Tails Release Announcements

Discussion in 'all things UNIX' started by TheKid7, Apr 10, 2013.

  1. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Aug 3, 2010
  2. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.0 on 26-January-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.0/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.0) unstable; urgency=medium

    * Major new features and changes
    - Upgrade to Debian 8 (Jessie).
    - Migrate to GNOME Shell in Classic mode.
    - Use systemd as PID 1, and convert all custom initscripts to systemd units.
    - Remove the Windows camouflage feature: our call for help to port
    it to GNOME Shell (issued in January, 2015) was unsuccessful.
    - Remove Claws Mail: Icedove is now the default email client
    (Closes: #10167).
    - Upgrade Tor Browser to 5.5 (Closes: #10858, #10983).

    * Security fixes
    - Minimally sandbox many services with systemd's namespacing features.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u3.
    - Upgrade Git to 1:2.1.4-2.1+deb8u1.
    - Upgrade Perl to 5.20.2-3+deb8u3.
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u5.
    - Upgrade FUSE to 2.9.3-15+deb8u2.
    - Upgrade isc-dhcp-client tot 4.3.1-6+deb8u2.
    - Upgrade libpng12-0 to 1.2.50-2+deb8u2.
    - Upgrade OpenSSH client to 1:6.7p1-5+deb8u1.

    * Bugfixes
    - Restore the logo in the "About Tails" dialog.
    - Don't tell the user that "Tor is ready" before htpdate is done
    (Closes: #7721).
    - Upgrader wrapper: make the check for free memory more accurate
    (Closes: #10540, #8263).
    - Allow the desktop user, when active, to configure printers;
    fixes regression introduced in Tails 1.1 (Closes: #8443).
    - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
    and showing errors while we make sure that Tor bootstraps, which could
    take a while.
    - Allow Totem to read DVDs, by installing apparmor-profiles-extra
    from jessie-backports (Closes: #9990).
    - Make memory erasure on shutdown more robust (Closes: #9707, #10487):
    · don't forcefully overcommit memory
    · don't kill the allocating task
    · make sure the kernel doesn't starve from memory
    · make parallel sdmem handling faster and more robust
    - Don't offer the option, in Tor Browser, to open a downloaded file with
    an external application (Closes: #9285). Our AppArmor confinement was
    blocking most such actions anyway, resulting in poor UX; bugfix on 1.3.
    Accordingly, remove the now-obsolete exception we had in the Tor
    Browser AppArmor profile, that allowed executing seahorse-tool.
    - Fix performance issue in Tails Upgrader, that made it very slow to apply
    an automatic upgrade; bugfix on 1.7 (Closes: #10757).
    - Use our wrapper script to start Icedove from the GNOME menus.
    - Make it possible to localize our Icedove wrapper script.
    - List Icedove persistence option in the same position where Claws Mail
    used to be, in the persistent volume assistant (Closes: #10832).
    - Fix Electrum by installing the version from Debian Testing
    (Closes: #10754). We need version >=2.5.4-2, see #9713;
    bugfix on 2.0~beta1. And, explicitly install python-qt4 to enable
    Electrum's GUI: it's a Recommends, and we're not pulling it ourselves
    via other means anymore.
    - Restore default file associations (Closes: #1079:cool:;
    bugfix on 2.0~beta1.
    - Update 'nopersistent' boot parameter to 'nopersistence'; bugfix on 0.12
    (Closes: #10831). Thanks to live-media=removable, this had no security
    impact in practice.
    - Repair dotfiles persistence feature, by adding a symlink from
    /lib/live/mount/persistence to /live/persistence; bugfix on 2.0~beta1
    (Closes: #10784).
    - Fix ability to re-configure an existing persistent volume using
    the GUI; bugfix on 2.0~beta1 (Closes: #10809).
    - Associate armored OpenPGP public keys named *.key with Seahorse,
    to workaround https://bugs.freedesktop.org/show_bug.cgi?id=93656;
    bugfix on 1.1 (Closes: #10889).
    - Update the list of enabled GNOME Shell extensions, which might fix
    the "GNOME Shell sometimes leaves Classic mode" bug seen in 2.0~beta1:
    · Remove obsolete "Alternative Status Menu", that is not shipped
    in Debian anymore.
    · Explicitly enable the GNOME Shell extensions that build
    the Classic mode.
    - Make _get_tg_setting() compatible with set -u (Closes: #10785).
    - laptop-mode-tools: don't control autosuspend. Some USB input
    devices don't support autosuspend. This change might help fix
    #10850, but even if it doesn't, it makes sense to me that we
    don't let laptop-mode-tools fiddle with this on a Live system
    (Closes (for now): #10850).

