Upgrade to Thunderbird 91.9.0
- Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (zerotracepen/zerotracepen!852)
Closes issues:
- Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (zerotracepen/zerotracepen#18979)
Commits:
- htpdate: replace tachanka.org with www.autistici.org
- Mark security advisory against 5.0 as fixed
- Fetch Tor Browser from our own archive
- Upgrade Tor Browser to 11.0.14-build1
- Resolve "displayed_time_str fails in test suite" (zerotracepen/zerotracepen!839)
Closes issues:
- displayed_time_str fails in test suite (zerotracepen/zerotracepen#18991)
Commits:
- Ignore advisories when looking for displayed time
- help debug
- FIX Clock disappearing when the user sets UTC as their local timezone
(zerotracepen/zerotracepen!841)
Closes issues:
- Clock disappears from the GNOME top bar after "Fix the clock" and choosing UTC
timezone (zerotracepen/zerotracepen#18993)
Commits:
- safety net for future problems
- handle UTC special-case
- Test suite: workaround lost and duplicate key presses by pasting long strings
instead of typing them (zerotracepen/zerotracepen!821)
Commits:
- Test suite: merge step used only by another step into its caller
- Test suite: paste long strings instead of typing them
- Test suite: drop useless step
- Test suite: refactor (extract code to method)
- Test suite: Make opening GNOME menus more robust (zerotracepen/zerotracepen!816)
Closes issues:
- Opening GNOME menus in the test suite on Bullseye is very fragile
(zerotracepen/zerotracepen#18930)
Commits:
- Test suite: try harder to open GNOME menus
- Test suite: drop unnecessary delay
- Test suite: use Dogtail to check presence of GNOME bookmarks
- Test suite: use Dogtail to open the GNOME menus
- Test suite: wait for the desktop to be visible before we interact with it after
restoring a snapshot
- Lint.
- Upgrade to Linux 5.10.113-1 (DSA 5127-1) (zerotracepen/zerotracepen!813)
Closes issues:
- Upgrade Linux to 5.10.113-1 (DSA 5127-1) (zerotracepen/zerotracepen#18962)
Commits:
- Upgrade to Linux 5.10.113-1 (DSA 5127-1)
- Make console-setup.service startup non-racy (zerotracepen/zerotracepen!811)
Closes issues:
- console-setup.service fails sometimes, which breaks "Tor is ready" in test
suite (zerotracepen/zerotracepen#18636)
Commits:
- Make console-setup.service startup non-racy
- Test suite: support running on Ruby 3.0 (zerotracepen/zerotracepen!810)
Closes issues:
- Test suite misbehaves on Ruby 3.0, e.g. "the Tor Connection Assistant connects
to Tor" step always incorrectly fails (zerotracepen/zerotracepen#18904)
Commits:
- Test suite: ensure we don't try to click the "Restore Disk Image" button before
it's visible
- Test suite: support Bookworm host system's improved UEFI graphics
- Test suite: enable Ruby deprecation warnings
- Test suite: adjust to separation of positional and keyword arguments in Ruby
3.0
- Test suite: update button label for Bullseye
- Remove duplicate word in comment
- Test suite: drop workaround for Ruby < 2.7
- Test suite: migrate from deprecated luks_open and luksclose to
cryptsetup{open,close}
- test https-get-expired with sid's Go (zerotracepen/zerotracepen!849)
Commits:
- GitLab CI: only run https-get-expired-sid job when relevant
- GitLab CI: factorize
- GitLab CI: test https-get-expired with sid's Go on a sid image
- also test https-get-expired with sid's golang
- Vagrant: install ikiwiki that fixes #18992 (zerotracepen/zerotracepen!847)
Closes issues:
- ikiwiki generates buggy PO files with po4a 0.62 (zerotracepen/zerotracepen#18992)
Commits:
- Vagrant: stop using the obsolete builder-jessie APT suite
- Vagrant: install ikiwiki that fixes #18992
- tca-portal: stricter validation (zerotracepen/zerotracepen!846)
Commits:
- test: right length, valid for date(1), but invalid format
- drop test case for "minutes" timespec
- be more explicit about the format we want
- seconds always included
- stricter validation for SetTimeCommand
- ignore advisories + better debug (zerotracepen/zerotracepen!845)
Commits:
- ignore advisory
- FIX error message
