Commit 9fd983fb authored by Tails developers's avatar Tails developers

Merge branch 'devel' into feature/i2p-0.9.8.1

parents 16b36bec d4bd49d7
......@@ -35,7 +35,7 @@ $RUN_LB_CONFIG \
--memtest none \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-3.10-3" \
--linux-packages="linux-image-3.11-2" \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
......
......@@ -8,7 +8,7 @@ DEFAULT_COMPONENTS="main"
git_tag_exists() {
local tag="$1"
test -f ".git/refs/tags/$tag"
test -n "$(git tag -l "$tag")"
}
version_was_released() {
......
......@@ -75,14 +75,6 @@ Package: libmethod-signatures-simple-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libnspr4-0d
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libnss3-1d
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libpcsclite1
Pin: origin backports.debian.org
Pin-Priority: 999
......@@ -95,15 +87,19 @@ Package: libregexp-common-perl
Pin: release o=Debian,n=wheezy
Pin-Priority: 999
Package: libsqlite3-0
Package: libstring-errf-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libstring-errf-perl
Package: libstring-formatter-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libstring-formatter-perl
Package: libsqlite3-0
Pin: origin mozilla.debian.net
Pin-Priority: 999
Package: libsys-statistics-linux-perl
Pin: origin backports.debian.org
Pin-Priority: 999
......@@ -115,6 +111,10 @@ Package: libunix-mknod-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libwww-curl-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: live-boot
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -251,19 +251,19 @@ Package: linux-headers-amd64
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-headers-3.10-3-common
Package: linux-headers-3.11-2-common
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-headers-3.10-3-486
Package: linux-headers-3.11-2-486
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-headers-3.10-3-686-pae
Package: linux-headers-3.11-2-686-pae
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-headers-3.10-3-amd64
Package: linux-headers-3.11-2-amd64
Pin: release o=Debian,a=testing
Pin-Priority: 999
......@@ -279,19 +279,19 @@ Package: linux-image-amd64
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-image-3.10-3-486
Package: linux-image-3.11-2-486
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-image-3.10-3-686-pae
Package: linux-image-3.11-2-686-pae
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-image-3.10-3-amd64
Package: linux-image-3.11-2-amd64
Pin: release o=Debian,a=testing
Pin-Priority: 999
Package: linux-kbuild-3.10
Package: linux-kbuild-3.11
Pin: release o=Debian,a=testing
Pin-Priority: 999
......@@ -303,6 +303,10 @@ Package: spice-vdagent
Pin: release o=Debian,n=wheezy
Pin-Priority: 999
Package: sqlite3
Pin: origin mozilla.debian.net
Pin-Priority: 999
Package: tor
Pin: origin deb.torproject.org
Pin-Priority: 999
......@@ -372,6 +376,10 @@ Package: *
Pin: origin deb.tails.boum.org
Pin-Priority: 1005
Package: *
Pin: origin mozilla.debian.net
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=squeeze-updates
Pin-Priority: 990
......
#!/bin/sh
set -e
# Create the tails-upgrade-frontend user.
#
# The tails-upgrade-frontend program may be run as this user.
# This avoids having to grant the desktop user the right to install
# any arbitrary IUK.
echo "creating the tails-upgrade-frontend user"
adduser --system --quiet --group --no-create-home tails-upgrade-frontend
#!/bin/sh
set -e
echo "Overriding TBB branding with our own"
install --owner root --group root --mode 0755 --directory /etc/xul-ext
install --owner root --group root --mode 0644 \
/etc/iceweasel/profile/extensions/[email protected]/defaults/preferences/prefs.js \
/etc/xul-ext/torbutton.js
......@@ -11,7 +11,7 @@ locales_for_lang() {
local locale="$1"
local langpacks
find /usr/lib/iceweasel/extensions -maxdepth 1 -type f -name 'langpack-*@iceweasel.mozilla.org.xpi' -printf "%P\n" |
find /usr/lib/iceweasel/browser/extensions -maxdepth 1 -type f -name 'langpack-*@iceweasel.mozilla.org.xpi' -printf "%P\n" |
sed -n -e "s/^langpack-\($locale\)\(-[A-Z]\+\)\?@iceweasel.mozilla.org.xpi/\1\2/p"
}
......
......@@ -4,7 +4,7 @@
set -e
apt-get --yes install xvfb
TOR_SOCKS_HOST='127.0.0.1' TOR_SOCKS_PORT='9063' xvfb-run iceweasel -CreateProfile default
TOR_SOCKS_HOST='127.0.0.1' TOR_SOCKS_PORT='9151' xvfb-run iceweasel -CreateProfile default
mv ~/.mozilla/firefox/*.default ~/.mozilla/firefox/default
sed -i "[email protected]=.*\.[email protected][email protected]" ~/.mozilla/firefox/profiles.ini
mv ~/.mozilla /etc/skel
......
......@@ -4,7 +4,7 @@ set -e
echo "Registering menus"
for app in liveusb-creator-launcher tails-persistence-delete tails-persistence-setup ; do
for app in liveusb-creator-launcher tails-persistence-delete tails-persistence-setup tails-upgrader ; do
xdg-desktop-menu install --novendor \
/usr/share/desktop-directories/Tails.directory \
"/usr/share/applications/${app}.desktop"
......
......@@ -15,4 +15,4 @@ fi
# - X-GNOME-AutoRestart does not exist in Lenny's Gnome
# - we do not start Vidalia automatically anymore and *this* is the time
# when it is supposed to start.
restart-vidalia
restart-vidalia &
#!/bin/sh
# Start the IBus input method and configure it with
# sensible settings for use in Tails.
# The input method will be configured so it is usable
# no matter what locale the user login with, but with
# correct default engine for those locales that need it.
# Deside order in which input methods are preferred
# (chinese needs pinyin, japanese needs anthy, korean needs hangul)
# (bopomofo is an alternative input method for chinese)
LANGPREFIX=`echo "$LANG" | sed 's/_.*//'`
case "$LANGPREFIX" in
ja)
PREFLIST='[anthy,pinyin,hangul,bopomofo]'
;;
ko)
PREFLIST='[hangul,pinyin,anthy,bopomofo]'
;;
*)
PREFLIST='[pinyin,anthy,hangul,bopomofo]'
esac
# Configure enabled input methods and their preferred order
gconftool-2 --type=list --list-type=string --set \
/desktop/ibus/general/preload_engines "$PREFLIST"
# Start the IBus input method daemon
/usr/bin/ibus-daemon --daemonize --xim
# Export environment variables to enable use of IBus
export GTK_IM_MODULE='ibus'
export QT_IM_MODULE='ibus'
export XMODIFIERS='@im=ibus'
# XXX: Remove this file when rebasing Tails on Jessie.
Section "ServerFlags"
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
EndSection
......@@ -5,14 +5,9 @@ HTTPS_PROXY=http://127.0.0.1:8118
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
# Torbutton "New identity" feature uses those environment variables
TOR_CONTROL_COOKIE_AUTH_FILE='/var/run/tor/control.authcookie'
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9051'
# Torbutton 1.5.1+ uses those environment variables
TOR_SOCKS_HOST='127.0.0.1'
TOR_SOCKS_PORT='9063'
TOR_SOCKS_PORT='9151'
GIT_PROXY_COMMAND=/usr/local/bin/connect-socks
......
......@@ -30,7 +30,7 @@ domain ip {
mod owner uid-owner proxy ACCEPT;
mod owner uid-owner nobody ACCEPT;
}
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (9050 9061 9062 9063) {
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (9050 9061 9062 9151) {
mod owner uid-owner amnesia ACCEPT;
}
daddr 127.0.0.1 proto tcp syn dport 9062 {
......
