Tails Release Announcements

Discussion in 'all things UNIX' started by TheKid7, Apr 10, 2013.

  1. longshots

    longshots Registered Member

    Oct 20, 2017
  2. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.12.1 Released
    Announcement and further information
    • Update Tor Browser to 8.0.6.
    This fixes a critical vulnerability in the Skia library used by Firefox and Chrome to render graphics.

    If you are curious about the maths behind this vulnerability, you can read The Curious Case of Convexity Confusion by Google Project Zero.​
    For more details, read our changelog.

    Known Issues

    See the list of long-standing issues.

    Tails fails to start a second time on some computers (#16389)
    On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

    We are still investigating the issue, so if it happens to you, please report your findings by email to tails-testers@boum.org. Mention the model of the computer and the USB stick. This mailing list is archived publicly.

    To fix this issue: [...]

    What's coming up?
    Tails 3.13 is scheduled for March 19.
    tails (3.12.1) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 8.0.6 (MFSA-2019-04; Closes: #16437).
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u5 (DSA-4381).
    - Upgrade cURL to 7.52.1-5+deb9u9 (DSA-4386).
    - Upgrade Qt 5 to 5.7.1+dfsg-3+deb9u1 (DSA-4374).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u5 (DSA-4387).

    -- Tails developers <tails@boum.org> Tue, 12 Feb 2019 21:25:14 +0100
  3. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.13 Released
    Announcement and further information
    Upgrades and Changes

    • Add support for the Bopomofo input method for Chinese using the Chewing library and improve support for the Pinyin input method. (#11292)
      If you still have problems typing in Bopomofo or Pinyin, please let us know on tails-testers@boum.org (public mailing list) or tails-bugs@boum.org (private email).
    • Save a backup of the configuration of the persistent storage every time it is modified. (#16461)
      This will help us understand and solve why sometimes all the settings of the persistent storage disappear. (#10976)
    • Update Tor Browser to 8.0.7.
    • Update Tor to
    • Update Thunderbird to 65.1.0.
    • Update Linux to 4.19.28.
    • Update the Intel microcode to 3.20180807a.2, which fixes more variants of the Spectre, Meltdown, and Level 1 Terminal Fault (L1TF) vulnerabilities.
    Fixed problems
    • Prevent Additional Software from downloading packages that are already saved in the persistent storage. (#15957)
    • Fix the localization of Tor Launcher, the application to configure a Tor bridge or a local proxy. (#16338)
    • Fix accessibility when opening Tor Browser from a desktop notification. (#16475)
    • Fix WhisperBack crashing when additional APT repositories is configured. (#16563)
    For more details, read our changelog.

    Known Issues
    See the list of long-standing issues.

    What's coming up?
    Tails 3.14 is scheduled for May 14.
    tails (3.13) unstable; urgency=medium

    * Major changes
    - Upgrade Linux to 4.19.28-1 (Closes: #16390, #16469, #16552).
    - Upgrade Tor Browser to 8.0.7 (Closes: #16559).
    - Upgrade Thunderbird to 65.1.0 (Closes: #16422).

    * Security fixes
    - Upgrade LDB to 2:1.1.27-1+deb9u1 (DSA-4397-1).
    - Upgrade OpenJPEG to 2.1.2-1.1+deb9u3 (DSA-4405-1).
    - Upgrade OpenSSL 1.0 to 1.0.2r-1~deb9u1 (DSA-4400-1).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u6 (DSA-4387-2).

    * Bugfixes
    - Upgrade tor to (Closes: #16348).
    - Ensure Additional Software doesn't try to download packages that are
    in persistent cache (Closes: #15957).
    - Improve chances of recovering a lost persistence configuration
    (Closes: #10976).
    - Tor Launcher: add langpacks to enable localization again
    (Closes: #16338).
    - Migrate away from buggy Chinese input method: switch from ibus-pinyin
    to ibus-libpinyin + ibus-chewing (Closes: #11292).
    - Fix crash in Whisperback when additional persistent APT repositories
    are configured (Closes: #16563).
    - Give visual feedback while starting Whisperback (Closes: #16333).

    * Minor improvements and updates
    - Add feedback when opening VeraCrypt Mounter (Closes: #16334).
    - Improve consistency in Additional Software's accessibility
    (Closes: #16110).
    - Fix missing accessibility support when opening a browser from a
    notification (Closes: #16475).
    - Refresh ublock-origin patch to apply cleanly on top of 1.18.4+dfsg-1
    (Closes: #16451)
    - Upgrade intel-microcode to 3.20180807a.2~deb9u1.
    Fixes CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-3639,
    CVE-2018-3640, CVE-2017-5753, CVE-2017-5754.

    * Build system
    - Lower memory requirements when building Tails by limiting the memory
    used by mksquashfs to 512M (Closes: #16177).
    - Remove obsolete check on Thunderbird addons (Closes: #16045).
    - Update Tails' APT GnuPG key expiration (Closes: #16420).
    - Optimize Git operations (share resources, fetch only the needed
    - Clone submodules from the host's local repositories (Closes: #16476).
    - Drop useless manual initramfs update (Closes: #16452).
    - Add a sanity check on the size of the initramfs (Closes: #16452).

    * Test suite
    - Add automated tests for Additional Software GUI (Closes: #14576,
    - Add automated tests on the backup persistence configuration
    (Closes: #16461).
    - Adjust test for Thunderbird 60.5.1 (Closes: #16555).

    -- Tails developers <tails@boum.org> Mon, 18 Mar 2019 23:40:50 +0100
  4. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.13.1 Released
    Announcement and further information
    Upgrades and Changes
    • Update Tor Browser to 8.0.8.
    For more details, read our changelog.

    What's coming up?
    Tails 3.14 is scheduled for May 14.
    tails (3.13.1) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 8.0.8 (Closes: #16606, MFSA-2019-10).
    - Upgrade NTFS-3G to 1:2016.2.22AR.1+dfsg-1+deb9u1 (DSA-4413-1).

    -- Tails developers <tails@boum.org> Fri, 22 Mar 2019 20:54:03 +0000
  5. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.13.2 Released
    Announcement and further information
    Fixed NoScript activation in Tor Browser

    Starting from Friday May 3, a problem in Firefox and Tor Browser disabled all add-ons. This release reactivates all add-ons in Tor Browser, especially NoScript which is used to:
    • Most importantly, protect against a very strong fingerprinting technique called HTML5 canvas fingerprinting which can break your anonymity.
      Using HTML5 canvas fingerprinting, 2 or more collaborating websites can compare how graphics and text are displayed by your computer and determine whether 2 website visits are coming from the same computer or not.
    • Strengthen Tor Browser against some JavaScript attacks that can lead to compromised accounts and credentials on websites.
    • Enable or disable JavaScript on some websites using the NoScript interface, if you use it.
    Other Upgrades and Changes
    • Remove the OpenPGP Applet and Pidgin notification icons from the top navigation bar.

      You can still access the OpenPGP Applet and Pidgin notification icons from the system tray in the bottom-left corner of the screen.
      To display the system tray, move your mouse to the thin gray line in the bottom-left of the screen, above the window list:
      To move these icons back to the top navigation bar, execute the following command in a Terminal:

      gnome-shell-extension-tool --enable-extension=TopIcons@phocean.net

      Until now, these icons were displayed in the top navigation bar by the TopIcons GNOME extension. This extension is unmaintained, causes GNOME to crash (#11188), and will not work in Tails 5.0 based on Debian 11 (Bullseye).

    • Install localization packages only for the following languages:
      • Arabic
      • English
      • Farsi
      • French
      • German
      • Hindi
      • Indonesian
      • Italian
      • Portuguese
      • Russian
      • Simplified Chinese
      • Spanish
      • Turkish
      You can install localization packages for other languages using the Additional Software feature.

      Localization packages include:
      • Thunderbird localization: packages thunderbird-l10n-lang
      • LibreOffice localization: packages libreoffice-l10n-lang
      • Spell-checking dictionaries: packages hunspell-lang
      Where lang is the code for your language. For example, es for Spanish.

    • Add a suspend button to the system menu.
    • Add suspend, restart, and shutdown buttons to the system menu when the screen is locked.
    • Replace all non-Latin fonts with the Noto fonts family.
    • Update Debian to 9.9.
    • Update Thunderbird to 60.6.1.
    Fixed problems
    • Fix the automatic configuration of new email accounts in Thunderbird. (#16573)
    • Prevent Tails from shutting down when waking up from suspend on some computers. (#11729)
    • Fix the import of the Tails signing key in the Passwords and Keys utility. (##15213)
    • Don't show notifications about TailsData when configuring a persistent volume. (#16632)
    For more details, read our changelog.

    Known Issues

    • Tails fails to start a second time on some computers (#16389)
    On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

    What's coming up?
    Tails 3.14 is scheduled for May 14.
    tails (3.13.2) unstable; urgency=medium

    * Major changes
    - Replace all locale-specific fonts and standard X.Org fonts with
    the Noto fonts collection (Closes: #9956).
    - Install localization support packages for all tier-1 supported languages,
    and only those (Closes: #15807). Current tier-1 supported languages are:
    Arabic, German, English, Spanish, Farsi, French, Italian, Portuguese
    (Brazil), Russian, Turkish, Simplified Chinese, Hindi, Indonesian.
    - Disable the TopIcons GNOME Shell extension (Closes: #16608).
    This extension causes crashes (#11188), does not work on Wayland
    (#8309, #12213) so long-term, we need to remove it anyway.
    In order to learn how much our users rely on this extension and
    on OpenPGP Applet, let's disable this extension for one Tails release.
    While TopIcons is disabled (by default):
    · Users can still use OpenPGP Applet via the system tray in the bottom
    left corner of the desktop.
    · Users who do need TopIcons for other reasons can enable it again
    with 1 command line.

    * Security fixes
    - Upgrade Tor Browser to 8.0.9 (Closes: #16694).
    - Upgrade to Debian Stretch 9.9 (Closes: #16670).
    - Upgrade Thunderbird to 60.6.1 (Closes: #16641).

    * Bugfixes
    - Fix Thunderbird account setup wizard (Closes: #16573).
    - Display poweroff and reboot buttons even when locked (Closes: #15640).
    - Disable emergency shutdown during suspend (Closes: #11729).
    - Provide feedback while starting Onion Circuits (Closes: #16350).
    - Associate .key files with Seahorse (Closes: #15213).
    This partially fixes importing OpenPGP keys from GNOME Files.
    - Don't show spurious notification about "TailsData" while setting
    up a persistent volume (Closes: #16632).

    * Minor improvements and updates
    - Add a suspend button to status-menu-helper (Closes: #14556).
    - status-menu-helper: clean up and refactor.
    - Drop CSS hacks for the uBlock log window (Closes: #16206).
    - Polish 04-change-gids-and-uids code style (Closes: #16322).
    - Create persistence.conf backup in a more robust manner (Closes: #16568).
    - Make the WhisperBack .desktop file translatable in Transifex
    (Closes: #6486).

    * Build system
    - Don't fail the build if Tor Browser supports new locales that we don't ship
    a spellchecking dictionary for (#15807).
    - Fix apt-cacher-ng cache shrinking (Closes: #16020).
    - Remove obsolete usr.bin.onioncircuits AppArmor profile (Closes: #12170).
    All Tails current branches now install onioncircuits 0.6-0.0tails1,
    which ships a more current AppArmor profile than the one we
    have in our own Git tree.
    - Install Electrum from sid (Closes: #16642).
    - Avoid new "render" group stealing a GID we have already statically
    allocated to another group (Closes: #16649).

    * Test suite
    - Disable tests about notifications in case of MAC spoofing failure:
    we have a well-known bug here and these tests do nothing but confirm
    it again and again, which brings no value and has a cost (#10774).
    - Clarify what WebM scenarios are fragile (#10442).
    - Avoid zombies by waiting for killed child processes to exit (#14948).

