Commit 05a6deb4 authored by sajolida's avatar sajolida

Merge remote-tracking branch 'origin/devel' into doc/16006-usb-images

parents 298832af 53094b0e
......@@ -101,6 +101,10 @@ class ImageCreator(object):
with self.setup_loop_device():
self.create_gpt()
self.create_partition()
# udisks' create_partition function seems to ignore arg_type
# in Stretch, so we set it via sgdisk.
# XXX:Buster: Remove set_partition_type
self.set_partition_type()
self.set_partition_flags()
# XXX: Rescan?
self.format_partition()
......@@ -145,7 +149,6 @@ class ImageCreator(object):
arg_fd=GLib.Variant('h', 0),
arg_options=GLib.Variant('a{sv}', None),
fd_list=Gio.UnixFDList.new_from_array([image_fd]),
cancellable=None,
)
if not resulting_device:
......@@ -160,15 +163,13 @@ class ImageCreator(object):
logger.info("Tearing down loop device")
self.loop_device.props.loop.call_delete_sync(
arg_options=GLib.Variant('a{sv}', None),
cancellable=None,
)
def create_gpt(self):
logger.info("Creating GPT")
self.loop_device.props.block.call_format_sync(
arg_type='gpt',
arg_options=GLib.Variant('a{sv}', None),
cancellable=None
arg_options=GLib.Variant('a{sv}', None)
)
def create_partition(self):
......@@ -178,8 +179,7 @@ class ImageCreator(object):
arg_size=self.system_partition_size * 2**20,
arg_type=ESP_GUID,
arg_name=PARTITION_LABEL,
arg_options=GLib.Variant('a{sv}', None),
cancellable=None
arg_options=GLib.Variant('a{sv}', None)
)
# XXX: Tails Installer ignores GLib errors here
......@@ -187,22 +187,14 @@ class ImageCreator(object):
self._partition = partition
def set_partition_flags(self):
logger.info("Setting partition flags")
# We use sgdisk directly instead of udisks' set_flags method, because the
# latter sometimes resets the partition type / partition table type
# before Buster's udisks2 + libblockdev 2.15-1
# (https://github.com/storaged-project/udisks/issues/418)
execute(["/sbin/sgdisk", "--attributes=1:=:%x" % SYSTEM_PARTITION_FLAGS, self.image])
start_time = time.perf_counter()
while time.perf_counter() - start_time < WAIT_FOR_PARTITION_TIMEOUT:
try:
self.partition.props.partition.call_set_flags_sync(
arg_flags=SYSTEM_PARTITION_FLAGS,
arg_options=GLib.Variant('a{sv}', None),
cancellable=None
)
except GLib.Error as e:
if "GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface" in e.message:
time.sleep(0.1)
continue
raise
return
def set_partition_type(self):
execute(["/sbin/sgdisk", "--typecode=1:%s" % ESP_GUID, self.image])
def format_partition(self):
logger.info("Formatting partition")
......@@ -213,8 +205,7 @@ class ImageCreator(object):
self.partition.props.block.call_format_sync(
arg_type='vfat',
arg_options=options,
cancellable=None
arg_options=options
)
@contextmanager
......@@ -222,8 +213,7 @@ class ImageCreator(object):
logger.info("Mounting partition")
try:
self.mountpoint = self.partition.props.filesystem.call_mount_sync(
arg_options=GLib.Variant('a{sv}', None),
cancellable=None
arg_options=GLib.Variant('a{sv}', None)
)
except GLib.Error as e:
if "org.freedesktop.UDisks2.Error.AlreadyMounted" in e.message and \
......@@ -239,7 +229,6 @@ class ImageCreator(object):
logger.info("Unmounting partition")
self.partition.props.filesystem.call_unmount_sync(
arg_options=GLib.Variant('a{sv}', {'force': GLib.Variant('b', True)}),
cancellable=None,
)
def set_permissions(self):
......@@ -316,9 +305,7 @@ class ImageCreator(object):
'--offset', str(self.partition.props.partition.props.offset),
'--directory', '/syslinux/',
'--install', self.image
],
as_root=True # XXX: Why does this only work as root?
