{{Header}} __NOINDEX__
{{#seo:
|description={{project_name_long}} Release Notes, Changelog
|image=Oldstablewhonix.jpg
}}
{{intro|
{{project_name_short}} Release Notes, Changelog
}}
[[File:Oldstablewhonix.jpg|thumb]]
= Additional Changes =
Since {{project_name_short}} is based on {{kicksecure}}, maintained by the same contributors, the reader should also take notice of the {{kicksecure_wiki
|wikipage=Changelog
|text=Changelog
}} since changes in {{Kicksecure}} also apply to {{project_name_short}} but are not listed (duplicated) here.
{{upstream_wiki}}
Earlier changes are archived here: [[Old_Stable_and_Earlier_Releases|Old Stable and Earlier Releases]]
= 17.0.4.5 =
[https://github.com/whonix/anon-apps-config anon-apps-config
]:
* tmpfiles.d improvement
https://github.com/Whonix/anon-apps-config/commit/925112ac645c7b763fe555c872f65a76e0e8b59e
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* install snowflake-client by default https://forums.whonix.org/t/replacing-meek-snowflake/5190
https://github.com/Whonix/anon-meta-packages/commit/8704fba06559c61301353ca95c33b8311bdf79b2
[https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor
]:
* tmpfiles.d improvement
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/a5800571e1be00a4238cda324116b734388ab836
* add symlinks from /etc/profile.d to /etc/zprofile.d
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/289afa5ee2b95b733eb8388813e1c0b9e402555f
[https://github.com/whonix/kloak kloak
]:
* seccomp
https://github.com/Whonix/kloak/commit/59056a25d1e14d6d81ee8a9666eda0bc62fe342a
* Merge branch 'chatgpt'
https://github.com/Whonix/kloak/commit/07d37f52867816ede568c7fb88bde1ae012359e3
* one more missing seccomp filter
https://github.com/Whonix/kloak/commit/cda8d74c37227656cc09c1f7324a69b8f908c9cc
(Thanks to Vinnie Monaco!)
* Merge branch 'master' into dev
https://github.com/Whonix/kloak/commit/e475b1c9c552643328da48f39bef999a88d6be21
(Thanks to Vinnie Monaco!)
* added missing seccomp filters
https://github.com/Whonix/kloak/commit/34e9f421d75ef5e99f71c6d84bb6fb088ac91637
(Thanks to Vinnie Monaco!)
* disable broken seccomp SystemCallFilter https://github.com/vmonaco/kloak/pull/38#issuecomment-1627688486
https://github.com/Whonix/kloak/commit/c8178aea02117addfb28dba06e824ece7732dee2
* seccomp
https://github.com/Whonix/kloak/commit/2f08794c4b238bb08e0e06a9b10f031f739955be
* Added a running variable to control the while loop and added a signal handler (handle_signal) to catch the interrupt signal (SIGINT) and terminate the program gracefully. Fixed the command-line argument handling by checking if argc is less than 2 (instead of assuming argc > 1). If no arguments are provided, the program displays the usage message and exits. Updated the ioctl() call to check the return value for errors. If the ioctl() operation fails to get the device name, an error message is printed, and the program exits. Removed the check for root access since it was only printing a message and not affecting the program's execution. If root access is required, it should be checked externally before running the program. Closed the device file descriptor (fd) before exiting the program to release system resources properly.
https://github.com/Whonix/kloak/commit/2a8b5a6934019598beb8290ac4b214407395c54e
* The rescue_len variable was not initialized, causing undefined behavior. I added the initialization rescue_len = 0 to fix it. In the init_inputs() function, I added error handling for the malloc call to allocate memory for the pfds array. In the emit_event() function, I added error handling for the libevdev_uinput_write_event function call to check if writing the event to uinput was successful.
https://github.com/Whonix/kloak/commit/54f0b3e111a44bb95223200575fe9d19a8c70c09
* fixed typo
https://github.com/Whonix/kloak/commit/d11ed97e3c26318ca96a07806d492597950f36bb
(Thanks to Vinnie Monaco!)
* fixed apparmor profile: added r to /sys/devices/virtual/input
https://github.com/Whonix/kloak/commit/edf0a41c9ad05e901d6726804112308dc098965f
(Thanks to Vinnie Monaco!)
* fixed apparmor profile: added w to /dev/uinput
https://github.com/Whonix/kloak/commit/5870a8d3c79567333fbb720d2ea1af43ceee2aea
(Thanks to Vinnie Monaco!)
* fixed apparmor profile: added r to /dev/uinput
https://github.com/Whonix/kloak/commit/1e16893c10fbfcac899fe341cae87022a295e626
(Thanks to Vinnie Monaco!)
* formatted main.c
https://github.com/Whonix/kloak/commit/2edb4b2bc4c72d6ca457afb4f8265f5ea69e0da9
(Thanks to Vinnie Monaco!)
* added pkg-config to build depends
https://github.com/Whonix/kloak/commit/1db17e2ac3113cc5253330d5d459fd64dba93164
(Thanks to Vinnie Monaco!)
* added libsodium init
https://github.com/Whonix/kloak/commit/c2142bf9eafbc4ed8360e1e8a286fbabc68a74d2
(Thanks to Vinnie Monaco!)
* added deb dependencies
https://github.com/Whonix/kloak/commit/4f271826d6c1621ad8e4a85046da12525698e88f
(Thanks to Vinnie Monaco!)
* fixed verbose output format
https://github.com/Whonix/kloak/commit/5fca94d9e7c27a0b3d9dd8332371987fef6047ec
(Thanks to Vinnie Monaco!)
* added build flags to makefile
https://github.com/Whonix/kloak/commit/ca5510586597ebd6287afa9c878c2bfc3bbf2b9b
(Thanks to Vinnie Monaco!)
* use libsodium for prng
https://github.com/Whonix/kloak/commit/ea6f6be0a33f19038b42aff42aacfd09020b3041
(Thanks to Vinnie Monaco!)
* added support for multiple input devices
https://github.com/Whonix/kloak/commit/5dc5412f78b7111c42818b973a7a25248b5d49ca
(Thanks to Vinnie Monaco!)
* Merge branch 'master' of github.com:vmonaco/kloak into mouse
https://github.com/Whonix/kloak/commit/36f83eb631be27e325d9209e956e04f37fbe470c
(Thanks to Vinnie Monaco!)
* removed restrictions on event types
https://github.com/Whonix/kloak/commit/59c47d88e4b579e93a85209484681f536035e8d6
(Thanks to Vinnie Monaco!)
* fixed typo
https://github.com/Whonix/kloak/commit/99d2af051dccbee7f2cd3f35fbc2d7ae64af00c7
(Thanks to Vinnie Monaco!)
* started support for EV_REL events
https://github.com/Whonix/kloak/commit/7b94b28e472cef7e3c52960986a3bc7dfa651f94
(Thanks to Vinnie Monaco!)
[https://github.com/whonix/onion-grater onion-grater
]:
* Fixed issue where replacement contained something that belonged to pattern
https://github.com/Whonix/onion-grater/commit/3b2e9a7eab4a4d3c793a354910bb678f28dccf4f
(Thanks to apachesub22!)
* Added example grater profile for LND
https://github.com/Whonix/onion-grater/commit/d281ad64d2a7bf1628bf3e1d3879fd9e22a78976
(Thanks to apachesub22!)
[https://github.com/whonix/qubes-whonix qubes-whonix
]:
* tmpfiles.d improvement
https://github.com/Whonix/qubes-whonix/commit/edcb3ba51b48963a33d98a898279bdb8fd214bd9
[https://github.com/whonix/uwt uwt
]:
* add symlinks from /etc/profile.d to /etc/zprofile.d
https://github.com/Whonix/uwt/commit/539fa2eed39d24a161337ceb421d66f232863ec9
[https://github.com/whonix/whonix-base-files whonix-base-files
]:
* add symlinks from /etc/profile.d to /etc/zprofile.d
https://github.com/Whonix/whonix-base-files/commit/175a2585c3d4099fd2abed91e263f8af4716a201
[https://github.com/whonix/whonix-firewall whonix-firewall
]:
* Fix MTU problem by allowing RELATED fragmentation-needed ICMP by enabling `GATEWAY_ALLOW_INCOMING_ICMP_FRAG_NEEDED=1` by default. Run `iptables -A INPUT -p icmp --icmp-type fragmentation-needed -m state --state RELATED -j ACCEPT` on Whonix-Gateway.
https://github.com/Whonix/whonix-firewall/commit/5f1e0ef0fce2dfc991547a16a5b23637bb27f57c
[https://github.com/whonix/whonix-welcome-page whonix-welcome-page
]:
* add symlinks from /etc/profile.d to /etc/zprofile.d
https://github.com/Whonix/whonix-welcome-page/commit/d94157bc77610016365c1e33e3e327abcf62efbc
= 17.0.1.9 =
* '''port to Debian 12 (bookworm
)'''
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* fix, run replace-ips in Qubes when Tor is restarted
https://github.com/Whonix/anon-gw-anonymizer-config/commit/ef1f27974fcd59773f679ed17e5a4d293b72ea2e
[https://github.com/whonix/onion-grater onion-grater
]:
* bookworm aa-logprof
https://github.com/Whonix/onion-grater/commit/c5be0367942f5e4f5e0b4428cce1c3826e89893d
[https://github.com/whonix/qubes-whonix qubes-whonix
]:
* fix: make sure replace-ips runs before restarting Tor This is useful to support `release-upgrade` script testing inside `sys-whonix` refactoring
https://github.com/Whonix/qubes-whonix/commit/5d77f9d93c62997e3d85e892be604ae9f7f0b3aa
* Drop salt dependency It isn't available in bookworm QubesOS/qubes-issues#7896
https://github.com/Whonix/qubes-whonix/commit/f3bd2aa4ea6e33248274bbb171c36eae618f8716
(Thanks to Marek Marczykowski-Górecki!)
[https://github.com/whonix/uwt uwt
]:
* abolish /rw/config parsing (Does not influence Qubes specific /rw/config parsing.)
https://github.com/Whonix/uwt/commit/ac4c16c1c35396bcbab45930e6866500e60f5c3d
[https://github.com/whonix/whonix-base-files whonix-base-files
]:
* bump /etc/whonix_version
https://github.com/Whonix/whonix-base-files/commit/403f2e7553ec996c5371232caf312b45c2abc5f0
= {{project_name_short}} 16 Changelog =
{{project_name_short}} 16 was released on September 11 and 12, 2021 for KVM and VirtualBox. [https://forums.whonix.org/t/whonix-16-0-2-7-kvm-debian-11-bullseye-based-major-stable-release/12264 Whonix 16.0.2.7 KVM (Debian 11 bullseye based) - Major Stable Release]. [https://forums.whonix.org/t/whonix-16-has-been-released-debian-11-bullseye-based-for-virtualbox-major-release/12297 Whonix 16 has been Released! (Debian 11 bullseye based) - for VirtualBox - Major Release]. {{q_project_name_long}} 16 was released on 28 September, 2021. [https://forums.whonix.org/t/qubes-whonix-16-has-been-released-debian-11-bullseye-based-major-release/12465 Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release]. As per the [[About#Support_Schedule|Support Schedule]], {{project_name_short}} 15 was deprecated on 14 November, 2021 -- all users should upgrade as soon as possible. [https://forums.whonix.org/t/whonix-15-end-of-security-support-and-deprecation-notice-all-users-should-move-to-whonix-16/12473 Whonix 15 End of Security Support and Deprecation Notice - All users should move to Whonix 16!]
Significantly, {{project_name_short}} 16 is based on the Debian bullseye
(Debian 11) distribution which was [https://www.debian.org/News/2021/20210814 officially released] on August 14, 2021 instead of Debian buster
(Debian 10). The bullseye release has nearly 60,000 packages and around 72 per cent of them were updated. This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as "obsolete" and removed. 42,821 packages were updated and 5,434 packages remained unchanged.
This means users have access to many new software packages in concert with existing packages. In addition, this release will serve as a development foundation for many exciting upcoming security enhancements such as [[Hardened_Malloc_Kicksecure|Hardened Malloc {{kicksecure}} (HMK)]], [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] and other items on the [[Security Roadmap|{{project_name_short}} Security Roadmap]].
