Major changes
Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
Accordingly:
· Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
· Disable the update check (Closes: #15483).
Curate the list of languages in Zero Trace Pen Greeter (Closes: #16095).
Only include languages which meet one of these conditions:
· Have a PO file in zerotracepen.git (i.e. have at least one translated
and reviewed string)
· Are on our list of tier-1 supported languages.
Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
Bump APT snapshots of the 'debian' and 'torproject' archives
to 2019100904. This includes the update to the Buster 10.1
point-release.
Security fixes
Drop NoScript customization that makes our web fingerprint diverge
from Tor Browser's (related to #5362).
Enable Buster security APT sources (Closes: #17119).
Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
and more security fixes).
Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
flooding attack.
Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
CVE-2019-11729).
Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
DSA-4483-1, and CVE-2019-9848).
Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
CVE-2019-13118).
Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).
Bugfixes
Ensure that tor-has-bootstrapped systemd units are stopped
if tor@default.service stops; replace the tor-has-bootstrapped
script with a tor_has_bootstrapped() function that checks the status
of zerotracepen-tor-has-bootstrapped.target (Closes: #16664).
Fix MIME info data build reproducibility (Closes: #17023).
Fix missing GNOME bookmarks, by adding them earlier in the session
login process (Closes: #17030).
Increase left dock width in GIMP's sessionrc (Closes: #16807).
Use hardware defaults for the touchpad click method (Closes: #17045).
Fix image thumbnails in GNOME Files (Closes: #17062).
Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
(Closes: #17060).
Fix sdhci-pci support.
Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
Fix administration password not being applied in some cases
(Closes: #13447).
Fix Greeter settings being applied when clicking "Cancel"
(Closes: #17087).
Fix bridge information not always shown when the user selects
bridge mode in the Greeter.
Fix path in whisperback's debugging info (Closes: #17109).
Fix Tor Browser functionality that was broken when it was started
by clicking a link in Thunderbird (Closes: #17105).
Fix WhisperBack that was broken due to an expired X.509 certificate:
stop using TLS (we already have end-to-end encryption via OpenPGP,
plus end-to-end encryption and remote peer authentication via
Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
Install Stretch's po4a (0.47-2) from our custom APT repository:
the upgrade to Buster's version will need more work and coordination
(Closes: #17127).
Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
Regression introduced when we upgraded to Tor Browser based on Firefox
ESR 60.
Mention USB images as a valid installation technique when trying
to create a persistent volume on a device that can't have one
(Closes: #17025).
Minor improvements and updates
Add iPhone USB tethering support (Closes: #16180).
Install Enigmail from Buster (Closes: #16978).
Disable GDM debug logs (Closes: #17011).
Hide less common keyboard layouts in the Greeter (Closes: #17084).
Major refactoring and cleanup of Zero Trace Pen Greeter (Closes: #17098).
Use a localized page for the Greeter help window, if available
(Closes: #17101).
Separate Chinese into simplified and traditional scripts
in the Greeter (Closes: #16094).
Allow the user to show the passphrase they're typing when creating
a new persistent volume (Closes: #15102).
When saving persistence.conf or its backup, also run sync(1)
on its parent directory (might help fix #10976).
Improve Zero Trace Pen Installer wording (Closes: #15564).
Update tor to 0.4.1.6-1~d10.buster+1.
Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.
Build system
SquashFS sort file: remove more noise.
Improve lint_po's UX (refs: #16864).
Import our pythonlib, previously included as a submodule (Closes: #16935).
Use a consistent, standard Python packages directory (Closes: #17082).
Test suite
Make various steps more robust:
· "all notifications are disappeared" (Closes: #17012)
· "Additional Software is correctly configured for package"
· "I unlock and mount this VeraCrypt file container
with Unlock VeraCrypt Volumes"
· "I open the Unsafe Browser proxy settings dialog"
· starting apps via the GNOME Activities Overview (Closes: #13469)
· "I start the Tor Browser in offline mode"
Handle Guestfs::Error exceptions.
Provide guidance to fix problematic situation.
Update various reference images for Buster.
Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
matching is enabled (Closes: #17029).
Dogtail'ify all interactions with gedit (Closes: #17028).
New test: ensure that no experimental APT suite is enabled
for deb.torproject.org (Closes: #16931).
Remove dead IRC-related code and dependencies.
Take into account that Evince and Tor Browser's print-to-file dialogs
are rendered in a subtly different manner.
Drop fragile tag for actual Zero Trace Pen bugs (#17007).
Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
Fix regression in the Persistent browser bookmarks scenario
(Closes: #17125).