{{Header}} __NOINDEX__ {{#seo: |description={{project_name_long}} Release Notes, Changelog |image=Oldstablewhonix.jpg }} {{intro| {{project_name_short}} Release Notes, Changelog }} [[File:Oldstablewhonix.jpg|thumb]] = Additional Changes = Since {{project_name_short}} is based on {{kicksecure}}, maintained by the same contributors, the reader should also take notice of the {{kicksecure_wiki |wikipage=Changelog |text=Changelog }} since changes in {{Kicksecure}} also apply to {{project_name_short}} but are not listed (duplicated) here. {{upstream_wiki}} Earlier changes are archived here: [[Old_Stable_and_Earlier_Releases|Old Stable and Earlier Releases]] = 17.0.4.5 = [https://github.com/whonix/anon-apps-config anon-apps-config]: * tmpfiles.d improvement https://github.com/Whonix/anon-apps-config/commit/925112ac645c7b763fe555c872f65a76e0e8b59e [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * install snowflake-client by default https://forums.whonix.org/t/replacing-meek-snowflake/5190 https://github.com/Whonix/anon-meta-packages/commit/8704fba06559c61301353ca95c33b8311bdf79b2 [https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor]: * tmpfiles.d improvement https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/a5800571e1be00a4238cda324116b734388ab836 * add symlinks from /etc/profile.d to /etc/zprofile.d https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/289afa5ee2b95b733eb8388813e1c0b9e402555f [https://github.com/whonix/kloak kloak]: * seccomp https://github.com/Whonix/kloak/commit/59056a25d1e14d6d81ee8a9666eda0bc62fe342a * Merge branch 'chatgpt' https://github.com/Whonix/kloak/commit/07d37f52867816ede568c7fb88bde1ae012359e3 * one more missing seccomp filter https://github.com/Whonix/kloak/commit/cda8d74c37227656cc09c1f7324a69b8f908c9cc (Thanks to Vinnie Monaco!) * Merge branch 'master' into dev https://github.com/Whonix/kloak/commit/e475b1c9c552643328da48f39bef999a88d6be21 (Thanks to Vinnie Monaco!) * added missing seccomp filters https://github.com/Whonix/kloak/commit/34e9f421d75ef5e99f71c6d84bb6fb088ac91637 (Thanks to Vinnie Monaco!) * disable broken seccomp SystemCallFilter https://github.com/vmonaco/kloak/pull/38#issuecomment-1627688486 https://github.com/Whonix/kloak/commit/c8178aea02117addfb28dba06e824ece7732dee2 * seccomp https://github.com/Whonix/kloak/commit/2f08794c4b238bb08e0e06a9b10f031f739955be * Added a running variable to control the while loop and added a signal handler (handle_signal) to catch the interrupt signal (SIGINT) and terminate the program gracefully. Fixed the command-line argument handling by checking if argc is less than 2 (instead of assuming argc > 1). If no arguments are provided, the program displays the usage message and exits. Updated the ioctl() call to check the return value for errors. If the ioctl() operation fails to get the device name, an error message is printed, and the program exits. Removed the check for root access since it was only printing a message and not affecting the program's execution. If root access is required, it should be checked externally before running the program. Closed the device file descriptor (fd) before exiting the program to release system resources properly. https://github.com/Whonix/kloak/commit/2a8b5a6934019598beb8290ac4b214407395c54e * The rescue_len variable was not initialized, causing undefined behavior. I added the initialization rescue_len = 0 to fix it. In the init_inputs() function, I added error handling for the malloc call to allocate memory for the pfds array. In the emit_event() function, I added error handling for the libevdev_uinput_write_event function call to check if writing the event to uinput was successful. https://github.com/Whonix/kloak/commit/54f0b3e111a44bb95223200575fe9d19a8c70c09 * fixed typo https://github.com/Whonix/kloak/commit/d11ed97e3c26318ca96a07806d492597950f36bb (Thanks to Vinnie Monaco!) * fixed apparmor profile: added r to /sys/devices/virtual/input https://github.com/Whonix/kloak/commit/edf0a41c9ad05e901d6726804112308dc098965f (Thanks to Vinnie Monaco!) * fixed apparmor profile: added w to /dev/uinput https://github.com/Whonix/kloak/commit/5870a8d3c79567333fbb720d2ea1af43ceee2aea (Thanks to Vinnie Monaco!) * fixed apparmor profile: added r to /dev/uinput https://github.com/Whonix/kloak/commit/1e16893c10fbfcac899fe341cae87022a295e626 (Thanks to Vinnie Monaco!) * formatted main.c https://github.com/Whonix/kloak/commit/2edb4b2bc4c72d6ca457afb4f8265f5ea69e0da9 (Thanks to Vinnie Monaco!) * added pkg-config to build depends https://github.com/Whonix/kloak/commit/1db17e2ac3113cc5253330d5d459fd64dba93164 (Thanks to Vinnie Monaco!) * added libsodium init https://github.com/Whonix/kloak/commit/c2142bf9eafbc4ed8360e1e8a286fbabc68a74d2 (Thanks to Vinnie Monaco!) * added deb dependencies https://github.com/Whonix/kloak/commit/4f271826d6c1621ad8e4a85046da12525698e88f (Thanks to Vinnie Monaco!) * fixed verbose output format https://github.com/Whonix/kloak/commit/5fca94d9e7c27a0b3d9dd8332371987fef6047ec (Thanks to Vinnie Monaco!) * added build flags to makefile https://github.com/Whonix/kloak/commit/ca5510586597ebd6287afa9c878c2bfc3bbf2b9b (Thanks to Vinnie Monaco!) * use libsodium for prng https://github.com/Whonix/kloak/commit/ea6f6be0a33f19038b42aff42aacfd09020b3041 (Thanks to Vinnie Monaco!) * added support for multiple input devices https://github.com/Whonix/kloak/commit/5dc5412f78b7111c42818b973a7a25248b5d49ca (Thanks to Vinnie Monaco!) * Merge branch 'master' of github.com:vmonaco/kloak into mouse https://github.com/Whonix/kloak/commit/36f83eb631be27e325d9209e956e04f37fbe470c (Thanks to Vinnie Monaco!) * removed restrictions on event types https://github.com/Whonix/kloak/commit/59c47d88e4b579e93a85209484681f536035e8d6 (Thanks to Vinnie Monaco!) * fixed typo https://github.com/Whonix/kloak/commit/99d2af051dccbee7f2cd3f35fbc2d7ae64af00c7 (Thanks to Vinnie Monaco!) * started support for EV_REL events https://github.com/Whonix/kloak/commit/7b94b28e472cef7e3c52960986a3bc7dfa651f94 (Thanks to Vinnie Monaco!) [https://github.com/whonix/onion-grater onion-grater]: * Fixed issue where replacement contained something that belonged to pattern https://github.com/Whonix/onion-grater/commit/3b2e9a7eab4a4d3c793a354910bb678f28dccf4f (Thanks to apachesub22!) * Added example grater profile for LND https://github.com/Whonix/onion-grater/commit/d281ad64d2a7bf1628bf3e1d3879fd9e22a78976 (Thanks to apachesub22!) [https://github.com/whonix/qubes-whonix qubes-whonix]: * tmpfiles.d improvement https://github.com/Whonix/qubes-whonix/commit/edcb3ba51b48963a33d98a898279bdb8fd214bd9 [https://github.com/whonix/uwt uwt]: * add symlinks from /etc/profile.d to /etc/zprofile.d https://github.com/Whonix/uwt/commit/539fa2eed39d24a161337ceb421d66f232863ec9 [https://github.com/whonix/whonix-base-files whonix-base-files]: * add symlinks from /etc/profile.d to /etc/zprofile.d https://github.com/Whonix/whonix-base-files/commit/175a2585c3d4099fd2abed91e263f8af4716a201 [https://github.com/whonix/whonix-firewall whonix-firewall]: * Fix MTU problem by allowing RELATED fragmentation-needed ICMP by enabling `GATEWAY_ALLOW_INCOMING_ICMP_FRAG_NEEDED=1` by default. Run `iptables -A INPUT -p icmp --icmp-type fragmentation-needed -m state --state RELATED -j ACCEPT` on Whonix-Gateway. https://github.com/Whonix/whonix-firewall/commit/5f1e0ef0fce2dfc991547a16a5b23637bb27f57c [https://github.com/whonix/whonix-welcome-page whonix-welcome-page]: * add symlinks from /etc/profile.d to /etc/zprofile.d https://github.com/Whonix/whonix-welcome-page/commit/d94157bc77610016365c1e33e3e327abcf62efbc = 17.0.1.9 = * '''port to Debian 12 (bookworm)''' [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * fix, run replace-ips in Qubes when Tor is restarted https://github.com/Whonix/anon-gw-anonymizer-config/commit/ef1f27974fcd59773f679ed17e5a4d293b72ea2e [https://github.com/whonix/onion-grater onion-grater]: * bookworm aa-logprof https://github.com/Whonix/onion-grater/commit/c5be0367942f5e4f5e0b4428cce1c3826e89893d [https://github.com/whonix/qubes-whonix qubes-whonix]: * fix: make sure replace-ips runs before restarting Tor This is useful to support `release-upgrade` script testing inside `sys-whonix` refactoring https://github.com/Whonix/qubes-whonix/commit/5d77f9d93c62997e3d85e892be604ae9f7f0b3aa * Drop salt dependency It isn't available in bookworm QubesOS/qubes-issues#7896 https://github.com/Whonix/qubes-whonix/commit/f3bd2aa4ea6e33248274bbb171c36eae618f8716 (Thanks to Marek Marczykowski-Górecki!) [https://github.com/whonix/uwt uwt]: * abolish /rw/config parsing (Does not influence Qubes specific /rw/config parsing.) https://github.com/Whonix/uwt/commit/ac4c16c1c35396bcbab45930e6866500e60f5c3d [https://github.com/whonix/whonix-base-files whonix-base-files]: * bump /etc/whonix_version https://github.com/Whonix/whonix-base-files/commit/403f2e7553ec996c5371232caf312b45c2abc5f0 = {{project_name_short}} 16 Changelog = {{project_name_short}} 16 was released on September 11 and 12, 2021 for KVM and VirtualBox. [https://forums.whonix.org/t/whonix-16-0-2-7-kvm-debian-11-bullseye-based-major-stable-release/12264 Whonix 16.0.2.7 KVM (Debian 11 bullseye based) - Major Stable Release]. [https://forums.whonix.org/t/whonix-16-has-been-released-debian-11-bullseye-based-for-virtualbox-major-release/12297 Whonix 16 has been Released! (Debian 11 bullseye based) - for VirtualBox - Major Release]. {{q_project_name_long}} 16 was released on 28 September, 2021. [https://forums.whonix.org/t/qubes-whonix-16-has-been-released-debian-11-bullseye-based-major-release/12465 Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release]. As per the [[About#Support_Schedule|Support Schedule]], {{project_name_short}} 15 was deprecated on 14 November, 2021 -- all users should upgrade as soon as possible. [https://forums.whonix.org/t/whonix-15-end-of-security-support-and-deprecation-notice-all-users-should-move-to-whonix-16/12473 Whonix 15 End of Security Support and Deprecation Notice - All users should move to Whonix 16!] Significantly, {{project_name_short}} 16 is based on the Debian bullseye (Debian 11) distribution which was [https://www.debian.org/News/2021/20210814 officially released] on August 14, 2021 instead of Debian buster (Debian 10). The bullseye release has nearly 60,000 packages and around 72 per cent of them were updated.
This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as "obsolete" and removed. 42,821 packages were updated and 5,434 packages remained unchanged.
