2014-07-XX + 2014.07 release * Release naming convention is YYYY.MM from now on * Kernel 3.15 with module signing * DM-Verity for faster SquashFS image verification * Support for installation to GPT media * Added support for exFAT filesystem * Better support for QEMU mouse virtualization * Xorg server 1.15 * Firewire SBP-2 module is blacklisted to prevent Firewire RAM access * Reduced the number of SUID binaries via POSIX.1e capabilities * Replaced htpdate with NTP for time synchronization * Added "tz" boot parameter for RTC timezone specification * Added "gentoo=nontp" boot parameter for disabling NTP * Added "gentoo=obfs" boot parameter for obfsproxy Tor bridges * Added "gentoo=xkms" boot parameter for forcing X modesetting driver * More robust Xorg autoconfiguration with sequential fallbacks * Changed OTFE filesystem to ext4 * Added ASCII virtual keyboard table for OTFE password entry * Added preformatted man pages * Replaced Epiphany with Firefox * Added proxychains, a heterogeneous chaining proxyfier * Replaced XChat with HexChat * Removed experimental I2P support and JamVM * Removed many packages due to shift of project focus * Removed most translations due to shift of project focus * OVA image creation is fully integrated into build process * Removed qemulate.sh script 2012-09-01 + 2012.3 release * Kernel 3.4.7 with overlayfs instead of Unionfs * Kernel image is now bundled with initramfs * EFI boot binaries are signed for Secure Boot * (U)EFI trusted boot chain continues from EFI boot binaries * Xorg server 1.12 and Mesa 8.0 with Gallium3D for Radeon cards * Nouveau driver is used for Nvidia cards * Better support for VMware graphics virtualization * Simplified boot parameters handling, most are now omitted * Added "blacklist" boot parameter for kernel modules blacklisting * Added "bridges" boot parameter for specifying Tor bridges * Added "gentoo=noanon" boot parameter for non-anonymous usage mode * More rigorous Wi-Fi and Bluetooth (un)blocked states on boot * Added small CD -> USB bootstrapping ISO image * Added optional PKCS#11 smart-cards support to GnuPG * Added reaver-wps, a WiFi Protected Setup cracking tool * Added Redshift, a screen color temperature adjuster * Disabled GnuPG-S/MIME autoimport of expired certificates * GTK-2 and GTK-3 themes are now uniform 2012-06-17 + 2012.2 release * Better handling of "readonly" boot parameter for some boot media * Better SD boot media support on some hardware * Added USB 3.0 boot media support * Last remaining executable PaX exception has been removed * Cables communication is now self-contained, based on libmicrohttpd * Added VIPS image manipulation toolkit (including nip2 GUI) * Added XInput calibrator * Removed ePDFView * Fixed key retrieval in GNU Privacy Assistant 2012-05-11 + 2012.1 release * Kernel 3.2.11 with devtmpfs in initramfs * Fixed memory wiping in KEXEC kernel * Removed almost all PaX protection exceptions * Fixed multilingual disk labels support for automount * Fixed 3G support for modems with PIN unlocking * More extensive firmware support * Better hardware support (nVidia SATA, BRCM4313, DVBs, joysticks, tablets) * Experimental (U)EFI booting support using GRUB 2 * Better filesystem security (read-only root fs) * CD boot media ejection now triggers shutdown (same as USB boot media) * Filesystem is now FHS-3.2+/run-compliant * Removed framebuffer console splash and decoration * Reworked framebuffer handling and simplified boot menu entries * Added SquashFS image verification during early boot * Added "readonly" boot parameter for disabling persistence * Added "toram" boot parameter for copying root filesystem to RAM * Added "gentoo=xvesa" boot parameter for forcing VESA driver in X server * Added "gentoo=xfb" boot parameter for forcing framebuffer driver in X server * setup.sh now supports "auto" mode, w/o unmounting and script copying * setup.sh is now more robust (MBR write fix, 64-bit-only systems warning) * Cables communication maintains perfect forward secrecy and repudiability * Added Open Virtualization bundle (OVA) (backported to 2011.2) * Better support for VMware and VirtualBox virtualization * Better support for regular mailboxes in Claws-Mail * Better Bluetooth support * Replaced Midori browser with Epiphany (also based on WebKit-GTK+) * Replaced SCIM input methods manager with uim * Added gFTP file transfer client * Added uGet download manager * Replaced Xarchiver with File Roller * Unsafe Browser execution environment is sanitized with pam_namespace * Laptop Mode Tools do not wake up drives on PM state changes * Unsafe Browser now refuses to run once Tor has established a circuit * Added keyboard layout configuration via locale customization applet * Added test-liberte, an automatic network policy testing script * Build scripts do not require SquashFS tools or cdrtools anymore 2011-11-07 + 2011.2 release * ISO image generation, useful for VMs and independent installs * Support for installing to ext2/3/4 filesystems * Directories are hidden on FAT (during install) and ISO (in Joliet layer) * Added silent splash theme, which also disables logo in X server * Added configuration-gathering tool for bug reporting * Kernel 2.6.39 with SquashFS XZ compression and NX support * Requirements bumped to PentiumIII+ (implies MMX, SSE) with PAE * All RAM is wiped on shutdown/reboot, regardless of 3GiB address space limit * Xorg server 1.10, better touchpad support * Better integration as VirtualBox (including clipboard), VMWare, QEMU guest * VirtualBox shares are now supported as automount directories * HFS and HFS+ filesystems are now supported as read-only automounts * Optional I2P support via gentoo=i2p kernel argument * HTP time daemon has been hardened and extended to aid I2P service * OTFE partition now supports file permissions, sanitized during boot * OTFE partition now uses NTFS compression for all data * Added an applet for switching Tor identity (NEWNYM) * Cables communication is now a separate project * Cables communication daemon runs under a designated user * Cables communication supports I2P as source and destination addresses * Added cables communication identity information applet * Added small and fast Java runtime environment (JamVM) * Added HTML5 and plugin-based video/audio support to Midori * Added SASL (plain) authentication and OTR encryption support to XChat * Added PPTP/OpenVPN/Cisco VPN support to NetworkManager * Added emelFM2 2-pane file manager * Replaced MPlayer with Totem (GStreamer-based) * Replaced xvkbd with Florence virtual keyboard * Audio mixer channels are heuristically set up on boot * Selected Tor-friendly IRC networks for XChat 2011-05-29 + 2011.1 release * Removed SYSLINUX dependency during Linux install * Custom fast initramfs without blind modules probing * Separated KMS-dependent and VESA-dependent boots * Added option for booting without applying user settings * More RAM is wiped with KEXEC-based reboot/shutdown * RAM is also wiped before power-off on boot media removal * Power-off button is ignored when X server screen is locked * X server screen locks automatically on closed lid * Boot media filesystem is repaired on startup and shutdown * Kernel 2.6.37 with PLD Linux SquashFS LZMA patches * Parallel OpenRC facilitates faster startup and shutdown * Control groups assist process scheduling * Haveged is used for supplying entropy * Xorg server 1.9 * Added OpenSSH client * Disabled NTP in favor of exclusive HTP use * Added secure and anonymous cables communication * Added detection and warning about virtualized environment * Added blinking of unused LEDs on dropped and rejected packets * Easy MP4[H.264+MP3] webcam video encoding * Easy Speex audio encoding * Added FBReader, XChat, Pidgin 2010-11-15 + 2010.1 release * Transitioned to SYSLINUX, radically simplified installation on all platforms * Robust persistence using resizable encrypted virtual partition (OTFE) * Tor start-up does not depend on in-the-clear correct time source access * Tor hostname is now directly generated and propagated to Tor upon first boot * Provisional communication certificates generation and username derivation * GnuPG uses HKPS protocol (CA certificate verified during build) * Added an unsafe browser that bypasses the firewall (for Wi-Fi registration) * Added robust X server screen locking support * Added a robust and reasonably fast start-to-finish build script * Added universal verification of signatures during build (rsync is disabled) * Hardened build is now based on the more reliable regular stage3 autobuilds * Hardened GCC version with SSP and PIE support is now used to build packages * Removed CDROM boot support * Accepted licenses are explicitly specified during build * Updated to kernel 2.6.32, kernel+initrd use LZMA * Removed SquashFS LZMA support until it is available in mainline * Added full ACL and extended attributes support * AutoFS integration fixes and enhancements * Added support for popular Ethernet and Wi-Fi drivers (including firmware) * Removed the deprecated IDE support in favor of libata, added SMART monitor * MAC address is correctly randomized (automatic for Wi-Fi only) * Laptop Mode Tools are used for power management * Most capable audio card is configured as default during boot * Replaced (unmaintained and Python-based) Wicd with NetworkManager * Stability, security, and hardware support improvements * Space usage improvements * Improved control of growing log files (no file grows indefinitely in tmpfs) * Perl and Python are cleanly removed from the image * Applications list improvements (Evince+Postscript/DejaVu, Eboard, ...) * Provisional MP4[H.264+Ogg[Vorbis/Speex]] lightweight video encoding support 2010-05-05 + 2010.0 inital release