Merge remote-tracking branch 'origin/web/release-4.2.2'

bin/iuk-source-versions

@@ -3,15 +3,34 @@
 set -e
 set -u
 
+IGNORED_TAGS="4.2.1"
+
 major_version () {
    local version="$1"
    echo "$version" | perl -p -E 's,[.].*,,'
 }
 
+member () {
+   local item="$1"
+   shift
+   local found=no
+   for i in "$@"; do
+      if [ "$i" = "$item" ]; then
+	 found=yes
+	 break
+      fi
+   done
+
+   [ "$found" = 'yes' ]
+}
+
 RELEASING_VERSION="$1"
 RELEASING_MAJOR_VERSION=$(major_version "$RELEASING_VERSION")
 
-git tag --color=never | while read tag ; do
+git tag | while read tag ; do
+   if member "$tag" $IGNORED_TAGS; then
+      continue
+   fi
    version=$(echo "$tag" | perl -p -E 's,-,~,')
    major_version=$(major_version "$version")
    if [ "$major_version" = "$RELEASING_MAJOR_VERSION" ] && \

config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js

@@ -182,7 +182,6 @@ pref("security.enable_ssl3", false);
 // https://bugs.torproject.org/11253
 // March 2017: See https://bugs.torproject.org/20751
 pref("security.tls.version.min", 3);
-pref("security.tls.version.max", 3);
 // Display a dialog warning the user when entering an insecure site from a secure one.
 pref("security.warn_entering_weak", true);
 // Display a dialog warning the user when submtting a form to an insecure site.

config/chroot_local-includes/lib/systemd/system/user@1000.service.d/timeout.conf

+[Service]
+# Don't let the Upgrader block the reboot after applying an upgrade
+TimeoutStopSec=10

config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt

-http://torbrowser-archive.tails.boum.org/9.0.3-build4/
+http://torbrowser-archive.tails.boum.org/9.0.4-build1/

config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt

-8983d3784b9563b67e54ed46c74839aa486013fbc3568441cf1c3b09abbd5169  tor-browser-linux64-9.0.3_en-US.tar.xz
-951e26f04276f816773b74f32747e8d56556e62c5b1ffa1e0852968cbeaf97fc  langpacks-tor-browser-linux64-9.0.3.tar.xz
+53c85059445eff023e7e5ed4749dfdf12b328353e82a4c7263f010120570f493  tor-browser-linux64-9.0.4_en-US.tar.xz
+7c83a6f2b679e4d8f8ee7b2cb2cae01a12ef31987688f3c450733f715973405d  langpacks-tor-browser-linux64-9.0.4.tar.xz

config/chroot_local-includes/usr/src/iuk/bin/tails-iuk-check-upgrade-description-file

@@ -40,7 +40,7 @@ for my $input_filename (@input_filenames) {
     say STDERR "Checking '$input_filename'...";
 
     my $upgrade_description = Tails::IUK::UpgradeDescriptionFile->new_from_file(
-        $input_filename
+        filename => $input_filename
     );
     assert_isa($upgrade_description, 'Tails::IUK::UpgradeDescriptionFile');
 

config/chroot_local-includes/usr/src/iuk/features/create/Create.feature

@@ -62,9 +62,9 @@ Feature: create an IUK
 
   Scenario: create an IUK when new files have appeared in filesystem.squashfs
     Given an old ISO image whose filesystem.squashfs does not contain file "A"
-    And a new ISO image whose filesystem.squashfs contains file "A"
+    And a new ISO image whose filesystem.squashfs contains file "A" owned by www-data
     When I create an IUK
-    Then the saved IUK contains a SquashFS that contains file "A"
+    Then the saved IUK contains a SquashFS that contains file "A" owned by www-data
 
   Scenario: create an IUK when files have disappeared from filesystem.squashfs
     Given an old ISO image whose filesystem.squashfs contains file "A"

config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl

@@ -148,11 +148,20 @@ Given qr{^two ISO images when a new kernel was added$}, fun ($c) {
     );
 };
 
-Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contains? file "([^"]+)"(?:| modified at ([0-9]+))$}, fun ($c) {
+Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contains? file "([^"]+)"(?:| modified at ([0-9]+)| owned by ([a-z-]+))$}, fun ($c) {
     my $generation = $c->matches->[0] eq 'an old' ? 'old' : 'new';
     my $contains = $c->matches->[1] eq "" ? 1 : 0;
     my $file     = $c->matches->[2];
-    my $mtime    = $c->matches->[3];
+    my ($mtime, $owner);
+    if (defined $c->matches->[3]) {
+        if ($c->matches->[3] =~ m{\A[0-9]+\z}) {
+            $mtime = $c->matches->[3];
+        } elsif ($c->matches->[3] =~ m{\A[a-z-]+\z}) {
+            $owner = $c->matches->[3];
+        } else {
+            croak "Test suite implementation error";
+        }
+    }
 
     my $iso_basename = $generation eq 'old' ? 'old.iso' : 'new.iso';
     my $iso_filename = path($c->{stash}->{scenario}->{tempdir}, $iso_basename);
@@ -164,6 +173,7 @@ Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contain
         path($squashfs_tempdir, $file)->parent->mkpath();
         path($squashfs_tempdir, $file)->touch;
         utime($mtime, $mtime, path($squashfs_tempdir, $file)) if defined($mtime);
+        run_as_root('chown', $owner, path($squashfs_tempdir, $file)) if defined($owner);
     }
     path($iso_tempdir, 'live')->mkpath();
     capture("mksquashfs '$squashfs_tempdir' '$iso_tempdir/live/filesystem.squashfs' -no-progress 2>/dev/null");
@@ -311,7 +321,8 @@ fun file_content_in_iuk_unlike($iuk_in, Path $filename, $regexp) {
     _file_content_in_iuk_like(@_, 0);
 }
 
-fun squashfs_in_iuk_contains($iuk_in, $squashfs_name, $expected_file, $expected_mtime) {
+fun squashfs_in_iuk_contains(:$iuk_in, :$squashfs_name, :$expected_file,
+                             :$expected_mtime, :$expected_owner) {
     my $squashfs_path = path('overlay', 'live', $squashfs_name);
     die "SquashFS '$squashfs_name' not found in the IUK"
         unless $iuk_in->contains_file($squashfs_path);
@@ -341,8 +352,13 @@ fun squashfs_in_iuk_contains($iuk_in, $squashfs_name, $expected_file, $expected_
     return unless $exists;
 
     if (defined $expected_mtime) {
-        return $expected_mtime == $tempdir->child('squashfs-root', $expected_file)->stat->mtime
+        return unless $expected_mtime == $tempdir->child('squashfs-root', $expected_file)->stat->mtime
     }
+
+    if (defined $expected_owner) {
+        return unless $expected_owner eq getpwuid($tempdir->child('squashfs-root', $expected_file)->stat->uid)
+    }
+
     return 1;
 }
 
@@ -439,14 +455,25 @@ Then qr{^the delete_files list is empty$}, fun ($c) {
     is($c->{stash}->{scenario}->{iuk_in}->delete_files_count, 0);
 };
 
-Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+))$}, fun ($c) {
+Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+)| owned by ([a-z-]+))$}, fun ($c) {
     my $expected_file  = $c->matches->[0];
-    my $expected_mtime = $c->matches->[1];
+    my ($expected_mtime, $expected_owner);
+    if (defined $c->matches->[1]) {
+        if ($c->matches->[1] =~ m{\A[0-9]+\z}) {
+            $expected_mtime = $c->matches->[1];
+        } elsif ($c->matches->[1] =~ m{\A[a-z-]+\z}) {
+            $expected_owner = $c->matches->[1];
+        } else {
+            croak "Test suite implementation error";
+        }
+    }
 
     ok(squashfs_in_iuk_contains(
-        $c->{stash}->{scenario}->{iuk_in},
-        $c->{stash}->{scenario}->{squashfs_diff_name},
-        $expected_file, $expected_mtime,
+        iuk_in         => $c->{stash}->{scenario}->{iuk_in},
+        squashfs_name  => $c->{stash}->{scenario}->{squashfs_diff_name},
+        expected_file  => $expected_file,
+        expected_mtime => $expected_mtime,
+        expected_owner => $expected_owner,
     ));
 };
 

config/chroot_local-includes/usr/src/iuk/features/frontend/Frontend.feature

@@ -83,6 +83,9 @@ Feature: upgrade frontend
     And the downloaded IUK should be installed
     And I should be proposed to restart the system
     And the system should be restarted
+    When I run tails-upgrade-frontend in batch mode
+    Then it should succeed
+    And I should be told "The system is up-to-date"
 
   Scenario: USB produced by our installer: no incremental upgrade is available, but a full upgrade is
     Given Tails is running from a USB thumb drive

config/chroot_local-includes/usr/src/iuk/features/frontend/step_definitions/Frontend_steps.pl

@@ -430,8 +430,6 @@ When qr{^I run tails-upgrade-frontend(| in batch mode)$}, fun ($c) {
 };
 