This means users have access to many new software packages in concert with existing packages. In addition, this release will serve as a development foundation for many exciting upcoming security enhancements such as [[Hardened_Malloc_Kicksecure|Hardened Malloc {{kicksecure}} (HMK)]], [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] and other items on the [[Security Roadmap|{{project_name_short}} Security Roadmap]]. = {{project_name_short}} 16 Updates = As {{project_name_short}} is a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the {{project_name_short}} stable repository. The most notable changes will be announced here. {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = The majority of the enhancements below also also apply to {{q_project_name_short}}. Exceptions include: * [[Keystroke_Deanonymization#Kloak|kloak]] * [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] * [https://github.com/kicksecure/tirdad tirdad] (TCP ISN CPU Information Leak Protection) * [https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg Kernel Hardening through Kernel Boot Parameters] * [https://github.com/Kicksecure/security-misc Strong Linux User Account Separation] / [[Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords_Protection|Protection against Bruteforcing Linux User Account Passwords]] * {{kicksecure_wiki |wikipage=Apparmor-profile-everything |text=Apparmor profile everything }} https://github.com/Kicksecure/apparmor-profile-everything (AppArmor for everything: APT, systemd, init, all systemd units, all applications) * [https://www.kicksecure.com/wiki/Hardened-kernel hardened-kernel patch] and [https://github.com/Kicksecure/hardened-kernel/blob/master/usr/share/hardened-kernel/hardened-vm-kernel configuration] Many of these will be possible once the use of in-VM kernels is simplified and promoted in Qubes OS. https://github.com/QubesOS/qubes-issues/issues/5212 https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581 }} == {{project_name_short}} 16.0.9.8 == [https://github.com/whonix/anon-apps-config anon-apps-config]: * Merge branch 'Whonix:master' into master https://github.com/Whonix/anon-apps-config/commit/5492e70c3a1f9c4c5c63064b72664d4ade3013e3 (Thanks to idk!) * re-create #11 without the eepsite/docroot history, disable eepsite by default https://github.com/Whonix/anon-apps-config/commit/baa0b6b850dca52300b34fac6263b82ad9236317 (Thanks to idk!) * add a hosts.txt file https://github.com/Whonix/anon-apps-config/commit/64aa02e51e796577556206b2f441c855ce916a96 (Thanks to idk!) * i2p-config: no longer use white spaces in file names, use underscores instead https://github.com/Whonix/anon-apps-config/commit/f1815a6e4010e02f5cbc4c2fd7c2f6b2f3ced82f * revert /var/lib/i2p/i2p-config folder permissions change for now https://github.com/Whonix/anon-apps-config/commit/1def6aa5544f107dd663b75afdf0a63bea64a458 * port I2P config to systemd tmpfiles.d https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/22 https://github.com/Whonix/anon-apps-config/commit/9b6cf93516b281afe30413b1f58b2991153a8cef * undisplace https://github.com/Whonix/anon-apps-config/commit/aa06cadbb9c56af47d78e145ae9d5916d7b7c2d5 * fix permissions on the I2P configuration directory https://github.com/Whonix/anon-apps-config/commit/c5a3bc549edba258f57ed8081199036fcb7534c7 (Thanks to idk!) * check in router.config https://github.com/Whonix/anon-apps-config/commit/bd8e5a9a2c3aee6ca5205fca559513fed7bd1ab5 (Thanks to idk!) * remove unnecessary divert for router.config.anondist https://github.com/Whonix/anon-apps-config/commit/f3f0a235c234954ca0950c6e2401dd4adefe60a5 (Thanks to idk!) * move i2p config to /var/lib/i2p/i2p-config https://github.com/Whonix/anon-apps-config/commit/8dd15db4da24b9331657f1a0aa82a13ac2af7e60 (Thanks to idk!) * check in config.d directories https://github.com/Whonix/anon-apps-config/commit/2e16e3a6a1dbb6c358d25283ed058151e14d73fd (Thanks to idk!) * first, use displace to create migratable configuration files which contain the required Whonix defaults https://github.com/Whonix/anon-apps-config/commit/cc43b42a864970541478a4a4125f4b1f13e26a8b (Thanks to idk!) [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * systemctl --system daemon-reload https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4d20b8d295aa56dc25d381f7cc4cc12417a8d11 * add workaround for upstream bug Tor fails to start a few times before succeeding to start https://forums.whonix.org/t/failed-to-start-anonymizing-overlay-network-for-tcp-tor-fails-to-start-a-few-times-before-succeeding-to-start/16289/12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029554 https://github.com/Whonix/anon-gw-anonymizer-config/commit/cf35a5025573c2f2052c7c6baecfeae4f071d00c * anon-log: minor fix, output errors to stderr instead of stdout https://github.com/Whonix/anon-gw-anonymizer-config/commit/b2a4539afd403ca9558db95a638282845350c67d * anon-log: use journalctl instead of /run/tor/log https://github.com/Whonix/anon-gw-anonymizer-config/commit/31121526c5456a4bc8dd98dceb67a588661593e2 [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * remove monero-gui https://github.com/Whonix/anon-meta-packages/commit/b38990fff7200661bfc8ad8d90d308bbc1546feb * consistent use of `Pre-Depends: legacy-dist` https://github.com/Whonix/anon-meta-packages/commit/8070118d9723f5443ef0b4df78223815bcfbe722 * install metadata-cleaner by default https://forums.whonix.org/t/metadata-cleaner-gui-for-mat2/12919 add `metadata-cleaner` to `whonix-workstation-packages-recommended-gui` Thanks to @mfc for the suggestion! https://github.com/Whonix/anon-meta-packages/commit/1359a55c6190acf01a0b071f52df6da1d696b136 [https://github.com/whonix/whonix-welcome-page whonix-welcome-page]: * disable end of year banner https://github.com/Whonix/whonix-welcome-page/commit/1932bff1d7de114228d7a93fcfe922853925ec3f == {{project_name_short}} 16.0.9.0 == [https://github.com/whonix/anon-apps-config anon-apps-config]: * I2P config: Disable Frequent connection to news letter server No need to make unnecessary connections to external server for each couple of minutes. Harmful anonymity practice. https://github.com/Whonix/anon-apps-config/commit/f8aa6c26e8c38f3504a5540aad6a920d421f69bb (Thanks to TNT BOM BOM!) * I2P config: Update router.config.anondist Since I2P going to run over Tor which is a socks5 then reseeding should be over socks5 as well. https://github.com/Whonix/anon-apps-config/commit/1556b5f152622cb72045e800ee13df03e50ca420 (Thanks to TNT BOM BOM!) [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * add onion-grater-list manpage https://github.com/Whonix/anon-gw-anonymizer-config/commit/6a531fd46f07f79b9dfb564f2cf7b1fd867c2fda (Thanks to nyxnor!) * improve onion-grater-list https://github.com/Whonix/anon-gw-anonymizer-config/commit/6ca9097f099d8848858793d6c5e56b2da183522e (Thanks to nyxnor!) * add onion-grater-list https://github.com/Whonix/anon-gw-anonymizer-config/commit/12e9103b7d84ca602d6a3951a82d041e36dd4da0 (Thanks to nyxnor!) [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * install Thunderbird by default https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505/12 https://github.com/Whonix/anon-meta-packages/commit/d7a64ffa81fa03c431382a00d55b0cb6c8161eb1 [https://github.com/whonix/onion-grater onion-grater]: * signed commit https://github.com/Whonix/onion-grater/commit/73b5aeb85e3defb65cd5da16102777f34fabd4ad * revert https://github.com/Whonix/onion-grater/commit/196c69cca36d593d17a811ec0000c02327097c97 * support multiple directories and multiple matchers allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845 https://github.com/Whonix/onion-grater/commit/884d6eba523ec98a88b3cc1326d71c7fd83847c8 (Thanks to nyxnor!) * no need to edit systemd file to set arguments https://github.com/Whonix/onion-grater/commit/2353be12767d933ebc43b6dd3f49928191a43b41 (Thanks to nyxnor!) * fix old apparmor variable https://github.com/Whonix/onion-grater/commit/ed4af1fcc9b07f6e6278dad18a4ecfc080c35fb7 (Thanks to nyxnor!) * make bitcoind accept 127.0.0.1 and 0.0.0.0 https://github.com/Whonix/onion-grater/commit/9addd1d6dd9671b18e5415a196b92d7f6ee5846c (Thanks to nyxnor!) [https://github.com/whonix/whonix-welcome-page whonix-welcome-page]: * Revert "Revert "Depends: kicksecure-welcome-page"" This reverts commit f9c5482f4e55002412a0e0e1df3ca06110886302. https://github.com/Whonix/whonix-welcome-page/commit/8b524f98f6f25acd4ab38bad878dcfa966f67059 * End of year banner for welcome page https://github.com/Whonix/whonix-welcome-page/commit/ce0001668678fd4bd0fe10eb15a2c3378d389a38 (Thanks to Your Name!) * Revert "Depends: kicksecure-welcome-page" This reverts commit 36ad250c1dbb3436b93f0b96f25b7ef88e9aab26. https://github.com/Whonix/whonix-welcome-page/commit/f9c5482f4e55002412a0e0e1df3ca06110886302 * Merge branch 'master' of https://github.com/Whonix/whonix-welcome-page https://github.com/Whonix/whonix-welcome-page/commit/aa6485dd3f04d4e21685d7f27f90c3daef42ab35 (Thanks to Your Name!) * Revert local HP back to without endofyear banner https://github.com/Whonix/whonix-welcome-page/commit/97402c419f26178a1cd642957aabdabd365f6d9e (Thanks to Your Name!) * set Firefox ESR from Debian package sources homepage to about:blank This is to disable kicksecure-welcome-page in Whonix. https://github.com/Whonix/whonix-welcome-page/commit/e5f6f06e3d4af99505bd507be509d19c2dde9765 * Depends: kicksecure-welcome-page https://github.com/Whonix/whonix-welcome-page/commit/36ad250c1dbb3436b93f0b96f25b7ef88e9aab26 * Whonix local HP referencing Kicksecure local HP https://github.com/Whonix/whonix-welcome-page/commit/e9a09e154a4686876cd81e534be766a4144410e1 (Thanks to Your Name!) * Whonix End of Year Banner https://github.com/Whonix/whonix-welcome-page/commit/5a8bca82b700ef1060bd4fa9fcbf886bd6f6f2e6 (Thanks to Your Name!) == {{project_name_short}} 16.0.8.2 == [https://github.com/whonix/anon-apps-config anon-apps-config]: * pref(“mailnews.start_page.enabled”, false); https://github.com/Whonix/anon-apps-config/commit/49ecbc1c2a8d9fc20b5784a8c81c06e685449b86 * Drop everything related to Enigmail Updated to reflect Tails version as of 2022 https://github.com/Whonix/anon-apps-config/commit/906f86ba462ef8fb0a8f84a2dc540511fe18fb88 (Thanks to @HulaHoop!) * Updated to reflect Tails version as of 2022 https://github.com/Whonix/anon-apps-config/commit/113998b6453c61c8861eb0cae80e55d2624f8ebb (Thanks to @HulaHoop!) * update onionjuggler conf https://github.com/Whonix/anon-apps-config/commit/b0654176ae94091eb4e0920ec1a1e15d8b2d2ecc (Thanks to nyxnor!) * chmod +x etc/onionjuggler/conf.d/30_whonix.conf to fix lintian warning W: anon-apps-config: script-not-executable etc/onionjuggler/conf.d/30_whonix.conf https://github.com/Whonix/anon-apps-config/commit/8773f211e508b26f4ee3ec21cb5e47faaf75cb11 * add onionjuggler whonix conf https://github.com/Whonix/anon-apps-config/commit/73aa4a4668a4d1d55ac9f454217dab3c2d0ca04b (Thanks to nyxnor!) * disable ntp time check disabled time check since it uses ntp which doesnt exist in whonix. (it has no effect on the connection) https://github.com/Whonix/anon-apps-config/commit/dc2b157e61dfb7b324a3f61589c75c9acca23ac8 (Thanks to TNT BOM BOM!) [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * fix AppArmor https://github.com/Whonix/anon-gw-anonymizer-config/commit/32368cbbcc4f09302836fba67a58f927514ac141 * addgroup -> adduser fix https://github.com/Whonix/anon-gw-anonymizer-config/commit/3e16fad210bc03b18320bf740238966d85c504cb * improve anon-verify output https://github.com/Whonix/anon-gw-anonymizer-config/commit/d619a1bf3edeb463dfb75dde15f870e910da6965 * anon-verify: fix enumeration of all Tor config drop-in snippets for new `%include /etc/torrc.d/*.conf` syntax https://github.com/Whonix/anon-gw-anonymizer-config/commit/02f368f72e03e202f1b4e749678d48c4b6396eba [https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor]: * addgroup -> adduser fix https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/6f4104b0db9d2b70d43e16a1af59a6f2338a8582 [https://github.com/whonix/onion-grater onion-grater]: * correct bitcoind binding ports https://github.com/Whonix/onion-grater/commit/38316044dc73eab7519890514db44f044f479d69 (Thanks to nyxnor!) * correct bitcond pattern for all default ports of the chains https://github.com/Whonix/onion-grater/commit/12477ae6da0c82bc79898184c086287a6512a8db (Thanks to nyxnor!) * fix systemd seccomp violation after suspend/resume by adding `SystemCallFilter` `select` Sep 25 01:06:57 host audit[841]: SECCOMP auid=4294967295 uid=106 gid=116 ses=4294967295 subj==/usr/lib/onion-grater (enforce) pid=841 comm="onion-grater" exe="/usr/bin/python3.9" sig=31 arch=c000003e syscall=23 compat=0 ip=0x792fb3bac2a3 code=0x80000000 https://github.com/Whonix/onion-grater/commit/86584992cb4e83873617a9471ac7b05c9e1a0981 [https://github.com/whonix/whonix-firewall whonix-firewall]: * shfmt https://github.com/Whonix/whonix-firewall/commit/48eb9e019551ea714fb6b1ee8de54c3b7c168571 * shfmt https://github.com/Whonix/whonix-firewall/commit/ebc69f2718c9edb8ae6cbb6dc9070108b9a902d1 * shfmt https://github.com/Whonix/whonix-firewall/commit/9d364febd84cdb739f3703975ee39324f21e4d87 * shfmt https://github.com/Whonix/whonix-firewall/commit/4d036535a3ef0faeb7b27d0f5cc4d7e76ca5761c * verbosity https://github.com/Whonix/whonix-firewall/commit/058c03186f9474ba7223a4766d4ed92e89a750ba * set all defaults first before parsing config folder Thanks to @nyxnor for the report! https://forums.whonix.org/t/how-to-unset-firewall-array/15604 https://github.com/Whonix/whonix-firewall/commit/cdf359736aa6e81e0c7200723849afd0b2ba9277 * not opening ports instead of closing, wording https://github.com/Whonix/whonix-firewall/commit/5ec6e1fac57c5dd6d5f6a80170c61476e95141b3 (Thanks to nyxnor!) * be verbose no port is being opened https://github.com/Whonix/whonix-firewall/commit/3c5fd6b4eb446cd997384818bee35d2baf0629bc (Thanks to nyxnor!) * double quote "$@" https://github.com/Whonix/whonix-firewall/commit/682be4c3c74668f21aa873bfe92c3a52d8caf81b (Thanks to nyxnor!) * always inform SOCKSIFIED if set to '0' https://github.com/Whonix/whonix-firewall/commit/b303e37017a25fe6893cc739cde430755f3c1f92 (Thanks to nyxnor!) * print informational messages https://forums.whonix.org/t/print-ports-opened-in-the-firewall/15469 https://github.com/Whonix/whonix-firewall/commit/950cdaf1a721aa3e5230ab83d1fe678b84a64a56 (Thanks to nyxnor!) * make the main script pass arguments to child also make the script be called by path, so easier to test by placing script at /usr/local/bin https://github.com/Whonix/whonix-firewall/commit/6e0dd7bed6138f2121938399b6d30bc9f2016ce1 (Thanks to nyxnor!) [https://github.com/whonix/whonix-welcome-page whonix-welcome-page]: * new file: usr/share/doc/homepage/whonix-welcome-page/img/Search-ahmia.png https://github.com/Whonix/whonix-welcome-page/commit/b62cec05bed9a9c88d4d8db08e0d95f397a05b1a * minor: link to root domain, not index.html https://github.com/Whonix/whonix-welcome-page/commit/6c09f925606c04de7ca9a3a538efeaa6cf32ed8f * ahmia https://github.com/Whonix/whonix-welcome-page/commit/d22f55e315780a68c84f2b718196ed782b8bbb59 * add icon for brave search https://github.com/Whonix/whonix-welcome-page/commit/79cb1bf2f159dcb7beb65b6bacb93e04c39d3962 * Add onions as much as possible instead of TLS only https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/106 https://github.com/Whonix/whonix-welcome-page/commit/50837699666ce86e922ab215e09f615924885956 (Thanks to TNT BOM BOM!) == {{project_name_short}} 16.0.5.3 == TODO: https://forums.whonix.org/t/whonix-16-0-5-3-for-virtualbox-point-release/13817 == {{project_name_short}} 16.0.5.0 == [https://github.com/{{project_name_short}}/derivative-maker derivative-maker]: * rename `Whonix-Workstation-CUSTOM` to `Whonix-Custom-Workstation` https://github.com/{{project_name_short}}/derivative-maker/commit/59f0feb3e06633b08551156a0229a8ef88514aac * fix qcow2 Whonix-Custom-Workstation build https://github.com/{{project_name_short}}/derivative-maker/commit/bb3e5d175cadc123cd4444d4d18703d4a93a2b28 * improve images upload script https://github.com/{{project_name_short}}/derivative-maker/commit/5dbfc39d33f420c769343e5893bf1da5a378392e * introduce variable `dist_build_files_to_upload` https://github.com/{{project_name_short}}/derivative-maker/commit/0f4f4822602c987ac5f3b07919ff24b6345c4691 * improve error message if build dependency is missing https://github.com/{{project_name_short}}/derivative-maker/commit/380d0552bc6365afcdce55822cb9def002f5dcb7 * sanity test https://github.com/{{project_name_short}}/derivative-maker/commit/a28bd92eff008ad480112f5ca7a9f48059c360e8 * sanity test https://github.com/{{project_name_short}}/derivative-maker/commit/7f0c73d95e0a09c1c962f50e13e14b7c577b2ffe * add `--delete --utm` incomplete boilerplate implementation https://github.com/{{project_name_short}}/derivative-maker/commit/2fdcce77c69de6bed06fc27481cae63ccb260ef6 * rename /etc/derivative-makerconfig.d to /etc/buildconfig-dist.d rename derivative-maker to derivative-maker https://github.com/{{project_name_short}}/derivative-maker/commit/cac7bf755068b4977dbaf034df069ac6a95f3ba0 * generic variables names https://github.com/{{project_name_short}}/derivative-maker/commit/6a0c415fc1bd98e42d4bd3ad2102a6cd954f459c * generic variables names https://github.com/{{project_name_short}}/derivative-maker/commit/1c9855844e3483033daff2f169f89af71e028357 [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * remove torrc-d-cleaner since no longer required because Tor now has wildcard support and is configured to parse config files ending with `*.conf` only. https://github.com/Whonix/anon-gw-anonymizer-config/commit/decc367b9412c6171a18a496744353637353cc8c * run repair-torrc from tor-config-sane https://github.com/Whonix/anon-gw-anonymizer-config/commit/827c46e6ec1899ca78200ca626961ebb9aa1e914 * only `%include` config files ending with `*.conf` https://www.whonix.org/wiki/Dev/Tor https://github.com/Whonix/anon-gw-anonymizer-config/commit/3dd761b7a745496e9ad27ef4b8275262175aa1a6 * cleanup, remove workaround for old bug https://forums.whonix.org/t/configuring-onion-service/9042 https://github.com/Whonix/anon-gw-anonymizer-config/commit/0c083154890edf39829ab9038ba5d556f4295395 * downgrade copyright to avoid Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug https://github.com/Whonix/anon-gw-anonymizer-config/commit/e8189b7b9cf72eae1d6dcffd863edd4eb8a79ec1 * workaround for Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug https://github.com/Whonix/anon-gw-anonymizer-config/commit/032aedbdba67fcf2697d946afdf2c980957bba0b [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * add `tor-ctrl` to `whonix-shared-packages-recommended-cli` https://github.com/Whonix/anon-meta-packages/commit/70773aef3432fb380c5e8aeb302d1d7ada65628c [https://github.com/whonix/qubes-whonix qubes-whonix]: * lower debugging https://github.com/Whonix/qubes-whonix/commit/1e81681e31ed64def79994f273bceecd064df1fa [https://github.com/whonix/whonix-firewall whonix-firewall]: * lower debugging https://github.com/Whonix/whonix-firewall/commit/8c682cc28ad2fe0537672c94ebe6e6a232de9356 [https://github.com/whonix/whonix-welcome-page whonix-welcome-page]: * remove hardcoded font, use font from Debian package sources instead https://github.com/Whonix/whonix-welcome-page/commit/2785b2c01eb307d2652391297a6b6fc42730e47b * update copyright since complete rewrite https://github.com/Whonix/whonix-welcome-page/commit/a709e46407a5ffac5977a749b412b256aabc38a4 * Welcome Page Revision https://github.com/Whonix/whonix-welcome-page/commit/56b8aa8b677ac4bc1d9d7c62ab52ab6100c2581f (Thanks to Your Name!) == {{project_name_short}} 16.0.4.2 == [https://github.com/whonix/anon-apps-config anon-apps-config]: * disable Thunderbird default homepage by default to avoid https connection for better security hardening Thanks to @HulaHoop for the suggestion! https://forums.whonix.org/t/canning-thunderbirds-startpage/13007/1 https://github.com/Whonix/anon-apps-config/commit/7892543371ccc224c8fca50a76e71e08704f8afe [https://github.com/Kicksecure/anon-connection-wizard anon-connection-wizard]: * add tag ap_conn_done_pt https://github.com/Kicksecure/anon-connection-wizard/commit/c6685af1a9fc4bbd1c912e7ff3277538baaff893 * add tag conn_done_pt https://github.com/Kicksecure/anon-connection-wizard/commit/850604b878fd1208bdb1c6b08324efac717a5285 * update default bridges https://github.com/Kicksecure/anon-connection-wizard/commit/54fb98886fcbfbce235633773287cb838d382cb5 [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * fix Tor Browser 11.06 - New Identity function error message suppressed subscription to event 'STREAM related to: https://www.whonix.org/wiki/Tor_Browser#New_Tor_Circuit_Function Thanks to @torjunkie to the bug report! https://forums.whonix.org/t/tb-v11-06-new-identity-function-error-message/13326 https://github.com/Whonix/anon-gw-anonymizer-config/commit/39f623f968bb1e143e3c402f008e7c0f7b71a817 * arm -> nyx https://github.com/Whonix/anon-gw-anonymizer-config/commit/2ee2f10eb0115f6b49d6c10df33b35ef9c1db12d * renamed: usr/share/applications/gateway-arm.desktop -> usr/share/applications/gateway-nyx.desktop https://github.com/Whonix/anon-gw-anonymizer-config/commit/0ac977c2ba3b636ed8402e2bf76b3214276bec3a * fix onion-grater-remove https://github.com/Whonix/anon-gw-anonymizer-config/commit/822fe4e4f79dc9f0a3b24ce8a78d6908edbc5985 [https://github.com/Kicksecure/icon-pack-dist anon-icon-pack]: * renamed: usr/share/icons/anon-icon-pack/arm.ico -> usr/share/icons/anon-icon-pack/nyx.ico https://github.com/Kicksecure/icon-pack-dist/commit/6592b37cfed4db2b6e8a2cb856a6f4550ccbbfa7 [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * install kicksecure-default-applications-cli per default on the workstation due to recent kicksecure-meta-packages refactoring https://github.com/whonix/anon-meta-packages/commit/ae6cb1ce8027606782e4202377c2926fc227276a * install kicksecure-recommended-cli by default on gateway and workstation due to refactoring of kicksecure-meta-packages https://github.com/whonix/anon-meta-packages/commit/9c160f1492fd634e0e4baf0a9c498a68476ba571 * remove setup-dist from whonix-shared-packages-dependencies-cli because now part of kicksecure-dependencies-cli https://github.com/whonix/anon-meta-packages/commit/bb5ae8c8580e522406ebd4c255b0c9cf1df237be * improve multiple architecture support / split dummy-dependency package into multiple packages https://github.com/whonix/anon-meta-packages/commit/b52179af6e0db1dfc6e65802b836addb14f13974 [https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo anon-shared-build-apt-sources-tpo]: * fix, update path https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/6c529f3d83b8fd34c88b7940d38b4e0efb12c283 [https://github.com/whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor]: * Tor emulation: fix, pass all command line options to `tor` when being called with `--verify-config` https://github.com/nyxnor/tor-ctrl/issues/9 https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/e6c05d99006849caf4326d58d4cca4cb0e001c1b * implement `tor --verify-config` tor-ctrl uses 'tor --verify-config' fixes https://github.com/nyxnor/tor-ctrl/issues/9 https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/7a1e0b59d39bc705c1e39be69a2c3dedb04c0f04 [https://github.com/Kicksecure/apparmor-profile-everything apparmor-profile-everything]: * ConditionPathExists=!