Whonix ™ Release Notes, Changelog

Additional Changes[edit]

Since Whonix ™ is based on Kicksecure ™, maintained by the same contributors, the reader should also take notice of the Kicksecure Stable Release Changelog since changes in Kicksecure ™ also apply to Whonix ™ but are not listed (duplicated) here.

Earlier changes are archived here: Old Stable and Earlier Releases

Whonix ™ 16 Changelog[edit]

Whonix ™ 16 was released on September 11 and 12, 2021 for KVM and VirtualBox. ^{[1] [2]} Qubes-Whonix ™ 16 was released on 28 September, 2021. ^[3] As per the Support Schedule, Whonix ™ 15 was deprecated on 14 November, 2021 -- all users should upgrade as soon as possible. ^[4]

Significantly, Whonix ™ 16 is based on the Debian bullseye (Debian 11) distribution which was officially released on August 14, 2021 instead of Debian buster (Debian 10). The bullseye release has nearly 60,000 packages and around 72 per cent of them were updated. ^[5]

This means users have access to many new software packages in concert with existing packages. In addition, this release will serve as a development foundation for many exciting upcoming security enhancements such as Hardened Malloc Kicksecure ™ (HMK), Linux Kernel Runtime Guard (LKRG) and other items on the Whonix ™ Security Roadmap.

Whonix ™ 16 Updates[edit]

As Whonix ™ is a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the Whonix ™ stable repository. The most notable changes will be announced here.

Whonix ™ 16.0.9.8[edit]

anon-apps-config:

• Merge branch 'Whonix:master' into master ^[9] (Thanks to idk!)
• re-create #11 without the eepsite/docroot history, disable eepsite by default ^[10] (Thanks to idk!)
• add a hosts.txt file ^[11] (Thanks to idk!)
• i2p-config: no longer use white spaces in file names, use underscores instead ^[12]
• revert /var/lib/i2p/i2p-config folder permissions change for now ^[13]
• port I2P config to systemd tmpfiles.d https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/22 ^[14]
• undisplace ^[15]
• fix permissions on the I2P configuration directory ^[16] (Thanks to idk!)
• check in router.config ^[17] (Thanks to idk!)
• remove unnecessary divert for router.config.anondist ^[18] (Thanks to idk!)
• move i2p config to /var/lib/i2p/i2p-config ^[19] (Thanks to idk!)
• check in config.d directories ^[20] (Thanks to idk!)
• first, use displace to create migratable configuration files which contain the required Whonix defaults ^[21] (Thanks to idk!)

anon-gw-anonymizer-config:

• systemctl --system daemon-reload ^[22]
• add workaround for upstream bug Tor fails to start a few times before succeeding to start https://forums.whonix.org/t/failed-to-start-anonymizing-overlay-network-for-tcp-tor-fails-to-start-a-few-times-before-succeeding-to-start/16289/12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029554 ^[23]
• anon-log: minor fix, output errors to stderr instead of stdout ^[24]
• anon-log: use journalctl instead of /run/tor/log ^[25]

anon-meta-packages:

• remove monero-gui ^[26]
• consistent use of `Pre-Depends: legacy-dist` ^[27]
• install metadata-cleaner by default https://forums.whonix.org/t/metadata-cleaner-gui-for-mat2/12919 add `metadata-cleaner` to `whonix-workstation-packages-recommended-gui` Thanks to @mfc for the suggestion! ^[28]

whonix-welcome-page:

• disable end of year banner ^[29]

Whonix ™ 16.0.9.0[edit]

anon-apps-config:

• I2P config: Disable Frequent connection to news letter server No need to make unnecessary connections to external server for each couple of minutes. Harmful anonymity practice. ^[30] (Thanks to TNT BOM BOM!)
• I2P config: Update router.config.anondist Since I2P going to run over Tor which is a socks5 then reseeding should be over socks5 as well. ^[31] (Thanks to TNT BOM BOM!)

anon-gw-anonymizer-config:

• add onion-grater-list manpage ^[32] (Thanks to nyxnor!)
• improve onion-grater-list ^[33] (Thanks to nyxnor!)
• add onion-grater-list ^[34] (Thanks to nyxnor!)

anon-meta-packages:

• install Thunderbird by default https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505/12 ^[35]

onion-grater:

• signed commit ^[36]
• revert ^[37]
• support multiple directories and multiple matchers allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845 ^[38] (Thanks to nyxnor!)
• no need to edit systemd file to set arguments ^[39] (Thanks to nyxnor!)
• fix old apparmor variable ^[40] (Thanks to nyxnor!)
• make bitcoind accept 127.0.0.1 and 0.0.0.0 ^[41] (Thanks to nyxnor!)

whonix-welcome-page:

