie-backports) (Closes: #12298).
Pull ttdnsd from our custom APT repository. It's gone from the TorProject one. We removed ttdnsd on feature/stretch already, so we'll need to pull it from our custom APT repository only for the next 3 months.
Clean up libdvd-pkg build files, again. This cleanup operation was mistakenly removed in commit c4e8744 (Closes: #11273).
Install gnome-sound-recorder (Closes #10950). Thanks to Austin English austinenglish@gmail.com for the patch!
Stop restarting tor if bootstrapping stalls. It seems tor might have fixed the issues we used (see: #10238, #9516) to experience with the bootstrap process stalling and requiring a restart to kickstart it (Closes: #12411).
tor.sh: communicate via the UNIX socket instead of TCP port. This makes the library usable when run inside systemd units that have PrivateNetwork=yes set.
Get tor's bootstrap progress via GETINFO instead of log grep:ing.

Bugfixes
mirror-pool-dispatcher: bump maximum expected mirrors.json size to 32 KiB. This fixes an error where Tails Upgrader would complain with "cannot choose a download server" (Closes: #11735).

For more details, see also our changelog.

Known issues in 2.12~rc1

In Tails Greeter, selecting the This computer's Internet connection is censored, filtered, or proxied is broken. Using it will start Tor Launcher but it will fail to connect to tor, so it's unusable, and tor itself will not be able to bootstrap. If you need this option, skip this release candidate; this issue will be fixed in the final 2.12 release.

[close]

https://tails.boum.org/

Titel: Tails 3.0 Beta 3
Beitrag von: SiLæncer am 09 April, 2017, 19:00

Changelog

What's new in 3.0~beta3?

Tails 3.0 will be the first version of Tails based on Debian 9 (Stretch). As such, it upgrades essentially all included software.

Other changes since Tails 3.0~beta2 include:

Important security fixes!

Upgrade to current Debian 9 (Stretch).

Tails Greeter:
Make the "Formats" settings in Tails Greeter take effect (it was introduced in Tails 3.0~alpha1 but has been broken since then).
Add keyboard shortcuts:
Alt key for accelerators in the main window
Ctrl+Shift+A for setting an administrator password
Ctrl+Shift+M for MAC spoofing settings
Ctrl+Shift+N for Tor network settings

Remove I2P. (This will happen in Tails 2.12 as well.)

Reintroduce the X11 guest utilities for VirtualBox (clipboard sharing and shared folders should work again).

Upgrade X.Org server and the modesetting driver in hope it will fix crashes when using some Intel graphics cards.

Automate the migration from KeePassX databases generated on Tails 2.x to the format required by KeePassX 2.0.x.

Technical details of all the changes are listed in the Changelog.

[close]

https://tails.boum.org/

Titel: Tails 2.12
Beitrag von: SiLæncer am 20 April, 2017, 08:00

Changelog

tails (2.12) unstable; urgency=medium

* Major changes
- Completely remove I2P. :( We have decided to remove I2P (see
#11276) due to our failure of finding someone interested in
maintaining it in Tails (Closes: #12263).
- Upgrade the Linux kernel to 4.9.13-1~bpo8+1 (Closes: #12122).

* Security fixes
- Upgrade Tor Browser to 6.5.2 based on Firefox 45.9. (Closes:
#12444)
- Mount a dedicated filesystem on /var/tmp, to mitigate the
hardlinks permissions open by the user-tmp abstraction. See
https://labs.riseup.net/code/issues/9949#note-23 for details
(Closes: #12125).
- Protect against CVE-2017-2636 by disabling the n-hdlc kernel
module (Closes: #12315).
- Ensure /etc/resolv.conf is owned by root:root in the SquashFS.
lb_chroot_resolv will "cp -a" it from the source tree, so it
inherits its ownership from the whoever cloned the Git
repository. This has two problems. First, this results in unsafe
permissions on this file (e.g. a Vagrant build results in the
'amnesia' user having write access to it).
- Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u3
- Upgrade gstreamer and its plugins to 1.4.4-2+deb8u1.
- Upgrade eject to 2.1.5+deb1+cvs20081104-13.1+deb8u1.
- Upgrade imagemagick to 8:6.8.9.9-5+deb8u8.
- Upgrade pidgin to 2.11.0-0+deb8u2.
- Upgrade samba to 2:4.2.14+dfsg-0+deb8u5.

* Minor improvements
- Don't add the live user to the "audio" group. This should not be
needed on a modern Linux desktop system anymore (Closes:
#12209).
- Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT
repository (Closes: #12307).
- Install virtualbox-guest-* from sid. The version currently in
jessie-backports is not compatible with Linux 4.9, and there's
basically no chance that it gets updated (the maintainer asked
for them to be *removed* from jessie-backports) (Closes:
#12298).
- Pull ttdnsd from our custom APT repository. It's gone from the
TorProject one. We removed ttdnsd on feature/stretch already, so
we'll need to pull it from our custom APT repository only for
the next 3 months.
- Clean up libdvd-pkg build files, again. This cleanup operation
was mistakenly removed in commit c4e8744 (Closes: #11273).
- Install gnome-sound-recorder (Closes #10950). Thanks to Austin
English <austinenglish@gmail.com> for the patch!
- Stop restarting tor if bootstrapping stalls. It seems tor might
have fixed the issues we used (see: #10238, #9516) to experience
with the bootstrap process stalling and requiring a restart to
kickstart it (Closes: #12411).
- tor.sh: communicate via the UNIX socket instead of TCP port.
This makes the library usable when run inside systemd units that
have `PrivateNetwork=yes` set.
- Get tor's bootstrap progress via GETINFO instead of log
grep:ing.
- Upgrade tor to 0.2.9.10-1~d80.jessie+1

* Bugfixes
- mirror-pool-dispatcher: bump maximum expected mirrors.json size
to 32 KiB. This fixes an error where Tails Upgrader would
complain with "cannot choose a download server" (Closes:
#11735).

* Build system
- Retry curl and APT operations up to 20 times to make the ISO
build more robust wrt. unreliable Internet connectivity. Thanks
to Arnaud <arnaud@preev.io> for the patch!
- Install ikiwiki from jessie-backports, instead of our patched
one. Our changes were merged in 3.20161219, and jessie-backports
now has 3.20170111~bpo8+1 (Closes: #12051).
- Fix FTBFS when installing a .deb via config/chroot_local-packages
by being more flexible when matching local packages in the apt
list file (Closes: #12374). Thanks to Arnaud <arnaud@preev.io>
for the patch!
- auto/build: support Stretch's GnuPG v2 keyring filename.

* Test suite
- Try possible fix for #11508. IPv6Packet:s' source is accessed by
`.ipv6_saddr`, not `ip_saddr` (that's for IPv4Packet). So, let's
just try and see which one of the two each packet has, because
one of them must be there! Also, given that UDPPacket can be
either IPv4 or IPv6 it seems safest to try to parse each packet
as IPv6Packet first -- that way we keep looking at transport
layer protocols for IPv4 only, and treat everything IPv6 as the
same, which makes sense, since we should block all IPv6, so
everything should be treated the same at all times.
- Changes due to #12411:
* Raise special exception for Tor bootstrap failures.
* Remove obsolete debug logging now that we don't log anything
interesting for `restart-tor` any more.

[close]

https://tails.boum.org/

Titel: Tails 3.0 Beta 4
Beitrag von: SiLæncer am 22 April, 2017, 16:00

Changelog

* Major changes
- All changes brought by Tails 2.12.
- Upgrade to a new snapshot of the Debian and Torproject
APT repositories (2017041704).

* Security improvements
- Enable the buddy page allocator free poisoning (Closes: #12089).
- Enable slub/slab allocator free poisoning (Closes: #12090).
- Create IUKs (automatic upgrades) in a reproducible manner
(Closes: #11974).

* Minor improvements
- Firewall: forbid the _apt user to talk to DNS ports. APT works very well
without DNS access since we only have Onion APT sources, so let's silence
the logs.
- Replace Pidgin's "systray" icon with the guifications plugin
(Closes: #11741). We're trying to remove as much as we can from
the set of icons managed by TopIcons extension flavours, in the hope
it's enough to cancel the problems we've seen with them (#10576, #11737).
- Disable apt-daily.timer, that can only cause problems in our context
(Closes: #12390).
- Do not let pppd-dns manage /etc/resolv.conf (Closes: #12401).
- Ensure rootless X.Org can access /dev/fb0 when started by GDM.
- Include the amdgpu module in the initramfs (refs: #12218).
- Tails Greeter: don't mention 'firewall' anymore (#12382).
- Tails Greeter: avoid the popover menu for Formats being cut,
in most cases (Closes: #12249).
- Tails Greeter: disable the screensaver (Closes: #12370).
- Tails Greeter: fix behavior when pressing Enter in the language selection
menu (Closes: #12359).

* Bugfixes
- Install speech-dispatcher-espeak-ng to fix the Orca screen reader
(Closes: #12389).
- Install xserver-xorg-video-intel and use it on a few graphics adapters
that are not supported correctly by the modesetting driver (refs: #12219).
More PCI IDs will be added as new affected hardware is reported.

* Test suite
- Run on a Q35 2.8 machine (Closes: #11605).
- Deprecate xtightvncviewer in favor of tigervnc-viewer.
- Test the Unsafe Browser in 3 random supported languages, not all.
This should be enough to identify most future regressions in this area,
and will be much faster than testing them all.
- Pidgin tests: switch to an image that doesn't depend on the
topic of tails@conference.riseup.net.
- Fix a problematic use of try_for.
- Fix VM.select_virtual_desktop() and VM.do_focus().
- Random Gherkin improvements.
- Fix a focus issue for GNOME Terminal vs. Tails Installer.
- Adjust to kernel memory poisoning being enabled, which breaks the way
we used to test memory erasure (refs: #12354):
· Drop "no memory erasure" and "memory erasure" tests, that can't work
anymore.
· Test erasure of memory freed by a killed userspace process.
· Test that memory poisoning applies to unmounted tmpfs.
· Test that memory poisoning applies to read and write cache
for unmounted vfat and LUKS-encrypted ext4.
· Run erase_memory a bit later, it requires less disk space nowadays.

[close]

https://tails.boum.org/

Titel: Tails OS 3.0 RC1
Beitrag von: SiLæncer am 22 Mai, 2017, 20:00

Whats new:>>

Important security fixes!
Upgrade to current Debian 9 (Stretch).
Upgrade tor to 0.3.0.7-1.
Upgrade Tor Browser to 7.0a4.
Migrate from Icedove to Thunderbird (only cosmetic).

https://tails.boum.org/

Titel: Tails 3.0 Final
Beitrag von: SiLæncer am 14 Juni, 2017, 06:10

Changelog

* Major changes
- Upgrade Tor Browser to 7.0.1 (Closes: #12635, #12657).
- Upgrade to a new snapshot of the Debian and Torproject
APT repositories: respectively 2017060904 and 2017060903
(Closes: #12609).

* Minor improvements
- Tor Browser: enable Electrolysis (e10s), i.e. render content in a separate
child process, which will allow to improve performance and security
further along the road. This required us to drop our branding add-on
and re-implement its functionality in our Tor Browser wrapper
(Closes: #12569).
- Clean obsolete cached packages when using the Additional Software Packages
feature (Closes: #12400).
- Improve KeePassX database migration handling (Closes: #12375).
- Upgrade OnionShare to 0.9.2, from Debian sid as it has been removed
from Stretch (Closes: #12610).
- Upgrade Tor to 0.3.0.8 (Closes: #12656).
- Drop obsolete bilibop patch, that was applied in 0.5.2.1.
- Include disk space usage information in the WhisperBack bug reports.
- Reorder technical details in WhisperBack bug reports in way that makes
more sense when reading them.
- Convert lc.py to Python 3.
- Simplify some Python code thanks to subprocess.check_ouput.
- Set the initial keyboard focus on the "Start Tails" button
in Tails Greeter (Closes: #12509).
- Convert Tails Greeter's Debian packaging to current best practices.

* Bugfixes
- Fix persistent Thunderbird configuration migration when there is
a mimeTypes.rdf, that doesn't contain any associations to "icedove"
or "/usr/bin/iceweasel" (Closes: #12580).
- Fix persistent browser bookmarks, by generating them from an sqlite dump
(Closes: #12568).
- Use the "intel" X.Org driver for Intel Atom/Celeron/Pentium Processor
x5-E8000/J3xxx/N3xxx Integrated Graphics Controller.
- `exec' from our Thunderbird wrapper so it doesn't remain running.
- Tails Installer: don't allow installing on non-removable drives
(Closes: #10731).
- Fetch the torbrowser-launcher sources from Debian sid:
it's been removed from Debian testing.
Refresh torbrowser-AppArmor-profile.patch accordingly.
- Unsafe Browser: remove the search bar, that's currently buggy
and its presence only encourages unsupported usage (Closes: #12573).
- Unsafe Browser: disable searching in the address bar. It can result
in leaking hostnames and credentials to the default search
engine operator (Closes: #12540).
- Make our omni.ja modifications reproducible (Closes: #12620).
- Generate the fontconfig cache in a reproducible manner (Closes: #12567).
- Don't include torrents/rss.html in the ISO. It's not generated
in a deterministic manner and is worthless in the ISO (Closes: #12619).
- Improve the language → default keyboard layout mapping
in Tails Greeter (Closes: #12547).
- Don't close Tails Greeter's main window when Alt-F4 is pressed
(Closes: #12462).

* Test suite
- Run emergency_shutdown.feature after usb_*.feature, to reduce disk
space requirements (Closes: #12565).
- Deal with server messages in Pidgin.
- Improve Pidgin connectivity check robustness.
- Flag the Synaptic test as fragile (i.e. #12586).
- Optimization: only test once that Tails, booted on DVD, eventually
shuts down after wiping memory.
- Move tests about the shutdown applet to a dedicated feature,
as they have nothing to do with Tails' "emergency" shutdown feature.
- Adapt the network connectivity check to Stretch, and improve it to check
both link and IP connectivity (Closes: #12602).
- Apply a fix from upstream Git to mutter, to fix some of its interactions
with dogtail (Closes: #11718).
- Mark "Scenario: Watching a WebM video" as fragile (i.e. #10442).

* Build system
- Set create_box -e, to make the vagrant box generation a bit more robust.
(Closes: #12578).
- Install kernel from backports and Tails build deps before performing
APT upgrade, to avoid useless bandwidth usage (Closes: #12529).
- Update submodules after merging the base branch (Closes: #12556).
- Rakefile: fix date comparison in basebox:clean_old (Closes: #12575).
- Rakefile: have basebox:clean_old delete baseboxes more than 4 months old
(refs: #12576).
- Also check for fuzzy patches' .orig files at the end of our build hooks,
so we detect any fuzzy patches applied by hooks (Closes: #12617).
- Remove .orig files for patches we allow to be fuzzy.
- Don't pre-build the wiki when mergebasebranch is enabled.
When pre-building the wiki, we modify the PO files which results in a
conflict from the base branch merge in case it modifies the same
files, which breaks the build (Closes: #12611).
- Rakefile: add a task that removes all tails-builder-* libvirt volumes
(Closes: #12599).

[close]

https://tails.boum.org/

Titel: Tails 3.0.1
Beitrag von: SiLæncer am 06 Juli, 2017, 06:00

Changelog

* Security fixes
- Upgrade tor to 0.3.0.9-1~d90.stretch+1 (Closes: #13253).
- Upgrade Linux to 4.9.30-2+deb9u2.
- Upgrade libc to 2.24-11+deb9u1.
- Upgrade libexpat1 to 2.2.0-2+deb9u1.
- Upgrade libgcrypt20 to 1.7.6-2+deb9u1.
- Upgrade libgnutls30 to 3.5.8-5+deb9u1.
- Enable Debian security APT sources (Closes: #12309).

* Minor improvements
- Use a higher resolution image in Tails persistence setup
(Closes: #12510).

* Bugfixes
- Forcibly set $SSH_AUTH_SOCK before starting GNOME
Shell. Apparently, due to a race condition, GNOME keyring
sometimes fails to tell the session manager about the correct
SSH_AUTH_SOCK, and thus GNOME Terminal hasn't this variable set
and any ssh process started in there won't use the (perfectly
working) SSH agent (Closes: #12481).
- Fix issue that made Tails Installer rejects working USB drives,
pretending they're not "removable" (Closes: #12696).
- Make behavior of the power button and lid close actions in the Greeter
consistent with the regular GNOME session (Closes: #13000).