= {{project_name_short}} 16 Updates =
As {{project_name_short}} is a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the {{project_name_short}} stable repository. The most notable changes will be announced here.
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = The majority of the enhancements below also also apply to {{q_project_name_short}}. Exceptions include:
* [[Keystroke_Deanonymization#Kloak|kloak]]
* [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]]
* [https://github.com/kicksecure/tirdad tirdad] (TCP ISN CPU Information Leak Protection)
* [https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg Kernel Hardening through Kernel Boot Parameters]
* [https://github.com/Kicksecure/security-misc Strong Linux User Account Separation] / [[Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords_Protection|Protection against Bruteforcing Linux User Account Passwords]]
* {{kicksecure_wiki
|wikipage=Apparmor-profile-everything
|text=Apparmor profile everything
}} https://github.com/Kicksecure/apparmor-profile-everything (AppArmor for everything: APT, systemd, init, all systemd units, all applications)
* [https://www.kicksecure.com/wiki/Hardened-kernel hardened-kernel patch] and [https://github.com/Kicksecure/hardened-kernel/blob/master/usr/share/hardened-kernel/hardened-vm-kernel configuration]
Many of these will be possible once the use of in-VM kernels is simplified and promoted in Qubes OS. https://github.com/QubesOS/qubes-issues/issues/5212 https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581
}}
== {{project_name_short}} 16.0.9.8 ==
[https://github.com/whonix/anon-apps-config anon-apps-config
]:
* Merge branch 'Whonix:master' into master
https://github.com/Whonix/anon-apps-config/commit/5492e70c3a1f9c4c5c63064b72664d4ade3013e3
(Thanks to idk!)
* re-create #11 without the eepsite/docroot history, disable eepsite by default
https://github.com/Whonix/anon-apps-config/commit/baa0b6b850dca52300b34fac6263b82ad9236317
(Thanks to idk!)
* add a hosts.txt file
https://github.com/Whonix/anon-apps-config/commit/64aa02e51e796577556206b2f441c855ce916a96
(Thanks to idk!)
* i2p-config: no longer use white spaces in file names, use underscores instead
https://github.com/Whonix/anon-apps-config/commit/f1815a6e4010e02f5cbc4c2fd7c2f6b2f3ced82f
* revert /var/lib/i2p/i2p-config folder permissions change for now
https://github.com/Whonix/anon-apps-config/commit/1def6aa5544f107dd663b75afdf0a63bea64a458
* port I2P config to systemd tmpfiles.d https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/22
https://github.com/Whonix/anon-apps-config/commit/9b6cf93516b281afe30413b1f58b2991153a8cef
* undisplace
https://github.com/Whonix/anon-apps-config/commit/aa06cadbb9c56af47d78e145ae9d5916d7b7c2d5
* fix permissions on the I2P configuration directory
https://github.com/Whonix/anon-apps-config/commit/c5a3bc549edba258f57ed8081199036fcb7534c7
(Thanks to idk!)
* check in router.config
https://github.com/Whonix/anon-apps-config/commit/bd8e5a9a2c3aee6ca5205fca559513fed7bd1ab5
(Thanks to idk!)
* remove unnecessary divert for router.config.anondist
https://github.com/Whonix/anon-apps-config/commit/f3f0a235c234954ca0950c6e2401dd4adefe60a5
(Thanks to idk!)
* move i2p config to /var/lib/i2p/i2p-config
https://github.com/Whonix/anon-apps-config/commit/8dd15db4da24b9331657f1a0aa82a13ac2af7e60
(Thanks to idk!)
* check in config.d directories
https://github.com/Whonix/anon-apps-config/commit/2e16e3a6a1dbb6c358d25283ed058151e14d73fd
(Thanks to idk!)
* first, use displace to create migratable configuration files which contain the required Whonix defaults
https://github.com/Whonix/anon-apps-config/commit/cc43b42a864970541478a4a4125f4b1f13e26a8b
(Thanks to idk!)
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* systemctl --system daemon-reload
https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4d20b8d295aa56dc25d381f7cc4cc12417a8d11
* add workaround for upstream bug Tor fails to start a few times before succeeding to start https://forums.whonix.org/t/failed-to-start-anonymizing-overlay-network-for-tcp-tor-fails-to-start-a-few-times-before-succeeding-to-start/16289/12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029554
https://github.com/Whonix/anon-gw-anonymizer-config/commit/cf35a5025573c2f2052c7c6baecfeae4f071d00c
* anon-log: minor fix, output errors to stderr instead of stdout
https://github.com/Whonix/anon-gw-anonymizer-config/commit/b2a4539afd403ca9558db95a638282845350c67d
* anon-log: use journalctl instead of /run/tor/log
https://github.com/Whonix/anon-gw-anonymizer-config/commit/31121526c5456a4bc8dd98dceb67a588661593e2
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* remove monero-gui
https://github.com/Whonix/anon-meta-packages/commit/b38990fff7200661bfc8ad8d90d308bbc1546feb
* consistent use of `Pre-Depends: legacy-dist`
https://github.com/Whonix/anon-meta-packages/commit/8070118d9723f5443ef0b4df78223815bcfbe722
* install metadata-cleaner by default https://forums.whonix.org/t/metadata-cleaner-gui-for-mat2/12919 add `metadata-cleaner` to `whonix-workstation-packages-recommended-gui` Thanks to @mfc for the suggestion!
https://github.com/Whonix/anon-meta-packages/commit/1359a55c6190acf01a0b071f52df6da1d696b136
[https://github.com/whonix/whonix-welcome-page whonix-welcome-page
]:
* disable end of year banner
https://github.com/Whonix/whonix-welcome-page/commit/1932bff1d7de114228d7a93fcfe922853925ec3f
== {{project_name_short}} 16.0.9.0 ==
[https://github.com/whonix/anon-apps-config anon-apps-config
]:
* I2P config: Disable Frequent connection to news letter server No need to make unnecessary connections to external server for each couple of minutes. Harmful anonymity practice.
https://github.com/Whonix/anon-apps-config/commit/f8aa6c26e8c38f3504a5540aad6a920d421f69bb
(Thanks to TNT BOM BOM!)
* I2P config: Update router.config.anondist Since I2P going to run over Tor which is a socks5 then reseeding should be over socks5 as well.
https://github.com/Whonix/anon-apps-config/commit/1556b5f152622cb72045e800ee13df03e50ca420
(Thanks to TNT BOM BOM!)
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* add onion-grater-list manpage
https://github.com/Whonix/anon-gw-anonymizer-config/commit/6a531fd46f07f79b9dfb564f2cf7b1fd867c2fda
(Thanks to nyxnor!)
* improve onion-grater-list
https://github.com/Whonix/anon-gw-anonymizer-config/commit/6ca9097f099d8848858793d6c5e56b2da183522e
(Thanks to nyxnor!)
* add onion-grater-list
https://github.com/Whonix/anon-gw-anonymizer-config/commit/12e9103b7d84ca602d6a3951a82d041e36dd4da0
(Thanks to nyxnor!)
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* install Thunderbird by default https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505/12
https://github.com/Whonix/anon-meta-packages/commit/d7a64ffa81fa03c431382a00d55b0cb6c8161eb1
[https://github.com/whonix/onion-grater onion-grater
]:
* signed commit
https://github.com/Whonix/onion-grater/commit/73b5aeb85e3defb65cd5da16102777f34fabd4ad
* revert
https://github.com/Whonix/onion-grater/commit/196c69cca36d593d17a811ec0000c02327097c97
* support multiple directories and multiple matchers allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845
https://github.com/Whonix/onion-grater/commit/884d6eba523ec98a88b3cc1326d71c7fd83847c8
(Thanks to nyxnor!)
* no need to edit systemd file to set arguments
https://github.com/Whonix/onion-grater/commit/2353be12767d933ebc43b6dd3f49928191a43b41
(Thanks to nyxnor!)
* fix old apparmor variable
https://github.com/Whonix/onion-grater/commit/ed4af1fcc9b07f6e6278dad18a4ecfc080c35fb7
(Thanks to nyxnor!)
* make bitcoind accept 127.0.0.1 and 0.0.0.0
https://github.com/Whonix/onion-grater/commit/9addd1d6dd9671b18e5415a196b92d7f6ee5846c
(Thanks to nyxnor!)
[https://github.com/whonix/whonix-welcome-page whonix-welcome-page
]:
* Revert "Revert "Depends: kicksecure-welcome-page"" This reverts commit f9c5482f4e55002412a0e0e1df3ca06110886302.
https://github.com/Whonix/whonix-welcome-page/commit/8b524f98f6f25acd4ab38bad878dcfa966f67059
* End of year banner for welcome page
https://github.com/Whonix/whonix-welcome-page/commit/ce0001668678fd4bd0fe10eb15a2c3378d389a38
(Thanks to Your Name!)
* Revert "Depends: kicksecure-welcome-page" This reverts commit 36ad250c1dbb3436b93f0b96f25b7ef88e9aab26.
https://github.com/Whonix/whonix-welcome-page/commit/f9c5482f4e55002412a0e0e1df3ca06110886302
* Merge branch 'master' of https://github.com/Whonix/whonix-welcome-page
https://github.com/Whonix/whonix-welcome-page/commit/aa6485dd3f04d4e21685d7f27f90c3daef42ab35
(Thanks to Your Name!)
* Revert local HP back to without endofyear banner
https://github.com/Whonix/whonix-welcome-page/commit/97402c419f26178a1cd642957aabdabd365f6d9e
(Thanks to Your Name!)
* set Firefox ESR from Debian package sources homepage to about:blank This is to disable kicksecure-welcome-page in Whonix.
https://github.com/Whonix/whonix-welcome-page/commit/e5f6f06e3d4af99505bd507be509d19c2dde9765
* Depends: kicksecure-welcome-page
https://github.com/Whonix/whonix-welcome-page/commit/36ad250c1dbb3436b93f0b96f25b7ef88e9aab26
* Whonix local HP referencing Kicksecure local HP
https://github.com/Whonix/whonix-welcome-page/commit/e9a09e154a4686876cd81e534be766a4144410e1
(Thanks to Your Name!)
* Whonix End of Year Banner
https://github.com/Whonix/whonix-welcome-page/commit/5a8bca82b700ef1060bd4fa9fcbf886bd6f6f2e6
(Thanks to Your Name!)
== {{project_name_short}} 16.0.8.2 ==
[https://github.com/whonix/anon-apps-config anon-apps-config
]:
* pref(“mailnews.start_page.enabled”, false);
https://github.com/Whonix/anon-apps-config/commit/49ecbc1c2a8d9fc20b5784a8c81c06e685449b86
* Drop everything related to Enigmail Updated to reflect Tails version as of 2022
https://github.com/Whonix/anon-apps-config/commit/906f86ba462ef8fb0a8f84a2dc540511fe18fb88
(Thanks to @HulaHoop!)
* Updated to reflect Tails version as of 2022
https://github.com/Whonix/anon-apps-config/commit/113998b6453c61c8861eb0cae80e55d2624f8ebb
(Thanks to @HulaHoop!)
* update onionjuggler conf
https://github.com/Whonix/anon-apps-config/commit/b0654176ae94091eb4e0920ec1a1e15d8b2d2ecc
(Thanks to nyxnor!)
* chmod +x etc/onionjuggler/conf.d/30_whonix.conf to fix lintian warning W: anon-apps-config: script-not-executable etc/onionjuggler/conf.d/30_whonix.conf
https://github.com/Whonix/anon-apps-config/commit/8773f211e508b26f4ee3ec21cb5e47faaf75cb11
* add onionjuggler whonix conf
https://github.com/Whonix/anon-apps-config/commit/73aa4a4668a4d1d55ac9f454217dab3c2d0ca04b
(Thanks to nyxnor!)
* disable ntp time check disabled time check since it uses ntp which doesnt exist in whonix. (it has no effect on the connection)
https://github.com/Whonix/anon-apps-config/commit/dc2b157e61dfb7b324a3f61589c75c9acca23ac8
(Thanks to TNT BOM BOM!)