    * Minor improvements
    - Remove obsolete code from various places.
    - Tails Greeter:
    · hide all windows while logging in
    · resize and re-position the panel when the screen size grows
    · PostLogin: log into the Journal instead of a dedicated log file
    · use localectl to set the system locale and keyboard mapping
    · delete the Live user's password if no administration password is set
    (Closes: #5589)
    · port to GDBus greeter interface, and adjust to other GDM
    and GNOME changes
    - Tails Installer:
    · port to UDisks2, and from Qt4 to GTK3
    · adapt to work on other GNU/Linux operating systems than Tails
    · clean up enough upstream code and packaging bits to make it
    deserve being uploaded to Debian
    · rename everything from liveusb-creator to tails-installer
    - Port tails-perl5lib to GTK3 and UDisks2. In passing, do some minor
    refactoring and a GUI improvement.
    - Persistent Volume Assistant:
    · port to GTK3 and UDisks2
    · handle errors when deleting persistent volume (Closes: #8435)
    · remove obsolete workarounds
    - Don't install UDisks v1.
    - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
    - Adjust import-translations' post-import step for Tails Installer,
    to match how its i18n system works nowadays.
    - Use socket activation for CUPS, to save some boot time.
    - Set memlockd.service's OOMScoreAdjust to -1000.
    - Don't bother creating /var/lib/live in tails-detect-virtualization.
    If it does not exist at this point, we have bigger and more
    noticeable problems.
    - Simplify the virtualization detection & reporting system, and do it
    as a non-root user with systemd-detect-virt rather than virt-what.
    - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
    WhisperBack's logs handling accordingly.
    - Drop tails-save-im-environment.
    It's not been used since we stopped automatically starting the web browser.
    - Add a hook that aborts the build if any *.orig file is found. Such files
    appear mainly when a patch of ours is fuzzy. In most cases they are no big
    deal, but in some cases they end up being taken into account
    and break things.
    - Replace the tor+http shim with apt-transport-tor (Closes: #819:cool:.
    - Install gnome-tweak-tool.
    - Don't bother testing if we're using dependency based boot.
    - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
    This has been fixed in Jessie proper.
    - Don't install ipheth-utils anymore. It seems to be obsolete
    in current desktop environments.
    - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #583:cool:
    - Drop all custom fontconfig configuration, and configure fonts rendering
    via dconf.
    - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
    that was applied upstream.
    - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
    it brings new features we need.
    - Have the security check and the upgrader wait for Tor having bootstrapped
    with systemd unit ordering.
    - Get rid of tails-security-check's wrapper.
    Its only purpose was to wait for Tor to have bootstrapped,
    which is now done via systemd.
    - Don't allow the amnesia and tails-upgrade-frontend users to run
    tor-has-bootstrapped as root with sudo. They don't need it anymore,
    thanks to using systemd for starting relevant units only once Tor
    has bootstrapped.
    - Install python-nautilus, that enables MAT's context menu item in Nautilus.
    (Closes: #9151).
    - Configure GDM with a snippet file instead of patching its
    - WhisperBack:
    · port to Python 3 and GObject Introspection (Closes: #7755)
    · migrate from the gnutls module to the ssl one
    · use PGP/MIME for better attachments handling
    · migrate from the gnupginterface module to the gnupg one
    · natively support SOCKS ⇒ don't wrap with torsocks anymore
    (Closes: #9412)
    · don't try to include the obsolete .xession-errors in bug reports
    (Closes: #9966)
    - chroot-browser.sh: don't use static DISPLAY.
    - Simplify debugging:
    · don't hide the emergency shutdown's stdout
    · tails-unblock-network: trace commands so that they end up in the Journal
    - Configure the console codeset at ISO build time, instead of setting it
    to a constant via the Greeter's PostLogin.default.
    - Order the AppArmor policy compiling in a way that is less of a blocker
    during boot.
    - Include the major KMS modules in the initramfs. This helps seamless
    transition to X.Org when booting, and back to text mode on shutdown,
    can help for proper graphics hardware reinitialization post-kexec,
    and should improve GNOME Shell support in some virtual machines.
    - Always show the Universal Access menu icon in the GNOME panel.
    - Drop notification for not-migrated-yet persistence configuration,
    and persistence settings disabled due to wrong access rights.
    That migration happened more two years ago.
    - Remove the restricted network detector, that has been broken for too long;
    see #10560 for next steps (Closes: #832:cool:.
    - Remove unsupported, never completed kiosk mode support.
    - clock_gettime_monotonic: use Perl's own function to get the integer part,
    instead of forking out to sed.
    - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
    and the implementation are obsolete on Jessie.
    - Lower potential for confusion (#8443), by removing system-config-printer.
    One GUI to configure printers is enough (Closes: #8505).
    - Add "set -u" to tails-unblock-network.
    - Add a systemd target whose completion indicates that Tor has bootstrapped,
    and use it everywhere sensible (Closes: #9393).
    - Disable udev's 75-persistent-net-generator.rules, to preventing races
    between MAC spoofing and interface naming.
    - Replace patch against NetworkManager.conf with drop-in files.
    - Replace resolvconf with simpler NetworkManager and dhclient configuration.
    (Closes: #770:cool:
    - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
    with 'systemctl disable' (Closes: #9881).
    - Replace patches that wrapped apps with torsocks with dynamic patching with
    a hook, to ease maintenance. Also, patch D-Bus services as needed
    (Closes: #10603).
    - Notify the user if running Tails inside non-free virtualization software
    that does not try to hide its nature (Closes: #5315).
    Thanks to Austin English <austinenglish@gmail.com> for the patch.
    - Declare htpdate.service as being needed for time-sync.target, to ensure
    that "services where correct time is essential should be ordered after
    this unit".
    - Convert some of the X session startup programs to `systemd --user' units.
    - Let the Pidgin wrapper pass through additional command-line arguments
    (Closes: #10383)
    - Move out of the $PATH a bunch of programs that users should generally
    not run directly: connect-socks, end-profile, getTorBrowserUserAgent,
    generate-tor-browser-profile, kill-boot-profile, tails-spoof-mac,
    tails-set-wireless-devices-state, tails-configure-keyboard,
    do_not_ever_run_me, boot-profile, tails-unblock-network,
    tor-controlport-filter, tails-virt-notify-user, tails-htp-notify-user,
    udev-watchdog-wrapper (Closes: #1065:cool:
    - Upgrade I2P to 0.9.23-2~deb8u+1.
    - Disable I2P's time syncing support.
    - Install Torbirdy from official Jessie backports, instead of from
    our own APT repository (Closes: #10804).
    - Make GNOME Disks' passphrase strength checking new feature work,
    by installing cracklib-runtime (Closes: #10862).
    - Add support for Japanese in Tor Browser.
    - Install xserver-xorg-video-intel from Jessie Backports (currently:
    2.99.917-2~bpo8+1). This adds support for recent chips such as
    Intel Broadwell's HD Graphics (Closes: #10841).
    - Improve a little bit post-Greeter network unblocking:
    · Sleep a bit longer between deleting the blacklist, and triggering udev;
    this might help cure #9012.
    · Increase logging, so that we get more information next time someone
    sees #9012.
    · Touch /etc/modprobe.d/ after deleting the blacklist; this might help,
    in case all this is caused by some aufs bug.
    - Enable and use the Debian jessie-proposed-updates APT repository,
    anticipating on the Jessie 8.3 point-release (Closes: #10897).
    - Upgrade most firmware packages to 20160110-1.
    - Upgrade Intel CPU microcodes to 3.20151106.1~deb8u1.
    - Disable IPv6 for the default wired connection, so that
    NetworkManager does not spam the logs with IPv6 router
    solicitation failure. Note that this does not fix the problem
    for other connections (Partially closes: #10939).