* Build system
- Track the latest debian-security archive for the corresponding
APT sources, and not for the unrelated jessie-updates (Closes:
#12829).
- Print APT sources used in the build VM, to help debugging issues
such as #12829.

[close]

https://tails.boum.org/

Titel: Tails 3.1
Beitrag von: SiLæncer am 09 August, 2017, 18:00

Changelog

* Security fixes
- Upgrade Tor Browser to 7.0.4-build1 (Closes: #13577).
- Upgrade Linux to 4.9.30-2+deb9u3.
- Upgrade libtiff to 4.0.8-2+deb9u1.
- Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u2.
- Upgrate evince to 3.22.1-3+deb9u1.
- Upgrade imagemagick 8:6.9.7.4+dfsg-11+deb9u1.
- Ensure Thunderbird cleans its temporary directory. (Closes: #13340).

* Minor improvements
- Patch gconf to produce reproducible XML output (refs: #12738). This is
the temporary solution for #12738 in Tails 3.1 which will be reverted
(and fixed permanently by removing gconf) in Tails 3.2.
- Apply Debian bts patch to cracklib to produce reproducible dictionnaries
(Closes: #12909).
- Upgrade to Debian 9.1 (Closes: #13178).

* Bugfixes
- Replace faulty URL in htpdate neutral pool (Closes: #13472).
- Keep installing a version of Enigmail compatible with Thunderbird 45.x
(Closes: #13530).
- Fix the time syncing and Tor notifications translations (Closes: #13437).

* Build system
- Upgrade the Vagrant basebox for building ISO images to Stretch
(Closes: #11738).
- Fix on-disk build by bumping Vagrant build VM memory to 768M
(Closes: #13480).
- Fix rescue build option by exporting TAILS_BUILD_FAILURE_RESCUE
(Closes: #13476).

* Test suite
- mark gnome screenshot scenario as fragile (refs: #13458)
- mark UEFI scenario as fragile (refs: #13459).

[close]

https://tails.boum.org/

Titel: Tails 3.2 RC1
Beitrag von: SiLæncer am 21 September, 2017, 04:30

Changelog

Upgrade to Tails Installer 4.4.19, which gets rid of the splash screen, detects when Tails already is installed on the target device (and then proposes to upgrade), and generally improves the UX. We are very interested in reports about problems with this new version of Tails Installer.
The Root Terminal has gone through some significant back-end changes; please make sure it works like before (or better)!
Add PPPoE support; if you have a DSL or dial-up connection that uses PPPoE, please give it a try!
Bluetooth support is now completely disabled (details: #14655). If this makes it hard for you to use Tails, please let us know!
Upgrade to Linux 4.12.12, which improves hardware support, e.g. better support for the NVIDIA Maxwell series of graphics cards.
Upgrade to Thunderbird 52.3.0. Ideally it should work exactly like before, or better.

[close]

https://tails.boum.org/

Titel: Tails 3.2
Beitrag von: SiLæncer am 29 September, 2017, 06:00

Changelog

tails (3.2.1) UNRELEASED; urgency=medium

* Dummy entry.

-- Tails developers <tails@boum.org> Tue, 26 Sep 2017 13:21:53 +0200

tails (3.2) unstable; urgency=medium

* Major changes
- Upgrade Linux packages to the Debian kernel 4.12.0-2, based on
mainline Linux 4.12.12 (Closes: #11831, #12732, #14673).

* Security fixes
- Upgrade Tor Browser to 7.0.6-build3 (Closes: #14696).
- Upgrade to Thunderbird 52.3.0 (Closes: #12639).
- Deny access to Pidgin's D-Bus service (Closes: #14612). That D-Bus
interface is dangerous because it allows _any_ application running
as `amnesia' that has access to the session bus to extract
basically any information from Pidgin and to reconfigure it:
https://developer.pidgin.im/wiki/DbusHowto
- Block loading of Bluetooth kernel modules (Closes: #14655) and
block Bluetooth devices with rfkill (Closes: #14655).
- Add localhost.localdomain to the hosts file to prevent loopback
leaks to Tor circuits (Closes: #13574). Thanks to tailshark for
the patch!

* Minor improvements
- Upgrade to Tails Installer 5.0.1 (Closes: #8859, #8860, #12707). This
version gets rid of the splash screen, detects when Tails is already
installed on the target device (and then proposes to upgrade),
and generally improves the UX. It also increases the Tails partition
size and refuses to install to devices smaller than 8 GB.
- Deprecate Thunderbird's preferences/0000tails.js (Closes: #12680).
- Install the BookletImposer PDF imposition toolkit (Closes: #12686).
- Tor Browser:
* Fallback to ~/Tor Browser for uploads (Closes: #8917).
* Silence some common operations that always are denied and
otherwise would spam the journal (Closes: #14606)
- Shell library: remove now unused functions (Closes: #12685).
- Add pppoe to the installed packages (Closes #13463). Thanks to geb
for the patch!
- Replace syslinux:i386 with syslinux:amd64 in the ISO9660
filesystem (Closes: #13513).
- htpdate: fix date header regexp (Closes: #10495). It seems that
some servers (sometimes) do not send their headers with first
letter uppercased, hence a lot of failures to find the date in it.
- Install aufs-dkms from Debian unstable (Closes: #12732).
- Install vim-tiny instead of vim-nox (Closes: #12687). On Stretch,
vim-nox started pulling ruby and rake in the ISO. I think vim-tiny
would be good enough, and would save a few MiB in the ISO. Those
who use vim more intensively and want another flavour of vim are
likely to need persistence anyway, and can thus install a more
featureful vim with the additional software packages feature.
- Remove gksu and its and gconf's dependencies (Closes: #12738). We
use pkexec instead of gksudo. gksu is unmaintained, buggy
(e.g. #12000), and it is the only reason we ship GConf, which we
want to remove. The other removals are:
* libgnomevfs2-extra, which was previously used for SSH/FTP support in
Nautilus, but isn't needed for that any more.
* libgnome2-bin which provides gnome-open, which isn't required by
any application in Tails (as far as we know).
* Configurations and scripts that become obsolete because of these
removals.
- Refresh torbrowser-AppArmor-profile.patch to apply cleanly on top
of torbrowser-launcher 0.2.8-1 (Closes: #14602).
- Switch from Florence to GNOME's on-screen keyboard (Closes: #8281)
and incidentally improve accessibility in GTK+ 2.0 and Qt
applications. This drops Florence and the corresponding GNOME
Shell extension.
- Make ./HACKING.mdwn a symlink again (Closes: #13600).
- Implement refresh-translations --force .
- Rework how we handle the individual POT files of our applications.
Comparing the new temporary POT files we generate with the
temporary POT files we generated last time (if ever, and if we
did, for which branch?) is not relevant; these POT files are only
used for merging into a new tails.pot and *that* one is relevant
to diff against the old tails.pot.
- Update the Tails signing key. (Closes: #11747)
- Reproducibility:
* Ensure reproducible permissions for /etc/hostname (Closes:
#13623).
* Patch desktop-file-utils to make its mimeinfo.cache reproducible
(Closes: #13439).
* Patch glib2.0 to make its giomodule.cache reproducible (Closes:
#13441).
* Patch gdk-pixbuf to make its loaders.cache reproducible (Closes:
#13442).
* Patch gtk2.0 and gtk3.0 to make their immodules.cache
reproducible (Closes: #13440).
* Remove GCconf: it is a source of non-determinism in the
filesystem (element order in /var/lib/gconf/defaults/%gconf-tree-*.xml)
which made Tails unreproducible.
* Ignore comment updates in POT files, which was a source of
non-determinism and therefore prevented Tails from being
reproducible (Closes: #12641).
- Kernel hardening:
* Increase mmap randomization to the maximum supported value
(Closes: #11840). This improves ASLR effectiveness, and makes
address-space fragmentation a bit worse.
* Stop explicitly enabling kaslr: it's enabled by default in
Debian, and this kernel parameter is not supported anymore.
* Disable kexec, to make our attack surface a bit smaller.

* Bugfixes
- Start Nautilus silently in the background when run as root
(Closes: #12034). Otherwise, after closing Nautilus one gets the
prompt back only after 5-15 seconds, which confuses users and makes
our doc more complicated than it should.
- Ensure pinentry-gtk2 run by Seahorse has the correct $DISPLAY set
(Closes: #12733).

* Build system
- build-manifest-extra-packages.yml: remove squashfs-tools version
we don't use anymore (Closes: #12684). Apparently our
apt-get/debootstrap wrapper tricks are enough to detect the
version of squashfs-tools we actually install and use.
- Merge base branch earlier, i.e. in auto/config instead of
auto/build (Closes: #14459). Previously, a given build from a topic
branch would mix inconsistent versions of things.
- Fail builds started before SOURCE_DATE_EPOCH (Closes:
#12352). Such builds would not be reproducible, and this is an
assumption (a reasonable one!) that we do all over the place, so
let's fail early. While we're at it, let's fail if
SOURCE_DATE_EPOCH is not set as well. Actually we would fail any
way if that was the case when reaching our
99-zzzzzz_reproducible-builds-post-processing build hook, but
let's fail early.

* Test suite
- Test the GNOME Root Terminal.
- Take into account that Tails Installer 5.0.1 refuses to install
Tails to devices smaller than 8 GiB. It'll still allow *upgrading*
such sticks though.
- Use 7200 MiB virtual USB drives when we really mean 8 GiB. In the
real world, USB sticks labeled "8 GB" can be much smaller, so
Tails Installer will accept anything that's at least 7200 MiB.
This commit makes us exercise something closer to what happens in
the real world, and incidentally it'll save storage space on our
isotesters and improve test suite performance a bit. :)
- Have unclutter poll every 0.1s instead of continuously. On current
sid, virt-viewer eats a full CPU and doesn't do its job when
"unclutter -idle 0" is running.
- Adapt tests for Tails Installer 5.0.1.
- Workaround Pidgin's DBus interface being blocked since we actually
depend on it for some tests.
- Test that Pidgin's DBus interface is blocked.
- Save more data on test suite failures (Refs: #13541):
* When Tor fails to bootstrap, save Tor logs and chutney nodes
data.
* When Htpdate fails to synchronize the clock, save its logs.
* Always save the systemd journal on failure.
- When testing emergency shutdown, wait longer for Tails to tell
us it has finished wiping the memory. The goal here is to help
us understand whether (Refs: #13462) is a bug in the emergency
shutdown feature or in our test suite.
- Restart nautilus-desktop if Desktop icons are not visible
(Closes: #13461).
- Test suite: fix assert_raise() when using ruby-test-unit >=
3.2.5 (Closes: #14654). ruby-test-unit 3.2.5 added native Java
exception support for JRuby. The fact we defined the :Java
constant was enough to trigger that JRuby-specific code, which
failed.
- Test suite: take into account that click-to-play is not required
anymore for WebM videos in Tor Browser (Closes: #14586).

[close]

https://tails.boum.org/

Titel: Tails 3.3
Beitrag von: SiLæncer am 15 November, 2017, 14:00

Changelog

* Major changes
- Upgrade the base system to the Debian Stretch 9.2 point-release
which gives us tons of bugfixes (Closes: #14714).
- Install Linux 4.13.0-1 (Closes: #14789).

* Security fixes
- Upgrade Thunderbird to 52.4.0 (Closes: #14963).
- Upgrade Tor Browser to 7.0.10 (Closes: #14940).
- Upgrade gdk-pixbuf to 2.36.5-2+deb9u1.0tails1 (Closes: #14729).

* Minor improvements
- Upgrade to Tor 0.3.1.8-2~d90.stretch+1, a new stable Tor series.
- tails-documentation: rewrite in Python + use WebKit for display
instead of the Tor Browser. Since Tor Browser 7.0.8 rendering of
local pages (like our docs) fail (#14962) so this is probably a
temporary workaround of that.
- Replace the Unsafe Browser's warning pages with static,
pure-HTML versions. This is truly a *temporary* workaround for
#14962.
- Update deb.tails.boum.org APT repo key (Closes: #14927)
- Refresh Tor Browser AppArmor profile patch to apply on top of
torbrowser-launcher 0.2.8-4's (Closes: #14923).
- Drop obsolete manual enabling of AppArmor on the kernel
command-line: it's now enabled by default, so the (Tails -
Debian) delta gets smaller. :)

* Bugfixes
- Install Tails Installer 5.0.2. Fixes:
* Most notably, fix an issue preventing Tails Installer from
installing to drives containing a non-Tails partition that
(obviously) has affected a lot of users. (Closes: #14755).
* Fix an issue that made the resulting installations unbootable
if Tails Installer was using a too recent udisks2, e.g. the
one currently in Debian Sid (Closes: #14809).
* Code clean-ups (Closes: #14721, #14722, #14723).
- Fix UEFI boot for USB sticks installed with Universal USB
Installer (Closes: #8992).
- Force Tor Browser and Thunderbird to enable accessibility
support even if no a11y feature is enabled in GNOME yet (Closes:
#14752, #9260).
- Mark our custom Desktop launchers as trusted (Closes: #14793,
Refs: 14584).
- Add a systemd --user target for bits of GNOME
EarlyInitialization managed by systemd, and make the keyboard
layout configuration as part of it. This fixes an issue where
the layout chosen in the Greeter sometimes wasn't applied in the
GNOME session (Closes: #12543).

* Build system
- auto/{build,clean,config}: run with `set -eu`.
- Add script to sanity check the website. Currently it ensures all
blog posts and security advisories have valid Ikiwiki 'meta
date' directives, since we depend on it for reproducibility.
Also make passing this sanity check a pre-condition for building
the website (Closes: #12726, #14767).
- Abort the ISO build when DKMS modules were not built.
- Take into account where DKMS modules get installed nowadays.
- auto/build: normalize file timestamps in wiki/src before
building. The copy of the website included in the ISO image has
"Posted" timestamps that apparently match when we cloned the Git
repository, which affects reproducibility. (Closes: #14933).
- Fix reproducibility of builds of topic branches that lag behind
their base branch with the mergebasebranch build option enabled.
Two otherwise identical merge commits done at different times
get different IDs, and we happen to embed in the ISO the ID of
the commit we're building from. (Closes: #14946)

* Test suite
- Bump timeout for "I can save the current page as", otherwise the
"The Tor Browser directory is usable" scenario fails randomly
when the system is under load.
- New scenario: installing Tails to an eligible drive with an
existing filesystem. This is a regression test for #14755.
- New scenario: re-installing over an existing Tails installation.

-- Tails developers <tails@boum.org> Tue, 14 Nov 2017 04:53:27 +0100

[close]

https://tails.boum.org/

Titel: Tails 3.4
Beitrag von: SiLæncer am 10 Januar, 2018, 06:00

Changelog

* Security fixes
- Install Linux 4.14.0-2 from sid (Closes: #14976). This enables
the kernel-side mitigations for Meltdown and Spectre.
- Upgrade curl to 7.52.1-5+deb9u3.
- Upgrade enigmail to 2:1.9.9-1~deb9u1.
- Upgrade gimp to 2.8.18-1+deb9u1.
- Upgrade imagemagick to 8:6.9.7.4+dfsg-11+deb9u4.
- Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
- Upgrade libxcursor to 1:1.1.14-1+deb9u1.
- Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
- Upgrade poppler to 0.48.0-2+deb9u1.
- Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
- Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
- Upgrade sensible-utils to 0.0.9+deb9u1.
- Upgrade tor to 0.3.1.9-1~d90.stretch+1.

* Minor improvements
- Display TopIcons systray on the left of the system menu. This
fixes #14796 (on Buster, it is displayed in the middle of the
screen, on the left of the clock) and an annoying UX problem we
have on Stretch: OpenPGP applet is in the middle of icons that
share the exact same (modern, GNOME Shell-like) behaviour, which
is disturbing when opening one of the modern menus and moving
the mouse left/right to the others, because in the middle one
icon won't react as expected, and the nice blue bottom border
continuity is broken.
- Use the "intel" X.Org driver for integrated graphics in Intel
i5-7300HQ (Closes: #14990).
- Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
for good reasons, let's not revert to the upstream default.
- Pin the AppArmor feature set to the Stretch's kernel one. Linux
4.14 brings new AppArmor mediation features and the policy
shipped in Stretch may not be ready for it. So let's disable
these new features to avoid breaking stuff: it's too hard to
check if all the policy for apps we ship (and that users install
themselves) has the right rules to cope with these new mediation
features.

