Major changes
Welcome Screen: after a large refactoring we now can persist
settings (See: #17136)! Currently it is limited to the newly
added option that controls whether the Unsafe Browser is allowed
to start (#17085). In the next major release we'll support all
options.
Security fixes
Allow to disable the Unsafe Browser in the Welcome Screen
(Closes: #17085). The Unsafe Browser can be used by exploits to
deanonymize the Zero Trace Pen user (for dezerotracepen, see: #15635).
Upgrade Tor Browser to 9.5.1-build2 (Closes: 17782).
Thunderbird:
Upgrade Linux kernel to linux-image-5.6.0-2 at 5.6.14-2 (Closes:
Upgrade gnutls28-based packages to 3.6.7-4+deb10u4 (DSA-4697).
Upgrade intel-microcode to 3.20200609.2~deb10u1 (DSA-4701).
Bugfixes
Trigger emergency shutdown on resume when the boot device was
removed while suspended (Closes: #16787).
Thunderbird: make searching in messages (Find bar and Find in
This Message) work again (Closes: #17328).
Ensure Mac Spoofing Panic messages will be correctly displayed
(Closes: #17779). udev may close child processes when a process
associated with a rule (/etc/udev/rules) terminates so we wait
for those processes before exiting.
Wrap seahorse-tool --import so it is handled by gpg --import
(Closes: #17183). This makes importing binary keys via GNOME
Files integration possible again.
Minor improvements and updates
Upgrade to tor 0.4.3.5-1 (Closes: #17741).
Upgrade LibreOffice to 1:6.1.5-3+deb10u6.
Upgrade VirtualBox guest modules to 6.1.10-dfsg-1.
Append Unsafe Browser setting to WhisperBack debug info.
Build system
Upgrade snapshot of the Debian archive to 2020061003, including
the 10.4 point release of Debian Buster (Closes: #17620).
Tor Browser AppArmor profile: update patch to apply on top of
0.3.2-11 (Closes: #17612)
Thunderbird AppArmor profile: update patch to apply on top of
68.9.0 (Closes: #17769).
Test suite
Establish a coding standards baseline on our Ruby code base
using Rubocop (Closes: #17646). This MASSIVE change includes
mainly stylistic fixes and linting but also a few bug fixes,
some dead code removal and code simplifications/refactorings,
spelling fixes, improved gherkin and even removal the of
a few duplicated tests and merging of very similar tests.
Improve robustness of navigating the GRUB menu in UEFI mode, and
consequently drop the @fragile tag on the UEFI boot scenario
(Closes: #13459).
Allow configuring the number of vCPUs given to Zero Trace PenToaster.
Based on work done by kytv (♥) on #6729. On powerful hardware
with many CPUs, Zero Trace Pen boots much faster with >2 vCPUs given to
Zero Trace PenToaster.
Disable desktop size and clipboard interference between the host
system and the system under test when using --view.
Ensure we run post_snapshot_restore_hook every time it's needed.
Fix running with XDG_SESSION_TYPE unset (Closes: #17596).
Always test the localized start up page of the Unsafe Browser.
Add --keep-chutney option to keep Chutney data, but no
snapshots, between runs.
Revert "Test suite: disable tests about notifications in case of
MAC spoofing failure (refs: #10774)"
Verify that the Unsafe Browser is disabled by default.
Test suite: fix --image-bumping-mode.