Security fixes
Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
Upgrade icedove to 38.7.0-1~deb8u1
Upgrade git to 1:2.1.4-2.1+deb8u2
Upgrade libgd3 to 2.1.0-5+deb8u1
Upgrade pidgin-otr to 4.0.1-1+deb8u1
Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
Upgrade openssh to 1:6.7p1-5+deb8u2
Bugfixes
Refresh Tor Browser's AppArmor profile patch against the one from
torbrowser-launcher 0.2.4-1. (Fixes: #11264)
Pull monkeysphere from stretch to avoid failing to install under
eatmydata. (Fixes: #11170)
Start gpg-agent with no-grab option due to issues with pinentry and
GNOME's top bar. (Fixes: #11038)
Zero Trace Pen Installer: Update error message to match new name of 'Clone
& Install'. (Fixes: #11238)
Onion Circuits:
WhisperBack: Workaround socks bug. When the Tor fails to connect to
the host, WisperBack used to display a ValueError. This is caused by
a socks bug that is solved in upstream's master but not in Zero Trace Pen.
This commit workarounds this bug Unclear error message in WhisperBack
when failing to connect to the server. (Fixes: #11136)
Minor improvements
Upgrade to Debian 8.4, a Debian point release with many minor upgrades
and fixes to various packages . (Fixes: #11232)
Upgrade I2P to 0.9.25. (Fixes: #11363)
Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
passwords from the clipboard. (Fixes: #11239)
config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
(Fixes: #11273)
Make the Tor Status "disconnected" icon more contrasted with the
"connected" one. (Fixes: #11199)
Test suite
Add UTF-8 support to OTR Bot. (Fixes: #10866)
Don't explicitly depend on openjdk-7-jre or any JRE for that
matter. Sikuli will pull in a suitable one, so depending on one
ourselves is only risks causing trouble. (Fixes: #11335)