- Test suite: fix regression when testing Tor Connection in non-English locale
(zerotracepen/zerotracepen!843)
Commits:
- Test suite: fix regression when testing Tor Connection in non-English locale
- FIX sharing via onionshare from nautilus (zerotracepen/zerotracepen!840)
Closes issues:
- "Share via OnionShare" does nothing (zerotracepen/zerotracepen#18990)
Commits:
- FIX sharing via onionshare from nautilus
- lint_po: ignore unknown-message-flag errors (zerotracepen/zerotracepen!836)
Commits:
- lint_po: ignore unknown-message-flag errors
- Don't enable "configure a bridge" just because the user looked at the hide mode
(zerotracepen/zerotracepen!835)
Closes issues:
- “Configure a Bridge” is enabled when rolling back from hiding Tor
(zerotracepen/zerotracepen#18546)
Commits:
- regression test for #18546
- enable easymode-bridges only in easy mode
- Vagrant build box: upgrade to po4a 0.62-1 (zerotracepen/zerotracepen!834)
Commits:
- Vagrant build box: drop APT configuration for Buster
- Vagrant build box: upgrade to po4a 0.62-1
- Installer: create system partition 2 MiB from the beginning of the drive
(zerotracepen/zerotracepen!832)
Commits:
- Installer: create system partition 2 MiB from the beginning of the drive
- Various Tor Connection UX improvements (zerotracepen/zerotracepen!831)
Closes issues:
- Tor Connection: Give the same instructions on both bridge screens
(zerotracepen/zerotracepen#18596)
- Always tell whether bridges are used in the success screen (zerotracepen/zerotracepen#18547)
Commits:
- Clarify docstring
- Test suite: update expected images
- Make phrasing consistent
- Test suite: DRY
- refactor: properties allow our code to be clearer
- bridges: same instructions on both screens
- Success message conditional to bridges
- Rewrite the home pages of the Unsafe Browser + Have different homes for the
Unsafe Browser depending on whether we're connected to Tor already
(zerotracepen/zerotracepen!829)
Closes issues:
- Have different homes for the Unsafe Browser depending on whether we're
connected to Tor already (zerotracepen/zerotracepen#18601)
- Rewrite the home pages of the Unsafe Browser (zerotracepen/zerotracepen#18602)
Commits:
- Apply style guide
- Improve sentence
- Improve grammar
- Improve grammar
- Improve grammar
- Be more clear
- Add illustration by Andrés
- Test suite: remove obsolete localized images
- Test suite: update expected image
- Test suite: add missing @doc tag
- FIX wrong path was checked
- Clarify that the image is an example
- Clarify use of CSS (Take 2)
- Unsafe browser: home page if non connected to Tor
- Clarify use of CSS
- Rework CSS
- Improve structure
- Write a dedicated page for captive portals
- Improve instructions
- Give examples of websites to use
- Use our own image and remove the login and password
- Shorten
- Test suite: misc. robustness improvements (zerotracepen/zerotracepen!827)
Closes issues:
- Tests for backup are fragile (zerotracepen/zerotracepen#18727)
Commits:
- Test suite: add localized expected image for Unsafe Browser start page in pt_BR
- Test suite: enable debug logging for Screen#wait
- Test suite: Fix frequent "cannot find Zero Trace PenGreeterLoginButton.png" failures
- Test suite: update expected image for Bullseye
- Test suite: give the XMPP server some time to create the room
- Test suite: update expected Pidgin images
- Test suite: fix error message
- Test suite: Improve error reporting
- Test suite: Fix clock upper bound calculation
- Test suite: refactoring (save value to variable)
- Test suite: Drop most debugging info for issue that does not happen anymore
- Test suite: Drop spurious verb in debug log
- Revert "Mark test scenario as fragile"
- Test suite (backup): Wait for Zenity to have filled its widgets with the
expected text
- Upgrade apt-cacher-ng to bullseye-backports - fixes issue #18931
(zerotracepen/zerotracepen!825)
Closes issues:
- rake build fails - apt-get works erratically ( 502 connection closed
[IP:127.0.0.1:3142] ) - No build artifacts were found! (zerotracepen/zerotracepen#18931)
Commits:
- Upgrade apt-cacher-ng to bullseye-backports.