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* fix AppArmor
https://github.com/Whonix/anon-gw-anonymizer-config/commit/32368cbbcc4f09302836fba67a58f927514ac141
* addgroup -> adduser fix
https://github.com/Whonix/anon-gw-anonymizer-config/commit/3e16fad210bc03b18320bf740238966d85c504cb
* improve anon-verify output
https://github.com/Whonix/anon-gw-anonymizer-config/commit/d619a1bf3edeb463dfb75dde15f870e910da6965
* anon-verify: fix enumeration of all Tor config drop-in snippets for new `%include /etc/torrc.d/*.conf` syntax
https://github.com/Whonix/anon-gw-anonymizer-config/commit/02f368f72e03e202f1b4e749678d48c4b6396eba
[https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor
]:
* addgroup -> adduser fix
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/6f4104b0db9d2b70d43e16a1af59a6f2338a8582
[https://github.com/whonix/onion-grater onion-grater
]:
* correct bitcoind binding ports
https://github.com/Whonix/onion-grater/commit/38316044dc73eab7519890514db44f044f479d69
(Thanks to nyxnor!)
* correct bitcond pattern for all default ports of the chains
https://github.com/Whonix/onion-grater/commit/12477ae6da0c82bc79898184c086287a6512a8db
(Thanks to nyxnor!)
* fix systemd seccomp violation after suspend/resume by adding `SystemCallFilter` `select` Sep 25 01:06:57 host audit[841]: SECCOMP auid=4294967295 uid=106 gid=116 ses=4294967295 subj==/usr/lib/onion-grater (enforce) pid=841 comm="onion-grater" exe="/usr/bin/python3.9" sig=31 arch=c000003e syscall=23 compat=0 ip=0x792fb3bac2a3 code=0x80000000
https://github.com/Whonix/onion-grater/commit/86584992cb4e83873617a9471ac7b05c9e1a0981
[https://github.com/whonix/whonix-firewall whonix-firewall
]:
* shfmt
https://github.com/Whonix/whonix-firewall/commit/48eb9e019551ea714fb6b1ee8de54c3b7c168571
* shfmt
https://github.com/Whonix/whonix-firewall/commit/ebc69f2718c9edb8ae6cbb6dc9070108b9a902d1
* shfmt
https://github.com/Whonix/whonix-firewall/commit/9d364febd84cdb739f3703975ee39324f21e4d87
* shfmt
https://github.com/Whonix/whonix-firewall/commit/4d036535a3ef0faeb7b27d0f5cc4d7e76ca5761c
* verbosity
https://github.com/Whonix/whonix-firewall/commit/058c03186f9474ba7223a4766d4ed92e89a750ba
* set all defaults first before parsing config folder Thanks to @nyxnor for the report! https://forums.whonix.org/t/how-to-unset-firewall-array/15604
https://github.com/Whonix/whonix-firewall/commit/cdf359736aa6e81e0c7200723849afd0b2ba9277
* not opening ports instead of closing, wording
https://github.com/Whonix/whonix-firewall/commit/5ec6e1fac57c5dd6d5f6a80170c61476e95141b3
(Thanks to nyxnor!)
* be verbose no port is being opened
https://github.com/Whonix/whonix-firewall/commit/3c5fd6b4eb446cd997384818bee35d2baf0629bc
(Thanks to nyxnor!)
* double quote "$@"
https://github.com/Whonix/whonix-firewall/commit/682be4c3c74668f21aa873bfe92c3a52d8caf81b
(Thanks to nyxnor!)
* always inform SOCKSIFIED if set to '0'
https://github.com/Whonix/whonix-firewall/commit/b303e37017a25fe6893cc739cde430755f3c1f92
(Thanks to nyxnor!)
* print informational messages https://forums.whonix.org/t/print-ports-opened-in-the-firewall/15469
https://github.com/Whonix/whonix-firewall/commit/950cdaf1a721aa3e5230ab83d1fe678b84a64a56
(Thanks to nyxnor!)
* make the main script pass arguments to child also make the script be called by path, so easier to test by placing script at /usr/local/bin
https://github.com/Whonix/whonix-firewall/commit/6e0dd7bed6138f2121938399b6d30bc9f2016ce1
(Thanks to nyxnor!)
[https://github.com/whonix/whonix-welcome-page whonix-welcome-page
]:
* new file: usr/share/doc/homepage/whonix-welcome-page/img/Search-ahmia.png
https://github.com/Whonix/whonix-welcome-page/commit/b62cec05bed9a9c88d4d8db08e0d95f397a05b1a
* minor: link to root domain, not index.html
https://github.com/Whonix/whonix-welcome-page/commit/6c09f925606c04de7ca9a3a538efeaa6cf32ed8f
* ahmia
https://github.com/Whonix/whonix-welcome-page/commit/d22f55e315780a68c84f2b718196ed782b8bbb59
* add icon for brave search
https://github.com/Whonix/whonix-welcome-page/commit/79cb1bf2f159dcb7beb65b6bacb93e04c39d3962
* Add onions as much as possible instead of TLS only https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/106
https://github.com/Whonix/whonix-welcome-page/commit/50837699666ce86e922ab215e09f615924885956
(Thanks to TNT BOM BOM!)
== {{project_name_short}} 16.0.5.3 ==
TODO: https://forums.whonix.org/t/whonix-16-0-5-3-for-virtualbox-point-release/13817
== {{project_name_short}} 16.0.5.0 ==
[https://github.com/{{project_name_short}}/derivative-maker derivative-maker
]:
* rename `Whonix-Workstation-CUSTOM` to `Whonix-Custom-Workstation`
https://github.com/{{project_name_short}}/derivative-maker/commit/59f0feb3e06633b08551156a0229a8ef88514aac
* fix qcow2 Whonix-Custom-Workstation build
https://github.com/{{project_name_short}}/derivative-maker/commit/bb3e5d175cadc123cd4444d4d18703d4a93a2b28
* improve images upload script
https://github.com/{{project_name_short}}/derivative-maker/commit/5dbfc39d33f420c769343e5893bf1da5a378392e
* introduce variable `dist_build_files_to_upload`
https://github.com/{{project_name_short}}/derivative-maker/commit/0f4f4822602c987ac5f3b07919ff24b6345c4691
* improve error message if build dependency is missing
https://github.com/{{project_name_short}}/derivative-maker/commit/380d0552bc6365afcdce55822cb9def002f5dcb7
* sanity test
https://github.com/{{project_name_short}}/derivative-maker/commit/a28bd92eff008ad480112f5ca7a9f48059c360e8
* sanity test
https://github.com/{{project_name_short}}/derivative-maker/commit/7f0c73d95e0a09c1c962f50e13e14b7c577b2ffe
* add `--delete --utm` incomplete boilerplate implementation
https://github.com/{{project_name_short}}/derivative-maker/commit/2fdcce77c69de6bed06fc27481cae63ccb260ef6
* rename /etc/derivative-makerconfig.d to /etc/buildconfig-dist.d rename derivative-maker to derivative-maker
https://github.com/{{project_name_short}}/derivative-maker/commit/cac7bf755068b4977dbaf034df069ac6a95f3ba0
* generic variables names
https://github.com/{{project_name_short}}/derivative-maker/commit/6a0c415fc1bd98e42d4bd3ad2102a6cd954f459c
* generic variables names
https://github.com/{{project_name_short}}/derivative-maker/commit/1c9855844e3483033daff2f169f89af71e028357
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* remove torrc-d-cleaner since no longer required because Tor now has wildcard support and is configured to parse config files ending with `*.conf` only.
https://github.com/Whonix/anon-gw-anonymizer-config/commit/decc367b9412c6171a18a496744353637353cc8c
* run repair-torrc from tor-config-sane
https://github.com/Whonix/anon-gw-anonymizer-config/commit/827c46e6ec1899ca78200ca626961ebb9aa1e914
* only `%include` config files ending with `*.conf` https://www.whonix.org/wiki/Dev/Tor
https://github.com/Whonix/anon-gw-anonymizer-config/commit/3dd761b7a745496e9ad27ef4b8275262175aa1a6
* cleanup, remove workaround for old bug https://forums.whonix.org/t/configuring-onion-service/9042
https://github.com/Whonix/anon-gw-anonymizer-config/commit/0c083154890edf39829ab9038ba5d556f4295395
* downgrade copyright to avoid Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug
https://github.com/Whonix/anon-gw-anonymizer-config/commit/e8189b7b9cf72eae1d6dcffd863edd4eb8a79ec1
* workaround for Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug
https://github.com/Whonix/anon-gw-anonymizer-config/commit/032aedbdba67fcf2697d946afdf2c980957bba0b
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* add `tor-ctrl` to `whonix-shared-packages-recommended-cli`
https://github.com/Whonix/anon-meta-packages/commit/70773aef3432fb380c5e8aeb302d1d7ada65628c
[https://github.com/whonix/qubes-whonix qubes-whonix
]:
* lower debugging
https://github.com/Whonix/qubes-whonix/commit/1e81681e31ed64def79994f273bceecd064df1fa
[https://github.com/whonix/whonix-firewall whonix-firewall
]:
* lower debugging
https://github.com/Whonix/whonix-firewall/commit/8c682cc28ad2fe0537672c94ebe6e6a232de9356
[https://github.com/whonix/whonix-welcome-page whonix-welcome-page
]:
* remove hardcoded font, use font from Debian package sources instead
https://github.com/Whonix/whonix-welcome-page/commit/2785b2c01eb307d2652391297a6b6fc42730e47b
* update copyright since complete rewrite
https://github.com/Whonix/whonix-welcome-page/commit/a709e46407a5ffac5977a749b412b256aabc38a4
* Welcome Page Revision
https://github.com/Whonix/whonix-welcome-page/commit/56b8aa8b677ac4bc1d9d7c62ab52ab6100c2581f
(Thanks to Your Name!)
== {{project_name_short}} 16.0.4.2 ==
[https://github.com/whonix/anon-apps-config anon-apps-config
]:
* disable Thunderbird default homepage by default to avoid https connection for better security hardening Thanks to @HulaHoop for the suggestion! https://forums.whonix.org/t/canning-thunderbirds-startpage/13007/1
https://github.com/Whonix/anon-apps-config/commit/7892543371ccc224c8fca50a76e71e08704f8afe
[https://github.com/Kicksecure/anon-connection-wizard anon-connection-wizard
]:
* add tag ap_conn_done_pt
https://github.com/Kicksecure/anon-connection-wizard/commit/c6685af1a9fc4bbd1c912e7ff3277538baaff893
* add tag conn_done_pt
https://github.com/Kicksecure/anon-connection-wizard/commit/850604b878fd1208bdb1c6b08324efac717a5285
* update default bridges
https://github.com/Kicksecure/anon-connection-wizard/commit/54fb98886fcbfbce235633773287cb838d382cb5
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* fix Tor Browser 11.06 - New Identity function error message suppressed subscription to event 'STREAM related to: https://www.whonix.org/wiki/Tor_Browser#New_Tor_Circuit_Function Thanks to @torjunkie to the bug report! https://forums.whonix.org/t/tb-v11-06-new-identity-function-error-message/13326
https://github.com/Whonix/anon-gw-anonymizer-config/commit/39f623f968bb1e143e3c402f008e7c0f7b71a817
* arm -> nyx
https://github.com/Whonix/anon-gw-anonymizer-config/commit/2ee2f10eb0115f6b49d6c10df33b35ef9c1db12d
* renamed: usr/share/applications/gateway-arm.desktop -> usr/share/applications/gateway-nyx.desktop
https://github.com/Whonix/anon-gw-anonymizer-config/commit/0ac977c2ba3b636ed8402e2bf76b3214276bec3a
* fix onion-grater-remove
https://github.com/Whonix/anon-gw-anonymizer-config/commit/822fe4e4f79dc9f0a3b24ce8a78d6908edbc5985
[https://github.com/Kicksecure/icon-pack-dist anon-icon-pack
]:
* renamed: usr/share/icons/anon-icon-pack/arm.ico -> usr/share/icons/anon-icon-pack/nyx.ico
https://github.com/Kicksecure/icon-pack-dist/commit/6592b37cfed4db2b6e8a2cb856a6f4550ccbbfa7
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* install kicksecure-default-applications-cli per default on the workstation due to recent kicksecure-meta-packages refactoring
https://github.com/whonix/anon-meta-packages/commit/ae6cb1ce8027606782e4202377c2926fc227276a
* install kicksecure-recommended-cli by default on gateway and workstation due to refactoring of kicksecure-meta-packages
https://github.com/whonix/anon-meta-packages/commit/9c160f1492fd634e0e4baf0a9c498a68476ba571
* remove setup-dist from whonix-shared-packages-dependencies-cli because now part of kicksecure-dependencies-cli
https://github.com/whonix/anon-meta-packages/commit/bb5ae8c8580e522406ebd4c255b0c9cf1df237be
* improve multiple architecture support / split dummy-dependency package into multiple packages
https://github.com/whonix/anon-meta-packages/commit/b52179af6e0db1dfc6e65802b836addb14f13974
[https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo anon-shared-build-apt-sources-tpo
]:
* fix, update path
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/6c529f3d83b8fd34c88b7940d38b4e0efb12c283
[https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor
]:
* Tor emulation: fix, pass all command line options to `tor` when being called with `--verify-config` https://github.com/nyxnor/tor-ctrl/issues/9
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/e6c05d99006849caf4326d58d4cca4cb0e001c1b
* implement `tor --verify-config` tor-ctrl uses 'tor --verify-config' fixes https://github.com/nyxnor/tor-ctrl/issues/9
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/7a1e0b59d39bc705c1e39be69a2c3dedb04c0f04
[https://github.com/Kicksecure/apparmor-profile-everything apparmor-profile-everything
]:
* ConditionPathExists=!/run/qubes-service/no-sdwdate
https://github.com/Kicksecure/apparmor-profile-everything/commit/da5e8a834380e520877ec51f2bcfe78e3e688cf3
[https://github.com/Kicksecure/apparmor-profile-hexchat apparmor-profile-hexchat
]:
* harden profile and remove xchat support https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951331#23
https://github.com/Kicksecure/apparmor-profile-hexchat/commit/d2a9d37b0e387144ed8e73a16c4a0c4037d1f984
[https://github.com/Kicksecure/bootclockrandomization bootclockrandomization
]:
* ConditionPathExists=!/run/qubes-service/no-bootclockrandomization ConditionPathExists=!/run/qubes-service/no-bcr
https://github.com/Kicksecure/bootclockrandomization/commit/f02a3553c61a901d6ce98d1d5629be4c2a032cdf
* Make delay_plus_or_minus overridable via env var
https://github.com/Kicksecure/bootclockrandomization/commit/1837346b080132d3f7ca8dac81d13d489cfa2662
(Thanks to deeplow!)