)
])
def reset_timestamps(self):
logger.info("Resetting timestamps")
......@@ -336,12 +323,13 @@ class ImageCreator(object):
"""Set a fixed filesystem UUID aka. FAT Volume ID / serial number"""
logger.info("Setting filesystem UUID")
with set_env("MTOOLS_SKIP_CHECK", "1"):
execute(["mlabel", "-i", self.partition.props.block.props.device, "-N", "a69020d2"])
execute(["mlabel", "-i", self.partition.props.block.props.device,
"-N", "a69020d2",
# Otherwise mlabel -N will remove the pre-existing label
"::%s" % FILESYSTEM_LABEL])
def execute(cmd: list, as_root=False):
if as_root and os.geteuid() != 0:
cmd = ['pkexec'] + cmd
def execute(cmd: list):
logger.info("Executing '%s'" % ' '.join(cmd))
subprocess.check_call(cmd)
......@@ -374,6 +362,9 @@ def main():
if not args.ISO.endswith(".iso"):
parser.error("Input file is not an ISO (no .iso extension)")
if os.geteuid() != 0:
raise PermissionError("This script must be run as root")
logging.basicConfig(level=logging.INFO)
logging.getLogger('sh').setLevel(logging.WARNING)
......
#! /usr/bin/python3
import hashlib
import io
import json
import sys
from pathlib import Path, PurePath
def sha256_file(filename):
sha256 = hashlib.sha256()
with io.open(filename, mode="rb") as fd:
content = fd.read()
sha256.update(content)
return sha256.hexdigest()
def to_json(data):
return json.dumps(data, indent=4, sort_keys=True)
def target_file_url(channel, filename):
basename = PurePath(filename).name
return '%(baseurl)s/%(channel)s/%(subdir)s/%(basename)s' % {
'baseurl': 'http://dl.amnesia.boum.org/tails',
'channel': channel,
'subdir': PurePath(basename).stem,
'basename': basename,
}
def idf_content(build_target, channel, product_name, version, img, iso):
installation_paths = [
{
'type': 'iso',
'target-files': [{
'url': target_file_url(channel, iso),
'sha256': sha256_file(iso),
'size': Path(iso).stat().st_size,
}],
},
]
if img is not None:
installation_paths += {
'type': 'img',
'target-files': [{
'url': target_file_url(channel, img),
'sha256': sha256_file(img),
'size': Path(img).stat().st_size,
}],
}
return to_json({
'build_target': build_target,
'channel': channel,
'product-name': product_name,
'installations': [{
'version': version,
'installation-paths': installation_paths,
}],
})
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser()
parser.add_argument('--build-target', dest='build_target', default='amd64')
parser.add_argument('--channel', default='stable')
parser.add_argument('--product-name', dest='product_name', default='Tails')
parser.add_argument('--version', default=None, required=True,
help='Version of Tails .')
parser.add_argument('--img', default=None,
help='Path to the USB image.')
parser.add_argument('--iso', default=None, required=True,
help='Path to the ISO file.')
args = parser.parse_args()
print(idf_content(build_target=args.build_target,
channel=args.channel,
product_name=args.product_name,
version=args.version,
img=args.img,
iso=args.iso))
......@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.18.0-2'
KERNEL_VERSION='4.18.0-3'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
This diff is collapsed.
......@@ -4,9 +4,9 @@ set -e
echo "Wrapping some applications with torsocks"
APPS="gobby-0.5 net.sourceforge.liferea openpgp-applet seahorse"
APPS="gobby-0.5 openpgp-applet seahorse"
DBUS_SERVICES="org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
WRAPPED_DBUS_SERVICES="net.sourceforge.liferea"
WRAPPED_DBUS_SERVICES=""
for app in $APPS; do
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
......
#!/usr/bin/env python3
"""
Tails Liferea wrapper
"""
import os
import sh
import sys
from gettext import gettext
LIFEREA = '/usr/bin/liferea'
os.environ['TEXTDOMAIN'] = 'tails'
def main():
disabled_text = gettext('Liferea is deprecated')
question_text = gettext('Do you wish to start Liferea anyway?')
warning_text = gettext(
"Due to security concerns the Liferea feed reader will be removed "
"from Tails by the end of 2018. Please migrate your feeds to "
"Thunderbird."
