This release fixes many security issues and users should upgrade as soon as possible.

Changes

New features

  • We enabled address space layout randomization in the Linux kernel (kASLR) to improve protection from buffer overflow attacks.
  • We installed rngd to improve the entropy of the random numbers generated on computers that have a hardware random number generator.

Upgrades and changes

  • Upgrade Tor to 0.2.8.7.
  • Upgrade Tor Browser to 6.0.5.
  • Upgrade to Linux 4.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)
  • Upgrade Icedove to 45.2.0.
  • Upgrade Tor Birdy to 0.2.0.
  • Upgrade Electrum to 2.6.4.
  • Install firmware for Intel SST sound cards (firmware-intel-sound).
  • Install firmware for Texas Instruments Wi-Fi interfaces (firmware-ti-connectivity).
  • Remove non-free APT repositories. We documented how to configure additional APT repositories using the persistent volume.
  • Use a dedicated page as the homepage of Tor Browser so we can customize it for our users.
  • Set up the trigger for RAM erasure on shutdown earlier in the boot process. This should speed up shutdown and make RAM erasure more robust.

Fixed problems

  • Disable the automatic configuration of Icedove when using OAuth. This should fix the automatic configuration for GMail accounts. (#11536)
  • Make the Disable all networking and Tor bridge mode options of Tails Greeter more robust. (#11593)

For more details, read our changelog.

Known issues

  • For some users memory wiping fails more often than in Tails 2.5, and for some users it fails less often. Please report any such changes to #11786.

See the list of long-standing issues.

Get Tails 2.6

What’s coming up?

Tails 2.7 is scheduled for November 8.
Have a look at our roadmap to see where we are heading to.
We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Posted Tue 20 Sep 2016 12:34:56 PM CEST Tags:
You can help Tails! The first release candidate for the upcoming version 2.6 is out. Please test it and report any issue. We are in particular interested in feedback and problems relating to:

  • Icedove’s automatic configuration wizard. Using it to set up a new account is (most of the time) as easy as entering your email address (and password), and Icedove will configure your account for you.

How to test Tails 2.6~rc1?

Keep in mind that this is a test image. We tested that it is not broken in obvious ways, but it might still contain undiscovered issues.
But test wildly!
If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

Download and install

Tails 2.6~rc1 torrent
Tails 2.6~rc1 ISO image OpenPGP signature
To install 2.6~rc1, follow our usual installation instructions, skipping the Download and verify step.

Upgrade from 2.5

  1. Start Tails 2.5 on a USB stick installed using Tails Installer and set an administration password.
  2. Run this command in a Root Terminal to select the “alpha” upgrade channel and start the upgrade:
    echo TAILS_CHANNEL=\"alpha\" >> /etc/os-release && \
    tails-upgrade-frontend-wrapper
  3. After the upgrade is installed, restart Tails and choose Applications ▸ Tails ▸ About Tails to verify that you are running Tails 2.6~rc1.

What’s new since 2.5?

Changes since Tails 2.5 are:

  • Major new features and changes
    • Install Tor 0.2.8.6. (Closes: #11351)
    • Enable kASLR in the Linux kernel. (Closes: #11281)
    • Upgrade Icedove to 1:45.2.0-1~deb8u1+tails1: (Closes: #11714) · Drop auto-fetched configurations using Oauth2. They do not work together with Torbirdy since it disables needed functionality (like JavaScript and cookies) in the embedded browser. This should make auto-configuration work for GMail again, for instance. (Closes: ##11536) · Pin Icedove to be installed from our APT repo. Debian’s Icedove packages still do not have our secure Icedove autoconfig wizard patches applied, so installing them would be a serious security regression. (Closes: #11613) · Add missing icedove-l10n-* packages to our custom APT repository (Closes: #11550)
    • Upgrade to Linux 4.6: (Closes: #10298) · Install the 686 kernel flavour instead of the obsolete 586 one. · APT, dpkg: add amd64 architecture. The amd64 kernel flavour is not built anymore for the i386 architecture, so we need to use multiarch now. · Build and install the out-of-tree aufs4 module. (Closes: #10298) · Disable kernel modesetting for QXL: it’s not compatible with Jessie’s QXL X.Org driver.
  • Security fixes
    • Hopefully fixed an issue which would sometimes make the Greeter ignore the “disable networking” or “bridge mode” options. (Closes: #11593)
  • Minor improvements
    • Install firmware-intel-sound and firmware-ti-connectivity. This adds support for some sound cards and Wi-Fi adapters. (Closes: #11502)
    • Install OpenPGP Applet from Debian. (Closes: #10190)
    • Install gnome-sound-recorder (again). (Closes: #10950)
    • Port the “About Tails” dialog to python3.
    • Run our initramfs memory erasure hook earlier (Closes: #10733). The goal here is to: · save a few seconds on shutdown (it might matter especially for the emergency one); · work in a less heavily multitasking / event-driven environment, for more robust operation.
    • Install rngd, and make rng-tools initscript return success when it can’t find any hardware RNG device. Most Tails systems around probably have no such device, and we don’t want systemd to believe they failed to boot properly. (Closes: #5650)
    • Don’t force using the vboxvideo X.Org driver. According to our tests, this forced setting is: · harmful: it breaks X startup when the vboxvideo kernel driver is loaded; · useless: X.Org now autodetects the vboxvideo X.Org driver and uses it when running in VirtualBox and the vboxvideo kernel is not present.
    • Port boot-profile to python3 (Closes: #10083). Thanks to heartsucker heartsucker@autistici.org for the patch!
    • Include /proc/cmdline and the content of persistent APT sources in WhisperBack bug reports. (Closes: #11675, #11635)
    • Disable non-free APT sources at boot time. (Closes: #10130)
    • Have a dedicated page for the homepage of Tor Browser in Tails. (Closes: # 11725)
    • Only build the VirtualBox kernel modules for the 32-bit kernel. It’s both hard and useless to build it for 64-bit in the current state of things, as long as we’re shipping a 32-bit userspace. Also, install virtualbox-* from jessie-backports, since the version in Jessie is not compatible with Linux 4.x.

For more details, see also our changelog.

Known issues in 2.6~rc1