- news
- Call for testing: 2.12~rc1
You can help Tails! The first release candidate for the upcoming version 2.12 is out. Please test it and report any issue. We are particularly interested in feedback relating to whether Tor's startup works better or worse.
How to test Tails 2.12~rc1?
Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.
But test wildly!
If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.
Download and install
Tails 2.12~rc1 ISO image
To install 2.12~rc1, follow our usual installation instructions, skipping the Download and verify step.
Upgrade from 2.10 or 2.11
Start Tails 2.10 or 2.11 on a USB stick installed using Tails Installer and set an administration password.
Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:
echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \ tails-upgrade-frontend-wrapperAfter the upgrade is installed, restart Tails and choose to verify that you are running Tails 2.12~rc1.
What's new since 2.11?
Changes since Tails 2.11 are:
Major changes
Security fixes
- Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction. See https://labs.riseup.net/code/issues/9949#note-23 for details (Closes: #12125).
- Protect against CVE-2017-2636 by disabling the n-hdlc kernel module (Closes: #12315).
- Ensure /etc/resolv.conf is owned by root:root in the SquashFS. lb_chroot_resolv will "cp -a" it from the source tree, so it inherits its ownership from the whoever cloned the Git repository. This has two problems. First, this results in unsafe permissions on this file (e.g. a Vagrant build results in the 'amnesia' user having write access to it).
Minor improvements
- Don't add the live user to the "audio" group. This should not be needed on a modern Linux desktop system anymore (Closes: #12209).
- Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT repository (Closes: #12307).
- Install virtualbox-guest-* from sid. The version currently in jessie-backports is not compatible with Linux 4.9, and there's basically no chance that it gets updated (the maintainer asked for them to be removed from jessie-backports) (Closes: #12298).
- Pull ttdnsd from our custom APT repository. It's gone from the TorProject one. We removed ttdnsd on feature/stretch already, so we'll need to pull it from our custom APT repository only for the next 3 months.
- Clean up libdvd-pkg build files, again. This cleanup operation was mistakenly removed in commit c4e8744 (Closes: #11273).
- Install gnome-sound-recorder (Closes #10950). Thanks to Austin English austinenglish@gmail.com for the patch!
- Stop restarting tor if bootstrapping stalls. It seems tor might have fixed the issues we used (see: #10238, #9516) to experience with the bootstrap process stalling and requiring a restart to kickstart it (Closes: #12411).
- tor.sh: communicate via the UNIX socket instead of TCP port.
This makes the library usable when run inside systemd units that
have
PrivateNetwork=yesset. - Get tor's bootstrap progress via GETINFO instead of log grep:ing.
Bugfixes
- mirror-pool-dispatcher: bump maximum expected mirrors.json size to 32 KiB. This fixes an error where Tails Upgrader would complain with "cannot choose a download server" (Closes: #11735).
For more details, see also our changelog.
Known issues in 2.12~rc1
In Tails Greeter, selecting the This computer's Internet connection is censored, filtered, or proxied is broken. Using it will start Tor Launcher but it will fail to connect to
tor, so it's unusable, andtoritself will not be able to bootstrap. If you need this option, skip this release candidate; this issue will be fixed in the final 2.12 release.