Whonix Release Notes, Changelog

Additional Changes[edit]

Since Whonix is based on Kicksecure^™, maintained by the same contributors, the reader should also take notice of the Changelog since changes in Kicksecure^™ also apply to Whonix but are not listed (duplicated) here.

Earlier changes are archived here: Old Stable and Earlier Releases

17.0.4.5[edit]

anon-apps-config:

• tmpfiles.d improvement ^[1]

anon-meta-packages:

• install snowflake-client by default https://forums.whonix.org/t/replacing-meek-snowflake/5190 ^[2]

anon-ws-disable-stacked-tor:

• tmpfiles.d improvement ^[3]
• add symlinks from /etc/profile.d to /etc/zprofile.d ^[4]

kloak:

• seccomp ^[5]
• Merge branch 'chatgpt' ^[6]
• one more missing seccomp filter ^[7] (Thanks to Vinnie Monaco!)
• Merge branch 'master' into dev ^[8] (Thanks to Vinnie Monaco!)
• added missing seccomp filters ^[9] (Thanks to Vinnie Monaco!)
• disable broken seccomp SystemCallFilter https://github.com/vmonaco/kloak/pull/38#issuecomment-1627688486 ^[10]
• seccomp ^[11]
• Added a running variable to control the while loop and added a signal handler (handle_signal) to catch the interrupt signal (SIGINT) and terminate the program gracefully. Fixed the command-line argument handling by checking if argc is less than 2 (instead of assuming argc > 1). If no arguments are provided, the program displays the usage message and exits. Updated the ioctl() call to check the return value for errors. If the ioctl() operation fails to get the device name, an error message is printed, and the program exits. Removed the check for root access since it was only printing a message and not affecting the program's execution. If root access is required, it should be checked externally before running the program. Closed the device file descriptor (fd) before exiting the program to release system resources properly. ^[12]
• The rescue_len variable was not initialized, causing undefined behavior. I added the initialization rescue_len = 0 to fix it. In the init_inputs() function, I added error handling for the malloc call to allocate memory for the pfds array. In the emit_event() function, I added error handling for the libevdev_uinput_write_event function call to check if writing the event to uinput was successful. ^[13]
• fixed typo ^[14] (Thanks to Vinnie Monaco!)
• fixed apparmor profile: added r to /sys/devices/virtual/input ^[15] (Thanks to Vinnie Monaco!)
• fixed apparmor profile: added w to /dev/uinput ^[16] (Thanks to Vinnie Monaco!)
• fixed apparmor profile: added r to /dev/uinput ^[17] (Thanks to Vinnie Monaco!)
• formatted main.c ^[18] (Thanks to Vinnie Monaco!)
• added pkg-config to build depends ^[19] (Thanks to Vinnie Monaco!)
• added libsodium init ^[20] (Thanks to Vinnie Monaco!)
• added deb dependencies ^[21] (Thanks to Vinnie Monaco!)
• fixed verbose output format ^[22] (Thanks to Vinnie Monaco!)
• added build flags to makefile ^[23] (Thanks to Vinnie Monaco!)
• use libsodium for prng ^[24] (Thanks to Vinnie Monaco!)
• added support for multiple input devices ^[25] (Thanks to Vinnie Monaco!)
• Merge branch 'master' of github.com:vmonaco/kloak into mouse ^[26] (Thanks to Vinnie Monaco!)
• removed restrictions on event types ^[27] (Thanks to Vinnie Monaco!)
• fixed typo ^[28] (Thanks to Vinnie Monaco!)
• started support for EV_REL events ^[29] (Thanks to Vinnie Monaco!)

onion-grater:

• Fixed issue where replacement contained something that belonged to pattern ^[30] (Thanks to apachesub22!)
• Added example grater profile for LND ^[31] (Thanks to apachesub22!)

qubes-whonix:

• tmpfiles.d improvement ^[32]

uwt:

• add symlinks from /etc/profile.d to /etc/zprofile.d ^[33]

whonix-base-files:

• add symlinks from /etc/profile.d to /etc/zprofile.d ^[34]

whonix-firewall:

• Fix MTU problem by allowing RELATED fragmentation-needed ICMP by enabling `GATEWAY_ALLOW_INCOMING_ICMP_FRAG_NEEDED=1` by default. Run `iptables -A INPUT -p icmp --icmp-type fragmentation-needed -m state --state RELATED -j ACCEPT` on Whonix-Gateway. ^[35]

whonix-welcome-page:

• add symlinks from /etc/profile.d to /etc/zprofile.d ^[36]

17.0.1.9[edit]

• port to Debian 12 (bookworm)

anon-gw-anonymizer-config:

• fix, run replace-ips in Qubes when Tor is restarted ^[37]

onion-grater:

• bookworm aa-logprof ^[38]

qubes-whonix:

• fix: make sure replace-ips runs before restarting Tor This is useful to support `release-upgrade` script testing inside `sys-whonix` refactoring ^[39]
• Drop salt dependency It isn't available in bookworm QubesOS/qubes-issues#7896 ^[40] (Thanks to Marek Marczykowski-Górecki!)

uwt:

• abolish /rw/config parsing (Does not influence Qubes specific /rw/config parsing.) ^[41]

whonix-base-files:

• bump /etc/whonix_version ^[42]