    -- Tails developers <tails@boum.org> Sun, 05 May 2019 19:32:22 +0000
  6. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.14 Released
    Announcement and further information
    Upgrades and Changes

    • Update Linux to 4.19.37 and most firmware packages. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    • Enable all available mitigations for the MDS (Microarchitectural Data Sampling) attacks and disable SMT (simultaneous multithreading) on all vulnerable processors to fix the RIDL, Fallout and ZombieLoad security vulnerabilities.
    • Update Tor Browser to 8.5.
    • Remove the following applications:
      • Desktop applications
        • Gobby
        • Pitivi
        • Traverso
      • Command-line tools
        • hopenpgp-tools
        • keyringer
        • monkeysign
        • monkeysphere
        • msva-perl
        • paperkey
        • pwgen
        • ssss
        • pdf-redact-tools
      You can install these applications again using the Additional Software feature.

      Thanks to the removal of these less popular applications 3.14 and the removal of some language packs in 3.13.2, Tails 3.14 is 39 MB smaller than 3.13.
    Fixed problems
    • Add back the OpenPGP Applet and Pidgin notification icons to the top navigation bar.
    • Fix NoScript being deactivated when restarting Tor Browser.
    For more details, read our changelog.

    Known Issues
    • Tails fails to start a second time on some computers (#16389)
    On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

    What's coming up?
    Tails 3.15 is scheduled for July 9.
    tails (3.14) unstable; urgency=medium

    * Security fixes
    - Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
    - Enable all available mitigations for the Microarchitectural Data
    Sampling (MDS) attacks and disable SMT on vulnerable CPUs
    (Closes: #16720).
    - Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).

    * Bugfixes
    - Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
    The version in sid now displays a warning and exits, while 3.2.3-1 is
    still usable, in the rare cases when it manages to connect to the
    network, despite being affected by problematic phishing attacks which
    will only be solved once the package in Debian is updated to a newer
    upstream version.

    * Build system
    - Bump APT snapshot of the 'debian' archive to 2019051601, needed for
    the MDS mitigations.
    - Don't install the firmware-linux and firmware-linux-nonfree
    metapackages, as packages they pulled are already listed explicitly
    and one might run into version-related issues (Closes: #16708).

    * Minor improvements and updates
    - Remove some packages from the Tails image as their use is not
    widespread while consuming space for everyone. They can still be
    installed and upgraded through Additional Software (Closes: #15291).
    This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
    keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
    pdf-redact-tools, pwgen, traverso, and ssss.
    - Fix missing translations in the Greeter (Closes: #13438).
    - Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
    - Port fillram to Python 3 (Closes: #15845).
    - Enable localization for new locales introduced in Tor Browser 8.5
    (Closes: #16637).
    - Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
    - Improve internationalization of the Unlock VeraCrypt Volumes
    component (Closes: #16602).

    * Test suite
    - Make tails-security-check's SOCKS port test work when there's a live
    security advisory (Closes: #16701).
    - Make terminology more consistent.

    -- Tails developers <tails@boum.org> Mon, 20 May 2019 18:52:04 +0200
  7. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.14.1 Released
    Announcement and further information
    Critical security vulnerabilities in Tor Browser
    Fixed arbitrary code execution

    This vulnerability is fixed in Tails 3.14.1. [...]

    Unfixed sandbox escape
    This second vulnerability is still affecting Tails 3.14.1 and Tor Browseris unsafe to use in most cases.
    We will fix it as soon as possible. [...]

    Upgrades and Changes
    • Update Tor Browser to 8.5.2.
    • Update Tor to
    • Upgrade Thunderbird to 60.7.0.
    For more details, read our changelog.

    Known Issues
    • Tails fails to start a second time on some computers (#16389)
    On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

    What's coming up?
    Tails 3.15 is scheduled for July 9.
    tails (3.14.1) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
    - Upgrade Thunderbird to 60.7.0 (Closes: #16742).
    - Upgraded Linux to 4.19.37-4 (Closes: #16823).

    * Bugfixes
    - Only probe for partitions on the boot device when setting up
    TailsData. Without arguments partprobe will scan all devices,
    and if it encounters a device it doesn't support (e.g. fake
    raid-0 arrays) it will return non-zero, thus aborting Tails'
    partitioning script, resulting in an unbootable install
    (Details: #16389).

    * Minor improvements and updates
    - Upgrade tor to, the first stable
    candidate in the 0.4.0.x series (Closes: #16687).
    - Completely disable IPv6 except for the loopback interface. We
    attempt to completely block it on the netfilter level but we
    have seen ICMPv6 "leaks" any way (related to Router
    Solicitation, see: #16148) so let's just disable it. We keep
    enabled on the loopback interface since some services depends on
    ::1 being up.
    - create-usb-image-from-iso: Use syslinux from chroot. We used the
    syslinux from the vagrant box before, which caused issues with
    when building Tails/Buster with a Stretch vagrant box and then
    cloning the image via Tails Installer with syslinux from Buster
    (Closes: #16748).
    - Set Tor Browser's homepage to https://tails.boum.org/home/testing/
    if building anything but a stable release. This page explains the
    dangers of using a non-stable release. (Closes: #12003)

    * Build system
    - auto/{build,config}:
    * consistently use fatal() to error out, and prefix its message
    with "E: " to help distinguish them from the noise produced by
    tools we call etc.
    * Similarly, also prefix informational message with "I: ".
    * drop support for GnuPG 1.x.
    * clone more build output to the log file.
    * Drop obsolete check for syslinux version. This version
    requirement is satisfied by Jessie and it is doubtful Tails
    would build in anything older.
    * auto/build: drop a few checks for conditions that are already
    satisfied in the supported build environments.
    - Revert "Build system: try to be smart again by fetching only the
    refs we need." This optimization overrides the trick we have on
    Jenkins (set_origin_base_branch_head in
    that ensures that a reproducibly_build_Tails_ISO_* job builds
    from the commit used by the first build. (Closes: #16730)

    * Test suite
    - Fix mistake with execute() vs spawn() when starting the upgrader.
    - Don't filter during pcap capture, instead let's just apply the
    same filtering when we are inspecting the pcap files. This way
    any pcap file saved on failure will include the full capture,
    and not just the packets sent by the system under testing, which
    sometimes makes it hard to understand what is going on.
    - Also include the content of /var/log/tor/log in $scenario.tor
    when tor failed to bootstrap (refs: #16793)
    - Don't flood the debug logger with tor@default's journal
    - Power off system under testing after scenario. Until now we have
    relied on either one of the generated "snapshot restore" steps
    or the "[Given] a computer" step to implicitly stop the old VM
    when we move on to a new scenario. That meant the old VM was
    still running during the new scenarios @Before@ hooks. If the
    new scenario is tagged @check_tor_leaks that means we start its
    sniffer while the old VM is still running, possibly sending
    packets that then affect the new scenario. That would explain
    some myserious "Unexpected connections were made" failures we
    have seen (Closes: #11521).
    - Only accept IP(v6)/ARP during DHCP check.

    -- Tails developers <tails@boum.org> Wed, 19 Jun 2019 15:29:07 +0200
  8. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.14.2 Released
    Announcement and further information
    Changes and Upgrades
    • Update Tor Browser to 8.5.3, which fixes a critical vulnerability in Tor Browser, a sandbox escape, that we couldn't fix in time for 3.14.1.
    For more details, read our changelog.

    Known Issues
    • Tails fails to start a second time on some computers (#16389)
    On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

    What's coming up?
    Tails 3.15 is scheduled for July 9.
    tails (3.14.2) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 8.5.3 (Closes: #16835).

    * Bugfixes
    - tails-screen-locker: Don't use dim-label style class
    (Closes: #16802).

    -- Tails developers <tails@boum.org> Sun, 23 Jun 2019 11:52:49 +0200
  9. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.15 Released
    Announcement and further information
    Changes and upgrades
    • Update Tor Browser to 8.5.4.
    • Update Thunderbird to 60.7.2.
    Fixed problems
    • Fix Tails failing to start a second time on some computers. (#16389)
    • Display an error message in the Unlock VeraCrypt Volumes utility when closing a volume fails because the volume is being used. (#15794)
    • Fix starting Tails through the Heads boot firmware. (Heads #581)
    For more details, read our changelog.

    Known Issues
    None specific to this release.

    What's coming up?
    Tails 3.16 is scheduled for September 3.
    tails (3.15) unstable; urgency=medium

    * Major changes
    - Upgrade Tor Browser to 8.5.4 (Closes: #16691).
    - Upgrade Thunderbird to 60.7.2 (Closes: #16834).

    * Security fixes
    - Upgrade Expat to 2.2.0-2+deb9u2 (DSA-4472-1).
    - Upgrade OpenSSL 1.0 to 1.0.2s-1~deb9u1 (DSA-4475-1).
    - Upgrade OpenSSL to 1.1.0k-1~deb9u1 (DSA-4475-1).
    - Upgrade Vim to 2:8.0.0197-4+deb9u3 (DSA-4467-1).

    * Bugfixes
    - Recompute CHS values for the hybrid MBR after first-boot
    repartitioning (Closes: #16389). Some legacy BIOS systems won't boot
    - Strip debug symbols from the aufs kernel module smaller (refs: #16818).
    The primary target was getting the initramfs down under 32MB, hoping
    to repair boot of feature/buster on MacBookPro 8,1. In any cases,
    the user experience should be improved due to a faster boot for
    every user, and a shortened “black screen” duration (between the
    bootloader and the Plymouth splash screen).

    * Minor improvements and updates
    - Make “Unlock VeraCrypt Volumes” show an error message if locking
    fails (Closes: #15794).
    - Add support for booting Tails from a read only sdcard (fromiso),
    through Heads, allowing for measured boot on some tamper-evident
    hardware (https://github.com/osresearch/heads/issues/581).

    * Build system
    - Patch Thunderbird packages from Debian when building Tails images
    (Closes: #6156).
    - Improve tooling to maintain and update PO files (Closes: #15403),
    rewriting some tools and moving code to the jenkins-tools submodule.
    - Implement preliminary steps needed to make the ikiwiki PO plugin
    able to update PO files for languages that are disabled on the
    website (refs: #15355).
  10. mood

    mood Updates Team

    Oct 27, 2012
    Tails 3.16 Released
    Announcement and further information
    Changes and upgrades
    • Remove LibreOffice Math
      You can install LibreOffice Math again using the Additional Software feature.
    • Remove our predefined bookmarks in Tor Browser.
    • Remove the predefined I2P and IRC accounts in Pidgin.
    • Update Tor Browser to 8.5.5.
    • Update Linux to 4.19.37-5, which fixes the SWAPGS variant of the Spectre vulnerability.
    • Update most firmware packages. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    Fixed problems
    • Fix opening the persistent storage of another Tails USB stick from the Files browser. (#16789)
    • Fix the translation of Additional Software. (#16601)
    • Remove the security level indicator in the Unsafe Browser. (#16735)
    For more details, read our changelog.

    Known Issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.0 is scheduled for October 22.
    tails (3.16) unstable; urgency=medium

    * Major changes
    - Upgrade Tor Browser to 8.5.5 (Closes: #16692).

    * Security fixes
    - Install Linux kernel from the Buster security repository (Closes: #16970).
    The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
    in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
    release. Let's instead track Buster (+ security) for the time being.
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
    - Upgrade Thunderbird to 60.8 (DSA-4482-1).
    - Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
    - Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
    - Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).

    * Bugfixes
    - Additional software: Improve/fix support for translations (Closes: #16601).
    - Rework the implementation for hiding TailsData partitions (Closes: #16789).
    - Adjust how tordate determines whether the clock is in a valid range,
    fixing issues with obfs4 (Closes: #16972).

    * Minor improvements and updates
    - Ship default upstream Tor Browser bookmarks, and remove our predefined
    bookmarks (Closes: #15895).
    - Hide the security level button in the unsafe browser (Closes: #16735).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Remove LibreOffice Math (Closes: #16911).
    - Website: Make sandbox page translatable (Closes: #16873).
    - Website: Only scrub HTML on blueprints (Closes: #16901).
    - Website: Point history & diff URLs to Salsa.

    * Build system
    - Bump APT snapshot of the torproject archive to 2019073103, and drop
    tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
    - Bump APT snapshot of the Debian archive to 2019080801 to get fixed
    firmware packages from sid instead of sticking to those from
    stretch-backports (Closes: #16728).
    - Enable the buster APT repository and install some packages from there:
    hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
    - Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
    Browser AppArmor profile accordingly (Closes: #16858).
    - Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
    0.3.2-1 (Closes: #16941).

