zerotracepen (5.4)

  • Upgrade Tor Browser to 11.5.2 (zerotracepen/zerotracepen!908)

    Closes issues:

    • Upgrade to Tor Browser based on 91.13 (zerotracepen/zerotracepen#19073)

    Commits:

    • automatic redirect to HTTPS, here we meet again
    • Upgrade Tor Browser to UNVERIFIED 11.5.2-build1
    • Upgrade Linux packages to 5.10.0-17, currently at version 5.10.136
      (zerotracepen/zerotracepen!900)

    Closes issues:

    • Handle CVE-2022-2585 (POSIX CPU timer UAF) (zerotracepen/zerotracepen#19081)

    Commits:

    • Upgrade Linux packages to 5.10.0-17, currnetly at version 5.10.136
    • Disable HTTPS-only mode in Unsafe Browser (zerotracepen/zerotracepen!906)

    Closes issues:

    • Disable HTTPS-only mode in Unsafe Browser (zerotracepen/zerotracepen#19095)

    Commits:

    • disable HTTPS-only mode for unsafe browser
    • Upgrade tor to 0.4.7.10 (zerotracepen/zerotracepen!903)

    Closes issues:

    • Upgrade to tor 0.4.7.10 (zerotracepen/zerotracepen#19083)

    Commits:

    • Don't mention irrelevant implementation detail
    • Avoid initially pushed branch failing its pipeline
    • Drop obsolete step
    • Upgrade tor to 0.4.7.10
    • Resolve "Some time sync related automated tests fail when run on a system whose
      system clock is not in UTC" (zerotracepen/zerotracepen!902)

    Closes issues:

    • Some time sync related automated tests fail when run on a system whose system
      clock is not in UTC (zerotracepen/zerotracepen#19070)

    Commits:

    • uses UTC time even on non-UTC systems
    • Misc kernel hardening (zerotracepen/zerotracepen!899)

    Closes issues:

    • Kernel hardening: restricts loading TTY line disciplines (zerotracepen/zerotracepen#18302)
    • Enable page allocator freelist randomization (zerotracepen/zerotracepen#18886)
    • Consider dropping slub_debug=P and page_poison=1 options and let init_on_free
      wipe slab and page allocations (zerotracepen/zerotracepen#18858)

    Commits:

    • Kernel hardening: restricts loading TTY line disciplines
    • Kernel: enable page allocator freelist randomization
    • Remove obsolete kernel command line options
    • Actually stop NetworkManager before applying an upgrade (zerotracepen/zerotracepen!896)

    Commits:

    • Remove obsolete comment
    • Use systemctl(1) instead of service(8)
    • Actually stop NetworkManager before applying an upgrade
    • Test suite: fix Unsafe Browser localization tests (zerotracepen/zerotracepen!867)

    Commits:

    • testing unsafebrowser is more deterministic
    • add spanish start page image for unsafe browser
    • add portuguese start page image for unsafe browser
    • debug unsafe browser errors