September 3rd, 2012
· Kernel 3.4.7 with better hardware support (e.g., brcmsmac), and Unionfs replaced by overlayfs, which is expected to be eventually accepted into mainline. Incidentally, overlayfs allows for stricter read-write layer permissions (changed executables cannot be run).
· EFI boot binaries are signed for Secure Boot (tested in OVMF), establishing a trusted boot chain starting with a KEK / DB certificate (located in EFI directory). The certificate signs GRUB EFI images, which verify GRUB configuration files and the Linux kernel. Kernel's initramfs (now embedded into kernel image) then verifies the compressed root filesystem image. With regular BIOS-based Syslinux boot, only the last stage is performed (as was done in previous releases). However, a minimal bootstrap .iso image (lacking a compressed root filesystem) is now shipped, which can be burned to read-only media and used to boot a regular install of Liberté on writable media.
· Xorg server 1.12 and Mesa 8.0 with Gallium3D for Radeon cards, nouveau driver for Nvidia cards, and support for accelerated VMware graphics virtualization.
· Simplified boot parameters handling — most previous parameters are now omitted. If you are using a custom bootloader configuration, make sure to update it, and to remove initrd parameters. This release still ships an empty initrd file to avoid issues with upgrading customized setups, but next release will omit the file.
· Added “blacklist” boot parameter for blacklisting kernel modules from autoloading. E.g.:blacklist=nouveau,tg3.
· Added “bridges” boot parameter for specifying Tor bridges to use instead of direct connections to relays. E.g.: bridges=172.16.1.2,172.16.3.4:6001 (port :443 can be omitted).
· Added "gentoo=noanon" boot parameter for non-anonymous usage mode, which disables automatic Torification of clearnet traffic (user-level settings are kept separately).
· Added optional PKCS#11 smart-cards support to GnuPG.
· Added reaver-wps, a WiFi Protected Setup cracking tool.
· Added Redshift, a screen color temperature adjuster (command-line only).
· Disabled GnuPG-S/MIME autoimport of expired certificates — removes clutter in GNU Privacy Assistant.
· GTK-2 and GTK-3 themes are now uniform (Light Themes variants).
June 18th, 2012
· No executables with PaX exceptions anymore
· Better boot media support (including fixes for SD and USB 3.0)
· New microhttpd-based cables communication implementation (no protocol changes) — nginx / spawn-fcgi / fcgiwrap integration is gone
· VIPS image manipulation toolkit (including nip2 GUI)
· Fixed key retrieval in GNU Privacy Assistant
· Touchscreen calibration utility
May 12th, 2012
· This version features more extensive hardware and firmware support.
· Experimental (U)EFI booting support has been added.
· Most of the filesystem is now read-only.
· The SquashFS image is verified early in the boot process.
· Cables communication now realizes perfect forward secrecy and repudiability.
· Support for running as a virtualized guest has been improved.
· Epiphany is now used as the browser instead of Midori.
November 8th, 2011
· This version adds ISO images, deployment to EXT2-4 filesystems, better touchpad support in X, better VM integration (including VirtualBox share automounting), more filesystems supported on media, an applet for switching Tor identity, I2P support (experimental, including cable communication), a hardened and extended HTP time daemon, HTML5 video support in Midori, SASL authentication and OTR encryption support in XChat, and VPN support in NetworkManager. Kernel 2.6.39 with SquashFS XZ compression and NX support requires a PentiumIII+ with PAE.