    * Test suite
    - Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
    - Adjust both locale handling and reference pictures for the Unsafe
    Browser homepage (Closes: #17004).
    - Fix "Watching a WebM video over HTTPS" scenario on Jenkins
    (Closes: #10442).
    - Tag "Watching a WebM video" as fragile.
    - Make @check_tor_leaks more verbose (See: #10442).
    - Remove broken Electrum scenario since Electrum support is currently
    missing (Closes: #16421).
  11. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.0 Released
    Announcement and further information
    Changes and upgrades
    Major changes to included software
    • Replace KeePassX with KeePassXC, which is more actively developed.
    • Update OnionShare from 0.9.2 to 1.3.2, which includes a lot of usability improvements.
    • Update Tor Browser to 9.0:
      • A gray border, called letter boxing, is now displayed around the content of web pages when you resize the window of Tor Browser.
        Letter boxing prevents websites from identifying your browser based on the size of its window. Letter boxing replaces the yellow warning that was displayed until now when maximizing Tor Browser.
      • The onion icon has been removed from the top bar.
        To switch to a new identity, choose https://tails.boum.org/lib/open-menu.png ▸ New Identity.
    • Update MAT from 0.6.1 to 0.8.0
    • MAT has no graphical interface of its own anymore.

      To clean the metadata of a file:
      1. Open the Files browser and navigate to the file that you want to clean.
      2. Right-click (on Mac, click with two fingers) on the file.
      3. Choose Remove metadata.
    • Update Linux to 5.3.2. This should also improve the support for newer hardware (graphics, Wi-Fi, etc.).
    • Update Electrum from 3.2.3 to 3.3.8. Electrum works again in Tails.
    • Update Enigmail to 2.0.12 and gnupg to 2.2.12, which mitigate OpenPGP certificate flooding.
    • Upgrade most other software, for example:
      • Audacity from 2.1.2 to 2.2.2
      • GIMP from 2.8.18 to 2.10.8
      • Inkscape from 0.92.1 to 0.92.4
      • LibreOffice from 5.2.7 to 6.1.5
      • git from 2.11.0 to 2.20.1
      • Tor to
    • Remove Scribus.
      You can install Scribus again using the Additional Software feature.
    Usability improvements to Tails Greeter
    We improved various aspects of the usability of Tails Greeter, especially for non-English users:
    • To make it easier to select a language, we curated the list of proposed languages by removing the ones that had too little translations to be useful. We also clarified how Chinese is listed by having different entries for simplified and traditional Chinese.
    • We simplified the list of keyboard layouts.
    • We fixed the Formats setting, which was not being applied.
    • We prevented additional settings to be applied when clicking on Cancel or Back.
    • We fixed the opening of help pages in other languages than English, when available.
    Performance and usability improvements
    • Tails 4.0 starts 20% faster.
    • Tails 4.0 requires about 250 MB less of RAM.
    • Tails 4.0 is 47 MB smaller to download than Tails 3.16, despite all these changes.
    • Add support for Thunderbolt devices.
    • The screen keyboard is easier to use.
    • Make it possible to show the password of the persistent storage when creating one.
    • Add support for USB tethering from iPhone.
    New documentation pages
    Other changes
    • Use the default bookmarks from Tor Browser instead of our own default bookmarks. (#15895)
    • Remove the Home launcher from the desktop. (#16799)
    • Remove the default accounts in Pidgin. (#16744)
    Fixed problems
    • Allow opening persistent volumes from other Tails USB sticks. (#16789)
    • Fix the delivery of WhisperBack reports. (#17110)
    For more details, read our changelog.

    Known Issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.1 is scheduled for December 3.
    tails (4.0) unstable; urgency=medium

    * Major changes
    - Upgrade Tor Browser to 9.0-build2, based on Firefox ESR 68.2.

    * Security fixes
    - Upgrade IBus to 1.5.19-4+deb10u1.0tails1 (Closes: #17144)
    - Upgrade sudo to 1.8.27-1+deb10u1

    * Bugfixes
    - Fix regressions brought by the integration of Tor Browser 9.0:
    · Fix non-English spellchecking (Closes: #17150)
    · Unsafe Browser: don't enable private browsing mode, don't display
    Tor Browser icons, hide the new "New identity" toolbar button
    (Closes: #17142)
    · Hide all Tor connection-related settings in about:preferences
    (Closes: #17157)
    - Fix Stealth Onion services in OnionShare (Closes: #17162)
    - Upgrade OpenSSL to 1.1.1d-0+deb10u2

    * Minor improvements and updates
    - Don't include the locales package (Closes: #17132)
    - Update htpdate's User-Agent to match Tor Browser 9.0's

    * Test suite
    - Only partially fill memory for userspace processes (Closes: #17104)
    - Drop the "Unsafe Browser has no proxy configured" step, that's hard
    to update and adds little value
    - Various updates for Tor Browser 9.0 final
    - Make the "SSH is using the default SocksPort" scenario more robust
    (Closes: #17163)

    -- Tails developers <tails@boum.org> Mon, 21 Oct 2019 10:24:56 +0000

    tails (4.0~rc1) unstable; urgency=medium

    * Major changes
    - Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
    - Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
    · Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
    · Disable the update check (Closes: #15483).
    - Curate the list of languages in Tails Greeter (Closes: #16095).
    Only include languages which meet one of these conditions:
    · Have a PO file in tails.git (i.e. have at least one translated
    and reviewed string)
    · Are on our list of tier-1 supported languages.
    - Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
    - Bump APT snapshots of the 'debian' and 'torproject' archives
    to 2019100904. This includes the update to the Buster 10.1

    * Security fixes
    - Drop NoScript customization that makes our web fingerprint diverge
    from Tor Browser's (related to #5362).
    - Enable Buster security APT sources (Closes: #17119).
    - Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
    and more security fixes).
    - Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
    flooding attack.
    - Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
    - Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
    - Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
    - Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
    - Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
    - Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
    - Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
    - Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
    - Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
    - Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
    DSA-4483-1, and CVE-2019-9848).
    - Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
    - Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
    - Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
    - Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
    - Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
    - Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
    - Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).

    * Bugfixes
    - Ensure that tor-has-bootstrapped systemd units are stopped
    if tor@default.service stops; replace the tor-has-bootstrapped
    script with a tor_has_bootstrapped() function that checks the status
    of tails-tor-has-bootstrapped.target (Closes: #16664).
    - Fix MIME info data build reproducibility (Closes: #17023).
    - Fix missing GNOME bookmarks, by adding them earlier in the session
    login process (Closes: #17030).
    - Increase left dock width in GIMP's sessionrc (Closes: #16807).
    - Use hardware defaults for the touchpad click method (Closes: #17045).
    - Fix image thumbnails in GNOME Files (Closes: #17062).
    - Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
    (Closes: #17060).
    - Fix sdhci-pci support.
    - Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
    - Fix administration password not being applied in some cases
    (Closes: #13447).
    - Fix Greeter settings being applied when clicking "Cancel"
    (Closes: #17087).
    - Fix bridge information not always shown when the user selects
    bridge mode in the Greeter.
    - Fix path in whisperback's debugging info (Closes: #17109).
    - Fix Tor Browser functionality that was broken when it was started
    by clicking a link in Thunderbird (Closes: #17105).
    - Fix WhisperBack that was broken due to an expired X.509 certificate:
    stop using TLS (we already have end-to-end encryption via OpenPGP,
    plus end-to-end encryption and remote peer authentication via
    Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
    - Install Stretch's po4a (0.47-2) from our custom APT repository:
    the upgrade to Buster's version will need more work and coordination
    (Closes: #17127).
    - Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
    Regression introduced when we upgraded to Tor Browser based on Firefox
    ESR 60.
    - Mention USB images as a valid installation technique when trying
    to create a persistent volume on a device that can't have one
    (Closes: #17025).

    * Minor improvements and updates
    - Add iPhone USB tethering support (Closes: #16180).
    - Install Enigmail from Buster (Closes: #16978).
    - Disable GDM debug logs (Closes: #17011).
    - Hide less common keyboard layouts in the Greeter (Closes: #17084).
    - Major refactoring and cleanup of Tails Greeter (Closes: #17098).
    - Use a localized page for the Greeter help window, if available
    (Closes: #17101).
    - Separate Chinese into simplified and traditional scripts
    in the Greeter (Closes: #16094).
    - Allow the user to show the passphrase they're typing when creating
    a new persistent volume (Closes: #15102).
    - When saving persistence.conf or its backup, also run sync(1)
    on its parent directory (might help fix #10976).
    - Improve Tails Installer wording (Closes: #15564).
    - Update tor to
    - Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.

    * Build system
    - SquashFS sort file: remove more noise.
    - Improve lint_po's UX (refs: #16864).
    - Import our pythonlib, previously included as a submodule (Closes: #16935).
    - Use a consistent, standard Python packages directory (Closes: #17082).

    * Test suite
    - Make various steps more robust:
    · "all notifications are disappeared" (Closes: #17012)
    · "Additional Software is correctly configured for package"
    · "I unlock and mount this VeraCrypt file container
    with Unlock VeraCrypt Volumes"
    · "I open the Unsafe Browser proxy settings dialog"
    · starting apps via the GNOME Activities Overview (Closes: #13469)
    · "I start the Tor Browser in offline mode"
    - Handle Guestfs::Error exceptions.
    - Provide guidance to fix problematic situation.
    - Update various reference images for Buster.
    - Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
    matching is enabled (Closes: #17029).
    - Dogtail'ify all interactions with gedit (Closes: #17028).
    - New test: ensure that no experimental APT suite is enabled
    for deb.torproject.org (Closes: #16931).
    - Remove dead IRC-related code and dependencies.
    - Take into account that Evince and Tor Browser's print-to-file dialogs
    are rendered in a subtly different manner.
    - Drop fragile tag for actual Tails bugs (#17007).
    - Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
    - Fix regression in the Persistent browser bookmarks scenario
    (Closes: #17125).

    -- Tails developers <tails@boum.org> Thu, 10 Oct 2019 11:23:53 +0000

    tails (4.0~beta2) unstable; urgency=medium

    * All changes included in Tails 3.16, see the corresponding changelog entry.

    * Major changes
    - Upgrade tor to (Closes: #16986).

    * Security fixes
    - Upgrade the Linux kernel to 5.2.0-2 (Closes: #16942).
    This mitigates the Spectre v1 swapgs vulnerability (CVE-2019-1125).
    Accordingly, aufs to aufs5.2 20190805.
    - Install enigmail from Bullseye (Closes: #16738).
    This fixes CVE-2019-12269.

    * Bugfixes
    - tails-unblock-network: only sleep until all-net-blacklist.conf is gone,
    instead of unconditionally delaying the login process for 5 seconds
    (Closes: #16805).
    - Terminate GDM's GNOME session after the amnesia user logs in,
    to free 200-300 MiB of memory (Closes: #12092).
    Temporarily enable GDM debug logs so we get enough information to fix
    any issue this might cause.
    - Make our KeePassXC wrapper translatable (Closes: #16952).
    - Adjust boot-time backports APT pinning for Buster.
    - Ensure we don't install unwanted packages even if they become
    "Priority: standard" again (Closes: #16949).
    - Move some GNOME apps to different menu categories (Closes: #16981).
    - Update HTP pools: replace boum.org (invalid certificate) with puscii.nl,
    replace www.myspace.com with myspace.com (the former redirects to
    the latter).
    - AppArmor: allow OnionShare to open URLs with Tor Browser (Closes: #16914).
    - Make file transfers with Spice reliable.

    * Minor improvements and updates
    - Greeter: improve formatting of printed exceptions.
    - Use the same icon for Tails Documentation in the Applications menu
    as on te Desktop (Closes: #16800).
    - Drop migration path from GnuPG persistent configuration created
    in the Tails 2.x era.
    - Remove various hacks that we don't need on Buster anymore.
    - Stop installing libcaribou-gtk3-module (Closes: #16757).
    - Stop installing python-cairo: mat2 does not use it anymore.
    - tails-unblock-network: have udev reload the databases it uses.
    This should avoid our fix for #16805 introducing regressions.

