[Tails-dev] CBC malleability attack

[Marco Calamari]

After readint the descritpion of this attack (injection attack type
 against LUKS-CBC volumes) 



I check that my persistent partition (built a lot of TAILS
 version ago) is of CBC type.

Time to switch to XTS and/or warn user having CBC partition to 
 reformat?

Thanks a lot and good X-mas

-- 
+--- http://www.winstonsmith.org  ---+
| il Progetto Winston Smith: scolleghiamo il Grande Fratello |
| the Winston Smith Project: unplug the Big Brother  |
| Marco A. Calamari mar...@marcoc.it  http://www.marcoc.it   |
| DSS/DH:  8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B |
+ PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 --+


signature.asc
Description: This is a digitally signed message part
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review'n'merge test/rjb-migration

[bertagaz]

Hi,

Now that a more recent libvirt containing patches to support the removable
flag for USB devices has been uploaded to Wheezy-backports, I've updated
the test/rjb-migration feature branch so that installation now is easy for
anyone running Wheezy.

Test process of this branch should be to start from a fresh Wheezy
installation (on bare metal or in a VM), and install all the necessary
packages, following
https://tails.boum.org/contribute/release_process/test/setup, and then run
the test suite. Failures that might appear should be related to outdated
scenarios or steps rather than libvirt or rjb problems.

If happy with it, please merge it into devel and experimental.

Tickets to take care of should be #6399 and #6314.

Congrats goes to anonym, who did great work for this migration. I just
tested it works and updated the documentation.

bert.
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Support for modern Vagrant

[intrigeri]

David Wolinsky wrote (24 Dec 2013 03:43:44 GMT) :
> Built for me.

Merged into stable and devel, congrats!

... and now we'll see if it still works with Wheezy's Vagrant 1.0.3.

___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Building binaries for use in tails

[intrigeri]

David Wolinsky wrote (23 Dec 2013 20:13:28 GMT) :
> What is the ideal build environment for building binaries that will be run
> in Tails? Would a squeeze chroot in addition to the tails apt sources be
> sufficient.

Thank you for asking. A Squeeze chroot would be enough for quick
experiments. For basically anything else, we want a proper Debian
package, that must be part of Debian unless it is not relevant
for Debian.

> I'm working on a project to extend Tails to use virtualization similar to
> whonix

:)

> and need to build a tool called redsocks written using C.
> https://github.com/darkk/redsocks .. it is in the latest Debian but not in
> squeeze.

Then, what we need is a backport for Squeeze. I've just tried to build
one based on Wheezy's 0.4+dfsg-1, and it was trivial (for a Debian
developer); I just had to make the build-dependency on libevent >= 2.0
explicit, as the build fails when built against Squeeze's libevent
1.4. Good news is that I've uploaded a libevent 2.0 backport for
Squeeze a while ago :)

>From this point,

1. either we think it would benefit Debian users to be able to use
   this backport => I'll upload the package to the official
   squeeze-backports archive;

2. or we don't => we'll to carry the backport in our own APT
   repository => I'll create a dedicated suite and push the package
   there, once you tell me the name of the feature/* branch you need
   this in.

Given Squeeze is nearly EOL and redsocks as a pretty low popcon [1],
I tend to prefer #2. What do you think?

[1] http://qa.debian.org/popcon.php?package=redsocks

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev