{{Header}} __NOINDEX__ {{#seo: |description={{project_name_long}} Release Notes, {{project_name_long}} 15 and earlier versions. |image=Old-books-436498640.jpg }} [[File:Old-books-436498640.jpg|thumb]] {{intro| {{project_name_short}} Release Notes, {{project_name_short}} 15 and earlier versions. }} = 115adretemp = {{project_name_gateway_long}} and {{project_name_workstation_long}} * Better comment on the top for .d style configuration folders/files as contributed by @JasonJAyalaP * [[Desktop#RAM Adjusted Desktop Starter|RAM Adjusted Desktop Starter]]: now easier to use other display managers. It simply starts whatever the default display manager is. * whonixcheck version check ({{project_name_short}} News), now supports - checking {{project_name_short}} Build Version and {{project_name_short}} Deb Version separately - having multiple up to date versions (for example for stable, testers and developers) - having separate news per build or deb version * whonixcheck: Deactivated checking status of bootclockrandomization, timesanitycheck and timesync. Its already tested every time, timesync runs. Leaving it enabled in whonixcheck could make some users believe, that whonixcheck runs timesync, which it does not. * whonixcheck, timesync: To get rid of the confusing line "/usr/lib/whonix/systemcheck/help_output: line 348: 9404 Killed [...]" at the end, added disown "$ZENITY_PROGRESS_PID". * whonixcheck: prefixed all messages with the name of each test. * whonixcheck: New WHONIXCHECK_DISABLE_TRANS_PORT_TEST configuration variable. When set to 1, skips whonixchecks test for Tor's TransPort. Useful in case you deactivated Tor's TransPort.; Separate help messages for {{project_name_gateway_short}} and {{project_name_workstation_short}} in case network connection (whonixcheck's SocksPort test) failed.; Better help messages for {{project_name_gateway_short}} and {{project_name_workstation_short}} in case network connection (whonixcheck's SocksPort test) failed.; New additional help text in case Tor is not detected "You could try to find out if this IP is/was a Tor exit relay using a search engine or ExoneraTor: https://metrics.torproject.org/exonerator.html". Lets see if we keep that in the final.; Different help messages if Tor detection on Tor's SocksPort failed vs Tor detection on Tor's TransPort failed. * improved many messages in whonixcheck, timesync, whonixsetup * no longer hardcoding MAC addresses, no longer sharing MAC addresses among all {{project_name_short}} versions, was very little gain, while it can confuse complex setups * whonixcheck: - added option to skip SocksPort test for [https://github.com/Whonix/Whonix/issues/57 #57] - no longer delete temporary folder, gets automatically deleted only makes debugging/auditing harder * converting {{project_name_short}} News Blogs to plain text, so no external links to wordpress.com get loaded * added pandoc (required for whonixcheck as html2text converter) * whonix_shared/etc/apt/sources.list.whonix: changed from Debian stable (wheezy) to Debian testing (jessi) for [https://github.com/Whonix/Whonix/issues/60 #60] (installation of python-stem) * whonixcheck: now also checks Tor's bootstrap status using Tor's control port using [[Dev/onion-grater|onion-grater (Control Port Filter Proxy)]] * added hint to read [[Computer Security Education]] to VirtualBox license files ([https://github.com/Whonix/Whonix/issues/64 #64]) * quick and dirty hack to make AppArmor play well with tor, obfsproxy and flashproxy for [https://github.com/Whonix/Whonix/issues/67 #67] * added log viewer ksystemlog to whonix-shared-desktop-kde * moved whonixcheck zenity progress bar and result message to the top left, so it does not overlap with sdwdate's progress bar or result message * replaced tails_htp with sdwdate * AppArmor: added global /etc/hosts.whonix r, /etc/resolv.conf.whonix r, On {{project_name_workstation_short}} this file does not contain anything interesting (except some special configuration) and {{project_name_gateway_short}} is not supposed to have applications reading those files. Closes [https://github.com/Whonix/Whonix/issues/66 #66] * added apparmor-notify to whonix-shared-packages-recommended: Notification with passive popups when AppArmor restricts something. There are no profiles activated by default (except Tor, which gets loaded by its default init script), but still useful to prevent confusion just in case. * No longer abort whonixcheck if Tor's SocksPort is not reachable ([https://github.com/Whonix/Whonix/issues/49 #49]). Now directly checking Tor's bootstrap status through Tor's control port ([https://github.com/Whonix/Whonix/issues/57 #57]). * whonix_shared/usr/bin/uwt: Ignoring -t server_type and therefore defaulting to 4. 