    * Build system
    - Bump APT snapshot of the 'debian' and 'torproject' archives
    to 2019090202.
    - Import the Greeter codebase into tails.git (Closes: #16912).
    - Explicitly install gnome-shell to make the set of installed packages
    more deterministic (related to #16947).
    - Don't try to follow symlinks when normalizing timestamps on source files.
    - Add missing "set -u" to build-time hook.
    - Use consistent method to extract translatable strings from Glade files.
    - Create gdm-tails related files from the original GNOME files
    (Closes: #12551).
    - Stop installing libimage-exiftool-perl explicitly: mat2 depends on it
    - Rakefile: disable compression when retrieving artifacts via scp.
    This makes this build step faster on systems that have SSH compression
    enabled by default.
    - import-translations: use tails-misc_release for tails.git's PO files
    (i.e. the Tails part of #16774).
    - Use squashfs-tools from sid (Closes: #16637).
    - Lower VM_MEMORY_BASE to 1536M.
    - Remove unneeded package cleanup (Closes: #16950).

    * Test suite
    - New scenario: installing with GNOME Disks from a USB image
    (Closes: #16004).
    - New scenarios: VeraCrypt PIM support (Closes: #15946).
    - Revert timeout bump that's not needed anymore.
    - Add a showing method on Dogtail objects.
    - VeraCrypt: ensure the temporary keyfile file is not garbage collected
    while we still need it.
    - Remote shell: print traceback to stderr so we can see it.
    - Install Dogtail from Bullseye and run it with Python 3 (Closes: #16976).
    This gives us UTF-8 support. Accordingly, drop anonym's "showingOnly"
    patch that was merged upstream, and port some test suite code to Dogtail,
    which we could not do before it got UTF-8 support.
    - Dogtail'ify some steps.
    - Make "^the Tor Browser shows the "([^"]+)" error$" step more robust
    (Closes: #11592.
    - Make the "the support documentation page opens in Tor Browser" step more
    robust (Closes: #15321)
    - Remove a bunch of obsolete @fragile tags, update the reasons why
    the remaining ones are fragile, and add some missing @fragile tags.
    - Drop useless code based on wrong assumptions (refs: #13470).
    - Make the "I set an administration password" step more robust.

    -- Tails developers <tails@boum.org> Mon, 02 Sep 2019 19:55:24 +0000

    tails (4.0~beta1) unstable; urgency=medium

    * Major changes
    - Upgrade to a snapshot of Debian 10 (Buster) from 2018-08-06.

    * Removed features
    - Remove scribus completely (refs: 16290).
    - Remove LibreOffice Math (#16911).

    * Bugfixes
    - Fix Electrum wrapper's persistence check (Closes: #16821).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Hide the security level button in the unsafe browser (Closes:
    - Only hide unlocked TailsData partitions from the boot device
    (Closes: #16789).

    * Minor improvements and updates
    - Remove KeePassX and replace it with KeePassXC (Closes:
    #15297). As KeePassX was used around for a longer time, we don't
    need automatic upgrading cappability from old KeePass file
    format (Tails 2 times). The user can still import those old
    files, if they want to access it.
    - Ship a pre-compiled AppArmor policy to make boot faster (Closes:
    - Change the splash screen for Tails 4.0 (#16837). Add SVG source
    while we're at it!
    - Remove our predefined bookmarks and ship default upstream Tor
    Browser bookmarks instead (Closes: #15895).
    - Install bolt for improved Thunderbolt support (Closes: #5463).
    - Don't display the Home launcher on the desktop (Closes: #16799).
    Since the switch to the desktop-icons GNOME Shell extension, the
    nicer XDG-blah name ("Home" in English, translated in many
    languages) is not used to label this launcher anymore: instead,
    the name of the directory is displayed, in this case: "amnesia",
    which makes no sense to our users. Our other options to fix that
    are more costly and we've decided a while ago, when I proposed
    to remove the desktop icons, to keep them until they were too
    expensive to support. So this one goes: we have the Places menu
    - Add Files to favorite apps (Closes: #16799). This gives another
    entry point to the home folder, which partially mitigates any UX
    regression that might be caused by the previous changelog entry.
    - Explicitly install imagemagick. We ship it on purpose (see
    - MAT:
    * Drop obsolete optional MAT dependencies it isn't using any
    * Stop explicitly installing MAT dependencies. The package
    depends on those so we don't need to pull them ourselves.
    - Move translations from root-terminal.desktop.in into own PO
    files (Closes: #15335).
    - Drop obsolete live-boot patch: the bug it workarounds only
    happens with CONFIG_AUFS_DEBUG enabled. We disable
    CONFIG_AUFS_DEBUG in config/chroot_local-hooks/13-aufs and the
    Debian package did it as well (Refs: Debian#886329).
    - Rename /usr/share/amnesia to /usr/share/tails.
    - Drop APT pinning for non-existing live.debian.net, that we
    haven't used since 2010.
    - Don't install the cryptsetup initramfs integration and startup
    scripts (Closes: #16264). We probably only need the binaries.
    Not installing the initramfs integration will get rid of some
    - Don't install full-blown cryptsetup, take 2 (refs: #15690). We've
    stopped installing it (#16264) but this branch independently
    reintroduced it.
    - Disable live-tools.service (Closes: #16324). This service is only
    useful to display the "Please remove the live-medium, close the
    tray (if any) and press ENTER to continue:" prompt on shutdown,
    that we don't want to display in Tails: shutdown and memory
    erasure should not require a confirmation once the user has
    triggered it. In Stretch this code was broken and we were
    relying on this. But the Buster upgrade of this code has
    repaired it, so I sometimes see that prompt. This might also
    explain some issues such as #16312.
    - AppArmor: allow cups-brf, driverless, and gutenprint53+usb
    printer backends (Closes: #15030). Technically, cups-brf and
    driverless are not third-party and should be confined more
    strictly with "ixr", under the cupsd profile. But I don't know
    how to to test these backends and confining them more strictly
    may break them. Anyway, that's an upstream matter: the purpose
    of our Tails-specific patch is to replace the third party
    backends /usr/lib/cups/backend/* catch all rule, that doesn't
    work for us, and not to keep the list of backends which come
    with CUPS up-to-date.
    - Make export_gnome_env() exit early if gnome-shell isn't running.
    Without this e.g. the automated test suite, which will call
    export_gnome_env() before gnome-shell is running, will have its
    journal polluted with errors about this. This is not the first
    time I see this and get worried and waste minutes investigating,
    so let's just fix it.

    * Build system
    - Bump VM_MEMORY_BASE to 2048M. With the previous 1024M setting,
    the squashfs preparation gets OOM-killed.
    - Limit the memory used by mksquashfs to 512M (Closes: #16177). By
    default mksquashfs will use 25% of the physical memory. So when
    we use the "ram" build option, build in a VM with 13GB of RAM,
    of which up to 12G is supposed to be used by the build tmpfs,
    mksquashfs will try using 13/4 = 3.25G of memory. And then it
    will get reaped by the OOM killer more or less occasionally
    depending on how much space is really used in the build tmpfs
    and how much memory the rest of the system is using. So let's
    limit the memory used by mksquashfs to 50% of the memory we
    allocate to the build VM, excluding the part of it that we
    expect tmpfs data to fill. In passing, the fact mksquashfs does
    not get killed every time suggests that our current
    BUILD_SPACE_REQUIREMENT value exceeds the real needs of a build:
    a value around 10 or 11G should be enough. But that will be for
    another commit.
    - Use xz with default settings to compress non-release SquashFS
    (refs: #16177). squashfs-tools 1:4.3-11, used to build
    feature/buster, does not consistently honor the value passed to
    -mem: the xz compressor does but at least the gzip and lzo ones
    don't. This makes the build often fail because mksquashfs gets
    reaped by the OOM-killer. Our only other option is currently to
    bump the build VM memory a lot, which is going to be painful on
    developers' systems and might not be an option on Jenkins. So
    let's fall back to xz with default settings (not the crazy slow
    but efficient we use at release time) when building non-release
    - Rename the "gzipcomp" build option to "fastcomp". What matters
    in the "user" interface is not the exact algorithm that's used,
    it's the fact it's supposed to be faster than the compression
    settings we use to build releases. We may have to changes these
    fast(er) settings occasionally, possibly to use a non-gzip
    algorithm. So let's keep supporting "gzipcomp" for backward
    compatibility but stop documenting it. Instead, support and
    document "fastcomp".
    - Add the vmproxy+extproxy build option. When enabled, use the
    vmproxy but configure it to in turn use the exproxy set via the
    http_proxy environment variable.
    - Support the case when we don't ship a custom AppArmor feature
    set. Let's keep this sanity check for the times when we do ship
    a custom feature set, but building an ISO without a custom one
    should remain supported. (Closes: #15149)
    - Don't remove packages whose deinstallation removes most of the
    system; don't explicitly remove packages that are taken care of
    by "apt-get autoremove" already. On Buster, removing dpkg-dev
    or make deinstalls python3, gnome-shell and more.
    - Install all "Priority: standard" packages via an explicit
    packages list instead of via --tasks (Closes: #15690). This will
    make it easier to remove some of these packages from the list of
    those that should be installed in the first place, as opposed to
    letting them be installed by tasksel only to uninstall them
    later. I've seeded tails-000-standard.list with the output of:
    tasksel --task-packages standard | sort … run on a clean Buster
    system. Also:
    * live-build forcibly translates --packages-lists="standard"
    into "tasksel install standard", so to make this change
    effective we also need to switch to "--packages-lists
    minimal" or "--packages-lists none". The former has
    problematic side-effects so let's use the latter.
    * Add to tails-common.list some of the packages that were
    previously installed automatically, e.g. via live-build's
    lists/standard → lists/minimal.

    * Test suite
    - Tons of tiny updates for the Stretch → Buster transition, mainly
    updated reference images, but also a few other trivial changes
    (e.g. close with Alt+F4 instead of menu, or vice versa) due to
    changes in applications.
    - Drop test case about migrating from a Jessie-area persistent
    volume. If our code happens to support Tails 2.x → 4.x upgrades
    without going through 3.x, fine. But let's not spend cycles in
    our CI to guarantee this.
    - Revert "Test suite: add backward compatibility with redir <
    3.0." We don't support running the test suite on Jessie anymore.
    - Adjust dhclient listening address for Buster.
    - Bump timeout for poweroff from 3 to 10 minutes (Refs: #16312).
    - Adjust dogtail patterns for gobby test (Closes: #16335). With the
    gobby upgrade from 0.5.0 to 0.6.0 pre-series, the case changed a
    little for a menu item and the window it leads to.
    - Update key shortcut to close seahorse's Preferences window
    (Closes: #16341). The “Close” button is gone from the
    Preferences window in the buster version of the seahorse
    package, making it impossible to close that window. Switch to
    sending ESC instead of Alt-C.
    - Update MAT test case for MAT2 (Closes: #16623).
    - Add debug logging for when we call Sikuli. When following a
    (debug) log live (through `--format debug`) I find this change
    useful to know what is going on *right now* since Sikuli only
    reports what it has done after it is done.
    - Be more careful when finding ASP notifications. For some reason
    both the label and button has a "weird" invisible (despite
    `showingOnly`) twin located just below the Applications
    menu. So let's make some extra effort to actually find the real
    notification, and then look for the label and button among its
    - Remove obsolete method. Display::take_screenshot() hasn't
    existed for years.
    - Remove workaround "Desktop icons are sometimes not shown" (Refs:
    - Wait longer between search steps in the GNOME Overview. On
    jenkins.lizard — which was under high load at that time — I've
    seen failures while starting GNOME Terminal from the Overview,
    - The debug log claims we did type "c", waited 1 second, then
    typed "ommandline", then slept another 1 second, then pressed
    Enter. I.e. just as the code says.
    - The video shows that GNOME Shell did pick up "c", which
    selected the first search result ("Configure Persistent
    Volume"), but then there's no trace of typing "ommandline".
    So I suspect that "ommandline" was lost because GNOME Shell
    was still busy, somehow. Let's sleep a bit longer before
    these steps, to give GNOME Shell a better chance to recover
    and notice keyboard input.
    - Log exceptions thrown in generated (i.e. snapshot) steps (Refs:
    #16747). Hopefully this will help us track down these elusive
    - Extend waiting time for additional software to be installed.
    - Sometimes we need more more time to load a page over tor.
    - Remove useless TailsUpgraderApplyingUpgrade.png. The "progress
    prompt" it was used for just flashes by and can easily be
    missed. There is no reason at all to wait for it since the only
    two final outcomes are success or failure, which we already look
    - debug_log() when we save/restore snapshots. These actions can
    take a long time (especially saving snapshots on a system under
    load) and can make it appear like if the test suite has gotten
    stuck for those following the debug log.
    - Don't rely on mtimes from Debian packages we download, to
    indicate which one has the biggest version (Closes: #16819).
    These mtimes are copied from the HTTP server where APT downloads
    packages from, which contradicts our assumption that the newest
    file must be the one with the biggest version. Instead we use ls
    to sort by version number, to pick the biggest version.
    - Only send TAB every second to get the syslinux kernel
    command-line (Closes: #16820). Our syslinux has a timeout of 5s so
    sending TAB every second should be enough to guarantee we do
    open the kernel command line. As anonym reported, "the spammer
    makes the splash show for significantly longer: I've seen >10x,
    so the boot splash never managed to appear, which is worrying".
    - Drop workaround to make the TAB spammer compatible with the UEFI
    firmware (Closes: #16820). As reported by anonym on #16820, and
    confirmed by my testing, pressing TAB doesn't seem to open the
    UEFI configuration, so the very reason why we had this
    workaround is gone.

