zerotracepen (1.7)

  • Major new features and changes

    • Upgrade Tor Browser to 5.0.4. (Closes: #10456)

    • Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
      improvements via the Torbirdy add-on, and complete persistence
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Zero Trace Pen in a future
      release. (Closes: #6151, #9498, #10285)

    • Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+zerotracepen1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
      enabled similar (but inferior) functionality for all
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)

    • Add an option to Zero Trace Pen Greeter which disables networking
      completely. This is useful when intending to use Zero Trace Pen for
      offline work only. (Closes: #6811)

    • Security fixes

    • Fix CVE-2015-7665, which could lead to a network interface's IP
      address being exposed through wget. (Closes: #10364)

    • Prevent a symlink attack on ~/.xsession-errors via
      zerotracepen-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)

    • Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.

    • Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.

    • Upgrade Linux to 3.16.7-ckt11-1+deb8u5.

    • Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.

    • Upgrade unzip to 6.0-8+deb7u4.

    • Bugfixes

    • Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)

    • Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)

    • Minor improvements

    • Rework the wordings of the various installation and upgrade
      options available in Zero Trace Pen installer in Wheezy. (Closes: #9672)

    • Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)

    • Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.

    • Update the Zero Trace Pen signing key. (Closes: #10012)

    • Update the Zero Trace Pen APT repo signing key. (Closes: #10419)

    • Install the nmh package. (Closes: #10457)

    • Explicitly run "sync" at the end of the Zero Trace Pen Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.

    • Test suite

    • Add initial automated tests for Icedove. (Closes: #10332)

    • Add automated tests of the MAC spoofing feature. (Closes: #6302)

    • Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)

    • Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)

    • Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)

    • Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:

      10219)

    • Extract TBB languages from the Zero Trace Pen source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)

    • Automatically test that zerotracepen-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.

    • Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)

    • Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via --out. (Closes: #10342)

    • Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)

    • Add more automatic tests for I2P. (Closes: #6406)

    • Bump the Tor circuit retry count to 10. (Closes: #10375)

    • Clean up dependencies: (Closes: #10208)

      • libxslt1-dev
      • radvd
      • x11-apps