* Bugfixes
- Don't delete downloaded debs after install (Closes: #10958).
- Install xul-ext-ublock-origin from sid to make the dashboard
work again(Closes: #14993). Thanks to cacahuatl
<cacahuatl@autistici.org> for the patch!
- Additional software feature: use debconf priority critical to
prevent failure when installing packages otherwise requiring
manual configuration (Closes: #6038)
- Don't include anything under /lib/live/mount/medium/ in the
readahead list (Closes: #14964). This fixes the boot time
regression introduced in Tails 3.3.

* Build system
- Display a more helpful error message when the 'origin' remote
does not point to the official Tails Git repository. This task
calls git_base_branch_head() which relies on the fact 'origin'
points to our official repo.
- Vagrant: never build the wiki early. This has caused several
issues throughout the years, the lastest instance being the
reopening of #14933. (Closes: #14933)
- Install libelf-dev during the time we need it for building DKMS modules.
- Make the DKMS build hook verbose, and display DKMS modules build
logs on failure. This hook is a recurring cause of headaches,
let's simplify debugging.
- Remove obsolete duplicate build of the virtualbox-guest DKMS
module.

* Test suite
- Log the list of systemd jobs when systemctl is-system-running
fails (Closes: #14772). Listing the units is not enough: in most
cases I've seen, is-system-running returns "starting" which
means the job queue is not empty, and to debug that we need the
list of jobs.
- Only support SikuliX; drop support for Sikuli.
- Disable SPICE clipboard sharing in the guest. It could only mess
things up, and in fact has confused me by suddenly setting my
*host's* clipboard to "ATTACK AT DAWN"... :)
- Decode Base64.decode64 return value appropriately; it returns
strings encoded in ASCII-8bit.
- Don't flood the debug logger with the journal contents.
- Handle case where $vm is undefined during an extremely early
scenario failure.
- Allow more time for 'systemctl is-system-running' to
succeed. (Refs: #14772)
- Make Sikuli attempt to find replacements on FindFailed by
employing fuzz, or "lowering the similarity factor". The
replacements (if found) are saved among the artifacts, and
serves as potential drop-in-replacements for outdated
images. The main use case for this is when the font
configuration in Tails changes, which normally invalidates a
large part of our images given that our default high similarity
factor. We also add the `--fuzzy-image-matching` where the
replacements are used in case of FindFailed, so the tests can
proceed beyond the first FindFailed. The idea is that a full
test suite run will produce replacements for potentially *all*
outdated images.
- Fix our findAny() vs findfailed_hook. For findAny() it might be
expected that some images won't be found, so we shouldn't use
our findfailed_hook, which is about dealing with the situation
where images need to be updated.
- Make sure Pidgin's D-Bus policy changes are applied (Closes:
#15007). Without the HUP there's a race that we sometimes lose.
- Nump the Unsafe Browser's start page image (Closes: #15006).
- Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
since the latter is not detected on Sid (Closes: #14819).

[close]

https://tails.boum.org/

Titel: Tails 3.5
Beitrag von: SiLæncer am 24 Januar, 2018, 06:00

Changelog

* Security fixes
- Upgrade amd64-microcode to 3.20171205.1, for the mitigation
against Spectre (CVE-2017-5715) (Closes: #15148).
- Upgrade Tor Browser to 7.5-build3 (Closes: #15197).
- Upgrade Thunderbird to 1:52.5.2-2~deb9u1.0tails1 (Closes: #15033)
- Upgrade gdk-pixbuf to 2.36.5-2+deb9u2.0tails1 (Closes: #15177).
- Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u4.
- Upgrade libxml2 to 2.9.4+dfsg1-2.2+deb9u2.

* Minor improvements
- Upgrade Linux to 4.14.13, which is the first kernel that has the
"[x86] microcode/AMD: Add support for fam17h microcode loading"
commit, that's needed to load the AMD fam17h microcode for
mitigating the Spectre vulnerability (CVE-2017-5715).

* Bugfixes
- Drop Claws Mail persistence setting migration. Whenever
persistent Claws Mail setting is enabled, this creates an empty
~/.icedove/ directory, that prevents Thunderbird from starting
(Closes: #12734).
- Don't prevent the GNOME Applications button from opening its menu if
time syncing resulted in a shift back in time (Closes: #14250).
- Tails Installer: when cloning Tails to another USB drive, check
if the target device has enough space *before* any destructive
actions are made (Closes: #14622).
- Tor Browser: make "Print to file" work again, for all locales
(Closes: #13403, #15024).

* Build system
- Fix option passed to cmp: -q is not supported but --quiet is.
Spotted on feature/buster that's the first branch that exercises
this code, but there's no reason to fix it only there.

* Test suite
- Adapt tests for Tor Launcher 0.2.14.3, i.e. the one shipped with
Tor Browser 7.5 in Tails 3.5 (Closes: #15064).
- Add support for creating arbitrarily sized partitions.
- Add a "Try cloning Tails to a too small partition" scenario
(regression test for #14622).

[close]

https://tails.boum.org/

Titel: Tails 3.6 RC1
Beitrag von: SiLæncer am 05 März, 2018, 19:00

Changelog

* Major changes
- Upgrade Tor to 0.3.2.9. (Closes: #15158)
- Add ability to lock the screen (Closes: #5684)
- Add support for meek_lite bridges. (Closes: #8243)
- Upgrade to Thunderbird 52.6.0. (Closes: #15298)
- Enable Thunderbird AppArmor profile. (Closes: 11973)
- Upgrade Linux to 4.15.0-1. (Closes: #15309).
- Upgrade Systemd to v237.
- Upgrade Electrum to 3.0.6. (Closes: #15022)
- Port most of Tails shell scripts to Python thanks to
GoodCrypto. (Closes: #11198)

* Security fixes
- Upgrade Intel processor microcode firmware. (Closes: #15173).
- Create tails-upgrade-frontend's trusted GnuPG homedir with stricter
permissions, then make it looser. (Closes: #7037)
- Upgrade poppler to 0.48.0-2+deb9u1. (CVE-2017-14929, CVE-2017-1000456)
- Upgrade tiff to 4.0.8-2+deb9u2 ( CVE-2017-9935, CVE-2017-11335,
CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013)
- Upgrade ffmpeg to 7:3.2.10-1~deb9u1. (CVE-2017-17081)
- Upgrade libtasn1-6 to 4.10-1.1+deb9u1. (CVE-2017-10790, CVE-2018-6003)
- Upgrade Libre Office to 1:5.2.7-1+deb9u2. (CVE-2018-6871)
- Upgrade libvorbis to 1.3.5-4+deb9u1. (CVE-2017-14632, CVE-2017-14633
- Upgrade gcc to 6.3.0-18+deb9u1.

* Minor improvements
- Drop (broken) Thunderbird dedicated SocksPort. (Closes: #12460)
- Drop customized update-ca-certificates.service. (Closes: #14756)
- Update AppArmor cupsd profile. (Closes: #15029)
- Improve UX when GDM does not start. (Closes: #14521)
- Install packages needed to support Video Acceleration API.
(Closes: #14580)
- Upgrade aufs-dkms for Linux 4.15. (Closes: #15132).
- Ship pdf-redact-tools, thanks to dachary <loic@dachary.org>.
(Closes: #15052)
- Additional Software Packages: convert to python3 and PEP-8.
(Closes: #15198)
- Additional Software Packages: do not check for updates every time the
network gets reconnected. (Closes: #9819)
- Revert to xorg-xserver from Stretch. (Closes: #15232)
- Open Tails documentation in Tor Browser when online. (Closes: #15332)
- Disable Enigmail's Memory Hole feature. (Closes: #15201)
- Persistence Setup: stop depending on Synaptic. (Closes: #15263)

* Bugfixes
- Additional Software Packages: fix the "incomplete online upgrade
process" bug in offline mode (Closes: #14570)
- Additional Software Packages: do not block Desktop opening.
(Closes: #9059)
- Install OpenPGP Applet 1.1. (Closes: #6398).
- Repair rng-tools using a real start-stop-daemon program.
(Closes: #15344)
- Tails installer: fix bug with unicode status messages. (Closes: #15254)

* Build system
- Abort if tails-custom-apt-sources failed.
- Abort the ISO build when DKMS modules are not built. (Closes: #14789).
- Improve how we use dependency hooks. (Closes: #14818)
- Fix (potential) rare race condition during build.
- Ensure the SquashFS has /etc/hostname properly configured.
(Closes: #15322)
- Bump builder VM's RAM. (Closes: #15310)

* Test suite
- Log the list of systemd jobs when systemctl is-system-running fails.
(Closes: #14772).
- Allow more time for 'systemctl is-system-running' to succeed.
- Only support SikuliX, not Sikuli.
- Disable SPICE clipboard sharing.
- Don't flood the debug logger with the journal contents.
- Rescue exception.
- Enter a name into the Thunderbird account configuration.
(Closes: #11256)
- Fix the "I do not see ..." step's case. (Closes: #14929)
- Mark scenarios that use the "The Report an Error launcher will…" step
as fragile (Closes: #15321)
- Test that Tor Browser opens docs when online. (Closes: #15332)
- Adapt test after warning moved to after Unsafe Browser verification
dialog. (Closes: #8775)
- Dogtailify electrum.feature.
- Add additional software packages feature. (Closes: #14572)
- Disable test that is broken due to a Tor Browser bug. (Closes: #15336)

[close]

https://tails.boum.org/

Titel: Tails 3.6 Final
Beitrag von: SiLæncer am 13 März, 2018, 22:00

Changelog

* Major changes
- Upgrade Tor Browser to 7.5.1.
- Upgrade Tor to 0.3.2.10. (Closes: #15158)
- Add ability to lock the screen. (Closes: #5684)
- Add initial support for Meek bridges. (Closes: #8243)
- Upgrade to Thunderbird 52.6.0. (Closes: #15298)
- Enable Thunderbird AppArmor profile. (Closes: 11973)
- Upgrade Linux to 4.15.0-1. (Closes: #15309).
- Upgrade systemd to 237.
- Upgrade Electrum to 3.0.6. (Closes: #15022)
- Upgrade the base system to the Debian Stretch 9.4 point-release
(Closes: #15341)
- Port a few shell scripts to Python thanks to GoodCrypto. (Closes: #11198)

* Security fixes
- Upgrade Intel processor microcode firmware. (Closes: #15173).
- Upgrade poppler to 0.48.0-2+deb9u1. (CVE-2017-14929, CVE-2017-1000456)
- Upgrade tiff to 4.0.8-2+deb9u2 (CVE-2017-9935, CVE-2017-11335,
CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013)
- Upgrade ffmpeg to 7:3.2.10-1~deb9u1. (CVE-2017-17081)
- Upgrade libtasn1-6 to 4.10-1.1+deb9u1. (CVE-2017-10790, CVE-2018-6003)
- Upgrade Libre Office to 1:5.2.7-1+deb9u2. (CVE-2018-6871)
- Upgrade libvorbis to 1.3.5-4+deb9u1. (CVE-2017-14632, CVE-2017-14633)
- Upgrade gcc to 6.3.0-18+deb9u1.
- Upgrade util-linux to 2.29.2-1+deb9u1. (CVE-2018-7738)
- Upgrade isc-dhcp to 4.3.5-3+deb9u1 (CVE-2017-3144, CVE-2018-5732,
CVE-2018-5733)

* Minor improvements
- Avoid noisy warning at boot time by creating tails-upgrade-frontend's
trusted GnuPG homedir with stricter permissions, then making it looser.
(Closes: #7037)
- Drop (broken) Thunderbird dedicated SocksPort. (Closes: #12460)
- Drop customized update-ca-certificates.service. (Closes: #14756)
- Update AppArmor cupsd profile. (Closes: #15029)
- Improve UX when GDM does not start. (Closes: #14521)
- Install packages needed to support Video Acceleration API.
(Closes: #14580)
- Upgrade aufs-dkms for Linux 4.15. (Closes: #15132).
- Ship pdf-redact-tools, thanks to dachary <loic@dachary.org>.
(Closes: #15052)
- Additional Software Packages: convert to python3 and PEP-8.
(Closes: #15198)
- Additional Software Packages: do not check for updates every time the
network gets reconnected. (Closes: #9819)
- Revert to xorg-xserver from Stretch. (Closes: #15232)
- Open Tails documentation in Tor Browser when online. (Closes: #15332)
- Disable Enigmail's Memory Hole feature. (Closes: #15201)
- Persistence Setup: stop depending on Synaptic. (Closes: #15263)

* Bugfixes
- Additional Software Packages: fix the "incomplete online upgrade
process" bug in offline mode (Closes: #14570)
- Additional Software Packages: do not block Desktop opening.
(Closes: #9059)
- Install OpenPGP Applet 1.1. (Closes: #6398).
- Repair rng-tools using a real start-stop-daemon program.
(Closes: #15344)
- Tails installer: fix bug with unicode status messages. (Closes: #15254)

* Build system
- Abort if tails-custom-apt-sources failed.
- Abort the ISO build when DKMS modules are not built. (Closes: #14789).
- Improve how we track dependencies in build hooks. (Closes: #14818)
- Fix (potential) rare race condition during build.
- Ensure the SquashFS has /etc/hostname properly configured.
(Closes: #15322)
- Bump builder VM's RAM. (Closes: #15310)

* Test suite
- Log the list of systemd jobs when systemctl is-system-running fails.
(Closes: #14772).
- Allow more time for 'systemctl is-system-running' to succeed.
- Only support SikuliX, not Sikuli.
- Disable SPICE clipboard sharing.
- Don't flood the debug logger with the journal contents.
- Rescue exception.
- Enter a name into the Thunderbird account configuration.
(Closes: #11256)
- Fix the "I do not see ..." step's case. (Closes: #14929)
- Mark scenarios that use the "The Report an Error launcher will…" step
as fragile (Closes: #15321)
- Test that Tor Browser opens docs when online. (Closes: #15332)
- Adapt test after warning moved to after Unsafe Browser verification
dialog. (Closes: #8775)
- Dogtailify electrum.feature.
- Add additional software packages feature. (Closes: #14572)
- Disable test that is broken due to a Tor Browser bug. (Closes: #15336)

[close]

https://tails.boum.org/

Titel: Tails 3.6.1
Beitrag von: SiLæncer am 19 März, 2018, 05:00

Changelog

* Security fixes
- Upgrade Tor Browser to 7.5.2 (MFSA 2018-08 i.e. CVE-2018-5146).
- Upgrade libvorbis to 1.3.5-4+deb9u2 (DSA 4140-1 aka. CVE-2018-5146).
- Upgrade curl to 7.52.1-5+deb9u5 (DSA 4136-1).
- Upgrade samba to 2:4.5.12+dfsg-2+deb9u2 (DSA 4135-1).

* Bugfixes
- Fix ISO build reproducibility (Closes: #15400)
- Disable Selfrando: Tor Browser upstream currently enables it only
in non-release builds
(https://trac.torproject.org/projects/tor/ticket/24912#comment:8).

[close]

https://tails.boum.org/

Titel: Anonymisierende Distribution Heads 0.4 veröffentlicht
Beitrag von: SiLæncer am 28 März, 2018, 20:04

Vor etwas über einem Jahr veröffentlichte der Devuan-Ableger Heads sein erstes Image. Jetzt folgt mit Heads 0.4 die letzte Veröffentlichung vor der Beantragung der Aufnahme in die Liste der freien Distributionen der Free Software Foundation.

Heads ist eine Live-Distribution aus dem Umfeld von Devuan. Devuan spaltete sich 2014 von Debian ab, nachdem dort die Entscheidung gefallen war, künftig auf Systemd als Init-System zu setzen. Devuan versucht dagegen, völlig ohne Systemd auszukommen. Der Initiator von Heads bezeichnet Heads als »Tails ohne Systemd«.

Das Wortspiel «Heads & Tails« deutet auf die Ausrichtung von Heads als anonymisierende Distribution hin. Die neue Version basiert auf Devuan »Beowulf«, was bei Debian dem Testing-Zweig »Buster« entspricht. Das überarbeitete Devuan-SDK bildet die Grundlage für das Heads-Build-System. Auf Debians Live-Boot/Live-Config wird künftig verzichtet. Weitere Neuerungen sind die Verwendung eines angepassten Init-Systems, das einer Kombination von SysVinit und OpenRC entstammt. Ein eigenes, statisch gelinktes Initramfs enthält nur die nötigsten Komponenten, um das System zu starten. Die Ankündigung von Heads 0.4 erwähnt, die Entwickler realisierten dies in nur 100 Zeilen Code. Die Grundlagen für eine Persistenz-Funktion, die mit Heads 1.0 verfügbar sein soll, wurden in Heads 0.4 gelegt.