    * Adjustments for Debian 10 (Buster) with no or very little user-visible impact
    - Adjust APT sources and pinning for Buster.
    - Refresh and unfuzzy patches for Buster.
    - Pass --ellipsize to zenity (refs: #16286). This fixes dialog
    width and height on Buster.
    - Update expected /etc/passwd and /etc/group for Buster.
    - Display TopIcons systray on the left of the system menu (Refs:
    - Remove apparmor-adjust-freedesktop-abstraction.diff patch,
    merged upstream in apparmor. The
    9d8b6f4dbd8a04470490ae2bfd52044906abd7f6 commit (first appeared
    upstream in apparmor v2.13.1) implements this change in a
    generic way.
    - Adjust hook to the fact the Dovecot AppArmor profiles are not
    shipped in /etc anymore.
    - Import iuk.git's feature/buster branch at commit 919335e
    (Closes: #16286).
    - Enable desktop-icons gnome-shell extension (Closes: #16283).
    - Add autostart script to have gnome-shell trust desktop icons
    (Closes: #16283). Various conditions must be met for gnome-shell
    to make desktop icons launchable, including file
    permissions. But the GIO metadata::trusted setting is also
    needed, and can apparently only be set from an opened session,
    so let's set the right things with an autostart script.
    - Drop code that sets the cursor to "WATCH" (hourglass) after
    logging in (Closes: #16305) This fixes "GDM's GNOME Shell floods
    the Journal with XFIXES/cursor issues on Buster" by importing
    the relevant bits of greeter:feature/buster's commit abad17b6.
    - Remove 8 development packages that are not part of Tails 3.11 so
    we probably don't need to ship them in Tails 4.0 either (Closes:
    - Completely get rid of Qt4 (Closes: #15182).
    - SSH client: remove obsolete CompressionLevel setting (Closes:
    - Removing /usr/share/live/config/xserver-xorg/intel.ids (Closes:
    #14991). Let's hope the graphics hardware issues we fixed via
    that file is fixed no.
    - Adjust Onion Grater and AppArmor configuration for OnionShare
    1.3 (Closes: #16306).
    - Have OnionShare 1.3 connect to the system Tor via Onion Grater
    for the control port (Closes: #16306). By default, OnionShare
    1.3 will start its own tor process, which can't possibly work on
    - Don't install binutils-* (Closes: #16272). It wasn't in Tails 3.x
    and we have no reason to ship it in 4.0.
    - Install mat2 instead of the transitional mat package.
    - Don't suspend automatically (Closes: #16624)
    - tails-additional-software: Adjust arguments to
    tails-persistence-setup (Closes: #16622). It seems like the perl
    library which previously nicely handled the tps command-line
    arguments now doesn't support taking dashes instead of
    underscores anymore.
    - Start tails-unblock-network in a blocking way (Closes: #16620)
    This reverts commit 59e99c51f15ab9e756e287acb03b4d3a91ca1dd2 in
    greeter.git. NetworkManager starting at the same time as GNOME
    Shell makes things racy: the Wi-Fi password prompt is sometimes
    not displayed (unreproduce on Debian Buster Live).
    - Patch ibus to fix an issue that prevented the on-screen keyboard
    from displaying in Tails Greeter (Closes: #16291).
    - oniongrater: give onioncircuits empty STATUS_SERVER events.
    Connection to STATUS_SERVER events is required by stem 1.7
    connect() function, but we actually don't need them, so let's
    suppress them (Closes: #16626).
    - Fix GNOME bookmarks file for Buster (Closes: #16629).
    - Build VeraCrypt packages with our patches applied for Buster
    (Closes: #16634).
    - Avoid new "render" group stealing a GID we have already
    statically allocated to another group (Closes: #16649) With the
    systemd 241-1~bpo9+1 → 241-3~bpo9+1 upgrade, udev.postinst now
    creates a "render" system group, which shifts GIDs and makes our
    devel branch FTBFS.
    - update-acng-config: add support for 4.x and 5.x, drop 2.x. We
    won't build 2.x releases anymore but we'll start building 4.x
    from this branch soon.
    - Restore Plymouth theme to "text" (Closes: #16743). The default
    theme in Buster ("futureprototype") is Debian-branded and thus
    unsuitable for Tails. Let's revert to the one we use in Tails
    - Stop installing caribou and libcaribou*: they're not used by
    GNOME Shell in Buster anymore (Closes: #16628)
    - Allow read access to /etc/machine-id in the AppArmor profile for
    Thunderbird (Closes: #16756). It breaks access to the D-Bus
    service where the GNOME on-screen keyboard listens on Buster.
    - Fix screen locker not working in Buster (Closes: #16763).
    - Hide lstopo in the Applications menu (Closes: #16797). It's
    pulled as a dependency by aircrack-ng but is probably not useful
    to the vast majority of Tails users.
    - Hide nm-connection-editor in the Applications menu (Closes:
    #16798). We still need the network-manager-gnome package that
    installs this .desktop file (for details, see
    commit:40290be3651eaa6f08346231aef80eddd8b33c64), but there's no
    reason to expose it directly to users.
    - TorStatus: call our custom destructor to avoid a use-after-free
    crashing GNOME Shell (Closes: #16791). It was ported to an ES6
    class in the process.
    - Copy dmidecode to initramfs (Closes: #16857). On Buster,
    partprobe complains if dmidecode is missing. It's not clear what
    the consequences are, at least it doesn't cause partprobe to
    exit with an error status code - but it's cheap to just copy
    dmidecode to the initramfs.
    - Adjust path for webext-ublock-origin 1.19.0+dfsg-2 (Closes:
    - Update Tor Browser AppArmor profile to take into account new
    uBlock installation path (Closes: #16858).
    - Disable the uBlock logger sidebar. This brings back
    the hack we had before we removed it in #16206. Without this,
    the uBlock logger sidebar is displayed.
    - Reintroduce the same APT pinning as we use in 3.x for uBlock.
    Granted, the version from Buster should probably be sufficient
    right now, but it probably won't be once Tor Browser gets
    updated to a future major Firefox ESR. And in the meantime,
    this pinning discrepancy between devel and feature/buster makes
    it harder to maintain our patch against
    - Drop obsolete libdesktop-notify-perl patches: they were merged
    - Use X.Org in amnesia's GNOME session (Closes: #12213). Since a
    few months gdm3 defaults to Wayland in Debian testing/sid, just
    like upstream. But we're not ready yet.
    - Adjust Greeter's gdm-tails.session for Buster (Closes:
    #12551). This should ultimately be applied in greeter.git, but
    let's deal with it as a patch for now to avoid having to
    maintain two parallel branches of the Greeter.
    - Patch udisks2 and libblockdev and fix Tails Installer to repair
    USB boot on Buster (Closes: #14809).
    - Install gnome-user-docs directly instead of the gnome-user-guide
    transitional package.
    - Install the "crypto" libblockdev plugin (Closes: #14816). It's
    needed by recent udisks to do crypto operations.
    - Use ConditionUser=1000 instead of manually testing the output of
    `id -u' in some of our systemd services.
    - Have debootstrap install gnupg when setting up the chroot.
    Otherwise the build fails after debootstrap has done its job and
    live-build tries to use apt-key.
    - Don't try to install the obsolete gnome-search-tool package.
    It's been removed from testing/sid by its maintainers:
    - Don't try to retrieve syslinux.exe from the syslinux source
    package. Since syslinux 3:6.03+dfsg1-1 this file is (rightfully)
    not included anymore in the Debian source package. This commit
    is meant to fix the feature/buster ISO build. We of course need
    to find a proper solution, which is what #15178 is about.
    - Drop our pinned AppArmor feature set (Closes: #15149). On current
    Buster the AppArmor package pins to the Linux 4.14.13-1 feature
    set and I expect it'll keep pinning something that should work
    with the policy shipped in Buster.
    - Drop Stretch-specific workaround. This essentially workarounds
    3e2d8a6a025b86f8191d125783ad507c57171bad and
    - Disable the usr.bin.man AppArmor profile. On Buster it breaks
    apparmor.service due to "profile has merged rule with
    conflicting x modifiers" that's most likely caused by the "/**
    mrixwlk" rule vs. our tweaks for aufs support.
    - Import files (from gksu 2.0.2-9+b1) needed for the Root Terminal
    into Git instead of fetching the package and extracting them at
    build time.
    - Use orca's current package name instead of pre-Buster
    transitional one.
    - Stop explicitly installing gstreamer1.0-pulseaudio. This was
    needed on Jessie due to Debian#852870 which was fixed in
    - Drop adwaita-qt4: it was removed from Debian sid and won't be in
    - Disable man-db.timer on Buster (Closes: #16631)
    - Fix invalid seq range in update-acng-config so we geberate proper
    rules for Tails 4.x and 5.x.

    -- Tails developers <tails@boum.org> Wed, 07 Aug 2019 20:30:15 +0200
  12. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.1 Released
    Announcement and further information
    Changes and upgrades
    • Use https://keys.openpgp.org/, also available on https://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion/, as the default OpenPGP key server.
      • keys.openpgp.org is more trustworthy than other OpenPGP public key servers because it only references an OpenPGP public key after sending a confirmation email to the email addresses listed in the key.
      • keys.openpgp.org does not distribute third-party signatures, which are the signatures on a key that were made by some other key. Third-party signatures are the signatures used to create the OpenPGP Web of Trust.
      • keys.openpgp.org prevents OpenPGP certificate flooding attacks, which can make your OpenPGP keyring unusable and crash your computer.
      To learn more about keys.openpgp.org, read their About and FAQ pages.

    • Update Tor Browser to 9.0.2.
    • Update Thunderbird to from 60.9.0 to 68.2.2.
    • Replace the TorBirdy extension with custom settings and patches in Thunderbird that provide equivalent privacy.
    • Update Enigmail to 2.1.3, which has a simplified setup wizard that automatically creates an OpenPGP key for new email accounts.
    • Update Linux to 5.3.9. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    Fixed problems
    • Add back the Show Passphrase check box in Tails Greeter. (#17177)
    • Fix the display of the troubleshooting error when GDM fails to start. (#17200)
    • Add back the option to Open in Terminal when doing right-click (on Mac, click with two fingers) in a folder in the Files browser. (#17186)
    • Make the installation of additional software more reliable. (#17203)
    For more details, read our changelog.

    Known Issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.2 is scheduled for January 7.
    tails (4.1) unstable; urgency=medium

    * Major changes
    - Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
    - Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).
    - Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.

    * Security fixes
    - Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).
    - Disable unprivileged userfaultfd syscall (Closes: #17196).
    - Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).
    - Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).
    - Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)
    - Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
    - Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).
    - Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).
    - Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).
    - Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
    - Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
    CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
    - Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).
    - Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).
    - Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).

    * Bugfixes
    - Remove TorBirdy (Closes: #17219, #17269).
    - Use keys.openpgp.org's Onion service as the default keyserver
    (Closes: #12689, #14770).
    - Fix ordering of GTK bookmarks setup vs. Tor Browser directories
    creation (Closes: #17206).
    - Bring back the "Show Passphrase" button in the Greeter
    (Closes: #17177).
    - Bring back "Open in Terminal" entry in the GNOME Files context menu
    (Closes: #17186).
    - Revert "Browsers: disable the Quantum Bar." (Closes: #17143).
    - Revert "Hide all Tor connection-related settings in
    about:preferences in all browsers" (Closes: #17214).
    - Wait until Tor has bootstrapped before we try to upgrade Additional
    Software (Closes: #17203).
    - Fix the "GDM failed to start" splash screen functionality
    (Closes: #17200).