    * Test suite
    - Adapt to the new desktop environment and applications' look.
    - Adapt new changed nmcli syntax and output.
    - New NetworkManager connection files must be manually loaded in Jessie.
    - Adapt to new pkexec behavior.
    - Adapt to how we now disable networking.
    - Use sysctl instead of echo:ing into /proc/sys.
    - Use oom_score_adj instead of the older oom_adj.
    - Adapt everything depending on logs to the use of the Journal.
    - Port to UDisks v2.
    - Check that the system partition is an EFI System Partition.
    - Add ldlinux.c32 to the list of bootloader files that are expected
    to be modified when we run syslinux (Closes: #9053).
    - Use apt(:cool: instead of apt-get(:cool:.
    - Don't hide the cursor after opening the GNOME apps menu.
    - Convert the remote shell to into a systemd native service and a Python 3,
    script that uses the sd_notify facility (Closes: #9057). Also, set its
    OOM score adjustment value via its unit file, and not from the test suite.
    - Adjust to match where screenshots are saved nowadays.
    - Check that all system units have started (Closes: #8262)
    - Simplify the "too small device" test.
    - Spawn `poweroff' and `halt' in the background, and don't wait for them
    to return: anything else would be racy vs. the remote shell's stopping.
    - Bump video memory allocated to the system under test, to fix out of video
    memory errors.
    - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
    of a Pentium one: the latter makes GNOME Shell crash.
    See #8778 for details about how Mesa's CPU features detection has
    room for improvement.
    - Adjust free(1) output parsing for Jessie.
    - vm-execute: rename --type option to --spawn.
    - Add method to set the X.Org clipboard, and install its dependency
    (xsel) in the ISO.
    - Paste URLs in one go, to work around issue with lost key presses
    in the browser (Closes: #10467).
    - Reliably wait for Synaptic's search button to fade in.
    - Take into account that the sticky bit is not set on block devices
    on Jessie anymore.
    - Ensure that we can use a NetworkManager connection stored in persistence
    (Closes: #7966).
    - Use a stricter regexp when extracting logs for dropped packets.
    - Clone the host CPU for the test suite guests (Closes: #877:cool:.
    - Run ping as root (aufs does not support file capabilities so we don't
    get cap_net_raw+ep, and if built on a filesystem that does support
    file capabilities, then /bin/ping is not setupd root).
    - Escape regexp special characters when constructing the firewall log
    parsing regexp, and pass -P to grep, since Ruby uses PCRE.
    - Adjust is_persistent?() helper to findmnt changes in Jessie.
    - Rework in depth how we measure pattern coverage in memory, with more
    reliable Linux OOM and VM settings, fundamental improvements
    in what exactly we measure, and custom OOM adjutments for fillram
    processes (Closes: #9705).
    - Use blkid instead of parted to determine the filesystem type.
    - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
    the tiny border of the in-viewer menu.
    - Remove now redundant desktop screenshot directory scenario.
    - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
    - Disable screen blanking in the automated test suite, which occasionally
    breaks some test cases (Closes: #10403).
    - Move upgrade scenarios to the feature dedicated to them.
    - Don't make libvirt storage volumes executable.
    - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
    as a breakpoint when debugging.
    - Drop non-essential Totem test that is mostly a duplicate, and too painful
    to be worth automating on Jessie.
    - Retry Totem HTTPS test with a new Tor circuit on failure.
    - Replace iptables status regexp-based parser with a new XML-based
    status analyzer: the previous implementation could not be adjusted
    to the new ip6tables' output (Closes: #9704).
    - Don't reboot in one instance when it is not needed.
    - Optimize memory erasure anti-test: block the boot to save CPU on the host.
    - Update I2P tests for Jessie, and generally make them more robust.
    - Update Electrum tests for 2.5.4-2 (Closes: #1075:cool:.
    - Add workaround for libvirt vs. guestfs permissions issue, to allow
    running the test suite on current Debian sid.
    - Fix buggy code, that happened to work by mistake, in the Seahorse
    test cases; bugfix on 1.8.
    - Update test suite images due to CSS change on Tails' website.
    - Adapt Tor Browser tests to work with the 5.5 series.
    - Automatically test downloading files in Tor Browser.
    - Remove obsolete scenario, that tested opening a downloaded file with
    an external application, which we do not support anymore.
    - Improve robustness of the "Tails OpenPGP keys" scenario (Closes: #1037:cool:.
    - Automatically test the "Diable all networking" feature (Closes: #10430).
    - Automatically test that SSH works over LAN (Closes: #9087).
    - Bump some statuc sleeps to fix a few race conditions (Closes: #5330).
    - Automatically test that an emergency shutdown triggers on boot
    medium removal (Closes: #5472).
    - Make the AppArmor checks actually detect errors (Closes: #10926).

    * Build system
    - Bump amount of disk space needed to build Tails with Vagrant.
    The addition of the Japanese Tor Browser tarball made us reach
    the limit of the previous value.

    * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
    - Free the fixed UIDs/GIDs we need before creating the corresponding users.
    - Replace the real gnome-backgrounds with a fake, equivs generated one
    (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
    which is too fat to ship considering we're not using it.
    - AppArmor: adjust CUPS profile to support our Live system environment
    (Closes: #8261):
    · Mangle lib/live/mount/overlay/... as usual for aufs.
    · Pass the the attach_disconnected flag, that's needed for compatibility
    with PrivateTmp.
    - Make sure we don't ship geoclue* (Closes: #7949).
    - Drop deprecated GDM configuration file.
    - Don't add the Live user to the deprecated 'fuse' group.
    - Drop hidepid mount option for /proc (Closes: #8256). In its current,
    simplistic form it cannot be supported by systemd.
    - Don't manually load acpi-cpufreq at boot time. It fails to load
    whenever no device it supports is present, which makes the
    systemd-modules-load.service fail. These days, the kernel
    should just automatically load such modules when they are needed.
    - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
    - Disable the GDM unit file's Restart=always, that breaks our "emergency
    shutdown on boot medium removal" feature.
    - Update the implementation of the memory erasure on shutdown feature:
    · check for rebooting state using systemctl, instead of the obsolete
    $RUNLEVEL (Closes: #8306)
    · the kexec-load initscript normally silently exits unless systemd is
    currently running a reboot job. This is not the case when the emergency
    shutdown has been triggered, so we removed this check
    · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
    · don't (try to) switch to tty1 on emergency shutdown: it apparently
    requires data that we haven't locked into memory, and then it blocks
    the whole emergency shutdown process
    - Display a slightly darker version of the desktop wallpaper on the screen
    saver, instead of the default flashy "Debian 8" branding (Closes: #903:cool:.
    - Disable software autorun from external media.
    - Disable a few unneeded D-Bus services. Some of these services are
    automatically started (via D-Bus activation) when GNOME Shell tries
    to use them. The only "use" I've seen for them, except eating
    precious RAM, is to display "No appointment today" in the calendar pop-up.
    (Closes: #9037)
    - Prevent NetworkManager services from starting at boot time
    (Closes: #8313). We start them ourselves after changing the MAC address.
    - Unfuzzy all patches (Closes: #826:cool: and drop a few obsolete ones.
    - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
    places where we configure keyboard layout and input methods: both are now
    configured in the same place in Jessie's GNOME.
    - Migrate panel launchers to the favorite apps list (Closes: #7992).
    - Drop pre-GNOME Shell menu tweaks.
    - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
    - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
    and #587:cool: that removes the press-Alt-to-turn-shutdown-button-into-Suspend
    functionality from the GNOME user menu, and makes Restart and Shutdown
    immediate, without further user interaction. Accordingly remove our custom
    Shutdown Helper panel applet (#8302).
    - Drop GNOME Panel configuration, now deprecated.
    - Disable GNOME Shell's screen lock feature.
    We're not there yet (see #5684).
    - Disable GNOME Shell screen locker's user switch feature.
    - Explicitly install libany-moose-perl (Closes: #8051).
    It's needed by our OpenPGP applet. On Wheezy, this package was pulled
    by some other dependency. This is not the case anymore on Jessie.
    - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
    over this functionality (Closes: #7481).
    - Don't install ntfsprogs: superseded on Jessie.
    - Don't install barry-util: not part of Jessie.
    - Link udev-watchdog dynamically, and lock it plus its dependencies
    in memory.
    - Migrate from gdm-simple-greeter to a custom gdm-tails session
    (Closes: #7599).
    - Update Plymouth installation and configuration:
    · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
    packages list pulls console-common in, which plymouth now conflicts with
    · don't patch the plymouth initscript anymore, that was superseded
    by native systemd unit files
    · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
    to prevent them from occupying the active TTY with an (empty) splash
    screen on shutdown/reboot, that would hide the messages we want to show
    to the user via tails-kexec (Closes: #9032)
    - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
    (Closes: #789:cool:.
    - Explicitly install syslinux-efi, that we need and is not automatically
    pulled by anything else anymore.
    - Workaround #7248 for GDM: use a solid blue background picture,
    instead of a solid color fill, in the Greeter session.
    - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
    - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
    - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
    - Remove obsolete dconf screenshot settings and the corresponding test.
    - Drop our patched python-dbus{,-dev} package (Closes: #9177).
    - live-persist: stop overriding live-boot's functions, we now have
    a recent enough blkid.
    - Adjust sdmem initramfs bits for Jessie:
    · Directly call poweroff instead of halt -p.
    · Don't pass -n to poweroff and reboot, it's not supported anymore.
    - Wrap text in the Unsafe Browser startup warning dialog
    (Jessie's zenity does not wrap it itself).
    - Associate application/pgp-keys with Seahorse's "Import Key" application
    (Closes: #10571).
    - Install topIcons GNOME Shell extension (v2:cool:, to work around the fact
    that a few of the applets we use hijack the notification area.
    - "cd /" to fix permissions issue at tails-persistence-setup startup
    (Closes: #8097).
    - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
    - Adjust APT sources configuration:
    · remove explicit jessie and jessie-updates sources:
    automatically added by live-build
    · add Debian testing
    · add jessie-backports
    - Firewall: white-list access to the accessibility daemon (Closes: #8075).
    - Adjust to changed desktop notification behavior and supported feature set
    (Closes: #7989):
    · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
    to notify-send
    · update waiting for a notification handler: gnome-panel and nm-applet
    are obsolete, GNOME Shell is now providing this facility, so instead
    wait for a process that starts once GNOME Shell is ready, namely
    ibus-daemon (Closes: #8685)
    · port tails-warn-about-disabled-persistence and tails-virt-notify-user
    to notification actions (instead of hyperlinks), and make the latter
    transient; to this end, add support to Desktop::Notify for "hints"
    and notification actions
    · tails-security-check: use a dialog box instead of desktop notifications
    · MAC spoofing failure notification: remove the link to the documentation;
    it was broken on Tails/Wheezy already, see #10559 for next steps
    - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
    whenever the Greeter does not pull them in anymore.
    - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
    - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
    ourselves for seccomp support anymore.
    - Wrap Seahorse with torsocks when it is started as a D-Bus service too
    (Closes: #9792).
    - Rename the AppArmor profile for Tor, so it applies to the system-wide
    Tor service we run (Closes: #1052:cool:.
    - Essentially revert ALSA state handling to how it was pre-Jessie, so that
    mixer levels are unmuted and sanitized at boot time (Closes: #7591).
    - Pass --yes to apt-get when installing imagemagick.
    - Make removable devices, that we support installing Tails to, user writable:
    Tails Installer requires raw block device access to such devices
    (Closes: #8273). Similarly, allow the amnesia user, when active, to open
    non-system devices for writing with udisks2. This is roughly udisks2's
    equivalent of having direct write access to raw block storage devices.
    Here too, Tails Installer uses this functionality.
    - Disable networkd to prevent any risk of DNS leaks it might cause; and
    disable timesyncd, as we have our own time synchronization mechanism.
    They are not enabled by default in Jessie, but may be in Stretch,
    so let's be explicit about it.
    - Mask hwclock-save.service, to avoid sync'ing the system clock
    to the hardware clock on shutdown (Closes: #9363).
    - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
    (Closes: #9963)
    - Explicitly use tor@default.service when it's the one we mean.
    - Refactor GNOME/X env exporting to Tails' shell library, and grab
    more of useful bits of the desktop session environment.
    Then, use the result in the test suite's remote shell.
    - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
    automatically (Closes: #10609).
    - Have systemd hardening let Tor modify its configuration (needed by Tor
    Launcher), and start obfs4proy (Closes: #10696, #10724).
    - Bump extensions.adblockplus.currentVersion and
    extensions.enigmail.configuredVersion to match what we currently get
    on Jessie.
    - I2P: switch from 'service' to 'systemctl' where possible.

