Major changes
Upgrade Tor Browser to 7.5.1.
Upgrade Tor to 0.3.2.10. (Closes: #15158)
Add ability to lock the screen. (Closes: #5684)
Add initial support for Meek bridges. (Closes: #8243)
Upgrade to Thunderbird 52.6.0. (Closes: #15298)
Enable Thunderbird AppArmor profile. (Closes: 11973)
Upgrade Linux to 4.15.0-1. (Closes: #15309).
Upgrade systemd to 237.
Upgrade Electrum to 3.0.6. (Closes: #15022)
Upgrade the base system to the Debian Stretch 9.4 point-release
(Closes: #15341)
Port a few shell scripts to Python thanks to GoodCrypto. (Closes: #11198)
Security fixes
Upgrade Intel processor microcode firmware. (Closes: #15173).
Upgrade poppler to 0.48.0-2+deb9u1. (CVE-2017-14929, CVE-2017-1000456)
Upgrade tiff to 4.0.8-2+deb9u2 (CVE-2017-9935, CVE-2017-11335,
CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013)
Upgrade ffmpeg to 7:3.2.10-1~deb9u1. (CVE-2017-17081)
Upgrade libtasn1-6 to 4.10-1.1+deb9u1. (CVE-2017-10790, CVE-2018-6003)
Upgrade Libre Office to 1:5.2.7-1+deb9u2. (CVE-2018-6871)
Upgrade libvorbis to 1.3.5-4+deb9u1. (CVE-2017-14632, CVE-2017-14633)
Upgrade gcc to 6.3.0-18+deb9u1.
Upgrade util-linux to 2.29.2-1+deb9u1. (CVE-2018-7738)
Upgrade isc-dhcp to 4.3.5-3+deb9u1 (CVE-2017-3144, CVE-2018-5732,
CVE-2018-5733)
Minor improvements
Avoid noisy warning at boot time by creating zerotracepen-upgrade-frontend's
trusted GnuPG homedir with stricter permissions, then making it looser.
(Closes: #7037)
Drop (broken) Thunderbird dedicated SocksPort. (Closes: #12460)
Drop customized update-ca-certificates.service. (Closes: #14756)
Update AppArmor cupsd profile. (Closes: #15029)
Improve UX when GDM does not start. (Closes: #14521)
Install packages needed to support Video Acceleration API.
(Closes: #14580)
Upgrade aufs-dkms for Linux 4.15. (Closes: #15132).
Ship pdf-redact-tools, thanks to dachary loic@dachary.org.
(Closes: #15052)
Additional Software Packages: convert to python3 and PEP-8.
(Closes: #15198)
Additional Software Packages: do not check for updates every time the
network gets reconnected. (Closes: #9819)
Revert to xorg-xserver from Stretch. (Closes: #15232)
Open Zero Trace Pen documentation in Tor Browser when online. (Closes: #15332)
Disable Enigmail's Memory Hole feature. (Closes: #15201)
Persistence Setup: stop depending on Synaptic. (Closes: #15263)
Bugfixes
Additional Software Packages: fix the "incomplete online upgrade
process" bug in offline mode (Closes: #14570)
Additional Software Packages: do not block Desktop opening.
(Closes: #9059)
Install OpenPGP Applet 1.1. (Closes: #6398).
Repair rng-tools using a real start-stop-daemon program.
(Closes: #15344)
Zero Trace Pen installer: fix bug with unicode status messages. (Closes: #15254)
Build system
Abort if zerotracepen-custom-apt-sources failed.
Abort the ISO build when DKMS modules are not built. (Closes: #14789).
Improve how we track dependencies in build hooks. (Closes: #14818)
Fix (potential) rare race condition during build.
Ensure the SquashFS has /etc/hostname properly configured.
(Closes: #15322)
Bump builder VM's RAM. (Closes: #15310)
Test suite
Log the list of systemd jobs when systemctl is-system-running fails.
(Closes: #14772).
Allow more time for 'systemctl is-system-running' to succeed.
Only support SikuliX, not Sikuli.
Disable SPICE clipboard sharing.
Don't flood the debug logger with the journal contents.
Rescue exception.
Enter a name into the Thunderbird account configuration.
(Closes: #11256)
Fix the "I do not see ..." step's case. (Closes: #14929)
Mark scenarios that use the "The Report an Error launcher will…" step
as fragile (Closes: #15321)
Test that Tor Browser opens docs when online. (Closes: #15332)
Adapt test after warning moved to after Unsafe Browser verification
dialog. (Closes: #8775)
Dogtailify electrum.feature.
Add additional software packages feature. (Closes: #14572)
Disable test that is broken due to a Tor Browser bug. (refs: #15336)