# Default Preferences
# Tor Browser Bundle
# Do not edit this file.
// Disable browser auto updaters and associated homepage notifications
pref("app.update.auto", false);
pref("app.update.enabled", false);
pref("browser.search.update", false);
pref("browser.rights.3.shown", true);
pref("browser.startup.homepage_override.mstone", "ignore");
pref("startup.homepage_welcome_url", "");
pref("startup.homepage_override_url", "");
// Disk activity: Disable Browsing History Storage
pref("browser.privatebrowsing.autostart", true);
pref("browser.cache.disk.enable", false);
pref("browser.cache.offline.enable", false);
pref("dom.indexedDB.enabled", false);
pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("browser.download.manager.retention", 1);
// Disk activity: TBB Directory Isolation
pref("browser.download.useDownloadDir", false);
pref("browser.shell.checkDefaultBrowser", false);
pref("browser.download.manager.addToRecentDocs", false);
// Misc privacy: Disk
pref("signon.rememberSignons", false);
pref("browser.formfill.enable", false);
pref("signon.autofillForms", false);
pref("browser.sessionstore.privacy_level", 2);
// Misc privacy: Remote
pref("browser.send_pings", false);
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("browser.search.suggest.enabled", false);
pref("browser.safebrowsing.enabled", false);
pref("browser.safebrowsing.malware.enabled", false);
pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads
pref("extensions.ui.lastCategory", "addons://list/extension");
// Fingerprinting
pref("webgl.min_capability_mode", true);
pref("webgl.disable-extensions", true);
pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations
pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations
pref("browser.display.max_font_attempts",10);
pref("browser.display.max_font_count",10);
pref("gfx.downloadable_fonts.fallback_delay", -1);
pref("general.appname.override", "Netscape");
pref("general.appversion.override", "5.0 (Windows)");
pref("general.oscpu.override", "Windows NT 6.1");
pref("general.platform.override", "Win32");
pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0");
pref("general.productSub.override", "20100101");
pref("general.buildID.override", "20100101");
pref("browser.startup.homepage_override.buildID", "20100101");
pref("general.useragent.vendor", "");
pref("general.useragent.vendorSub", "");
pref("dom.enable_performance", false);
pref("plugin.expose_full_path", false);
pref("browser.zoom.siteSpecific", false);
// pref("intl.accept_languages", "en-us, en"); // Set by Torbutton
// pref("intl.accept_charsets", "iso-8859-1,*,utf-8"); // Set by Torbutton
// pref("intl.charsetmenu.browser.cache", "UTF-8"); // Set by Torbutton
// Third party stuff
pref("network.cookie.cookieBehavior", 1);
pref("security.enable_tls_session_tickets", false);
pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
// Proxy and proxy security
pref("network.proxy.socks", "127.0.0.1");
pref("network.proxy.socks_port", 9150);
pref("network.proxy.socks_remote_dns", true);
pref("network.proxy.type", 1);
pref("network.security.ports.banned", "9050,9051,9150,9151");
pref("network.dns.disablePrefetch", true);
pref("network.protocol-handler.external-default", false);
pref("network.protocol-handler.external.mailto", false);
pref("network.protocol-handler.external.news", false);
pref("network.protocol-handler.external.nntp", false);
pref("network.protocol-handler.external.snews", false);
pref("network.protocol-handler.warn-external.mailto", true);
pref("network.protocol-handler.warn-external.news", true);
pref("network.protocol-handler.warn-external.nntp", true);
pref("network.protocol-handler.warn-external.snews", true);
pref("plugins.click_to_play", true);
pref("plugin.state.flash", 1);
pref("plugins.hide_infobar_for_missing_plugin", true);
// Network and performance
pref("network.http.pipelining", true);
pref("network.http.pipelining.aggressive", true);
pref("network.http.pipelining.maxrequests", 12);
pref("network.http.pipelining.ssl", true);
pref("network.http.proxy.pipelining", true);
pref("security.ssl.enable_false_start", true);
pref("network.http.keep-alive.timeout", 20);
pref("network.http.connection-retry-timeout", 0);
pref("network.http.max-persistent-connections-per-proxy", 256);
pref("network.http.pipelining.reschedule-timeout", 15000);
pref("network.http.pipelining.read-timeout", 60000);
// Hacked pref: Now means "Attempt to pipeline at least this many requests together"
pref("network.http.pipelining.max-optimistic-requests", 3);
// Extension support
pref("extensions.autoDisableScopes", 0);
pref("extensions.bootstrappedAddons", "{}");
pref("extensions.checkCompatibility.4.*", false);
pref("extensions.databaseSchema", 3);
pref("extensions.enabledAddons", "https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5");
pref("extensions.enabledItems", "[email protected]:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8");
pref("extensions.enabledScopes", 1);
pref("extensions.pendingOperations", false);
pref("xpinstall.whitelist.add", "");
pref("xpinstall.whitelist.add.36", "");
// Omnibox settings
pref("keyword.URL", "https://startpage.com/do/search?q=");
// Hacks/workarounds: Direct2D seems to crash w/ lots of video cards w/ MinGW?