/run/qubes-service/no-sdwdate https://github.com/Kicksecure/apparmor-profile-everything/commit/da5e8a834380e520877ec51f2bcfe78e3e688cf3 [https://github.com/Kicksecure/apparmor-profile-hexchat apparmor-profile-hexchat]: * harden profile and remove xchat support https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951331#23 https://github.com/Kicksecure/apparmor-profile-hexchat/commit/d2a9d37b0e387144ed8e73a16c4a0c4037d1f984 [https://github.com/Kicksecure/bootclockrandomization bootclockrandomization]: * ConditionPathExists=!/run/qubes-service/no-bootclockrandomization ConditionPathExists=!/run/qubes-service/no-bcr https://github.com/Kicksecure/bootclockrandomization/commit/f02a3553c61a901d6ce98d1d5629be4c2a032cdf * Make delay_plus_or_minus overridable via env var https://github.com/Kicksecure/bootclockrandomization/commit/1837346b080132d3f7ca8dac81d13d489cfa2662 (Thanks to deeplow!) [https://github.com/Kicksecure/helper-scripts helper-scripts]: * `/usr/libexec/helper-scripts/terminal-wrapper`: add support for `gnome-terminal` https://github.com/Kicksecure/helper-scripts/commit/d3390d4c0889794204791329555615756ed4aa40 * hardened-malloc-type-test: Hardened Malloc version 10 compatibility https://github.com/Kicksecure/helper-scripts/commit/893974f9ee9ac69a9e55c37692818fd7d63b48b7 * anon-consensus-del: also restart vanguards https://github.com/Kicksecure/helper-scripts/commit/a70612f9ca94a2b84697dc27792fdd0f7f74ad40 * `/usr/libexec/helper-scripts/curl_exit_codes`: add newer curl exit codes https://github.com/Kicksecure/helper-scripts/commit/54e2888ccf378ae60127b26774407460041cb8e5 [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: * install kicksecure-default-applications-cli by default in Kicksecure https://github.com/Kicksecure/kicksecure-meta-packages/commit/ea7851dedf6b7a7f5df9b6b3a71d35726793e116 * split into kicksecure-recommended-cli and kicksecure-default-applications-cli https://github.com/Kicksecure/kicksecure-meta-packages/commit/f1790451a9ccb3883a3fef70963cdf7266a8a271 * add setup-wizard-dist to kicksecure-desktop-applications-recommended https://github.com/Kicksecure/kicksecure-meta-packages/commit/dbb182f8b4de5f13f3f82efc103f06a5236832f0 * add setup-dist to kicksecure-dependencies-cli https://github.com/Kicksecure/kicksecure-meta-packages/commit/4dd31bd6d25e43a8cf4d675b8f030d13fd7d1057 * add systemcheck to kicksecure-recommended-cli https://github.com/Kicksecure/kicksecure-meta-packages/commit/0062df31d04a136b013bccabfac9c4f28e2e699d * move a lot packages from kicksecure-dependencies-cli to kicksecure-dependencies-cli since this is more apprpriate. haveged, jitterentropy-rngd, man-db, bzip2, net-tools, dnsutils, iputils-ping, file, lsof, pciutils, strace, sysfsutils, procps, e2fsprogs, less, most, apparmor-utils, bash-completion, nano, udisks2, libblockdev-crypto2, sensible-utils, secure-delete, openvpn, curl, wget, usability-misc, open-link-confirmation, hardened-malloc | dummy-dependency https://github.com/Kicksecure/kicksecure-meta-packages/commit/2e4eec07603c539807a5429f26ef81fbe7769c0a * no longer install zsh by default https://github.com/Kicksecure/kicksecure-meta-packages/commit/19eaae178b143662f0309a2505705d943cf97cd6 * add equivs to kicksecure-recommended-cli https://github.com/Kicksecure/kicksecure-meta-packages/commit/80704660561357a7f377dbc562968386b2173613 * legacy https://github.com/Kicksecure/kicksecure-meta-packages/commit/cb20b19da6400f83b59bd5f5b601c9bbf20e86d4 * legacy https://github.com/Kicksecure/kicksecure-meta-packages/commit/0c14c945ed13d36ff78ccc0a30b544b40ac63da9 * hardened-malloc-kicksecure-enable -> hardened-malloc-light-enable https://github.com/Kicksecure/kicksecure-meta-packages/commit/d7e51eebebe6faeb1a580cc7cde83412da9e68f3 * improve multiple architecture support / split dummy-dependency package into multiple packages https://github.com/Kicksecure/kicksecure-meta-packages/commit/bdfcbc1d60fd39368715e39b3a5ca6b6d84a2726 * dummy-dependency: remove lkrg, binaries-freedom, orca-screen-reader-support for simplicity because these packages are not a dependency yet https://github.com/Kicksecure/kicksecure-meta-packages/commit/3f1cea7767ccc6e01b6a9e5a0d6893571b3d70ba [https://github.com/Kicksecure/live-config-dist live-config-dist]: * version https://github.com/Kicksecure/live-config-dist/commit/f9aa298ec0b8cf38e52ead61daa5093bb1b4f445 [https://gitlab.com/kicksecure/monero-gui monero-gui]: * monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200018/https://github.com/monero-project/monero-gui/releases/tag/v0.17.3.0 https://web.archive.org/web/20211213200116/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200210/https://www.getmonero.org/downloads/hashes.txt https://gitlab.com/kicksecure/monero-gui/-/commit/0d9356e5f8815fd9cade046e1a357e853814884b * delete for upcoming update https://gitlab.com/kicksecure/monero-gui/-/commit/198b2df3c2c23767f7f9b6f1dbc4078bcd67ed0b [https://github.com/Kicksecure/msgcollector msgcollector]: * `/usr/libexec/msgcollector/error_handler`: fix exit code capturing https://github.com/Kicksecure/msgcollector/commit/77a6c4d465dc998470e290a5ada5356ad70cc748 [https://github.com/whonix/onion-grater onion-grater]: * disable `ProcSubset=pid` due to onion-grater crash at startup > onion-grater[23859]: FileNotFoundError: [Errno 2] No such file or directory: '/proc/stat' https://github.com/Whonix/onion-grater/commit/4b13181ac4743c9a969164b81bf840eb85325fb7 * fix, prevent dh_compress from compressing the OnionShare onion-grater profile Thanks to @DaemonFuu for the bug report! https://forums.whonix.org/t/onion-grater-deb-package-contains-compressed-40-onionshare-yml/13154 https://github.com/Whonix/onion-grater/commit/e36db8f769230959ea07ce44ede333aef00a39e5 * towards OnionShare 2.4 support https://github.com/Whonix/onion-grater/commit/63eb2f20b302dbdb902629d166c444bb4826d4df * towards OnionShare 2.4 support https://github.com/Whonix/onion-grater/commit/132ac995c750d6fd19e095bf1f2fc76f41985ee6 * towards OnionShare 2.4 support https://github.com/Whonix/onion-grater/commit/2d67dfddb301ed0589f368b47051cdd74e745c61 [https://github.com/Kicksecure/open-link-confirmation open-link-confirmation]: * add infinite recursive loop protection https://github.com/Kicksecure/open-link-confirmation/commit38e03d1737b185934fc0a6f4c3558b1666c2a978 [https://github.com/whonix/qubes-whonix qubes-whonix]: * `/usr/share/tinyproxy/default.html.anondist`: also customize html body in case tinyproxy does not show html head https://github.com/Whonix/qubes-whonix/commit/47fb073dae35b9e6b23b6c5a227a85ed7f129ee3 * qvm-sync-clock.anondist code simplification https://github.com/Whonix/qubes-whonix/commit/1359ef3e47715c04d4a4d071b3ca0679a4020b01 * initial version of qvm-sync-clock.anondist https://github.com/Whonix/qubes-whonix/commit/f2190c69cb5859b0f0b6242fc20a84811ef83fb3 [https://github.com/Kicksecure/sdwdate sdwdate]: * do not start `qubes-sync-time` (conflicts with `sdwdate`), if file `/etc/sdwdate.d/qubes-sync-time-disabled-by-sdwdate.marker` exists. That file exists in a default sdwdate installation. https://github.com/Kicksecure/sdwdate/commit/96151eb6a7c061f7ce56bb1c76a327cbc90046a3 * fix sdwdate-log-viewer to include seccomp failures https://forums.whonix.org/t/sdwdate-loop-conclusion-tor-already-reports-circuit-established-seccomp-issue/13260/13 https://github.com/Kicksecure/sdwdate/commit/8bb53ef360939fe4529f3c39e5811ee44ea96c75 * update 20_arch_syscall_whitelist.conf unlinkat needs to be whitelisted otherwise sdwdate fails with error: SECCOMP auid=4294967295 uid=102 gid=108 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=3328 comm="sdwdate" exe="/usr/bin/python3.9" sig=31 arch=c00000b7 syscall=35 compat=0 ip=0xf37077846c74 code=0x80000000 https://github.com/Kicksecure/sdwdate/commit/6b5f10195133d88fdc89d2fe737651fbf2e07063 (Thanks to Emanuele Rossi!) * ConditionPathExists=!/run/qubes-service/no-sdwdate https://github.com/Kicksecure/sdwdate/commit/e6032989d3053e92758aefc83e3413c593de354c * add qubes-sync-time.service and qubes-sync-time.timer to sdwdate-log-viewer https://github.com/Kicksecure/sdwdate/commit/8911f33e4d48877ad415379c7e252318c255a9d9 * add `bootclockrandomization.service` to sdwdate-log-viewer https://github.com/Kicksecure/sdwdate/commit/caca7f412c4b19b5c7db2e3394a870e4d5124fa7 * Qubes suspend post: disable qubes.GetRandomizedTime since no longer required. sdwdate / anondate can nowadays fix the time without it. https://github.com/Kicksecure/sdwdate/commit/6215a9ea996e9db970059c3b4ad58d17016b7483 * Qubes suspend pre/post: disable restart of Tor since that is no longer required. And even if it was required, this would be handled by sdwdate / anondate. https://github.com/Kicksecure/sdwdate/commit/7a43153a2fe80eb492b1abf14f1f20bb66da02f5 * `date --utc` https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/17 https://github.com/Kicksecure/sdwdate/commit/0d43f1a2a6f8796d6d46e34a81788a0a7293f089 [https://github.com/Kicksecure/sdwdate-gui sdwdate-gui]: * notify-shutdown: skip notify shutdown if sdwdate is not running https://github.com/Kicksecure/sdwdate-gui/commit/374bc31c8bd97de6e2f4f578e120daf70527e9eb * do no autostart if file /run/qubes-service/no-sdwdate exists https://github.com/Kicksecure/sdwdate-gui/commit/c694998f22e36ff142213ff177e789acec3f2dce * ConditionPathExists=!