zerotracepen (4.1)

  • Major changes

    • Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
      (MFSA-2019-37).

    • Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).

    • Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.

    • Security fixes

    • Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).

    • Disable unprivileged userfaultfd syscall (Closes: #17196).

    • Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).

    • Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).

    • Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)

    • Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
      CVE-2019-0117).

    • Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).

    • Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).

    • Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).

    • Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
      CVE-2019-17595).

    • Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
      CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
      CVE-2019-9947).

    • Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).

    • Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).

    • Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).

    • Bugfixes

    • Remove TorBirdy (Closes: #17219, #17269).

    • Use keys.openpgp.org's Onion service as the default keyserver
      (Closes: #12689, #14770).

    • Fix ordering of GTK bookmarks setup vs. Tor Browser directories
      creation (Closes: #17206).

    • Bring back the "Show Passphrase" button in the Greeter
      (Closes: #17177).

    • Bring back "Open in Terminal" entry in the GNOME Files context menu
      (Closes: #17186).

    • Revert "Browsers: disable the Quantum Bar." (Closes: #17143).

    • Revert "Hide all Tor connection-related settings in
      about:preferences in all browsers" (Closes: #17214).

    • Wait until Tor has bootstrapped before we try to upgrade Additional
      Software (Closes: #17203).

    • Fix the "GDM failed to start" splash screen functionality
      (Closes: #17200).

    • Minor improvements and updates

    • htpdate: stop sending User-Agent that fakes Tor Browser
      (Closes: #12023).

    • HTP: replace encrypted.google.com with www.google.com .

    • Remove signal handler from Greeter UI file (Closes: #17240).

    • Upgrade AMD microcode to 3.20191021.1.

    • Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1
      (Debian#907999).

    • Build system

    • Update Vagrant box to Buster (Closes: #16868).

    • Adjust to timedatectl's output on Buster.

    • Adjust to Buster's debootstrap.

    • Vagrant: ensure the chroot has a /proc filesystem while running
      postinstall.sh

    • Vagrant: install po4a from Stretch in the basebox.

    • build-zerotracepen: wait for NTP to be disabled before setting the desired
      date.

    • Bump APT snapshot of the Debian archive to 2019111801, including the
      10.2 point release of Buster (Closes: #17124, #17021).

    • Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
      (Closes: #17161).

    • Test suite

    • Ensure we don't break tests by opening the Applications menu in
      post_vm_start_hook (Closes: #17164).

    • Improve GnuPG testing (Closes: #12689):
      · Switch to using sajolida's key.
      · Start adjusting for keys.openpgp.org.
      · Make the "GnuPG's dirmngr uses the configured keyserver" step
      actually test what it is meant to.
      · Make error strings better reflect what failure they are about.
      · Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
      infrastructure.

    • Ensure dirmngr picks up the changes we make to its configuration.

    • Switch backend keyservers (Closes: #14770).

    • Don't leave redir(1) processes behind (Closes: #14948).

    • Update image for Buster (Closes: #14770).

    • Update fragility status of Seahorse scenarios.

    • Avoid multiple instances of tcpdump writing to the same file,
      resulting in an unparsable network capture (Closes: #17102).

    • Update for Thunderbird 68 (Closes: #17269).

    • Documentation:

    • Remove or adapt mentions to Zero Trace Pen Installer as only installation
      method (Closes: #17204).

    • Add a warning about which Zero Trace Pen to run rsync from (Closes: #17197).

    -- Zero Trace Pen developers zerotracepen@boum.org Mon, 02 Dec 2019 22:23:35 +0100

zerotracepen (4.0) unstable; urgency=medium

  • Major changes

    • Upgrade Tor Browser to 9.0-build2, based on Firefox ESR 68.2.
  • Security fixes

    • Upgrade IBus to 1.5.19-4+deb10u1.0zerotracepen1 (Closes: #17144)
    • Upgrade sudo to 1.8.27-1+deb10u1
  • Bugfixes

    • Fix regressions brought by the integration of Tor Browser 9.0:
      · Fix non-English spellchecking (Closes: #17150)
      · Unsafe Browser: don't enable private browsing mode, don't display
      Tor Browser icons, hide the new "New identity" toolbar button
      (Closes: #17142)
      · Hide all Tor connection-related settings in about:preferences
      (Closes: #17157)
    • Fix Stealth Onion services in OnionShare (Closes: #17162)
    • Upgrade OpenSSL to 1.1.1d-0+deb10u2
  • Minor improvements and updates

    • Don't include the locales package (Closes: #17132)
    • Update htpdate's User-Agent to match Tor Browser 9.0's
  • Test suite

    • Only partially fill memory for userspace processes (Closes: #17104)
    • Drop the "Unsafe Browser has no proxy configured" step, that's hard
      to update and adds little value
    • Various updates for Tor Browser 9.0 final
    • Make the "SSH is using the default SocksPort" scenario more robust
      (Closes: #17163)