    -- Tails developers <tails@boum.org> Mon, 25 Jan 2016 18:06:33 +0100

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.0/

    SHA-256 Hash: https://tails.boum.org/inc/stable_i386_hash/

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  3. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.0.1 on 13-February-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.0.1/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.0.1) unstable; urgency=medium

    * Major new features and changes
    - Enable the Tor Browser's font fingerprinting protection
    (Closes: #11000). We do it for all browsers (including
    the Unsafe Browser and I2P Browser mainly to avoid making our
    automated test suite overly complex. This implied to set an appropriate
    working directory when launching the Tor Browser, to accommodate for
    the assumptions it makes about this.

    * Security fixes
    - Upgrade Tor Browser to 5.5.2 (Closes: #11105).

    * Bugfixes
    - Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
    - Add libgnome2-bin to installed packages list to provide gnome-open,
    which fixes URL handling at least in KeePassX, Electrum and Icedove
    (Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!

    * Minor improvements
    - Refactor and de-duplicate the chrooted browsers' configuration:
    prefs.js, userChrome.css (Closes: #9896).
    - Make the -profile Tor Launcher workaround simpler (Closes: #7943).
    - Move Torbutton environment configuration to the tor-browser script,
    instead of polluting the default system environment with it.
    - Refresh patch against the Tor Browser AppArmor profile
    (Closes: #1107:cool:.
    - Propagate Tor Launcher options via the wrapper.
    - Move tor-launcher script to /usr/local/bin.
    - Move tor-launcher-standalone to /usr/local/lib.
    - Move Tor Launcher env configuration closer to the place where it is used,
    for simplicity's sake.

    * Test suite
    - Mass update browser and Tor Launcher related images due to font change,
    caused by Tor Browser 5.5's font fingerprinting protection
    (Closes: #11097). And then, use separate PrintToFile.png for the browsers,
    and Evince, since it cannot be shared anymore.
    - Adjust to the refactored chrooted browsers configuration handling.
    - Test that Tor Launcher uses the correct Tor Browser libraries.
    - Allow more slack when verifying that the date that was set.
    - Bump a bit the timeout used when waiting for the remote shell.
    - Bump timeout for the process to disappear, when closing Evince.
    - Bump timeout when saving persistence configuration.
    - Bump timeout for bootstrapping I2P.

    * Build system
    - Remove no longer relevant places.sqlite cleanup procedure.

    -- Tails developers <tails@boum.org> Fri, 12 Feb 2016 13:00:15 +0000

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.0.1/

    SHA-256 Hash: https://tails.boum.org/inc/stable_i386_hash/

    SHA-256 Hash: e175f67b455ce09ee03760330af572f9de34dce51cc9c429b45ab8528d0a471f

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
    Last edited: Feb 14, 2016
  4. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.2 on 08-March-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.2/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.2) unstable; urgency=medium

    * Major new features and changes
    - Replace Vidalia (which has been unmaintained for years) with:
    (Closes: #6841)
    * the Tor Status GNOME Shell extension, which adds a System Status
    icon indicating whether Tor is ready or not.
    * Onion Circuits, a simple Tor circuit monitoring tool.

    * Security fixes
    - Upgrade Tor Browser to 5.5.3 (Closes: #11189).
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u4.
    - Upgrade cpio to 2.11+dfsg-4.1+deb8u1.
    - Upgrade glibc to 2.19-18+deb8u3.
    - Upgrade libav to 6:11.6-1~deb8u1.
    - Upgrade libgraphite2 to 1.3.5-1~deb8u1.
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u1.
    - Upgrade libreoffice to 4.3.3-2+deb8u3.
    - Upgrade libssh2 to 1.4.3-4.1+deb8u1.
    - Upgrade openssl to 1.0.1k-3+deb8u4.
    - Upgrade perl to 5.20.2-3+deb8u4.
    - Upgrade python-imaging, python-pil to 2.6.1-2 2.6.1-2+deb8u2.

