Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

TAILS Linux 1.5 is out (Aug 11, 2015)

Accepted submission by Anonymous Coward at 2015-08-13 09:39:00
OS

An Anonymous Coward writes:

# Tails is a live system that aims to preserve your privacy and anonymity.
It helps you to use the Internet anonymously and circumvent censorship almost
anywhere you go and on any computer but leaving no trace unless you ask it to
explicitly.

# It is a complete operating system designed to be used from a DVD, USB stick, or SD
card independently of the computer's original operating system. It is Free Software
and based on Debian GNU/Linux.

# Tails comes with several built-in applications pre-configured with security in
mind: web browser, instant messaging client, email client, office suite, image and
sound editor, etc. - https://tails.boum.org/about/index.en.html [boum.org]

# Tails, The Amnesic Incognito Live System, version 1.5, is out.

= Announcements:
https://tails.boum.org/news/version_1.5/index.en.html [boum.org]
https://blog.torproject.org/blog/tails-15-out [torproject.org]
https://mailman.boum.org/pipermail/amnesia-news/2015-August/000094.html [boum.org]
https://twitter.com/Tails_live/status/631147455682342912 [twitter.com]
http://distrowatch.com/?newsid=09057 [distrowatch.com]

= Tails Site:
https://tails.boum.org [boum.org]

= Download:
https://tails.boum.org/download/index.en.html [boum.org]

= First Steps:
https://tails.boum.org/doc/first_steps/index.en.html [boum.org]

- About:
https://tails.boum.org/about/index.en.html [boum.org]

- Warning:
https://tails.boum.org/doc/about/warning/index.en.html [boum.org]

- Getting Started:
https://tails.boum.org/getting_started/index.en.html [boum.org]

- Documentation:
https://tails.boum.org/doc/index.en.html [boum.org]

- Help & Support:
https://tails.boum.org/support/index.en.html [boum.org]

- Contribute:
https://tails.boum.org/contribute/index.en.html [boum.org]

- News:
https://tails.boum.org/news/index.en.html [boum.org]

Twitter
https://twitter.com/tails_live [twitter.com]

@Reddit:
https://www.reddit.com/r/tails [reddit.com]

@Distrowatch:
http://distrowatch.com/table.php?distribution=tails [distrowatch.com]

@Wikipedia:
https://en.wikipedia.org/wiki/Tails_%28operating_system%29 [wikipedia.org]

@ tails-dev@boum.org -- The Tails public development discussion list
https://mailman.boum.org/listinfo/tails-dev [boum.org]

@ tails-support@boum.org -- User support for Tails
https://mailman.boum.org/listinfo/tails-support [boum.org]

- Tails report for July, 2015:
https://tails.boum.org/news/report_2015_07/index.en.html [boum.org]

- Numerous security holes in Tails 1.4.1:
https://tails.boum.org/security/Numerous_security_holes_in_1.4.1/index.en.html [boum.org]

- Known issues:
https://tails.boum.org/support/known_issues/index.en.html [boum.org]

#####

- Direct download - Latest release: (Tails 1.5 ISO image (988MG/942MiB)
http://dl.amnesia.boum.org/tails/stable/tails-i386-1.5/tails-i386-1.5.iso [boum.org]

- Cryptographic signature (Tails 1.5 signature):
https://tails.boum.org/torrents/files/tails-i386-1.5.iso.sig [boum.org]

- Verifying the ISO image:
- (If you're not sure what the cryptographic signature is):
https://tails.boum.org/download/index.en.html#verify [boum.org]

SHA256 checksum (for Tails 1.5 ISO image):
ab4299585e74fbdc91d26faea424a5df6d05753b2c6f34340ba3af69308993d1

- BitTorrent download - Latest release (Tails 1.5 torrent):
https://tails.boum.org/torrents/files/tails-i386-1.5.torrent [boum.org]

- Cryptographic signature (BitTorrent):

The cryptographic signature of the ISO image is also included in the Torrent.

Additionally, you can verify the signature of the Torrent file itself before downloading the ISO image:

https://tails.boum.org/torrents/files/tails-i386-1.5.torrent.sig [boum.org]

- Seed back!

Seeding back the image once you have downloaded it is also a nice and easy way of helping spread Tails.

- Tails signing key:
https://tails.boum.org/tails-signing.key [boum.org]

#####

- Calendar:
https://tails.boum.org/contribute/calendar/ [boum.org]

- Roadmap:
https://labs.riseup.net/code/projects/tails/roadmap [riseup.net]

- Changelog [1]:
https://git-tails.immerda.ch/tails/plain/debian/changelog [immerda.ch]

[1] tails (1.5) unstable; urgency=medium

* Major new features and changes
- Move LAN web browsing from Tor Browser to the Unsafe Browser,
            and forbid access to the LAN from the former. (Closes: #7976)
- Install a 32-bit GRUB EFI boot loader. This at least works
            on some Intel Baytrail systems. (Closes: #8471)