• Revert "Revert "Depends: kicksecure-welcome-page"" This reverts commit f9c5482f4e55002412a0e0e1df3ca06110886302. ^[42]
• End of year banner for welcome page ^[43] (Thanks to Your Name!)
• Revert "Depends: kicksecure-welcome-page" This reverts commit 36ad250c1dbb3436b93f0b96f25b7ef88e9aab26. ^[44]
• Merge branch 'master' of https://github.com/Whonix/whonix-welcome-page ^[45] (Thanks to Your Name!)
• Revert local HP back to without endofyear banner ^[46] (Thanks to Your Name!)
• set Firefox ESR from Debian package sources homepage to about:blank This is to disable kicksecure-welcome-page in Whonix. ^[47]
• Depends: kicksecure-welcome-page ^[48]
• Whonix local HP referencing Kicksecure local HP ^[49] (Thanks to Your Name!)
• Whonix End of Year Banner ^[50] (Thanks to Your Name!)

Whonix ™ 16.0.8.2[edit]

anon-apps-config:

• pref(“mailnews.start_page.enabled”, false); ^[51]
• Drop everything related to Enigmail Updated to reflect Tails version as of 2022 ^[52] (Thanks to @HulaHoop!)
• Updated to reflect Tails version as of 2022 ^[53] (Thanks to @HulaHoop!)
• update onionjuggler conf ^[54] (Thanks to nyxnor!)
• chmod +x etc/onionjuggler/conf.d/30_whonix.conf to fix lintian warning W: anon-apps-config: script-not-executable etc/onionjuggler/conf.d/30_whonix.conf ^[55]
• add onionjuggler whonix conf ^[56] (Thanks to nyxnor!)
• disable ntp time check disabled time check since it uses ntp which doesnt exist in whonix. (it has no effect on the connection) ^[57] (Thanks to TNT BOM BOM!)

anon-gw-anonymizer-config:

• fix AppArmor ^[58]
• addgroup -> adduser fix ^[59]
• improve anon-verify output ^[60]
• anon-verify: fix enumeration of all Tor config drop-in snippets for new `%include /etc/torrc.d/*.conf` syntax ^[61]

anon-ws-disable-stacked-tor:

• addgroup -> adduser fix ^[62]

onion-grater:

• correct bitcoind binding ports ^[63] (Thanks to nyxnor!)
• correct bitcond pattern for all default ports of the chains ^[64] (Thanks to nyxnor!)
• fix systemd seccomp violation after suspend/resume by adding `SystemCallFilter` `select` Sep 25 01:06:57 host audit[841]: SECCOMP auid=4294967295 uid=106 gid=116 ses=4294967295 subj==/usr/lib/onion-grater (enforce) pid=841 comm="onion-grater" exe="/usr/bin/python3.9" sig=31 arch=c000003e syscall=23 compat=0 ip=0x792fb3bac2a3 code=0x80000000 ^[65]

whonix-firewall:

• shfmt ^[66]
• shfmt ^[67]
• shfmt ^[68]
• shfmt ^[69]
• verbosity ^[70]
• set all defaults first before parsing config folder Thanks to @nyxnor for the report! https://forums.whonix.org/t/how-to-unset-firewall-array/15604 ^[71]
• not opening ports instead of closing, wording ^[72] (Thanks to nyxnor!)
• be verbose no port is being opened ^[73] (Thanks to nyxnor!)
• double quote "$@" ^[74] (Thanks to nyxnor!)
• always inform SOCKSIFIED if set to '0' ^[75] (Thanks to nyxnor!)
• print informational messages https://forums.whonix.org/t/print-ports-opened-in-the-firewall/15469 ^[76] (Thanks to nyxnor!)
• make the main script pass arguments to child also make the script be called by path, so easier to test by placing script at /usr/local/bin ^[77] (Thanks to nyxnor!)

whonix-welcome-page:

• new file: usr/share/doc/homepage/whonix-welcome-page/img/Search-ahmia.png ^[78]
• minor: link to root domain, not index.html ^[79]
• ahmia ^[80]
• add icon for brave search ^[81]
• Add onions as much as possible instead of TLS only https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/106 ^[82] (Thanks to TNT BOM BOM!)

