Security fixes
Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
Enable all available mitigations for the Microarchitectural Data
Sampling (MDS) attacks and disable SMT on vulnerable CPUs
(Closes: #16720).
Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).
Bugfixes
Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
The version in sid now displays a warning and exits, while 3.2.3-1 is
still usable, in the rare cases when it manages to connect to the
network, despite being affected by problematic phishing attacks which
will only be solved once the package in Debian is updated to a newer
upstream version.
Build system
Bump APT snapshot of the 'debian' archive to 2019051601, needed for
the MDS mitigations.
Don't install the firmware-linux and firmware-linux-nonfree
metapackages, as packages they pulled are already listed explicitly
and one might run into version-related issues (Closes: #16708).
Minor improvements and updates
Remove some packages from the Zero Trace Pen image as their use is not
widespread while consuming space for everyone. They can still be
installed and upgraded through Additional Software (Closes: #15291).
This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
pdf-redact-tools, pwgen, traverso, and ssss.
Fix missing translations in the Greeter (Closes: #13438).
Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
Port fillram to Python 3 (Closes: #15845).
Enable localization for new locales introduced in Tor Browser 8.5
(Closes: #16637).
Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
Improve internationalization of the Unlock VeraCrypt Volumes
component (Closes: #16602).
Test suite