Als Kernel kommt Version 4.9.74 zum Einsatz, Tor Browser wurde auf 7.5.2 aktualisiert. In der Kernel-Konfiguration wurden einige Treiber entfernt, so beispielsweise die für externe Soundkarten. Cgroups wurde ebenso aktiviert wie AppArmor. Eine Sicherheitslücke, die eine Rechteausweitung ermöglichte wurde geschlossen. Heads 0.4 steht in 32- und 64-Bit als Image mit einer Größe von rund 750 MByte auf dem Projektserver zum Download (https://files.dyne.org/heads/) bereit.

Quelle : www.pro-linux.de

Titel: Tails 3.6.2
Beitrag von: SiLæncer am 31 März, 2018, 11:00

Changelog

* Security fixes
- Upgrade Tor Browser to 7.5.3 (MFSA 2018-10, Closes: #15459).
- Upgrade Thunderbird to 1:52.7.0-1~deb9u1.0tails1 (DSA-4155,
Closes: #15471).
- Upgrade libicu to 57.1-6+deb9u2 (DSA-4150).
- Upgrade intel-microcode to 3.20180312.1~bpo9+1. Implements
IBRS/IBPB/STIPB support, Spectre-v2 mitigation for: Sandybridge,
Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake
(Closes: #15173).

* Bugfixes
- Tor Browser AppArmor profile:
* Grant the main Firefox process access to machine-id: needed for
IBus support (Closes: #15437).
* Allow access to extensions installed by the user such as Tails
Verification (Closes: #15434).
- Remove packages needed to support Video Acceleration API
(VA-API) because they breaks opening GNOME Settings and Totem in
Tails 3.6 on some computers (only NVIDIA for now but perhaps
other hardware is affected). (Closes: #15433, #15449)
- Upgrade Linux to 4.15.11-1 and bump the aufs submodule (Closes:
#15456, #15457).
- tails-documentation script:
* open translated documentation page in Tor Browser when online
(Closes: #15371).
* use documented syntax for os.execv (Refs: #15332)
* re-add support for passing a HTML anchor as the second
argument.
- Fix issue where the tails-persistence-setup user's guid would be
changed when it was the uid that was intended (Closes: #15422).

[close]

https://tails.boum.org/

Titel: Tails 3.7
Beitrag von: SiLæncer am 10 Mai, 2018, 12:00

Changelog

* Security fixes
- Upgrade Tor Browser to 7.5.4 (MFSA 2018-12, Closes: #15588).
- Upgrade OpenSSL to 1.1.0f-3+deb9u2 (DSA-4157).
- Upgrade Perl to 5.24.1-3+deb9u3 (DSA-4172).
- Upgrade Libre Office to 1:5.2.7-1+deb9u4 (DSA-4178).
- Upgrade libmad to 0.15.1b-8+deb9u1 (DSA-4192).

* Bugfixes
- Enable the removal of OpenPGP keyblock in Whisperback (closes: #7797).
- Show the logo in Whisperback's About menu (closes: #13198).
- Use the same font in all the Whisperback report (Closes: #11272).
- Update tails-bugs@tails.boum OpenPGP key (Closes: #15534).

* Minor improvements
- Stop installing python-qt4 and python-trezor (Closes: #15391).
- Make WhisperBack easier to find in the GNOME Overview (Closes: #13299).

[close]

https://tails.boum.org/

Titel: Tails 3.7.1
Beitrag von: SiLæncer am 10 Juni, 2018, 18:00

Changelog

tails (3.7.1) unstable; urgency=medium

* Security fixes
- Upgrade Tor Browser to 7.5.5 (MFSA 2018-14; closes: #15643).
- Upgrade Thunderbird to 52.8.0 (DSA-4209-1; Closes: #15607).
- Partially fixes EFAIL.
- Fixes importing OpenPGP keys from keyservers with Enigmail.
- Accordingly refresh our Thunderbird AppArmor profile patch.
- Upgrade cURL to 7.52.1-5+deb9u6 (DSA-4202-1).
- Upgrade GnuPG (modern) 2.1.18-8~deb9u2 (DSA-4222-1).
- Upgrade GnuPG (legacy) to 1.4.21-4+deb9u1 (DSA-4223-1).
- Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4212-1).
- Upgrade PackageKit to 1.1.5-2+deb9u1 (DSA-4207-1).
- Upgrade procps to 2:3.3.12-3+deb9u1 (DSA-4208-1).
- Upgrade wavpack to 5.0.0-2+deb9u2 (DSA-4197-1).
- Upgrade wget to 1.18-5+deb9u2 (DSA-4195-1).
- Upgrade xdg-utils to 1.1.1-1+deb9u1 (DSA-4211-1).

* Bugfixes
- Fix setting a screen locker password with non-ASCII characters
(Closes: #15636).
- WhisperBack:
- Rename the WhisperBack launcher to "WhisperBack Error Reporting"
so that users have a better chance to understand what it does
(Closes: #6432)
- Ensure debugging info in Whisperback reports don't contain email
signature markers so that email clients forward it in full
(Closes: #15468).
- Wrap text written by the user to 70 chars (Closes: #11689).

* Minor improvements
- The "Tails documentation" desktop launcher now opens /doc instead of
the aging /getting_started that confused people during user testing
(Closes: #15575).

* Test suite
- Update to match "Tails documentation" behaviour change.

-- Tails developers <tails@boum.org> Sat, 09 Jun 2018 19:53:51 +0000

[close]

https://tails.boum.org/

Titel: Tails 3.8
Beitrag von: SiLæncer am 26 Juni, 2018, 21:30

Changelog

* Security fixes

- Upgrade Tor Browser to 7.5.6 (MFSA 2018-17; Closes: #15683).
- Upgrade Enigmail to 2.0.7 (partly fixes #15602 aka. EFAIL).
- Upgrade libgcrypt to 1.7.6-2+deb9u3 (DSA-4231-1).
- Upgrade perl to 5.24.1-3+deb9u4 (DSA-4226-1).

* Bugfixes

- Thunderbird: fix importing public OpenPGP keys from email attachments
(Closes: #15610).
- Make the Unsafe Browser home page translatable again (Closes: #15461).

* Minor improvements

- Don't display the "Know your rights" message on Thunderbird first run.
- Move Thunderbird's default userChrome.css to /etc/thunderbird, just like
we do for Tor Browser, for easier upgrade handling.

[close]

https://tails.boum.org/

Titel: Tails 3.9 RC1
Beitrag von: SiLæncer am 18 August, 2018, 19:00

Changelog

Upgrades and changes

Integrate the Additional Software Packages feature into the desktop and revamp the interface of "Configure Persistent Volume".

Support unlocking TrueCrypt and VeraCrypt encrypted volumes on the desktop.

Upgrade Tor Browser to 8.0a9, based on Firefox 60 ESR.

Upgrade Thunderbird to 60.0b10.

Improve hardware support: upgrade some graphics drivers, firmware, and upgrade Linux to 4.17.

Upgrade tor to 0.3.4.6-rc.

Due to security concerns the Liferea feed reader will be removed from Tails by the end of 2018. Please migrate your feeds to Thunderbird.

Fixed problems

Don't display the Enigmail configuration wizard in every Tails session.

Many problems fixed in Tails Installer and elsewhere. For more details, read our changelog (https://git-tails.immerda.ch/tails/plain/debian/changelog).

[close]

https://tails.boum.org/

Titel: Tails 3.9 Final
Beitrag von: SiLæncer am 05 September, 2018, 20:00

Changelog

New features
Additional Software

You can now install additional software automatically when starting Tails.
When installing an additional Debian package from Tails, you can decide to install it automatically every time:
To check your list of additional software packages, choose Applications ▸ System Tool ▸ Additional Software.

The packages included in Tails are carefully tested for security. Installing additional packages might break the security built in Tails, so be careful with what you install.
Read our documentation on installing additional software.
VeraCrypt integration

To unlock VeraCrypt volume in Tails, choose Applications ▸ System Tool ▸ Unlock VeraCrypt Volumes.
The integration of VeraCrypt in the Files and Disks utilities was done upstream in GNOME and will be available outside of Tails in Debian 10 (Buster) and Ubuntu 18.10 (Cosmic Cuttlefish).
Read our documentation on using VeraCrypt volumes.
News reading in Thunderbird

Thunderbird is now the official RSS and Atom news feed reader in Tails.
Liferea will be removed from Tails in version 3.12, early 2019.
Upgrades and changes

Improve the configuration of the persistent storage to make it easier to scroll and consistent with the GNOME guidelines.

Included software

Update Tor Browser to 8.0, based on Firefox 60 ESR.
Based on Firefox Quantum.
New Tor circuit view
Update Thunderbird from 52 to 60.
Update Tor to 0.3.4.7-rc.
Update Electrum to from 3.0.6 to 3.1.3.

Hardware support

The following updates make Tails work better on recent hardware (graphics, Wi-Fi, etc.):

Update Linux to 4.17 which also fixes the Foreshadow attack.
Update the DRM and Mesa libraries to improve support for some graphics cards.
Update the Intel and AMD microcodes and most firmware packages.

Fixed problems

Stop displaying the Enigmail setup wizard every time Tails is restarted. (#15693 and #15746)
Show a spinner while starting Tor Browser, Tails documentation, and WhisperBack. (#15101)
Use Tor Browser again for browsing the documentation offline. (#15720)
Show Synaptic and Root Terminal even when no administration password is set. (#11013)
Tails Installer
Link to upgrade documentation when upgrading. (#7904)
Hide the Reinstall option when the USB stick is too small. (#14810)
Correct the size of the USB stick in the confirmation dialog when reinstalling. (#15590)

For more details, read our changelog.
Known issues

Starting Tails 3.9 from DVD is twice slower than earlier releases. (#15915)

[close]

https://tails.boum.org/

Titel: Tails 3.9.1
Beitrag von: SiLæncer am 04 Oktober, 2018, 14:00

Changelog

* Security fixes
- Upgrade Tor Browser to 8.0.2, based on Firefox 60.2.1 (Closes: #16017).
- Upgrade Thunderbird to 60.0-3~deb9u1.0tails2 (Closes: #15959). Also
imported the same security fixes that caused Tor Browser 8.0.2.
- XXX: #15978?
- Upgrade curl to 7.52.1-5+deb9u7 (DSA-4286).
- Upgrade Ghostscript to 9.20~dfsg-3.2+deb9u5 (DSA-4294).
- Upgrade libarchive-zip-perl to 1.59-1+deb9u1 (DSA-4300).
- Upgrade libkpathsea6 to 2016.20160513.41080.dfsg-2+deb9u1 (DSA-4299).
- Upgrade LittleCMS 2, aka. liblcms2-2, to 2.8-4+deb9u1 (DSA-4284).
- Upgrade Python 2.7 to 2.7.13-2+deb9u3 (DSA-4306).
- Upgrade Python 3.5 to 3.5.3-1+deb9u1 (DSA-4307).

* Bugfixes
- Make Thunderbird translated in non-English locales via
intl.locale.requested, which works correctly since 60.0-3
(Closes: #15942).
- Totem: backport AppArmor profile fix to allow opening the help
(Closes: #15841)
- Remove mutt, that was accidentally installed in 3.9 (Closes: #15904).
- Fix VeraCrypt volumes not being opened in GNOME Files (Closes: #15954).
- Fix displaying the "General" section in the Tor Browser preferences
(Closes: #15917).
- Fix APT pinning at Tails runtime for our custom APT repository
and for Debian backports (Closes: #15837, #15973).

* Minor improvements and updates
- Upgrade tor to 0.3.4.8-1~d90.stretch+1 (Closes: #15889).

[close]

https://tails.boum.org/

Titel: Tails 3.10.1
Beitrag von: SiLæncer am 24 Oktober, 2018, 13:30

Changelog

tails (3.10.1) unstable; urgency=medium

* Declare that Enigmail is compatible with Thunderbird 60.*.

-- Tails developers <tails@boum.org> Tue, 23 Oct 2018 01:30:00 +0200

tails (3.10) unstable; urgency=medium

* Security fixes
- Harden sudo config to avoid potential future privilege escalation
(Closes: #15829).
- Upgrade Linux to 4.18 and aufs to 4.18-20181008 (Closes: #15936).
- Upgrade the snapshot of the Debian archive to 2018100901 accordingly.
- Upgrade Tor Browser to 8.0.3-build1 (Closes: #16067).
- Upgrade Thunderbird to 60.2.1 (Closes: #16037).

* Bugfixes
- Fix installation of mesa/stretch-backports by installing libwayland*
from stretch-backports (Closes: #15846).
- Tor Browser AppArmor profile patch: update to apply cleanly on top
of torbrowser-launcher 0.2.9-5.
- Additional Software: fix issues spotted during the code review
(Closes: #15838).
- Additional Software: make sure to offer persistence only for newly
installed packages, avoiding inconsistency (Closes: #15983).
- Improve button labels in confirmation dialogs of the Tails installer
(Closes: #11501).
- Hardcode User Agent in htpdate.user-agent (Closes: #15912), as the
Tor Browser doesn't expose it anymore.
- Fix encoding-related crashes in Tails Installer (Closes: #15166).
- Set the Firefox preferences to spoof English, to avoid leaking
information about locale settings (Closes: #16029).
- VeraCrypt: Hide PIM entries in GNOME Shell and Disks, since a newer
cryptsetup would be needed (Closes: #16031).
- VeraCrypt: Fix support for multiple encryption, by iterating over
all children in the device-mapper tree (Closes: #15967).
- Update translations.

* Minor improvements and updates
- Add dmsetup and losetup output in WhisperBack reports to help debug
VeraCrypt-related issues (Closes: #15966).
- Let AppArmor allow access to /usr/local/share/mime, reducing noise
in logs due to many DENIED entries (Closes: #15965).
- Use proper stem.connection module in onion-grater instead of trying
to read the auth cookie manually: that's fragile and breaks some use
cases (e.g. custom auth cookie).
- Unlock VeraCrypt Volumes: Improve internationalization support.

* Test suite
- Ensure the test suite doesn't break when changing the headline of
/home (Closes: #12156).
- Update test suite for updated button labels in confirmation dialogs
of the Tails installer (Closes: #11501).

[close]

https://tails.boum.org/

Titel: Tails 3.11
Beitrag von: SiLæncer am 12 Dezember, 2018, 06:00

Changelog

* Security fixes
- Upgrade Tor Browser to 8.0.4-build2 (Closes: #16193).
- Upgrade Thunderbird to 60.3.0-1~deb9u1.0tails1 (Closes: #16118).
- Thunderbird: unconditionally disable Autocrypt, as it is not safe in
its current state (See: #15923, Closes: #16186).
- Upgrade Linux to 4.18.20 and aufs to 4.18.11+-20181119
(Closes: #16145).
- Upgrade cURL to 7.52.1-5+deb9u8 (DSA-4331).
- Upgrade Ghostscript to 9.26~dfsg-0+deb9u1 (DSA-4336, DSA-4346).
- Upgrade Perl to 5.24.1-3+deb9u5 (DSA-4347).
- Upgrade Policykit to 0.105-18+deb9u1 (DSA-4350).
- Upgrade Samba to 2:4.5.12+dfsg-2+deb9u4 (DSA-4345).
- Upgrade OpenSSL to 1.1.0j-1~deb9u1 (DSA-4348).
- Upgrade libtiff to 4.0.8-2+deb9u4 (DSA-4349).

* Bugfixes
- Tails Upgrader:
· Improve support for incremental upgrades to avoid issues with
partially applied upgrades (Closes: #14754).
· Add a prompt after the IUK has been downloaded so the user can
control when the network will be disabled; previously this was
done without users having a say, possibly leading to confusion and
lost work (Closes: #15282).
- Thunderbird: always set locale according to environment (Closes: #16113).

* Minor improvements and updates
- Remove packages which were needed for getTorBrowserUserAgent
(Closes: #16024).
- Fix persistence configuration window opening on full screen
(Closes: #15894).
- Time sync: don't temporarily increase tor's log level when using
bridges/PTs (Closes: #15743).
- Warn about non-free software depending on the host operating system
and/or virtualization stack (Closes: #16195).

* Build system
- Create USB image after building the ISO, and include it in build
artifacts (Closes: #15984, #15985, #15990).
- Release process: adapt to IDF v2 (Closes: #16171).

