You can help Tails! The first release candidate for the upcoming version 2.12 is out. Please test it and report any issue. We are particularly interested in feedback relating to whether Tor's startup works better or worse.
Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.
But test wildly!
To install 2.12~rc1, follow our usual installation instructions, skipping the Download and verify step.
Start Tails 2.10 or 2.11 on a USB stick installed using Tails Installer and set an administration password.
Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:
echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \ tails-upgrade-frontend-wrapper
After the upgrade is installed, restart Tails and chooseto verify that you are running Tails 2.12~rc1.
Changes since Tails 2.11 are:
- Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction. See https://labs.riseup.net/code/issues/9949#note-23 for details (Closes: #12125).
- Protect against CVE-2017-2636 by disabling the n-hdlc kernel module (Closes: #12315).
- Ensure /etc/resolv.conf is owned by root:root in the SquashFS. lb_chroot_resolv will "cp -a" it from the source tree, so it inherits its ownership from the whoever cloned the Git repository. This has two problems. First, this results in unsafe permissions on this file (e.g. a Vagrant build results in the 'amnesia' user having write access to it).
- Don't add the live user to the "audio" group. This should not be needed on a modern Linux desktop system anymore (Closes: #12209).
- Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT repository (Closes: #12307).
- Install virtualbox-guest-* from sid. The version currently in jessie-backports is not compatible with Linux 4.9, and there's basically no chance that it gets updated (the maintainer asked for them to be removed from jessie-backports) (Closes: #12298).
- Pull ttdnsd from our custom APT repository. It's gone from the TorProject one. We removed ttdnsd on feature/stretch already, so we'll need to pull it from our custom APT repository only for the next 3 months.
- Clean up libdvd-pkg build files, again. This cleanup operation was mistakenly removed in commit c4e8744 (Closes: #11273).
- Install gnome-sound-recorder (Closes #10950). Thanks to Austin English firstname.lastname@example.org for the patch!
- Stop restarting tor if bootstrapping stalls. It seems tor might have fixed the issues we used (see: #10238, #9516) to experience with the bootstrap process stalling and requiring a restart to kickstart it (Closes: #12411).
- tor.sh: communicate via the UNIX socket instead of TCP port.
This makes the library usable when run inside systemd units that
- Get tor's bootstrap progress via GETINFO instead of log grep:ing.
- mirror-pool-dispatcher: bump maximum expected mirrors.json size to 32 KiB. This fixes an error where Tails Upgrader would complain with "cannot choose a download server" (Closes: #11735).
For more details, see also our changelog.
In Tails Greeter, selecting the This computer's Internet connection is censored, filtered, or proxied is broken. Using it will start Tor Launcher but it will fail to connect to
tor, so it's unusable, and
toritself will not be able to bootstrap. If you need this option, skip this release candidate; this issue will be fixed in the final 2.12 release.