From 0efac382846d7711d66b9b5373e4f1cb19d1a94f Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@freedom.press>
Date: Wed, 19 Jun 2019 09:21:48 -0700
Subject: [PATCH 1/2] dockerfiles: bump Tor Browser version to 8.5.1

---
 securedrop/dockerfiles/xenial/python2/Dockerfile | 2 +-
 securedrop/dockerfiles/xenial/python3/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/securedrop/dockerfiles/xenial/python2/Dockerfile b/securedrop/dockerfiles/xenial/python2/Dockerfile
index ab3880d397..a39b5f620d 100644
--- a/securedrop/dockerfiles/xenial/python2/Dockerfile
+++ b/securedrop/dockerfiles/xenial/python2/Dockerfile
@@ -30,7 +30,7 @@ RUN curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x8
 
 COPY ./tor_project_public.pub /opt/
 
-ENV TBB_VERSION 8.5
+ENV TBB_VERSION 8.5.1
 RUN gpg --import /opt/tor_project_public.pub && \
     wget  https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz && \
     wget https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz.asc && \
diff --git a/securedrop/dockerfiles/xenial/python3/Dockerfile b/securedrop/dockerfiles/xenial/python3/Dockerfile
index 28efa791a8..d5f5a832ce 100644
--- a/securedrop/dockerfiles/xenial/python3/Dockerfile
+++ b/securedrop/dockerfiles/xenial/python3/Dockerfile
@@ -29,7 +29,7 @@ RUN curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x8
 
 COPY ./tor_project_public.pub /opt/
 
-ENV TBB_VERSION 8.5
+ENV TBB_VERSION 8.5.1
 RUN gpg --import /opt/tor_project_public.pub && \
     wget  https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz && \
     wget https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz.asc && \

From 1ffbbeb8b7684e947f57736a07cc6899203ac787 Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@freedom.press>
Date: Wed, 19 Jun 2019 09:45:11 -0700
Subject: [PATCH 2/2] docs: fix broken link to ciphersuite recommendations

---
 docs/deployment/landing_page.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/deployment/landing_page.rst b/docs/deployment/landing_page.rst
index 32b2425513..93aa7590dc 100644
--- a/docs/deployment/landing_page.rst
+++ b/docs/deployment/landing_page.rst
@@ -237,7 +237,7 @@ Here's a similar example for nginx if the system supports TLS 1.3:
 .. note:: We have prioritized security in selecting these cipher suites, so if
           you choose to use them then your site might not be compatible with
           legacy or outdated browsers and operating systems. For a good
-          reference check out `Cipherli.st <https://cipherli.st/>`__.
+          reference check out `Mozilla's recommendations <https://wiki.mozilla.org/Security/Server_Side_TLS>`__.
 
 You'll need to run ``a2enmod headers ssl rewrite`` for all these to
 work. You should also set ``ServerSignature Off`` and