Tails Changelog

New in version 1.1.1

September 2nd, 2014
  • Security fixes:
  • Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
  • Add an I2P boot parameter. Without adding "i2p" to the kernel command line, I2P will not be accessible for the Live user. I2P was also upgraded to 0.9.14.1-1~deb7u+1, and stricter firewall rules are applied to it, among other security enhancements.
  • Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
  • Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667 and CVE-2014-4943).
  • Prevent dhclient from sending the hostname over the network (ticket #7688).
  • Override the hostname provided by the DHCP server (ticket #7769).
  • Bugfixes:
  • Don't ship OpenJDK 6: I2P prefers v7, and we don't need both (ticket #7807).
  • Prevent Tails Installer from updating the system partition properties on MBR partitions (ticket #7716).
  • Minor improvements:
  • Upgrade to Torbutton 1.6.12.1.
  • Install gnome-user-guide (ticket #7618).
  • Install cups-pk-helper (ticket #7636).
  • Update the SquashFS sort file, which should speed up boot from DVD (ticket #6372).
  • Compress the SquashFS more aggressively (ticket #7706) which should make the Tails ISO image smaller.

New in version 1.1 (July 23rd, 2014)

  • Rebase on Debian Wheezy
  • Upgrade literally thousands of packages.
  • Migrate to GNOME3 fallback mode.
  • Install LibreOffice instead of OpenOffice.
  • Major new features
  • UEFI boot support, which should make Tails boot on modern hardware and Mac computers.
  • Replace the Windows XP camouflage with a Windows 8 camouflage.
  • Bring back VirtualBox guest modules, installed from Wheezy backports. Full functionality is only available when using the 32-bit kernel.
  • Security fixes
  • Fix write access to boot medium via udisks (ticket #6172).
  • Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1 (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
  • Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
  • Make persistent file permissions safer (ticket #7443).
  • Bugfixes
  • Fix quick search in Tails Greeter's Other languages window (Closes: ticket #5387)
  • Minor improvements
  • Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in Debian since Squeeze, now is a good time to drop the obsolete 0.4 implementation.
  • Require a bit less free memory before checking for upgrades with Tails Upgrader. The general goal is to avoid displaying "Not enough memory available to check for upgrades" too often due to over-cautious memory requirements checked in the wrapper.
  • Whisperback now sanitizes attached logs better with respect to DMI data, IPv6 addresses, and serial numbers (ticket #6797, ticket #6798, ticket #6804).
  • Install the BookletImposer PDF imposition toolkit.

New in version 1.1 RC1 (July 15th, 2014)

  • Security fixes:
  • Don't allow the desktop user to pass arguments to tails-upgrade-frontend (ticket #7410).
  • Make persistent file permissions safer (ticket #7443).
  • Set strict permissions on /home/amnesia (ticket #7463).
  • Disable FoxyProxy's proxy:// protocol handler (ticket #7479).
  • Bug fixes:
  • Use pinentry as the GnuPG agent, as we do on Squeeze (ticket #7330). This is needed to support OpenPGP smartcards.
  • Cleanup some packages that were installed by mistake.
  • Fix emergency shutdown when removing the boot device before login (ticket #7333).
  • Resume support of persistent volumes created with Tails 1.0.1 and earlier (ticket #7343).
  • Revert back to browsing the offline documentation using Iceweasel instead of Yelp (ticket #7390, ticket #7285).
  • Automatically transition NetworkManager persistence setting when upgrading from Squeeze to Wheezy (ticket #7338). Note: the data is not migrated.
  • Fix the Unsafe Web Browser startup in Windows camouflage mode (ticket #7329).
  • Make it possible to close error messages displayed by the persistent volume assistant (ticket #7119).
  • Fix some file associations, with a backport of shared-mime-info 1.3 (ticket #7079).
  • Minor improvements:
  • Various improvements to the Windows 8 camouflage.
  • Fix "Upgrade from ISO" functionality when run from a Tails system that ships a different version of syslinux than the one in the ISO (ticket #7345).
  • Ensure that the MBR matches the syslinux version used by the Tails release it is supposed to boot.
  • Help Universal USB Installer support Tails again, by include syslinux.exe for Windows in the ISO filesystem (ticket #7425).
  • Improve the Tails Installer user interface a bit.
  • Enable double-clicking to pick entries in the language or keyboard layout lists in Tails Greeter.

