GitLab

... instead of copying it, so the chroot's DNS configuration stays
up-to-date in case we switch network or similar.

Will-fix: #7903

This way any mounts made by users of this library (e.g. the Unsafe
Browser) can mount targets inside the chroot and let the automatic
teardown of the chroot browser deal with the umounting.

Will-fix: #8243

We want to allow something in Tor's rule that is blocked in the LAN
rules, so the Tor rule must be listed first.

So now users can input a human-readable hostname for proxies and
bridges (and we can support meek_lite!).

Will-fix: #8775
Refs: #8243

This is cleaner, and will help us on our path to #8775.

Refs: #8775

This has been broken since we migrated from our custom Iceweasel to
TBB.

At least with Tor Browser 7.5 without this pref set the default
becomes "tor-browser" (which presumably is the executable's directory,
i.e. /usr/local/lib/tor-browser) that we do not have permissions to
write to.

Will-fix: #15024

There was a rebuild due to last minute Firefox changes.

Will-fix: #15197

Since Tor Browser 7.5, it is enabled in stable releases.

Refs: #15197

Will-fix: #15197

Linux 4.14 brings new AppArmor mediation features and the policy shipped in
Stretch may not be ready for it. So let's disable these new features to avoid
breaking stuff: it's too hard to check if all the policy for apps we ship (and
that users install themselves) has the right rules to cope with these new
mediation features.

This feature set file will be:

 - either removed: once we install an apparmor package that ships its own,
   maintained elsewhere, feature set (probably via Debian#879585);

 - or upgraded: to the Buster kernel's, when we move to Buster, iff.
   Debian does not ship any pinned feature set then (refs: #15149).

This commit ports to our build system the changes that are in Buster/sid
currently, except we include the Stretch's kernel feature set while Buster/sid
is pinned to Linux 4.14's feature set (the policy in Buster/sid was updated to
support it). This is exactly what will likely land in the next Debian Stretch
point release. I'm using a different filename from the one used on Debian, in
order to make it easier to compare the "upstream" (Debian) file with ours.
And while I'm at it I'm adding a build-time sanity check that will warn us if
there's some maintenance work to do on our side.

Whenever persistent Claws Mail setting is enabled, this creates an empty
~/.icedove/ directory, that prevents Thunderbird from starting.

Will-fix: #6038

Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
for good reasons, let's not revert to the upstream default.

The configuration has changed since the original commit (55674b5d).

See 1.2~exp1 in:

https://anonscm.debian.org/git/apt/apt.git/tree/debian/NEWS

Me and (mostly) segfault had a late night hacking session, and
implemented some pretty full-featured search functionality:

* Interactive search
* Wrapping search
* Keyboard shortcuts:
 - Ctrl+f => focus find entry
 - Enter / Shift+Enter: search forward / backward
 - While find entry is focused: Escape => stop searching

We cannot connect, so an error page is shown. Links will still be
opened with any configured external application.

Thanks for the fix, segfault!

Thanks for the tip, segfault!

... instead of using the Tor Browser: since version 7.0.8 it fails to
render local pages (like our docs) due to #14962.

Refs: #14962

Will-fix: #14940

Refresh Tor Browser AppArmor profile patch to apply on top of torbrowser-launcher 0.2.8-4's (refs: #14923).

Add a systemd --user target for bits of GNOME EarlyInitialization managed by systemd (refs: #12543).

This fixes #14796 (on Buster, it is displayed in the middle of the screen, on
the left of the clock) and an annoying UX problem we have on Stretch:  OpenPGP
applet is in the middle of icons that share the exact same (modern, GNOME
Shell-like) behaviour, which is disturbing when opening one of the modern menus
and moving the mouse left/right to the others, because in the middle one icon
won't react as expected, and the nice blue bottom border continuity is broken.

Force Thunderbird to enable accessibility support even if no a11y feature is enabled in GNOME yet (refs: #14752, #9260).

I did not check the source, but the reasoning from
commit:a3346a75 probably applies here as well.

In any case, the symptoms are the same, and the same fix works.

Force Tor Browser to enable accessibility support even if no a11y feature is enabled in GNOME yet (refs: #14752, #9260).

My understanding of the code in accessible/atk/Platform.cpp is: if this envvar
is not set, Firefox will check via D-Bus at startup if accessibility is enabled
in the Desktop, and if it's not it'll permanently disable accessibility,
which breaks use cases like starting the screen keyboard or screen reader
*after* Tor Browser.

Will-fix: #14606

If these directories exist then Tor Browser will attempt to read/write
to files inside of it as well.

Will-fix: #14606

This reverts commit 343be35f.

I was just confused, selfrando is only enabled for alpha builds.