- Disable search providers in the Activities Overview: Calculator, Nautilus,
Terminal (zerotracepen/zerotracepen!824)
Closes issues:
- Disable some GNOME Overview search providers (zerotracepen/zerotracepen#18952)
Commits:
- Disable search providers in the Activities Overview: Calculator, Contacts,
Documents, Nautilus, Terminal
- Test suite: ignore failures to destroy a stopped domain (zerotracepen/zerotracepen!822)
Closes issues:
- Scenario: "Upgrading an old Zero Trace Pen USB installation from another Zero Trace Pen USB
drive" after-hook is racy (zerotracepen/zerotracepen#18972)
Commits:
- Test suite: ignore failures to destroy a stopped domain
- Associate OpenPGP-encrypted files with Kleopatra (zerotracepen/zerotracepen!820)
Closes issues:
- Zero Trace Pen 5 does not decrypt .gpg files when double-clicking them
(zerotracepen/zerotracepen#18967)
Commits:
- Associate OpenPGP-encrypted files with Kleopatra
- safely get gnome_env_vars (zerotracepen/zerotracepen!819)
Commits:
- clarify about which environment is being dumped
- Clarify comment
- Fix typo in comment
- comments clarify why we think we are safe
- fix systemd path
- gnome_env_vars look at the gnome-shell env dump
- gnome-shell dumps its conf in a root-owned file
- Avoid user confusion wrt. name of the default KeePassXC database
(zerotracepen/zerotracepen!818)
Closes issues:
- KeePassXC offers to rename the default database on non-English locales
(zerotracepen/zerotracepen#18966)
Commits:
- Silence false positive
- Drop obsolete reason
- Don't allow translating Passwords.kdbx
- Use Bullseye debootstrap configuration (zerotracepen/zerotracepen!817)
Commits:
- Use Bullseye debootstrap configuration
- FIX IUK verification when we have 2 series at the same time (zerotracepen/zerotracepen!815)
Closes issues:
- bin/copy-iuks-to-rsync-server-and-verify failing because of old releases
(zerotracepen/zerotracepen#18959)
Commits:
- Apply 1 suggestion(s) to 1 file(s)
- document how the RM should use this command
- don't fail when 404s have been ignored
- proper exit code on failure
- refactor --ignore-404
- refactor run()
- fix leftover
- 404s found -> non-zero exit code
- --ignore-404 and --dry-run
- Fix FTBFS with uBlock 1.42 (zerotracepen/zerotracepen!814)
Commits:
- Upgrade to tor 0.4.7.7 (zerotracepen/zerotracepen!812)
Closes issues:
- Upgrade to tor 0.4.7.x (zerotracepen/zerotracepen#18932)
Commits:
- Add translation files for Qt5 (#18958) (zerotracepen/zerotracepen!808)
Closes issues:
- Translations of basic Qt5 strings are missing (zerotracepen/zerotracepen#18958)
Commits:
- Add translation files for Qt
- Make news/version_3* non-translatable (#16758) (zerotracepen/zerotracepen!805)
Commits:
- Make news/version_3* non-translatable (#16758)
- Add Kleopatra to the Favorites (zerotracepen/zerotracepen!802)
Commits:
- Test suite: make expected image a tiny bit smaller
- Add Kleopatra to the Favorites submenu
- Test suite: drop pre-Bullseye compatibility (zerotracepen/zerotracepen!789)
Commits:
- Test suite: drop workaround for Ruby < 2.7
- Test suite: migrate from deprecated luks_open and luksclose to
cryptsetup{open,close}
- Add to confirm before restarting (#18912) (zerotracepen/zerotracepen!782)
Closes issues:
- New dialog when Unsafe Browser is not enabled makes it too easy to lose work
(zerotracepen/zerotracepen#18912)
Commits:
- Make code more readable
- Make function's responsibility tighter to simplify its code
- Handle new code branch that was forgotten
- Fix local variables declaration
- Use 'Cancel' as default button (#18912)
- 'Cancel' is more standard
- Add to confirm before restarting (#18912)
- Display time in the timezone that the user has chosen in Tor Connection
(zerotracepen/zerotracepen!751)
Closes issues:
- Display time in the timezone that the user has chosen in Tor Connection
(zerotracepen/zerotracepen#6284)
Commits:
- Design doc: Explain security trade-off
- Test suite: Explain that Asia/Shanghai == +08:00
- zerotracepen-get-date: use Python instead of date(1)
- Fix typo in error message
- Test suite: ensure the displayed clock is in the user's timezone
- Test suite: remove workaround
- Test suite: refactor (extract code do method)
- Test suite: be more defensive to give better error output
- Test suite: send debug info to the debug log
- Test suite: make step name clearer
- Design doc: mention timezone status and plans
- Apply 1 suggestion(s) to 1 file(s)
- Fix typo in comment
- Improve grammar
- Improve grammar
- Remove unnecessary comma
- try to fix the vertical misalignment
- Update to #6284
- Link back to main page
- https://www.merriam-webster.com/dictionary/time%20zone
- Move FAQ to a dedicated page
- Shorten path
- Don't potentially overwrite TZ key in dict with environment's value.
- Cleanup dead code, fix formatting.
- Consistently display GMT instead of UTC.
- Use the same time format as GNOME's clock.