* Test suite
- Add new Using "VeraCrypt encrypted volumes" feature, with scenarios
split into two parts: "Unlock VeraCrypt Volumes" and "GNOME Disks"
(Closes: #14469, #14471, #15238, #15239).
- Reintroduce "Clock is one day in the future in bridge mode" test
(Closes: #15743).
- Make starting apps via GNOME Activities Overview more robust
(Closes: #13469).
- Check for "Upgrading the system" and adjust to "Upgrade successfully
downloaded" new UI (See: #14754, #15282).

[close]

https://tails.boum.org/

Titel: Tails 3.12 RC 1
Beitrag von: SiLæncer am 21 Januar, 2019, 21:00

Changelog

* Major changes
- Make the USB image the main supported way to install Tails (refs: #15292).
On first boot, grow the system partition to a size that's a factor
of the size of the boot medium and randomize GUIDs (Closes: #15319).
- Upgrade Linux to 4.19, version 4.19.13-1 (Closes: #16073, #16224).
Fixes CVE-2018-19985, CVE-2018-19406, CVE-2018-16862, CVE-2018-18397,
CVE-2018-18397, CVE-2018-18397, CVE-2018-18397, CVE-2018-19824,
CVE-2018-14625.
- Remove Liferea (Closes: #11082, #15776).
- Upgrade to the Debian Stretch 9.6 point-release.

* Security fixes
- Upgrade Thunderbird to 60.4.0 (DSA-4362-1; Closes: #16261).
- Upgrade OpenSSL to 1.0.2q-1~deb9u1 (DSA-4355-1).
- Upgrade libarchive to 3.2.2-2+deb9u1 (DSA-4360-1).
- Upgrade GnuTLS to 3.5.8-5+deb9u4 (CVE-2018-10844, CVE-2018-10845).
- Upgrade libgd3 to 2.2.4-2+deb9u3 (CVE-2018-1000222, CVE-2018-5711).
- Upgrade libmspack to 0.5-1+deb9u3 (CVE-2018-18584, CVE-2018-18585).
- Upgrade libopenmpt to 0.2.7386~beta20.3-3+deb9u3 (CVE-2018-10017).
- Upgrade libx11 to 2:1.6.4-3+deb9u1 (CVE-2018-14598, CVE-2018-14599,
CVE-2018-14600).
- Upgrade libxcursor to 1:1.1.14-1+deb9u2 (CVE-2015-9262).
- Upgrade NetworkManager to 1.6.2-3+deb9u2+0.tails1 (CVE-2018-15688).
- Upgrade wpa to 2:2.4-1+deb9u2 (CVE-2018-14526).
- Upgrade zeromq3 to 4.2.1-4+deb9u1 (CVE-2019-6250).

* Bugfixes
- Fix Totem's access to the Internet when it's started from the Applications
menu.
- Rename HTP pools to avoid confusion (Closes: #15428).
- Fix memory erasure on shutdown with systemd v239+, by mounting
a dedicated tmpfs on /run/initramfs instead of trying to remount /run
with the "exec" option (Closes: #16097).
- Make the KeePassX wrapper dialog translatable.
- Fix detection of first Thunderbird run.

* Minor improvements and updates
- Upgrade tor to 0.3.4.9-1~d90.stretch+1.
- Upgrade Mesa to 18.2.6-1~bpo9+1, libdrm to 2.4.95-1~bpo9+1,
and libglvnd to 1.1.0-1~bpo9+1.
- Upgrade firmware-linux and firmware-nonfree to 20190114-1.
- Upgrade amd64-microcode to 3.20181128.1.
- Upgrade intel-microcode to 3.20180807a.2~bpo9+1.
- Remove the boot readahead feature (Closes: #15915).
In most supported use cases, it did not improve boot time anymore,
or even increases it.
- Require TLS 1.2 in our Upgrader and tails-security-check (Closes: 11815).
- Enable O_CREAT restriction in /tmp directories for FIFOs and regular
files (Closes: #16072).
- Upgrade systemd to 240-4~bpo9+0tails1 (Closes: #16352).
Fixes CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866.
- Upgrade Enigmail to 2.0.8-5~deb9u1 (Closes: #15657).
- Upgrade Torbirdy to 0.2.6-1~bpo9+1 (Closes: #15661).
- Modify Torbirdy configuration in a way that's easier to maintain.
- Tell the user they need to use sudo when they attempt to use su
(Closes: #15583).

* Build system
- Make the build of the USB image reproducible (Closes: #15985).
- Allow specifying which set of APT snapshots shall be used during
the build, with the APT_SNAPSHOTS_SERIALS build option (Closes: #15107).
- Fix more GIDs and display more information when changing UIDs or GIDs
fails (Closes: #16036).
- Remove obsolete patches, refresh remaining ones to apply on top
of currently installed packages version.
- Disable irrelevant recurring jobs in Vagrant build box (refs: #16177)
that increase the chance of FTBFS due to mksquashfs being reaped
by the OOM killer.
- Adjust for recent GnuPG error'ing out when it has no controlling terminal.

* Test suite
- Adjust test suite for USB image:
- Add tests that exercise behavior on first boot from a device
installed using the USB image (Closes: #16003).
- Drop tests for use cases we don't support anymore with the introduction
of the USB image (refs: #16004).
- Adjust remaining tests to focus on main supported use cases,
i.e. Tails installed from a USB image (refs: #16004.
- In scenarios where we simulate MAC spoofing failure, test safety-critical
properties even if the desktop notification is buggy (refs: #10774).
- Update expected title for our Redmine (Closes: #16237).
- Update expected image for OpenPGP key search.

[close]

https://tails.boum.org/

Titel: Tails 3.12 Final
Beitrag von: SiLæncer am 30 Januar, 2019, 06:00

Release Notes

Changes

New features

New installation methods

The biggest news for 3.12 is that we completely changed the installation methods for Tails.

In short, instead of downloading an ISO image (a format originally designed for CDs), you now download Tails as a USB image: an image of the data as it needs to be written to the USB stick.

For macOS, the new method is much simpler as it uses a graphical tool (Etcher) instead of the command line.

For Windows, the new method is much faster as it doesn't require 2 USB sticks and an intermediary Tails anymore. The resulting USB stick also works better on newer computers with UEFI.

For Debian and Ubuntu, the new method uses a native application (GNOME Disks) and you don't have to install Tails Installer anymore.

For other Linux distributions, the new method is faster as it doesn't require 2 USB sticks and an intermediary Tails anymore.

We are still providing ISO images for people using DVDs or virtual machines.

The methods for upgrading Tails remain the same.

Upgrades and changes

Starting Tails should be a bit faster on most machines. (#15915)

Tell users to use sudo when they try to use su on the command line.

Included software

Update Linux to 4.19. Update Intel and AMD microcodes and most firmware packages. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Remove Liferea, as announced in Tails 3.9.

Update Tor Browser to 8.0.5.

Update Thunderbird to 60.4.0.

Fixed problems

Fix the black screen when starting Tails with some Intel graphics cards. (#16224)

For more details, read our changelog.

Known issues

See also the list of long-standing issues.
Tails fails to start a second time on some computers (#16389)

On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

We are still investigating the issue, so if it happens to you, please report your findings by email to tails-testers@boum.org. Mention the model of the computer and the USB stick. This mailing list is archived publicly.

To fix this issue:

Reinstall your USB stick using the same installation method.

Start Tails for the first time and set up an administration password.

Choose Applications ▸ System Tools ▸ Root Terminal to open a Root Terminal.

Execute the following command:

sgdisk --recompute-chs /dev/bilibop

You can also test an experimental image:

Download the .img file from our development server.

Install it using the same installation methods.

We don't provide any OpenPGP signature or other verification technique for this test image. Please only use it for testing.

[close]

https://tails.boum.org/

Titel: Tails 3.12.1
Beitrag von: SiLæncer am 13 Februar, 2019, 20:00

Changelog

* Security fixes

- Upgrade Tor Browser to 8.0.6 (MFSA-2019-04; Closes: #16437).
- Upgrade LibreOffice to 1:5.2.7-1+deb9u5 (DSA-4381).
- Upgrade cURL to 7.52.1-5+deb9u9 (DSA-4386).
- Upgrade Qt 5 to 5.7.1+dfsg-3+deb9u1 (DSA-4374).
- Upgrade OpenSSH to 1:7.4p1-10+deb9u5 (DSA-4387).

[close]

https://tails.boum.org/

Titel: Tails 3.13
Beitrag von: SiLæncer am 20 März, 2019, 05:30

Changelog

* Major changes
- Upgrade Linux to 4.19.28-1 (Closes: #16390, #16469, #16552).
- Upgrade Tor Browser to 8.0.7 (Closes: #16559).
- Upgrade Thunderbird to 65.1.0 (Closes: #16422).

* Security fixes
- Upgrade LDB to 2:1.1.27-1+deb9u1 (DSA-4397-1).
- Upgrade OpenJPEG to 2.1.2-1.1+deb9u3 (DSA-4405-1).
- Upgrade OpenSSL 1.0 to 1.0.2r-1~deb9u1 (DSA-4400-1).
- Upgrade OpenSSH to 1:7.4p1-10+deb9u6 (DSA-4387-2).

* Bugfixes
- Upgrade tor to 0.3.5.8-1~d90.stretch+1 (Closes: #16348).
- Ensure Additional Software doesn't try to download packages that are
in persistent cache (Closes: #15957).
- Improve chances of recovering a lost persistence configuration
(Closes: #10976).
- Tor Launcher: add langpacks to enable localization again
(Closes: #16338).
- Migrate away from buggy Chinese input method: switch from ibus-pinyin
to ibus-libpinyin + ibus-chewing (Closes: #11292).
- Fix crash in Whisperback when additional persistent APT repositories
are configured (Closes: #16563).
- Give visual feedback while starting Whisperback (Closes: #16333).

* Minor improvements and updates
- Add feedback when opening VeraCrypt Mounter (Closes: #16334).
- Improve consistency in Additional Software's accessibility
(Closes: #16110).
- Fix missing accessibility support when opening a browser from a
notification (Closes: #16475).
- Refresh ublock-origin patch to apply cleanly on top of 1.18.4+dfsg-1
(Closes: #16451)
- Upgrade intel-microcode to 3.20180807a.2~deb9u1.
Fixes CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-3639,
CVE-2018-3640, CVE-2017-5753, CVE-2017-5754.

* Build system
- Lower memory requirements when building Tails by limiting the memory
used by mksquashfs to 512M (Closes: #16177).
- Remove obsolete check on Thunderbird addons (Closes: #16045).
- Update Tails' APT GnuPG key expiration (Closes: #16420).
- Optimize Git operations (share resources, fetch only the needed
objects).
- Clone submodules from the host's local repositories (Closes: #16476).
- Drop useless manual initramfs update (Closes: #16452).
- Add a sanity check on the size of the initramfs (Closes: #16452).

* Test suite
- Add automated tests for Additional Software GUI (Closes: #14576,
#14596).
- Add automated tests on the backup persistence configuration
(Closes: #16461).
- Adjust test for Thunderbird 60.5.1 (Closes: #16555).

[close]

https://tails.boum.org/

Titel: Tails 3.13.1
Beitrag von: SiLæncer am 23 März, 2019, 20:00

Whats new:>>

Security fixes

- Upgrade Tor Browser to 8.0.8 (Closes: #16606, MFSA-2019-10).
- Upgrade NTFS-3G to 1:2016.2.22AR.1+dfsg-1+deb9u1 (DSA-4413-1).

https://tails.boum.org/

Titel: Tails 3.13.2
Beitrag von: SiLæncer am 06 Mai, 2019, 19:00

Changelog

* Major changes
- Replace all locale-specific fonts and standard X.Org fonts with
the Noto fonts collection (Closes: #9956).
- Install localization support packages for all tier-1 supported languages,
and only those (Closes: #15807). Current tier-1 supported languages are:
Arabic, German, English, Spanish, Farsi, French, Italian, Portuguese
(Brazil), Russian, Turkish, Simplified Chinese, Hindi, Indonesian.
- Disable the TopIcons GNOME Shell extension (Closes: #16608).
This extension causes crashes (#11188), does not work on Wayland
(#8309, #12213) so long-term, we need to remove it anyway.
In order to learn how much our users rely on this extension and
on OpenPGP Applet, let's disable this extension for one Tails release.
While TopIcons is disabled (by default):
· Users can still use OpenPGP Applet via the system tray in the bottom
left corner of the desktop.
· Users who do need TopIcons for other reasons can enable it again
with 1 command line.

* Security fixes
- Upgrade Tor Browser to 8.0.9 (Closes: #16694).
- Upgrade to Debian Stretch 9.9 (Closes: #16670).
- Upgrade Thunderbird to 60.6.1 (Closes: #16641).

* Bugfixes
- Fix Thunderbird account setup wizard (Closes: #16573).
- Display poweroff and reboot buttons even when locked (Closes: #15640).
- Disable emergency shutdown during suspend (Closes: #11729).
- Provide feedback while starting Onion Circuits (Closes: #16350).
- Associate .key files with Seahorse (Closes: #15213).
This partially fixes importing OpenPGP keys from GNOME Files.
- Don't show spurious notification about "TailsData" while setting
up a persistent volume (Closes: #16632).

* Minor improvements and updates
- Add a suspend button to status-menu-helper (Closes: #14556).
- status-menu-helper: clean up and refactor.
- Drop CSS hacks for the uBlock log window (Closes: #16206).
- Polish 04-change-gids-and-uids code style (Closes: #16322).
- Create persistence.conf backup in a more robust manner (Closes: #16568).
- Make the WhisperBack .desktop file translatable in Transifex
(Closes: #6486).

* Build system
- Don't fail the build if Tor Browser supports new locales that we don't ship
a spellchecking dictionary for (#15807).
- Fix apt-cacher-ng cache shrinking (Closes: #16020).
- Remove obsolete usr.bin.onioncircuits AppArmor profile (Closes: #12170).
All Tails current branches now install onioncircuits 0.6-0.0tails1,
which ships a more current AppArmor profile than the one we
have in our own Git tree.
- Install Electrum from sid (Closes: #16642).
- Avoid new "render" group stealing a GID we have already statically
allocated to another group (Closes: #16649).

* Test suite
- Disable tests about notifications in case of MAC spoofing failure:
we have a well-known bug here and these tests do nothing but confirm
it again and again, which brings no value and has a cost (#10774).
- Clarify what WebM scenarios are fragile (#10442).
- Avoid zombies by waiting for killed child processes to exit (#14948).

[close]

https://tails.boum.org/

Titel: Tails 3.14
Beitrag von: SiLæncer am 21 Mai, 2019, 20:00

Changelog

* Security fixes
- Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
- Enable all available mitigations for the Microarchitectural Data
Sampling (MDS) attacks and disable SMT on vulnerable CPUs
(Closes: #16720).
- Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).

* Bugfixes
- Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
The version in sid now displays a warning and exits, while 3.2.3-1 is
still usable, in the rare cases when it manages to connect to the
network, despite being affected by problematic phishing attacks which
will only be solved once the package in Debian is updated to a newer
upstream version.

* Build system
- Bump APT snapshot of the 'debian' archive to 2019051601, needed for
the MDS mitigations.
- Don't install the firmware-linux and firmware-linux-nonfree
metapackages, as packages they pulled are already listed explicitly
and one might run into version-related issues (Closes: #16708).

* Minor improvements and updates
- Remove some packages from the Tails image as their use is not
widespread while consuming space for everyone. They can still be
installed and upgraded through Additional Software (Closes: #15291).
This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
pdf-redact-tools, pwgen, traverso, and ssss.
- Fix missing translations in the Greeter (Closes: #13438).
- Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
- Port fillram to Python 3 (Closes: #15845).
- Enable localization for new locales introduced in Tor Browser 8.5
(Closes: #16637).
- Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
- Improve internationalization of the Unlock VeraCrypt Volumes
component (Closes: #16602).

* Test suite
- Make tails-security-check's SOCKS port test work when there's a live
security advisory (Closes: #16701).
- Make terminology more consistent.

[close]

https://tails.boum.org/

Titel: Tails 3.14.1
Beitrag von: SiLæncer am 20 Juni, 2019, 20:00

Changelog

* Security fixes
- Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
- Upgrade Thunderbird to 60.7.0 (Closes: #16742).
- Upgraded Linux to 4.19.37-4 (Closes: #16823).