/run/qubes-service/no-sdwdate https://github.com/Kicksecure/sdwdate-gui/commit/7d9b5044a35d19e44454e0fbdf34efa055b30ef5 * restart action: use `sdwdate-clock-jump` instead of restarting sdwdate manually https://github.com/Kicksecure/sdwdate-gui/commit/a60a996ce2228830607aa7afdde8aec9d512daa0 * port to QREXEC_REMOTE_DOMAIN part of https://phabricator.whonix.org/T930 https://github.com/Kicksecure/sdwdate-gui/commit/21d35022ab47dde44eacbef75c5d6c2260125521 * fix "Denied: whonix.NewStatus" dom0 permission when shutting down Whonix-Gateway [Qubes OS 4.1] Thanks to @unknown for the bug report! https://forums.whonix.org/t/qubes-os-4-1-denied-whonix-newstatus-dom0-permission/12954 https://github.com/Kicksecure/sdwdate-gui/commit/e371e234a15cbaf89181798a204192d2a92df089 * `sdwdate-gui-shutdown-notify.service`: `Before=shutdown.target umount.target final.target` https://github.com/Kicksecure/sdwdate-gui/commit/d4f963b6e5aa434dfc38229faaf2a7eef932dde4 * avoid start/restart of sdwdate-gui notify shutdown service during package install/upgrade dh_installsystemd --no-start --no-stop-on-upgrade https://github.com/Kicksecure/sdwdate-gui/commit/5141ec63cd230ec825e7f15ff5d74e81605b174f [https://github.com/Kicksecure/security-misc security-misc]: * fix, skip deletion of system.map files on read-only filesystems This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324 https://github.com/Kicksecure/security-misc/commit/4f6f588fb53d2756d867ac7e29fb42f4f8fdb335 [https://github.com/Kicksecure/setup-wizard-dist setup-wizard-dist]: * Kicksecure https://github.com/Kicksecure/setup-wizard-dist/commit/30a03972b164f91faa20e11d50fb4ec2d5ffea0d [https://github.com/Kicksecure/systemcheck systemcheck]: * Kicksecure https://github.com/Kicksecure/systemcheck/commit/3f2d5f8b4082e148c9d293c1f22bf7f50697655b * Kicksecure https://github.com/Kicksecure/systemcheck/commit/9ba59c89e4f651463cb23007a7f921be419145c1 * fix, skip check_network_interfaces eth0 on Kicksecure https://github.com/Kicksecure/systemcheck/commit/4051ffb6afc07dddee329117e93e3656d971d6d3 * use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 https://github.com/Kicksecure/systemcheck/commit/f200d0fd05a097734f346e89a50fc1a4dab39574 [https://github.com/Kicksecure/tb-starter tb-starter]: * update links to documentation https://github.com/Kicksecure/tb-starter/commit/756060c7ee158d3d156c1d9129b90c57f4bbd664 [https://github.com/Kicksecure/tb-updater tb-updater]: * alpha tbb_hardcoded_version="11.5a2" https://github.com/Kicksecure/tb-updater/commit/4cdf6dbbf79c19ecfc8f8a9ff0cc4f48f494b14e * tbb_hardcoded_version="11.0.6" https://github.com/Kicksecure/tb-updater/commit/e4f73a11bd0e01ccbee63eccd2c04b01c6234110 * update links to documentation https://github.com/Kicksecure/tb-updater/commit/b6d5ef20fcca243e32f7c0c51f63dbc74c04915a * update links to documentation https://github.com/Kicksecure/tb-updater/commit/c3a7e8205a2474f6d12afe8810b51a3c6691dd84 * tbb_hardcoded_version="11.0.4" https://github.com/Kicksecure/tb-updater/commit/13b84940fe14cce61a3c9046e320d49461ae695e * tbb_hardcoded_version="11.0.3" https://github.com/Kicksecure/tb-updater/commit/09c73931fef1bfa39f59a5395baef2757ac66688 * switch to "direct" digital signature verification - no longer download and verify sha256 hash file as this is no longer required - use only `gpg` to verify digital signature of Tor Browser - higher security - code simplification This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`. - https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077 - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759 Unfortunately this breaks arm64 downloads. - https://forums.whonix.org/t/arm64-tor-browser/11806 https://github.com/Kicksecure/tb-updater/commit/f79cb405e16aebbb70f63032089ae7fbac6df9f1 * tbb_hardcoded_version="11.0.2" https://github.com/Kicksecure/tb-updater/commit/279125241b1f27c167792a56d14830deb1a39836 * alpha tbb_hardcoded_version="11.5a1" https://github.com/Kicksecure/tb-updater/commit/161a93905fed20c969603eef8359f233da94735a * add updated signing key as annoucned here: https://blog.torproject.org/new-release-tor-browser-115a1/ Thanks to @pgerber for the bug report! fixes https://github.com/Kicksecure/tb-updater/issues/16 https://github.com/Kicksecure/tb-updater/commit/ab1700b724bfb50002ac5d3a793765b96ebc3ca8 * use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 https://github.com/Kicksecure/tb-updater/commit/57e9817fd41d70462dbc04908db7bebbafa5140c [https://github.com/Kicksecure/tor-control-panel tor-control-panel]: * add tag ap_conn_done_pt https://github.com/Kicksecure/tor-control-panel/commit/4e4f87b865c61dcc98a8611e3306dbd39ccdc6dd * fix parsing Tor config file is using plain (not using pluggable transport) bridge https://forums.whonix.org/t/bridges-dont-work/13210/12 https://github.com/Kicksecure/tor-control-panel/commit/05a733f9952054708786b158201f2d431f6cb3b1 * add tag conn_done_pt https://github.com/Kicksecure/tor-control-panel/commit/dabfac891b3defb46900db8821805cee02b0025e * update default bridges https://github.com/Kicksecure/tor-control-panel/commit/15fd57ac7aa82196a64361e9891690ed49ac68b8 [https://github.com/Kicksecure/developer-meta-files developer-meta-files]: * disable buster https://github.com/Kicksecure/developer-meta-files/commit/be5c0f984e3745f3a7361bd345c25d5bdf967ddb * delete unused release/new_release https://github.com/Kicksecure/developer-meta-files/commit/c47672486c5a7b86b067206787ffe9e9ca5d5e8d * remove old Whonix news files https://github.com/Kicksecure/developer-meta-files/commit/812dd00037a4d02bb8ed10d425a1b0f0eb35da2a * disable buster https://github.com/Kicksecure/developer-meta-files/commit/d7d07a729ef28467bcdb348bcd4514067433d293 * whonixdevelopermetafiles -> developer-meta-files https://github.com/Kicksecure/developer-meta-files/commit/8da9fac06e1f3799bf267bbc63a997802b013631 * use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 https://github.com/Kicksecure/developer-meta-files/commit/99e2726a2e36bfdda5572fb03a5647a54747b32a * deleted: release/upload_whonix_news_v4 https://github.com/Kicksecure/developer-meta-files/commit/f36b3550f849f6cef3fd372276973c82c98107ce * include kicksecure https://github.com/Kicksecure/developer-meta-files/commit/9af0fd941b3ec7a7befcdbdf12442197a90e1e5d [https://github.com/whonix/whonix-firewall whonix-firewall]: * use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 https://github.com/Whonix/whonix-firewall/commit/cda126ad2bdde60c42a3fc3349845ad3afc5ebf4 [https://github.com/whonix/derivative-maker Whonix build script]: * tor-ctrl https://github.com/{{project_name_short}}/derivative-maker/commit/38827606b04cd08e7439e27e3c79216ab36879bf * add tor-ctrl https://github.com/{{project_name_short}}/derivative-maker/commit/e90bc12bfbbb1754cf4b3863c772b38e9e116acb * squashfs-tools-ng https://github.com/{{project_name_short}}/derivative-maker/commit/0f682f9dd382897fc55f87f35b8b0462e336aa89 * remove buster repository https://github.com/{{project_name_short}}/derivative-maker/commit/ed5a8a6fce5f6d3963c6dcc2966138354a6858fe == {{project_name_short}} 16.0.3.7 == [https://github.com/Kicksecure/anon-apt-sources-list anon-apt-sources-list]: * Depends: fasttrack-archive-keyring. https://github.com/Kicksecure/anon-apt-sources-list/commit/9f7f8a607b5410672fb3d35d5613de5f83cdc6de [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * Moved anon-consensus-delete to helper-scripts (as anon-consensus-del). https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4977845b00c43253bbcd7972bf91ddf88497f0f [https://github.com/whonix/anon-gw-base-files anon-gw-base-files]: * KVM desktop background. https://github.com/Whonix/anon-gw-base-files/commit/654f88a52a649c92b52e2304f886be7260d4ff77 [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * Moved kicksecure-recommended-cli from whonix-shared-packages-recommended-cli to kicksecure-recommended-cli. https://github.com/whonix/anon-meta-packages/commit/eca63bd00415f7f2365aff736bd5a76d9fb0968b * Removed packages pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, and makepasswd from whonix-workstation-packages-recommended-cli since these will be moved to kicksecure-meta-packages. https://github.com/whonix/anon-meta-packages/commit/ad8163d84b826f18bf3cfe50c98dabe8c9b41d59 * No longer install python3-msgpack by default; it is no longer needed and was removed from whonix-workstation-packages-recommended-cli. https://github.com/whonix/anon-meta-packages/commit/fd008df8d2a0f9bcebdaef7c9281837c2827f628 * Remove legacy packages. https://github.com/whonix/anon-meta-packages/commit/e9ea226efe8ad88735383bdb5b43e701604f3604 https://github.com/whonix/anon-meta-packages/commit/3f029f172961d28458e3ed7cdffa61285d06dd3c [https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo anon-shared-build-apt-sources-tpo]: * Ensure compatibility with APT signed-by; port to `apt-key-install` by package helper-scripts. https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/15e0d448a25d91f1f258c44c70452efb0f74c2e8 * `/etc/apt/sources.list.d/torproject.list`: use APT `signed-by`. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 https://support.torproject.org/apt/ https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/882a14d0627b2fc0afa06bd7fed56070d78b4ed5 [https://github.com/whonix/anon-ws-base-files anon-ws-base-files]: * KVM desktop background. https://github.com/Whonix/anon-ws-base-files/commit/e859c9baa21176f39c9c5310c03d59710893678a [https://github.com/Kicksecure/apparmor-profile-everything apparmor-profile-everything]: * `sdwdate-aae.service`: Backported changes from sdwdate. https://github.com/Kicksecure/apparmor-profile-everything/commit/3b2c68137002add0126462bc8bc03f1d26f8922a [https://github.com/Kicksecure/grub-live grub-live]: * Fixed dependencies. https://github.com/Kicksecure/grub-live/commit/c8e7c06774a25cb4da426641701c6622ebb52642 [https://github.com/Kicksecure/helper-scripts helper-scripts]: * Disabled anondate AppArmor profiles because they are not ready. https://github.com/Kicksecure/helper-scripts/commit/d7d9e5323bf68925090b1965d4955185b77387d7 * `onion-time-pre-script`: Do not use `anondate-set` on {{project_name_workstation_long}} because sdwdate can establish onion connections irrespective of {{project_name_workstation_long}} system clock (so long as {{project_name_gateway_long}} Tor is functional). https://github.com/Kicksecure/helper-scripts/commit/79ed8b3ceb1cd1e96a5e84c9006da756f0e69180 * `/usr/libexec/helper-scripts/terminal-wrapper`: Added support for adding window title for `xfce4-terminal` emulator through the `terminal_emulator_window_title` environment variable. https://github.com/Kicksecure/helper-scripts/commit/c65c560cee7ba194b374a0f75370bd215d60a69d * anondate-get: If Tor consensus time is later than the system clock, but minimum time is later than the Tor consensus time, show the minimum time instead of no result. https://github.com/Kicksecure/helper-scripts/commit/73e232e41e8b24a7cfa9db22ee23ad365a18bb05 * onion-time-pre-script: Added a user check to prevent broken file permissions. https://github.com/Kicksecure/helper-scripts/commit/1b5397fd6b3a3826ab6dfaa2121a8f98aee276c2 * anondate-set: Disabled Tor restart code since it is not needed. https://github.com/Kicksecure/helper-scripts/commit/9e8627cf147cdabe36d65bc69a24eb987ce95374 * Added `usr/sbin/anon-consensus-del-files`. https://github.com/Kicksecure/helper-scripts/commit/4c4c2ba5d5ae76ab0400ee1f0dc9736f967ec087 * Split into `anon-consensus-del` and `anon-consensus-del-files`. https://github.com/Kicksecure/helper-scripts/commit/4b0497157282b44598e1c5b6d1eefa6372b5c531 * Created a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. https://github.com/Kicksecure/helper-scripts/commit/3de950184dc5c7d08230dd865f226ce9e124310b * anondate: Unduplicated output in journal https://github.com/Kicksecure/helper-scripts/commit/18e02945bd021996a0a4d90c04a6dd0cae5e79c0 and lowered verbosity to avoid spamming logs. https://github.com/Kicksecure/helper-scripts/commit/21f03ed1009107e10b36695881ca86b43013ed8f * onion-time-pre-script: Added a counter for how many times a script was run; output. https://github.com/Kicksecure/helper-scripts/commit/84c4121938d8d8d1d73bc43fd0c842777b8508f0 * Added `/usr/libexec/helper-scripts/origins-parser`. https://github.com/Kicksecure/helper-scripts/commit/0493bc3de3a561b66e309fa9e936cd2e6433f583 * anondate-set: Ensure the system clock is not set backwards. https://github.com/Kicksecure/helper-scripts/commit/543978493b230fb77616a7ce59551c8595603e2a * Updated `minimum_unixtime`. https://github.com/Kicksecure/helper-scripts/commit/f583d7d0041ab4cec4031346591f2206e130ba62 * aa-logprof corrections. https://github.com/Kicksecure/helper-scripts/commit/634368a2e49f554cdfaa1c4a00d7a4d73daad404 * anondate-get: The minimum time is shown instead if it is later than Tor certificate lifetime. https://github.com/Kicksecure/helper-scripts/commit/3659666a92054b628c2b8c762a56cdfc5a184452 * Fixed certificate lifetime parsing by anondate. https://github.com/Kicksecure/helper-scripts/commit/b752d08ac8797211953bc5361e3411e5db4133bc * Fixed parsing Tor consensus time if Tor has not fetched a Tor consensus yet. https://github.com/Kicksecure/helper-scripts/commit/d6b085322005f92f1aeb8ae9cb951921c7f77ab4 * Added anondate output to journal (and therefore sdwdate-log-viewer). https://github.com/Kicksecure/helper-scripts/commit/3449194476ab5e31035fe011c259aa4074fa508e * Rebased AppArmor profiles on aa-logprof. https://github.com/Kicksecure/helper-scripts/commit/ba05cd447fab73c1f95bb47008ab3721fc39a512 * Redesigned recovery from a slow clock. https://github.com/Kicksecure/helper-scripts/commit/4746cbd02d32b4e513accaed677c0bee28b531f6 * Imported anon-consensus-del from anon-gw-anonymizer-config. https://github.com/Kicksecure/helper-scripts/commit/48a0adb850051907efcb41e1643453ac08d966ce [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: * Removed fasttrack-archive-keyring from kicksecure-recommended-cli (added to anon-apt-sources-list). https://github.com/Kicksecure/kicksecure-meta-packages/commit/fb962e2c0062c086a0034f5ef3ac2a31416a278b * Added pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, makepasswd to kicksecure-recommended-cli. https://github.com/Kicksecure/kicksecure-meta-packages/commit/13f4ca0314080f2d2591462252bb929a9a20bfd1 * Added firefox-esr. https://github.com/Kicksecure/kicksecure-meta-packages/commit/a973ec1758afce15af75be1a63972edb140a61e2 Appreciation is expressed to @HulaHoop. * Continued removal of Chromium. https://github.com/Kicksecure/kicksecure-meta-packages/commit/7a41d45da8d3692484c97d27947183234ff4a79d https://github.com/Kicksecure/kicksecure-meta-packages/commit/d458baa0ec28b46ed88ba72273b5748eed54d6c0 Appreciation is expressed to @HulaHoop. * Legacy fixes. https://github.com/Kicksecure/kicksecure-meta-packages/commit/92fa630d2b242b350beed87fc0465fa9adf6f6ce [https://github.com/Kicksecure/msgcollector msgcollector]: * Improved `/usr/lib/systemd/user/usertest.service`. https://github.com/Kicksecure/msgcollector/commit/807d3ed9154a226ff9bb737c69fbf05a59f52efb * `/usr/libexec/msgcollector/one-time-popup`: Create a folder if not existing (mkdir -p). https://github.com/Kicksecure/msgcollector/commit/2febd8e861b1fafb4c6a55fba8dc09473805263e [https://github.com/Kicksecure/rads rads]: * Removed unnecessary `--no-restart-after-upgrade` ("Undo a previous --restart-after-upgrade (or the default of compat 10). If no other options are given, this will cause the service to be stopped in the prerm script and started again in the postinst script."). https://github.com/Kicksecure/rads/commit/c79945c2103b5c049f6411747b6aa472a65d726d * Removed `--no-restart-on-upgrade` ("Note that the --no-restart-on-upgrade alias is deprecated and will be removed in compat 14. This is to avoid confusion with the --no-restart-after-upgrade option."). https://github.com/Kicksecure/rads/commit/372540203b789c1b6eb615f5ad942d76a52c0796 * Added a hint on how to switch virtual console, see: [[Desktop#Virtual_Consoles|Virtual Consoles]]. https://github.com/Kicksecure/rads/commit/9bebad7d1e8dd8cb0cdc5244f19203be3045c667 * Added a workaround for issue "no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)". Gnome's gdm display manager's systemd unit replaces tty1 even in case gdm is not started. This workaround essentially runs `chvt 2` in case rads does not start a display manager such as gdm (in case there is not enough RAM). This has restored the behavior of a user being greeted with an agetty login prompt. See: [https://forums.whonix.org/t/no-login-prompt-getty-started-on-tty1-anymore-in-whonix-16-debian-bullseye-based/12475 no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)]. https://github.com/Kicksecure/rads/commit/0fdcee7f930e6f7af5e838b3a273b9b76accd904 [https://github.com/Kicksecure/sdwdate sdwdate]: * Improved tests. https://github.com/Kicksecure/sdwdate/commit/ed4f91095545414539d8a9e14e8f4e81afa9883a * Run `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher` under user/group `sdwdate`. https://github.com/Kicksecure/sdwdate/commit/33f2667c404103f3d39fd139c2cedf55b1731a97 * Renamed: `lib/systemd/system/sdwdate-restart-tor-request-file-watcher.service` → `lib/systemd/system/sdwdate-start-anondate-set-file-watcher.service`. https://github.com/Kicksecure/sdwdate/commit/df3c81a547181e2ff6774a2d963c2d8eeb85475b * Renamed: `usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. https://github.com/Kicksecure/sdwdate/commit/6ac8dea8aa72b88cc89e78176c0fdc260180093d * Implemented a more descriptive file name: `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. https://github.com/Kicksecure/sdwdate/commit/7c14d799afd992c3ec98122f1cf9da75fd75588c * Implemented a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. https://github.com/Kicksecure/sdwdate/commit/ff0dba14988e482eeab00e74367f302835fadfae * Added `/usr/libexec/sdwdate/sdwdate-test`. https://github.com/Kicksecure/sdwdate/commit/73e3b075d70ca08a8bd75a4e80933fa20d22af93 * Moved sclockadj compilation from a postinst to systemd unit to allow simplification of dependency resolution during release upgrade. https://github.com/Kicksecure/sdwdate/commit/3986d420d44f147a3ca489c075ab564f1410fe10 * Ported to pathlib fix TypeError: 'missing_ok' is an invalid keyword argument for remove(). https://github.com/Whonix/updates-status/issues/105 https://github.com/Kicksecure/sdwdate/commit/bfdea776ba638541c4d2b168a32588c3721a71a3 Appreciation is expressed to @marmarek for the bug report. * Added seccomp utimensat Sep 23 15:37:39 host audit[33040]: SECCOMP auid=4294967295 uid=111 gid=121 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=33040 comm="touch" exe="/usr/bin/touch" sig=31 arch=c000003e syscall=280 compat=0 ip=0x70ca67e4bafa code=0x80000000. https://github.com/Kicksecure/sdwdate/commit/525716fb646d7654d065fbc16ae4af802ec552df * Added sdwdate-log-viewer. https://github.com/Kicksecure/sdwdate/commit/ecf9e8a38b248ff4815caafb0d8c9548c1a7aadb * Rewrite profile using aa-logprof. https://github.com/Kicksecure/sdwdate/commit/540df96abf3dbc338ff48c38b2896a11615fc293 * Redesigned recovery from a slow clock. https://github.com/Kicksecure/sdwdate/commit/87cab6af3ed8b9f18c74e47f3f93afaab833ffe8 * Ensure Tor consensus is deleted before restarting Tor in `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` to increase robustness of recovering from skewed time. See: [[Dev/TimeSync|TimeSync: {{project_name_short}} Time Synchronization Mechanism]]. https://github.com/Kicksecure/sdwdate/commit/650ee383881a3223310b576ffe0c480bd4535d3f * Fixed and excluded sdwdate-pre (addgroup) from SystemCallFilter. See: [https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/165 Whonix on Mac M1 (ARM)]. https://github.com/Kicksecure/sdwdate/commit/efb78881f58d5c4198deac881a1123281b4d741c * `usr/libexec/sdwdate/sdwdate-addgroup` → `usr/libexec/sdwdate/sdwdate-pre`. https://github.com/Kicksecure/sdwdate/commit/7d93312c1a7bdb288a36227410d1df5898586bc9 * Fixed sdwdate addgroup if failed during build process. https://github.com/Kicksecure/sdwdate/commit/0f509ebc045ae88314f0abfe6faac1ddd48a8440 [https://github.com/Kicksecure/sdwdate-gui sdwdate-gui]: * sdwdate-gui log viewer: set the window title. https://github.com/Kicksecure/sdwdate-gui/commit/933883ec710eb0a5a43a276e0c6789b7744d42a3 * Fixed harmless but nuisance warnings in Qubes R4.1 "Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-gw-16_shutdown from whonix-gw-16 to sys-whonix" "Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-ws-16_shutdown from whonix-ws-16 to sys-whonix" by preventing `sdwdate-gui-shutdown-notify.service` from running inside the Template. Appreciation is expressed to @zellchristensen for the bug report and @marmarek for the bug diagnosis. https://github.com/QubesOS/qubes-issues/issues/6983 https://github.com/Kicksecure/sdwdate-gui/commit/5d844f993af7bc69c30140d35de8b8cf72331780 [https://github.com/Kicksecure/swap-file-creator swap-file-creator]: * `dh_installsystemd --no-stop-on-upgrade`: Use --no-stop-on-upgrade to not stop (and therefore not restart) the swap-file-creator systemd unit after package upgrade since there is no reason to re-create the swap file during upgrade of this package. --no-start is unused because a swap file should be created after installation of this package. dh_installsystemd manpage: --no-stop-on-upgrade "Do not stop service on upgrade. This has the side-effect of not restarting the service as a part of the upgrade." https://github.com/Kicksecure/swap-file-creator/commit/f03cd0c0c18a384a3440e9dbe1adebdeafa6d496 * Lowered the verbosity of output during boot to avoid a "swap file created" message overwriting the console login prompt. The alternative, configuring the login prompt to wait for swap-file-creator to be done instead would lead to a slower boot process. https://github.com/Kicksecure/swap-file-creator/commit/b2b9dae3c16cacc6f786a74ac0fe723cd7794735 [https://github.com/Kicksecure/systemcheck systemcheck]: * Moved the location of the deprecation popup. https://github.com/Kicksecure/systemcheck/commit/078eb326852c504640fc12c0dcff0fca35ee74ed * Ensure the deprecation notice is shown during a package