- use date to format the date
- date@ extension does The Right Thing
- DRAFT: display time in local timezone
- Follow-up on "Audit tca-portal" (zerotracepen/zerotracepen!723)
Commits:
- useless shellcheck directive
- Apply 2 suggestion(s) to 2 file(s)
- Fix typo in comment
- clarify how we believe pgrep --ns 1 will help us
- PersistenceSetupCommand: gnome_env_vars not needed
- export_gnome_env hardening
- some more validation when setting system time
- gnome.py executes later; required for testing
- add some doctests to tca-portal
- more tuples, less lists
- clarify: we are fine with the TOCTOU
- --systemd-socket is exclusive with --listen
- be more explicit about stdout/stderr handling
- clarify handle_* comments
- clarify what is the role of handle_line
- anchor SetTimeCommand regexp
- clarify comment about validate_args
- use full path to commands whenever possible
- Automatic time sync before connecting to Tor in automatic mode
(zerotracepen/zerotracepen!681)
Closes issues:
- Mitigate attack by active network adversary on automated time sync + replayed
Tor consensus (zerotracepen/zerotracepen#18830)
- Automatic time sync before connecting to Tor in automatic mode
(zerotracepen/zerotracepen#18717)
Commits:
- Test suite: rename step to make it closer to what a user would do
- use the non-deprecated version of "Tor is ready"
- Use less jargon
- Add missing word in comment
- Update comment: this now build reproducibly
- Clarify comment
- fix undefined local variable
- zerotracepen-get-network-time better syslog
- zerotracepen-get-network-time has timeout
- refactor old test case based on new functions
- new test: time sync times out
- tor connection runs even if timesync fails
- python style
- some info is shown during network time sync
- comments
- wait for time to be retrieved before starting Tor
- use APT preferences, not --target-release
- gitlab tests run with the correct Go version
- public key type check
- Explain why these if statements don't apply to us
- Fix typo
- Design doc: 2 out of 3 is enough since we're using the median
- ignore redirects
- test all urls in htpdate.pools
- https-get-expired gets more testing
- https-get-expired: explain how this compares to Go implementation
- Test suite: explain why scenarios pass in a somewhat surprisingly manner
- Lint
- Lint
- Design doc: explain why we accept a risk
- Design doc: improve phrasing
- Design doc: drop conditional
- Design doc: explain why we're protected
- Design doc: clarify phrasing
- Update design doc: this is not a problem anymore
- reproducibility: clean cache after compiling
- fix spelling
- htpdate performs the median
- design doc: explain https-get-expired
- Lint: gofmt
- Pick Go from buster-backports
- try to make go build reproducible: -trimpath
- Test suite: mark fragile scenario as such
- https-get-expired: CI tests now
- test https-get-expired building
- https-get-expired gains -proxy option
- port htpdate to https-get-expired
- https-get-expired: more similar to htpdate's curl
- https-get-expired output headers, not body
- fix go compilation
- add https-get-expired: will need for time sync
- "date in past" check is more robust
- sanity check: the new date cannot be in the past
- unsafe browser is checked for tor leaks
- UnsafeBrowser correctly detects if we're online
- checking DisableNetowrk is #18293-aware
- Merge the new scenario with the old one
- FIX restore: some snapshot has network but no Tor
- UnsafeBrowser tests don't need Tor; scenarios--
- FIX we don't even need to check Tor
- Test suite: clarify what we're actually testing
- Improve grammar
- Fix typo
- Fix typo
- Update doc to automatic time sync (#18717)
- Improve structure of design doc
- Avoid jargon
- Design doc: copy more detailed explanation from the blueprint
- Design doc: improve structure
- Design doc: document new automatic time sync mechanism
- Remove very old explanation
- wording: we're looking for unneeded exceptions
- Apply 5 suggestion(s) to 2 file(s)
- FIX test case: allow it to use time sync
- "flow through" supports fake connectivity check
- FIX globally setting allowed DNS queries
- refactor check for leaks
- debugging leaks is easier
- fix DNS query for easy mode
- test suite self-correction warning
- dns queries are allowed only when needed
- +debug "traffic has only flowed through"
- break the "Tor is ready" step in two
- rubocop
- easy-mode allowed_hosts are set in tca_configure
- explicitly allow connectivity check in many tests
- fix time sync error simulation
- fix exception wording
- use DNS inspection to check for leaks
- the FirewallHelper is DNS-aware
- one more check
- test "traffic only flows through" supports timesync
- Add tests for time sync before Tor connects
- Improve TCA test suite code
- add vm script to upload/download files
- zerotracepen-get-network-time: don't assume anything about body encoding
- Raise exception instance, not class
- Clean up code
- zerotracepen-get-network-time: emulate NetworkManager's behavior more closely
- Move hard-coded string to constant
- Blacken
- zerotracepen-get-network-time: refactor
- Add more typing
- zerotracepen-get-network-time: migrate to pycurl, to make our fingerprint closer to
NetworkManager's
- Store the network time server in a configuration file
- Move code to main() function
- Test suite: adjust to new automatic time sync feature
- Test suite: drop workaround
- Tor Connection: in automatic mode, set the system time from the network
- tca-portal: implement a new get-network-time command
- tca-portal: include stdout in responses