* Bugfixes
- Only probe for partitions on the boot device when setting up
TailsData. Without arguments partprobe will scan all devices,
and if it encounters a device it doesn't support (e.g. fake
raid-0 arrays) it will return non-zero, thus aborting Tails'
partitioning script, resulting in an unbootable install
(Details: #16389).

* Minor improvements and updates
- Upgrade tor to 0.4.0.5-1~d90.stretch+1, the first stable
candidate in the 0.4.0.x series (Closes: #16687).
- Completely disable IPv6 except for the loopback interface. We
attempt to completely block it on the netfilter level but we
have seen ICMPv6 "leaks" any way (related to Router
Solicitation, see: #16148) so let's just disable it. We keep
enabled on the loopback interface since some services depends on
::1 being up.
- create-usb-image-from-iso: Use syslinux from chroot. We used the
syslinux from the vagrant box before, which caused issues with
when building Tails/Buster with a Stretch vagrant box and then
cloning the image via Tails Installer with syslinux from Buster
(Closes: #16748).
- Set Tor Browser's homepage to https://tails.boum.org/home/testing/
if building anything but a stable release. This page explains the
dangers of using a non-stable release. (Closes: #12003)

* Build system
- auto/{build,config}:
* consistently use fatal() to error out, and prefix its message
with "E: " to help distinguish them from the noise produced by
tools we call etc.
* Similarly, also prefix informational message with "I: ".
* drop support for GnuPG 1.x.
* clone more build output to the log file.
* Drop obsolete check for syslinux version. This version
requirement is satisfied by Jessie and it is doubtful Tails
would build in anything older.
* auto/build: drop a few checks for conditions that are already
satisfied in the supported build environments.
- Revert "Build system: try to be smart again by fetching only the
refs we need." This optimization overrides the trick we have on
Jenkins (set_origin_base_branch_head in
https://git.tails.boum.org/jenkins-jobs/tree/macros/builders.yaml),
that ensures that a reproducibly_build_Tails_ISO_* job builds
from the commit used by the first build. (Closes: #16730)

* Test suite
- Fix mistake with execute() vs spawn() when starting the upgrader.
- Don't filter during pcap capture, instead let's just apply the
same filtering when we are inspecting the pcap files. This way
any pcap file saved on failure will include the full capture,
and not just the packets sent by the system under testing, which
sometimes makes it hard to understand what is going on.
- Also include the content of /var/log/tor/log in $scenario.tor
when tor failed to bootstrap (refs: #16793)
- Don't flood the debug logger with tor@default's journal
contents.
- Power off system under testing after scenario. Until now we have
relied on either one of the generated "snapshot restore" steps
or the "[Given] a computer" step to implicitly stop the old VM
when we move on to a new scenario. That meant the old VM was
still running during the new scenarios @Before@ hooks. If the
new scenario is tagged @check_tor_leaks that means we start its
sniffer while the old VM is still running, possibly sending
packets that then affect the new scenario. That would explain
some myserious "Unexpected connections were made" failures we
have seen (Closes: #11521).
- Only accept IP(v6)/ARP during DHCP check.

[close]

https://tails.boum.org/

Titel: Tails 3.14.2
Beitrag von: SiLæncer am 24 Juni, 2019, 19:00

Whats new:>>

* Security fixes
- Upgrade Tor Browser to 8.5.3 (Closes: #16835).

* Bugfixes
- tails-screen-locker: Don't use dim-label style class
(Closes: #16802).

https://tails.boum.org/

Titel: Tails 3.15
Beitrag von: SiLæncer am 10 Juli, 2019, 06:00

Whats new:>>

Changes and upgrades

Update Tor Browser to 8.5.4.
Update Thunderbird to 60.7.2.

Fixed problems

Fix Tails failing to start a second time on some computers. (#16389)
Display an error message in the Unlock VeraCrypt Volumes utility when closing a volume fails because the volume is being used. (#15794)
Fix starting Tails through the Heads boot firmware. (Heads #581)

https://tails.boum.org/

Titel: Tails 4.0 Beta 1
Beitrag von: SiLæncer am 16 August, 2019, 20:00

Changhelog

Replace KeePassX with KeePassXC. (#15297)
Add support for Thunderbolt devices. (#5463)
If you have a Thunderbolt device, please try using it.
Choose Devices ▸ Thunderbolt from the Settings utility to authorize your Thunderbolt devices, if needed.
See also the design document on Thunderbolt 3 in Fedora 28 to see how Thunderbolt is integrated in GNOME.
Remove Scribus. (#16290)
You can install Scribus again using the Additional Software feature.
Remove LibreOffice Math. (#16911)
You can install LibreOffice Math again using the Additional Software feature.
Allow opening persistent volumes from other Tails USB sticks. (#16789)
Display OpenPGP Applet on the left of the Tor status icon. (#14796)
Add the Files browser to the list of favorite applications. (#16799)
Change the background of the boot menu. (#16837)
Use the default bookmarks from Tor Browser instead of our own default bookmarks. (#15895)
Remove the Home launcher from the desktop. (#16799)
Remove the default accounts in Pidgin. (#16744)

[close]

https://tails.boum.org/

Titel: Tails 3.16
Beitrag von: SiLæncer am 05 September, 2019, 14:00

Changhelog

* Major changes
- Upgrade Tor Browser to 8.5.5 (Closes: #16692).

* Security fixes
- Install Linux kernel from the Buster security repository (Closes: #16970).
The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
release. Let's instead track Buster (+ security) for the time being.
- Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
- Upgrade Thunderbird to 60.8 (DSA-4482-1).
- Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
- Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
- Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).

* Bugfixes
- Additional software: Improve/fix support for translations (Closes: #16601).
- Rework the implementation for hiding TailsData partitions (Closes: #16789).
- Adjust how tordate determines whether the clock is in a valid range,
fixing issues with obfs4 (Closes: #16972).

* Minor improvements and updates
- Ship default upstream Tor Browser bookmarks, and remove our predefined
bookmarks (Closes: #15895).
- Hide the security level button in the unsafe browser (Closes: #16735).
- Remove pre-generated Pidgin accounts (Closes: #16744).
- Remove LibreOffice Math (Closes: #16911).
- Website: Make sandbox page translatable (Closes: #16873).
- Website: Only scrub HTML on blueprints (Closes: #16901).
- Website: Point history & diff URLs to Salsa.

* Build system
- Bump APT snapshot of the torproject archive to 2019073103, and drop
tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
- Bump APT snapshot of the Debian archive to 2019080801 to get fixed
firmware packages from sid instead of sticking to those from
stretch-backports (Closes: #16728).
- Enable the buster APT repository and install some packages from there:
hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
- Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
Browser AppArmor profile accordingly (Closes: #16858).
- Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
0.3.2-1 (Closes: #16941).

* Test suite
- Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
- Adjust both locale handling and reference pictures for the Unsafe
Browser homepage (Closes: #17004).
- Fix "Watching a WebM video over HTTPS" scenario on Jenkins
(Closes: #10442).
- Tag "Watching a WebM video" as fragile.
- Make @check_tor_leaks more verbose (See: #10442).
- Remove broken Electrum scenario since Electrum support is currently
missing (Closes: #16421).

[close]

https://tails.boum.org/

Titel: Tails 4.0 RC1
Beitrag von: SiLæncer am 12 Oktober, 2019, 10:00

Changelog

Major changes to included software:

Update Tor Browser to 9.0a7, based on Firefox 68.1.0esr.
Update Electrum to 3.3.8, which works with the current Bitcoin network.
Update Linux to 5.3.2.
Update tor to 0.4.1.6.

Usability improvements to Tails Greeter:

We improved various aspects of the usability of Tails Greeter, especially for non-English users.
To make it easier to select a language, we curated the list of proposed languages by removing the ones that had too little translations to be useful.
We also simplified the list of keyboard layouts.
We fixed the Formats setting, which was not being applied.
We prevented additional settings to be applied when clicking on Cancel or Back.

Fixed problems:

Fix the delivery of WhisperBack reports. (#17110)
Dozens of other problems — literally.

[close]

https://tails.boum.org/

Titel: Tails 4.0 Final
Beitrag von: SiLæncer am 22 Oktober, 2019, 19:00

Release Notes: https://tails.boum.org/news/version_4.0/index.de.html

https://tails.boum.org/

Titel: Tails 4.1
Beitrag von: SiLæncer am 03 Dezember, 2019, 22:00

Changelog

* Major changes
- Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
(MFSA-2019-37).
- Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).
- Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.

* Security fixes
- Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).
- Disable unprivileged userfaultfd syscall (Closes: #17196).
- Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).
- Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).
- Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)
- Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
CVE-2019-0117).
- Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).
- Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).
- Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).
- Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
CVE-2019-17595).
- Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
CVE-2019-9947).
- Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).
- Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).
- Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).

* Bugfixes
- Remove TorBirdy (Closes: #17219, #17269).
- Use keys.openpgp.org's Onion service as the default keyserver
(Closes: #12689, #14770).
- Fix ordering of GTK bookmarks setup vs. Tor Browser directories
creation (Closes: #17206).
- Bring back the "Show Passphrase" button in the Greeter
(Closes: #17177).
- Bring back "Open in Terminal" entry in the GNOME Files context menu
(Closes: #17186).
- Revert "Browsers: disable the Quantum Bar." (Closes: #17143).
- Revert "Hide all Tor connection-related settings in
about:preferences in all browsers" (Closes: #17214).
- Wait until Tor has bootstrapped before we try to upgrade Additional
Software (Closes: #17203).
- Fix the "GDM failed to start" splash screen functionality
(Closes: #17200).

* Minor improvements and updates
- htpdate: stop sending User-Agent that fakes Tor Browser
(Closes: #12023).
- HTP: replace encrypted.google.com with www.google.com.
- Remove signal handler from Greeter UI file (Closes: #17240).
- Upgrade AMD microcode to 3.20191021.1.
- Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1
(Debian#907999).

* Build system
- Update Vagrant box to Buster (Closes: #16868).
- Adjust to timedatectl's output on Buster.
- Adjust to Buster's debootstrap.
- Vagrant: ensure the chroot has a /proc filesystem while running
postinstall.sh
- Vagrant: install po4a from Stretch in the basebox.
- build-tails: wait for NTP to be disabled before setting the desired
date.
- Bump APT snapshot of the Debian archive to 2019111801, including the
10.2 point release of Buster (Closes: #17124, #17021).
- Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
(Closes: #17161).

* Test suite
- Ensure we don't break tests by opening the Applications menu in
post_vm_start_hook (Closes: #17164).
- Improve GnuPG testing (Closes: #12689):
· Switch to using sajolida's key.
· Start adjusting for keys.openpgp.org.
· Make the "GnuPG's dirmngr uses the configured keyserver" step
actually test what it is meant to.
· Make error strings better reflect what failure they are about.
· Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
infrastructure.
- Ensure dirmngr picks up the changes we make to its configuration.
- Switch backend keyservers (Closes: #14770).
- Don't leave redir(1) processes behind (Closes: #14948).
- Update image for Buster (Closes: #14770).
- Update fragility status of Seahorse scenarios.
- Avoid multiple instances of tcpdump writing to the same file,
resulting in an unparsable network capture (Closes: #17102).
- Update for Thunderbird 68 (Closes: #17269).

* Documentation:
- Remove or adapt mentions to Tails Installer as only installation
method (Closes: #17204).
- Add a warning about which Tails to run rsync from (Closes: #17197).

-- Tails developers <tails@boum.org> Mon, 02 Dec 2019 22:23:35 +0100

[close]

https://tails.boum.org/

Titel: Tails 4.1.1
Beitrag von: SiLæncer am 17 Dezember, 2019, 15:00

Changelog

* Bugfixes
- Drop all network drivers from the initramfs to shrink its size
drastically. Going over the 32 MiB mark might be the reason why so
many Apple machines can't boot 4.1 while they could boot 4.0
(Closes: #17320).
- Only allow up to (but excluding) 32 MiB for initramfs accordingly.

* Minor improvements and updates
- Fix escape sequence in tails-gdm-failed-to-start.service, to avoid a
warning message (Closes: #17166).

[close]

https://tails.boum.org/

Titel: Tails 4.2
Beitrag von: SiLæncer am 08 Januar, 2020, 06:00

Changelog

* Major changes
- Switch to a redesigned upgrade system (Closes: #15281), which:
- removes the need for manual upgrades caused by lack of disk space
on the Tails device
- uses less RAM
- Bump snapshot of the Debian archive to 2019122802

* Security fixes
- Upgrade Tor Browser to 9.0.3 (Closes: #17402)
- Upgrade Linux to 5.3.15-1 (Closes: #17332)
and upgrade the aufs module to 5.3-20191223
- Upgrade Thunderbird to 1:68.3.0-2~deb10u1
- Upgrade libsasl2 to 2.1.27+dfsg-1+deb10u1
- Upgrade python3-ecdsa to 0.13-3+deb10u1

* Bugfixes
- KeePassXC:
- Open ~/Persistent/keepassx.kdbx by default again (Closes: #17212)
- Open the database specified by the user on the command-line, if any
- Fix database renaming prompt
- Upgrader:
- Ensure debugging info lands in the Journal before we refer to it
- Catch more download errors
- Upgrade amd64-microcode to 3.20191218.1, which removes firmware
updates that cause issues

* Minor improvements and updates
- Add metadata analysis tools used by SecureDrop (Closes: #17178)
- Refresh the signing key before checking for available upgrades
(Closes: #15279)
- Port the Upgrader and perl5lib to a set of dependencies that are
faster and have a lower memory footprint (Closes: #17152)
- Ensure IUKs don't include files of our website if their content
has not changed (refs: #15290)
- Zero heap memory at allocation time and at free time (Closes: #17236)

* Build system
- Import the Upgrader and perl5lib codebases into tails.git
(part of #7036)
- lint_po: ignore pre-existing rply cache file that can cause
trouble if it's corrupted (Closes: #17359)
- Move generate-languages-list to auto/scripts
- import-translations: work around the lack of usable branches
in Tor's translation.git (Closes: #17279)
- Build released IUKs on Jenkins and verify that they match
those built locally by the Release Manager (Closes: #15287)
- Don't download every localized Tor Browser tarball: instead,
use the new tarball that includes every langpacks (Closes: #17400)

* Test suite
- Adapt for the "one single SquashFS diff" upgrade scheme
- Chutney: update to upstream 33cbff7fc73aa51a785197c5f4afa5a91d81de9c
(Closes: #16792)
- Fix tagging of Chutney exit relays and bridge authorities
- Tag Chutney clients as such
- Wait for all Chutney nodes to have bootstrapped before assuming
the simulated Tor network is ready
- Don't try to save tor control sockets as artifacts
- Add a crude script to generate IUKs for our test suite

[close]

https://tails.boum.org/

Titel: Tails 4.2.2
Beitrag von: SiLæncer am 14 Januar, 2020, 14:00

Changelog

* Major changes
- Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)

* Bugfixes
- Avoid the Upgrader proposing to upgrade to the version
that's already running (Closes: #17425)
- Avoid 2 minutes delay while rebooting after applying an automatic
upgrade (Closes: #17026)
- Make Thunderbird support TLS 1.3 (Closes: #17333)

* Build system
- IUK generation: don't make all files in the SquashFS diff
owned by root, otherwise an upgraded system cannot start
(Closes: #17422)

[close]

https://tails.boum.org/

Titel: Tails 4.3
Beitrag von: SiLæncer am 11 Februar, 2020, 21:00

Changelog

* Security fixes
- Upgrade Tor Browser to 9.0.5-build2 (Closes: #17469).
- Update Linux kernel to linux-image-5.4.0-3-amd64, currently at
5.4.13-1 (Closes: #17443).
- Upgrade Thunderbird to 1:68.4.1-1~deb10u1

* Bugfixes
- live-persist: don't backup empty configuration files (Closes:
#17112). In some cases, the previous code would overwrite a
non-empty backup file with an empty one, making it harder to
recover from the already painful #10976.
- create-usb-image-from-iso: Run syslinux within proper chroot
(Closes: #17179). Previously we ran syslinux from the host,
which can lead to bugs if its versions differs from the one
inside the chroot (which is what Tails will use later). Thanks
to Johan Blåbäck for the patch!
- Tails Upgrader: Fix progress bar not pulsating and hide useless
OK button (Closes: #16603).