)
dialog_msg = '<b><big>{}</big></b>\n\n{}\n\n{}\n'.format(
disabled_text,
warning_text,
question_text,
)
exit_text = gettext('_Exit')
launch_text = gettext('_Launch')
# results 0 == True; 1 == False; 5 == Timeout
results = sh.zenity(
'--question',
'--title', '',
'--default-cancel',
'--ok-label', launch_text,
'--cancel-label', exit_text,
'--text', dialog_msg,
_ok_code=[0, 1, 5],
)
if results.exit_code != 0:
return 1
return os.execv(LIFEREA, [LIFEREA] + sys.argv[1:])
if __name__ == '__main__':
sys.exit(main())
......@@ -14,6 +14,25 @@ thunderbird_config_is_persistent() {
[ "$(findmnt --noheadings --output SOURCE --target "${THUNDERBIRD_CONFIG_DIR}")" = "/dev/mapper/TailsData_unlocked[/thunderbird]" ]
}
configure_locale() {
# Thunderbird will set the locale based on the environment when
# this pref is empty, but will then save the result to this pref
# disabling this "guess" for the next time. We want Thunderbird to
# always match the locale of the Tails session.
set_mozilla_pref "${PROFILE}/prefs.js" \
"intl.locale.requested" \
'""' \
user_pref
}
disable_autocrypt() {
# Disable Autocrypt since it is not safe (#15923).
set_mozilla_pref "${PROFILE}/prefs.js" \
"mail.server.default.enableAutocrypt" \
"false" \
user_pref
}
configure_default_incoming_protocol() {
# For extensions.torbirdy.defaultprotocol, POP = 0, IMAP = 1
local default_protocol
......@@ -22,13 +41,26 @@ configure_default_incoming_protocol() {
else
default_protocol=1
fi
mkdir -p "${PROFILE}"
set_mozilla_pref "${PROFILE}/prefs.js" \
"extensions.torbirdy.defaultprotocol" \
"${default_protocol}" \
user_pref
}
reconfigure_profile() {
mkdir -p "${PROFILE}"
configure_locale
disable_autocrypt
configure_default_incoming_protocol
# Suppress Enigmail's configuration wizard by pretending that the current
# version was already configured. Only do this on first run though:
# once we've done this we let Enigmail manage this setting itself
# so it can run any migration code it wants to on upgrades.
if thunderbird_profile_is_new; then
initialize_enigmail_configured_version
fi
}
thunderbird_profile_is_new() {
[ ! -f "${PROFILE}/extensions.ini" ]
......@@ -50,17 +82,7 @@ initialize_enigmail_configured_version() {
start_thunderbird() {
export GNOME_ACCESSIBILITY=1
unset SESSION_MANAGER
configure_default_incoming_protocol
# Suppress Enigmail's configuration wizard by pretending that the current
# version was already configured. Only do this on first run though:
# once we've done this we let Enigmail manage this setting itself
# so it can run any migration code it wants to on upgrades.
if thunderbird_profile_is_new; then
initialize_enigmail_configured_version
fi
reconfigure_profile
exec /usr/bin/thunderbird --class "Thunderbird" -profile "${PROFILE}" "${@}"
}
......
......@@ -69,15 +69,13 @@ my ($body, $summary);
chomp($vm_name);
if (grep {$_ eq $vm_name} @whitelist) {
$summary = gettext("Warning: virtual machine detected!");
$body =
gettext("Both the host operating system and the virtualization software are able to monitor what you are doing in Tails.");
}
else {
$summary = gettext("Warning: non-free virtual machine detected!");
$body =
gettext("Both the host operating system and the virtualization software are able to monitor what you are doing in Tails. Only free software can be considered trustworthy, for both the host operating system and the virtualization software.");
}
$body = gettext("Both the host operating system and the virtualization software are able to monitor what you are doing in Tails. Only free software can be considered trustworthy, for both the host operating system and the virtualization software.");
$notify->create(summary => $summary,
body => $body,
actions => { "moreinfo_$PID" => gettext('Learn more'), },
......
