Tails Call for testing: 2.10~rc1

Discussion in 'TOR | TAILS' started by survivalmonkey, Jan 13, 2017.


  1. survivalmonkey

    survivalmonkey Monkey+++

    You can help Tails! The first release candidate for the upcoming version 2.10 is out. Please test it and report any issue. We are particularly interested in feedback and problems relating to:

    • OnionShare
    • Tor Browser's per-tab circuit view
    • Problems with OnionCircuits
    • Problems with Tor Launcher (when configuring Tor bridges, proxy etc.)
    How to test Tails 2.10~rc1?


    Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.

    But test wildly!

    If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

    Download and install


    Tails 2.10~rc1 torrent

    Tails 2.10~rc1 ISO image OpenPGP signature

    To install 2.10~rc1, follow our usual installation instructions, skipping the Download and verify step.

    Upgrade from 2.9.1


    1. Start Tails 2.9.1 on a USB stick installed using Tails Installer and set an administration password.


    2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

      echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
      tails-upgrade-frontend-wrapper

    3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.10~rc1.
    What's new since 2.9.1?


    Changes since Tails 2.9.1 are:


    • Major new features and changes
      • Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
      • Install OnionShare from jessie-backports. Also install python3-stem from jessie-backports to allow the use of ephemeral onion services (Closes: #7870).
      • Completely rewrite tor-controlport-filter. Now we can safely support OnionShare, Tor Browser's per-tab circuit view and similar.
        • Port to python3.
        • Handle multiple sessions simultaneously.
        • Separate data (filters) from code.
        • Use python3-stem to allow our filter to be a lot more oblivious of the control language (Closes: #6788).
        • Allow restricting STREAM events to only those generated by the subscribed client application.
        • Allow rewriting commands and responses arbitrarily.
        • Make tor-controlport-filter reusable for others by e.g. making it possible to pass the listen port, and Tor control cookie/socket paths as arguments (Closes: #6742). We hear Whonix plan to use it! :)
      • Upgrade Tor to 0.2.9.8-2~d80.jessie+1, the new stable series (Closes: #12012).

    • Security fixes
      • Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.

    • Minor improvements
      • Enable and use the Debian Jessie proposed-updates APT repository, anticipating on the Jessie 8.7 point-release (Closes: #12124).
      • Enable the per-tab circuit view in Tor Browser (Closes: #9365).
      • Change syslinux menu entries from "Live" to "Tails" (Closes: #11975). Also replace the confusing "failsafe" wording with "Troubleshooting Mode" (Closes: #11365).
      • Make OnionCircuits use the filtered control port (Closes: #9001).
      • Make tor-launcher use the filtered control port.
      • Run OnionCircuits directly as the Live user, instead of a separate user. This will make it compatible with the Orca screen reader (Closes: #11197).
      • Run tor-controlport-filter on port 9051, and the unfiltered one on 9052. This simplifies client configurations and assumptions made in many applications that use Tor's ControlPort. It's the exception that we connect to the unfiltered version, so this seems like the more sane approach.
      • Remove tor-arm (Nyx) (Closes: #9811).
      • Remove AddTrust_External_Root.pem from our website CA bundle. We now only use Let's Encrypt (Closes: #11811).
      • Configure APT to use Debian's Onion services instead of the clearnet ones (Closes: #11556).
      • Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This incidentally also makes our filter lists lighter by de-duplicating common patterns among the EasyList filters (Closes: #6908). Thanks to spriver for this first major code contribution!
      • Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from Jessie backports (Closes: #11899).
      • Add support for exFAT (Closes: #9659).
      • Disable unprivileged BPF. Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. So we disable that. This feature wasn't available before Linux 4.6, so disabling it should not cause any regressions (Closes: #11827).
      • Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
      • Raise the maximum number of loop devices to 32 (Closes: #12065).
      • Drop kernel.dmesg_restrict customization: it's enabled by default since 4.8.4-1~exp1 (Closes: #11886).
      • Upgrade Electrum to 2.7.9-1.

    • Bugfixes
      • Tails Greeter:
        • use gdm-password instead of gdm-autologin, to fix switching to the VT where the desktop session lives on Stretch (Closes: #11694)
        • Fix more options scrolledwindow size in Stretch (Closes: #11919)
      • Tails Installer: remove unused code warning about missing extlinux in Tails Installer (Closes: #11196).
      • Update APT pinning to cover all binary packages built from src:mesa so we ensure installing mesa from jessie-backports (Closes: #11853).
      • Install xserver-xorg-video-amdgpu. This should help supporting newer AMD graphics adapters. (Closes #11850)
      • Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (Closes: #7018).
      • Include all amd64-microcodes.

    For more details, see also our changelog.


    Known issues in 2.10~rc1


    • There are no VirtualBox guest modules (#12139).


    • Electrum won't automatically connect since it lacks proxy configuration (#12140). Simply selecting the SOCKS5 proxy in the Network options is enough to get it working again.


    • Longstanding known issues

    Continue reading...
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7