Whonix 16 Changelog[edit]

Whonix 16 was released on September 11 and 12, 2021 for KVM and VirtualBox. ^{[43] [44]} Qubes-Whonix^™ 16 was released on 28 September, 2021. ^[45] As per the Support Schedule, Whonix 15 was deprecated on 14 November, 2021 -- all users should upgrade as soon as possible. ^[46]

Significantly, Whonix 16 is based on the Debian bullseye (Debian 11) distribution which was officially released on August 14, 2021 instead of Debian buster (Debian 10). The bullseye release has nearly 60,000 packages and around 72 per cent of them were updated. ^[47]

This means users have access to many new software packages in concert with existing packages. In addition, this release will serve as a development foundation for many exciting upcoming security enhancements such as Hardened Malloc Kicksecure^™ (HMK), Linux Kernel Runtime Guard (LKRG) and other items on the Whonix Security Roadmap.

Whonix 16 Updates[edit]

As Whonix is a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the Whonix stable repository. The most notable changes will be announced here.

Whonix 16.0.9.8[edit]

anon-apps-config:

• Merge branch 'Whonix:master' into master ^[51] (Thanks to idk!)
• re-create #11 without the eepsite/docroot history, disable eepsite by default ^[52] (Thanks to idk!)
• add a hosts.txt file ^[53] (Thanks to idk!)
• i2p-config: no longer use white spaces in file names, use underscores instead ^[54]
• revert /var/lib/i2p/i2p-config folder permissions change for now ^[55]
• port I2P config to systemd tmpfiles.d https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/22 ^[56]
• undisplace ^[57]
• fix permissions on the I2P configuration directory ^[58] (Thanks to idk!)
• check in router.config ^[59] (Thanks to idk!)
• remove unnecessary divert for router.config.anondist ^[60] (Thanks to idk!)
• move i2p config to /var/lib/i2p/i2p-config ^[61] (Thanks to idk!)
• check in config.d directories ^[62] (Thanks to idk!)
• first, use displace to create migratable configuration files which contain the required Whonix defaults ^[63] (Thanks to idk!)

anon-gw-anonymizer-config:

• systemctl --system daemon-reload ^[64]
• add workaround for upstream bug Tor fails to start a few times before succeeding to start https://forums.whonix.org/t/failed-to-start-anonymizing-overlay-network-for-tcp-tor-fails-to-start-a-few-times-before-succeeding-to-start/16289/12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029554 ^[65]
• anon-log: minor fix, output errors to stderr instead of stdout ^[66]
• anon-log: use journalctl instead of /run/tor/log ^[67]

anon-meta-packages:

• remove monero-gui ^[68]
• consistent use of `Pre-Depends: legacy-dist` ^[69]
• install metadata-cleaner by default https://forums.whonix.org/t/metadata-cleaner-gui-for-mat2/12919 add `metadata-cleaner` to `whonix-workstation-packages-recommended-gui` Thanks to @mfc for the suggestion! ^[70]

whonix-welcome-page:

• disable end of year banner ^[71]

Whonix 16.0.9.0[edit]

anon-apps-config:

• I2P config: Disable Frequent connection to news letter server No need to make unnecessary connections to external server for each couple of minutes. Harmful anonymity practice. ^[72] (Thanks to TNT BOM BOM!)
• I2P config: Update router.config.anondist Since I2P going to run over Tor which is a socks5 then reseeding should be over socks5 as well. ^[73] (Thanks to TNT BOM BOM!)

anon-gw-anonymizer-config:

• add onion-grater-list manpage ^[74] (Thanks to nyxnor!)
• improve onion-grater-list ^[75] (Thanks to nyxnor!)
• add onion-grater-list ^[76] (Thanks to nyxnor!)

anon-meta-packages:

• install Thunderbird by default https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505/12 ^[77]

onion-grater:

• signed commit ^[78]
• revert ^[79]
• support multiple directories and multiple matchers allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845 ^[80] (Thanks to nyxnor!)
• no need to edit systemd file to set arguments ^[81] (Thanks to nyxnor!)
• fix old apparmor variable ^[82] (Thanks to nyxnor!)
• make bitcoind accept 127.0.0.1 and 0.0.0.0 ^[83] (Thanks to nyxnor!)

whonix-welcome-page:

• Revert "Revert "Depends: kicksecure-welcome-page"" This reverts commit f9c5482f4e55002412a0e0e1df3ca06110886302. ^[84]
• End of year banner for welcome page ^[85] (Thanks to Your Name!)
• Revert "Depends: kicksecure-welcome-page" This reverts commit 36ad250c1dbb3436b93f0b96f25b7ef88e9aab26. ^[86]
• Merge branch 'master' of https://github.com/Whonix/whonix-welcome-page ^[87] (Thanks to Your Name!)
• Revert local HP back to without endofyear banner ^[88] (Thanks to Your Name!)
• set Firefox ESR from Debian package sources homepage to about:blank This is to disable kicksecure-welcome-page in Whonix. ^[89]
• Depends: kicksecure-welcome-page ^[90]
• Whonix local HP referencing Kicksecure local HP ^[91] (Thanks to Your Name!)
• Whonix End of Year Banner ^[92] (Thanks to Your Name!)

