GitLab

... instead of copying it, so the chroot's DNS configuration stays
up-to-date in case we switch network or similar.

Will-fix: #7903

This way any mounts made by users of this library (e.g. the Unsafe
Browser) can mount targets inside the chroot and let the automatic
teardown of the chroot browser deal with the umounting.

This is cleaner, and will help us on our path to #8775.

Refs: #8775

There was a rebuild due to last minute Firefox changes.

Will-fix: #15197

Since Tor Browser 7.5, it is enabled in stable releases.

Refs: #15197

Will-fix: #15197

Linux 4.14 brings new AppArmor mediation features and the policy shipped in
Stretch may not be ready for it. So let's disable these new features to avoid
breaking stuff: it's too hard to check if all the policy for apps we ship (and
that users install themselves) has the right rules to cope with these new
mediation features.

This feature set file will be:

 - either removed: once we install an apparmor package that ships its own,
   maintained elsewhere, feature set (probably via Debian#879585);

 - or upgraded: to the Buster kernel's, when we move to Buster, iff.
   Debian does not ship any pinned feature set then (refs: #15149).

This commit ports to our build system the changes that are in Buster/sid
currently, except we include the Stretch's kernel feature set while Buster/sid
is pinned to Linux 4.14's feature set (the policy in Buster/sid was updated to
support it). This is exactly what will likely land in the next Debian Stretch
point release. I'm using a different filename from the one used on Debian, in
order to make it easier to compare the "upstream" (Debian) file with ours.
And while I'm at it I'm adding a build-time sanity check that will warn us if
there's some maintenance work to do on our side.

Whenever persistent Claws Mail setting is enabled, this creates an empty
~/.icedove/ directory, that prevents Thunderbird from starting.

Will-fix: #6038

Me and (mostly) segfault had a late night hacking session, and
implemented some pretty full-featured search functionality:

* Interactive search
* Wrapping search
* Keyboard shortcuts:
 - Ctrl+f => focus find entry
 - Enter / Shift+Enter: search forward / backward
 - While find entry is focused: Escape => stop searching

We cannot connect, so an error page is shown. Links will still be
opened with any configured external application.

Thanks for the fix, segfault!

Thanks for the tip, segfault!

... instead of using the Tor Browser: since version 7.0.8 it fails to
render local pages (like our docs) due to #14962.

Refs: #14962

Will-fix: #14940

Refresh Tor Browser AppArmor profile patch to apply on top of torbrowser-launcher 0.2.8-4's (refs: #14923).

Add a systemd --user target for bits of GNOME EarlyInitialization managed by systemd (refs: #12543).

Force Thunderbird to enable accessibility support even if no a11y feature is enabled in GNOME yet (refs: #14752, #9260).

I did not check the source, but the reasoning from
commit:a3346a75 probably applies here as well.

In any case, the symptoms are the same, and the same fix works.

Force Tor Browser to enable accessibility support even if no a11y feature is enabled in GNOME yet (refs: #14752, #9260).

My understanding of the code in accessible/atk/Platform.cpp is: if this envvar
is not set, Firefox will check via D-Bus at startup if accessibility is enabled
in the Desktop, and if it's not it'll permanently disable accessibility,
which breaks use cases like starting the screen keyboard or screen reader
*after* Tor Browser.

Will-fix: #14606

If these directories exist then Tor Browser will attempt to read/write
to files inside of it as well.

Will-fix: #14606

This reverts commit 343be35f.

I was just confused, selfrando is only enabled for alpha builds.

Will-fix: #14606

There was some confusion about this setting when Tor Browser 7.x was
introduced into Tails, and apparently it got lost between the cracks.

Details: https://trac.torproject.org/projects/tor/ticket/20683

"." is a regexp special char. We mean "." literally so it ought to be escaped.

Wrong:

 $ echo 'user_pref("extensionsXenigmailYconfiguredVersion",' \
   | sed --regexp-extended \
        '/^(user_)?pref\("extensions.enigmail.configuredVersion",/d'

Right:

 $ echo 'user_pref("extensionsXenigmailYconfiguredVersion",' \
   | sed --regexp-extended \
        '/^(user_)?pref\("extensions\.enigmail\.configuredVersion",/d'
 user_pref("extensionsXenigmailYconfiguredVersion",

For any Thunderbird profile that was ever used, that pref will be
present there as well.

Will-fix: #12680