    * Minor improvements and updates
    - htpdate: stop sending User-Agent that fakes Tor Browser
    (Closes: #12023).
    - HTP: replace encrypted.google.com with www.google.com.
    - Remove signal handler from Greeter UI file (Closes: #17240).
    - Upgrade AMD microcode to 3.20191021.1.
    - Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1

    * Build system
    - Update Vagrant box to Buster (Closes: #16868).
    - Adjust to timedatectl's output on Buster.
    - Adjust to Buster's debootstrap.
    - Vagrant: ensure the chroot has a /proc filesystem while running
    - Vagrant: install po4a from Stretch in the basebox.
    - build-tails: wait for NTP to be disabled before setting the desired
    - Bump APT snapshot of the Debian archive to 2019111801, including the
    10.2 point release of Buster (Closes: #17124, #17021).
    - Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
    (Closes: #17161).

    * Test suite
    - Ensure we don't break tests by opening the Applications menu in
    post_vm_start_hook (Closes: #17164).
    - Improve GnuPG testing (Closes: #12689):
    · Switch to using sajolida's key.
    · Start adjusting for keys.openpgp.org.
    · Make the "GnuPG's dirmngr uses the configured keyserver" step
    actually test what it is meant to.
    · Make error strings better reflect what failure they are about.
    · Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
    - Ensure dirmngr picks up the changes we make to its configuration.
    - Switch backend keyservers (Closes: #14770).
    - Don't leave redir(1) processes behind (Closes: #14948).
    - Update image for Buster (Closes: #14770).
    - Update fragility status of Seahorse scenarios.
    - Avoid multiple instances of tcpdump writing to the same file,
    resulting in an unparsable network capture (Closes: #17102).
    - Update for Thunderbird 68 (Closes: #17269).

    * Documentation:
    - Remove or adapt mentions to Tails Installer as only installation
    method (Closes: #17204).
    - Add a warning about which Tails to run rsync from (Closes: #17197).

    -- Tails developers <tails@boum.org> Mon, 02 Dec 2019 22:23:35 +0100
  13. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.1.1 Released
    Announcement and further information
    tails (4.1.1) unstable; urgency=medium

    * Bugfixes
    - Drop all network drivers from the initramfs to shrink its size
    drastically. Going over the 32 MiB mark might be the reason why so
    many Apple machines can't boot 4.1 while they could boot 4.0
    (Closes: #17320).
    - Only allow up to (but excluding) 32 MiB for initramfs accordingly.

    * Minor improvements and updates
    - Fix escape sequence in tails-gdm-failed-to-start.service, to avoid a
    warning message (Closes: #17166).

    -- Tails developers <tails@boum.org> Sun, 15 Dec 2019 23:51:25 +0100
  14. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.2 Released
    Announcement and further information
    Improvements to automatic upgrades
    We worked on important improvements to the automatic upgrade feature, which is still one of your major pain points when using Tails:
    • Until now, if your version of Tails was several months old, you sometimes had to do 2 or more automatic upgrades in a row. For example, to upgrade from Tails 3.12 to Tails 3.16, you first had to upgrade to Tails 3.14.
      Starting with 4.2, direct automatic upgrades will be available from all prior versions to the latest version.

    • Until now, you could only do a limited number of automatic upgrades, after which you had to do a much more complicated "manual" upgrade.
      Starting with 4.2, you will only have to do a manual upgrade between major versions, for example to upgrade to Tails 5.0 in 2021.
    • We made automatic upgrades use less memory.
    • We optimized a bit the size of the download when doing automatic upgrades.
    New features
    • We included several command line tools used by SecureDrop users to analyze the metadata of leaked documents on computers that cannot use the Additional Software feature:
      • PDF Redact Tools to redact and strip metadata from text documents before publishing
      • Tesseract OCR to convert images containing text into a text document
      • FFmpeg to record and convert audio and video
    Changes and upgrades
    • Update Tor Browser to 9.0.3.
    • Update Thunderbird to 68.3.0.
    • Update Linux to 5.3.15.
    Fixed problems
    • Open ~/Persistent/keepassx.kdbx by default when starting KeePassX. If this database does not exist yet, stop pointing to it in the list of recent databases.
    For more details, read our changelog.

    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.3 is scheduled for February 11.
    tails (4.2) unstable; urgency=medium

    * Major changes
    - Switch to a redesigned upgrade system (Closes: #15281), which:
    - removes the need for manual upgrades caused by lack of disk space
    on the Tails device
    - uses less RAM
    - Bump snapshot of the Debian archive to 2019122802

    * Security fixes
    - Upgrade Tor Browser to 9.0.3 (Closes: #17402)
    - Upgrade Linux to 5.3.15-1 (Closes: #17332)
    and upgrade the aufs module to 5.3-20191223
    - Upgrade Thunderbird to 1:68.3.0-2~deb10u1
    - Upgrade libsasl2 to 2.1.27+dfsg-1+deb10u1
    - Upgrade python3-ecdsa to 0.13-3+deb10u1

    * Bugfixes
    - KeePassXC:
    - Open ~/Persistent/keepassx.kdbx by default again (Closes: #17212)
    - Open the database specified by the user on the command-line, if any
    - Fix database renaming prompt
    - Upgrader:
    - Ensure debugging info lands in the Journal before we refer to it
    - Catch more download errors
    - Upgrade amd64-microcode to 3.20191218.1, which removes firmware
    updates that cause issues

    * Minor improvements and updates
    - Add metadata analysis tools used by SecureDrop (Closes: #17178)
    - Refresh the signing key before checking for available upgrades
    (Closes: #15279)
    - Port the Upgrader and perl5lib to a set of dependencies that are
    faster and have a lower memory footprint (Closes: #17152)
    - Ensure IUKs don't include files of our website if their content
    has not changed (refs: #15290)
    - Zero heap memory at allocation time and at free time (Closes: #17236)

    * Build system
    - Import the Upgrader and perl5lib codebases into tails.git
    (part of #7036)
    - lint_po: ignore pre-existing rply cache file that can cause
    trouble if it's corrupted (Closes: #17359)
    - Move generate-languages-list to auto/scripts
    - import-translations: work around the lack of usable branches
    in Tor's translation.git (Closes: #17279)
    - Build released IUKs on Jenkins and verify that they match
    those built locally by the Release Manager (Closes: #15287)
    - Don't download every localized Tor Browser tarball: instead,
    use the new tarball that includes every langpacks (Closes: #17400)

    * Test suite
    - Adapt for the "one single SquashFS diff" upgrade scheme
    - Chutney: update to upstream 33cbff7fc73aa51a785197c5f4afa5a91d81de9c
    (Closes: #16792)
    - Fix tagging of Chutney exit relays and bridge authorities
    - Tag Chutney clients as such
    - Wait for all Chutney nodes to have bootstrapped before assuming
    the simulated Tor network is ready
    - Don't try to save tor control sockets as artifacts
    - Add a crude script to generate IUKs for our test suite

    -- Tails developers <tails@boum.org> Mon, 06 Jan 2020 16:25:22 +0000
  15. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.2.2 Released
    Announcement and further information
    • Update Tor Browser to 9.0.4.

      This fixes a critical vulnerability in the JavaScript JIT compiler of Firefox and Tor Browser.
      Mozilla is aware of targeted attacks in the wild abusing this vulnerability.
      This vulnerability only affects the standard security level of Tor Browser. The safer and safest security levels are not affected.
    Fixed problems
    • Avoid a 2-minutes delay when restarting after doing an automatic upgrade. (#17026)
    For more details, read our changelog.

    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.3 is scheduled for February 11.
    tails (4.2.2) unstable; urgency=medium

    * Major changes
    - Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)

    * Bugfixes
    - Avoid the Upgrader proposing to upgrade to the version
    that's already running (Closes: #17425)
    - Avoid 2 minutes delay while rebooting after applying an automatic
    upgrade (Closes: #17026)
    - Make Thunderbird support TLS 1.3 (Closes: #17333)

    * Build system
    - IUK generation: don't make all files in the SquashFS diff
    owned by root, otherwise an upgraded system cannot start
    (Closes: #17422)

    -- Tails developers <tails@boum.org> Mon, 13 Jan 2020 09:21:51 +0000
  16. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.3 Released
    Announcement and further information
    New features
    • We included the trezor package, which provides a command line tool to use a Trezor hardware wallet for cryptocurrencies.
    Changes and Updates
    • Update Tor Browser to 9.0.5.
    • Update Thunderbird to 68.4.1.
    • Update Linux to 5.4.13. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    • Update Tor to
    • Update the VirtualBox Guest Additions to 6.1.2.
    Fixed problems
    • Fix the progress bar and prevent closing the window while an upgrade is being applied. (#16603)
    For more details, read our changelog.

    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.4 is scheduled for March 10.
    tails (4.3) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 9.0.5-build2 (Closes: #17469).
    - Update Linux kernel to linux-image-5.4.0-3-amd64, currently at
    5.4.13-1 (Closes: #17443).
    - Upgrade Thunderbird to 1:68.4.1-1~deb10u1

    * Bugfixes
    - live-persist: don't backup empty configuration files (Closes:
    #17112). In some cases, the previous code would overwrite a
    non-empty backup file with an empty one, making it harder to
    recover from the already painful #10976.
    - create-usb-image-from-iso: Run syslinux within proper chroot
    (Closes: #17179). Previously we ran syslinux from the host,
    which can lead to bugs if its versions differs from the one
    inside the chroot (which is what Tails will use later). Thanks
    to Johan Blåbäck for the patch!
    - Tails Upgrader: Fix progress bar not pulsating and hide useless
    OK button (Closes: #16603).

    * Minor improvements and updates
    - Upgrade tor to (Closes: #17059).
    - Install the trezor package, which adds a command-line (only)
    tool for managing Trezor devices (Closes: #17463). Thanks to
    Pavol Rusnak for the patch!
    - As a consequence of the Linux kernel upgrade we also:
    * Upgrade aufs to 5.4.3 20200127.
    * Install VirtualBox guest tools and kernel modules from sid.

    * Build system
    - Upgrade snapshot of the Debian archive to 2020020302, including
    the 10.3 point release of Debian Buster (Closes: #17458).
    - Add opt-in caching of the wiki (Closes: #15342).
    - Use mksquashfs' -no-exports option even when the fastcomp build
    option is set. "fastcomp" is supposed to only tweak SquashFS
    compression settings, but so far it was also disabling the
    -no-exports option that we set for our release builds.
    - Drop a bunch of packages installed for ikiwiki for various
    (obsoloete) resons:
    * libfile-chdir-perl, libyaml-perl and libxml-simple-perl which
    was needed back when we built our own ikiwiki from Git… a
    looong time ago.
    * libtext-multimarkdown-perl used multimarkdown ikiwiki which
    its doubtful we ever will use.
    * libhtml-scrubber-perl, libhtml-template-perl,
    libhtml-parser-perl, libyaml-libyaml-perl and liburi-perl
    which are already installed as ikiwiki dependencies.
    - Install libimage-magick-perl instead of the perlmagick
    transitional package.
    - Don't install obsolete dependencies whois and eatmydata.
    - Consistently validate individual build options as we parse them.
    This is consistent with how we handled "fastcomp" already. Only
    compatibility checks between multiple build options really need
    to happen later, once we've parsed all build options.
    - Remove 5 years old transition code
    - Fully provision the Vagrant box every time it starts, and
    partially re-provision it for every build.
    - Behave correctly when disabling a previously set "offline" or
    "vmproxy+extproxy" build option. Previously, setting one of
    these build options *once* would taint the Vagrant box forever
    with the resulting apt-cacher-ng configuration.
    - Shrink the apt-cacher-ng cache after a successful build too
    (Closes: #17288).
    - Set up infrastructure to retrieve log file from the VM even on
    build failure (Closes: #7749).
    - Always build from a fresh Git clone.
    - Set the permissions that Vagrant needs inside the source tree
    (Closes: #11411, #16607, #17289).

