1. 14 Aug, 2018 1 commit
  2. 01 Jul, 2018 1 commit
  3. 28 Jun, 2018 1 commit
  4. 26 May, 2018 1 commit
    • intrigeri's avatar
      Install virtualbox from our custom APT repository (refs: #15621) · 477e417f
      intrigeri authored
      As per https://labs.riseup.net/code/issues/12048#note-12:
      
      "we'll ship virtualbox-guest-x11 from sid as long as it's installable on
      Stretch; then we'll import the last working version in our custom APT repo.
      And if/when that last working version breaks (e.g. because we get a new xorg
      from stretch-backports and the virtualbox driver doesn't build against it
      anymore, there's no ABI compatibility between major X.Org versions, all drivers
      need to be rebuilt against the new one; it's happened a few times already that
      whatever virtualbox backport we were shipping wasn't compatible with the xorg
      from backports, etc.), then we'll reconsider and possibly drop
      VirtualBox support."
      477e417f
  5. 23 May, 2018 1 commit
  6. 29 Mar, 2018 1 commit
  7. 28 Mar, 2018 1 commit
  8. 10 Mar, 2018 1 commit
  9. 27 Feb, 2018 1 commit
  10. 26 Feb, 2018 5 commits
  11. 24 Feb, 2018 1 commit
  12. 23 Feb, 2018 1 commit
    • bertagaz's avatar
      Ship systemd from stretch-backports. · bf317f15
      bertagaz authored
      Install systemd v236, required to get the meek_lite PT to work, and have
      the unsafe browser and the Tor launcher applications do clearnet DNS
      resolution. This is required to get systemd's `BindReadOnlyPaths`
      directive introduced in commit 4fc2cd47.
      
      Refs: #8243, #8775
      bf317f15
  13. 22 Feb, 2018 1 commit
  14. 14 Feb, 2018 1 commit
    • intrigeri's avatar
      Install Intel processor microcode firmware from stretch-backports (refs: #15173). · 20b79c23
      intrigeri authored
      The maintainer of intel-microcode in Debian carefully uploads to
      stretch-backports updates he thinks are safe for stable users. For example,
      right now stretch-backports has 3.20171117.1~bpo9+1 which is the latest
      available version that's not affected by the many regressions introduced by
      3.20180108.1.
      
      This commit does *not* currently give us IBRS/IBPB/STIPB microcode support for
      Spectre variant 2 mitigation: the currently available firmware with that support
      is too buggy. Instead, it:
      
       - updates microcode firmware to the latest good enough version, which usually
         brings important bugfixes;
       - paves the way for us to get this mitigation whenever it is ready in a form
         that the maintainer of intel-microcode in Debian thinks can be safely pushed
         to Debian stable users.
      20b79c23
  15. 07 Feb, 2018 1 commit
    • intrigeri's avatar
      Revert to xorg-xserver from Stretch (refs: #15232) · 2579876c
      intrigeri authored
      For #12219 we've tried upgrading to xorg-xserver 2:1.19.3-1 but that did not fix
      the bug. Since then we've stuck to that version, which has a greater version
      that the one in Stretch, but 1. does not get any security updates; 2. does not
      track new versions from testing/sid either.
      
      So let's get back to a saner situation and instead track the version in Stretch.
      2579876c
  16. 05 Feb, 2018 1 commit
  17. 30 Jan, 2018 1 commit
  18. 16 Jan, 2018 1 commit
  19. 11 Jan, 2018 1 commit
    • intrigeri's avatar
      Install amd64-microcode and intel-microcode from sid (refs: #15148). · 9e6aec2c
      intrigeri authored
      On the short term, this allows us to get the mitigation against
      Spectre (CVE-2017-5715).
      
      While this could be done via our freeze exception mechanism, instead I chose to
      bump APT snapshots and add APT pinning to install these packages from sid for
      the foreseeable future: keeping CPU microcode up-to-date has become an important
      factor in securing systems these days and such security updates land faster in
      sid than anywhere else in Debian.
      9e6aec2c
  20. 06 Jan, 2018 2 commits
  21. 05 Jan, 2018 2 commits
  22. 03 Jan, 2018 1 commit
    • Loic Dachary's avatar
      Add pdf-redact-tools to tails pre-installed software · 520acf91
      Loic Dachary authored
      While there's definitely some overlap between pdf-redact-tools and
      MAT's mission, the UX and functionality pdf-redact-tools provides
      would not really fit in MAT.
      
      It complements MAT functions and is useful to journalists working
      with sensitive documents.
      
      refs: #15052
      520acf91
  23. 02 Jan, 2018 2 commits
  24. 08 Dec, 2017 1 commit
  25. 06 Nov, 2017 1 commit
  26. 13 Sep, 2017 1 commit
  27. 21 Aug, 2017 1 commit
  28. 14 Aug, 2017 1 commit
  29. 03 Aug, 2017 1 commit
  30. 29 Jul, 2017 1 commit
  31. 04 Jul, 2017 1 commit
    • anonym's avatar
      Temporarily prioritize deb.t.b.o over deb.tp.o. · 0e8ef1fe
      anonym authored
      So we install 0.3.0.9-1~d90.stretch+1 (from deb.t.b.o) instead of
      0.3.0.9-1~d99.buster+1 (from deb.tp.o, or rather our snapshot of it
      which incorrectly has this Debian buster version of the package,
      refs: #13413).
      
      Will-fix: #13253
      0e8ef1fe
  32. 27 May, 2017 1 commit
  33. 15 May, 2017 1 commit