[https://github.com/Kicksecure/helper-scripts helper-scripts
]:
* `/usr/libexec/helper-scripts/terminal-wrapper`: add support for `gnome-terminal`
https://github.com/Kicksecure/helper-scripts/commit/d3390d4c0889794204791329555615756ed4aa40
* hardened-malloc-type-test: Hardened Malloc version 10 compatibility
https://github.com/Kicksecure/helper-scripts/commit/893974f9ee9ac69a9e55c37692818fd7d63b48b7
* anon-consensus-del: also restart vanguards
https://github.com/Kicksecure/helper-scripts/commit/a70612f9ca94a2b84697dc27792fdd0f7f74ad40
* `/usr/libexec/helper-scripts/curl_exit_codes`: add newer curl exit codes
https://github.com/Kicksecure/helper-scripts/commit/54e2888ccf378ae60127b26774407460041cb8e5
[https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages
]:
* install kicksecure-default-applications-cli by default in Kicksecure
https://github.com/Kicksecure/kicksecure-meta-packages/commit/ea7851dedf6b7a7f5df9b6b3a71d35726793e116
* split into kicksecure-recommended-cli and kicksecure-default-applications-cli
https://github.com/Kicksecure/kicksecure-meta-packages/commit/f1790451a9ccb3883a3fef70963cdf7266a8a271
* add setup-wizard-dist to kicksecure-desktop-applications-recommended
https://github.com/Kicksecure/kicksecure-meta-packages/commit/dbb182f8b4de5f13f3f82efc103f06a5236832f0
* add setup-dist to kicksecure-dependencies-cli
https://github.com/Kicksecure/kicksecure-meta-packages/commit/4dd31bd6d25e43a8cf4d675b8f030d13fd7d1057
* add systemcheck to kicksecure-recommended-cli
https://github.com/Kicksecure/kicksecure-meta-packages/commit/0062df31d04a136b013bccabfac9c4f28e2e699d
* move a lot packages from kicksecure-dependencies-cli to kicksecure-dependencies-cli since this is more apprpriate. haveged, jitterentropy-rngd, man-db, bzip2, net-tools, dnsutils, iputils-ping, file, lsof, pciutils, strace, sysfsutils, procps, e2fsprogs, less, most, apparmor-utils, bash-completion, nano, udisks2, libblockdev-crypto2, sensible-utils, secure-delete, openvpn, curl, wget, usability-misc, open-link-confirmation, hardened-malloc | dummy-dependency
https://github.com/Kicksecure/kicksecure-meta-packages/commit/2e4eec07603c539807a5429f26ef81fbe7769c0a
* no longer install zsh by default
https://github.com/Kicksecure/kicksecure-meta-packages/commit/19eaae178b143662f0309a2505705d943cf97cd6
* add equivs to kicksecure-recommended-cli
https://github.com/Kicksecure/kicksecure-meta-packages/commit/80704660561357a7f377dbc562968386b2173613
* legacy
https://github.com/Kicksecure/kicksecure-meta-packages/commit/cb20b19da6400f83b59bd5f5b601c9bbf20e86d4
* legacy
https://github.com/Kicksecure/kicksecure-meta-packages/commit/0c14c945ed13d36ff78ccc0a30b544b40ac63da9
* hardened-malloc-kicksecure-enable -> hardened-malloc-light-enable
https://github.com/Kicksecure/kicksecure-meta-packages/commit/d7e51eebebe6faeb1a580cc7cde83412da9e68f3
* improve multiple architecture support / split dummy-dependency package into multiple packages
https://github.com/Kicksecure/kicksecure-meta-packages/commit/bdfcbc1d60fd39368715e39b3a5ca6b6d84a2726
* dummy-dependency: remove lkrg, binaries-freedom, orca-screen-reader-support for simplicity because these packages are not a dependency yet
https://github.com/Kicksecure/kicksecure-meta-packages/commit/3f1cea7767ccc6e01b6a9e5a0d6893571b3d70ba
[https://github.com/Kicksecure/live-config-dist live-config-dist
]:
* version
https://github.com/Kicksecure/live-config-dist/commit/f9aa298ec0b8cf38e52ead61daa5093bb1b4f445
[https://gitlab.com/kicksecure/monero-gui monero-gui
]:
* monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200018/https://github.com/monero-project/monero-gui/releases/tag/v0.17.3.0 https://web.archive.org/web/20211213200116/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200210/https://www.getmonero.org/downloads/hashes.txt
https://gitlab.com/kicksecure/monero-gui/-/commit/0d9356e5f8815fd9cade046e1a357e853814884b
* delete for upcoming update
https://gitlab.com/kicksecure/monero-gui/-/commit/198b2df3c2c23767f7f9b6f1dbc4078bcd67ed0b
[https://github.com/Kicksecure/msgcollector msgcollector
]:
* `/usr/libexec/msgcollector/error_handler`: fix exit code capturing
https://github.com/Kicksecure/msgcollector/commit/77a6c4d465dc998470e290a5ada5356ad70cc748
[https://github.com/whonix/onion-grater onion-grater
]:
* disable `ProcSubset=pid` due to onion-grater crash at startup > onion-grater[23859]: FileNotFoundError: [Errno 2] No such file or directory: '/proc/stat'
https://github.com/Whonix/onion-grater/commit/4b13181ac4743c9a969164b81bf840eb85325fb7
* fix, prevent dh_compress from compressing the OnionShare onion-grater profile Thanks to @DaemonFuu for the bug report! https://forums.whonix.org/t/onion-grater-deb-package-contains-compressed-40-onionshare-yml/13154
https://github.com/Whonix/onion-grater/commit/e36db8f769230959ea07ce44ede333aef00a39e5
* towards OnionShare 2.4 support
https://github.com/Whonix/onion-grater/commit/63eb2f20b302dbdb902629d166c444bb4826d4df
* towards OnionShare 2.4 support
https://github.com/Whonix/onion-grater/commit/132ac995c750d6fd19e095bf1f2fc76f41985ee6
* towards OnionShare 2.4 support
https://github.com/Whonix/onion-grater/commit/2d67dfddb301ed0589f368b47051cdd74e745c61
[https://github.com/Kicksecure/open-link-confirmation open-link-confirmation
]:
* add infinite recursive loop protection
https://github.com/Kicksecure/open-link-confirmation/commit38e03d1737b185934fc0a6f4c3558b1666c2a978
[https://github.com/whonix/qubes-whonix qubes-whonix
]:
* `/usr/share/tinyproxy/default.html.anondist`: also customize html body in case tinyproxy does not show html head
https://github.com/Whonix/qubes-whonix/commit/47fb073dae35b9e6b23b6c5a227a85ed7f129ee3
* qvm-sync-clock.anondist code simplification
https://github.com/Whonix/qubes-whonix/commit/1359ef3e47715c04d4a4d071b3ca0679a4020b01
* initial version of qvm-sync-clock.anondist
https://github.com/Whonix/qubes-whonix/commit/f2190c69cb5859b0f0b6242fc20a84811ef83fb3
[https://github.com/Kicksecure/sdwdate sdwdate
]:
* do not start `qubes-sync-time` (conflicts with `sdwdate`), if file `/etc/sdwdate.d/qubes-sync-time-disabled-by-sdwdate.marker` exists. That file exists in a default sdwdate installation.
https://github.com/Kicksecure/sdwdate/commit/96151eb6a7c061f7ce56bb1c76a327cbc90046a3
* fix sdwdate-log-viewer to include seccomp failures https://forums.whonix.org/t/sdwdate-loop-conclusion-tor-already-reports-circuit-established-seccomp-issue/13260/13
https://github.com/Kicksecure/sdwdate/commit/8bb53ef360939fe4529f3c39e5811ee44ea96c75
* update 20_arch_syscall_whitelist.conf unlinkat needs to be whitelisted otherwise sdwdate fails with error: SECCOMP auid=4294967295 uid=102 gid=108 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=3328 comm="sdwdate" exe="/usr/bin/python3.9" sig=31 arch=c00000b7 syscall=35 compat=0 ip=0xf37077846c74 code=0x80000000
https://github.com/Kicksecure/sdwdate/commit/6b5f10195133d88fdc89d2fe737651fbf2e07063
(Thanks to Emanuele Rossi!)