http://torbrowser-archive.tails.boum.org/8.0.3-build1/
http://torbrowser-archive.tails.boum.org/8.0.4-build2/
26bd8357675d2ad1d5fe56da66491c46bcb622bc81f7cf775175277648c4753b tor-browser-linux64-8.0.3_ar.tar.xz
641bd678c987c2513418e398740f759919201c897362a0c7699daf8f10ff70a0 tor-browser-linux64-8.0.3_ca.tar.xz
7b7332a1c3b8e28982fc97ab5026ab437b54909cf221b5d712c88eeef15119d0 tor-browser-linux64-8.0.3_da.tar.xz
40cd9090cccaed17534dfd501100d5c582db701a8f0f54ce6c6c49c1676dec35 tor-browser-linux64-8.0.3_de.tar.xz
ff116446e66af9663aa0cb9a01b05f906ff50aed00672fbfcc0b31e8358494a5 tor-browser-linux64-8.0.3_en-US.tar.xz
20a79b0829af4a76c421ad5ac68a588832d1d45dcd954423bd251758940962b2 tor-browser-linux64-8.0.3_es-ES.tar.xz
264e46a348beae1525834c7278da69baf5cc977a9a4d1f43d59fcfa8c46c9724 tor-browser-linux64-8.0.3_fa.tar.xz
d0d2e9a6c65825bc8fff5aecdbb1b0174ea4f3197b057fa41997a2d0772d36a1 tor-browser-linux64-8.0.3_fr.tar.xz
8a988ac5e391387d911e90e54bbfd97e78e6a94f8fb9d5afbb701844322ba514 tor-browser-linux64-8.0.3_ga-IE.tar.xz
b8ae854ad7e9703c0257a980e45c77ae10086c468e71ecc2da1b8d08ec63df84 tor-browser-linux64-8.0.3_he.tar.xz
4bce146eaa38141f0ad21f04a5b663d57fd522316374cccc2103b921ca0adcff tor-browser-linux64-8.0.3_id.tar.xz
78fe45abe2e2bd9b1f2ca7380650558be7b1b373014f72e19eb26653b324ecb5 tor-browser-linux64-8.0.3_is.tar.xz
1fd12a711c5f46494228f1c3b36928f9d7fc5051e503a325f9cbc9362bbf75a3 tor-browser-linux64-8.0.3_it.tar.xz
df2e071d47e97a189a975b6360325e9ab2176edd61483b05f256092dd5e618d4 tor-browser-linux64-8.0.3_ja.tar.xz
5b2b613bca3b0b073bb7ea358d77029e1b391425022a7b4ada44e08027428f63 tor-browser-linux64-8.0.3_ko.tar.xz
37febec2a1cb8b93bfc2fb51c4a18efd56f652688118ca1470ecd2090b349034 tor-browser-linux64-8.0.3_nb-NO.tar.xz
4ca88aaa5ee617a75fb1791d7d922ed34052ce8f89191e322da54db0d2f47189 tor-browser-linux64-8.0.3_nl.tar.xz
876e8fdea59eb03c58f6f0d024d2bf4602d453da5f04b122608a2c03e5c1b451 tor-browser-linux64-8.0.3_pl.tar.xz
1c970a65737caf0fcab5443703fca4f759a053425d4189b8f3755a6c415efa9e tor-browser-linux64-8.0.3_pt-BR.tar.xz
bcb94c7f6e7b5e54a2c8eb0b0eb0dc175f05dc36af7d1241c610479aeb46f898 tor-browser-linux64-8.0.3_ru.tar.xz
354fde6d4288192f40039ae70a704e27e507213d9179d4c327c56f15a3db629d tor-browser-linux64-8.0.3_sv-SE.tar.xz
81cad70a0d9cf966305bbb7cbd06a6beb7d759fb3d64ddf78e54135541ad3f9d tor-browser-linux64-8.0.3_tr.tar.xz
66ffd248503717f840ee9e5a7a35f5c742facdcff10d673799555f8c24c62e37 tor-browser-linux64-8.0.3_vi.tar.xz
d1fa612e6928b39a55c004f27e587ad2bb58473bcd475eee0f4a660f8f95e8e0 tor-browser-linux64-8.0.3_zh-CN.tar.xz
5eab3680cd5e9fc50bea71545957b8ffde05aa5b0ade6fd7ccbe3bc6b4ec9677 tor-browser-linux64-8.0.3_zh-TW.tar.xz