pref("gfx.direct2d.disabled", true);
// Version placeholder
pref("torbrowser.version", "UNKNOWN");
......@@ -13,100 +13,9 @@
// Use LANG environment variable to choose locale
pref("intl.locale.matchOS", true);
// Disable browser auto updaters and associated homepage notifications
pref("app.update.auto", false);
pref("app.update.disable_button.showUpdateHistory", false);
pref("app.update.enabled", false);
// Disk activity: Disable Browsing History Storage
pref("browser.privatebrowsing.autostart", true);
pref("browser.cache.disk.enable", false);
pref("browser.cache.offline.enable", false);
pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("browser.download.manager.retention", 0);
// Disk activity: TBB Directory Isolation
pref("browser.download.useDownloadDir", false);
pref("browser.shell.checkDefaultBrowser", false);
// Misc privacy: Disk
pref("signon.rememberSignons", false);
pref("browser.formfill.enable", false);
pref("signon.autofillForms", false);
pref("browser.sessionstore.privacy_level", 2);
// Misc privacy: Remote
pref("browser.send_pings", false);
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("browser.search.suggest.enabled", false);
pref("browser.safebrowsing.enabled", false);
pref("browser.safebrowsing.malware.enabled", false);
// Fingerprinting
pref("browser.display.max_font_attempts", 10);
pref("browser.display.max_font_count", 5);
pref("gfx.downloadable_fonts.fallback_delay", -1);
pref("general.appname.override", "Netscape");
pref("general.appversion.override", "5.0 (Windows)");
pref("general.buildID.override", "20130618114625");
pref("general.oscpu.override", "Windows NT 6.1");
pref("general.platform.override", "Win32");
pref("general.productSub.override", "20100101");
pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0");
pref("general.useragent.vendor", "");
pref("general.useragent.vendorSub", "");
pref("dom.enable_performance", false);
pref("plugin.expose_full_path", false);
pref("browser.startup.homepage_override.buildID", "20130618114625");
pref("browser.startup.homepage_override.mstone", "rv:2.0");
pref("browser.zoom.siteSpecific", false);
// Third party stuff
pref("network.cookie.cookieBehavior", 1);
pref("security.enable_tls_session_tickets", false);
pref("network.http.spdy.enabled", false);
pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
// Proxy and proxy security
pref("network.security.ports.banned", "8118,8123,9050,9051,9061,9062,9063");
pref("network.dns.disablePrefetch", true);
pref("network.protocol-handler.external-default", false);
pref("network.protocol-handler.external.mailto", false);
pref("network.protocol-handler.external.news", false);
pref("network.protocol-handler.external.nntp", false);
pref("network.protocol-handler.external.snews", false)
// Extension support
pref("xpinstall.whitelist.add", "");
pref("xpinstall.whitelist.add.103", "");
// Unsorted prefs
pref("browser.bookmarks.livemark_refresh_seconds", 31536000);
pref("browser.chrome.site_icons", false);
pref("browser.history_expire_days", 0);
pref("browser.history_expire_days.mirror", 0);
pref("browser.microsummary.updateGenerators", false);
pref("browser.safebrowsing.remoteLookups", false);
pref("browser.download.manager.scanWhenDone", false);
pref("browser.sessionstore.enabled", false);
pref("extensions.shownSelectionUI", true);
pref("extensions.update.autoUpdateDefault", false);
pref("extensions.update.notifyUser", false);
pref("network.cookie.prefsMigrated", true);
pref("pref.privacy.disable_button.cookie_exceptions", false);
pref("pref.privacy.disable_button.view_cookies", false);
pref("pref.privacy.disable_button.view_passwords", false);
pref("privacy.item.offlineApps", true);
pref("privacy.item.passwords", true);
pref("privacy.sanitize.didShutdownSanitize", true);
pref("privacy.sanitize.promptOnSanitize", false);
pref("security.disable_button.openCertManager", false);
pref("security.enable_java", false);
pref("security.enable_ssl2", false);
pref("security.enable_ssl3", true);
pref("security.enable_tls", true);
pref("signon.prefillForms", false);
pref("spellchecker.dictionary", "en_US");
......@@ -107,7 +107,7 @@ caseSensitive="false" />
</matches>
<autoconf url="" loadNotification="true" errorNotification="true"
autoReload="false" reloadFreqMins="60" disableOnBadPAC="true" />
<manualconf host="127.0.0.1" port="9063" socksversion="5"
<manualconf host="127.0.0.1" port="9151" socksversion="5"
isSocks="true" />
</proxy>
<proxy name="Tor ftp" id="4183000176" notes="" enabled="false"
......@@ -134,7 +134,7 @@ isBlackList="false" isMultiLine="false" caseSensitive="false" />
</matches>
<autoconf url="" loadNotification="true" errorNotification="true"
autoReload="false" reloadFreqMins="60" disableOnBadPAC="true" />
<manualconf host="127.0.0.1" port="9063" socksversion="5"
<manualconf host="127.0.0.1" port="9151" socksversion="5"
isSocks="true" />
</proxy>
</proxies>
......