* ConditionPathExists=!/run/qubes-service/no-sdwdate
https://github.com/Kicksecure/sdwdate/commit/e6032989d3053e92758aefc83e3413c593de354c
* add qubes-sync-time.service and qubes-sync-time.timer to sdwdate-log-viewer
https://github.com/Kicksecure/sdwdate/commit/8911f33e4d48877ad415379c7e252318c255a9d9
* add `bootclockrandomization.service` to sdwdate-log-viewer
https://github.com/Kicksecure/sdwdate/commit/caca7f412c4b19b5c7db2e3394a870e4d5124fa7
* Qubes suspend post: disable qubes.GetRandomizedTime since no longer required. sdwdate / anondate can nowadays fix the time without it.
https://github.com/Kicksecure/sdwdate/commit/6215a9ea996e9db970059c3b4ad58d17016b7483
* Qubes suspend pre/post: disable restart of Tor since that is no longer required. And even if it was required, this would be handled by sdwdate / anondate.
https://github.com/Kicksecure/sdwdate/commit/7a43153a2fe80eb492b1abf14f1f20bb66da02f5
* `date --utc` https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/17
https://github.com/Kicksecure/sdwdate/commit/0d43f1a2a6f8796d6d46e34a81788a0a7293f089
[https://github.com/Kicksecure/sdwdate-gui sdwdate-gui
]:
* notify-shutdown: skip notify shutdown if sdwdate is not running
https://github.com/Kicksecure/sdwdate-gui/commit/374bc31c8bd97de6e2f4f578e120daf70527e9eb
* do no autostart if file /run/qubes-service/no-sdwdate exists
https://github.com/Kicksecure/sdwdate-gui/commit/c694998f22e36ff142213ff177e789acec3f2dce
* ConditionPathExists=!/run/qubes-service/no-sdwdate
https://github.com/Kicksecure/sdwdate-gui/commit/7d9b5044a35d19e44454e0fbdf34efa055b30ef5
* restart action: use `sdwdate-clock-jump` instead of restarting sdwdate manually
https://github.com/Kicksecure/sdwdate-gui/commit/a60a996ce2228830607aa7afdde8aec9d512daa0
* port to QREXEC_REMOTE_DOMAIN part of https://phabricator.whonix.org/T930
https://github.com/Kicksecure/sdwdate-gui/commit/21d35022ab47dde44eacbef75c5d6c2260125521
* fix "Denied: whonix.NewStatus" dom0 permission when shutting down Whonix-Gateway [Qubes OS 4.1] Thanks to @unknown for the bug report! https://forums.whonix.org/t/qubes-os-4-1-denied-whonix-newstatus-dom0-permission/12954
https://github.com/Kicksecure/sdwdate-gui/commit/e371e234a15cbaf89181798a204192d2a92df089
* `sdwdate-gui-shutdown-notify.service`: `Before=shutdown.target umount.target final.target`
https://github.com/Kicksecure/sdwdate-gui/commit/d4f963b6e5aa434dfc38229faaf2a7eef932dde4
* avoid start/restart of sdwdate-gui notify shutdown service during package install/upgrade dh_installsystemd --no-start --no-stop-on-upgrade
https://github.com/Kicksecure/sdwdate-gui/commit/5141ec63cd230ec825e7f15ff5d74e81605b174f
[https://github.com/Kicksecure/security-misc security-misc
]:
* fix, skip deletion of system.map files on read-only filesystems This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
https://github.com/Kicksecure/security-misc/commit/4f6f588fb53d2756d867ac7e29fb42f4f8fdb335
[https://github.com/Kicksecure/setup-wizard-dist setup-wizard-dist
]:
* Kicksecure
https://github.com/Kicksecure/setup-wizard-dist/commit/30a03972b164f91faa20e11d50fb4ec2d5ffea0d
[https://github.com/Kicksecure/systemcheck systemcheck
]:
* Kicksecure
https://github.com/Kicksecure/systemcheck/commit/3f2d5f8b4082e148c9d293c1f22bf7f50697655b
* Kicksecure
https://github.com/Kicksecure/systemcheck/commit/9ba59c89e4f651463cb23007a7f921be419145c1
* fix, skip check_network_interfaces eth0 on Kicksecure
https://github.com/Kicksecure/systemcheck/commit/4051ffb6afc07dddee329117e93e3656d971d6d3
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8
https://github.com/Kicksecure/systemcheck/commit/f200d0fd05a097734f346e89a50fc1a4dab39574
[https://github.com/Kicksecure/tb-starter tb-starter
]:
* update links to documentation
https://github.com/Kicksecure/tb-starter/commit/756060c7ee158d3d156c1d9129b90c57f4bbd664
[https://github.com/Kicksecure/tb-updater tb-updater
]:
* alpha tbb_hardcoded_version="11.5a2"
https://github.com/Kicksecure/tb-updater/commit/4cdf6dbbf79c19ecfc8f8a9ff0cc4f48f494b14e
* tbb_hardcoded_version="11.0.6"
https://github.com/Kicksecure/tb-updater/commit/e4f73a11bd0e01ccbee63eccd2c04b01c6234110
* update links to documentation
https://github.com/Kicksecure/tb-updater/commit/b6d5ef20fcca243e32f7c0c51f63dbc74c04915a
* update links to documentation
https://github.com/Kicksecure/tb-updater/commit/c3a7e8205a2474f6d12afe8810b51a3c6691dd84
* tbb_hardcoded_version="11.0.4"
https://github.com/Kicksecure/tb-updater/commit/13b84940fe14cce61a3c9046e320d49461ae695e
* tbb_hardcoded_version="11.0.3"
https://github.com/Kicksecure/tb-updater/commit/09c73931fef1bfa39f59a5395baef2757ac66688
* switch to "direct" digital signature verification - no longer download and verify sha256 hash file as this is no longer required - use only `gpg` to verify digital signature of Tor Browser - higher security - code simplification This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`. - https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077 - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759 Unfortunately this breaks arm64 downloads. - https://forums.whonix.org/t/arm64-tor-browser/11806
https://github.com/Kicksecure/tb-updater/commit/f79cb405e16aebbb70f63032089ae7fbac6df9f1
* tbb_hardcoded_version="11.0.2"
https://github.com/Kicksecure/tb-updater/commit/279125241b1f27c167792a56d14830deb1a39836
* alpha tbb_hardcoded_version="11.5a1"
https://github.com/Kicksecure/tb-updater/commit/161a93905fed20c969603eef8359f233da94735a
* add updated signing key as annoucned here: https://blog.torproject.org/new-release-tor-browser-115a1/ Thanks to @pgerber for the bug report! fixes https://github.com/Kicksecure/tb-updater/issues/16
https://github.com/Kicksecure/tb-updater/commit/ab1700b724bfb50002ac5d3a793765b96ebc3ca8
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8
https://github.com/Kicksecure/tb-updater/commit/57e9817fd41d70462dbc04908db7bebbafa5140c
[https://github.com/Kicksecure/tor-control-panel tor-control-panel
]:
* add tag ap_conn_done_pt
https://github.com/Kicksecure/tor-control-panel/commit/4e4f87b865c61dcc98a8611e3306dbd39ccdc6dd
* fix parsing Tor config file is using plain (not using pluggable transport) bridge https://forums.whonix.org/t/bridges-dont-work/13210/12
https://github.com/Kicksecure/tor-control-panel/commit/05a733f9952054708786b158201f2d431f6cb3b1
* add tag conn_done_pt
https://github.com/Kicksecure/tor-control-panel/commit/dabfac891b3defb46900db8821805cee02b0025e
* update default bridges
https://github.com/Kicksecure/tor-control-panel/commit/15fd57ac7aa82196a64361e9891690ed49ac68b8
[https://github.com/Kicksecure/developer-meta-files developer-meta-files
]:
* disable buster
https://github.com/Kicksecure/developer-meta-files/commit/be5c0f984e3745f3a7361bd345c25d5bdf967ddb
* delete unused release/new_release
https://github.com/Kicksecure/developer-meta-files/commit/c47672486c5a7b86b067206787ffe9e9ca5d5e8d
* remove old Whonix news files
https://github.com/Kicksecure/developer-meta-files/commit/812dd00037a4d02bb8ed10d425a1b0f0eb35da2a
* disable buster
https://github.com/Kicksecure/developer-meta-files/commit/d7d07a729ef28467bcdb348bcd4514067433d293
* whonixdevelopermetafiles -> developer-meta-files
https://github.com/Kicksecure/developer-meta-files/commit/8da9fac06e1f3799bf267bbc63a997802b013631
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8
https://github.com/Kicksecure/developer-meta-files/commit/99e2726a2e36bfdda5572fb03a5647a54747b32a
* deleted: release/upload_whonix_news_v4
https://github.com/Kicksecure/developer-meta-files/commit/f36b3550f849f6cef3fd372276973c82c98107ce
* include kicksecure
https://github.com/Kicksecure/developer-meta-files/commit/9af0fd941b3ec7a7befcdbdf12442197a90e1e5d
[https://github.com/whonix/whonix-firewall whonix-firewall
]:
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8
https://github.com/Whonix/whonix-firewall/commit/cda126ad2bdde60c42a3fc3349845ad3afc5ebf4
[https://github.com/whonix/derivative-maker Whonix build script
]:
* tor-ctrl
https://github.com/{{project_name_short}}/derivative-maker/commit/38827606b04cd08e7439e27e3c79216ab36879bf
* add tor-ctrl
https://github.com/{{project_name_short}}/derivative-maker/commit/e90bc12bfbbb1754cf4b3863c772b38e9e116acb
* squashfs-tools-ng
https://github.com/{{project_name_short}}/derivative-maker/commit/0f682f9dd382897fc55f87f35b8b0462e336aa89
* remove buster repository
https://github.com/{{project_name_short}}/derivative-maker/commit/ed5a8a6fce5f6d3963c6dcc2966138354a6858fe
== {{project_name_short}} 16.0.3.7 ==
[https://github.com/Kicksecure/anon-apt-sources-list anon-apt-sources-list
]:
* Depends: fasttrack-archive-keyring
.
https://github.com/Kicksecure/anon-apt-sources-list/commit/9f7f8a607b5410672fb3d35d5613de5f83cdc6de
[https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config
]:
* Moved anon-consensus-delete
to helper-scripts
(as anon-consensus-del
).
https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4977845b00c43253bbcd7972bf91ddf88497f0f
[https://github.com/whonix/anon-gw-base-files anon-gw-base-files
]:
* KVM desktop background.
https://github.com/Whonix/anon-gw-base-files/commit/654f88a52a649c92b52e2304f886be7260d4ff77
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* Moved kicksecure-recommended-cli
from whonix-shared-packages-recommended-cli
to kicksecure-recommended-cli
.
https://github.com/whonix/anon-meta-packages/commit/eca63bd00415f7f2365aff736bd5a76d9fb0968b
* Removed packages pwgen
, codecrypt
, gpg
, gpg-agent
, dirmngr
, magic-wormhole
, diceware
, and makepasswd
from whonix-workstation-packages-recommended-cli
since these will be moved to kicksecure-meta-packages
.
https://github.com/whonix/anon-meta-packages/commit/ad8163d84b826f18bf3cfe50c98dabe8c9b41d59
* No longer install python3-msgpack
by default; it is no longer needed and was removed from whonix-workstation-packages-recommended-cli
.
https://github.com/whonix/anon-meta-packages/commit/fd008df8d2a0f9bcebdaef7c9281837c2827f628
* Remove legacy packages.
https://github.com/whonix/anon-meta-packages/commit/e9ea226efe8ad88735383bdb5b43e701604f3604
https://github.com/whonix/anon-meta-packages/commit/3f029f172961d28458e3ed7cdffa61285d06dd3c
[https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo anon-shared-build-apt-sources-tpo
]:
* Ensure compatibility with APT signed-by; port to `apt-key-install` by package helper-scripts
.
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/15e0d448a25d91f1f258c44c70452efb0f74c2e8
* `/etc/apt/sources.list.d/torproject.list`: use APT `signed-by`. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 https://support.torproject.org/apt/
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/882a14d0627b2fc0afa06bd7fed56070d78b4ed5
[https://github.com/whonix/anon-ws-base-files anon-ws-base-files
]:
* KVM desktop background.
https://github.com/Whonix/anon-ws-base-files/commit/e859c9baa21176f39c9c5310c03d59710893678a
[https://github.com/Kicksecure/apparmor-profile-everything apparmor-profile-everything
]:
* `sdwdate-aae.service`: Backported changes from sdwdate
.
https://github.com/Kicksecure/apparmor-profile-everything/commit/3b2c68137002add0126462bc8bc03f1d26f8922a
[https://github.com/Kicksecure/grub-live grub-live
]:
* Fixed dependencies.
https://github.com/Kicksecure/grub-live/commit/c8e7c06774a25cb4da426641701c6622ebb52642
[https://github.com/Kicksecure/helper-scripts helper-scripts
]:
* Disabled anondate
AppArmor profiles because they are not ready.
https://github.com/Kicksecure/helper-scripts/commit/d7d9e5323bf68925090b1965d4955185b77387d7
* `onion-time-pre-script`: Do not use `anondate-set` on {{project_name_workstation_long}} because sdwdate
can establish onion connections irrespective of {{project_name_workstation_long}} system clock (so long as {{project_name_gateway_long}} Tor is functional).
https://github.com/Kicksecure/helper-scripts/commit/79ed8b3ceb1cd1e96a5e84c9006da756f0e69180
* `/usr/libexec/helper-scripts/terminal-wrapper`: Added support for adding window title for `xfce4-terminal` emulator through the `terminal_emulator_window_title` environment variable.
https://github.com/Kicksecure/helper-scripts/commit/c65c560cee7ba194b374a0f75370bd215d60a69d
* anondate-get
: If Tor consensus time is later than the system clock, but minimum time is later than the Tor consensus time, show the minimum time instead of no result.