    * Test suite
    - Remove Seahorse key synchronization scenarios. These 2 scenarios
    never pass due to #17169, so currently:
    * They don't teach us anything new → no benefit.
    * Every time a developer looks at test suite results,
    they need to filter out this known problem, which takes time
    and trains us to ignore problems.

    -- Tails developers <tails@boum.org> Mon, 10 Feb 2020 14:08:59 +0100
  17. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.4 Released
    Announcement and further information
    Changes and Updates
    • Update Tor Browser to 9.0.6.
    • Update Thunderbird to 68.5.0.
    • Update Linux to 5.4.19. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    Fixed problems
    • Tentatively fix Wi-Fi interfaces with Realtek RTL8822BE and RTL8822CE chipsets. (#17323)
      If you had a problem with Wi-Fi starting from Tails 4.1, please let us know whether your problem was fixed or not.
    For more details, read our changelog.

    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.5 is scheduled for April 7.
    tails (4.4) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
    - Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
    (Closes: #17477).
    - Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
    - Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
    - Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
    - Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
    - Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).

    * Bugfixes
    - Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
    tails-workarounds provided firmwares until the firmware-realtek
    package is updated with the patch by Sjoerd Simons (Debian#935969).
    Note: This might not be sufficient to support those cards.

    * Minor improvements and updates
    - Upgrade dogtail to 0.9.11-6.
    - Upgrade virtualbox to 6.1.4-dfsg-1.

    * Build system
    - Vagrant build box: disable mitigation features for CPU
    vulnerabilities (Closes: #17386). Given the kind of things we do in
    our Vagrant build box, it seems very unlikely that vulnerabilities
    such as Spectre and Meltdown can be exploited in there. Let's
    reclaim some of the performance cost of the corresponding mitigation
    - Enable website caching by default, with a way option to disable it
    (Closes: #17439).
    - Key the website cache on debian/changelog too (Closes: #17511).
    - Update APT snapshot of the Debian archive to 2020030101.
    - Add support for the tails-workarounds submodule.

    -- Tails developers <tails@boum.org> Wed, 11 Mar 2020 10:59:10 +0100
  18. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.5 Released
    Announcement and further information
    Secure Boot
    Tails now starts on computers with Secure Boot enabled.
    If your Mac displays the following error:
    Security settings do not allow this Mac to use an external startup disk.​
    Then you have to change the settings of the Startup Security Utility of your Mac to authorize starting from Tails.

    Changes and Updates
    • Update Tor Browser to 9.0.9.
      This update fixes several vulnerabilities in Firefox, including some critical ones.
      Mozilla is aware of targeted attacks in the wild abusing these vulnerabilities.
    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.6 is scheduled for May 5.
    tails (4.5) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 9.0.9-build1 (Closes: #17594).
    - Upgrade BlueZ to 5.50-1.2~deb10u1 (DSA-4647).
    - Upgrade GnuTLS to 3.6.7-4+deb10u3 (DSA-4652).

    -- Tails developers <tails@boum.org> Mon, 06 Apr 2020 21:51:05 +0200

    tails (4.5~rc1) unstable; urgency=medium

    * Major changes
    - Migrate from aufs to overlayfs (Closes: #8415). This change touches
    many components which won't all be listed individually, but some
    highlights are listed below:
    ⋅ Adjust the build system to stop building the aufs kernel module.
    ⋅ Switch the kernel command line from union=aufs to union=overlayfs.
    ⋅ Adjust AppArmor profiles (Closes: #9045, #12112).
    . Adapt chroot-browsers (Closes: #12105).
    ⋅ Drop the aufs Git submodule.
    ⋅ Make memory erasure feature compatible with overlayfs
    (Closes: #15146).
    ⋅ Make Upgrader support and also generate overlayfs-based IUKs by
    default (Closes: #9373).
    - Use GRUB with Secure Boot support for x86_64 (Closes: #6560, #15806).
    This is also a large change, touching many components:
    ⋅ Install grub from bullseye.
    ⋅ Introduce a custom grub configuration file.
    ⋅ Use a custom background image.
    ⋅ Mimick Debian Installer's efi-image build script to handle all
    details in binary local hooks.
    ⋅ Add SYSLINUX in the syslinux bootloader menu, to make it easier to
    troubleshoot GRUB vs. syslinux issues (Closes: #17538).
    ⋅ Upgrader: Adjust to also handle files in EFI/debian when dealing
    with file removals.
    ⋅ Adjust test suite.
    - Migrate test suite from Sikuli to a combination of OpenCV (image
    matching), xdotool (mouse interaction), plus libvirt's send-key
    (keyboard interaction) (Closes: #15460). This is another major
    changes, allowing the test suite to run on Buster-based systems,
    touching various areas of the test suite, among which:
    ⋅ Add workaround for the Greeter when restoring snapshot.
    ⋅ Fix dependencies for Buster.
    ⋅ Replace some Sikuli-based options with some OpenCV-based ones
    (e.g. --retry-find → --image-bumping-mode).
    ⋅ Handle non-English keyboards.
    ⋅ Fix --capture on Buster and above.
    ⋅ Deal with Buster having migrated from avconv to ffmpeg.

    * Security fixes
    - Upgrade ICU to 63.1-6+deb10u1 (DSA-4646).

    * Minor improvements and updates
    - Refactor tails-documentation (Closes: #16903).

    * Build system
    - Freeze APT snapshots for 4.5~rc1.
    - Rakefile: always disable website caching when building from a tag
    (Closes: #17513).
    - Rakefile: fix recommended permissions (libvirt needs +r to share the
    source tree with the Vagrant box).
    - Import persistence-setup.git from its own repository into tails.git
    (Closes: #17526, #6487).
    - IUK: ensure rsync runtime dependency is installed.

    * Test suite
    - Adjust for the aufs → overlayfs migration (Closes: #12106, #17440,
    - run_test_suite: don't print usage on error.
    - run_test_suite: --view/--vnc-server-only are only supported on x11.
    - Optimize checking if file is empty.
    - Speed up some test failures to avoid resource starvation.
    - Check for tcplay dependency.
    - Increase chances chutney starts after unclean shutdown.
    - Make chutney log what it is doing.
    - Make opening Thunderbird's Extensions tab more robust.

    -- Tails developers <tails@boum.org> Thu, 26 Mar 2020 22:51:35 +0100
  19. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.6 Released
    Announcement and further information
    Changes and Updates
    • Update Tor Browser to 9.0.10.
    • Add support for Universal 2nd Factor USB security keys.
    • Update the list of applications in the Favorites applications submenu.
      To make it easier for new users to discover some of the core features of Tails, we added Configure persistent volume, Tails documentation, WhisperBack Error Reporting, and Tails Installer and removed Terminal.
    • Change the input method for Japanese from Anthy to Mozc. (#16719)
    Known issues
    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.7 is scheduled for June 2.
    tails (4.6) unstable; urgency=medium

    * Security fixes
    - Upgrade Tor Browser to 9.0.10-build2 (Closes: #17660).
    - Upgrade Thunderbird to 1:68.7.0-1~deb10u1 (MFSA-2020-14, DSA-4656).
    - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4657, DSA-4659).
    - Upgrade Node.js to 10.19.0~dfsg1-1 (DSA-4669).
    - Upgrade OpenLDAP to 2.4.47+dfsg-3+deb10u2 (DSA-4666).
    - Upgrade OpenSSL to 1.1.1d-0+deb10u3 (DSA-4661).
    - Upgrade ReportLab to 3.5.13-1+deb10u1 (DSA-4663).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u3 (DSA-4658).

    * Bugfixes
    - Switch Japanese input method from Anthy to Mozc (Closes: #16719).
    - Install the libu2f-udev package, for U2F device support.
    - Update our list of 'Favorites' applications (Closes: #16990).

    * Build system
    - lint_po: support locales with "@" in their name, such as ru@petr1708
    (Closes: #17554).
    - perl5lib: declare missing test dependencies (Closes: #17591).
    - iuk: declare missing test dependencies (Closes: #17592).
    - Upgrade to po4a 0.55 for Tails images and Vagrant box (Closes: #17005).

    * Test suite
    - Print disk usage information when the test suite fails with “No
    space left” errors.
    - Ensure no zombie processes are left around, by cleaning subprocesses
    correctly (Closes: #17551).
    - Prevent webrick from becoming a zombie process.
    - Avoid test suite getting stuck due to a zero timeout.
    - Fix obsoletion warnings (Closes: #17552).
    - Add root check and --allow-non-root option (Closes: #17613). Let's
    make it clear running the test suite requires root privileges in
    the general case.

    -- Tails developers <tails@boum.org> Mon, 04 May 2020 18:43:38 +0200
  20. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.7 Released
    Announcement and further information
    Changes and Updates
    • Update Tor Browser to 9.5.
    • Update Thunderbird to 68.8.0.
    Fixed Problems
    • Make the installation of Additional Software more robust. (#17278)
    • Clarify the error message when entering an incorrect password to unlock a VeraCrypt volume: Wrong passphrase or parameters instead of Error unlocking volume. (#17668)
    • Clean up confusing comments in /etc/tor/torrc. (#17706)
    For more details, read our changelog.

    Known issues

    None specific to this release.

    See the list of long-standing issues.

    What's coming up?
    Tails 4.8 is scheduled for June 30.
    tails (4.7) unstable; urgency=medium
    * Security fixes
    - Upgrade Tor Browser to 9.5-build2 (Closes: #17710).
    - Upgrade APT to (DSA-4685).
    - Upgrade BIND to 1:9.11.5.P4+dfsg-5.1+deb10u1 (DSA-4689).
    - Upgrade WebKitGTK to 2.28.2-2~deb10u1 (DSA-4681).
    - Upgrade Thunderbird to 1:68.8.0-1~deb10u1 (DSA-4683).
    * Bugfixes
    - Improve Additional Software reliability (Closes: #17278): disable
    periodic APT operations entirely, adjust timeouts, force data
    synchronization, preserve file ownership.
    - Make memory erasure feature compatible with overlayfs (Closes: #15146).
    - Adjust various documentation for the new GitLab-based hosting.
    * Minor improvements and updates
    - Fix title of unlock-veracrypt-volume error dialog in case of incorrect
    password (Closes: #17668).
    - Clean up confusing torrc (Closes: #17706).
    * Build system
    - IUK creation: don't use extreme compression options for the outer
    SquashFS container refs.
    - IUK creation: add support for building several IUKs in parallel locally
    (Closes: #17657).
    - IUK verification: add support for fetching IUKs built in parallel on
    Jenkins (Closes: #17658).
    - Release process: generate UDFs on the alpha channel for previous
    non-final releases (Closes: #17614).
    - Remove aufs-based IUK generation code and doc (Closes: #17489).
    * Test suite
    - Adjust for augmented timeouts in Additional Software.
    - Adjust locale lookup to check several directories.
    - Speed up 'I fill a ... MiB file' step by 1000%.
    - Keep latest test suite screenshot (Closes: #17621).
    - Fix test suite breaking when the user connects to the VM via virt-viewer
    (Closes: #17623).
    - Adjust reference images and titles following the migration to GitLab
    (Closes: #17718, 17719).
    -- Tails developers <tails@boum.org> Mon, 01 Jun 2020 18:31:41 +0200
  21. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.8 Released
    Announcement and further information
    New features
    • We disabled the Unsafe Browser by default and clarified that the Unsafe Browser can be used to deanonymize you.

      An attacker could exploit a security vulnerability in another application in Tails to start an invisible Unsafe Browser and reveal your IP address, even if you are not using the Unsafe Browser.

      For example, an attacker could exploit a security vulnerability in Thunderbird by sending you a phishing email that could start an invisible Unsafe Browser and reveal them your IP address.

      Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm.

      This is why we recommend that you:
      • Only enable the Unsafe Browser if you need to log in to a captive portal.
      • Always upgrade to the latest version of Tails to fix known vulnerabilities as soon as possible.
    • We added a new feature of the Persistent Storage to save the settings from the Welcome Screen.

      This feature is beta and only the additional setting to enable the Unsafe Browser is made persistent. The other settings (language, keyboard, and other additional settings) will be made persistent in Tails 4.9 (July 28).
    Changes and Updates
    • Update Tor Browser to 9.5.1.
    • Update Thunderbird to 68.9.0.
    • Update Linux to 5.6.0. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    Fixed Problems
    • Fix the Find in page feature of Thunderbird. (#17328)
    • Fix shutting down automatically the laptop when resuming from suspend with the Tails USB stick removed. (#16787)
    • Notify always when MAC address spoofing fails and the network interface is disabled. (#17779)
    • Fix the import of OpenPGP public keys in binary format (non armored) from the Files browser.
    For more details, read our changelog.

    Known issues

    • Administration passwords set at the Welcome Screen cannot contain most non-english characters, including spaces (#17792). Because of this you should limit your passwords to only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: _@%+=:,./-. Once you have logged in you can change the password however you like using the passwd command in a Terminal.
    See the list of long-standing issues.

    What's coming up?
    Tails 4.9 is scheduled for July 28.
    tails (4.8) unstable; urgency=medium
    * Major changes
    - Welcome Screen: after a large refactoring we now can persist
    settings (See: #17136)! Currently it is limited to the newly
    added option that controls whether the Unsafe Browser is allowed
    to start (#17085). In the next major release we'll support all
    * Security fixes
    - Allow to disable the Unsafe Browser in the Welcome Screen
    (Closes: #17085). The Unsafe Browser can be used by exploits to
    deanonymize the Tails user (for details, see: #15635).
    - Upgrade Tor Browser to 9.5.1-build2 (Closes: 17782).
    - Thunderbird:
    * Upgrade to Thunderbird 68.9.0 (DSA-4702).
    * Disable unsafe MX automatic configuration method (Closes:
    * Disable unsafe MS Exchange automatic configuration method
    (Closes: #17654).
    - Upgrade Linux kernel to linux-image-5.6.0-2 at 5.6.14-2 (Closes:
    #17611, #17620).
    - Upgrade gnutls28-based packages to 3.6.7-4+deb10u4 (DSA-4697).
    - Upgrade intel-microcode to 3.20200609.2~deb10u1 (DSA-4701).

    * Bugfixes
    - Trigger emergency shutdown on resume when the boot device was
    removed while suspended (Closes: #16787).
    - Thunderbird: make searching in messages (Find bar and Find in
    This Message) work again (Closes: #17328).
    - Ensure Mac Spoofing Panic messages will be correctly displayed
    (Closes: #17779). udev may close child processes when a process
    associated with a rule (/etc/udev/rules) terminates so we wait
    for those processes before exiting.
    - Wrap `seahorse-tool --import` so it is handled by `gpg --import`
    (Closes: #17183). This makes importing binary keys via GNOME
    Files integration possible again.
    * Minor improvements and updates
    - Upgrade to tor (Closes: #17741).
    - Upgrade LibreOffice to 1:6.1.5-3+deb10u6.
    - Upgrade VirtualBox guest modules to 6.1.10-dfsg-1.
    - Append Unsafe Browser setting to WhisperBack debug info.
    * Build system
    - Upgrade snapshot of the Debian archive to 2020061003, including
    the 10.4 point release of Debian Buster (Closes: #17620).
    - Tor Browser AppArmor profile: update patch to apply on top of
    0.3.2-11 (Closes: #17612)
    - Thunderbird AppArmor profile: update patch to apply on top of
    68.9.0 (Closes: #17769).
    * Test suite
    - Establish a coding standards baseline on our Ruby code base
    using Rubocop (Closes: #17646). This *MASSIVE* change includes
    mainly stylistic fixes and linting but also a few bug fixes,
    some dead code removal and code simplifications/refactorings,
    spelling fixes, improved gherkin and even removal the of
    a few duplicated tests and merging of very similar tests.
    - Improve robustness of navigating the GRUB menu in UEFI mode, and
    consequently drop the @fragile tag on the UEFI boot scenario
    (Closes: #13459).
    - Allow configuring the number of vCPUs given to TailsToaster.
    Based on work done by kytv (♥) on #6729. On powerful hardware
    with many CPUs, Tails boots much faster with >2 vCPUs given to
    - Disable desktop size and clipboard interference between the host
    system and the system under test when using --view.
    - Ensure we run post_snapshot_restore_hook every time it's needed.
    - Fix running with XDG_SESSION_TYPE unset (Closes: #17596).
    - Always test the localized start up page of the Unsafe Browser.
    - Add --keep-chutney option to keep Chutney data, but no
    snapshots, between runs.
    - Revert "Test suite: disable tests about notifications in case of
    MAC spoofing failure (refs: #10774)"
    - Verify that the Unsafe Browser is disabled by default.
    - Test suite: fix --image-bumping-mode.
    -- Tails developers <tails@boum.org> Mon, 29 Jun 2020 16:02:18 +0200
  22. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.9 Released
    Announcement and further information
    Changes and Updates
    • Update Tor Browser to 9.5.3.
    • Update Thunderbird to 68.10.0.
    • Update Linux to 5.7.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    Fixed Problems
    • Allow characters others than A–Z, a–z, 1–9, and _@%+=:,./- in the administration password. (#17792)
    • Apply the keyboard layout that is automatically selected when you change the language in the Welcome Screen. (#17794)
    • Fix starting Tails with the toram boot option. (#17800)
    For more details, read our changelog.

    Known issues

    • USB Wi-Fi adapters with Atheros AR9271 hardware do not work with Linux 5.7.6. (#17834)
    See the list of long-standing issues.

    What's coming up?
    Tails 4.10 is scheduled for August 25.
    tails (4.9) unstable; urgency=medium
    * Security fixes
    - Upgrade Tor Browser to 9.5.3-build1 (Closes: #17827).
    - Upgrade Thunderbird to 1:68.10.0-1~deb10u1 (DSA-4718).
    - Upgrade Linux to 5.7.0-1 at 5.7.6-1 (Closes: #17786).
    - Upgrade Evolution Data Server to 3.30.5-1+deb10u1 (DSA-4725).
    - Upgrade FFmpeg to 7:4.1.6-1~deb10u1 (DSA-4722).
    - Upgrade ImageMagick to 8: (DSA-4712).
    - Upgrade NSS to 2:3.42.1-1+deb10u3 (DSA-4726).
    - Upgrade OpenMPT to 2:3.42.1-1+deb10u3 (DSA-4729).
    - Upgrade WebKitGTK to 2.28.3-2~deb10u1 (DSA-4724).
    * Bugfixes
    - Fix quoting issue triggering problems with some administration
    passwords (Closes: #17792).
    - Fix toram boot option by not starting the tails-shutdown-on-media-removal
    service unit in that case (Closes: #17800).
    - Fix keyboard setting handling in the greeter (Closes: #17794).
    - Make sure log messages can be displayed by Plymouth, which has strict
    limits, and improve parsing in tails-gdm-error-message (Closes: #17533).
    - Upgrade firmware-linux and firmware-nonfree to 20200421-1.
    * Minor improvements and updates
    - Ensure MAC spoofing messages are translated (Closes: #17783).
    - Improve failure handling for MAC spoofing (Closes: #17784).
    - Trigger MAC spoofing "panic" mode when the debug=test_mac_spoof_panic boot
    option is set.
    - Upgrade VirtualBox guest modules to 6.1.12-dfsg-5.
    * Build system
    - Automate post-release GitLab updates, using gitlab-triage (Closes: #17589).
    - Fix a lot of possible problems spotted by ShellCheck, thanks to Paul Wise.
    - Stop installing custom firmware: firmware-realtek 20200421-1 includes it
    (See: #17786, #17323).
    - Update Thunderbird patches (Closes: #6156, #17808).
    - Bump snapshot of the Debian archive to 2020071801 (Closes: #17786).
    * Test suite
    - Add shell-special chars to passwords (See: #17792).
    - Always test the Unsafe Browser in Farsi.
    - Fix support for symlinks (Closes: #17547).
    - Update persistence-setup test suite for a new preset in Welcome Screen
    - Drop Thunderbird POP3 test.
    - Make the "the Tor Browser has started" step stricter.
    - Improve error output when the Unsafe Browser fails to start in some locale.
    -- Tails developers <tails@boum.org> Mon, 27 Jul 2020 09:03:10 +0200
  23. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.10 Released
    Announcement and further information
    Changes and Updates
    • Update Tor Browser to 9.5.4.
    • Update Tor to
    • Update Electrum from 3.3.8 to 4.0.2.
    • Update Linux to 5.7.10. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    • Hide the welcome message when starting Thunderbird.
    Fixed Problems
    • Fix support for USB Wi-Fi adapters with Atheros AR9271 hardware. (#17834)
    • Fix USB tethering from iPhone. (#17820)
    For more details, read our changelog.

    Known issues

    None specific to this release.
    See the list of long-standing issues.

    What's coming up?
    Tails 4.11 is scheduled for September 22.
    tails (4.10) unstable; urgency=medium
    * Security fixes
    - Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
    - Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
    * Bugfixes
    - Make iPhone Tethering work by adding udev rule to disable MAC
    spoofing for it (Closes: #17820).
    - Remove broken Thunderbird protocol selection. This code has been
    a no-op in practice since at least Tails 4.0. We've decided to
    reject #17276 and investigate what the biggest problems are for
    email in Tails with slow/shitty Internet connections:
    default'ing to IMAP may, or may not, be part of these
    problems (Closes #17276).
    * Minor improvements and updates
    - Upgrade to Tor (Closes: #17835).
    - Upgrade to Electrum 4.0.2 (Closes: #17828).
    - Hide Thunderbird welcome message: it is not relevant in the
    context of Tails. For example, it feels weird that we would
    encourage users to donate to Thunderbird about as loudly as we
    encourage them to donate to Tails. Besides, the default message
    is retrieved from the web when Thunderbird starts. We don't
    need this extra network activity.
    - import-translations: use *_release branches instead of
    *_completed branches. The new *_release branches contain exactly
    what we want, i.e. all reviewed translations from
    Transifex. While the *_completed branches only contain PO files
    for languages that are fully translated (Closes: #16774).
    * Build system
    - Upgrade snapshot of the Debian archive to 2020081601, including
    the 10.5 point release of Debian Buster (Closes: #17790).
    - On Bullseye and newer: use custom, fake, unversioned python
    packages. The unversioned python packages are not shipped in
    Bullseye/sid anymore, and even old versions are not installable
    anymore (Closes: #17858).
    - Import vagrant-libvirt's create_box.sh script. It's not included
    in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).
    * Test suite
    - Improve robustness for scenario "The Additional Software dpkg
    hook notices when persistence is locked down while installing a
    - Improve robustness for scenario "Use GNOME Disks to unlock a USB
    drive that has a basic VeraCrypt volume with a keyfile".
    - Improve robustness of cloning a Git repository.
    - Don't hammer resources of the system under test while
    installing/removing packages. I see every such dpkg|grep call
    takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
    default delay between checks, which I suspect is enough to slow
    down the package installation/removal we're exercising.
    - Update expected title of the GitLab page we use
    - Rubocop: target Ruby 2.5 (Buster).
    -- Tails developers <tails@boum.org> Mon, 24 Aug 2020 13:28:43 +0200
  24. mood

    mood Updates Team

    Oct 27, 2012
    Call for testing: 4.11~rc1
    September 6, 2020
  25. mood

    mood Updates Team

    Oct 27, 2012
    Tails 4.11 Released
    Announcement and further information
    New Features
    • We added a new feature of the Persistent Storage to save the settings from the Welcome Screen: language, keyboard, and additional settings.
      To restore your settings when starting Tails, unlock your Persistent Storage in the Welcome Screen.
    Changes and Updates
    • Update Tor Browser to 10.0.
    • Update Thunderbird to 68.12.
    • Update Linux to 5.7.17. This should improve the support for newer hardware (graphics, Wi-Fi, etc.).
    • Configure KeePassXC to use the new default location Passwords.kdbx. (#17286)
    • Update python3-trezor to 0.11.6 to add compatibility with the new Trezor Model T.
    Fixed Problems
    • Disable the feature to Turn on Wi-Fi Hotspot in the Wi-Fi settings because it doesn't work in Tails. (#17887)
    For more details, read our changelog.

    Known issues

    None specific to this release.
    See the list of long-standing issues.

    What's coming up?
    Tails 4.12 is scheduled for October 20.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.