Tails 2.10 rc1 发布,基于 Debian 的发行版


Tails 2.10 rc1 发布了。这是 2.10 的首个 RC 版。自 2.9.1 以来的变更:

  • Major new features and changes

    • Port to python3.

    • Handle multiple sessions simultaneously.

    • Separate data (filters) from code.

    • Use python3-stem to allow our filter to be a lot more oblivious of the control language (Closes: #6788).

    • Allow restricting STREAM events to only those generated by the subscribed client application.

    • Allow rewriting commands and responses arbitrarily.

    • Make tor-controlport-filter reusable for others by e.g. making it possible to pass the listen port, and Tor control cookie/socket paths as arguments (Closes:#6742). We hear Whonix plan to use it! :)

    • Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).

    • Install OnionShare from jessie-backports. Also install python3-stem from jessie-backports to allow the use of ephemeral onion services (Closes: #7870).

    • Completely rewrite tor-controlport-filter. Now we can safely support OnionShare, Tor Browser's per-tab circuit view and similar.

    • Upgrade Tor to, the new stable series (Closes: #12012).

  • Security fixes

    • Upgrade Icedove to 1:45.6.0-1~deb8u1+tail1s.

  • Minor improvements

    • Enable and use the Debian Jessie proposed-updates APT repository, anticipating on the Jessie 8.7 point-release (Closes: #12124).

    • Enable the per-tab circuit view in Tor Browser (Closes: #9365).

    • Change syslinux menu entries from "Live" to "Tails" (Closes: #11975). Also replace the confusing "failsafe" wording with "Troubleshooting Mode" (Closes: #11365).

    • Make OnionCircuits use the filtered control port (Closes: #9001).

    • Make tor-launcher use the filtered control port.

    • Run OnionCircuits directly as the Live user, instead of a separate user. This will make it compatible with the Orca screen reader (Closes: #11197).

    • Run tor-controlport-filter on port 9051, and the unfiltered one on 9052. This simplifies client configurations and assumptions made in many applications that use Tor's ControlPort. It's the exception that we connect to the unfiltered version, so this seems like the more sane approach.

    • Remove tor-arm (Nyx) (Closes: #9811).

    • Remove AddTrust_External_Root.pem from our website CA bundle. We now only use Let's Encrypt (Closes: #11811).

    • Configure APT to use Debian's Onion services instead of the clearnet ones (Closes: #11556).

    • Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This incidentally also makes our filter lists lighter by de-duplicating common patterns among the EasyList filters (Closes: #6908). Thanks to spriver for this first major code contribution!

    • Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from Jessie backports (Closes: #11899).

    • Add support for exFAT (Closes: #9659).

    • Disable unprivileged BPF. Since upgrading to kernel 4.6, unprivileged users can use the bpf() syscall, which is a security concern, even with JIT disabled. So we disable that. This feature wasn't available before Linux 4.6, so disabling it should not cause any regressions (Closes: #11827).

    • Add and enable AppArmor profiles for OnionCircuits and OnionShare.

    • Raise the maximum number of loop devices to 32 (Closes: #12065).

    • Drop kernel.dmesg_restrict customization: it's enabled by default since 4.8.4-1~exp1 (Closes: #11886).

    • Upgrade Electrum to 2.7.9-1.

  • Bugfixes

    • use gdm-password instead of gdm-autologin, to fix switching to the VT where the desktop session lives on Stretch (Closes: #11694)

    • Fix more options scrolledwindow size in Stretch (Closes: #11919)

    • Tails Greeter:

    • Tails Installer: remove unused code warning about missing extlinux in Tails Installer (Closes: #11196).

    • Update APT pinning to cover all binary packages built from src:mesa so we ensure installing mesa from jessie-backports (Closes: #11853).

    • Install xserver-xorg-video-amdgpu. This should help supporting newer AMD graphics adapters. (Closes #11850)

    • Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (Closes: #7018).

    • Include all amd64-microcodes.




  • 没有 VirtualBox 访客模块(#12139).

  • Electrum 不会自动连接,因为它缺少代理配置 (#12140)。只需在 “网络” 选项中选择 SOCKS5 代理即可使其再次工作

  • 长期以来已知的问题


1 收藏
0 评论
1 收藏