tails (0.22) unstable; urgency=medium
* Security fixes
– Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
– Stop migrating persistence configuration and access rights. Instead,
disable all persistence configuration files if the mountpoint has wrong
access rights (Closes: #6413).
– Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting
the browser, such as CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
* Major improvements
– Switch to Iceweasel 24 (Closes: #6370).
· Resync’ (most) Iceweasel prefs with TBB 3.0-beta-1 and get rid
of many obsolete or default settings.
· Disable WebRTC (Closes: #6468).
· Import TorBrowser profile at commit
51bf06502c46ee6c1f587459e8370aef11a3422d from the tor-browser-24.2.0esr-1
branch at https://git.torproject.org/tor-browser.git.
– Switch to Torbutton 1.6.5 (Closes: #6371).
· Prevent Torbutton from asking users to “upgrade TBB”.
· Use the same Tor SOCKS port as the TBB (9151) for our web browser.
This should be enough to avoid being affected by Tor#8511.
· Disable Torbutton 1.6′s check for Tor.
Unfortunately, the new check.torproject.org breaks the remote Tor
check. We cannot use the local Tor check with the control port. So,
the shortest and sanest path to fixing the check issue, because the
remote Tor check is broken” seems to simply disable this check.
Patch submitted upstream as Tor#10216.
– Prepare incremental upgrades to be the next default way to upgrade Tails,
on point-releases at least.
– Deny X authentication only after Vidalia exits (Closes: #6389).
– Disable DPMS screen blanking (Closes: #5617).
– Fix checking of the persistent volume’s ACL.
– Sanitize more IP and MAC addresses in bug reports (Closes: #6391).
– Do not fail USB upgrade when the “tmp” directory exists on the
– Tails Installer: list devices with isohybrid Tails installed
* Minor improvements
– Create a configuration file for additional software if needed
– Translations all over the place.
– Enable favicons in Iceweasel.
– Do not propose to make permanent NoScript exceptions.
In Tails, every such thing is temporary, so better only display the menu
entry that’s about temporarily allowing something.
– Clearer warning when deleting persistent volume (thanks to Andres Gomez
Ramirez for the patch).
– Make wording in Tails Installer more consistent.
[ WinterFairy ]
* Use IBus instead of SCIM (Closes: #6206).
It makes it possible to input passwords in pinentry for at least Japanese,
Chinese and Korean languages.
* Add an import-translation script.
This automates the importation process of completed translations
* Always list optimal keyboard layout in the greeter (Closes: #5741).
* Fix on-the-fly translation of the greeter in various languages
* Update I2P to 0.9.8.1 (Closes: #6080, #5889).
* Improve I2P configuration:
– Disable IPv6 support in a nicer way.
– Disable i2cp (allows java clients to communicate from outside the JVM). If
this is unset an exception for port 7654 would need to be added to ferm.
– Disable “in-network” updates (this is also done in the regular I2P
– Disable the outproxies. Access to the Internet is already routed through
Tor so these are unnecessary. If end-users have a good reason to go
through one of the I2P outproxies they can turn them back on.
* Add a couple of default I2P IRC channels to Pidgin.
* Allow access to the local ‘eepsite’ through FoxyProxy.
* Add firewall exceptions for the standard I2P ports.
— Tails developers Sat, 30 Nov 2013 16:47:18 +0100
Numerous security holes in Tails 0.21
If you’re not sure what the cryptographic signature is, please read the part on verifying the ISO image.
The cryptographic signature of the ISO image is also included in the Torrent.
Additionally, you can verify the signature of the Torrent file itself before downloading it.