A new release has been published on SourceForge, and is nearly identical to the
release candidate. Please follow download links on the
project site or on
SourceForge, and remember to check
PGP signatures of the downloaded files.
Summary of important changes since the previous release is below.
Low-level system changes:
- Hardened kernel 3.2.11
- Fixed memory wiping in KEXEC kernel: 64-bit kernel is used for wiping memory where possible, and 32-bit kernel can wipe ≈2.9 GiB of RAM
- Removed almost all PaX protection exceptions: /bin/fuser is the only binary with disabled MPROTECT (Gentoo bug #394443)
- Fixed multilingual disk labels support for media automount under /media
- Fixed 3G support for modems with PIN unlocking
- Much more extensive hardware and firmware support (nVidia SATA, BCM4313, DVBs, joysticks, tablets)
- Added experimental (U)EFI booting support using GRUB2 (see /liberte/boot/grub/grub.cfg), which is supposed to work for all installation types: enable EFI in VirtualBox for .ova bundle with the new EFI partition, burn .iso that includes an alternative El-Torito boot section, or use rEFInd on a Mac to detect the top-level EFI directory on a FAT(32)-based .zip install, which may work as-is on non-Mac UEFI machines
Configuration and system features:
- Better filesystem security: most filesystem is read-only, with carefully selected exceptions
- CD/SD boot media ejection now triggers shutdown (same as USB boot media)
- Filesystem is now FHS-3.2+/run-compliant: /media, /run, /srv as advertised elsewhere
- Removed framebuffer console splash and decoration due to increasing fbcondecor inadequacy, and in anticipation for better Plymouth support; gentoo=nologo boot parameter now disables desktop logo
- Reworked framebuffer handling and simplified boot menu entries: first entry should be fine for most graphics adapters, KMS and non-KMS alike
- Added SquashFS image verification during early boot: a hash is supplied with boot options
- Added readonly boot parameter for disabling persistence: behavior will be similar to booting an .iso
- Added toram boot parameter for copying SquashFS image to RAM: it is automatically specified when booting an .iso, making CD drive latency irrelevant
- Added gentoo=xvesa boot parameter for forcing VESA driver in X server
- Added gentoo=xfb boot parameter for forcing framebuffer driver in X server: this parameter is useful for booting on (U)EFI systems where VESA is not supported
- setup.sh is now more robust (MBR write fix, 64-bit-only systems warning), and supports auto mode, without unmounting and script copying: simply run sh /media/…/liberte/setup.sh auto
Custom software and packaging:
- Perfect forward secrecy and repudiability in cables communication: Diffie-Hellman key exchange for message encryption, and MACs for message and message receipts authentication (similar principles to OTR)
- Added Open Virtualization bundle (OVA) for easy virtual machine setup: fully standards-compliant, and compatible with both VirtualBox and VMware
- Unsafe Browser now refuses to run once Tor has established a circuit: use the command-line force parameter to override this restriction
- Added keyboard layout configuration in the Language and Time Zone locale customization applet
- Added test-liberte, an automatic network policy testing script
- Build scripts do not require SquashFS tools or cdrtools anymore
Installed software and features integration:
- Better virtualization support: seamless display, auto-resizing, clipboard and disk shares support in VirtualBox, seamless display and disk shares in VMware
- Better support for regular (non-cables communication) mailboxes in Claws-Mail: IMAP, SSL/STARTTLS, automatic Torification
- Replaced Midori browser with Epiphany (which uses the same WebKit backend)
- Partial migration to GTK+ 3 / dconf (Midori, Audacious, Gucharmap), using Light Themes
- SCIM input methods manager has been replaced with uim: similar keybindings have been specified
- Added gFTP file transfer client
- Added uGet download manager
- Xarchiver has been replaced with File Roller
- Unsafe Browser execution environment is sanitized with pam_namespace
- Laptop Mode Tools do not wake up drives on power management state changes anymore
Loading User Profile...
Login with Facebook