* Minor improvements and updates
- Upgrade tor to 0.4.2.6 (Closes: #17059).
- Install the trezor package, which adds a command-line (only)
tool for managing Trezor devices (Closes: #17463). Thanks to
Pavol Rusnak for the patch!
- As a consequence of the Linux kernel upgrade we also:
* Upgrade aufs to 5.4.3 20200127.
* Install VirtualBox guest tools and kernel modules from sid.

* Build system
- Upgrade snapshot of the Debian archive to 2020020302, including
the 10.3 point release of Debian Buster (Closes: #17458).
- Add opt-in caching of the wiki (Closes: #15342).
- Use mksquashfs' -no-exports option even when the fastcomp build
option is set. "fastcomp" is supposed to only tweak SquashFS
compression settings, but so far it was also disabling the
-no-exports option that we set for our release builds.
- Drop a bunch of packages installed for ikiwiki for various
(obsoloete) resons:
* libfile-chdir-perl, libyaml-perl and libxml-simple-perl which
was needed back when we built our own ikiwiki from Git… a
looong time ago.
* libtext-multimarkdown-perl used multimarkdown ikiwiki which
its doubtful we ever will use.
* libhtml-scrubber-perl, libhtml-template-perl,
libhtml-parser-perl, libyaml-libyaml-perl and liburi-perl
which are already installed as ikiwiki dependencies.
- Install libimage-magick-perl instead of the perlmagick
transitional package.
- Don't install obsolete dependencies whois and eatmydata.
- Consistently validate individual build options as we parse them.
This is consistent with how we handled "fastcomp" already. Only
compatibility checks between multiple build options really need
to happen later, once we've parsed all build options.
- Remove 5 years old transition code
- Fully provision the Vagrant box every time it starts, and
partially re-provision it for every build.
- Behave correctly when disabling a previously set "offline" or
"vmproxy+extproxy" build option. Previously, setting one of
these build options *once* would taint the Vagrant box forever
with the resulting apt-cacher-ng configuration.
- Shrink the apt-cacher-ng cache after a successful build too
(Closes: #17288).
- Set up infrastructure to retrieve log file from the VM even on
build failure (Closes: #7749).
- Always build from a fresh Git clone.
- Set the permissions that Vagrant needs inside the source tree
(Closes: #11411, #16607, #17289).

* Test suite
- Remove Seahorse key synchronization scenarios. These 2 scenarios
never pass due to #17169, so currently:
* They don't teach us anything new → no benefit.
* Every time a developer looks at test suite results,
they need to filter out this known problem, which takes time
and trains us to ignore problems.

[close]

https://tails.boum.org/

Titel: Tails 4.4
Beitrag von: SiLæncer am 12 März, 2020, 14:00

Changelog

* Security fixes
- Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
- Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
(Closes: #17477).
- Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
- Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
- Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
- Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
- Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
- Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).

* Bugfixes
- Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
tails-workarounds provided firmwares until the firmware-realtek
package is updated with the patch by Sjoerd Simons (Debian#935969).
Note: This might not be sufficient to support those cards.

* Minor improvements and updates
- Upgrade dogtail to 0.9.11-6.
- Upgrade virtualbox to 6.1.4-dfsg-1.

* Build system
- Vagrant build box: disable mitigation features for CPU
vulnerabilities (Closes: #17386). Given the kind of things we do in
our Vagrant build box, it seems very unlikely that vulnerabilities
such as Spectre and Meltdown can be exploited in there. Let's
reclaim some of the performance cost of the corresponding mitigation
features.
- Enable website caching by default, with a way option to disable it
(Closes: #17439).
- Key the website cache on debian/changelog too (Closes: #17511).
- Update APT snapshot of the Debian archive to 2020030101.
- Add support for the tails-workarounds submodule.

[close]

https://tails.boum.org/

Titel: Tails 4.4.1
Beitrag von: SiLæncer am 24 März, 2020, 10:00

Changelog

* Security fixes
- Upgrade Tor Browser to 9.0.7-build1 (Closes: #17539).
- Upgrade tor to 0.4.2.7 (Closes: #17531).
- Upgrade Thunderbird to 1:68.6.0-1~deb10u1 (MFSA-2020-10, DSA-4642).
- Upgrade WebKitGTK to 2.26.4-1~deb10u2 (DSA-4641).

* Build system
- lint_po: avoid race conditions when checking PO files (Closes: #17359).

[close]

https://tails.boum.org/

Titel: Tails 4.5
Beitrag von: SiLæncer am 08 April, 2020, 12:00

Changelog

tails (4.5) unstable; urgency=medium

* Security fixes
- Upgrade Tor Browser to 9.0.9-build1 (Closes: #17594).
- Upgrade BlueZ to 5.50-1.2~deb10u1 (DSA-4647).
- Upgrade GnuTLS to 3.6.7-4+deb10u3 (DSA-4652).

-- Tails developers <tails@boum.org> Mon, 06 Apr 2020 21:51:05 +0200

tails (4.5~rc1) unstable; urgency=medium

* Major changes
- Migrate from aufs to overlayfs (Closes: #8415). This change touches
many components which won't all be listed individually, but some
highlights are listed below:
⋅ Adjust the build system to stop building the aufs kernel module.
⋅ Switch the kernel command line from union=aufs to union=overlayfs.
⋅ Adjust AppArmor profiles (Closes: #9045, #12112).
. Adapt chroot-browsers (Closes: #12105).
⋅ Drop the aufs Git submodule.
⋅ Make memory erasure feature compatible with overlayfs
(Closes: #15146).
⋅ Make Upgrader support and also generate overlayfs-based IUKs by
default (Closes: #9373).
- Use GRUB with Secure Boot support for x86_64 (Closes: #6560, #15806).
This is also a large change, touching many components:
⋅ Install grub from bullseye.
⋅ Introduce a custom grub configuration file.
⋅ Use a custom background image.
⋅ Mimick Debian Installer's efi-image build script to handle all
details in binary local hooks.
⋅ Add SYSLINUX in the syslinux bootloader menu, to make it easier to
troubleshoot GRUB vs. syslinux issues (Closes: #17538).
⋅ Upgrader: Adjust to also handle files in EFI/debian when dealing
with file removals.
⋅ Adjust test suite.
- Migrate test suite from Sikuli to a combination of OpenCV (image
matching), xdotool (mouse interaction), plus libvirt's send-key
(keyboard interaction) (Closes: #15460). This is another major
changes, allowing the test suite to run on Buster-based systems,
touching various areas of the test suite, among which:
⋅ Add workaround for the Greeter when restoring snapshot.
⋅ Fix dependencies for Buster.
⋅ Replace some Sikuli-based options with some OpenCV-based ones
(e.g. --retry-find → --image-bumping-mode).
⋅ Handle non-English keyboards.
⋅ Fix --capture on Buster and above.
⋅ Deal with Buster having migrated from avconv to ffmpeg.

* Security fixes
- Upgrade ICU to 63.1-6+deb10u1 (DSA-4646).

* Minor improvements and updates
- Refactor tails-documentation (Closes: #16903).

* Build system
- Freeze APT snapshots for 4.5~rc1.
- Rakefile: always disable website caching when building from a tag
(Closes: #17513).
- Rakefile: fix recommended permissions (libvirt needs +r to share the
source tree with the Vagrant box).
- Import persistence-setup.git from its own repository into tails.git
(Closes: #17526, #6487).
- IUK: ensure rsync runtime dependency is installed.

* Test suite
- Adjust for the aufs → overlayfs migration (Closes: #12106, #17440,
#17451).
- run_test_suite: don't print usage on error.
- run_test_suite: --view/--vnc-server-only are only supported on x11.
- Optimize checking if file is empty.
- Speed up some test failures to avoid resource starvation.
- Check for tcplay dependency.
- Increase chances chutney starts after unclean shutdown.
- Make chutney log what it is doing.
- Make opening Thunderbird's Extensions tab more robust.

[close]

https://tails.boum.org/

Titel: Tails 4.6
Beitrag von: SiLæncer am 06 Mai, 2020, 09:10

Changelog

* Security fixes
- Upgrade Tor Browser to 9.0.10-build2 (Closes: #17660).
- Upgrade Thunderbird to 1:68.7.0-1~deb10u1 (MFSA-2020-14, DSA-4656).
- Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4657, DSA-4659).
- Upgrade Node.js to 10.19.0~dfsg1-1 (DSA-4669).
- Upgrade OpenLDAP to 2.4.47+dfsg-3+deb10u2 (DSA-4666).
- Upgrade OpenSSL to 1.1.1d-0+deb10u3 (DSA-4661).
- Upgrade ReportLab to 3.5.13-1+deb10u1 (DSA-4663).
- Upgrade WebKitGTK to 2.26.4-1~deb10u3 (DSA-4658).

* Bugfixes
- Switch Japanese input method from Anthy to Mozc (Closes: #16719).
- Install the libu2f-udev package, for U2F device support.
- Update our list of 'Favorites' applications (Closes: #16990).

* Build system
- lint_po: support locales with "@" in their name, such as ru@petr1708
(Closes: #17554).
- perl5lib: declare missing test dependencies (Closes: #17591).
- iuk: declare missing test dependencies (Closes: #17592).
- Upgrade to po4a 0.55 for Tails images and Vagrant box (Closes: #17005).

* Test suite
- Print disk usage information when the test suite fails with “No
space left” errors.
- Ensure no zombie processes are left around, by cleaning subprocesses
correctly (Closes: #17551).
- Prevent webrick from becoming a zombie process.
- Avoid test suite getting stuck due to a zero timeout.
- Fix obsoletion warnings (Closes: #17552).
- Add root check and --allow-non-root option (Closes: #17613). Let's
make it clear running the test suite requires root privileges in
the general case.

[close]

https://tails.boum.org/

Titel: Tails 4.7
Beitrag von: SiLæncer am 02 Juni, 2020, 21:00

Changelog

* Security fixes

- Upgrade Tor Browser to 9.5-build2 (Closes: #17710).
- Upgrade APT to 1.8.2.1 (DSA-4685).
- Upgrade BIND to 1:9.11.5.P4+dfsg-5.1+deb10u1 (DSA-4689).
- Upgrade WebKitGTK to 2.28.2-2~deb10u1 (DSA-4681).
- Upgrade Thunderbird to 1:68.8.0-1~deb10u1 (DSA-4683).

* Bugfixes

- Improve Additional Software reliability (Closes: #17278): disable
periodic APT operations entirely, adjust timeouts, force data
synchronization, preserve file ownership.
- Make memory erasure feature compatible with overlayfs (Closes: #15146).
- Adjust various documentation for the new GitLab-based hosting.

* Minor improvements and updates

- Fix title of unlock-veracrypt-volume error dialog in case of incorrect
password (Closes: #17668).
- Clean up confusing torrc (Closes: #17706).

* Build system

- IUK creation: don't use extreme compression options for the outer
SquashFS container refs.
- IUK creation: add support for building several IUKs in parallel locally
(Closes: #17657).
- IUK verification: add support for fetching IUKs built in parallel on
Jenkins (Closes: #17658).
- Release process: generate UDFs on the alpha channel for previous
non-final releases (Closes: #17614).
- Remove aufs-based IUK generation code and doc (Closes: #17489).

* Test suite

- Adjust for augmented timeouts in Additional Software.
- Adjust locale lookup to check several directories.
- Speed up 'I fill a ... MiB file' step by 1000%.
- Keep latest test suite screenshot (Closes: #17621).
- Fix test suite breaking when the user connects to the VM via virt-viewer
(Closes: #17623).
- Adjust reference images and titles following the migration to GitLab
(Closes: #17718, 17719).

[close]

https://tails.boum.org/

Titel: Tails 4.8
Beitrag von: SiLæncer am 01 Juli, 2020, 06:00

Changelog

New features

We disabled the Unsafe Browser by default and clarified that the Unsafe Browser can be used to deanonymize you.

An attacker could exploit a security vulnerability in another application in Tails to start an invisible Unsafe Browser and reveal your IP address, even if you are not using the Unsafe Browser.

For example, an attacker could exploit a security vulnerability in Thunderbird by sending you a phishing email that could start an invisible Unsafe Browser and reveal them your IP address.

Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm.

This is why we recommend that you:

Only enable the Unsafe Browser if you need to log in to a captive portal.
Always upgrade to the latest version of Tails to fix known vulnerabilities as soon as possible.

We added a new feature of the Persistent Storage to save the settings from the Welcome Screen.

This feature is beta and only the additional setting to enable the Unsafe Browser is made persistent. The other settings (language, keyboard, and other additional settings) will be made persistent in Tails 4.9 (July 28).

Changes and updates

Update Tor Browser to 9.5.1.

Update Thunderbird to 68.9.0.

Update Linux to 5.6.0. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Fixed problems

Fix the Find in page feature of Thunderbird. (#17328)

Fix shutting down automatically the laptop when resuming from suspend with the Tails USB stick removed. (#16787)

Notify always when MAC address spoofing fails and the network interface is disabled. (#17779)

Fix the import of OpenPGP public keys in binary format (non armored) from the Files browser.

For more details, read our changelog.

Known issues

Only use the following characters in the administration password:
a–z
A–Z
1–9
_@%+=:,./-

If you use spaces or other accentuated characters, like àéïøů, your will not be able to type your administration password again in your Tails session, unless you type single quotes ' around it.

For example, if you set the administration password: née entrepôt über señor, you would have to type 'née entrepôt über señor'. (#17792)

See the list of long-standing issues.

[close]

Quelle : https://tails.boum.org/news/version_4.8/index.de.html

https://tails.boum.org/

Titel: Tails 4.9
Beitrag von: SiLæncer am 29 Juli, 2020, 06:00

Changelog

Changes and updates

Update Tor Browser to 9.5.3.
Update Thunderbird to 68.10.0.
Update Linux to 5.7.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Fixed problems

Allow characters others than A–Z, a–z, 1–9, and _@%+=:,./- in the administration password. (#17792)
Apply the keyboard layout that is automatically selected when you change the language in the Welcome Screen. (#17794)
Fix starting Tails with the toram boot option. (#17800)

Known issues

USB Wi-Fi adapters with Atheros AR9271 hardware do not work with Linux 5.7.6. (#17834)

[close]

Quelle : https://tails.boum.org/news/version_4.9/index.de.html

https://tails.boum.org/

Titel: Tails 4.10
Beitrag von: SiLæncer am 25 August, 2020, 18:00

Changelog

* Security fixes
- Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
- Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
#17834).

* Bugfixes
- Make iPhone Tethering work by adding udev rule to disable MAC
spoofing for it (Closes: #17820).
- Remove broken Thunderbird protocol selection. This code has been
a no-op in practice since at least Tails 4.0. We've decided to
reject #17276 and investigate what the biggest problems are for
email in Tails with slow/shitty Internet connections:
default'ing to IMAP may, or may not, be part of these
problems (Closes #17276).

* Minor improvements and updates
- Upgrade to Tor 0.4.3.6 (Closes: #17835).
- Upgrade to Electrum 4.0.2 (Closes: #17828).
- Hide Thunderbird welcome message: it is not relevant in the
context of Tails. For example, it feels weird that we would
encourage users to donate to Thunderbird about as loudly as we
encourage them to donate to Tails. Besides, the default message
is retrieved from the web when Thunderbird starts. We don't
need this extra network activity.
- import-translations: use *_release branches instead of
*_completed branches. The new *_release branches contain exactly
what we want, i.e. all reviewed translations from
Transifex. While the *_completed branches only contain PO files
for languages that are fully translated (Closes: #16774).

* Build system
- Upgrade snapshot of the Debian archive to 2020081601, including
the 10.5 point release of Debian Buster (Closes: #17790).
- On Bullseye and newer: use custom, fake, unversioned python
packages. The unversioned python packages are not shipped in
Bullseye/sid anymore, and even old versions are not installable
anymore (Closes: #17858).
- Import vagrant-libvirt's create_box.sh script. It's not included
in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).

* Test suite
- Improve robustness for scenario "The Additional Software dpkg
hook notices when persistence is locked down while installing a
package".
- Improve robustness for scenario "Use GNOME Disks to unlock a USB
drive that has a basic VeraCrypt volume with a keyfile".
- Improve robustness of cloning a Git repository.
- Don't hammer resources of the system under test while
installing/removing packages. I see every such dpkg|grep call
takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
default delay between checks, which I suspect is enough to slow
down the package installation/removal we're exercising.
- Update expected title of the GitLab page we use
- Rubocop: target Ruby 2.5 (Buster).

