Security fixes
Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
(Closes: #17477).
Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).
Bugfixes
Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
zerotracepen-workarounds provided firmwares until the firmware-realtek
package is updated with the patch by Sjoerd Simons (Debian#935969).
Note: This might not be sufficient to support those cards.
Minor improvements and updates
Upgrade dogtail to 0.9.11-6.
Upgrade virtualbox to 6.1.4-dfsg-1.
Build system
Vagrant build box: disable mitigation features for CPU
vulnerabilities (Closes: #17386). Given the kind of things we do in
our Vagrant build box, it seems very unlikely that vulnerabilities
such as Spectre and Meltdown can be exploited in there. Let's
reclaim some of the performance cost of the corresponding mitigation
features.
Enable website caching by default, with a way option to disable it
(Closes: #17439).
Key the website cache on debian/changelog too (Closes: #17511).
Update APT snapshot of the Debian archive to 2020030101.
Add support for the zerotracepen-workarounds submodule.