New in version 1.1 Beta 1 (May 30th, 2014)

  • Rebase on Debian 7 (Wheezy):
  • Upgrade literally thousands of packages.
  • Install LibreOffice instead of OpenOffice.
  • Fix write access to boot medium via udisks (ticket #6172).
  • Security fixes:
  • Upgrade Tor to 0.2.4.22.
  • Major new features:
  • Replace the Windows XP camouflage with an experimental Windows 8 one.
  • UEFI boot support. This allows you to boot Tails from USB sticks on recent hardware, and especially on Mac. It enables you to use great features such as persistence and ?automatic upgrades. If you experience problems, please have a look at the known issues for UEFI support.
  • Install Linux 3.14 from Debian unstable for improved hardware support.
  • Improve integration when run inside VirtualBox. This enables, for instance, more screen resolutions, host-guest file and clipboard sharing. Unfortunately, full functionality is only available when using the 32-bit kernel.
  • Minor improvements:
  • Install seahorse-nautilus, replacing seahorse-plugins (Closes ticket #5516).
  • Install the BookletImposer PDF imposition toolkit.
  • Install GtkHash and its Nautilus interface (Closes ticket #6763).
  • Install the hledger accounting program.
  • Tails Greeter's help window now adapts to the screen resolution.
  • Whisperback now sanitizes attached logs better with respect to DMI data, IPv6 addresses, and serial numbers (Closes ticket #6797, ticket #6798, ticket #6804).
  • Integrate the new logo in Tails Installer (Closes ticket #7095)

New in version 1.0 (April 29th, 2014)

  • Security fixes:
  • Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1 (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches).
  • Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1:
  • Based on 0.2.4.21-1~d60.squeeze+1.
  • Backport the fix for bug #11464 on Tor Project's Trac. It adds client-side blacklists for all Tor directory authority keys that was vulnerable to Heartbleed. This protects clients in case attackers were able to compromise a majority of the authority signing and identity keys.
  • Bugfixes:
  • Disable inbound I2P connections. Tails already restricts incoming connections, but this change tells I2P about it.
  • Fix link to the system requirements documentation page in the Tails Upgrader error shown when too little RAM is available.
  • Minor improvements:
  • Upgrade I2P to 0.9.12-2~deb6u+1.
  • Import TorBrowser profile. This was forgotten in Tails 0.23 and even though we didn't explicitly set those preferences in that release they defaulted to the same values. This future-proofs us in case the defaults would ever change.
  • Import new custom version of Tor Launcher:
  • Based on upstream Tor Launcher 0.2.5.3.
  • Improve how Tor Launcher handles incomplete translation. (bug #11483 on Tor Project's Trac; more future-proof fix for ticket #6885)
  • Remove the bridge settings prompt. (bug #11482 on Tor Project's Trac; closes ticket #6934)
  • Always show bridge help button. (bug #11484 on Tor Project's Trac)
  • Integrate the new Tails logo into various places:
  • The website
  • The boot splash
  • The "About Tails" dialog

New in version 0.23 RC1 (March 8th, 2014)

  • Major improvements:
  • Spoof the network interfaces' MAC address by default (Closes: ticket #5421), as specified in our on design document .
  • Rework the way to configure how Tor connects to the network (bridges, proxies, restrictive firewalls): add an option to Tails Greeter, start Tor Launcher when needed (Closes: ticket #5920, ticket #5343).
  • Bugfixes:
  • Additional software: do not crash when persistence is disabled (Closes: ticket #6440).
  • Upgrade Pidgin to 2.10.9, that fixes some regressions introduced in the 2.10.8 security update (Closes: ticket #6661).
  • Wait for Tor to have fully bootstrapped, plus a bit more time, before checking for upgrades (Closes: ticket #6728) and unfixed known security issues.
  • Disable the Intel Management Engine Interface driver (Closes: ticket #6460). We don't need it in Tails, it might be dangerous, and it causes bugs on various hardware such as systems that reboot when asked to shut down.
  • Add a launcher for the Tails documentation. This makes it available in Windows Camouflage mode (Closes: ticket #5374, ticket #6767).
  • Remove the obsolete wikileaks.de account from Pidgin (Closes: ticket #6807).
  • Minor improvements:
  • Upgrade Tor to 0.2.4.21-1~d60.squeeze+1.
  • Upgrade obfsproxy to 0.2.6-2~~squeeze+1.
  • Upgrade I2P to 0.9.11-1deb6u1.
  • Install 64-bit kernel instead of the 686-pae one (Closes: ticket #5456). This is a necessary first step towards UEFI boot support.
  • Install Monkeysign (in a not-so-functional shape yet).
  • Disable the autologin text consoles (Closes: ticket #5588). This was one of the blockers before a screen saver can be installed in a meaningful way (ticket #5684).
  • Don't localize the text consoles anymore: it is broken on Wheezy, the intended users can as well use loadkeys, and we now do not have to trust setupcon to be safe for being run as root by the desktop user.
  • Make it possible to manually start IBus.
  • Reintroduce the possibility to switch identities in the Tor Browser, using a filtering proxy in front of the Tor ControlPort to avoid giving full control over Tor to the desktop user (Closes: ticket #6383).
  • Incremental upgrades improvements:
  • Drop the Tails Upgrader launcher, to limit users' confusion (Closes: ticket #6513).
  • Lock down sudo credentials a bit.
  • Hide debugging information (Closes: ticket #6505).
  • Include ~/.xsession-errors in WhisperBack bug reports. This captures the Tails Upgrader errors and debugging information.
  • Report more precisely why an incremental upgrade cannot be done (Closes: ticket #6575).
  • Various user interface and phrasing improvements.
  • Don't install the Cookie Monster browser extension (Closes: ticket #6790).
  • Add a browser bookmark pointing to Tor's Stack Exchange (Closes: ticket #6632).
  • Remove the preconfigured #tor channel from Pidgin: apparently, too many Tails users go ask Tails questions there, without making it clear that they are running Tails, hence creating a user-support nightmare (Closes: ticket #6679).
  • Use (most of) Tor Browser's mozconfig (Closes: ticket #6474).
  • Rebase the browser on top of iceweasel 24.3.0esr-1, to get the certificate authorities added by Debian back (Closes: ticket #6704).
  • Give access to the relevant documentation pages from Tails Greeter.
  • Hide Tails Greeter's password mismatch warning when entry is changed.
  • Persistent Volume Assistant:
  • Take into account our installer is now called Tails Installer.
  • Optimize window height (Closes: ticket #5458).
  • Display device paths in a more user-friendly way (Closes: ticket #5311).
  • Build system:
  • Ease updating POT and PO files at release time, and importing translations from Transifex (Closes: ticket #6288, ticket #6207).
  • Drop custom poedit backport, install it from squeeze-backports-sloppy.
  • Make ISO and IUK smaller (Closes: ticket #6390, ticket #6425):
  • Exclude more files from being included in the ISO.
  • Remove *.pyc later so that they are not recreated.
  • Truncate log files later so that they are not filled again.
  • At ISO build time, set mtime to the epoch for large files whose content generally does not change between releases. This forces rsync to compare the actual content of these files, when preparing an IUK, instead of blindly adding it to the IUK merely because the mtime has changed, while the content is the same.
  • Make local hooks logging consistent.
  • Test suite:
  • Migrate from JRuby to native Ruby + rjb.
  • The test suite can now be run on Debian Wheezy + backports.
  • Fix buggy "persistence is not enabled" step (Closes: ticket #5465).
  • Use IPv6 private address as of RFC 4193 for the test suite's virtual network. Otherwise dnsmasq from Wheezy complains, as it is not capable of handling public IPv6 addresses.
  • Delete volumes after each scenario unless tagged @keep_volumes.
  • Add an anti-test to make sure the memory erasure test works fine.
  • A *lot* of bugfixes, simplifications and robustness improvements.