[close]

Quelle : https://tails.boum.org/news/version_4.10/index.de.html

https://tails.boum.org/

Titel: Tails 4.11
Beitrag von: SiLæncer am 22 September, 2020, 19:00

Changelog

New features

We added a new feature of the Persistent Storage to save the settings from the Welcome Screen: language, keyboard, and additional settings.
To restore your settings when starting Tails, unlock your Persistent Storage in the Welcome Screen.

Changes and updates

Update Tor Browser to 10.0.
Update Thunderbird to 68.12.
Update Linux to 5.7.17. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
Configure KeePassXC to use the new default location Passwords.kdbx. (#17286)
Update python3-trezor to 0.11.6 to add compatibility with the new Trezor Model T.

Fixed problems

Disable the feature to Turn on Wi-Fi Hotspot in the Wi-Fi settings because it doesn't work in Tails. (#17887)

[close]

Quelle : https://tails.boum.org/news/version_4.11/index.de.html

https://tails.boum.org/

Titel: Tails 4.12
Beitrag von: SiLæncer am 20 Oktober, 2020, 20:06

Changelog

Changes and updates

Update Tor Browser to 10.0.2.

Update tor to 0.4.4.5.

Update Linux to 5.8 and most firmware packages. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Add a button to cancel an automated upgrade while downloading. (#17310)

Fixed problems

Fix several internationalization issues in Electrum, Tails Installer, and Tails Upgrader. (#17958, #17758, and #17961)

Anonymize URLs in the technical details provided by WhisperBack. (#17147)

For more details, read our changelog.

[close]

Quelle : https://tails.boum.org/news/version_4.12/index.de.html

https://tails.boum.org/

Titel: Tails 4.13
Beitrag von: SiLæncer am 17 November, 2020, 19:00

Changelog

Changes and updates

Update Tor Browser to 10.0.5.

Tor Browser 10.0.5 fixes the critical vulnerability discovered last week in the JavaScript engine.

Update Thunderbird from 68.12 to 78.4.2.

Thunderbird 78 replaces the Enigmail extension with built-in support for OpenPGP encryption.

If you used Enigmail before Tails 4.13, follow our instructions to migrate from Enigmail to Thunderbird 78.

Add a button to restart Tails at the end of creating the Persistent Storage. (#16384)

Only include translations for languages that are available in the Welcome Screen. This reduces the size of the download by 5%. (#17139)

Make the root directory of the Persistent Storage only readable by the root user. (#7465)

Users of the Dotfiles feature of the Persistent Storage can choose Places ▸ Dotfiles to open the /live/persistence/TailsData_unlocked/dotfiles folder in the Files browser.

Enable TCP timestamps. This might increase stability on slower Internet connections. (#17491)

Fixed problems

Fix the Upgrade button of Tails Installer when running Croatian, Danish, French, Hebrew, Macedonian, Simplified Chinese, and Turkish. (#17982)

Allow raising the sound volume above 100%. (#17322)

For more details, read our changelog.

[close]

Quelle : https://tails.boum.org/news/version_4.13/index.de.html

https://tails.boum.org/

Titel: Tails 4.14
Beitrag von: SiLæncer am 15 Dezember, 2020, 11:00

Changelog

Changes and updates

Add support for the Ledger hardware wallets in Electrum. (#15353)

Update Tor Browser to 10.0.7.

Update Thunderbird to 78.5.1.

Update Linux to 5.9. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Remove the Unifont font. (!263)

Fixed problems

Fix Additional Software by updating the APT key for deb.torproject.org. (#18042)

Fix changing the administration password stored in the Persistent Storage. (#18018)

Fix opening the Persistent Storage of another Tails USB stick in the Files browser. (#18050)

Restore automatically a GnuPG public keyring from its backup when it gets corrupt. (#17807)

[close]

Quelle : https://tails.boum.org/news/version_4.14/index.de.html

https://tails.boum.org/

Titel: Tails 4.15
Beitrag von: SiLæncer am 26 Januar, 2021, 14:00

Changelog

New features

Add a Don't Show Again button to the security notification when starting Tails in a virtual machine.

Changes and updates

Update Tor Browser to 10.0.9.

Update Thunderbird to 78.6.0.

Update Linux to 5.9.15. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).

Fixed problems

Fix support for the Ledger hardware wallets in Electrum. (#18080)

Fix sharing mobile data, also called USB tethering, on iOS 14 or later. (#18097)

Clarify the error message when starting from a USB stick that is too small. (#18073)

For more details, read our changelog.

[close]

Quelle : https://tails.boum.org/news/version_4.15/index.de.html

https://tails.boum.org/

Titel: Tails 4.15.1
Beitrag von: SiLæncer am 28 Januar, 2021, 22:00

Changelog

Included software

Update sudo to 1.8.27-1+deb10u3, which fixes CVE-2021-3156, a major vulnerability that allows normal users to gain root privileges.

[close]

Quelle : https://tails.boum.org/news/version_4.15.1/index.de.html

https://tails.boum.org/

Titel: Tails 4.16
Beitrag von: SiLæncer am 23 Februar, 2021, 19:00

Changelog

Changes and updates

Update Tor Browser to 10.0.12.

Update Thunderbird to 78.7.0.

Update Linux to 5.10.13. This should improve the support for newer hardware (graphics, Wi-Fi, and so on).

Update Tor to 0.4.5.5.

Fixed problems

Stop focusing on the Cancel button by default when downloading an upgrade to prevent canceling the download by mistake. (#18072)

For more details, read our changelog.

Known issues

Automatic upgrades are broken from Tails 4.14 and earlier.

To upgrade from Tails 4.14 or earlier, you can either:

Do a manual upgrade.

Fix the automatic upgrade from a terminal. To do so:

Start Tails and set up an administration password.

In a terminal, execute the following command:

Code: [Auswählen]

torsocks curl --silent https://gitlab.tails.boum.org/tails/tails/-/raw/master/config/chroot_local-includes/usr/share/tails/certs/lets-encrypt-r3.pem \
| sudo tee --append /usr/local/etc/ssl/certs/tails.boum.org-CA.pem \
&& systemctl --user restart tails-upgrade-frontend

Zitat

This command is a single command that wraps across several lines. Copy and paste the entire block at once and make sure that it executes as a single command.

About 30 seconds later, you should be prompted to upgrade to the latest version of Tails. If no prompt appear, you might already be running the latest version of Tails.

[close]

Quelle : https://tails.boum.org/news/version_4.16/index.de.html

https://tails.boum.org/

Titel: Tails 4.17
Beitrag von: SiLæncer am 23 März, 2021, 11:00

Changelog

This release fixes known security vulnerabilities. You should upgrade as soon as possible.
Reliability improvements to automatic upgrades

Repair automatically the file system used during upgrades.

Automatic upgrades were sometimes failing even after doing a manual upgrade because of an unclean file system. (#17902)

Resume automatically when the download of an upgrade fails.

Other changes and updates

Update Tor Browser to 10.0.14.

Update Thunderbird to 78.8.0.

Update Tor to 0.4.5.7.

Update GRUB to 2.04-16.

Update some firmware packages. This should improve the support for some Wi-Fi interfaces, especially Intel, Broadcom, and Cypress interfaces.

Fixed problems

Improve the error message when starting the Unsafe Browser while offline. (#12251)

For more details, read our changelog.

[close]

Quelle : https://tails.boum.org/news/version_4.17/index.de.html

https://tails.boum.org/

Titel: Tails 4.18
Beitrag von: SiLæncer am 20 April, 2021, 20:00

Changelog

This release fixes known security vulnerabilities. You should upgrade as soon as possible.

Changes and updates

Remove "Synchronizing the system's clock" notification when connecting to Tor network

We removed this notification because it didn't recommend a specific action for users to take and it was unclear. It might have given users the impression that they should alter their UTC clock settings. (#7439)

Remove Poedit

We now use Weblate to provide translated text for Tails and the Tails website, so Poedit isn't as necessary. To install Poedit in Tails, see our guide on Additional Software (#18236)

Update Tor Browser to 10.0.16.
Update Thunderbird to 78.9.0-1.

Update some Intel and Linux firmware packages. This should improve support for newer hardware (graphics, Wi-Fi, and so on).

Fixed problems

Use more reliable Debian repositories

Tails now connects to the APT repositories of Debian using their HTTPS address instead of their .onion address, for increased reliability with the Additional Software feature. We left other Tails and Tor Project APT onion sources as is. (#17993)

Display an error message when the Upgrader fails to download the signing key. This has been a silent error since 4.14. (#18238)

For more details, read our changelog.

[close]

Quelle : https://tails.boum.org/news/version_4.18/index.de.html

https://tails.boum.org/

Titel: Tails 4.19 Beta 1
Beitrag von: SiLæncer am 28 April, 2021, 19:00

Release Notes

Tails 4.19, scheduled for June 1, will completely change how to connect to the Tor network from Tails. We would like as many people as possible to test this beta version to be able to fix as many problems as possible before we release 4.19 to all users. Over the years, we have identified many issues in how to connect to the Tor network from Tails, thanks to your feedback. With this beta, we are trying to solve the most important and pressing of these issues:

The lack of feeback while connecting to the Tor network.
The option to use Tor bridges has to be turned on in the Welcome Screen and cannot be changed afterwards.
The lack of default Tor bridges.
The previous configuration screen for Tor bridges wasn't accessible to people who use the screen reader.
The lack of guidance when Tails is not connected to a local network yet.

[close]

Quelle : https://tails.boum.org/news/test_4.19-beta1/

https://tails.boum.org/

Titel: Tails 4.19
Beitrag von: SiLæncer am 01 Juni, 2021, 12:00

Release Notes

We worked very hard last week to get ready to release the work on the connection to Tor that we have been showing you in 4.19~beta1 and 4.19~rc1. We made a lot of progress but didn't feel confident enough to release it today.

So, we are releasing 4.19 as a regular upgrade and will release this work in 4.20. We will publish an updated rc2 in the coming days with even more improvements on the connection to Tor.
Changes and updates

Stop pinning the TLS certificate of our website when doing automatic upgrades.

We broke automatic upgrades twice recently; once in December in 4.14 and again during a few days on May 15. These 2 times, it was the consequence of a security feature: the pinning of the TLS certificate of our website when doing automatic upgrades.

We removed this feature because the recent problems proved us that this feature was not worth it if it makes us break automatic upgrades that often. (#18324)

Our upgrades are still as strongly authenticated as they are signed using OpenPGP by our team.

Add visual feedback when typing an administration password with sudo in a terminal:

amnesia@amnesia:~$ sudo -i
[sudo] password for amnesia: ********

Update Tor Browser to 10.0.17.

Update Thunderbird to 78.10.0.

For more details, read our changelog (https://gitlab.tails.boum.org/tails/tails/-/blob/master/debian/changelog).

[close]

Quelle : https://tails.boum.org/news/version_4.19/index.en.html

https://tails.boum.org/

Titel: Tails 4.20
Beitrag von: SiLæncer am 13 Juli, 2021, 20:00

Release Notes

Tails 4.20 completely changes how to connect to the Tor network from Tails.

After connecting to a local network, a Tor Connection assistant helps you connect to the Tor network.

This new assistant is most useful for users who are at high risk of physical surveillance, under heavy network censorship, or on a poor Internet connection:

It protects better the users who need to go unnoticed if using Tor could look suspicious to someone who monitors their Internet connection (parental control, abusive partner, school or work network, etc.).

It allows people who need to connect to Tor using bridges to configure them without having to change the default configuration in the Welcome Screen.

It helps first-time users understand how to connect to a local Wi-Fi network.

It provides feedback while connecting to Tor and helps troubleshoot network problems.

We know that this assistant is still far from being perfect, even if we have been working on this assistant since February. If anything is unclear, confusing, or not working as you would expect, please send your feedback to tails-dev@boum.org (public mailing list).

This first release of the Tor Connection assistant is only a first step. We will add more improvements to it in the coming months to:

Save Tor bridges to the Persistent Storage (#5461)
Help detect when Wi-Fi is not working (#14534)
Detect if you have to sign in to the local network using a captive portal (#5785)
Synchronize the clock to make it easier to use Tor bridges in Asia (#15548)
Make it easier to learn about new Tor bridges (#18219, #15331)

Changes and updates

Update OnionShare from 1.3.2 to 2.2.
This major update adds a feature to host a website accessible from a Tor onion service.

Update KeePassXC from 2.5.4 to 2.6.2.

This major update comes with a redesign of the interface.

Update Tor Browser to 10.5.2.
Update Thunderbird to 78.11.0.
Update Tor to 0.4.5.9.

Update the Linux kernel to 5.10.46. This should improve the support for newer hardware (graphics, Wi-Fi, and so on).

Rename MAC address spoofing as MAC address anonymization in the Welcome Screen.

Fixed problems

Automatic upgrades

Made the download of upgrades and the handling of errors more robust. (#18162)
Display an error message when failing to check for available upgrades. (#18238)

Tails Installer

Made the display of the Reinstall button more robust. (#18300)
Make the Install and Upgrade unavailable after a USB stick is removed. (#18346)

Known issues

Automatic upgrades are broken from Tails 4.14 and earlier.

To upgrade from Tails 4.14 or earlier, you can either:

Do a manual upgrade.

Fix the automatic upgrade from a terminal. To do so:

Start Tails and set up an administration password.

In a terminal, execute the following command:

Code: [Auswählen]

torsocks curl --silent https://tails.boum.org/isrg-root-x1-cross-signed.pem \
| sudo tee --append /usr/local/etc/ssl/certs/tails.boum.org-CA.pem \
&& systemctl --user restart tails-upgrade-frontend

Approximately 30 seconds later, you should be prompted to upgrade to the latest version of Tails. If no prompt appears, you might already be running the latest version of Tails.

[close]

Quelle : https://tails.boum.org/news/version_4.20/index.de.html

https://tails.boum.org/

Titel: Tails 4.21
Beitrag von: SiLæncer am 10 August, 2021, 22:00

Release Notes

Changes and updates

Update Tor Browser to 10.5.4.
Update Thunderbird to 78.12

Fixed problems

Prevent Tails Installer from deleting a Persistent Storage when doing a manual upgrade and choosing Cancel in the confirmation dialog. (#18494)

[close]

Quelle : https://tails.boum.org/news/version_4.21/index.de.html

https://tails.boum.org/

Titel: Tails 4.22
Beitrag von: SiLæncer am 07 September, 2021, 19:00

Release Notes

Included software and hardware support

Update Tor Browser to 10.5.6.

Update Thunderbird to 78.13.

Update the AMD graphics firmware to 20210818. This should improve the support for some AMD graphics cards.

Tor Connection

Change the custom bridge interface to only allow entering 1 bridge. (#18550)

People had troubles knowing how to enter their custom bridges when the widget was a textarea and only the first bridge is used anyway.

Allow saving 1 custom bridge in the Persistent Storage. (#5461)

Allow fixing the clock manually when connecting to Tor using bridges fails. (#15548)

This helps people East from London connect to Tor using obfs4 bridges and makes connecting to Tor more robust in general.

Reduce the timeout that determines whether we can connect to Tor at all from 30 seconds to 10 seconds. Increase the timeout to start Tor entirely from 120 seconds to 600 seconds. (#18501).

Tor Connection now fails quicker when it's impossible to connect to Tor, while being more robust on slow Internet connections.

Allow trying again to connect to Tor from the error screen. (#18539)

Unsafe Browser

Stop restarting Tor when exiting the Unsafe Browser. (#18562)
Only mention the Persistent Storage in the Unsafe Browser warning when there is already a Persistent Storage. (#18551)

Others

Make sure that automatic upgrades are downloaded from a working mirror. (#15755)
Add Russian to the offline documentation included in Tails.

Fixed problems

Tor Connection

Fix connecting to Tor using the default bridges. (#18462)
Fix connecting to Tor when the Wi-Fi settings are saved in the Persistent Storage. (#18532)
Stop trying to connect to Tor in the background when Tor Connection reaches the error screen. (#18740)

[close]

Quelle : https://tails.boum.org/news/version_4.22/index.de.html

https://tails.boum.org/

Titel: Tails 4.23
Beitrag von: SiLæncer am 06 Oktober, 2021, 20:00

Whats new:>>

Update Tor Browser to 10.5.8.

Quelle : https://tails.boum.org/news/version_4.23/index.de.html

https://tails.boum.org/

DVB-Cube BETA <<< Das deutsche PC und DVB-Forum >>>

PC-Ecke => # Security Center => Software (PC-Sicherheit) => Thema gestartet von: SiLæncer am 09 Januar, 2012, 13:00