982417f06a42a4176723555c77dd6a1b30817d29193f8e3838bfa73bf023978d tor-browser-linux64-8.0.4_ar.tar.xz
38671d262762d4e48e6c0d2dacdcc63ed94a7dbd69ca127d45a6c92937db4bbd tor-browser-linux64-8.0.4_ca.tar.xz
39d9c94dbe5f3de0abb163a1c8f7796532ec9c284643664cdb4ecdc1ffa2f7b4 tor-browser-linux64-8.0.4_da.tar.xz
d86b7e5f231d2093ba7c715838e51a1e5c83f450b3fa00ea1e63962c02f845ba tor-browser-linux64-8.0.4_de.tar.xz
b56ea98a1232ff34f683e484c75816bc72663cccf1658ab28f2d705226ee94c1 tor-browser-linux64-8.0.4_en-US.tar.xz
6b8aafd563ae7438e7e3f36f4d66d1ae513b1661f3476bf6410459e536d4f6d9 tor-browser-linux64-8.0.4_es-ES.tar.xz
d7aa1d69ca260a02b73f7cf13ff53e127a865a3db0a92c4d7d5dc2a7ef502f92 tor-browser-linux64-8.0.4_fa.tar.xz
5fbcebe6fc668a53f7847c7b2760e265e92306adcea0298d7de04a9552151c73 tor-browser-linux64-8.0.4_fr.tar.xz
d30bd07b30f7c27c7107b3a5545b4ede017c8a7545c70d39254253dea0b92db7 tor-browser-linux64-8.0.4_ga-IE.tar.xz
153eea8deacc84d71f9ac5961a7be672fda6c2575895fb424470f5e4b565db1e tor-browser-linux64-8.0.4_he.tar.xz
bd76e9f1c606e49ec19812e9fee6b66dc1d648f9852156c4a5edf37141fb3300 tor-browser-linux64-8.0.4_id.tar.xz
ae8c440076ae9aab51737acdbf61f2b29e83a792dbc653c51e100fd7fdca4ecf tor-browser-linux64-8.0.4_is.tar.xz
14b05b57867472acf439c51e65d9f0f6f8822aeaefceabbac54afbba46775135 tor-browser-linux64-8.0.4_it.tar.xz
fca16675b7090fc988c7134116cce59e5fd84244fc5cbd1e484f550be61edf26 tor-browser-linux64-8.0.4_ja.tar.xz
fc5162e6356879a215b366626cf7df4a5d396c87319ce8f334b960eb09047b30 tor-browser-linux64-8.0.4_ko.tar.xz
b6e3d8e6f8c2615ecc8a45bd3976042e6494751182209b082128ec79aa917b45 tor-browser-linux64-8.0.4_nb-NO.tar.xz
272489c4fbdb55aa62aa4bffc7618af2601039f9dc80cadfe756ae344459a3e3 tor-browser-linux64-8.0.4_nl.tar.xz
f58d67d4edb617d336a07650477a467344e97ef0de06769403382d285b2e4ca4 tor-browser-linux64-8.0.4_pl.tar.xz
a1bef88369378e9c31124a1d31e8f2300264a650da6332d4f5238cc1306690cf tor-browser-linux64-8.0.4_pt-BR.tar.xz
6dce9f8af547c18d02c3f533ec7bbba79d68bcb374b7595d8df81c456607fdac tor-browser-linux64-8.0.4_ru.tar.xz
94a49fbe9589c7fab14c75b4298c06cb6b7ca99d442b1805e3aa6a1e36fa5acf tor-browser-linux64-8.0.4_sv-SE.tar.xz
3a8f1fa6176d78f2e0a0e8aeabb256edaba4e4119b5de6060f109eb04dc6393b tor-browser-linux64-8.0.4_tr.tar.xz
2966f08ad9b4d25661cf152f23d062c92b12c0930a3b2ee4c139e1312118f378 tor-browser-linux64-8.0.4_vi.tar.xz
62ae37c3fcdfeee85c0f214cc2599adc9ae6b5e87e83a21dca42c2c77058a59f tor-browser-linux64-8.0.4_zh-CN.tar.xz
ee2a91368e2f9368bc338a5834d1adc24899abe71ca2617abef043a7a21cec84 tor-browser-linux64-8.0.4_zh-TW.tar.xz
......@@ -143,7 +143,6 @@ libgail-common
libgfshare-bin
libcaribou-gtk-module
libsane-hpaio
liferea
live-config
live-config-systemd
live-tools
......