Whonix 16.0.8.2[edit]

anon-apps-config:

• pref(“mailnews.start_page.enabled”, false); ^[93]
• Drop everything related to Enigmail Updated to reflect Tails version as of 2022 ^[94] (Thanks to @HulaHoop!)
• Updated to reflect Tails version as of 2022 ^[95] (Thanks to @HulaHoop!)
• update onionjuggler conf ^[96] (Thanks to nyxnor!)
• chmod +x etc/onionjuggler/conf.d/30_whonix.conf to fix lintian warning W: anon-apps-config: script-not-executable etc/onionjuggler/conf.d/30_whonix.conf ^[97]
• add onionjuggler whonix conf ^[98] (Thanks to nyxnor!)
• disable ntp time check disabled time check since it uses ntp which doesnt exist in whonix. (it has no effect on the connection) ^[99] (Thanks to TNT BOM BOM!)

anon-gw-anonymizer-config:

• fix AppArmor ^[100]
• addgroup -> adduser fix ^[101]
• improve anon-verify output ^[102]
• anon-verify: fix enumeration of all Tor config drop-in snippets for new `%include /etc/torrc.d/*.conf` syntax ^[103]

anon-ws-disable-stacked-tor:

• addgroup -> adduser fix ^[104]

onion-grater:

• correct bitcoind binding ports ^[105] (Thanks to nyxnor!)
• correct bitcond pattern for all default ports of the chains ^[106] (Thanks to nyxnor!)
• fix systemd seccomp violation after suspend/resume by adding `SystemCallFilter` `select` Sep 25 01:06:57 host audit[841]: SECCOMP auid=4294967295 uid=106 gid=116 ses=4294967295 subj==/usr/lib/onion-grater (enforce) pid=841 comm="onion-grater" exe="/usr/bin/python3.9" sig=31 arch=c000003e syscall=23 compat=0 ip=0x792fb3bac2a3 code=0x80000000 ^[107]

whonix-firewall:

• shfmt ^[108]
• shfmt ^[109]
• shfmt ^[110]
• shfmt ^[111]
• verbosity ^[112]
• set all defaults first before parsing config folder Thanks to @nyxnor for the report! https://forums.whonix.org/t/how-to-unset-firewall-array/15604 ^[113]
• not opening ports instead of closing, wording ^[114] (Thanks to nyxnor!)
• be verbose no port is being opened ^[115] (Thanks to nyxnor!)
• double quote "$@" ^[116] (Thanks to nyxnor!)
• always inform SOCKSIFIED if set to '0' ^[117] (Thanks to nyxnor!)
• print informational messages https://forums.whonix.org/t/print-ports-opened-in-the-firewall/15469 ^[118] (Thanks to nyxnor!)
• make the main script pass arguments to child also make the script be called by path, so easier to test by placing script at /usr/local/bin ^[119] (Thanks to nyxnor!)

whonix-welcome-page:

• new file: usr/share/doc/homepage/whonix-welcome-page/img/Search-ahmia.png ^[120]
• minor: link to root domain, not index.html ^[121]
• ahmia ^[122]
• add icon for brave search ^[123]
• Add onions as much as possible instead of TLS only https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/106 ^[124] (Thanks to TNT BOM BOM!)

Whonix 16.0.5.3[edit]

TODO: https://forums.whonix.org/t/whonix-16-0-5-3-for-virtualbox-point-release/13817

Whonix 16.0.5.0[edit]

derivative-maker:

• rename `Whonix-Workstation-CUSTOM` to `Whonix-Custom-Workstation` ^[125]
• fix qcow2 Whonix-Custom-Workstation build ^[126]
• improve images upload script ^[127]
• introduce variable `dist_build_files_to_upload` ^[128]
• improve error message if build dependency is missing ^[129]
• sanity test ^[130]
• sanity test ^[131]
• add `--delete --utm` incomplete boilerplate implementation ^[132]
• rename /etc/derivative-makerconfig.d to /etc/buildconfig-dist.d rename derivative-maker to derivative-maker ^[133]
• generic variables names ^[134]
• generic variables names ^[135]

anon-gw-anonymizer-config:

• remove torrc-d-cleaner since no longer required because Tor now has wildcard support and is configured to parse config files ending with `*.conf` only. ^[136]
• run repair-torrc from tor-config-sane ^[137]
• only `%include` config files ending with `*.conf` https://www.whonix.org/wiki/Dev/Tor ^[138]
• cleanup, remove workaround for old bug https://forums.whonix.org/t/configuring-onion-service/9042 ^[139]
• downgrade copyright to avoid Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug ^[140]
• workaround for Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug ^[141]

anon-meta-packages:

• add `tor-ctrl` to `whonix-shared-packages-recommended-cli` ^[142]

qubes-whonix:

• lower debugging ^[143]

whonix-firewall:

• lower debugging ^[144]

whonix-welcome-page:

• remove hardcoded font, use font from Debian package sources instead ^[145]
• update copyright since complete rewrite ^[146]
• Welcome Page Revision ^[147] (Thanks to Your Name!)