https://github.com/Kicksecure/helper-scripts/commit/73e232e41e8b24a7cfa9db22ee23ad365a18bb05
* onion-time-pre-script
: Added a user check to prevent broken file permissions.
https://github.com/Kicksecure/helper-scripts/commit/1b5397fd6b3a3826ab6dfaa2121a8f98aee276c2
* anondate-set
: Disabled Tor restart code since it is not needed.
https://github.com/Kicksecure/helper-scripts/commit/9e8627cf147cdabe36d65bc69a24eb987ce95374
* Added `usr/sbin/anon-consensus-del-files`.
https://github.com/Kicksecure/helper-scripts/commit/4c4c2ba5d5ae76ab0400ee1f0dc9736f967ec087
* Split into `anon-consensus-del` and `anon-consensus-del-files`.
https://github.com/Kicksecure/helper-scripts/commit/4b0497157282b44598e1c5b6d1eefa6372b5c531
* Created a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`.
https://github.com/Kicksecure/helper-scripts/commit/3de950184dc5c7d08230dd865f226ce9e124310b
* anondate
: Unduplicated output in journal
https://github.com/Kicksecure/helper-scripts/commit/18e02945bd021996a0a4d90c04a6dd0cae5e79c0
and lowered verbosity to avoid spamming logs.
https://github.com/Kicksecure/helper-scripts/commit/21f03ed1009107e10b36695881ca86b43013ed8f
* onion-time-pre-script
: Added a counter for how many times a script was run; output.
https://github.com/Kicksecure/helper-scripts/commit/84c4121938d8d8d1d73bc43fd0c842777b8508f0
* Added `/usr/libexec/helper-scripts/origins-parser`.
https://github.com/Kicksecure/helper-scripts/commit/0493bc3de3a561b66e309fa9e936cd2e6433f583
* anondate-set
: Ensure the system clock is not set backwards.
https://github.com/Kicksecure/helper-scripts/commit/543978493b230fb77616a7ce59551c8595603e2a
* Updated `minimum_unixtime`.
https://github.com/Kicksecure/helper-scripts/commit/f583d7d0041ab4cec4031346591f2206e130ba62
* aa-logprof
corrections.
https://github.com/Kicksecure/helper-scripts/commit/634368a2e49f554cdfaa1c4a00d7a4d73daad404
* anondate-get
: The minimum time is shown instead if it is later than Tor certificate lifetime.
https://github.com/Kicksecure/helper-scripts/commit/3659666a92054b628c2b8c762a56cdfc5a184452
* Fixed certificate lifetime parsing by anondate
.
https://github.com/Kicksecure/helper-scripts/commit/b752d08ac8797211953bc5361e3411e5db4133bc
* Fixed parsing Tor consensus time if Tor has not fetched a Tor consensus yet.
https://github.com/Kicksecure/helper-scripts/commit/d6b085322005f92f1aeb8ae9cb951921c7f77ab4
* Added anondate
output to journal (and therefore sdwdate-log-viewer
).
https://github.com/Kicksecure/helper-scripts/commit/3449194476ab5e31035fe011c259aa4074fa508e
* Rebased AppArmor profiles on aa-logprof
.
https://github.com/Kicksecure/helper-scripts/commit/ba05cd447fab73c1f95bb47008ab3721fc39a512
* Redesigned recovery from a slow clock.
https://github.com/Kicksecure/helper-scripts/commit/4746cbd02d32b4e513accaed677c0bee28b531f6
* Imported anon-consensus-del
from anon-gw-anonymizer-config
.
https://github.com/Kicksecure/helper-scripts/commit/48a0adb850051907efcb41e1643453ac08d966ce
[https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages
]:
* Removed fasttrack-archive-keyring
from kicksecure-recommended-cli
(added to anon-apt-sources-list
).
https://github.com/Kicksecure/kicksecure-meta-packages/commit/fb962e2c0062c086a0034f5ef3ac2a31416a278b
* Added pwgen
, codecrypt
, gpg
, gpg-agent
, dirmngr
, magic-wormhole
, diceware
, makepasswd
to kicksecure-recommended-cli
.
https://github.com/Kicksecure/kicksecure-meta-packages/commit/13f4ca0314080f2d2591462252bb929a9a20bfd1
* Added firefox-esr
.
https://github.com/Kicksecure/kicksecure-meta-packages/commit/a973ec1758afce15af75be1a63972edb140a61e2
Appreciation is expressed to @HulaHoop.
* Continued removal of Chromium.
https://github.com/Kicksecure/kicksecure-meta-packages/commit/7a41d45da8d3692484c97d27947183234ff4a79d
https://github.com/Kicksecure/kicksecure-meta-packages/commit/d458baa0ec28b46ed88ba72273b5748eed54d6c0
Appreciation is expressed to @HulaHoop.
* Legacy fixes.
https://github.com/Kicksecure/kicksecure-meta-packages/commit/92fa630d2b242b350beed87fc0465fa9adf6f6ce
[https://github.com/Kicksecure/msgcollector msgcollector
]:
* Improved `/usr/lib/systemd/user/usertest.service`.
https://github.com/Kicksecure/msgcollector/commit/807d3ed9154a226ff9bb737c69fbf05a59f52efb
* `/usr/libexec/msgcollector/one-time-popup`: Create a folder if not existing (mkdir -p).
https://github.com/Kicksecure/msgcollector/commit/2febd8e861b1fafb4c6a55fba8dc09473805263e
[https://github.com/Kicksecure/rads rads
]:
* Removed unnecessary `--no-restart-after-upgrade` ("Undo a previous --restart-after-upgrade (or the default of compat 10). If no other options are given, this will cause the service to be stopped in the prerm script and started again in the postinst script.").
https://github.com/Kicksecure/rads/commit/c79945c2103b5c049f6411747b6aa472a65d726d
* Removed `--no-restart-on-upgrade` ("Note that the --no-restart-on-upgrade alias is deprecated and will be removed in compat 14. This is to avoid confusion with the --no-restart-after-upgrade option.").
https://github.com/Kicksecure/rads/commit/372540203b789c1b6eb615f5ad942d76a52c0796
* Added a hint on how to switch virtual console, see: [[Desktop#Virtual_Consoles|Virtual Consoles]].
https://github.com/Kicksecure/rads/commit/9bebad7d1e8dd8cb0cdc5244f19203be3045c667
* Added a workaround for issue "no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)". Gnome's gdm display manager's systemd unit replaces tty1 even in case gdm is not started. This workaround essentially runs `chvt 2` in case rads does not start a display manager such as gdm (in case there is not enough RAM). This has restored the behavior of a user being greeted with an agetty login prompt. See: [https://forums.whonix.org/t/no-login-prompt-getty-started-on-tty1-anymore-in-whonix-16-debian-bullseye-based/12475 no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)].
https://github.com/Kicksecure/rads/commit/0fdcee7f930e6f7af5e838b3a273b9b76accd904
[https://github.com/Kicksecure/sdwdate sdwdate
]:
* Improved tests.
https://github.com/Kicksecure/sdwdate/commit/ed4f91095545414539d8a9e14e8f4e81afa9883a
* Run `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher` under user/group `sdwdate`.
https://github.com/Kicksecure/sdwdate/commit/33f2667c404103f3d39fd139c2cedf55b1731a97
* Renamed: `lib/systemd/system/sdwdate-restart-tor-request-file-watcher.service` → `lib/systemd/system/sdwdate-start-anondate-set-file-watcher.service`.
https://github.com/Kicksecure/sdwdate/commit/df3c81a547181e2ff6774a2d963c2d8eeb85475b
* Renamed: `usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`.
https://github.com/Kicksecure/sdwdate/commit/6ac8dea8aa72b88cc89e78176c0fdc260180093d
* Implemented a more descriptive file name: `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`.
https://github.com/Kicksecure/sdwdate/commit/7c14d799afd992c3ec98122f1cf9da75fd75588c
* Implemented a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`.
https://github.com/Kicksecure/sdwdate/commit/ff0dba14988e482eeab00e74367f302835fadfae
* Added `/usr/libexec/sdwdate/sdwdate-test`.
https://github.com/Kicksecure/sdwdate/commit/73e3b075d70ca08a8bd75a4e80933fa20d22af93
* Moved sclockadj
compilation from a postinst to systemd unit to allow simplification of dependency resolution during release upgrade.
https://github.com/Kicksecure/sdwdate/commit/3986d420d44f147a3ca489c075ab564f1410fe10
* Ported to pathlib fix TypeError: 'missing_ok' is an invalid keyword argument for remove(). https://github.com/Whonix/updates-status/issues/105
https://github.com/Kicksecure/sdwdate/commit/bfdea776ba638541c4d2b168a32588c3721a71a3
Appreciation is expressed to @marmarek for the bug report.
* Added seccomp utimensat Sep 23 15:37:39 host audit[33040]: SECCOMP auid=4294967295 uid=111 gid=121 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=33040 comm="touch" exe="/usr/bin/touch" sig=31 arch=c000003e syscall=280 compat=0 ip=0x70ca67e4bafa code=0x80000000.
https://github.com/Kicksecure/sdwdate/commit/525716fb646d7654d065fbc16ae4af802ec552df
* Added sdwdate-log-viewer
.
https://github.com/Kicksecure/sdwdate/commit/ecf9e8a38b248ff4815caafb0d8c9548c1a7aadb
* Rewrite profile using aa-logprof
.
https://github.com/Kicksecure/sdwdate/commit/540df96abf3dbc338ff48c38b2896a11615fc293
* Redesigned recovery from a slow clock.
https://github.com/Kicksecure/sdwdate/commit/87cab6af3ed8b9f18c74e47f3f93afaab833ffe8
* Ensure Tor consensus is deleted before restarting Tor in `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` to increase robustness of recovering from skewed time. See: [[Dev/TimeSync|TimeSync: {{project_name_short}} Time Synchronization Mechanism]].
https://github.com/Kicksecure/sdwdate/commit/650ee383881a3223310b576ffe0c480bd4535d3f
* Fixed and excluded sdwdate-pre (addgroup) from SystemCallFilter. See: [https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/165 Whonix on Mac M1 (ARM)].
https://github.com/Kicksecure/sdwdate/commit/efb78881f58d5c4198deac881a1123281b4d741c
* `usr/libexec/sdwdate/sdwdate-addgroup` → `usr/libexec/sdwdate/sdwdate-pre`.
https://github.com/Kicksecure/sdwdate/commit/7d93312c1a7bdb288a36227410d1df5898586bc9
* Fixed sdwdate addgroup if failed during build process.
https://github.com/Kicksecure/sdwdate/commit/0f509ebc045ae88314f0abfe6faac1ddd48a8440
[https://github.com/Kicksecure/sdwdate-gui sdwdate-gui
]:
* sdwdate-gui
log viewer: set the window title.
https://github.com/Kicksecure/sdwdate-gui/commit/933883ec710eb0a5a43a276e0c6789b7744d42a3
* Fixed harmless but nuisance warnings in Qubes R4.1 "Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-gw-16_shutdown from whonix-gw-16 to sys-whonix" "Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-ws-16_shutdown from whonix-ws-16 to sys-whonix" by preventing `sdwdate-gui-shutdown-notify.service` from running inside the Template. Appreciation is expressed to @zellchristensen for the bug report and @marmarek for the bug diagnosis. https://github.com/QubesOS/qubes-issues/issues/6983
https://github.com/Kicksecure/sdwdate-gui/commit/5d844f993af7bc69c30140d35de8b8cf72331780
[https://github.com/Kicksecure/swap-file-creator swap-file-creator
]:
* `dh_installsystemd --no-stop-on-upgrade`: Use --no-stop-on-upgrade to not stop (and therefore not restart) the swap-file-creator systemd unit after package upgrade since there is no reason to re-create the swap file during upgrade of this package. --no-start is unused because a swap file should be created after installation of this package. dh_installsystemd manpage: --no-stop-on-upgrade "Do not stop service on upgrade. This has the side-effect of not restarting the service as a part of the upgrade."
https://github.com/Kicksecure/swap-file-creator/commit/f03cd0c0c18a384a3440e9dbe1adebdeafa6d496
* Lowered the verbosity of output during boot to avoid a "swap file created" message overwriting the console login prompt. The alternative, configuring the login prompt to wait for swap-file-creator to be done instead would lead to a slower boot process.
https://github.com/Kicksecure/swap-file-creator/commit/b2b9dae3c16cacc6f786a74ac0fe723cd7794735
[https://github.com/Kicksecure/systemcheck systemcheck
]:
* Moved the location of the deprecation popup.
https://github.com/Kicksecure/systemcheck/commit/078eb326852c504640fc12c0dcff0fca35ee74ed
* Ensure the deprecation notice is shown during a package upgrade.
https://github.com/Kicksecure/systemcheck/commit/e3a5ee7d47f761b7c920e80ac0e15fd25cd24536
* Added a deprecation notice popup.
https://github.com/Kicksecure/systemcheck/commit/5f0c7deab97101c0217af07e4cf62cf2c45c8b06
* `usr/libexec/systemcheck/canary-download.py` → `usr/libexec/systemcheck/canary-download`.
https://github.com/Kicksecure/systemcheck/commit/001fa395bf22f62a12296b719600b06fbf56c944
* `etc/apparmor.d/usr.lib.systemcheck.canary` → `etc/apparmor.d/usr.libexec.systemcheck.canary`.
https://github.com/Kicksecure/systemcheck/commit/8e8b0854a37f19626e2f017457a67d4e8ce506e0
[https://github.com/Kicksecure/tb-updater tb-updater
]:
* Update: tbb_hardcoded_version="11.0.1".
https://github.com/Kicksecure/tb-updater/commit/79c0779916d9707a4a75e0bdf39749395f979d74
* Took out the passage about removed backup functionality.
https://github.com/Kicksecure/tb-updater/commit/d9a5d7d11d4caf198f21a2f32b9aaa733a4ad17d
Appreciation is expressed to Frank.