--- a/etc/apparmor.d/usr.bin.thunderbird 2018-08-19 09:32:11.000000000 +0000
+++ b/etc/apparmor.d/usr.bin.thunderbird 2018-08-21 07:03:51.744244552 +0000
--- a/etc/apparmor.d/usr.bin.thunderbird 2018-11-22 21:33:46.676704745 +0100
+++ b/etc/apparmor.d/usr.bin.thunderbird 2018-11-22 21:33:34.948766716 +0100
@@ -16,7 +16,6 @@
# TODO: finetune this for required accesses
#include <abstractions/dbus>
......@@ -16,7 +16,7 @@
#include <abstractions/ubuntu-browsers.d/java>
#include <abstractions/ubuntu-helpers>
@@ -46,23 +44,14 @@
@@ -46,26 +44,17 @@
# Allow opening attachments
# TODO: create and use abstractions for opening various file formats
......@@ -24,6 +24,9 @@
+ /{usr/local/,usr/,}bin/{[^gp],g[^p],p[^s],gp[^g]}* Cx -> sanitized_helper,
/usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,
# Allow opening links
/usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop ix,
- # For Xubuntu to launch the browser
- /usr/bin/exo-open ixr,
- /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr,
......@@ -41,7 +44,7 @@
owner @{HOME}/.{cache,config}/dconf/user rw,
owner @{HOME}/.cache/thumbnails/** r,
owner /run/user/[0-9]*/dconf/user rw,
@@ -135,6 +124,7 @@
@@ -138,6 +124,7 @@
deny /.suspended r,
deny /boot/initrd.img* r,
deny /boot/vmlinuz* r,
......@@ -49,7 +52,7 @@
deny /var/cache/fontconfig/ w,
# noisy file dialog:
@@ -254,7 +244,6 @@
@@ -264,7 +251,6 @@
/etc/lsb-release r,
/etc/ssl/openssl.cnf r,
/usr/lib/thunderbird/crashreporter ix,
......
......@@ -4,6 +4,61 @@ tails (3.12) UNRELEASED; urgency=medium
-- Tails developers <tails@boum.org> Wed, 05 Sep 2018 16:51:53 +0000
tails (3.11) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 8.0.4-build2 (Closes: #16193).
- Upgrade Thunderbird to 60.3.0-1~deb9u1.0tails1 (Closes: #16118).
- Thunderbird: unconditionally disable Autocrypt, as it is not safe in
its current state (See: #15923, Closes: #16186).
- Upgrade Linux to 4.18.20 and aufs to 4.18.11+-20181119
(Closes: #16145).
- Upgrade cURL to 7.52.1-5+deb9u8 (DSA-4331).
- Upgrade Ghostscript to 9.26~dfsg-0+deb9u1 (DSA-4336, DSA-4346).
- Upgrade Perl to 5.24.1-3+deb9u5 (DSA-4347).
- Upgrade Policykit to 0.105-18+deb9u1 (DSA-4350).
- Upgrade Samba to 2:4.5.12+dfsg-2+deb9u4 (DSA-4345).
- Upgrade OpenSSL to 1.1.0j-1~deb9u1 (DSA-4348).
- Upgrade libtiff to 4.0.8-2+deb9u4 (DSA-4349).
* Bugfixes
- Tails Upgrader:
· Improve support for incremental upgrades to avoid issues with
partially applied upgrades (Closes: #14754).
· Add a prompt after the IUK has been downloaded so the user can
control when the network will be disabled; previously this was
done without users having a say, possibly leading to confusion and
lost work (Closes: #15282).
- Thunderbird: always set locale according to environment (Closes: #16113).
* Minor improvements and updates
- Remove packages which were needed for getTorBrowserUserAgent
(Closes: #16024).
- Fix persistence configuration window opening on full screen
(Closes: #15894).
- Time sync: don't temporarily increase tor's log level when using
bridges/PTs (Closes: #15743).
- Warn about non-free software depending on the host operating system
and/or virtualization stack (Closes: #16195).
* Build system
- Create USB image after building the ISO, and include it in build
artifacts (Closes: #15984, #15985, #15990).
- Release process: adapt to IDF v2 (Closes: #16171).
* Test suite
- Add new Using "VeraCrypt encrypted volumes" feature, with scenarios
split into two parts: "Unlock VeraCrypt Volumes" and "GNOME Disks"
(Closes: #14469, #14471, #15238, #15239).
- Reintroduce "Clock is one day in the future in bridge mode" test