Whonix 16.0.4.2[edit]

anon-apps-config:

• disable Thunderbird default homepage by default to avoid https connection for better security hardening Thanks to @HulaHoop for the suggestion! https://forums.whonix.org/t/canning-thunderbirds-startpage/13007/1 ^[148]

anon-connection-wizard:

• add tag ap_conn_done_pt ^[149]
• add tag conn_done_pt ^[150]
• update default bridges ^[151]

anon-gw-anonymizer-config:

• fix Tor Browser 11.06 - New Identity function error message suppressed subscription to event 'STREAM related to: https://www.whonix.org/wiki/Tor_Browser#New_Tor_Circuit_Function Thanks to @torjunkie to the bug report! https://forums.whonix.org/t/tb-v11-06-new-identity-function-error-message/13326 ^[152]
• arm -> nyx ^[153]
• renamed: usr/share/applications/gateway-arm.desktop -> usr/share/applications/gateway-nyx.desktop ^[154]
• fix onion-grater-remove ^[155]

anon-icon-pack:

• renamed: usr/share/icons/anon-icon-pack/arm.ico -> usr/share/icons/anon-icon-pack/nyx.ico ^[156]

anon-meta-packages:

• install kicksecure-default-applications-cli per default on the workstation due to recent kicksecure-meta-packages refactoring ^[157]
• install kicksecure-recommended-cli by default on gateway and workstation due to refactoring of kicksecure-meta-packages ^[158]
• remove setup-dist from whonix-shared-packages-dependencies-cli because now part of kicksecure-dependencies-cli ^[159]
• improve multiple architecture support / split dummy-dependency package into multiple packages ^[160]

anon-shared-build-apt-sources-tpo:

• fix, update path ^[161]

anon-ws-disable-stacked-tor:

• Tor emulation: fix, pass all command line options to `tor` when being called with `--verify-config` https://github.com/nyxnor/tor-ctrl/issues/9 ^[162]
• implement `tor --verify-config` tor-ctrl uses 'tor --verify-config' fixes https://github.com/nyxnor/tor-ctrl/issues/9 ^[163]

apparmor-profile-everything:

• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[164]

apparmor-profile-hexchat:

• harden profile and remove xchat support https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951331#23 ^[165]

bootclockrandomization:

• ConditionPathExists=!/run/qubes-service/no-bootclockrandomization ConditionPathExists=!/run/qubes-service/no-bcr ^[166]
• Make delay_plus_or_minus overridable via env var ^[167] (Thanks to deeplow!)

helper-scripts:

• `/usr/libexec/helper-scripts/terminal-wrapper`: add support for `gnome-terminal` ^[168]
• hardened-malloc-type-test: Hardened Malloc version 10 compatibility ^[169]
• anon-consensus-del: also restart vanguards ^[170]
• `/usr/libexec/helper-scripts/curl_exit_codes`: add newer curl exit codes ^[171]

kicksecure-meta-packages:

• install kicksecure-default-applications-cli by default in Kicksecure ^[172]
• split into kicksecure-recommended-cli and kicksecure-default-applications-cli ^[173]
• add setup-wizard-dist to kicksecure-desktop-applications-recommended ^[174]
• add setup-dist to kicksecure-dependencies-cli ^[175]
• add systemcheck to kicksecure-recommended-cli ^[176]
• move a lot packages from kicksecure-dependencies-cli to kicksecure-dependencies-cli since this is more apprpriate. haveged, jitterentropy-rngd, man-db, bzip2, net-tools, dnsutils, iputils-ping, file, lsof, pciutils, strace, sysfsutils, procps, e2fsprogs, less, most, apparmor-utils, bash-completion, nano, udisks2, libblockdev-crypto2, sensible-utils, secure-delete, openvpn, curl, wget, usability-misc, open-link-confirmation, hardened-malloc | dummy-dependency ^[177]
• no longer install zsh by default ^[178]
• add equivs to kicksecure-recommended-cli ^[179]
• legacy ^[180]
• legacy ^[181]
• hardened-malloc-kicksecure-enable -> hardened-malloc-light-enable ^[182]
• improve multiple architecture support / split dummy-dependency package into multiple packages ^[183]
• dummy-dependency: remove lkrg, binaries-freedom, orca-screen-reader-support for simplicity because these packages are not a dependency yet ^[184]

live-config-dist:

• version ^[185]

monero-gui:

• monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200018/https://github.com/monero-project/monero-gui/releases/tag/v0.17.3.0 https://web.archive.org/web/20211213200116/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200210/https://www.getmonero.org/downloads/hashes.txt ^[186]
• delete for upcoming update ^[187]

msgcollector:

• `/usr/libexec/msgcollector/error_handler`: fix exit code capturing ^[188]

onion-grater:

• disable `ProcSubset=pid` due to onion-grater crash at startup > onion-grater[23859]: FileNotFoundError: [Errno 2] No such file or directory: '/proc/stat' ^[189]
• fix, prevent dh_compress from compressing the OnionShare onion-grater profile Thanks to @DaemonFuu for the bug report! https://forums.whonix.org/t/onion-grater-deb-package-contains-compressed-40-onionshare-yml/13154 ^[190]
• towards OnionShare 2.4 support ^[191]
• towards OnionShare 2.4 support ^[192]
• towards OnionShare 2.4 support ^[193]

open-link-confirmation:

• add infinite recursive loop protection ^[194]

qubes-whonix:

• `/usr/share/tinyproxy/default.html.anondist`: also customize html body in case tinyproxy does not show html head ^[195]
• qvm-sync-clock.anondist code simplification ^[196]
• initial version of qvm-sync-clock.anondist ^[197]

sdwdate:

• do not start `qubes-sync-time` (conflicts with `sdwdate`), if file `/etc/sdwdate.d/qubes-sync-time-disabled-by-sdwdate.marker` exists. That file exists in a default sdwdate installation. ^[198]
• fix sdwdate-log-viewer to include seccomp failures https://forums.whonix.org/t/sdwdate-loop-conclusion-tor-already-reports-circuit-established-seccomp-issue/13260/13 ^[199]
• update 20_arch_syscall_whitelist.conf unlinkat needs to be whitelisted otherwise sdwdate fails with error: SECCOMP auid=4294967295 uid=102 gid=108 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=3328 comm="sdwdate" exe="/usr/bin/python3.9" sig=31 arch=c00000b7 syscall=35 compat=0 ip=0xf37077846c74 code=0x80000000 ^[200] (Thanks to Emanuele Rossi!)
• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[201]
• add qubes-sync-time.service and qubes-sync-time.timer to sdwdate-log-viewer ^[202]
• add `bootclockrandomization.service` to sdwdate-log-viewer ^[203]
• Qubes suspend post: disable qubes.GetRandomizedTime since no longer required. sdwdate / anondate can nowadays fix the time without it. ^[204]
• Qubes suspend pre/post: disable restart of Tor since that is no longer required. And even if it was required, this would be handled by sdwdate / anondate. ^[205]
• `date --utc` https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/17 ^[206]

sdwdate-gui:

• notify-shutdown: skip notify shutdown if sdwdate is not running ^[207]
• do no autostart if file /run/qubes-service/no-sdwdate exists ^[208]
• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[209]
• restart action: use `sdwdate-clock-jump` instead of restarting sdwdate manually ^[210]
• port to QREXEC_REMOTE_DOMAIN part of https://phabricator.whonix.org/T930 ^[211]
• fix "Denied: whonix.NewStatus" dom0 permission when shutting down Whonix-Gateway [Qubes OS 4.1] Thanks to @unknown for the bug report! https://forums.whonix.org/t/qubes-os-4-1-denied-whonix-newstatus-dom0-permission/12954 ^[212]
• `sdwdate-gui-shutdown-notify.service`: `Before=shutdown.target umount.target final.target` ^[213]
• avoid start/restart of sdwdate-gui notify shutdown service during package install/upgrade dh_installsystemd --no-start --no-stop-on-upgrade ^[214]

security-misc:

• fix, skip deletion of system.map files on read-only filesystems This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324 ^[215]

setup-wizard-dist:

• Kicksecure ^[216]

systemcheck:

• Kicksecure ^[217]
• Kicksecure ^[218]
• fix, skip check_network_interfaces eth0 on Kicksecure ^[219]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[220]

tb-starter:

• update links to documentation ^[221]

tb-updater:

• alpha tbb_hardcoded_version="11.5a2" ^[222]
• tbb_hardcoded_version="11.0.6" ^[223]
• update links to documentation ^[224]
• update links to documentation ^[225]
• tbb_hardcoded_version="11.0.4" ^[226]
• tbb_hardcoded_version="11.0.3" ^[227]
• switch to "direct" digital signature verification - no longer download and verify sha256 hash file as this is no longer required - use only `gpg` to verify digital signature of Tor Browser - higher security - code simplification This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`. - https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077 - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759 Unfortunately this breaks arm64 downloads. - https://forums.whonix.org/t/arm64-tor-browser/11806 ^[228]
• tbb_hardcoded_version="11.0.2" ^[229]
• alpha tbb_hardcoded_version="11.5a1" ^[230]
• add updated signing key as annoucned here: https://blog.torproject.org/new-release-tor-browser-115a1/ Thanks to @pgerber for the bug report! fixes https://github.com/Kicksecure/tb-updater/issues/16 ^[231]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[232]

tor-control-panel:

• add tag ap_conn_done_pt ^[233]
• fix parsing Tor config file is using plain (not using pluggable transport) bridge https://forums.whonix.org/t/bridges-dont-work/13210/12 ^[234]
• add tag conn_done_pt ^[235]
• update default bridges ^[236]

developer-meta-files:

• disable buster ^[237]
• delete unused release/new_release ^[238]
• remove old Whonix news files ^[239]
• disable buster ^[240]
• whonixdevelopermetafiles -> developer-meta-files ^[241]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[242]
• deleted: release/upload_whonix_news_v4 ^[243]
• include kicksecure ^[244]

whonix-firewall:

• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[245]

Whonix build script:

• tor-ctrl ^[246]
• add tor-ctrl ^[247]
• squashfs-tools-ng ^[248]
• remove buster repository ^[249]

Whonix 16.0.3.7[edit]

anon-apt-sources-list:

• Depends: fasttrack-archive-keyring. ^[250]

anon-gw-anonymizer-config:

• Moved anon-consensus-delete to helper-scripts (as anon-consensus-del). ^[251]

anon-gw-base-files:

• KVM desktop background. ^[252]

anon-meta-packages:

• Moved kicksecure-recommended-cli from whonix-shared-packages-recommended-cli to kicksecure-recommended-cli. ^[253]
• Removed packages pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, and makepasswd from whonix-workstation-packages-recommended-cli since these will be moved to kicksecure-meta-packages. ^[254]
• No longer install python3-msgpack by default; it is no longer needed and was removed from whonix-workstation-packages-recommended-cli. ^[255]
• Remove legacy packages. ^{[256] [257]}

anon-shared-build-apt-sources-tpo:

• Ensure compatibility with APT signed-by; port to `apt-key-install` by package helper-scripts. ^[258]
• `/etc/apt/sources.list.d/torproject.list`: use APT `signed-by`. ^{[259] [260] [261]}

anon-ws-base-files:

• KVM desktop background. ^[262]

apparmor-profile-everything:

• `sdwdate-aae.service`: Backported changes from sdwdate. ^[263]

grub-live:

• Fixed dependencies. ^[264]

helper-scripts:

• Disabled anondate AppArmor profiles because they are not ready. ^[265]
• `onion-time-pre-script`: Do not use `anondate-set` on Whonix-Workstation^™ because sdwdate can establish onion connections irrespective of Whonix-Workstation^™ system clock (so long as Whonix-Gateway^™ Tor is functional). ^[266]
• `/usr/libexec/helper-scripts/terminal-wrapper`: Added support for adding window title for `xfce4-terminal` emulator through the `terminal_emulator_window_title` environment variable. ^[267]
• anondate-get: If Tor consensus time is later than the system clock, but minimum time is later than the Tor consensus time, show the minimum time instead of no result. ^[268]
• onion-time-pre-script: Added a user check to prevent broken file permissions. ^[269]
• anondate-set: Disabled Tor restart code since it is not needed. ^[270]
• Added `usr/sbin/anon-consensus-del-files`. ^[271]
• Split into `anon-consensus-del` and `anon-consensus-del-files`. ^[272]
• Created a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. ^[273]
• anondate: Unduplicated output in journal ^[274] and lowered verbosity to avoid spamming logs. ^[275]
• onion-time-pre-script: Added a counter for how many times a script was run; output. ^[276]
• Added `/usr/libexec/helper-scripts/origins-parser`. ^[277]
• anondate-set: Ensure the system clock is not set backwards. ^[278]
• Updated `minimum_unixtime`. ^[279]
• aa-logprof corrections. ^[280]
• anondate-get: The minimum time is shown instead if it is later than Tor certificate lifetime. ^[281]
• Fixed certificate lifetime parsing by anondate. ^[282]
• Fixed parsing Tor consensus time if Tor has not fetched a Tor consensus yet. ^[283]
• Added anondate output to journal (and therefore sdwdate-log-viewer). ^[284]
• Rebased AppArmor profiles on aa-logprof. ^[285]
• Redesigned recovery from a slow clock. ^[286]
• Imported anon-consensus-del from anon-gw-anonymizer-config. ^[287]

kicksecure-meta-packages:

• Removed fasttrack-archive-keyring from kicksecure-recommended-cli (added to anon-apt-sources-list). ^[288]
• Added pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, makepasswd to kicksecure-recommended-cli. ^[289]
• Added firefox-esr. ^{[290] [291]}
• Continued removal of Chromium. ^{[292] [293] [294]}
• Legacy fixes. ^[295]

msgcollector:

• Improved `/usr/lib/systemd/user/usertest.service`. ^[296]
• `/usr/libexec/msgcollector/one-time-popup`: Create a folder if not existing (mkdir -p). ^[297]

rads:

• Removed unnecessary `--no-restart-after-upgrade` ("Undo a previous --restart-after-upgrade (or the default of compat 10). If no other options are given, this will cause the service to be stopped in the prerm script and started again in the postinst script."). ^[298]
• Removed `--no-restart-on-upgrade` ("Note that the --no-restart-on-upgrade alias is deprecated and will be removed in compat 14. This is to avoid confusion with the --no-restart-after-upgrade option."). ^[299]
• Added a hint on how to switch virtual console, see: Virtual Consoles. ^[300]
• Added a workaround for issue "no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)". Gnome's gdm display manager's systemd unit replaces tty1 even in case gdm is not started. ^{[301] [302]}

sdwdate:

• Improved tests. ^[303]
• Run `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher` under user/group `sdwdate`. ^[304]
• Renamed: `lib/systemd/system/sdwdate-restart-tor-request-file-watcher.service` → `lib/systemd/system/sdwdate-start-anondate-set-file-watcher.service`. ^[305]
• Renamed: `usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. ^[306]
• Implemented a more descriptive file name: `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. ^[307]
• Implemented a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. ^[308]
• Added `/usr/libexec/sdwdate/sdwdate-test`. ^[309]
• Moved sclockadj compilation from a postinst to systemd unit to allow simplification of dependency resolution during release upgrade. ^[310]
• Ported to pathlib fix TypeError: 'missing_ok' is an invalid keyword argument for remove(). ^{[311] [312] [313]}
• Added seccomp utimensat Sep 23 15:37:39 host audit[33040]: SECCOMP auid=4294967295 uid=111 gid=121 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=33040 comm="touch" exe="/usr/bin/touch" sig=31 arch=c000003e syscall=280 compat=0 ip=0x70ca67e4bafa code=0x80000000. ^[314]
• Added sdwdate-log-viewer. ^[315]
• Rewrite profile using aa-logprof. ^[316]
• Redesigned recovery from a slow clock. ^[317]
• Ensure Tor consensus is deleted before restarting Tor in `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` to increase robustness of recovering from skewed time. ^{[318] [319]}
• Fixed and excluded sdwdate-pre (addgroup) from SystemCallFilter. ^{[320] [321]}
• `usr/libexec/sdwdate/sdwdate-addgroup` → `usr/libexec/sdwdate/sdwdate-pre`. ^[322]
• Fixed sdwdate addgroup if failed during build process. ^[323]

sdwdate-gui:

• sdwdate-gui log viewer: set the window title. ^[324]
• Fixed harmless but nuisance warnings in Qubes R4.1 ^[325] by preventing `sdwdate-gui-shutdown-notify.service` from running inside the Template. ^{[326] [327] [328]}

swap-file-creator:

• `dh_installsystemd --no-stop-on-upgrade`: Use --no-stop-on-upgrade to not stop (and therefore not restart) the swap-file-creator systemd unit after package upgrade since there is no reason to re-create the swap file during upgrade of this package. --no-start is unused because a swap file should be created after installation of this package. dh_installsystemd manpage: --no-stop-on-upgrade "Do not stop service on upgrade. This has the side-effect of not restarting the service as a part of the upgrade." ^[329]
• Lowered the verbosity of output during boot to avoid a "swap file created" message overwriting the console login prompt. ^{[330] [331]}

systemcheck:

• Moved the location of the deprecation popup. ^[332]
• Ensure the deprecation notice is shown during a package upgrade. ^[333]
• Added a deprecation notice popup. ^[334]
• `usr/libexec/systemcheck/canary-download.py` → `usr/libexec/systemcheck/canary-download`. ^[335]
• `etc/apparmor.d/usr.lib.systemcheck.canary` → `etc/apparmor.d/usr.libexec.systemcheck.canary`. ^[336]

tb-updater:

• Update: tbb_hardcoded_version="11.0.1". ^[337]
• Took out the passage about removed backup functionality. ^{[338] [339]}
• Update: alpha tbb_hardcoded_version="11.0a10". ^[340]
• Update: tbb_hardcoded_version="11.0". ^[341]
• Update: alpha tbb_hardcoded_version="11.0a9". ^[342]
• Update: tbb_hardcoded_version="10.5.10". ^[343]
• Further updates: tbb_hardcoded_version. ^[344]

timesanitycheck:

• Updated `/usr/share/timesanitycheck/minimum_unixtime`. ^[345]
• Fixed a typo, renamed `/usr/share/timesanitycheck/date-minium-file-create` → `/usr/share/timesanitycheck/date-minimum-file-create`. ^[346]
• Updated `/usr/share/timesanitycheck/minimum_unixtime`. ^[347]

uwt:

• Added a uwt wrapper for `dnf-3` (for Qubes-Whonix 16 dom0 UpdateVM support). ^{[348] [349] [350]}

whonix-firewall:

• Added an opt-in configuration for outgoing IP filtering through `outgoing_allow_ip_list`. ^[351]

whonix-legacy:

• Improved release-upgrade. ^{[352] [353] [354] [355]}
• release-upgrade: Ensure the meta package is downloaded and installed. ^[356]
• release-upgrade: Abort if no installed meta package has been detected. ^[357]
• release-upgrade: Added meta package detection. ^[358]

whonix-libvirt:

• RAM reduced to 1.5GB ^{[359] [360] [361] [362]}
• Decreased RAM to 256MB, updated descriptionp, and updated the description for activating desktop. ^{[363] [364]}

whonix-xfce-desktop-config:

• KVM desktop background. ^[365]

Whonix build script:

• Re-enabled downloading of Tor from `deb.torproject.org`. ^{[366] [367] [368]}
• CI changes. ^[369]
• Fixed `help-steps/repo_download_chroot_script`. ^[370]
• Whonix KVM: Enable extended L2 entries, and reduced cluster size.
  • I/O perf should improve thanks to extended L2, see: Subcluster allocation for qcow2 images.
  • Decreasing cluster size produces smaller images. ^{[371] [372]}

Whonix 16.0.3.1[edit]

anon-gw-base-files:

• Fixed the background image. ^[373]

anon-ws-base-files:

• Fixed the desktop background. ^{[374] [375]}

corridor:

• Changelog. ^[376]

grub-live:

• Fixed grub-live (initramfs-tools version). ^{[377] [378] [379]}

hardened-kernel:

• Added --remote-name. ^[380]

helper-scripts:

• Added `/usr/libexec/helper-scripts/desktop-background-skel-test`. ^[381]
• terminal-wrapper: xfce4-terminal --hold supported since Debian bullseye. ^[382]

kicksecure-meta-packages:

• Fixed and installed policykit-1-gnome by default. ^{[383] [384]}

repository-dist:

• Legacy. ^[385]
• Legacy: upgraded existing `/etc/apt/sources.list.d/derivative.list` to use `[signed-by=/usr/share/keyrings/derivative.asc]`. ^[386]
• Changed `Depends: python3` to `Depends: python3:any` ^[387]
• Removed the no loner required `Depends: gnupg`. ^[388]
• Implemented `Depends: helper-scripts`. ^[389]
• Cleanup and removed legacy transitional package whonix-repository. ^[390]
• Renamed: `usr/share/keyrings/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative.asc` and renamed `usr/share/keyrings/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative.pub`. ^[391]
• Deleted legacy `/etc/apt/trusted.gpg.d/derivative.asc` because now using `signed-by` and `/usr/share/keyrings/derivative.asc` ^[392]
• Ported to APT sources.list `signed-by`. ^[393]
• Renamed:
  • `usr/share/repository-dist/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative-distribution-signing-key.asc` (gpg)
  • `usr/share/repository-dist/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative-distribution-signify-key.pub (signify) <sup>[394]</sup>
• Use APT sources.list `signed-by`. ^{[395] [396]}

sdwdate:

• AppArmor fix. ^[397]

security-misc:

• Fixed: unduplicate kernel command line. ^[398]
• Removed Debian buster support in `/etc/default/grub.d`. ^[399]

systemcheck:

• Updated the path APT `signed-by`. ^{[400] [401]}

tb-updater:

• alpha tbb_hardcoded_version="11.0a6". ^[402]
• tbb_hardcoded_version="10.5.6" ^[403]

usability-misc:

• Added --remote-name. ^[404]
• Ported to APT `signed-by`. ^{[405] [406]}

whonix-xfce-desktop-config:

• Fixed the desktop background. ^{[407] [408]}

Whonix 16.0.2.7[edit]

anon-gw-base-files:

• Fixed the bullseye background image. ^{[409] [410]}

anon-meta-packages:

• Integrated kicksecure-dependencies-system. ^{[411] [412]}

anon-ws-base-files:

• Fixed the bullseye background image. ^{[413] [414]}

binaries-freedom:

• Added the Debian install file (generated using genmkfile debinstfile). ^[415]
• binaries-freedom is an empty package at present. ^{[416] [417]}

debug-misc:

• dracut. ^[418]
• Removed ‘rhgb’ from GRUB_CMDLINE_LINUX_DEFAULT. ^[419]
• add_dracutmodules+=" debug " ^[420]

grub-live:

• dracut. ^{[421] [422]}
• Fixed and removed dracut kernel_cmdline="rootovl" since that is already conditionally set in the grub boot menu (otherwise the system will always boot into live mode). ^[423]
• Removed dracut hostonly="yes" since that is already the Debian default. ^[424]
• Added dracut support based on friedrich12 / dracut-grub-live. ^{[425] [426]}

helper-scripts:

• Improved diagnostic messages. ^[427]

kicksecure-meta-packages:

• Installed flatpak by default and added it to kicksecure-recommended-cli. ^{[428] [429] [430]}
• Installed extrepo by default and added it to kicksecure-recommended-cli. ^{[431] [432]}
• Switched from lightdm to gdm3 because lightdm autologin is non-functional. ^[433]
• kicksecure-dependencies-system Depends: linux-initramfs-tool, dracut and initramfs-tools. ^{[434] [435]}
• Introduced and integrated kicksecure-dependencies-system. ^{[436] [437] [438]}
• Removed initramfs-tools from non-qubes-vm-enhancements-cli for dracut support. ^[439]
• Introduced kicksecure-qubes-cli and kicksecure-qubes-gui. ^[440]

monero-gui:

• Updated to monero-gui-linux-x64-v0.17.2.3.tar.bz2. ^{[441] [442] [443] [444]}

qubes-whonix:

• Dropped initramfs-tools from qubes-whonix-shared-packages-recommended; this is left to Qubes for dracut support. ^{[445] [446]}

sdwdate:

• Fixed a dependency issue. ^[447]

security-misc improvements:

• Do not set kernel parameter quiet loglevel=0 for recovery boot option for easier debugging. ^[448]
• Moved grub quiet to a separate configuration file /etc/default/grub.d/41_quiet.cfg. ^[449]
• dracut reproducible=yes. ^[450]
• Depends: libpam-modules-bin. ^[451]
• Fixed faillock implementation - dovecot / ssh are exempted. ^[452]
• Fixed and added sshd to pam_service_exclusion_list to avoid faillock. ^[453]

systemcheck:

• Now run check_sudo earlier. ^[454]

usability-misc:

• Removed /etc/lightdm/lightdm.conf.d/autologin.conf (comments only) since it might interfere with autologin. ^[455]

vm-config-dist:

• config-package-dev displaces /etc/gdm3/daemon.conf. ^[456]
• Added and enabled gdm autologin. ^{[457] [458] [459]}
• Added the original /etc/gdm3/daemon.conf. ^[460]
• Fixed autologin. ^{[461] [462]}
• Disabled dracut module resume in VMs since it might break the boot process if built inside chroot. ^[463]
• vbox-guest-installer: recommend, migrate from VirtualBox guest addition ISO to VirtualBox guest addition packages. ^{[464] [465]}

whonix-legacy:

• Updated version. ^[466]
• Improved release-upgrade. ^{[467] [468]}

whonix-xfce-desktop-config:

• Fixed the bullseye background image (actually still broken). ^{[469] [470]}

Documentation Updates[edit]

New wiki chapters:

Wiki improvements/enhancements:

Footnotes[edit]