GitLab

Will-Fix: #10112

The old one doesn't apply on top of testing's torbrowser-launcher anymore.
Our Jenkins job didn't warn us in advance because the changes made in Debian
were made with quilt patches, and that job only tests Git merging.

The new (ESR38) search bar only shows icons, which is problematic when
we want to include several locales of some search engine at the same
time, like Wikipedia (we want to include English in non-English
locales). Now we also generate localized Wikipedia search engine
plugin icons, which has an indicator of which language is used (by
language code) which should mitigate this.

Will-fix: #9955

It was introduced (#9381) for reasons that ended up being wrong (#9594).

Here, we also remove amd64 APT sources and dpkg's support for amd64 as a foreign
architecture. We'll need them again when we want to ship Linux 4.x, but once
we're there we can perhaps enable amd64 sources only for selected APT
repositories, to avoid re-introducing #9381.

Reverts:
e9d2e345
181c6d26
e1d331aa

Will-fix: #9748

Fix-committed: #7525

Refs: #7525

By default, it uses /tmp/, but we want to deny it access to there.

Will-fix: #9558

Will-fix: #9558

In the past, we had "exit 1" in there. This problem was identified (#8571) and
fixed (commit 1b46b5b1) in Tails 1.2.3, by replacing this "exit 1"
with "return 1".

Then, while working on another, minor problem (#8687), the "exit 1" was
reintroduced (commit 4ea050ab) in Tails 1.3.2, presumably because we pasted
sample code from the ticket, that had been drafted *before* #8571 was fixed.
Sadly, nobody noticed in time.

I cannot easily reproduce the bug on Tails/Wheezy (because I lack hardware whose
MAC address fails to be spoofed there), but I could reproduce it with
Tails/Jessie ("thanks" to the fact we're currently shipping the buggy 'wl'
kernel module in there).

Will-Fix: #9531

I.e. hide the same things we hide in the Tor Browser. These features
wouldn't work in the I2P Browser, and would encourage unsupported
usage of the Unsafe Browser.

... like we are for the I2P Browser.

It shouldn't be able to fetch those URLs, but it shouldn't even try.

Thanks, kytv, for providing a patch!

This issues an automatic fetch of Tiles links + thumbnail images from
tiles.services.mozilla.com on start. It's supposed to be disabled by
setting browser.newtabpage.enhanced to false in upstream Tor Browser
5.0a3, but its value is coerced to true (Tor bug #16316). This enabled
Tiles, in the end.

Hopefully this is fixed in the final 5.0 release.

It currently messes with unsafe_browser.feature. Note that this one
likely will be removed upstream in the final Tor Browser 5.0 release

With this pref enabled (which is the default) e.g. US locales will use
the browser.search.*.US prefs, which just complicates things.

The sha256sums.txt hasn't been signed yet so it has only been verified
by downloading it through HTTPS. This should be cool since this is for
testing purposes only.

We'll need the amd64 sources for installing that flavour of Linux 4.x,
and also to ship an amd64 syslinux binary in the ISO (#9381).

Will-fix: #9126

This reverts commit baf42e04.

If such access is denied, then Tor Browser plays sound directly
with Alsa, which makes UX worse... and breaks our automated tests.

It was initially added because it was needed for Tor Browser to play sound with
PulseAudio, but in the end it turns out that this use case works just fine
without allowing such access => let's tighten thing a bit, and make our delta
with upstream's profile smaller.

Note that machine-id is currently a per-Tails-version identifier, but depending
on the outcome of #7100 it may become a per-Tails-boot one.

torbrowser-AppArmor-profile.patch: refresh to apply cleanly on top of the profile shipped with torbrowser-launcher 0.2.0-1.

The patch is modified because upstream has taken a change that was previously
part of our delta, and that I had submitted to them.

Not only this directory needlessly takes room in ISO images, but it also makes
IUKs bigger than they could be: there are time-based variations in there.

Will-fix: #9417

Will-fix: #9369

Until recently it defaulted to Start Page purely by chance. While we
could pick Start Page now, Google seems like a less suspicious choice.