zerotracepen (4.4)

  • Security fixes

    • Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).

    • Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
      (Closes: #17477).

    • Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).

    • Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).

    • Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).

    • Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).

    • Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).

    • Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).

    • Bugfixes

    • Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
      zerotracepen-workarounds provided firmwares until the firmware-realtek
      package is updated with the patch by Sjoerd Simons (Debian#935969).
      Note: This might not be sufficient to support those cards.

    • Minor improvements and updates

    • Upgrade dogtail to 0.9.11-6.

    • Upgrade virtualbox to 6.1.4-dfsg-1.

    • Build system

    • Vagrant build box: disable mitigation features for CPU
      vulnerabilities (Closes: #17386). Given the kind of things we do in
      our Vagrant build box, it seems very unlikely that vulnerabilities
      such as Spectre and Meltdown can be exploited in there. Let's
      reclaim some of the performance cost of the corresponding mitigation
      features.

    • Enable website caching by default, with a way option to disable it
      (Closes: #17439).

    • Key the website cache on debian/changelog too (Closes: #17511).

    • Update APT snapshot of the Debian archive to 2020030101.

    • Add support for the zerotracepen-workarounds submodule.