* Update: alpha tbb_hardcoded_version="11.0a10".
https://github.com/Kicksecure/tb-updater/commit/862bc8c882af3ce06435d7197787420376d8fd51
* Update: tbb_hardcoded_version="11.0".
https://github.com/Kicksecure/tb-updater/commit/73c5d33fbfb63552cbbc8e501f197bd51efa8573
* Update: alpha tbb_hardcoded_version="11.0a9".
https://github.com/Kicksecure/tb-updater/commit/9f0ab50d81b662ff54f915d58b800c8151976958
* Update: tbb_hardcoded_version="10.5.10".
https://github.com/Kicksecure/tb-updater/commit/3ae332a8726a45359b1a323593816f93b61fb00b
* Further updates: tbb_hardcoded_version.
https://github.com/Kicksecure/tb-updater/commit/5bbbbcb4e2bd3792c8fbeb81e68360d75fcdbb4a
[https://github.com/Kicksecure/timesanitycheck timesanitycheck
]:
* Updated `/usr/share/timesanitycheck/minimum_unixtime`.
https://github.com/Kicksecure/timesanitycheck/commit/a2ae8d50a0ff51fae27b65971f3751b7d071c082
* Fixed a typo, renamed `/usr/share/timesanitycheck/date-minium-file-create` → `/usr/share/timesanitycheck/date-minimum-file-create`.
https://github.com/Kicksecure/timesanitycheck/commit/84e27705b4b547f885ac7aa1af18fff12ecbb0dd
* Updated `/usr/share/timesanitycheck/minimum_unixtime`.
https://github.com/Kicksecure/timesanitycheck/commit/256b6feabfc8aba4eecf3d0388ed508d98a29301
[https://github.com/whonix/uwt uwt
]:
* Added a uwt wrapper for `dnf-3` (for {{q_project_name_short}} 16 dom0
UpdateVM support). https://github.com/QubesOS/qubes-issues/issues/6913 https://github.com/QubesOS/qubes-issues/issues/6891#issuecomment-920220943
https://github.com/Whonix/uwt/commit/bd48b023a99b575ea7cd3ea598ea98f43fb8eded
[https://github.com/whonix/whonix-firewall whonix-firewall
]:
* Added an opt-in configuration for outgoing IP filtering through `outgoing_allow_ip_list`.
https://github.com/Whonix/whonix-firewall/commit/0dcdd8d318f895aee862d618778edbdb27647443
[https://github.com/Kicksecure/legacy-dist whonix-legacy
]:
* Improved release-upgrade
.
https://github.com/Kicksecure/legacy-dist/commit/2cc3e23b7c9318560e82041d8510b464e18604cf
https://github.com/Kicksecure/legacy-dist/commit/9df84beded4c52493789c0b5966e4e8de755d305
https://github.com/Kicksecure/legacy-dist/commit/da7a850ea0bb8ba7f49edab080ee5a82b859f407
https://github.com/Kicksecure/legacy-dist/commit/50a25523032ab8938e234f0888f9777a620b639f
* release-upgrade
: Ensure the meta package is downloaded and installed.
https://github.com/Kicksecure/legacy-dist/commit/3aa25297c40c5fe4890d2cfad7b1c8d34a8433e3
* release-upgrade
: Abort if no installed meta package has been detected.
https://github.com/Kicksecure/legacy-dist/commit/d8cda99a5a376981ff8dfc3dda2534f982fa86e3
* release-upgrade
: Added meta package detection.
https://github.com/Kicksecure/legacy-dist/commit/2d998d2884388ccad6e1110905522fc14352b892
[https://github.com/Kicksecure/libvirt-dist whonix-libvirt
]:
* RAM reduced to 1.5GB Appreciation is expressed to @HulaHoop.
https://github.com/Kicksecure/libvirt-dist/commit/c2962f7e9fdafa5486b0998110c18976d0410780
https://github.com/Kicksecure/libvirt-dist/commit/68249c4f7af9aae47444d51ee0d5b6e6d7480ed8
https://github.com/Kicksecure/libvirt-dist/commit/a38adbfe7c087919959e0c0331a7a0d1fd36a551
* Decreased RAM to 256MB, updated descriptionp, and updated the description for activating desktop.
https://github.com/Kicksecure/libvirt-dist/commit/039cf62f31784193158711321964375b8cf0bff8
Appreciation is expressed to @HulaHoop.
[https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config
]:
* KVM desktop background.
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/94d1c6a8048755235e924420ca9cf19da3758e6a
[https://github.com/derivative-maker/derivative-maker Whonix build script
]:
* Re-enabled downloading of Tor from `deb.torproject.org`. See: [[Dev/Tor|Tor integration in {{project_name_short}} Development Notes]]. [https://forums.whonix.org/t/tor-integration-in-whonix/10593 Tor integration in Whonix].
https://github.com/{{project_name_short}}/derivative-maker/commit/8360f544bcd4bba4cb60f3fde9011f43d5d89803
* CI changes.
https://github.com/{{project_name_short}}/derivative-maker/commit/6850283e88d52dd96a5f82412f99d0818117d905
* Fixed `help-steps/repo_download_chroot_script`.
https://github.com/{{project_name_short}}/derivative-maker/commit/5542f3491045ac2ef9db42f8ffcc112baef4cd7b
* {{project_name_short}} [[KVM]]: Enable extended L2 entries, and reduced cluster size.
** I/O perf should improve thanks to extended L2, see: [https://blogs.igalia.com/berto/2020/12/03/subcluster-allocation-for-qcow2-images/ Subcluster allocation for qcow2 images].
** Decreasing cluster size produces smaller images.
https://github.com/{{project_name_short}}/derivative-maker/commit/bec122d15dc891a9b7ecad9fba702f3979783b65
Appreciation is expressed to @HulaHoop.
== {{project_name_short}} 16.0.3.1 ==
[https://github.com/whonix/anon-gw-base-files anon-gw-base-files
]:
* Fixed the background image.
https://github.com/Whonix/anon-gw-base-files/commit/2ca7a856386a14f6dd69e7547e4977d652867841
[https://github.com/whonix/anon-ws-base-files anon-ws-base-files
]:
* Fixed the desktop background.
https://github.com/Whonix/anon-ws-base-files/commit/05e6e06250df24e72cb9aa14f5ab294f10dc17c1
https://github.com/Whonix/anon-ws-base-files/commit/706a7eff48adab1306cd127e85062286c77392ca
[https://github.com/whonix/corridor corridor
]:
* Changelog.
https://github.com/Whonix/corridor/commit/cd7d2d4ba8ed55ff7b4f9508621c37d4afd3ce1d
[https://github.com/Kicksecure/grub-live grub-live
]:
* Fixed grub-live
(initramfs-tools
version). [https://forums.whonix.org/t/bullseye-live-boot-needs-grub-disable-linux-uuid-true-parameter-in-etc-grub-d-11-linux-live/9066 Bullseye: live-boot needs GRUB_DISABLE_LINUX_UUID="true" parameter in /etc/grub.d/11_linux_live]. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994138
https://github.com/Kicksecure/grub-live/commit/42e806430a90829c8f06df873a1aa82a0c05a4ca
[https://github.com/Kicksecure/hardened-kernel hardened-kernel
]:
* Added --remote-name
.
https://github.com/Kicksecure/hardened-kernel/commit/dd4d64c70d36d854f6b3f8faff281677000bd1cb
[https://github.com/Kicksecure/helper-scripts helper-scripts
]:
* Added `/usr/libexec/helper-scripts/desktop-background-skel-test`.
https://github.com/Kicksecure/helper-scripts/commit/6472efd1ce1769338881020e5aac03a221ccb6e1
* terminal-wrapper
: xfce4-terminal --hold
supported since Debian bullseye
.
https://github.com/Kicksecure/helper-scripts/commit/0199146c78a421c0429654636299a6e2fd795672
[https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages
]:
* Fixed and installed policykit-1-gnome
by default. [https://forums.whonix.org/t/zulucrypt-appears-blank/12322 zuluCrypt appears blank].
https://github.com/Kicksecure/kicksecure-meta-packages/commit/aa3b4ff0c6f977da88ebad2c94fdbd6b38ea0160
[https://github.com/Kicksecure/repository-dist repository-dist
]:
* Legacy.
https://github.com/Kicksecure/repository-dist/commit/d3b7a4284aefd17d9173c65a95f0d6cb037e07e9
* Legacy: upgraded existing `/etc/apt/sources.list.d/derivative.list` to use `[signed-by=/usr/share/keyrings/derivative.asc]`.
https://github.com/Kicksecure/repository-dist/commit/eb569b6225a67d78bee385c9d30981cdf7aeb91a
* Changed `Depends: python3` to `Depends: python3:any`
https://github.com/Kicksecure/repository-dist/commit/73ccff0d64314490703eda5c376e04129fd6170e
* Removed the no loner required `Depends: gnupg`.
https://github.com/Kicksecure/repository-dist/commit/3781fc5bd5e8396675b304e309427cc02e752a57
* Implemented `Depends: helper-scripts`.
https://github.com/Kicksecure/repository-dist/commit/de2c03eb1e97ef4cc51979bbf0a51ac9d35879cf
* Cleanup and removed legacy transitional package whonix-repository
.
https://github.com/Kicksecure/repository-dist/commit/d25317d734052fee49bef8cd3d2e11161872e26f
* Renamed: `usr/share/keyrings/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative.asc` and renamed `usr/share/keyrings/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative.pub`.
https://github.com/Kicksecure/repository-dist/commit/4afbd86c840c81fb64fdd27f5676accf854cad20
* Deleted legacy `/etc/apt/trusted.gpg.d/derivative.asc` because now using `signed-by` and `/usr/share/keyrings/derivative.asc`
https://github.com/Kicksecure/repository-dist/commit/c7836751a6cc25cab5888815011df5a1d493e75c
* Ported to APT sources.list `signed-by`.
https://github.com/Kicksecure/repository-dist/commit/e3e2db96441401015c4fa61f423b43a240390b97
* Renamed:
** `usr/share/repository-dist/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative-distribution-signing-key.asc` (gpg)
** `usr/share/repository-dist/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative-distribution-signify-key.pub (signify)
https://github.com/Kicksecure/repository-dist/commit/d3f117937ecfd89d0a5159dd35e5813bd99d9aca
* Use APT sources.list `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].
https://github.com/Kicksecure/repository-dist/commit/f113c374a5e36f25c98441d166d34863fdd9268a
[https://github.com/Kicksecure/sdwdate sdwdate
]:
* AppArmor fix.
https://github.com/Kicksecure/sdwdate/commit/a68789aa1fa4d753b724fe99c03fbb29b4fb859b
[https://github.com/Kicksecure/security-misc security-misc
]:
* Fixed: unduplicate kernel command line.
https://github.com/Kicksecure/security-misc/commit/d62bbaab82a33a485a82d42d8db5674d200a1c3d
* Removed Debian buster
support in `/etc/default/grub.d`.
https://github.com/Kicksecure/security-misc/commit/bd31b4085c853d8b182e3a13534827a695f5493a
[https://github.com/Kicksecure/systemcheck systemcheck
]:
* Updated the path APT `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].
https://github.com/Kicksecure/systemcheck/commit/5ac0a09063e7a90d2e340f25b7e6bc854f376b1e
[https://github.com/Kicksecure/tb-updater tb-updater
]:
* alpha tbb_hardcoded_version="11.0a6"
.
https://github.com/Kicksecure/tb-updater/commit/778637418b37389e9d42769f6d200398e5544cda
* tbb_hardcoded_version="10.5.6"
https://github.com/Kicksecure/tb-updater/commit/6011e9e5dc2833892eadce7c0be2a6b65431cf04
[https://github.com/Kicksecure/usability-misc usability-misc
]:
* Added --remote-name
.
https://github.com/Kicksecure/usability-misc/commit/ae50fc3e75b16b4f54004cd9d0c2a74d38cb5c06
* Ported to APT `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].
https://github.com/Kicksecure/usability-misc/commit/02486c1af3053828001f55fe3ed02b46be1aefcd
[https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config
]:
* Fixed the desktop background.