New in version 0.22.1 (February 4th, 2014)

  • Security fixes:
  • Update NSS to 3.14.5-1~bpo60+1.
  • Major improvements:
  • Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.
  • Install Linux 3.12 (3.12.6-2).
  • Bugfixes:
  • Fix the keybindings problem introduced in 0.22.
  • Fix the Unsafe Browser problem introduced in 0.22.
  • Use IE's icon in Windows camouflage mode.
  • Handle some corner cases better in Tails Installer.
  • Minor improvements:
  • Update Tor Browser to 24.2.0esr-1+tails1.
  • Update Torbutton to 1.6.5.3.
  • Do not start Tor Browser automatically, but notify when Tor is ready.
  • Import latest Tor Browser prefs.
  • Many user interface improvements in Tails Upgrader.

New in version 0.22.1 RC1 (January 11th, 2014)

  • Security fixes:
  • Update NSS to 3.14.5-1~bpo60+1.
  • Major improvements:
  • Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.
  • Install Linux 3.12 (3.12.6-2).
  • Bugfixes:
  • Fix the keybindings problem introduced in 0.22.
  • Fix the Unsafe Browser problem introduced in 0.22.
  • Use IE's icon in Windows camouflage mode.
  • Handle some corner cases better in Tails Installer.
  • Minor improvements:
  • Update Tor Browser to 24.2.0esr-1+tails1.
  • Update Torbutton to 1.6.5.3.
  • Do not start Tor Browser automatically, but notify when Tor is ready.
  • Import latest Tor Browser prefs.
  • Many user interface improvements in Tails Upgrader.

New in version 0.22 (December 12th, 2013)

  • Security fixes:
  • Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
  • Stop migrating persistence configuration and access rights. Instead, disable all persistence configuration files if the mountpoint has wrong access rights.
  • Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting the browser.
  • Major improvements:
  • Switch to Iceweasel 24.2.0esr and Torbutton 1.6.5.
  • Incremental upgrades are ready for beta-testing.
  • Bugfixes:
  • Fix Vidalia startup.
  • Disable DPMS screen blanking.
  • Fix checking of the persistent volume's ACL.
  • Sanitize more IP and MAC addresses in bug reports.
  • Do not fail USB upgrade when the "tmp" directory exists on the destination device.
  • Minor improvements:
  • Clearer warning when deleting the persistent volume.
  • Use IBus instead of SCIM.
  • Always list optimal keyboard layout in the greeter.
  • Fix on-the-fly translation of the greeter in various languages.
  • Update I2P to 0.9.8.1 and rework its configuration.