    * Bugfixes
    - Hide "Laptop Mode Tools Configuration" menu entry. We don't
    support configuring l-m-t in Tails, and it doesn't work out of
    the box. (Closes: #11074)
    - WhisperBack:
    * Actually write a string when saving bug report to
    disk. (Closes: #11133)
    * Add missing argument to OpenPGP dialog so the optional OpenPGP
    key can be added again. (Closes: #11033)

    * Minor improvements
    - Upgrade I2P to 0.9.24-1~deb8u+1.
    - Add support for viewing DRM protected DVD videos using
    libdvdcss2. Patch series submitted by Austin English
    <austinenglish@gmail.com>. (Closes: #7674)
    - Automatically save KeePassX database after every change by default.
    (Closes: #11147)
    - Implement Tor stream isolation for WhisperBack
    - Delete unused tor-tsocks-mua.conf previously used by Claws
    Mail. (Closes: #10904)
    - Add set -u to all gettext:ized shell scripts. In gettext-base <
    1.8.2, like the one we had in Wheezy, gettext.sh references the
    environment variable ZSH_VERSION, which we do not set. This has
    prevented us from doing `set -u` without various hacks. (Closes:
    - Also set -e in some shell scripts which lacked it for no good
    - Make Git verify the integrity of transferred objects. (Closes:
    - Remove LAlt+Shift and LShift+RShift keyboard layout toggling
    shortcuts. (Closes: #10913, #11042)

    * Test suite
    - Reorder the execution of feature to decrease peak disk
    usage. (Closes: #10503)
    - Paste into the GTK file chooser, instead of typing. (Closes:
    - Pidgin: wait a bit for text to have stopped scrolling before we
    click on it. (Closes: #10783)
    - Fix step that runs commands in GNOME Terminal, that was broken
    on Jessie when a Terminal is running already. (Closes: #11176)
    - Let ruby-rjb guess JAVA_HOME instead fixing on one jvm
    version. (Closes: #11190)

    * Build system
    - Upgrade build system to Debian Jessie. This includes migrating to a
    new Vagrant basebox based on Debian Jessie.
    - Rakefile: print git status when there are uncommitted
    changes. Patch submitted by Austin English
    <austinenglish@gmail.com>. (Closes: #1110:cool:
    - .gitignore: add .rake_tasks~. Patch submitted by Austin English
    <austinenglish@gmail.com>. (Closes: #11134)
    - config/amnesia: use --show-field over sed filtering. Patch
    submitted by Chris Lamb <lamby@debian.org>.
    - Umount and clean up leftover temporary directories from old
    builds. (Closes: #10772)

    -- Tails developers <tails@boum.org> Mon, 07 Mar 2016 18:09:50 +0100

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.2/

    SHA-256 Hash: https://tails.boum.org/inc/stable_i386_hash/

    SHA-256 Hash: e175f67b455ce09ee03760330af572f9de34dce51cc9c429b45ab8528d0a471f

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  5. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.2.1 on 18-March-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.2.1/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.2.1) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 5.5.4. (Closes: #11254)
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u6
    - Upgrade libotr to 4.1.0-2+deb8u1
    - Upgrade samba-related packages to 2:4.1.17+dfsg-2+deb8u2.
    - Upgrade libgraphite2 to 1.3.6-1~deb8u1.

    -- Tails developers <tails@boum.org> Thu, 17 Mar 2016 15:03:52 +0100

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.2.1/

    SHA-256 Hash: https://tails.boum.org/inc/stable_i386_hash/

    SHA-256 Hash: 1a82cdbfc162a54e488f260fdbca7d9251e9a83a9faec63e8df23a9d4d97099f

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    Here is the full description of the new signing key:
    pub   4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]
              Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
        uid                 [ unknown] Tails developers (offline long-term identity key)
        uid                 [ unknown] Tails developers
        sub   4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]
        sub   4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]
    I was playing around with Kleopatra, and found I couldn't certify the tails-signing.key because "certificate expired". Upon inspection:
    > gpg2 --list-keys -v
    gpg: NOTE: signature key 56987A65 expired 01/11/16 09:22:10 Eastern Standard Time
    gpg: NOTE: signature key 56987A65 has been revoked
    pub   4096R/58ACD84F 2015-01-18 [expires: 2017-01-11]
    uid       [  full  ] Tails developers (offline long-term identity key) <tails@boum.org>
    uid       [  full  ] Tails developers <tails@boum.org>
    sub   4096R/752A3DB6 2015-01-18 [expires: 2017-01-11]
    sub   4096R/2F699C56 2015-01-18 [expires: 2017-01-11]
    sub   4096R/56987A65 2015-01-18 [revoked: 2015-10-29]
    > gpg2 --fingerprint 0x58ACD84F
    pub   4096R/58ACD84F 2015-01-18 [expires: 2017-01-11]
          Key fingerprint = A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
    uid       [  full  ] Tails developers (offline long-term identity key) <tails@boum.org>
    uid       [  full  ] Tails developers <tails@boum.org>
    sub   4096R/752A3DB6 2015-01-18 [expires: 2017-01-11]
    sub   4096R/2F699C56 2015-01-18 [expires: 2017-01-11]
    Fingerprints match. I read it is common to include revocations due to users not deleting previous certificates plus merging. Cmdline trust and sign seems to work OK. Download did verify. So I'm thinking things are OK except for what I am assuming is a Kleopatra issue. Wanted to mention it here in case someone more experienced than I has input on the subject.
    Last edited: Mar 20, 2016
  7. oliverjia

    oliverjia Registered Member

    Jul 21, 2005
    There is no x64 build of this ISO? Unbelievable at this day and age.
  8. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.3 on 26-April-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.3/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.3) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
    - Upgrade icedove to 38.7.0-1~deb8u1
    - Upgrade git to 1:2.1.4-2.1+deb8u2
    - Upgrade libgd3 to 2.1.0-5+deb8u1
    - Upgrade pidgin-otr to 4.0.1-1+deb8u1
    - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
    - Upgrade imagemagick to 8:
    - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
    - Upgrade openssh to 1:6.7p1-5+deb8u2

    * Bugfixes
    - Refresh Tor Browser's AppArmor profile patch against the one from
    torbrowser-launcher 0.2.4-1. (Fixes: #11264)
    - Pull monkeysphere from stretch to avoid failing to install under
    eatmydata. (Fixes: #11170)
    - Start gpg-agent with no-grab option due to issues with pinentry and
    GNOME's top bar. (Fixes: #1103:cool:
    - Tails Installer: Update error message to match new name of 'Clone
    & Install'. (Fixes: #1123:cool:
    - Onion Circuits:
    * Cope with a missing geoipdb. (Fixes: #11203)
    * Make both panes of the window scrollable. (Fixes #11192)
    - WhisperBack: Workaround socks bug. When the Tor fails to connect to
    the host, WisperBack used to display a ValueError. This is caused by
    a socks bug that is solved in upstream's master but not in Tails.
    This commit workarounds this bug Unclear error message in WhisperBack
    when failing to connect to the server. (Fixes: #11136)

