Major new features
Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
introduces many major new features for usability, security and
privacy. Unfortunately its per-tab circuit view did not make it
into Zero Trace Pen yet since it requires exposing more Tor state to the
user running the Tor Browser than we are currently comfortable
with. (Closes: #9031, #9369)
Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+zerotracepen2. Like in the Tor
bundled with the Tor Browser, we patch it so that circuits used
for SOCKSAuth streams have their lifetime increased indefinitely
while in active use. This currently only affects the Tor Browser
in Zero Trace Pen, and should improve the experience on certain web sites
that otherwise would switch language or log you out every ten
minutes or so when Tor switches circuit. (Closes: #7934)
Security fixes
tor-browser wrapper script: avoid offering avenues to arbitrary
code execution to e.g. an exploited Pidgin. AppArmor Ux rules
don't sanitize $PATH, which can lead to an exploited application
(that's allowed to run this script unconfined, e.g. Pidgin)
having this script run arbitrary code, violating that
application's confinement. Let's prevent that by setting PATH to
a list of directories where only root can write. (Closes: #9370)
Upgrade Linux to 3.16.7-ckt9-3.
Upgrade curl to 7.26.0-1+wheezy13.
Upgrade dpkg to 1.16.16.
Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
Upgrade openldap to 2.4.31-2.
Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
Upgrade libtasn1-3 to 2.13-2+deb7u2.
Upgrade libx11 to 2:1.5.0-1+deb7u2.
Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
Upgrade ppp to 2.4.5-5.1+deb7u2.
Bugfixes
Disable security warnings when connecting to POP3 and IMAP ports.
(Closes: #9327)
Make the Windows 8 browser theme compatible with the Unsafe and I2P
browsers. (Closes: #9138)
Hide Torbutton's "Tor Network Settings..." context menu entry.
(Closes: #7647)
Upgrade the syslinux packages to support booting Zero Trace Pen on
Chromebook C720-2800. (Closes: #9044)
Enable localization in Zero Trace Pen Upgrader. (Closes: #9190)
Make sure the system clock isn't before the build date during
early boot. Our live-config hook that imports our signing keys
depend on that the system clock isn't before the date when the
keys where created. (Closes: #9149)
Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
us from getting GNOME's default keyserver in addition to our
own. (Closes: #9233)
Prevent Firefox from crashing when Orca is enabled: grant
it access to assistive technologies in its Apparmor
profile. (Closes: #9261)
Add Jessie APT source. (Closes: #9278)
Fix set_simple_config_key(). If the key already existed in the
config file before the call, all other lines would be removed
due to the sed option -n and p combo. (Closes: #9122)
Remove illegal instance of local outside of function definition.
Together with set -e that error has prevented this script from
restarting Vidalia, like it should. (Closes: #9328)
Minor improvements
Upgrade I2P to 0.9.19-3~deb7u+1.
Install Tor Browser's bundled Torbutton instead of custom .deb.
As of Torbutton 1.9.1.0 everything we need has been upstreamed.
Install Tor Browser's bundled Tor Launcher instead of our
in-tree version. With Tor 0.2.6.x our custom patches for the
ClientTransportPlugin hacks are not needed any more. (Closes:
Don't install msmtp and mutt. (Closes: #8727)
Install fonts-linuxlibertine for improved Vietnamese support in
LibreOffice. (Closes: #8996)
Remove obsoletete #i2p-help IRC channel from the Pidgin
configuration (Closes: #9137)
Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
Bliminse for the patch. (Closes: #9069).
Install printer-driver-gutenprint to support more printer
models. (Closes: #8994).
Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
Hide the Tor logo in Tor Launcher. (Closes: #8696)
Remove useless log() instance in zerotracepen-unblock-network. (Closes:
Install cdrdao: this enables Brasero to burn combined data/audio
CDs and to do byte-to-byte disc copy.
Hide access to the Add-ons manager in the Unsafe Browser. It's
currently broken (#9307) but we any way do not want users to
install add-ons in the Unsafe Browser. (Closes: #9305)
Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
The default value of this option activates warnings on ports
23,109,110,143. This commit disables the warnings for POP3 and
IMAP as these could be equally used in encrypted StartTLS
connections. (Closes: #9327)
Completely rework how we localize our browser by generating our
branding add-on, and search plugins programatically. This
improves the localization for the ar, es, fa, ko, nl, pl, ru,
tr, vi and zh_CN locales by localizing the Startpage and
Disconnect.me search plugins. Following Tor Browser 4.5's recent
switch, we now use Disconnect.me as the default search
engine. (Closes: #9309)
Actively set Google as the Unsafe Browser's default search
engine.
Build system
Encode in Git which APT suites to include when building Zero Trace Pen.
(Closes: #8654)
Clean up the list of packages we install. (Closes: #6073)
Run auto/{build,clean,config} under `set -x' for improved
debugging.
Zero-pad our ISO images so their size is divisible by 2048.
The data part of an ISO image's sectors is 2048 bytes, which
implies that ISO images should always have a size divisible
by 2048. Some applications, e.g. VirtualBox, use this as a sanity
check, treating ISO images for which this isn't true as garbage.
Our isohybrid post-processing does not ensure this,
however. Also Output ISO size before/after isohybrid'ing and
truncate'ing it. This will help detect if/when truncate is
needed at all, so that we can report back to syslinux
maintainers more useful information. (Closes: #8891)
Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
goal here is to avoid Tor Browser tarballs being deleted by
apt-cacher-ng's daily expiration cronjob: they're not listed in
any APT repo's index file, so acng will be quite eager to clean
them up.
Test suite
Bring dependency checks up-to-date (Closes: #8988).
Adapt test suite to be run on Debian Jessie, which includes
removing various Wheezy-specific workarounds, adding a few
specific to Jessie, migrating from ffmpeg to libav, and
more. (Closes: #8165)
Test that MAT can see that a PDF is dirty (Closes: #9136).
Allow throwing Timeout::Error in try_for() blocks, as well as
nested try_for() (Closes: #9189, #9290).
Read test suite configuration files from the features/config/local.d
directory. (Closes: #9220)
Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
zombie processes from appearing. (Closes: #9139)
Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
it to properly clean up. (Closes: #8707)
Split SSH & SFTP configs in the test suite. (Closes: #9257)
Improve how we start subprocesses in the test suite, mostly by
bypassing the shell for greater security and robustness (Closes:
Add Electrum test feature. (Closes #8963)
Test that Zero Trace Pen Installer detects when USB devices are
removed. (Closes: #9131)
Test Zero Trace Pen Installer with devices which are too small. (Closes:
Test that the Report an Error launcher works in German. (Closes:
Verify that no extensions are installed in the Unsafe Browser
using about:support instead of about:addons, which is broken
(#9307). (Closes: #9306)
Retry GNOME application menu actions when they glitch. The
GNOME application menus seem to have issues with clicks or
hovering actions not registering, and hence sometimes submenus
are not opened when they should, and sometimes clicks on the
final application shortcut are lost. There seems to be a
correlation between this and CPU load on the host running the
test suite. We workaround this by simply re-trying the last
action when it seems to fail. (Closes: #8928)
Work around Seahorse GUI glitchiness (Closes: #9343):
Wait for systray icons to finish loading before interacting with
the systray. (Closes: #9258)
Test suite configuration: generalize local.d support to .d. We
now load features/config/.d/*.yml.
Use code blocks in "After Scenario" hooks. This is much simpler
to use (and more readable!) compared to hooking functions and
arguments like we used to do.
Create filesystem share sources in the temporary directory and
make them world-readable. (Closes: #8950)