Major changes
Upgrade Tor Browser to 8.5.5 (Closes: #16692).
Security fixes
Install Linux kernel from the Buster security repository (Closes: #16970).
The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
in sid via 5.2.x, which is a too big change for the Zero Trace Pen 3.16 bugfix
release. Let's instead track Buster (+ security) for the time being.
Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
Upgrade Thunderbird to 60.8 (DSA-4482-1).
Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).
Bugfixes
Additional software: Improve/fix support for translations (Closes: #16601).
Rework the implementation for hiding Zero Trace PenData partitions (Closes: #16789).
Adjust how tordate determines whether the clock is in a valid range,
fixing issues with obfs4 (Closes: #16972).
Minor improvements and updates
Ship default upstream Tor Browser bookmarks, and remove our predefined
bookmarks (Closes: #15895).
Hide the security level button in the unsafe browser (Closes: #16735).
Remove pre-generated Pidgin accounts (Closes: #16744).
Remove LibreOffice Math (Closes: #16911).
Website: Make sandbox page translatable (Closes: #16873).
Website: Only scrub HTML on blueprints (Closes: #16901).
Website: Point history & diff URLs to Salsa.
Build system
Bump APT snapshot of the torproject archive to 2019073103, and drop
tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
Bump APT snapshot of the Debian archive to 2019080801 to get fixed
firmware packages from sid instead of sticking to those from
stretch-backports (Closes: #16728).
Enable the buster APT repository and install some packages from there:
hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
Browser AppArmor profile accordingly (Closes: #16858).
Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
0.3.2-1 (Closes: #16941).
Test suite
Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
Adjust both locale handling and reference pictures for the Unsafe
Browser homepage (Closes: #17004).
Fix "Watching a WebM video over HTTPS" scenario on Jenkins
(Closes: #10442).
Tag "Watching a WebM video" as fragile.
Make @check_tor_leaks more verbose (See: #10442).
Remove broken Electrum scenario since Electrum support is currently
missing (Closes: #16421).