    * Minor improvements
    - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
    and fixes to various packages . (Fixes: #11232)
    - Upgrade I2P to 0.9.25. (Fixes: #11363)
    - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
    passwords from the clipboard. (Fixes: #11239)
    - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
    (Fixes: #11273)
    - Make the Tor Status "disconnected" icon more contrasted with the
    "connected" one. (Fixes: #11199)

    * Test suite
    - Add UTF-8 support to OTR Bot. (Fixes: #10866)
    - Don't explicitly depend on openjdk-7-jre or any JRE for that
    matter. Sikuli will pull in a suitable one, so depending on one
    ourselves is only risks causing trouble. (Fixes: #11335)

    -- Tails developers <tails@boum.org> Mon, 25 Apr 2016 14:12:22 +0200

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.3/

    SHA-256 Hash: https://tails.boum.org/inc/stable_i386_hash/

    SHA-256 Hash: 3E62AB45A3E4105C8353A495F5774CE970F7C3B2736B420A5DB7F7F79223B8EF

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  9. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
  10. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    In the tails-support mailing list, Tails 2.4 will include version 6.0.1 of the Tor Browser which means that the Tails team are sync'ing Tails releases with newer fixed versions of the Tor Firefox-based browser.

    -- Tom
  11. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    Hello lotuseclat79:

    It seems this has been the general practice of the TAILS developers. First a TOR Browser release soon followed by a TAILS release. It seems logical.
  12. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Hi 1PW,

    It is now which is a good thing, but has not always been so in the past.

    -- Tom
  13. ronjor

    ronjor Global Moderator

    Jul 21, 2003
  14. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.4 on 07-June-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.4/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.4) unstable; urgency=medium

    * Major new features and changes
    - Upgrade Tor Browser to 6.0.1 based on Firefox 45.2. (Closes:
    #11403, #11513).
    - Enable Icedove's automatic configuration wizard. We patch the
    wizard to only use secure protocols when probing, and only
    accept secure protocols, while keeping the improvements done by
    TorBirdy in its own non-automatic configuration wizard. (Closes:
    #6158, #11204)

    * Security fixes
    - Upgrade bsdtar and libarchive13 to 3.1.2-11+deb8u1.
    - Upgrade icedove to 38.8.0-1~deb8u1+tails3.
    - Upgrade imagemagick to 8:
    - Upgrade libexpat1 to 2.1.0-6+deb8u2.
    - Upgrade libgd3 to 2.1.0-5+deb8u3.
    - Upgrade gdk-pixbuf-based packages to 2.31.1-2+deb8u5.
    - Upgrade libidn11 to 1.29-1+deb8u1.
    - Upgrade libndp0 to 1.4-2+deb8u1.
    - Upgrade poppler-based packages to 0.26.5-2+deb8u1.
    - Upgrade librsvg2-2 to 2.40.5-1+deb8u2.
    - Upgrade libsmbclient to 2:4.2.10+dfsg-0+deb8u3.
    - Upgrade OpenSSL to 1.0.1k-3+deb8u5.
    - Upgrade libtasn1-6 to 4.2-3+deb8u2.
    - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u2.
    - Upgrade openjdk-7-jre to 7u101-2.6.6-1~deb8u1.

    * Bugfixes
    - Enable Packetization Layer Path MTU Discovery for IPv4. If any
    system on the path to the remote host has a MTU smaller than the
    standard Ethernet one, then Tails will receive an ICMP packet
    asking it to send smaller packets. Our firewall will drop such
    ICMP packets to the floor, and then the TCP connection won't
    work properly. This can happen to any TCP connection, but so far
    it's been reported as breaking obfs4 for actual users. Thanks to
    Yawning for the help! (Closes: #926:cool:
    - Make Tails Upgrader ship other locales than English. (Closes:
    - Make it possible to add local USB printers again. Bugfix on
    Tails 2.0. (Closes #10965).

    * Minor improvements
    - Remove custom SSH ciphers and MACs settings. (Closes: #7315)
    - Bring back "minimize" and "maximize" buttons in titlebars by
    default. (Closes: #11270)
    - Icedove improvements:
    * Stop patching in our default into Torbirdy. We've upstreamed
    some parts, and the rest we set with pref branch overrides in
    /etc/xul-ext/torbirdy.js. (Closes: #10905)
    * Use hkps keyserver in Enigmail. (Closes: #10906)
    * Default to POP if persistence is enabled, IMAP is
    not. (Closes: #10574)
    * Disable remote email account creation in Icedove. (Closes:
    - Firewall hardening (Closes: #11391):
    * Don't accept RELATED packets. This enables quite a lot of code
    in the kernel that we don't need. Let's reduce the attack
    surface a bit.
    * Restrict debian-tor user to NEW TCP syn packets. It doesn't
    need to do more, so let's do a little bit of security in
    * Disable netfilter's nf_conntrack_helper.
    * Fix disabling of automatic conntrack helper assignment.
    - Kernel hardening:
    * Set various kernel boot options: slab_nomerge slub_debug=FZ
    mce=0 vsyscall=none. (Closes: #11143)
    * Remove the kernel .map files. These are only useful for kernel
    debugging and slightly make things easier for malware, perhaps
    and otherwise just occupy disk space. Also stop exposing
    kernel memory addresses through /proc etc. (Closes: #10951)
    - Drop zenity hacks to "focus" the negative answer. Jessie's
    zenity introduced the --default-cancel option, finally!
    (Closes: #11229)
    - Drop useless APT pinning for Linux.
    - Remove gnome-tweak-tool. (Closes: #11237)
    - Install python-dogtail, to enable accessibility technologies in
    our automated test suite (see below). (Part of: #10721)
    - Install libdrm and mesa from jessie-backports. (Closes: #11303)
    - Remove hledger. (Closes: #11346)
    - Don't pre-configure the #tails chan on the default OFTC account.
    (Part of: #11306)
    - Install onioncircuits from jessie-backports. (Closes: #11443)
    - Remove nmh. (Closes: #10477)
    - Drop Debian experimental APT source: we don't use it.
    - Use APT codenames (e.g. "stretch") instead of suites, to be
    compatible with our tagged APT snapshots.
    - Drop module-assistant hook and its cleanup. We've not been using
    it since 2010.
    - Remove 'Reboot' and 'Power Off' entries from Applications →
    System Tools. (Closes: #11075)
    - Pin our custom APT repo to the same level as Debian ones, and
    explicitly pin higher the packages we want to pull from our custom
    APT repo, when needed.
    - config/chroot_local-hooks/59-libdvd-pkg: verify libdvdcss
    package installation. (Closes: #11420)
    - Make Tails Upgrader use our new mirror pool design. (Closes:
    - Drop custom OpenSSH client ciphers and MACs settings. We did a
    pretty bad job at maintaining them compared to the Debian
    upstream. (Closes: #7315)
    - Install jessie-backports version of all binary packages built
    from src:hplip. This adds support for quite a few new
    - Install printer-driver-postscript-hp, which adds support for
    some more printers.

    * Build system
    - Use a freezable APT repo when building Tails. This is a first
    step towards reproducible builds, and improves our QA and
    development processes by making our builds more predictable. For
    details, see: https://tails.boum.org/contribute/APT_repository/
    - There has been a massive amount of improvements to the
    Vagrant-based build system, and now it could be considered the
    de-facto build system for Tails! Improvements and fixes include:
    * Migrate Vagrant to use libvirt/KVM instead of
    Virtualbox. (Closes: #6354)
    * Make apt-get stuff non-interactive while provisioning.
    Because there is no interaction, so that will results in
    * Bump disk space (=> RAM for RAM builds) needed to build with
    Vagrant. Since the Jessie migration it seems impossible to
    keep this low enough to fit in 8 GiB or RAM. For this reason
    we also drop the space optimization where we build inside a
    crazy aufs stack; now we just build in a tmpfs.
    * Clean up apt-cacher-ng cache on vm:provision to save disk
    space on the builder.
    * Add convenient Rake task for SSH:ing into the builder VM:
    `rake vm:ssh`.
    * Add rake task for generating a new Vagrant base box.
    * Automatically provision the VM on build to keep things up-to-date.
    * Don't enable extproxy unless explicitly given as an
    option. Previously it would automatically be enabled when
    `http_proxy` is set in the environment, unlike what is
    documented. This will hopefully lead to fewer surprises for users
    who e.g. point http_proxy to a torified polipo, or similar.
    * Re-fetch tags when running build-tails with Vagrant. That
    should fix an annoyance related to #7182 that I frequently
    encounter: when I, as the RM, rebuild the release image the
    second time from the force-updated tag, the build system would
    not have the force-updated tag. (Closes: #7182)
    * Make sure we use the intended locale in the Tails builder VM.
    Since we communicate via SSH, and e.g. Debian forward the
    locale env vars by default, we have to take some steps
    ensuring we do not do that.
    - Pull monkeysphere from stretch to avoid failing to install under
    eatmydata. Patch submitted by Cyril Brulebois <cyril@debamax.com>.

    * Test suite
    - Add wrapper around dogtail (inside Tails) for "remote" usage in
    the automated test suite. This provides a simple interface for
    generating dogtail python code, sending it to the guest, and
    executing it, and should allow us to write more robust tests
    leveraging assistive technologies. (Closes: #10721)
    - A few previously sikuli-based tests has been migrated to use
    dogtail instead, e.g. GNOME Applications menu interaction.
    - Add a test for re-configuring an existing persistent volume.
    This is a regression test for #10809. (Closes: #10834)
    - Use a simulated Tor network provided by Chutney in the automated
    test suite. The main motivation here is improved robustness --
    since the "Tor network" we now use will exit from the host
    running the automated test suite, we won't have to deal with Tor
    network blocking, or unreliable circuits. Performance should
    also be improved. (Closes: #9521)
    - Drop the usage of Tor Check in our tests. It doesn't make sense
    now when we use Chutney since that always means it will report
    that Tor is not being used.
    - Stop testing obsolete pluggable transports.
    - Completely rewrite the firewall leak detector to something more
    flexible and expressive.
    - Run tcpdump with --immediate-mode for the network sniffer. With
    this option, "packets are delivered to tcpdump as soon as they
    arrive, rather than being buffered for efficiency" which is
    required to make the sniffing work reliable the way we use it.
    - Remove most scenarios testing "tordate". It just isn't working
    well in Tails, so we shouldn't expect the tests to actually work
    all of the time. (Closes: #10440)
    - Close Pidgin before we inspect or persist its accounts.xml.
    I've seen a case when that file is _not_ saved (and thus, not
    persisted) if we shut down the system while Pidgin is still
    running. (Closes: #11413)
    - Close the GNOME Notification bar by pressing ESC, instead of
    opening the Applications menu. The Applications menu often
    covers other elements that we're looking for on the
    screen. (Closes #11401)
    - Hide Florence keyboard window when it doesn't vanish by itself
    (Closes: #1139:cool: and wait a bit less for Florence to disappear
    (Closes: #11464).

    -- Tails developers <tails@boum.org> Mon, 06 Jun 2016 20:10:56 +0200

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.4/

    SHA-256 Hash: E35916E5B22EA0CE351445889A0BCBFFEAC8A97129242EC65CA24F601B4034B2

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  15. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
    The Tails developers have released The Amnesic Incognito Live System 2.5 on 02-August-2016.

    Home: https://tails.boum.org/

    Announcement and Release Notes: https://tails.boum.org/news/version_2.5/index.en.html

    Changelogs: https://git-tails.immerda.ch/tails/plain/debian/changelog

    tails (2.5) unstable; urgency=medium

    * Major new features and changes
    - Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
    · Fix long delay causing bad UX in the autoconfig wizard,
    when it does not manage to guess proper settings on some domains.
    (Closes: #11486)
    · Better support sending email through some ISPs, such as Riseup.
    (Closes: #10933)
    · Fix spurious error message when creating an account and providing
    its password. (Closes: #11550)

    * Security fixes
    - Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
    - Upgrade GIMP to 2.8.14-1+deb8u1.
    - Upgrade libav to 6:11.7-1~deb8u1.
    - Upgrade expat to 2.1.0-6+deb8u3.
    - Upgrade libgd3 to 2.1.0-5+deb8u6.
    - Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
    - Upgrade perl to 5.20.2-3+deb8u6.
    - Upgrade Pidgin to 2.11.0-0+deb8u1.
    - Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
    - Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
    - Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
    - Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
    - Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.

    * Minor improvements
    - htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
    timeout for HTTP operations for more robust time synchronization.
    (Closes: #11577)
    - Hide settings panel for the Online Accounts component of GNOME,
    that we don't support. (Closes: #11545)
    - Vastly improve graphics performance in KVM guest with QXL driver.
    (Closes: #11500)
    - Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
    (Closes: #11489)

    * Build system
    - Wrap Pidgin in a more maintainable way. (Closes: #11567)

    * Test suite
    - Add a test scenario for the persistence "dotfiles" feature.
    (Closes: #10840)
    - Improve robustness of most APT, Git, SFTP and SSH scenarios,
    enough to enable them on Jenkins. (Closes: #10444, #10496, #1049:cool:
    - Improve robustness of checking for persistence partition. (Closes: #1155:cool:
    - Treat Tails booting from /dev/sda as OK, to support all cases
    including a weird one caused by hybrid ISO images. (Closes: #10504)
    - Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
    - Only query A records when exercising DNS lookups, to improve robustness.

    -- Tails developers <tails@boum.org> Sun, 31 Jul 2016 16:50:35 +0000

    Download ISO & PGP Signing Key: http://dl.amnesia.boum.org/tails/stable/tails-i386-2.5/

    SHA-256 Hash: AC1E5C08DBA8FD6CDB4149DE9956821247BDC9E991A000EC8838B8C613575578

    OpenPGP Keys: https://tails.boum.org/doc/about/openpgp_keys/index.en.html

    VT: The ISO image file size does not permit a VT analysis.
  16. 1PW

    1PW Registered Member

    Apr 2, 2010
    North of the 38th parallel.
  17. mood

    mood Updates Team

    Oct 27, 2012
    Tails 2.11 Released
    Announcement and further information
    New features
    • If running on a 32-bit processor, notify the user that it won't be able to start Tails 3.0 anymore. (#12193)

    • Notify I2P users that I2P will be removed in Tails 2.12. (#12271
    Upgrades and changes
    • Upgrade Tor Browser to 6.5.1.

