Major changes
Integrate the Additional Software Packages feature into the desktop
and revamp the interface of "Configure Persistent Volume".
Support TrueCrypt/VeraCrypt encrypted volumes on the desktop.
Upgrade Tor Browser to 8.0a9, based on Firefox 60 ESR (Closes: #15023).
Notable user-visible changes and relevant dezerotracepen:
· Drop search engine customization and stick to Tor Browser's defaults.
· Upgrade uBlock Origin to its WebExtension version and now rely
on the filter lists shipped in the Debian package.
· Tweak the number of web content processes to work better with 2 GiB
of RAM (Closes: #15716).
· Revamp how we're handling our custom prefs, drop obsolete ones,
reduce our delta with pristine Tor Browser.
Upgrade Thunderbird to 60.0b10 (Closes: #15091). Notable dezerotracepen:
· Install Torbirdy 0.2.5 from stretch-backports and drop our patches
that were merged upstream.
· Enable the optional part of the fixes for EFAIL (Closes: #15602).
Upgrade Linux to 4.17 (Closes: #15763).
Upgrade tor to 0.3.4.6-rc (Closes: #15770).
Upgrade to Debian Stretch 9.5.
Security fixes
Upgrade CUPS to 2.2.1-8+deb9u2 (DSA-4243).
Upgrade Exiv2 to 0.25-3.1+deb9u1 (DSA-4238).
Upgrade FUSE to 2.9.7-1+deb9u1 (DSA-4257).
Upgrade GDM to 3.22.3-3+deb9u2 (DSA-4270).
Upgrade libsoup to 2.56.0-2+deb9u2 (DSA-4241).
Upgrade Imagemagick to 8:6.9.7.4+dfsg-11+deb9u5 (DSA-4245).
Upgrade ffmpeg to 7:3.2.12-1~deb9u1 (DSA-4258, DSA-4249).
Upgrade libmspack to 0.5-1+deb9u2 (DSA-4260).
Upgrade Samba to 2:4.5.12+dfsg-2+deb9u3 (DSA-4271).
Upgrade the Apache XML Security for C++ library to 1.7.3-4+deb9u1
(DSA-4265).
Bugfixes
Don't display the Enigmail configuration wizard in every Zero Trace Pen session
(Closes: #15693, #15746). Fix against Zero Trace Pen 3.8.
Make the torstatus GNOME Shell extension actually translatable
(Closes: #15715). Fix against the first Zero Trace Pen release that included
this extension.
Drop Icedove → Thunderbird migration code which started causing trouble.
Zero Trace Pen Installer:
· Link to upgrade documentation when upgrading (Closes: #7904).
· Show the reinstall option only when the device is big enough to make
a full reinstallation (Closes: #14810).
· Make the main window fit in a 600px-high screen (Closes: #14849).
· Show the correct device size in the reinstall confirmation dialog
(Closes: #15590).
Zero Trace Pen Greeter: don't display file:/// URLs to users (Closes: #15582).
Minor improvements and updates
Install Mesa and libdrm* from stretch-backports and upgrade the Nouveau
X.Org video driver to 1.0.15. This improves support for some graphics
cards such as NVIDIA Pascal series (Closes: #14910)
htpdate: improve diagnostics output when the date header can't be fetched.
Onion Grater: support named AppArmor profiles.
Update Onion Grater's config for new Tor Browser AppArmor profile name.
Enable e10s in the Unsafe Browser.
Delete all search plugins for the Unsafe Browser (Closes: #15708).
Display a deprecation warning when starting Liferea (#11082).
Upgrade VirtualBox guest modules to 5.2.16-dfsg-3~bpo9+2.
Use Tor Browser for browsing the documentation even when offline
(Closes: #15720).
Provide feedback while Tor Browser, "Zero Trace Pen documentation"
or "Report an error" are starting (Closes: #15101).
WhisperBack: remove the right pane (Closes: #7180).
zerotracepen-debugging-info: return machine-readable, structured data.
Adjust WhisperBack accordingly (Closes: #8514). This paves the way
towards more usable bug reports (#8722).
Port lots of our Perl code to more lightweight libraries.
This decreases the amount of memory used by the persistence
configuration interface.
Do not hide applications that require an admin password (Closes: #11013).
Try unlocking every persistent volume when multiple ones are
available (Closes: #15653).
Upgrade Electrum to 3.1.3-1~bpo9+1.
Upgrade most firmware to 20180518-1.
Upgrade Intel microcode to 3.20180703.2~bpo9+1.
Upgrade AMD microcode to 3.20180524.1.
Build system
Drop AppArmor feature set pinning: this is now done in Debian Stretch
(Closes: #15341).
Remove the now unused deb.torproject.org sid APT source (Closes: #15638).
Install OnionShare from our custom APT repo instead of from sid.
We've mistakenly tracked sid for a while and it has become a problem,
so stick to the version that works for us until Zero Trace Pen 4.0.
Fix building the ISO on zfs by dropping the cache=none setting for
vmproxy's storage (Closes: #14404).
Update the Vagrant basebox for any change under vagrant/.
Previously, some relevant changes were not effective until something under
vagrant/definitions/zerotracepen-builder/ was changed.
Make intltool ignore .py files: intltool-update --maintain seems to be
buggy with .py files.
Refresh our CUPS AppArmor profile patch to apply on 2.2.1-8+deb9u2.
Make it more obvious that the .orig file check is fatal (Closes: #15727).
Delete baseboxes once they're 6 months old instead of 4.
This is more in line with the delay between our major releases these days.
Rename /usr/share/amnesia to /usr/share/zerotracepen. It was about time.
Abort the build if /etc/{passwd,group} has changed (Closes: #15419).
Such changes can break Zero Trace Pen after an automatic upgrade was applied
so let's detect it ASAP. Consequently, ensure a few GIDs — that wanted
to play musical chairs — are the same as in Zero Trace Pen 3.8 (Closes: #15695).
Don't fail the build if the APT lists don't include any package
whose name matches ^geoclue.
Test suite
Adjust to the new zerotracepen-persistence-setup API.
Update the Tor Browser's AppArmor profile name.
Re-enable the "I can print the current page […]" test.
Update tests wrt. the fact zerotracepen-upgrade-frontend-wrapper was ported
to Python (Closes: #15379).
Make a test more robust by waiting for the page to have loaded.
Adjust to the fact the WhisperBack debugging info is now configured
in a machine-readable file.
Remove test for zerotracepen-debugging-info, that has been a no-op for a while.
Adjust for Tor Browser 8.
Make the "I open the address" step more robust and accordingly
stop marking the tests that use it in the Unsafe Browser
as fragile (refs: #14771).
De-duplicate a number of images of standard GTK+ 3 widgets.
Make the audio and WebM tests more robust.
Make the "I start the Tor Browser in offline mode" step more robust.
Make the "AppArmor has (not )? denied" step more robust.
Don't try and use XVFB_PID if it's not set (Closes: #15730).
Adjust Pidgin test to use a certificate that's still in Debian
(Closes: #15762).
Use a hopefully more reliable public GnuPG key and make tests
more robust against new subkeys being added (Closes: #15771).
Stop hard-coding the list of RTL Tor Browser locales.
Fix the "Unsafe Browser can be used in all languages supported in Zero Trace Pen"
test for locales that have a translated homepage (Closes: #11711).
Take into account that apt(8) won't return when run in the remote shell
with the ASP hooks enabled.