upgrade. https://github.com/Kicksecure/systemcheck/commit/e3a5ee7d47f761b7c920e80ac0e15fd25cd24536 * Added a deprecation notice popup. https://github.com/Kicksecure/systemcheck/commit/5f0c7deab97101c0217af07e4cf62cf2c45c8b06 * `usr/libexec/systemcheck/canary-download.py` → `usr/libexec/systemcheck/canary-download`. https://github.com/Kicksecure/systemcheck/commit/001fa395bf22f62a12296b719600b06fbf56c944 * `etc/apparmor.d/usr.lib.systemcheck.canary` → `etc/apparmor.d/usr.libexec.systemcheck.canary`. https://github.com/Kicksecure/systemcheck/commit/8e8b0854a37f19626e2f017457a67d4e8ce506e0 [https://github.com/Kicksecure/tb-updater tb-updater]: * Update: tbb_hardcoded_version="11.0.1". https://github.com/Kicksecure/tb-updater/commit/79c0779916d9707a4a75e0bdf39749395f979d74 * Took out the passage about removed backup functionality. https://github.com/Kicksecure/tb-updater/commit/d9a5d7d11d4caf198f21a2f32b9aaa733a4ad17d Appreciation is expressed to Frank. * Update: alpha tbb_hardcoded_version="11.0a10". https://github.com/Kicksecure/tb-updater/commit/862bc8c882af3ce06435d7197787420376d8fd51 * Update: tbb_hardcoded_version="11.0". https://github.com/Kicksecure/tb-updater/commit/73c5d33fbfb63552cbbc8e501f197bd51efa8573 * Update: alpha tbb_hardcoded_version="11.0a9". https://github.com/Kicksecure/tb-updater/commit/9f0ab50d81b662ff54f915d58b800c8151976958 * Update: tbb_hardcoded_version="10.5.10". https://github.com/Kicksecure/tb-updater/commit/3ae332a8726a45359b1a323593816f93b61fb00b * Further updates: tbb_hardcoded_version. https://github.com/Kicksecure/tb-updater/commit/5bbbbcb4e2bd3792c8fbeb81e68360d75fcdbb4a [https://github.com/Kicksecure/timesanitycheck timesanitycheck]: * Updated `/usr/share/timesanitycheck/minimum_unixtime`. https://github.com/Kicksecure/timesanitycheck/commit/a2ae8d50a0ff51fae27b65971f3751b7d071c082 * Fixed a typo, renamed `/usr/share/timesanitycheck/date-minium-file-create` → `/usr/share/timesanitycheck/date-minimum-file-create`. https://github.com/Kicksecure/timesanitycheck/commit/84e27705b4b547f885ac7aa1af18fff12ecbb0dd * Updated `/usr/share/timesanitycheck/minimum_unixtime`. https://github.com/Kicksecure/timesanitycheck/commit/256b6feabfc8aba4eecf3d0388ed508d98a29301 [https://github.com/whonix/uwt uwt]: * Added a uwt wrapper for `dnf-3` (for {{q_project_name_short}} 16 dom0 UpdateVM support). https://github.com/QubesOS/qubes-issues/issues/6913 https://github.com/QubesOS/qubes-issues/issues/6891#issuecomment-920220943 https://github.com/Whonix/uwt/commit/bd48b023a99b575ea7cd3ea598ea98f43fb8eded [https://github.com/whonix/whonix-firewall whonix-firewall]: * Added an opt-in configuration for outgoing IP filtering through `outgoing_allow_ip_list`. https://github.com/Whonix/whonix-firewall/commit/0dcdd8d318f895aee862d618778edbdb27647443 [https://github.com/Kicksecure/legacy-dist whonix-legacy]: * Improved release-upgrade. https://github.com/Kicksecure/legacy-dist/commit/2cc3e23b7c9318560e82041d8510b464e18604cf https://github.com/Kicksecure/legacy-dist/commit/9df84beded4c52493789c0b5966e4e8de755d305 https://github.com/Kicksecure/legacy-dist/commit/da7a850ea0bb8ba7f49edab080ee5a82b859f407 https://github.com/Kicksecure/legacy-dist/commit/50a25523032ab8938e234f0888f9777a620b639f * release-upgrade: Ensure the meta package is downloaded and installed. https://github.com/Kicksecure/legacy-dist/commit/3aa25297c40c5fe4890d2cfad7b1c8d34a8433e3 * release-upgrade: Abort if no installed meta package has been detected. https://github.com/Kicksecure/legacy-dist/commit/d8cda99a5a376981ff8dfc3dda2534f982fa86e3 * release-upgrade: Added meta package detection. https://github.com/Kicksecure/legacy-dist/commit/2d998d2884388ccad6e1110905522fc14352b892 [https://github.com/Kicksecure/libvirt-dist whonix-libvirt]: * RAM reduced to 1.5GB Appreciation is expressed to @HulaHoop. https://github.com/Kicksecure/libvirt-dist/commit/c2962f7e9fdafa5486b0998110c18976d0410780 https://github.com/Kicksecure/libvirt-dist/commit/68249c4f7af9aae47444d51ee0d5b6e6d7480ed8 https://github.com/Kicksecure/libvirt-dist/commit/a38adbfe7c087919959e0c0331a7a0d1fd36a551 * Decreased RAM to 256MB, updated descriptionp, and updated the description for activating desktop. https://github.com/Kicksecure/libvirt-dist/commit/039cf62f31784193158711321964375b8cf0bff8 Appreciation is expressed to @HulaHoop. [https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config]: * KVM desktop background. https://github.com/Kicksecure/xfce-desktop-config-dist/commit/94d1c6a8048755235e924420ca9cf19da3758e6a [https://github.com/derivative-maker/derivative-maker Whonix build script]: * Re-enabled downloading of Tor from `deb.torproject.org`. See: [[Dev/Tor|Tor integration in {{project_name_short}} Development Notes]]. [https://forums.whonix.org/t/tor-integration-in-whonix/10593 Tor integration in Whonix]. https://github.com/{{project_name_short}}/derivative-maker/commit/8360f544bcd4bba4cb60f3fde9011f43d5d89803 * CI changes. https://github.com/{{project_name_short}}/derivative-maker/commit/6850283e88d52dd96a5f82412f99d0818117d905 * Fixed `help-steps/repo_download_chroot_script`. https://github.com/{{project_name_short}}/derivative-maker/commit/5542f3491045ac2ef9db42f8ffcc112baef4cd7b * {{project_name_short}} [[KVM]]: Enable extended L2 entries, and reduced cluster size. ** I/O perf should improve thanks to extended L2, see: [https://blogs.igalia.com/berto/2020/12/03/subcluster-allocation-for-qcow2-images/ Subcluster allocation for qcow2 images]. ** Decreasing cluster size produces smaller images. https://github.com/{{project_name_short}}/derivative-maker/commit/bec122d15dc891a9b7ecad9fba702f3979783b65 Appreciation is expressed to @HulaHoop. == {{project_name_short}} 16.0.3.1 == [https://github.com/whonix/anon-gw-base-files anon-gw-base-files]: * Fixed the background image. https://github.com/Whonix/anon-gw-base-files/commit/2ca7a856386a14f6dd69e7547e4977d652867841 [https://github.com/whonix/anon-ws-base-files anon-ws-base-files]: * Fixed the desktop background. https://github.com/Whonix/anon-ws-base-files/commit/05e6e06250df24e72cb9aa14f5ab294f10dc17c1 https://github.com/Whonix/anon-ws-base-files/commit/706a7eff48adab1306cd127e85062286c77392ca [https://github.com/whonix/corridor corridor]: * Changelog. https://github.com/Whonix/corridor/commit/cd7d2d4ba8ed55ff7b4f9508621c37d4afd3ce1d [https://github.com/Kicksecure/grub-live grub-live]: * Fixed grub-live (initramfs-tools version). [https://forums.whonix.org/t/bullseye-live-boot-needs-grub-disable-linux-uuid-true-parameter-in-etc-grub-d-11-linux-live/9066 Bullseye: live-boot needs GRUB_DISABLE_LINUX_UUID="true" parameter in /etc/grub.d/11_linux_live]. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994138 https://github.com/Kicksecure/grub-live/commit/42e806430a90829c8f06df873a1aa82a0c05a4ca [https://github.com/Kicksecure/hardened-kernel hardened-kernel]: * Added --remote-name. https://github.com/Kicksecure/hardened-kernel/commit/dd4d64c70d36d854f6b3f8faff281677000bd1cb [https://github.com/Kicksecure/helper-scripts helper-scripts]: * Added `/usr/libexec/helper-scripts/desktop-background-skel-test`. https://github.com/Kicksecure/helper-scripts/commit/6472efd1ce1769338881020e5aac03a221ccb6e1 * terminal-wrapper: xfce4-terminal --hold supported since Debian bullseye. https://github.com/Kicksecure/helper-scripts/commit/0199146c78a421c0429654636299a6e2fd795672 [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: * Fixed and installed policykit-1-gnome by default. [https://forums.whonix.org/t/zulucrypt-appears-blank/12322 zuluCrypt appears blank]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/aa3b4ff0c6f977da88ebad2c94fdbd6b38ea0160 [https://github.com/Kicksecure/repository-dist repository-dist]: * Legacy. https://github.com/Kicksecure/repository-dist/commit/d3b7a4284aefd17d9173c65a95f0d6cb037e07e9 * Legacy: upgraded existing `/etc/apt/sources.list.d/derivative.list` to use `[signed-by=/usr/share/keyrings/derivative.asc]`. https://github.com/Kicksecure/repository-dist/commit/eb569b6225a67d78bee385c9d30981cdf7aeb91a * Changed `Depends: python3` to `Depends: python3:any` https://github.com/Kicksecure/repository-dist/commit/73ccff0d64314490703eda5c376e04129fd6170e * Removed the no loner required `Depends: gnupg`. https://github.com/Kicksecure/repository-dist/commit/3781fc5bd5e8396675b304e309427cc02e752a57 * Implemented `Depends: helper-scripts`. https://github.com/Kicksecure/repository-dist/commit/de2c03eb1e97ef4cc51979bbf0a51ac9d35879cf * Cleanup and removed legacy transitional package whonix-repository. https://github.com/Kicksecure/repository-dist/commit/d25317d734052fee49bef8cd3d2e11161872e26f * Renamed: `usr/share/keyrings/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative.asc` and renamed `usr/share/keyrings/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative.pub`. https://github.com/Kicksecure/repository-dist/commit/4afbd86c840c81fb64fdd27f5676accf854cad20 * Deleted legacy `/etc/apt/trusted.gpg.d/derivative.asc` because now using `signed-by` and `/usr/share/keyrings/derivative.asc` https://github.com/Kicksecure/repository-dist/commit/c7836751a6cc25cab5888815011df5a1d493e75c * Ported to APT sources.list `signed-by`. https://github.com/Kicksecure/repository-dist/commit/e3e2db96441401015c4fa61f423b43a240390b97 * Renamed: ** `usr/share/repository-dist/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative-distribution-signing-key.asc` (gpg) ** `usr/share/repository-dist/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative-distribution-signify-key.pub (signify) https://github.com/Kicksecure/repository-dist/commit/d3f117937ecfd89d0a5159dd35e5813bd99d9aca * Use APT sources.list `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by]. https://github.com/Kicksecure/repository-dist/commit/f113c374a5e36f25c98441d166d34863fdd9268a [https://github.com/Kicksecure/sdwdate sdwdate]: * AppArmor fix. https://github.com/Kicksecure/sdwdate/commit/a68789aa1fa4d753b724fe99c03fbb29b4fb859b [https://github.com/Kicksecure/security-misc security-misc]: * Fixed: unduplicate kernel command line. https://github.com/Kicksecure/security-misc/commit/d62bbaab82a33a485a82d42d8db5674d200a1c3d * Removed Debian buster support in `/etc/default/grub.d`. https://github.com/Kicksecure/security-misc/commit/bd31b4085c853d8b182e3a13534827a695f5493a [https://github.com/Kicksecure/systemcheck systemcheck]: * Updated the path APT `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by]. https://github.com/Kicksecure/systemcheck/commit/5ac0a09063e7a90d2e340f25b7e6bc854f376b1e [https://github.com/Kicksecure/tb-updater tb-updater]: * alpha tbb_hardcoded_version="11.0a6". https://github.com/Kicksecure/tb-updater/commit/778637418b37389e9d42769f6d200398e5544cda * tbb_hardcoded_version="10.5.6" https://github.com/Kicksecure/tb-updater/commit/6011e9e5dc2833892eadce7c0be2a6b65431cf04 [https://github.com/Kicksecure/usability-misc usability-misc]: * Added --remote-name. https://github.com/Kicksecure/usability-misc/commit/ae50fc3e75b16b4f54004cd9d0c2a74d38cb5c06 * Ported to APT `signed-by`. [https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by]. https://github.com/Kicksecure/usability-misc/commit/02486c1af3053828001f55fe3ed02b46be1aefcd [https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config]: * Fixed the desktop background. https://github.com/Kicksecure/xfce-desktop-config-dist/commit/2c986f88f3e85fec6412acd2fcfb9f254e92c479 https://github.com/Kicksecure/xfce-desktop-config-dist/commit/829286e9e0291fefc87f4031ce1b3276cfb1045b == {{project_name_short}} 16.0.2.7 == [https://github.com/whonix/anon-gw-base-files anon-gw-base-files]: * Fixed the bullseye background image. [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Whonix/anon-gw-base-files/commit/ef3ac0fdda5d56ecfb9c946cb0224b7aa627a25e [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * Integrated kicksecure-dependencies-system. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut]. https://github.com/whonix/anon-meta-packages/commit/bd10983f849960f6176be2886b7287a2a9a48959 [https://github.com/whonix/anon-ws-base-files anon-ws-base-files]: * Fixed the bullseye background image. [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Whonix/anon-ws-base-files/commit/4990b0578dbecddac34682104d844f4a7a8d3589 [https://github.com/Kicksecure/binaries-freedom binaries-freedom]: * Added the Debian install file (generated using genmkfile debinstfile). https://github.com/Kicksecure/binaries-freedom/commit/3cca621377fe9191e45ac40eecacbc45a702658f * binaries-freedom is an empty package at present. [https://forums.whonix.org/t/policy-for-inclusion-of-compiled-software/6635 Policy for Inclusion of Compiled Software]. https://github.com/Kicksecure/binaries-freedom/commit/86223e3cbb5c6aab67616201a2936266d677c6bf [https://github.com/Kicksecure/debug-misc debug-misc]: * dracut. https://github.com/Kicksecure/debug-misc/commit/eb232484bc4d248d866456c0eb236c17a137cc4c * Removed ‘rhgb’ from GRUB_CMDLINE_LINUX_DEFAULT. https://github.com/Kicksecure/debug-misc/commit/017c41ed068e5b675f741bc34c3d1f1733a5c8af * add_dracutmodules+=" debug " https://github.com/Kicksecure/debug-misc/commit/915882889918bf7969fa7b9f7bb6f7dfcb5bb554 [https://github.com/Kicksecure/grub-live grub-live]: * dracut. https://github.com/Kicksecure/grub-live/commit/7a1b20db9185b4cbbe04937f7993783f2261195b https://github.com/Kicksecure/grub-live/commit/df99255112d9eae360cce8534b9cfa92795125c6 * Fixed and removed dracut kernel_cmdline="rootovl" since that is already conditionally set in the grub boot menu (otherwise the system will always boot into live mode). https://github.com/Kicksecure/grub-live/commit/cb94f18bd47a56d0427e9ae822f966f32fd55f2e * Removed dracut hostonly="yes" since that is already the Debian default. https://github.com/Kicksecure/grub-live/commit/3bded2153eb311ee6f8571bf67483d3514d97ed0 * Added dracut support based on [https://github.com/friedrich12/dracut-grub-live friedrich12 / dracut-grub-live]. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/10 replacing initramfs-tools with dracut]. https://github.com/Kicksecure/grub-live/commit/1989d6e12ac4e5eec03ed3b492c4c84fd6695fd9 [https://github.com/Kicksecure/helper-scripts helper-scripts]: * Improved diagnostic messages. https://github.com/Kicksecure/helper-scripts/commit/8a4939227c4ff0016451a3be8a8de8f7c7360b56 [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: * Installed flatpak by default and added it to kicksecure-recommended-cli. [https://forums.whonix.org/t/flatpak-as-a-software-source-flathub-as-a-source-of-software/8500 FlatPak as a Software Source / flathub as a source of software]. See: [[Install_Software#flatpak|flatpak]]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/be19b89acba35c5b6e9350b3f4aa5d8c13288ba3 * Installed extrepo by default and added it to kicksecure-recommended-cli. [https://forums.whonix.org/t/extrepo-safely-adding-repos/8539 extrepo - safely adding repos]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/7f4f2930d720836cd4051a4ba6e38959037f2d95 * Switched from lightdm to gdm3 because lightdm autologin is non-functional. https://github.com/Kicksecure/kicksecure-meta-packages/commit/e11275ee58b15bbb9ec5d745046b4b369b681c99 * kicksecure-dependencies-system Depends: linux-initramfs-tool, dracut and initramfs-tools. https://github.com/Kicksecure/kicksecure-meta-packages/commit/b1616daee3c2c228de8db866ea168be088e4ea5c https://github.com/Kicksecure/kicksecure-meta-packages/commit/7c1ed0864ec1916497df39f1660d5fb97ba01e80 * Introduced and integrated kicksecure-dependencies-system. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut]. https://github.com/Kicksecure/kicksecure-meta-packages/commit/a586c06595c836122c6f357d07f28541b16f988d https://github.com/Kicksecure/kicksecure-meta-packages/commit/6b42c87bef0ee62fd57f4435cb69997243b3f6d8 * Removed initramfs-tools from non-qubes-vm-enhancements-cli for dracut support. https://github.com/Kicksecure/kicksecure-meta-packages/commit/3b67c5c18981c7a3072ece594f94f98e9537cb1f * Introduced kicksecure-qubes-cli and kicksecure-qubes-gui. https://github.com/Kicksecure/kicksecure-meta-packages/commit/eac116b98463f9b50812fe4c43b5420181b62b3e [https://gitlab.com/kicksecure/monero-gui monero-gui]: * Updated to monero-gui-linux-x64-v0.17.2.3.tar.bz2. https://web.archive.org/web/20210902155943/https://github.com/monero-project/monero-gui/releases/tag/v0.17.2.3 https://web.archive.org/web/20210902155938/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.2.3.tar.bz2 https://web.archive.org/web/20210902160006/https://www.getmonero.org/downloads/hashes.txt https://gitlab.com/kicksecure/monero-gui/-/commit/a34bac079c2a31b533117070cf38c7a4957f36c3 [https://github.com/whonix/qubes-whonix qubes-whonix]: * Dropped initramfs-tools from qubes-whonix-shared-packages-recommended; this is left to Qubes for dracut support. [https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/13 replacing initramfs-tools with dracut]. https://github.com/Whonix/qubes-whonix/commit/683c5ee6247dd562fa52789c5475621f43a95377 [https://github.com/Kicksecure/sdwdate sdwdate]: * Fixed a dependency issue. https://github.com/Kicksecure/sdwdate/commit/95f62a51727ab153c83a1a5650786b2ffd778038 [https://github.com/Kicksecure/security-misc security-misc] improvements: * Do not set kernel parameter quiet loglevel=0 for recovery boot option for easier debugging. https://github.com/Kicksecure/security-misc/commit/ac0c492663b9d90f99e5969193b35b53d4175d1d * Moved grub quiet to a separate configuration file /etc/default/grub.d/41_quiet.cfg. https://github.com/Kicksecure/security-misc/commit/49902b8c56512c3ee8b3d16b0ca513e44349c66d * dracut reproducible=yes. https://github.com/Kicksecure/security-misc/commit/a4e18a2ae8c19a664bb1be5bc4ec43f10a876969 * Depends: libpam-modules-bin. https://github.com/Kicksecure/security-misc/commit/e2810f348b413bb307449a911c12a46924686a9f * Fixed faillock implementation - dovecot / ssh are exempted. https://github.com/Kicksecure/security-misc/commit/be8c10496f26d33378deb2427e56892771456ee5 * Fixed and added sshd to pam_service_exclusion_list to avoid faillock. https://github.com/Kicksecure/security-misc/commit/8b104f544a9e4e8da1691659fefa4999a4f6f085 [https://github.com/Kicksecure/systemcheck systemcheck]: * Now run check_sudo earlier. https://github.com/Kicksecure/systemcheck/commit/09129d482c339a21c1b5c55447d50906a0b64fd9 [https://github.com/Kicksecure/usability-misc usability-misc]: * Removed /etc/lightdm/lightdm.conf.d/autologin.conf (comments only) since it might interfere with autologin. https://github.com/Kicksecure/usability-misc/commit/b6461000a276594155ab88d994b4b4268451030e [https://github.com/Kicksecure/vm-config-dist vm-config-dist]: * config-package-dev displaces /etc/gdm3/daemon.conf. https://github.com/Kicksecure/vm-config-dist/commit/c071e8b630fe63963fbf5554986c0fecdcb6bd74 * Added and enabled gdm autologin. https://github.com/Kicksecure/vm-config-dist/commit/1417726fc0a08bae8fe94c3dca3555aeef82677b https://github.com/Kicksecure/vm-config-dist/commit/fc802381584056fbaef1e7388c720c2c3c3dcb19 https://github.com/Kicksecure/vm-config-dist/commit/bf00f606b3188c5a023f446cb31f910349708b4e * Added the original /etc/gdm3/daemon.conf. https://github.com/Kicksecure/vm-config-dist/commit/ee1f0c3a4b8f7c18c4228385506e18e9a0cfe0ee * Fixed autologin. https://github.com/Kicksecure/vm-config-dist/commit/b0c1af96519f82a9dcd2baf4f414c5efbc5d87f2 https://github.com/Kicksecure/vm-config-dist/commit/a41b9d9bd270dec8a3cb76ddade164d0de914696 * Disabled dracut module resume in VMs since it might break the boot process if built inside chroot. https://github.com/Kicksecure/vm-config-dist/commit/ee07d87be47c3c48f4369b5816876d5d826999a4 * vbox-guest-installer: recommend, migrate from VirtualBox guest addition ISO to VirtualBox guest addition packages. [[VirtualBox/Guest_Additions#Migration_to_Guest_Additions_Packages|Migration to Guest Additions Packages]]. https://github.com/Kicksecure/vm-config-dist/commit/b23e33b69dde7a62d8b63884900095aeacc19024 [https://github.com/Kicksecure/legacy-dist whonix-legacy]: * Updated version. https://github.com/Kicksecure/legacy-dist/commit/b9d166ff16d3f8d61a0554784df9976cd88c6e72 * Improved release-upgrade. https://github.com/Kicksecure/legacy-dist/commit/8a17fef51a03c62205172494704dad11c361c31d https://github.com/Kicksecure/legacy-dist/commit/8d8fb6be0628a19e32c76fcd3edd732d7ba3bd5f [https://github.com/Kicksecure/xfce-desktop-config-dist whonix-xfce-desktop-config]: * Fixed the bullseye background image (actually still broken). [https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image]. https://github.com/Kicksecure/xfce-desktop-config-dist/commit/9d386ab84f420cf28a2661787500366af1088da1 = Documentation Updates = New wiki chapters:
* [[Bitcoin_Core|Bitcoin Core]] * [https://www.kicksecure.com/wiki/Mental_Model Computer Security Mental Model] * [https://www.kicksecure.com/wiki/Cryptocurrency_Security_Threats Cryptocurrency Security Threats] * [[PyLRU|How-to: Install PyLRU in {{project_name_short}}]] * [[ElectrumX|How-to: Use ElectrumX Personal Server in {{project_name_short}}]] * [[Monero_Wallet_Isolation|How-to: Use Monero with Wallet Isolation in {{q_project_name_short}}]] * [https://www.kicksecure.com/wiki/Keepassxc KeePassXC Password Manager]
Wiki improvements/enhancements:
* [https://www.kicksecure.com/wiki/Dev/About_Computer_(In)Security About Computer (In)Security] * {{kicksecure_wiki |wikipage=Mobile_Phone_Security |text=Mobile Devices Privacy and Security }} * [[Multiple_Whonix-Gateway#Qubes-Whonix_™|Create {{project_name_gateway_short}} ProxyVMs]] * [[Social_Engineering|Social Engineering and (Spear) Phishing]] * [[Systemcheck|systemcheck]] * [[Two-factor_authentication_2FA|Two-factor Authentication (2FA)]]
= Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]