 Then qr{^it should succeed$}, fun ($c) {
-    Test::Util::kill_httpd($c);
-
     ok(defined $c->{stash}->{scenario}->{exit_code})
         and
     is($c->{stash}->{scenario}->{exit_code}, 0);
@@ -448,8 +446,6 @@ Then qr{^it should succeed$}, fun ($c) {
 };
 
 Then qr{^it should fail to (check for upgrades|download the upgrade)$}, fun ($c) {
-    Test::Util::kill_httpd($c);
-
     ok(defined $c->{stash}->{scenario}->{exit_code})
         and
     isnt($c->{stash}->{scenario}->{exit_code}, 0);
@@ -521,6 +517,11 @@ Then qr{^the network should be shutdown$}, fun ($c) {
 Then qr{^the downloaded IUK should be installed$}, fun ($c) {
     # the overlay directory in the test IUK contains a "placeholder" file
     ok(path($c->{stash}->{scenario}->{liveos_mountpoint}, 'placeholder')->exists);
+    # Ensure the next "I run tails-upgrade-frontend in batch mode"
+    # is aware that the upgrade was applied
+    $c->{stash}->{scenario}->{os_release_file}->edit_lines(
+        sub { s{\ATAILS_VERSION_ID="0[.]11"$}{TAILS_VERSION_ID="0.12.1"}xms }
+    );
 };
 
 Then qr{^I should be proposed to restart the system$}, fun ($c) {
@@ -543,6 +544,7 @@ Then qr{^the system should be restarted$}, fun ($c) {
 };
 
 After fun ($c) {
+    Test::Util::kill_httpd($c);
     run_as_root('umount', $c->{stash}->{scenario}->{liveos_mountpoint});
     ${^CHILD_ERROR_NATIVE} == 0 or croak("Failed to umount system partition.");
     run_as_root(qw{kpartx -d}, $c->{stash}->{scenario}->{backing_file});

config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm

@@ -246,7 +246,6 @@ method _build_overlay_dir () {
 method _build_format_version () { "2"; }
 method _build_mksquashfs_options () { [
     qw{-no-progress -noappend},
-    qw{-all-root},
     qw{-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K},
 ]}
 method _build_union_type () { "aufs"; }
@@ -452,7 +451,8 @@ method saveas ($outfile_name) {
         qw{mksquashfs},
         $self->squashfs_src_dir,
         $outfile_name,
-        $self->list_mksquashfs_options
+        $self->list_mksquashfs_options,
+        '-all-root',
     );
 
     return;

config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm

@@ -335,7 +335,8 @@ method run () {
     $self->refresh_signing_key;
     my ($upgrade_description_text) = $self->get_upgrade_description;
     my $upgrade_description = Tails::IUK::UpgradeDescriptionFile->new_from_text(
-        $upgrade_description_text
+        text            => $upgrade_description_text,
+        product_version => $self->running_system->product_version,
     );
     assert_isa($upgrade_description, 'Tails::IUK::UpgradeDescriptionFile');
 

config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/UpgradeDescriptionFile.pm

@@ -24,7 +24,7 @@ use Function::Parameters;
 use List::MoreUtils qw{any};
 use List::Util qw{sum};
 use Path::Tiny;
-use Types::Standard qw{ArrayRef Str};
+use Types::Standard qw{ArrayRef ClassName Maybe Str};
 use YAML::Any;
 
 use namespace::clean;
@@ -41,6 +41,13 @@ has "$_" => (
     predicate => 1,
 ) for (qw{product_name initial_install_version build_target channel});
 
+has product_version => (
+    is        => 'ro',
+    isa       => Maybe[Str],
+    default   => sub { undef },
+    predicate => 1,
+);
+
 has upgrades =>
     is          => 'lazy',
     isa         => ArrayRef,
@@ -70,10 +77,18 @@ has upgrade_paths =>
 method _build_upgrades () { return [] }
 
 method _build_upgrade_paths () {
+    assert($self->has_product_version);
+    assert_defined($self->product_version);
     my @upgrade_paths;
     foreach my $upgrade ($self->all_upgrades) {
-        exists $upgrade->{'upgrade-paths'} or $upgrade->{'upgrade-paths'} = [];
-        foreach my $path (@{$upgrade->{'upgrade-paths'}}) {
+        next unless exists $upgrade->{'upgrade-paths'};
+        my @upgrade_paths_to_newer_version = grep {
+            version_compare(
+                $upgrade->{version},
+                $self->product_version
+            ) == 1;
+        } @{$upgrade->{'upgrade-paths'}};
+        foreach my $path (@upgrade_paths_to_newer_version) {
             foreach my $key (qw{type target-files}) {
                 assert(exists  $path->{$key});
                 assert(defined $path->{$key});
@@ -88,9 +103,9 @@ method _build_upgrade_paths () {
     return \@upgrade_paths;
 }
 