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/2c986f88f3e85fec6412acd2fcfb9f254e92c479
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/829286e9e0291fefc87f4031ce1b3276cfb1045b
== {{project_name_short}} 16.0.2.7 ==
[https://github.com/whonix/anon-gw-base-files anon-gw-base-files
]:
* Fixed the bullseye
background image. [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Whonix/anon-gw-base-files/commit/ef3ac0fdda5d56ecfb9c946cb0224b7aa627a25e
[https://github.com/whonix/anon-meta-packages anon-meta-packages
]:
* Integrated kicksecure-dependencies-system
. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut]. https://github.com/whonix/anon-meta-packages/commit/bd10983f849960f6176be2886b7287a2a9a48959
[https://github.com/whonix/anon-ws-base-files anon-ws-base-files
]:
* Fixed the bullseye
background image. [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Whonix/anon-ws-base-files/commit/4990b0578dbecddac34682104d844f4a7a8d3589
[https://github.com/Kicksecure/binaries-freedom binaries-freedom
]:
* Added the Debian install file (generated using genmkfile debinstfile
). https://github.com/Kicksecure/binaries-freedom/commit/3cca621377fe9191e45ac40eecacbc45a702658f
* binaries-freedom
is an empty package at present. [https://forums.whonix.org/t/policy-for-inclusion-of-compiled-software/6635 Policy for Inclusion of Compiled Software]. https://github.com/Kicksecure/binaries-freedom/commit/86223e3cbb5c6aab67616201a2936266d677c6bf
[https://github.com/Kicksecure/debug-misc debug-misc
]:
* dracut
. https://github.com/Kicksecure/debug-misc/commit/eb232484bc4d248d866456c0eb236c17a137cc4c
* Removed ‘rhgb’ from GRUB_CMDLINE_LINUX_DEFAULT. https://github.com/Kicksecure/debug-misc/commit/017c41ed068e5b675f741bc34c3d1f1733a5c8af
* add_dracutmodules+=" debug "
https://github.com/Kicksecure/debug-misc/commit/915882889918bf7969fa7b9f7bb6f7dfcb5bb554
[https://github.com/Kicksecure/grub-live grub-live
]:
* dracut
. https://github.com/Kicksecure/grub-live/commit/7a1b20db9185b4cbbe04937f7993783f2261195b https://github.com/Kicksecure/grub-live/commit/df99255112d9eae360cce8534b9cfa92795125c6
* Fixed and removed dracut
kernel_cmdline="rootovl"
since that is already conditionally set in the grub
boot menu (otherwise the system will always boot into live mode). https://github.com/Kicksecure/grub-live/commit/cb94f18bd47a56d0427e9ae822f966f32fd55f2e
* Removed dracut
hostonly="yes"
since that is already the Debian default. https://github.com/Kicksecure/grub-live/commit/3bded2153eb311ee6f8571bf67483d3514d97ed0
* Added dracut
support based on [https://github.com/friedrich12/dracut-grub-live friedrich12 / dracut-grub-live]. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/10 replacing initramfs-tools with dracut]. https://github.com/Kicksecure/grub-live/commit/1989d6e12ac4e5eec03ed3b492c4c84fd6695fd9
[https://github.com/Kicksecure/helper-scripts helper-scripts
]:
* Improved diagnostic messages. https://github.com/Kicksecure/helper-scripts/commit/8a4939227c4ff0016451a3be8a8de8f7c7360b56
[https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages
]:
* Installed flatpak
by default and added it to kicksecure-recommended-cli
. [https://forums.whonix.org/t/flatpak-as-a-software-source-flathub-as-a-source-of-software/8500 FlatPak as a Software Source / flathub as a source of software]. See: [[Install_Software#flatpak|flatpak]]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/be19b89acba35c5b6e9350b3f4aa5d8c13288ba3
* Installed extrepo
by default and added it to kicksecure-recommended-cli
. [https://forums.whonix.org/t/extrepo-safely-adding-repos/8539 extrepo - safely adding repos]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/7f4f2930d720836cd4051a4ba6e38959037f2d95
* Switched from lightdm
to gdm3
because lightdm
autologin is non-functional. https://github.com/Kicksecure/kicksecure-meta-packages/commit/e11275ee58b15bbb9ec5d745046b4b369b681c99
* kicksecure-dependencies-system
Depends: linux-initramfs-tool
, dracut
and initramfs-tools
. https://github.com/Kicksecure/kicksecure-meta-packages/commit/b1616daee3c2c228de8db866ea168be088e4ea5c https://github.com/Kicksecure/kicksecure-meta-packages/commit/7c1ed0864ec1916497df39f1660d5fb97ba01e80
* Introduced and integrated kicksecure-dependencies-system
. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/a586c06595c836122c6f357d07f28541b16f988d https://github.com/Kicksecure/kicksecure-meta-packages/commit/6b42c87bef0ee62fd57f4435cb69997243b3f6d8
* Removed initramfs-tools
from non-qubes-vm-enhancements-cli
for dracut
support. https://github.com/Kicksecure/kicksecure-meta-packages/commit/3b67c5c18981c7a3072ece594f94f98e9537cb1f
* Introduced kicksecure-qubes-cli
and kicksecure-qubes-gui
. https://github.com/Kicksecure/kicksecure-meta-packages/commit/eac116b98463f9b50812fe4c43b5420181b62b3e
[https://gitlab.com/kicksecure/monero-gui monero-gui
]:
* Updated to monero-gui-linux-x64-v0.17.2.3.tar.bz2
. https://web.archive.org/web/20210902155943/https://github.com/monero-project/monero-gui/releases/tag/v0.17.2.3 https://web.archive.org/web/20210902155938/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.2.3.tar.bz2 https://web.archive.org/web/20210902160006/https://www.getmonero.org/downloads/hashes.txt https://gitlab.com/kicksecure/monero-gui/-/commit/a34bac079c2a31b533117070cf38c7a4957f36c3
[https://github.com/whonix/qubes-whonix qubes-whonix
]:
* Dropped initramfs-tools
from qubes-whonix-shared-packages-recommended
; this is left to Qubes for dracut
support. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/13 replacing initramfs-tools with dracut]. https://github.com/Whonix/qubes-whonix/commit/683c5ee6247dd562fa52789c5475621f43a95377
[https://github.com/Kicksecure/sdwdate sdwdate
]:
* Fixed a dependency issue. https://github.com/Kicksecure/sdwdate/commit/95f62a51727ab153c83a1a5650786b2ffd778038
[https://github.com/Kicksecure/security-misc security-misc
] improvements:
* Do not set kernel parameter quiet loglevel=0
for recovery boot option for easier debugging. https://github.com/Kicksecure/security-misc/commit/ac0c492663b9d90f99e5969193b35b53d4175d1d
* Moved grub quiet to a separate configuration file /etc/default/grub.d/41_quiet.cfg
. https://github.com/Kicksecure/security-misc/commit/49902b8c56512c3ee8b3d16b0ca513e44349c66d
* dracut reproducible=yes
. https://github.com/Kicksecure/security-misc/commit/a4e18a2ae8c19a664bb1be5bc4ec43f10a876969
* Depends: libpam-modules-bin
. https://github.com/Kicksecure/security-misc/commit/e2810f348b413bb307449a911c12a46924686a9f
* Fixed faillock implementation - dovecot / ssh
are exempted. https://github.com/Kicksecure/security-misc/commit/be8c10496f26d33378deb2427e56892771456ee5
* Fixed and added sshd
to pam_service_exclusion_list
to avoid faillock. https://github.com/Kicksecure/security-misc/commit/8b104f544a9e4e8da1691659fefa4999a4f6f085
[https://github.com/Kicksecure/systemcheck systemcheck
]:
* Now run check_sudo
earlier. https://github.com/Kicksecure/systemcheck/commit/09129d482c339a21c1b5c55447d50906a0b64fd9
[https://github.com/Kicksecure/usability-misc usability-misc
]:
* Removed /etc/lightdm/lightdm.conf.d/autologin.conf
(comments only) since it might interfere with autologin. https://github.com/Kicksecure/usability-misc/commit/b6461000a276594155ab88d994b4b4268451030e
[https://github.com/Kicksecure/vm-config-dist vm-config-dist
]:
* config-package-dev
displaces /etc/gdm3/daemon.conf
. https://github.com/Kicksecure/vm-config-dist/commit/c071e8b630fe63963fbf5554986c0fecdcb6bd74
* Added and enabled gdm
autologin. https://github.com/Kicksecure/vm-config-dist/commit/1417726fc0a08bae8fe94c3dca3555aeef82677b https://github.com/Kicksecure/vm-config-dist/commit/fc802381584056fbaef1e7388c720c2c3c3dcb19 https://github.com/Kicksecure/vm-config-dist/commit/bf00f606b3188c5a023f446cb31f910349708b4e
* Added the original /etc/gdm3/daemon.conf
. https://github.com/Kicksecure/vm-config-dist/commit/ee1f0c3a4b8f7c18c4228385506e18e9a0cfe0ee
* Fixed autologin. https://github.com/Kicksecure/vm-config-dist/commit/b0c1af96519f82a9dcd2baf4f414c5efbc5d87f2 https://github.com/Kicksecure/vm-config-dist/commit/a41b9d9bd270dec8a3cb76ddade164d0de914696
* Disabled dracut
module resume in VMs since it might break the boot process if built inside chroot
. https://github.com/Kicksecure/vm-config-dist/commit/ee07d87be47c3c48f4369b5816876d5d826999a4
* vbox-guest-installer
: recommend, migrate from VirtualBox guest addition ISO to VirtualBox guest addition packages. [[VirtualBox/Guest_Additions#Migration_to_Guest_Additions_Packages|Migration to Guest Additions Packages]]. https://github.com/Kicksecure/vm-config-dist/commit/b23e33b69dde7a62d8b63884900095aeacc19024
[https://github.com/Kicksecure/legacy-dist whonix-legacy
]:
* Updated version. https://github.com/Kicksecure/legacy-dist/commit/b9d166ff16d3f8d61a0554784df9976cd88c6e72
* Improved release-upgrade
. https://github.com/Kicksecure/legacy-dist/commit/8a17fef51a03c62205172494704dad11c361c31d https://github.com/Kicksecure/legacy-dist/commit/8d8fb6be0628a19e32c76fcd3edd732d7ba3bd5f
[https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config
]:
* Fixed the bullseye
background image (actually still broken). [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Kicksecure/xfce-desktop-config-dist/commit/9d386ab84f420cf28a2661787500366af1088da1
= Documentation Updates =
New wiki chapters: