Security fixes
Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+zerotracepen2, which includes a circuit
isolation bugfix. (Closes: #9560)
AppArmor: deny Tor Browser access to the list of recently used files.
(Closes: #9126)
Upgrade OpenSSL to 1.0.1e-2+deb7u17.
Upgrade Linux to 3.16.7-ckt11-1.
Upgrade CUPS to 1.5.3-5+deb7u6.
Upgrade FUSE to 2.9.0-2+deb7u2.
Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
Bugfixes
Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
(Closes: #9416)
Partially fix the truncated notifications issue. (#7249)
Minor improvements
Disable the hwclock.sh initscript at reboot/shutdown time.
This is an additional safety measure to ensure that the hardware clock
is not modified. (Closes: #9364)
Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
(Closes: #9417)
Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
profile shipped with torbrowser-launcher 0.2.0-1.
Add the jessie/updates APT repo and set appropriate pinning.
Upgrade Electrum to 1.9.8-4~bpo70+1.
Upgrade kernel firmware packages to 0.44.
Build system
Install the Linux kernel from Debian Jessie. (Closes: #9341)
Remove files that are not under version control when building in Jenkins.
(Closes: #9406)
Don't modify files in the source tree before having possibly merged
the base branch into it. (Closes: #9406)
Make it so eatmydata is actually used during a greater part of the build
process. This includes using eatmydata from wheezy-backports.
(Closes: #9419, #9523)
release script: adjust to support current Debian sid.
Test suite
Test the system clock sanity check we do at boot. (Closes: #9377)
Remove the impossible "Clock way in the past" scenarios.
Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
these scenarios cannot happen, and since we test that it works they
can be safely removed.
Test that the hardware clock is not modified at shutdown. (Closes: #9557)
Pidgin: retry looking for the roadmap URL in the topic.
Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
(Closes: #9317)
Test all OpenPGP keys shipped with Zero Trace Pen. (Closes: #9402)
Check that notification-daemon is running when looking for notifications
fails. (Closes: #9332)
Allow using the cucumber formatters however we want. (Closes: #9424)
Enable Spice in the guest, and blacklist the psmouse kernel module,
to help with lost mouse events. (Closes: #9425)
Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
Test that Seahorse is configured to use the correct keyserver.
(Closes: #9339)
Always export TMPDIR back to the test suite's shell environment.
(Closes: #9479)
Make OpenPGP tests more reliable:
· Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
· Retry accessing menus in Seahorse on failure. (Closes: #9344)
Focus the Pidgin conversation window before any attempt to interact
with it. (Closes: #9317)
Use convertkey from the (backported to Jessie) Debian package,
instead of our own copy of that script. (Closes: #9066)
Make the memory erasure tests more robust (Closes: #9329):
· Bump /proc/sys/vm/min_free_kbytes when running fillram.
· Actually set oom_adj for the remote shell when running fillram.
· Try to be more sure that we OOM kill fillram.
· Run fillram as non-root.
Only try to build the storage pool if Zero Trace PenToasterStorage isn't found.
(Closes: #9568)