Whonix ™ 16.0.5.3[edit]

TODO: https://forums.whonix.org/t/whonix-16-0-5-3-for-virtualbox-point-release/13817

Whonix ™ 16.0.5.0[edit]

derivative-maker:

• rename `Whonix-Workstation-CUSTOM` to `Whonix-Custom-Workstation` ^[83]
• fix qcow2 Whonix-Custom-Workstation build ^[84]
• improve images upload script ^[85]
• introduce variable `dist_build_files_to_upload` ^[86]
• improve error message if build dependency is missing ^[87]
• sanity test ^[88]
• sanity test ^[89]
• add `--delete --utm` incomplete boilerplate implementation ^[90]
• rename /etc/derivative-makerconfig.d to /etc/buildconfig-dist.d rename derivative-maker to derivative-maker ^[91]
• generic variables names ^[92]
• generic variables names ^[93]

anon-gw-anonymizer-config:

• remove torrc-d-cleaner since no longer required because Tor now has wildcard support and is configured to parse config files ending with `*.conf` only. ^[94]
• run repair-torrc from tor-config-sane ^[95]
• only `%include` config files ending with `*.conf` https://www.whonix.org/wiki/Dev/Tor ^[96]
• cleanup, remove workaround for old bug https://forums.whonix.org/t/configuring-onion-service/9042 ^[97]
• downgrade copyright to avoid Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug ^[98]
• workaround for Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug ^[99]

anon-meta-packages:

• add `tor-ctrl` to `whonix-shared-packages-recommended-cli` ^[100]

qubes-whonix:

• lower debugging ^[101]

whonix-firewall:

• lower debugging ^[102]

whonix-welcome-page:

• remove hardcoded font, use font from Debian package sources instead ^[103]
• update copyright since complete rewrite ^[104]
• Welcome Page Revision ^[105] (Thanks to Your Name!)

Whonix ™ 16.0.4.2[edit]

anon-apps-config:

• disable Thunderbird default homepage by default to avoid https connection for better security hardening Thanks to @HulaHoop for the suggestion! https://forums.whonix.org/t/canning-thunderbirds-startpage/13007/1 ^[106]

anon-connection-wizard:

• add tag ap_conn_done_pt ^[107]
• add tag conn_done_pt ^[108]
• update default bridges ^[109]

anon-gw-anonymizer-config:

• fix Tor Browser 11.06 - New Identity function error message suppressed subscription to event 'STREAM related to: https://www.whonix.org/wiki/Tor_Browser#New_Tor_Circuit_Function Thanks to @torjunkie to the bug report! https://forums.whonix.org/t/tb-v11-06-new-identity-function-error-message/13326 ^[110]
• arm -> nyx ^[111]
• renamed: usr/share/applications/gateway-arm.desktop -> usr/share/applications/gateway-nyx.desktop ^[112]
• fix onion-grater-remove ^[113]

anon-icon-pack:

• renamed: usr/share/icons/anon-icon-pack/arm.ico -> usr/share/icons/anon-icon-pack/nyx.ico ^[114]

anon-meta-packages:

• install kicksecure-default-applications-cli per default on the workstation due to recent kicksecure-meta-packages refactoring ^[115]
• install kicksecure-recommended-cli by default on gateway and workstation due to refactoring of kicksecure-meta-packages ^[116]
• remove setup-dist from whonix-shared-packages-dependencies-cli because now part of kicksecure-dependencies-cli ^[117]
• improve multiple architecture support / split dummy-dependency package into multiple packages ^[118]

anon-shared-build-apt-sources-tpo:

• fix, update path ^[119]

anon-ws-disable-stacked-tor:

• Tor emulation: fix, pass all command line options to `tor` when being called with `--verify-config` https://github.com/nyxnor/tor-ctrl/issues/9 ^[120]
• implement `tor --verify-config` tor-ctrl uses 'tor --verify-config' fixes https://github.com/nyxnor/tor-ctrl/issues/9 ^[121]

apparmor-profile-everything:

• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[122]

apparmor-profile-hexchat:

• harden profile and remove xchat support https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951331#23 ^[123]

bootclockrandomization:

• ConditionPathExists=!/run/qubes-service/no-bootclockrandomization ConditionPathExists=!/run/qubes-service/no-bcr ^[124]
• Make delay_plus_or_minus overridable via env var ^[125] (Thanks to deeplow!)

helper-scripts:

• `/usr/libexec/helper-scripts/terminal-wrapper`: add support for `gnome-terminal` ^[126]
• hardened-malloc-type-test: Hardened Malloc version 10 compatibility ^[127]
• anon-consensus-del: also restart vanguards ^[128]
• `/usr/libexec/helper-scripts/curl_exit_codes`: add newer curl exit codes ^[129]

kicksecure-meta-packages:

• install kicksecure-default-applications-cli by default in Kicksecure ^[130]
• split into kicksecure-recommended-cli and kicksecure-default-applications-cli ^[131]
• add setup-wizard-dist to kicksecure-desktop-applications-recommended ^[132]
• add setup-dist to kicksecure-dependencies-cli ^[133]
• add systemcheck to kicksecure-recommended-cli ^[134]
• move a lot packages from kicksecure-dependencies-cli to kicksecure-dependencies-cli since this is more apprpriate. haveged, jitterentropy-rngd, man-db, bzip2, net-tools, dnsutils, iputils-ping, file, lsof, pciutils, strace, sysfsutils, procps, e2fsprogs, less, most, apparmor-utils, bash-completion, nano, udisks2, libblockdev-crypto2, sensible-utils, secure-delete, openvpn, curl, wget, usability-misc, open-link-confirmation, hardened-malloc | dummy-dependency ^[135]
• no longer install zsh by default ^[136]
• add equivs to kicksecure-recommended-cli ^[137]
• legacy ^[138]
• legacy ^[139]
• hardened-malloc-kicksecure-enable -> hardened-malloc-light-enable ^[140]
• improve multiple architecture support / split dummy-dependency package into multiple packages ^[141]
• dummy-dependency: remove lkrg, binaries-freedom, orca-screen-reader-support for simplicity because these packages are not a dependency yet ^[142]

live-config-dist:

• version ^[143]

monero-gui:

• monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200018/https://github.com/monero-project/monero-gui/releases/tag/v0.17.3.0 https://web.archive.org/web/20211213200116/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200210/https://www.getmonero.org/downloads/hashes.txt ^[144]
• delete for upcoming update ^[145]

msgcollector:

• `/usr/libexec/msgcollector/error_handler`: fix exit code capturing ^[146]

onion-grater:

• disable `ProcSubset=pid` due to onion-grater crash at startup > onion-grater[23859]: FileNotFoundError: [Errno 2] No such file or directory: '/proc/stat' ^[147]
• fix, prevent dh_compress from compressing the OnionShare onion-grater profile Thanks to @DaemonFuu for the bug report! https://forums.whonix.org/t/onion-grater-deb-package-contains-compressed-40-onionshare-yml/13154 ^[148]
• towards OnionShare 2.4 support ^[149]
• towards OnionShare 2.4 support ^[150]
• towards OnionShare 2.4 support ^[151]

open-link-confirmation:

• add infinite recursive loop protection ^[152]

qubes-whonix:

• `/usr/share/tinyproxy/default.html.anondist`: also customize html body in case tinyproxy does not show html head ^[153]
• qvm-sync-clock.anondist code simplification ^[154]
• initial version of qvm-sync-clock.anondist ^[155]

sdwdate:

• do not start `qubes-sync-time` (conflicts with `sdwdate`), if file `/etc/sdwdate.d/qubes-sync-time-disabled-by-sdwdate.marker` exists. That file exists in a default sdwdate installation. ^[156]
• fix sdwdate-log-viewer to include seccomp failures https://forums.whonix.org/t/sdwdate-loop-conclusion-tor-already-reports-circuit-established-seccomp-issue/13260/13 ^[157]
• update 20_arch_syscall_whitelist.conf unlinkat needs to be whitelisted otherwise sdwdate fails with error: SECCOMP auid=4294967295 uid=102 gid=108 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=3328 comm="sdwdate" exe="/usr/bin/python3.9" sig=31 arch=c00000b7 syscall=35 compat=0 ip=0xf37077846c74 code=0x80000000 ^[158] (Thanks to Emanuele Rossi!)
• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[159]
• add qubes-sync-time.service and qubes-sync-time.timer to sdwdate-log-viewer ^[160]
• add `bootclockrandomization.service` to sdwdate-log-viewer ^[161]
• Qubes suspend post: disable qubes.GetRandomizedTime since no longer required. sdwdate / anondate can nowadays fix the time without it. ^[162]
• Qubes suspend pre/post: disable restart of Tor since that is no longer required. And even if it was required, this would be handled by sdwdate / anondate. ^[163]
• `date --utc` https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/17 ^[164]

sdwdate-gui:

• notify-shutdown: skip notify shutdown if sdwdate is not running ^[165]
• do no autostart if file /run/qubes-service/no-sdwdate exists ^[166]
• ConditionPathExists=!/run/qubes-service/no-sdwdate ^[167]
• restart action: use `sdwdate-clock-jump` instead of restarting sdwdate manually ^[168]
• port to QREXEC_REMOTE_DOMAIN part of https://phabricator.whonix.org/T930 ^[169]
• fix "Denied: whonix.NewStatus" dom0 permission when shutting down Whonix-Gateway [Qubes OS 4.1] Thanks to @unknown for the bug report! https://forums.whonix.org/t/qubes-os-4-1-denied-whonix-newstatus-dom0-permission/12954 ^[170]
• `sdwdate-gui-shutdown-notify.service`: `Before=shutdown.target umount.target final.target` ^[171]
• avoid start/restart of sdwdate-gui notify shutdown service during package install/upgrade dh_installsystemd --no-start --no-stop-on-upgrade ^[172]

security-misc:

• fix, skip deletion of system.map files on read-only filesystems This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324 ^[173]

setup-wizard-dist:

• Kicksecure ^[174]

systemcheck:

• Kicksecure ^[175]
• Kicksecure ^[176]
• fix, skip check_network_interfaces eth0 on Kicksecure ^[177]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[178]

tb-starter:

• update links to documentation ^[179]

tb-updater:

• alpha tbb_hardcoded_version="11.5a2" ^[180]
• tbb_hardcoded_version="11.0.6" ^[181]
• update links to documentation ^[182]
• update links to documentation ^[183]
• tbb_hardcoded_version="11.0.4" ^[184]
• tbb_hardcoded_version="11.0.3" ^[185]
• switch to "direct" digital signature verification - no longer download and verify sha256 hash file as this is no longer required - use only `gpg` to verify digital signature of Tor Browser - higher security - code simplification This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`. - https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077 - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759 Unfortunately this breaks arm64 downloads. - https://forums.whonix.org/t/arm64-tor-browser/11806 ^[186]
• tbb_hardcoded_version="11.0.2" ^[187]
• alpha tbb_hardcoded_version="11.5a1" ^[188]
• add updated signing key as annoucned here: https://blog.torproject.org/new-release-tor-browser-115a1/ Thanks to @pgerber for the bug report! fixes https://github.com/Kicksecure/tb-updater/issues/16 ^[189]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[190]

tor-control-panel:

• add tag ap_conn_done_pt ^[191]
• fix parsing Tor config file is using plain (not using pluggable transport) bridge https://forums.whonix.org/t/bridges-dont-work/13210/12 ^[192]
• add tag conn_done_pt ^[193]
• update default bridges ^[194]

developer-meta-files:

• disable buster ^[195]
• delete unused release/new_release ^[196]
• remove old Whonix news files ^[197]
• disable buster ^[198]
• whonixdevelopermetafiles -> developer-meta-files ^[199]
• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[200]
• deleted: release/upload_whonix_news_v4 ^[201]
• include kicksecure ^[202]

whonix-firewall:

• use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 ^[203]

Whonix build script:

• tor-ctrl ^[204]
• add tor-ctrl ^[205]
• squashfs-tools-ng ^[206]
• remove buster repository ^[207]

Whonix ™ 16.0.3.7[edit]

anon-apt-sources-list:

• Depends: fasttrack-archive-keyring. ^[208]

anon-gw-anonymizer-config:

• Moved anon-consensus-delete to helper-scripts (as anon-consensus-del). ^[209]

anon-gw-base-files:

• KVM desktop background. ^[210]

anon-meta-packages:

• Moved kicksecure-recommended-cli from whonix-shared-packages-recommended-cli to kicksecure-recommended-cli. ^[211]
• Removed packages pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, and makepasswd from whonix-workstation-packages-recommended-cli since these will be moved to kicksecure-meta-packages. ^[212]
• No longer install python3-msgpack by default; it is no longer needed and was removed from whonix-workstation-packages-recommended-cli. ^[213]
• Remove legacy packages. ^{[214] [215]}

anon-shared-build-apt-sources-tpo:

• Ensure compatibility with APT signed-by; port to `apt-key-install` by package helper-scripts. ^[216]
• `/etc/apt/sources.list.d/torproject.list`: use APT `signed-by`. ^{[217] [218] [219]}

anon-ws-base-files:

• KVM desktop background. ^[220]

apparmor-profile-everything:

• `sdwdate-aae.service`: Backported changes from sdwdate. ^[221]

grub-live:

• Fixed dependencies. ^[222]

helper-scripts:

• Disabled anondate AppArmor profiles because they are not ready. ^[223]
• `onion-time-pre-script`: Do not use `anondate-set` on Whonix-Workstation ™ because sdwdate can establish onion connections irrespective of Whonix-Workstation ™ system clock (so long as Whonix-Gateway ™ Tor is functional). ^[224]
• `/usr/libexec/helper-scripts/terminal-wrapper`: Added support for adding window title for `xfce4-terminal` emulator through the `terminal_emulator_window_title` environment variable. ^[225]
• anondate-get: If Tor consensus time is later than the system clock, but minimum time is later than the Tor consensus time, show the minimum time instead of no result. ^[226]
• onion-time-pre-script: Added a user check to prevent broken file permissions. ^[227]
• anondate-set: Disabled Tor restart code since it is not needed. ^[228]
• Added `usr/sbin/anon-consensus-del-files`. ^[229]
• Split into `anon-consensus-del` and `anon-consensus-del-files`. ^[230]
• Created a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. ^[231]
• anondate: Unduplicated output in journal ^[232] and lowered verbosity to avoid spamming logs. ^[233]
• onion-time-pre-script: Added a counter for how many times a script was run; output. ^[234]
• Added `/usr/libexec/helper-scripts/origins-parser`. ^[235]
• anondate-set: Ensure the system clock is not set backwards. ^[236]
• Updated `minimum_unixtime`. ^[237]
• aa-logprof corrections. ^[238]
• anondate-get: The minimum time is shown instead if it is later than Tor certificate lifetime. ^[239]
• Fixed certificate lifetime parsing by anondate. ^[240]
• Fixed parsing Tor consensus time if Tor has not fetched a Tor consensus yet. ^[241]
• Added anondate output to journal (and therefore sdwdate-log-viewer). ^[242]
• Rebased AppArmor profiles on aa-logprof. ^[243]
• Redesigned recovery from a slow clock. ^[244]
• Imported anon-consensus-del from anon-gw-anonymizer-config. ^[245]

kicksecure-meta-packages:

• Removed fasttrack-archive-keyring from kicksecure-recommended-cli (added to anon-apt-sources-list). ^[246]
• Added pwgen, codecrypt, gpg, gpg-agent, dirmngr, magic-wormhole, diceware, makepasswd to kicksecure-recommended-cli. ^[247]
• Added firefox-esr. ^{[248] [249]}
• Continued removal of Chromium. ^{[250] [251] [252]}
• Legacy fixes. ^[253]

msgcollector:

• Improved `/usr/lib/systemd/user/usertest.service`. ^[254]
• `/usr/libexec/msgcollector/one-time-popup`: Create a folder if not existing (mkdir -p). ^[255]

rads:

• Removed unnecessary `--no-restart-after-upgrade` ("Undo a previous --restart-after-upgrade (or the default of compat 10). If no other options are given, this will cause the service to be stopped in the prerm script and started again in the postinst script."). ^[256]
• Removed `--no-restart-on-upgrade` ("Note that the --no-restart-on-upgrade alias is deprecated and will be removed in compat 14. This is to avoid confusion with the --no-restart-after-upgrade option."). ^[257]
• Added a hint on how to switch virtual console, see: Virtual Consoles. ^[258]
• Added a workaround for issue "no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)". Gnome's gdm display manager's systemd unit replaces tty1 even in case gdm is not started. ^{[259] [260]}

sdwdate:

• Improved tests. ^[261]
• Run `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher` under user/group `sdwdate`. ^[262]
• Renamed: `lib/systemd/system/sdwdate-restart-tor-request-file-watcher.service` → `lib/systemd/system/sdwdate-start-anondate-set-file-watcher.service`. ^[263]
• Renamed: `usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. ^[264]
• Implemented a more descriptive file name: `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` → `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. ^[265]
• Implemented a more descriptive file name: `/run/sdwdate/request_tor_restart` → `/run/sdwdate/request_anondate-set`. ^[266]
• Added `/usr/libexec/sdwdate/sdwdate-test`. ^[267]
• Moved sclockadj compilation from a postinst to systemd unit to allow simplification of dependency resolution during release upgrade. ^[268]
• Ported to pathlib fix TypeError: 'missing_ok' is an invalid keyword argument for remove(). ^{[269] [270] [271]}
• Added seccomp utimensat Sep 23 15:37:39 host audit[33040]: SECCOMP auid=4294967295 uid=111 gid=121 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=33040 comm="touch" exe="/usr/bin/touch" sig=31 arch=c000003e syscall=280 compat=0 ip=0x70ca67e4bafa code=0x80000000. ^[272]
• Added sdwdate-log-viewer. ^[273]
• Rewrite profile using aa-logprof. ^[274]
• Redesigned recovery from a slow clock. ^[275]
• Ensure Tor consensus is deleted before restarting Tor in `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` to increase robustness of recovering from skewed time. ^{[276] [277]}
• Fixed and excluded sdwdate-pre (addgroup) from SystemCallFilter. ^{[278] [279]}
• `usr/libexec/sdwdate/sdwdate-addgroup` → `usr/libexec/sdwdate/sdwdate-pre`. ^[280]
• Fixed sdwdate addgroup if failed during build process. ^[281]

sdwdate-gui:

• sdwdate-gui log viewer: set the window title. ^[282]
• Fixed harmless but nuisance warnings in Qubes R4.1 ^[283] by preventing `sdwdate-gui-shutdown-notify.service` from running inside the Template. ^{[284] [285] [286]}

swap-file-creator:

• `dh_installsystemd --no-stop-on-upgrade`: Use --no-stop-on-upgrade to not stop (and therefore not restart) the swap-file-creator systemd unit after package upgrade since there is no reason to re-create the swap file during upgrade of this package. --no-start is unused because a swap file should be created after installation of this package. dh_installsystemd manpage: --no-stop-on-upgrade "Do not stop service on upgrade. This has the side-effect of not restarting the service as a part of the upgrade." ^[287]
• Lowered the verbosity of output during boot to avoid a "swap file created" message overwriting the console login prompt. ^{[288] [289]}

systemcheck:

• Moved the location of the deprecation popup. ^[290]
• Ensure the deprecation notice is shown during a package upgrade. ^[291]
• Added a deprecation notice popup. ^[292]
• `usr/libexec/systemcheck/canary-download.py` → `usr/libexec/systemcheck/canary-download`. ^[293]
• `etc/apparmor.d/usr.lib.systemcheck.canary` → `etc/apparmor.d/usr.libexec.systemcheck.canary`. ^[294]

tb-updater:

• Update: tbb_hardcoded_version="11.0.1". ^[295]
• Took out the passage about removed backup functionality. ^{[296] [297]}
• Update: alpha tbb_hardcoded_version="11.0a10". ^[298]
• Update: tbb_hardcoded_version="11.0". ^[299]
• Update: alpha tbb_hardcoded_version="11.0a9". ^[300]
• Update: tbb_hardcoded_version="10.5.10". ^[301]
• Further updates: tbb_hardcoded_version. ^[302]

timesanitycheck:

• Updated `/usr/share/timesanitycheck/minimum_unixtime`. ^[303]
• Fixed a typo, renamed `/usr/share/timesanitycheck/date-minium-file-create` → `/usr/share/timesanitycheck/date-minimum-file-create`. ^[304]
• Updated `/usr/share/timesanitycheck/minimum_unixtime`. ^[305]

uwt:

• Added a uwt wrapper for `dnf-3` (for Qubes-Whonix ™ 16 dom0 UpdateVM support). ^{[306] [307] [308]}

whonix-firewall:

• Added an opt-in configuration for outgoing IP filtering through `outgoing_allow_ip_list`. ^[309]

whonix-legacy:

• Improved release-upgrade. ^{[310] [311] [312] [313]}
• release-upgrade: Ensure the meta package is downloaded and installed. ^[314]
• release-upgrade: Abort if no installed meta package has been detected. ^[315]
• release-upgrade: Added meta package detection. ^[316]

whonix-libvirt:

• RAM reduced to 1.5GB ^{[317] [318] [319] [320]}
• Decreased RAM to 256MB, updated descriptionp, and updated the description for activating desktop. ^{[321] [322]}

whonix-xfce-desktop-config:

• KVM desktop background. ^[323]

Whonix build script:

• Re-enabled downloading of Tor from `deb.torproject.org`. ^{[324] [325] [326]}
• CI changes. ^[327]
• Fixed `help-steps/repo_download_chroot_script`. ^[328]
• Whonix ™ KVM: Enable extended L2 entries, and reduced cluster size.
  • I/O perf should improve thanks to extended L2, see: Subcluster allocation for qcow2 images.
  • Decreasing cluster size produces smaller images. ^{[329] [330]}

Whonix ™ 16.0.3.1[edit]

anon-gw-base-files:

• Fixed the background image. ^[331]

anon-ws-base-files:

• Fixed the desktop background. ^{[332] [333]}

corridor:

• Changelog. ^[334]

grub-live:

• Fixed grub-live (initramfs-tools version). ^{[335] [336] [337]}

hardened-kernel:

• Added --remote-name. ^[338]

helper-scripts:

• Added `/usr/libexec/helper-scripts/desktop-background-skel-test`. ^[339]
• terminal-wrapper: xfce4-terminal --hold supported since Debian bullseye. ^[340]

kicksecure-meta-packages:

• Fixed and installed policykit-1-gnome by default. ^{[341] [342]}

repository-dist:

• Legacy. ^[343]
• Legacy: upgraded existing `/etc/apt/sources.list.d/derivative.list` to use `[signed-by=/usr/share/keyrings/derivative.asc]`. ^[344]
• Changed `Depends: python3` to `Depends: python3:any` ^[345]
• Removed the no loner required `Depends: gnupg`. ^[346]
• Implemented `Depends: helper-scripts`. ^[347]
• Cleanup and removed legacy transitional package whonix-repository. ^[348]
• Renamed: `usr/share/keyrings/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative.asc` and renamed `usr/share/keyrings/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative.pub`. ^[349]
• Deleted legacy `/etc/apt/trusted.gpg.d/derivative.asc` because now using `signed-by` and `/usr/share/keyrings/derivative.asc` ^[350]
• Ported to APT sources.list `signed-by`. ^[351]
• Renamed:
  • `usr/share/repository-dist/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative-distribution-signing-key.asc` (gpg)
  • `usr/share/repository-dist/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative-distribution-signify-key.pub (signify) <sup>[352]</sup>
• Use APT sources.list `signed-by`. ^{[353] [354]}

sdwdate:

• AppArmor fix. ^[355]

security-misc:

• Fixed: unduplicate kernel command line. ^[356]
• Removed Debian buster support in `/etc/default/grub.d`. ^[357]

systemcheck:

• Updated the path APT `signed-by`. ^{[358] [359]}

tb-updater:

• alpha tbb_hardcoded_version="11.0a6". ^[360]
• tbb_hardcoded_version="10.5.6" ^[361]

usability-misc:

• Added --remote-name. ^[362]
• Ported to APT `signed-by`. ^{[363] [364]}

whonix-xfce-desktop-config:

• Fixed the desktop background. ^{[365] [366]}

Whonix ™ 16.0.2.7[edit]

anon-gw-base-files:

• Fixed the bullseye background image. ^{[367] [368]}

anon-meta-packages:

• Integrated kicksecure-dependencies-system. ^{[369] [370]}

anon-ws-base-files:

• Fixed the bullseye background image. ^{[371] [372]}

binaries-freedom:

• Added the Debian install file (generated using genmkfile debinstfile). ^[373]
• binaries-freedom is an empty package at present. ^{[374] [375]}

debug-misc:

• dracut. ^[376]
• Removed ‘rhgb’ from GRUB_CMDLINE_LINUX_DEFAULT. ^[377]
• add_dracutmodules+=" debug " ^[378]

grub-live:

• dracut. ^{[379] [380]}
• Fixed and removed dracut kernel_cmdline="rootovl" since that is already conditionally set in the grub boot menu (otherwise the system will always boot into live mode). ^[381]
• Removed dracut hostonly="yes" since that is already the Debian default. ^[382]
• Added dracut support based on friedrich12 / dracut-grub-live. ^{[383] [384]}

helper-scripts:

• Improved diagnostic messages. ^[385]

kicksecure-meta-packages:

• Installed flatpak by default and added it to kicksecure-recommended-cli. ^{[386] [387] [388]}
• Installed extrepo by default and added it to kicksecure-recommended-cli. ^{[389] [390]}
• Switched from lightdm to gdm3 because lightdm autologin is non-functional. ^[391]
• kicksecure-dependencies-system Depends: linux-initramfs-tool, dracut and initramfs-tools. ^{[392] [393]}
• Introduced and integrated kicksecure-dependencies-system. ^{[394] [395] [396]}
• Removed initramfs-tools from non-qubes-vm-enhancements-cli for dracut support. ^[397]
• Introduced kicksecure-qubes-cli and kicksecure-qubes-gui. ^[398]

monero-gui:

• Updated to monero-gui-linux-x64-v0.17.2.3.tar.bz2. ^{[399] [400] [401] [402]}

qubes-whonix:

• Dropped initramfs-tools from qubes-whonix-shared-packages-recommended; this is left to Qubes for dracut support. ^{[403] [404]}

sdwdate:

• Fixed a dependency issue. ^[405]

security-misc improvements:

• Do not set kernel parameter quiet loglevel=0 for recovery boot option for easier debugging. ^[406]
• Moved grub quiet to a separate configuration file /etc/default/grub.d/41_quiet.cfg. ^[407]
• dracut reproducible=yes. ^[408]
• Depends: libpam-modules-bin. ^[409]
• Fixed faillock implementation - dovecot / ssh are exempted. ^[410]
• Fixed and added sshd to pam_service_exclusion_list to avoid faillock. ^[411]

systemcheck:

• Now run check_sudo earlier. ^[412]

usability-misc:

• Removed /etc/lightdm/lightdm.conf.d/autologin.conf (comments only) since it might interfere with autologin. ^[413]

vm-config-dist:

• config-package-dev displaces /etc/gdm3/daemon.conf. ^[414]
• Added and enabled gdm autologin. ^{[415] [416] [417]}
• Added the original /etc/gdm3/daemon.conf. ^[418]
• Fixed autologin. ^{[419] [420]}
• Disabled dracut module resume in VMs since it might break the boot process if built inside chroot. ^[421]
• vbox-guest-installer: recommend, migrate from VirtualBox guest addition ISO to VirtualBox guest addition packages. ^{[422] [423]}

whonix-legacy:

• Updated version. ^[424]
• Improved release-upgrade. ^{[425] [426]}

whonix-xfce-desktop-config:

• Fixed the bullseye background image (actually still broken). ^{[427] [428]}

Documentation Updates[edit]

New wiki chapters:

Wiki improvements/enhancements:

Footnotes[edit]