    • Fix CVE-2017-6074 (local root privilege escalation) by disabling the dccp module. (#12280) Also disable kernel modules for some other uncommon network protocols. (Part of #6457)
    Fixed problems
    • Tor Browser: Don't show offline warning when opening the local documentation of Tails. (#12269)

    • Fix rare issue causing automatic upgrades to not apply properly (#8449 and #11839)

    • Install Linux 4.8.15 to prevent GNOME from freezing with Intel GM965/GL960 Integrated Graphics. (#12217)
    For more details, read our changelog.
    tails (2.11) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
    - Fix CVE-2017-6074 (local root privilege escalation) by disabling
    the 'dccp' module. (Closes: #12280)
    - Disable kernel modules for some uncommon network protocol. These
    are the ones recommended by CIS. (Part of: #6457)
    - Disable modules we blacklist for security reasons. Blacklisted
    (via `blacklist MODULENAME`) modules are only blocked from being
    loaded during the boot process, but are still loadable with an
    explicit `modprobe MODULENAME`, and (worse!) via kernel module
    - Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
    - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
    - Upgrade imagemagick to 8:
    - Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
    - Upgrade libgd3 to 2.1.0-5+deb8u9.
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
    - Upgrade liblcms2-2 to 2.6-3+deb8u1.
    - Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
    - Upgrade login to 1:4.2-3+deb8u3.
    - Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
    - Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
    - Upgrade openssl to 1.0.1t-1+deb8u6.
    - Upgrade tcpdump to 4.9.0-1~deb8u1.
    - Upgrade vim to 2:7.4.488-7+deb8u2.
    - Upgrade libreoffice to 1:4.3.3-2+deb8u6.

    * Minor improvements
    - import-translations: also import PO files for French from
    Transifex. The translation team for French switched to Transifex
    even for our custom programs:
    - Notify the user, if running on a 32-bit processor, that it won't
    be supported in Tails 3.0 anymore. (Closes: #12193)
    - Notify I2P users that I2P will be removed in Tails
    2.12. (Closes: #12271)

    * Bugfixes
    - Disable -proposed-updates at boot time. If a Debian point
    release happens right after a freeze but we have decided to
    enable it before the freeze to get (at least most of) it, then
    we get in the situation where -proposed-updates is enabled in
    the final release, which we don't want. We only want it enabled
    at build time. (Closes: #12169)
    - Ferm: Use the variable when referring to the Live user. The
    firewall will fail to start during early boot otherwise since
    the "amnesia" user hasn't been created yet. (Closes: #12208)
    - Tor Browser: Don't show offline warning when opening local
    documentation. (Closes: #12269)
    - tails-virt-notify-user: use the tails-documentation helper to
    improve UX when one is not connected to Tor yet, and display
    localized doc when available.
    - Fix rare issue causing automatic upgrades to not apply properly
    (Closes: #8449, and hopefully #11839 as well):
    * Allow the tails-install-iuk user to run "/usr/bin/nocache
    /bin/cp *" as root.
    * Install tails-iuk 2.8, which will use nocache for various file
    operations, and sync writes to the installation medium.
    - Install Linux 4.8.15 to prevent GNOME from freezing with Intel
    GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
    of other small bugs)

    * Build system
    - Add 'offline' option, making it possible to build Tails offline
    (if all needed resources are present in your cache). (Closes:

    * Test suite
    - Encapsulate exec_helper's class to not "pollute" the global
    namespace with all our helpers. This is an example of how we can
    work towards #9030.
    - Extend remote shell with *safe* file operations. Now we can
    read/write/append *any* characters without worrying that it will
    do crazy things by being passed through the shell, as was the
    case before. This commit also:
    * adds some better reporting of errors happening on the server
    side by communicating back the exception thrown.
    * removes the `user` parameter from the VM.file_* methods. They
    were not used, any way, and simply do not feel like they
    fit. I think the only reason we had it initially was because
    it was implemented via the command interface, where a user
    concept makes a lot of sense.
    - debug_log() Dogtail script content on failure.
    - Add a very precise timestamp to each debug_log().
    - Make robust_notification_wait() ensure the applet is closed. In
    robust_notification_wait() when we close the notification
    applet, other windows may change position, creating a racy
    situation for any immediately following action aimed at one such
    window. (Closes: #10381)
    - Fix I2P's Pidgin test. The initial conversation (that determines
    the title of the conversation window) is now made by a different
    IRC service than before.
    - Use lossless compression for the VNC viewer with --view.
    Otherwise the VNC viewer is not a good place to extract test
    suite images from, at least with xtigervncviewer.
    - Add optional pause() notification feature to the test suite. It
    will run a user-configurable arbitrary shell command when
    pause() is called, e.g. on failure when --interactive-debugging
    is used. This is pretty useful when multitasking with long test
    suite runs, so you immediately are notified when a test fails
    (or when you reached a temporary pause() breakpoint). (Closes:
    - Add the possibility to run Python code in a persistent session
    in the remote shell and use this for Dogtail to significantly
    improve its performance by saving state and reusing it between
    commands. This changes the semantics of the creation of Dogtail
    objects. Previously they just created the code that then would
    be run once an actionable method was called (.wait, .click etc),
    but now it works like in Python, that Dogtail will try to find
    the graphical element upon object creation. (Closes: #12059)
    - Test that we don't ship any -proposed-updates APT sources.
    (Closes: #12169)
    - Make force_new_tor_circuit() respect NEWNYM rate limiting.
    - Add retry magic for lost click when opening Tails' documentation
    from the desktop launcher. (Closes: #12131)

    -- Tails developers <tails@boum.org> Mon, 06 Mar 2017 17:14:52 +0100
  18. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Even though is does not to appear have been announced, Tails 2.12 (i386) was released yesterday at 16:55.

    You can download the ISO file and its signature here.

    -- Tom
  19. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
    You might want to explain to folks what Tails is. Even with google it took a bit of figuring.
  20. illumination

    illumination Guest

    Tails is a Portable "privacy orientated" version of Linux for those not familiar. It happens to be the same version of Linux used by Edward Snowden.
  21. EASTER

    EASTER Registered Member

    Jul 28, 2007
    U.S.A. (South)
    What is a tails used for and is it 32 or 64 bit? Thnx
  22. boredog

    boredog Registered Member

    Feb 1, 2015
    Also read the warning page as to what it doesn't protect you from. I think DEbian OS that sends everything encrypted through TOR.
  23. boredog

    boredog Registered Member

    Feb 1, 2015
  24. mood

    mood Updates Team

    Oct 27, 2012
    There is already a thread for announcements for Tails, maybe post it there: :doubt:
    Tails Release Announcements
  25. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    The 3.x releases of Tails now only work on 64-bit hardware, whereas the 2.x releases are for 32-bit, and are being abandoned from a development point of view, I think after 2.12 as I do not see any scheduled 2.x releases beyond 2.12 on the Tails Calendar.

    -- Tom
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.