-sub new_from_text {
-    my $class = shift;
-    my $text  = shift;
+fun new_from_text (ClassName $class,
+                   Str :$text,
+                   Maybe[Str] :$product_version = undef) {
 
     my $data = YAML::Any::Load($text);
 
@@ -101,17 +116,16 @@ sub new_from_text {
         $args{$attribute} = $data->{$key};
     }
 
-    $class->new(%args);
+    $class->new(%args, product_version => $product_version);
 }
 
-sub new_from_file {
-    my $class    = shift;
-    my $filename = shift;
-
+fun new_from_file (ClassName $class,
+                   Str :$filename,
+                   Maybe[Str] :$product_version = undef) {
     my $content = path($filename)->slurp;
     assert_nonblank($content);
 
-    $class->new_from_text($content);
+    $class->new_from_text(text => $content, product_version => $product_version);
 }
 
 

config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/UpgradeDescriptionFile/Generate.pm

@@ -153,7 +153,7 @@ method update_udf_for_previous_release ($previous_version) {
 
     my $description;
     if (-e $udf) {
-        $description = Tails::IUK::UpgradeDescriptionFile->new_from_file($udf);
+        $description = Tails::IUK::UpgradeDescriptionFile->new_from_file(filename => $udf->canonpath);
     }
     else {
         $description = Tails::IUK::UpgradeDescriptionFile->new(

debian/changelog

+tails (4.2.2) unstable; urgency=medium
+
+  * Major changes
+    - Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)
+
+  * Bugfixes
+    - Avoid the Upgrader proposing to upgrade to the version
+      that's already running (Closes: #17425)
+    - Avoid 2 minutes delay while rebooting after applying an automatic
+      upgrade (Closes: #17026)
+    - Make Thunderbird support TLS 1.3 (Closes: #17333)
+
+  * Build system
+    - IUK generation: don't make all files in the SquashFS diff
+      owned by root, otherwise an upgraded system cannot start
+      (Closes: #17422)
+
+ -- Tails developers <tails@boum.org>  Mon, 13 Jan 2020 09:21:51 +0000
+
 tails (4.2) unstable; urgency=medium
 
   * Major changes

features/step_definitions/common_steps.rb

@@ -920,6 +920,14 @@ When /^I eject the boot medium$/ do
   end
 end
 
+Given /^Tails is fooled to think it is running version (.+)$/ do |version|
+  $vm.execute_successfully(
+    "sed -i " +
+    "'s/^TAILS_VERSION_ID=.*$/TAILS_VERSION_ID=\"#{version}\"/' " +
+    "/etc/os-release"
+  )
+end
+
 Given /^Tails is fooled to think that version (.+) was initially installed$/ do |version|
   initial_os_release_file =
     '/lib/live/mount/rootfs/filesystem.squashfs/etc/os-release'

features/step_definitions/usb.rb

@@ -903,6 +903,18 @@ Given /^Tails is fooled to think a (.+) SquashFS delta is installed$/ do |versio
   )
 end
 
+Then /^the Upgrader considers the system as up-to-date$/ do
+  try_for(120, :delay => 10) do
+    $vm.execute_successfully(
+      "systemctl --user status tails-upgrade-frontend.service",
+      :user => LIVE_USER
+    )
+    $vm.execute_successfully(
+      "journalctl | grep -q -E 'tails-upgrade-frontend-wrapper\[[0-9]+\]: The system is up-to-date'"
+    )
+  end
+end
+
 def upgrader_trusted_signing_subkeys
   $vm.execute_successfully(
     "sudo -u tails-upgrade-frontend gpg --batch --list-keys --with-colons '#{TAILS_SIGNING_KEY}'",