* Security fixes
- Upgrade Tor Browser to 5.0, and integrate it:
· Disable Tiles in all browsers' new tab page.
· Don't use geo-specific search engine prefs in our browsers.
· Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
                Marketplace), and the "Share this page" button in the Tool bar.
· Generate localized Wikipedia search engine plugin icons so the
                English and localized versions can be distinguished in the new
                search bar. (Closes: #9955)
- Fix panic mode on MAC spoofing failure. (Closes: #9531)
- Deny Tor Browser access to global tmp directories with AppArmor,
            and give it its own $TMPDIR. (Closes: #9558)
- Tails Installer: don't use a predictable file name for the subprocess
            error log. (Closes: #9349)
- Pidgin AppArmor profile: disable the launchpad-integration abstraction,
            which is too wide-open.
- Use aliases so that our AppArmor policy applies to
            /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
            it applies to /. And accordingly:
· Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
· Install rsyslog from wheezy-backports, since the version from Wheezy
                conflicts with AppArmor 2.9.
· Stop installing systemd for now: the migration work is being done in
                the feature/jessie branch, and it conflicts with rsyslog from
                wheezy-backports.
· Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
· apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
· Take into account aufs whiteouts in the system_tor profile.
· Adjust the Vidalia profile to take into account Live-specific paths.
- Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
- Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
- Upgrade cups-filters to 1.0.18-2.1+deb7u2.
- Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
- Upgrade libexpat1 to 2.1.0-1+deb7u2.
- Upgrade libicu48 to 4.8.1.1-12+deb7u3.
- Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
- Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

* Bugfixes
- Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.

* Minor improvements
- Tails Installer: let the user know when it has rejected a candidate
            destination device because it is too small. (Closes: #9130)
- Tails Installer: prevent users from trying to "upgrade" a device
            that contains no Tails, or that was not installed with Tails Installer.
            (Closes: #5623)
- Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
            support for the OTRv3 protocol and for multiple concurrent connections
            to the same account. (Closes: #9513)
- Skip warning dialog when starting Tor Browser while being offline,
            in case it is already running. Thanks to Austin English for the patch!
            (Closes: #7525)
- Install the apparmor-profiles package (Closes: #9539), but don't ship
            a bunch of AppArmor profiles we don't use, to avoid increasing
            boot time. (Closes: #9757)
- Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
            of patching /etc/apparmor.d/tunables/home.
- live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
            is actually used as the read-write branch of the root filesystem's union
            mount, is visible. As a consequence:
· One can now inspect how much space is used, at a given time, in the
                read-write branch of the root filesystem's union mount.
· We can make sure our AppArmor policy works fine when that filesystem
                is visible, which is safer in case e.g. live-boot's behavior changes
                under our feet in the future... or in case these "hidden" files are
                actually accessible somehow already.

* Build system
- Add our jenkins-tools repository as a Git submodule, and replace
            check_po.sh with a symlink pointing to the same script in that submodule.
            Adjust the automated test suite accordingly. (Closes: #9567)
- Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
            particular the inclusion of the Tor Browser 5.0 series has recently
            increased the amount of space needed to build Tails. (Closes: #9901)

* Test suite
- Test that the Tor Browser cannot access LAN resources.
- Test that the Unsafe Browser can access the LAN.
- Installer: test new behavior when trying to upgrade an empty device, and
            when attempting to upgrade a non-Tails FAT partition on GPT; also, take
            into account that all unsupported upgrade scenarios now trigger
            the same behavior.
- Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
            on failure. (Closes: #9518, #9709)
- run_test_suite: remove control chars from log file even when cucumber
            exits with non-zero. (Closes: #9376)
- Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
- Use custom exception when 'execute_successfully' fails.
- Retry looking up whois info on transient failure. (Closes: #9668)
- Retry wget on transient failure. (Closes: #9715)
- Test that Tor Browser cannot access files in /tmp.
- Allow running the test suite without ntp installed. There are other means
            to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
            (Closes: #9651)
- Bump timeout in the Totem feature.
- Grep memory dump using the --text option. This is necessary with recent
            versions of grep, such as the one in current Debian sid, otherwise it
            will count only one occurrence of the pattern we're looking for.
            (Closes: #9759)
- Include execute_successfully's error in the exception, instead
            of writing it to stdout via puts. (Closes: #9795)
- Test that udev-watchdog is actually monitoring the correct device.
            (Closes: #5560)
- IUK: workaround weird Archive::Tar behaviour on current sid.
- Test the SocksPort:s given in torrc in the Unsafe Browser.
            This way we don't get any sneaky errors in case we change them and
            forget to update this test.
- Directly verify AppArmor blocking of the Tor Browser by looking in
            the audit log: Firefox 38 does no longer provide any graphical feedback
            when the kernel blocks its access to files the user wants to access.
- Update browser-related automated test suite images, and workaround
            weirdness introduced by the new Tor Browser fonts.
- Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
            via alternate, live-boot generated paths.
- Adjust tests to cope with our new AppArmor aliases.
- Bump memory allocated to the system under test to 2 GB. (Closes: #9883)

  -- Tails developers Mon, 10 Aug 2015 19:12:58 +0200

Original Submission