user_pref("capability.policy.maonoscript.javascript.enabled", "allAccess");
user_pref("capability.policy.maonoscript.sites", "about: about:addons about:blank about:certerror about:config about:crashes about:credits about:home about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: resource:");
// Override prefs set in 000-tor-browser.js
user_pref("extensions.enabledScopes", 15);
user_pref("network.security.ports.banned", "8118,8123,9050,9051,9061,9062,9151");
// Adblock Plus preferences (Tails-specific, as TBB does not ship this extension)
user_pref("extensions.adblockplus.correctTypos", false);
user_pref("extensions.adblockplus.currentVersion", "2.1");
user_pref("extensions.adblockplus.savestats", false);
......@@ -7,9 +10,10 @@ user_pref("extensions.adblockplus.showinaddonbar", false);
user_pref("extensions.adblockplus.showintoolbar", false);
user_pref("extensions.adblockplus.subscriptions_autoupdate", false);
user_pref("extensions.https_everywhere._observatory.enabled", false);
// HTTPS Everywhere preferences
// We use the same value as the TBB unless noted.
user_pref("extensions.https_everywhere._observatory.popup_shown", true);
user_pref("extensions.https_everywhere.toolbar_hint_shown", true);
user_pref("extensions.https_everywhere.toolbar_hint_shown", true); // Tails-specific
// Block read and write access to the history in non-Tor mode
user_pref("extensions.torbutton.block_nthread", true);
......@@ -22,7 +26,7 @@ user_pref("extensions.torbutton.tor_enabled", true);
user_pref("extensions.torbutton.proxies_applied", true);
user_pref("extensions.torbutton.settings_applied", true);
user_pref("extensions.torbutton.socks_host", "127.0.0.1");
user_pref("extensions.torbutton.socks_port", 9063); // Tails-specific
user_pref("extensions.torbutton.socks_port", 9151); // Tails-specific
user_pref("extensions.torbutton.tz_string", "UTC+00:00");
// .saved version of the Torbutton preferences the TBB also sets
......@@ -31,13 +35,14 @@ user_pref("extensions.torbutton.saved.tor_enabled", true);
user_pref("extensions.torbutton.saved.proxies_applied", true);
user_pref("extensions.torbutton.saved.settings_applied", true);
user_pref("extensions.torbutton.saved.socks_host", "127.0.0.1");
user_pref("extensions.torbutton.saved.socks_port", 9063);
user_pref("extensions.torbutton.saved.socks_port", 9151);
// Tails -specific Torbutton preferences
user_pref("extensions.torbutton.block_tforms", false);
user_pref("extensions.torbutton.disable_domstorage", false);
user_pref("extensions.torbutton.display_panel", false);
user_pref("extensions.torbutton.launch_warning", false);
user_pref("extensions.torbutton.lastUpdateCheck", "9999999999.999");
user_pref("extensions.torbutton.no_updates", true);
user_pref("extensions.torbutton.nonontor_sessionstore", true);
user_pref("extensions.torbutton.nontor_memory_jar", true);
......@@ -46,9 +51,11 @@ user_pref("extensions.torbutton.socks_remote_dns", true);
user_pref("extensions.torbutton.socks_version", 5);
user_pref("extensions.torbutton.startup", true);
user_pref("extensions.torbutton.startup_state", 1);