features/usb_upgrade.feature

@@ -108,6 +108,7 @@ Feature: Upgrading an old Tails USB installation
     Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
     And no SquashFS delta is installed
     And Tails is fooled to think that version 2.0~test was initially installed
+    And Tails is fooled to think it is running version 2.0~test
     And the file system changes introduced in version 2.2~test are not present
     And the file system changes introduced in version 2.3~test are not present
     When the network is plugged
@@ -136,18 +137,22 @@ Feature: Upgrading an old Tails USB installation
     And all persistence presets are enabled
     And the file system changes introduced in version 2.3~test are present
     And only the 2.3~test SquashFS delta is installed
-    # Our IUK sets a release date that can make Tor bootstrapping impossible
+    # Regression test for #17425 (i.e. the Upgrader would propose
+    # upgrading to the version that's already running)
     Given Tails system time is magically synchronized
-    # Regression test on #8158 (i.e. the IUK's filesystem is not part of the Unsafe Browser's chroot)
+    And Tails is fooled to think that version 2.1~test was initially installed
     When the network is plugged
     And Tor is ready
-    Then I successfully start the Unsafe Browser
+    Then the Upgrader considers the system as up-to-date
+    # Regression test on #8158 (i.e. the IUK's filesystem is not part of the Unsafe Browser's chroot)
+    And I successfully start the Unsafe Browser
     And the file system changes introduced in version 2.3~test are present in the Unsafe Browser's chroot
 
   @automatic_upgrade
   Scenario: Upgrading a Tails that has several SquashFS deltas present with an incremental upgrade
     Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
     And Tails is fooled to think that version 2.0~test was initially installed
+    And Tails is fooled to think it is running version 2.1~test
     And Tails is fooled to think a 2.0.1~test SquashFS delta is installed
     And Tails is fooled to think a 2.1~test SquashFS delta is installed
     When the network is plugged
@@ -160,6 +165,7 @@ Feature: Upgrading an old Tails USB installation
   Scenario: Upgrading a Tails whose signing key is outdated
     Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
     And Tails is fooled to think that version 2.0~test was initially installed
+    And Tails is fooled to think it is running version 2.0~test
     And the signing key used by the Upgrader is outdated
     But a current signing key is available on our website
     When the network is plugged

po/ar.po

@@ -33,8 +33,8 @@ msgstr ""
 "Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-01-06 11:20+0100\n"
-"PO-Revision-Date: 2019-12-08 17:27+0000\n"
-"Last-Translator: Abanoub Ebied <abanoub_samuel@outlook.com>\n"
+"PO-Revision-Date: 2020-01-06 13:47+0000\n"
+"Last-Translator: erinm\n"
 "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/"
 "ar/)\n"
 "Language: ar\n"
@@ -192,9 +192,8 @@ msgid "The system is up-to-date"
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:350
-#, fuzzy
 msgid "This version of Tails is outdated, and may have security issues."
-msgstr "هذه النسخة من تيلز تحتوي مشاكل أمنية:"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:382
 #, perl-brace-format
@@ -237,9 +236,8 @@ msgid ""
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:448
-#, fuzzy
 msgid "Upgrade available"
-msgstr "غير متاح"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:449
 msgid "Upgrade now"
@@ -264,9 +262,8 @@ msgid ""
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:474
-#, fuzzy
 msgid "New version available"
-msgstr "غير متاح"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:555
 msgid "Downloading upgrade"
@@ -360,18 +357,16 @@ msgid "Error while restarting the system"
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:728
-#, fuzzy
 msgid "Failed to restart the system"
-msgstr "فشلت محاولة إعادة تشغيل تور."
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:743
 msgid "Error while shutting down the network"
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:746
-#, fuzzy
 msgid "Failed to shutdown network"
-msgstr "فشلت محاولة إعادة تشغيل تور."
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:753
 msgid "Upgrading the system"

po/ca.po

@@ -25,8 +25,8 @@ msgstr ""
 "Project-Id-Version: Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-01-06 11:20+0100\n"
-"PO-Revision-Date: 2019-11-29 02:19+0000\n"
-"Last-Translator: Benny Beat <bennybeat@gmail.com>\n"
+"PO-Revision-Date: 2020-01-06 13:47+0000\n"
+"Last-Translator: erinm\n"
 "Language-Team: Catalan (http://www.transifex.com/otf/torproject/language/"
 "ca/)\n"
 "Language: ca\n"
@@ -199,9 +199,8 @@ msgid "The system is up-to-date"
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:350
-#, fuzzy
 msgid "This version of Tails is outdated, and may have security issues."
-msgstr "Aquesta versió de Tails té problemes de seguretat coneguts:"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:382
 #, perl-brace-format
@@ -244,9 +243,8 @@ msgid ""
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:448
-#, fuzzy
 msgid "Upgrade available"
-msgstr "no disponible"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:449
 msgid "Upgrade now"
@@ -271,9 +269,8 @@ msgid ""
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:474
-#, fuzzy
 msgid "New version available"
-msgstr "no disponible"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:555
 msgid "Downloading upgrade"
@@ -351,37 +348,32 @@ msgid ""
 msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:712
-#, fuzzy
 msgid "Restart Tails"
-msgstr "Reinicia"
+msgstr ""
 
 #: config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/Frontend.pm:713
-#, fuzzy