5 does not work well with the torsocks version from Debian testing. (Things like dget and update-command-not-found are broken.) Reporting a bug against torsocks is not worth it, since torsocks is currently being rewritten anyway. {{project_name_gateway_short}} * whonixsetup: Working around another bug in Tor. When starting Tor fails, it does not return a non-zero return code. * added apper to whonix-gateway-packages-recommend * Added RAM Adjusted Desktop Starter info message to {{project_name_gateway_short}} wallpaper. * {{project_name_gateway_short}} firewall: added settings for an optional Tor relay * whonix_gateway/usr/bin/whonix_firewall: Fix. When GATEWAY_ALLOW_INCOMING_FLASHPROXY is set to 1, iptables does not support -p all --dport. See https://serverfault.com/questions/279361/iptables-p-all-dport. Changed to -p tcp, which is sufficient, according to https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto {{project_name_workstation_short}} * added pinentry-qt4 to whonix-workstation-default-applications, required to make KGpg symmetric encryption (and gnupg-agent) work out of the box * No longer add Tor Browser default icon to the Desktop (already existing icons won't be touched, so this will appear in the next build version), the Tor Browser Recommend icon is still on the desktop and the default one can still be created from the start menu, closes [https://github.com/Whonix/Whonix/issues/58 #58] * {{project_name_short}} torbrowser update check and download script: has now a working progress bar. * {{project_name_short}} torbrowser update check and download script: fixed zenity cancel button, cancel now effectively terminates still running curl instances and can therefore prevent endless data attacks or bugs. Source Code * new bash pseudo GUI toolkit /usr/lib/whonix/doutput * whonix_shared/usr/share/whonix/postinst.d/70_create_swap_file: fixed support for re-running * radically shortened readme * added libfile-fcntllock-perl to build dependencies: - required to silence dpkg-gencontrol: warning: File::FcntlLock not available; using floc * renamed whonix_workstation/etc/systemcheck.d/30_torbrowser to whonix_workstation/etc/systemcheck.d/30_torbrowser_default * new maintainer script: release/resign_repository, Refreshes repository. OpenPGP Resignes and updates valid-until field. * Got rid of time consuming "chown --recursive user:user /home/user/" while updating by running the required commands as user in the first place * debian/rules-helper.bsh: added --no-start to dh_installinit. Restarting the init scripts while updating is not required. All init scripts are su * postinst.d scripts: better error message in case a postinst.d script ever fails * postinst.d scripts: hide "set -x" debug output, unless WHONIX_DEB_DEBUG=1 * added whonix_shared/usr/share/whonix/postinst.d/pre.bsh, a script supposed to be sourced by all postinst.d scripts * uwtwrapper: renamed variable ip to uwtwrapper_gateway_ip to avoid conflicts * Fix: Skipping to source config.d files such as .dpkg-old and .dpkg-dist. * {{project_name_short}} News v2: changed location to https://sourceforge.net/projects/whonixdevelopermetafiles/ * whonix_shared/usr/bin/whonix_repository: moved repository to https://sourceforge.net/projects/whonixdevelopermetafiles/ * whonix_shared/usr/lib/whonix/systemcheck/50_check-whonix-news: added --fail to curl, so it returns non-zero when sourceforge replies 404 (in case the file has been forgotten to upload). Otherwise we would end up with the error html page and throw a OpenPGP verification failure message. * added debug-steps/locally-upgrade-whonix-debian-packages, a script to manually update from source code, closed [https://github.com/Whonix/Whonix/issues/52 #52] * apply our apt preferences.d settings (apt pinning) while building {{project_name_short}} from source code and while updating {{project_name_short}} from source code * Added python-stem to whonix-shared-packages-dependencies. * explicitly define /etc/apt/sources.list for grml-debootstrap to ensure grml-debootstrap won't fetch non-freedom software * `displace`ed /etc/apparmor.d/local/system_tor * added dh-apparmor to build dependencies * Revised the way how the temporary local apt repository is created and removed. * Fixed a bug when an own signing key was used to sign the local apt repository. No longer copying the whole pubring.gpg to /etc/apt/trusted.gpg.d/, only copying the specific signing key. * Fixed a failure bug when dist_build_apt_codename was not set to local (now also works for stable, testers and developers). * Reduced code duplication. = 101adretemp (uploaded to {{project_name_short}} developers apt repository) = {{project_name_gateway_short}} and {{project_name_workstation_short}} * whonixcheck, timesync: cleaner locking mechanism, no longer using pgrep, thus fixing a confusing message while booting * whonixsetup: starting whonixcheck after enabling Tor ([https://github.com/Whonix/Whonix/issues/56 #56]) {{project_name_gateway_short}} * improved whonixsetup output * added icons for {{project_name_gateway_short}} desktop {{project_name_workstation_short}} * whonix_workstation/usr/bin/torbrowser: updated links to important and feature blog * Deactivating kmix autostart. Workaround to fix Klipper (and others?) autostart. Working around [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630617 bug] * torbrowser: added --clearnet option. Uses torproject.org clearnet domain instead of torprojects Tor onion service (hs). Useful in case the hs * Tor Browser Update and Start script: Will no longer show a browser error when whonixcheck (rawdog) hasn't fetched {{project_name_short}} News blog already. Wil * {{project_name_short}} torbrowser Start and Update script now reads /etc/systemcheck.d/30_torbrowser_default which can contain the language setting * torbrowser: updated forum link to [[Special:AWCforum]] Source Code * whonix_gateway/usr/lib/whonix/cpf-tcpserver: better escaping (now produces no more strange output when telneting it or accessing it with tor-ct * FIX: added QUIT to control port filter proxy white list, otherwise after 40 connections tcpserver wouldn't accept any more connections * whonix_gateway/usr/lib/whonix/cpf-tcpserver: exit and therefore terminate connection when getting QUIT * {{project_name_gateway_short}}: added uuid-runtime, contains uuidgen, required for Control Port Filter Proxy * new release/maketorrent, maintainer script for creation of torrent downloads for {{project_name_short}} * updated links from sourceforge.net to whonix.org * build-steps.d/2600_export-vbox-vm: add version number to final .ova file * new chroot post script: Storing from which {{project_name_short}} version a build was created in /usr/share/whonix/build_version. * /etc/fstab: Fix. Removed "UUID=26ada0c0-1165-4098-884d-aafd2220c2c6 / ext4 noatime,errors=remount-ro 0 1" since we are no longer modifying the uuid of the virtual hdd * deleted whonix_shared/etc/fstab.whonix, this is now handled by whonix_shared/usr/share/whonix/postinst.d/70_create_swap_file, which is better * added reprepro to build dependencies, since required for creating (local) APT repository * build-steps.d/1100_prepare-build-machine: allow running without --torgateway or --torworkstation = 97adretemp (uploaded as testers-only VM build version, uploaded to {{project_name_short}} stable apt repository) = {{project_name_gateway_short}} and {{project_name_workstation_short}} * only disable powersaving if a virtual machine can be detected * new whonixdesktop_autostart_decision_feature variable, for easy deactivation of that feature * VirtualBox import license text: added license text with some help, disclaimer and license * removed hardware modifications, very little gain, while it breaks enabling uefi and confuses other things as well * added aptitude stream isolation wrapper * whonixcheck, timesync --showcli: added "End of "$SCRIPTNAME". Feel free to press to return back to your normal prompt." * moved blog to wordpress.com, better than sourceforge, because wordpress.com supports SSL, closed [https://github.com/Whonix/Whonix/issues/23 #23] {{project_name_workstation_short}} * deactivate the kgpg tray icon by default ([https://github.com/Whonix/Whonix/issues/10 #10]), not perfect, but less confusing, since it will now hopefully start in foreground Source Code * timesanitycheck: fixed, since version file does not exist anymore, using newly created build_timestamp by whonix_shared/usr/share/whonix/postinst.d/70_build_timestamp * whonix_gateway/usr/lib/whonix/whonixsetup/ft_m_1: working around a bug in Tor * fixed modification of {{project_name_short}} modified /home/user/.bashrc * updated shortcuts * whonix_shared/usr/bin/backgroundd: revised * added gsfonts, required for backgroundd (desktop background image manipulation) * whonix_gateway/usr/bin/controlportfilt: add "-l host" to disable local hostname lookup to prevent timeouts (since there is on purpose no functional /etc/resolv.conf on {{project_name_gateway_short}}) * whonix_gateway/usr/bin/controlportfilt: more debugging * fixed firewall rules for control port filter proxy; comments; refactoring * gateway controlportfilt: added -H to tcpserver, so it doesn't hang if /etc/resolv.conf is not configured, which is the case on {{project_name_gateway_short}} * gateway controlportfilt: added debugging to tcpserver * gateway controlportfilt: fix, let tcpserver listen on all interfaces, not just 127.0.0.1, so {{project_name_workstation_short}} can reach it. It is filtered from outside due to whonix_firewall. * added ucspi-tcp, contains tcpserver, required for Control Port Filter Proxy * renamed whonix_shared/usr/share/whonix/keys/tpoarchive-keys.d/readme to whonix_shared/usr/share/whonix/keys/tpoarchive-keys.d/.readme so apt-key ignores it and doesn't throw an error * renamed build-steps folder to build-steps.d * added virt-what * reorganized updating tpo package list, installing deb.torproject.org-keyring also on {{project_name_workstation_short}}, installing torsocks and tor in case the version in tpo repository is newer * whonixcheck, timesync: fix, don't delete temporary folder too early * whonixsetup: made it more robust, fix, enabled debugging * whonix_workstation/usr/bin/torbrowser: fix mkdir when run from non-home folder * {{project_name_gateway_short}}: only update debian (/etc/apt/sources.list) and torproject.org (/etc/apt/sources.list.d/torproject.list) package lists for eventually installing newer Tor, torsocks, obfsproxy from torproject.org. (Only in case it is newer in torproject.org repository.) * no longer store backups of grub.cfg in /boot/grub/, store it in /var/lib/whonix/grub-backup instead, so it can not confuse grub, if they change something some day * added git to build dependencies * new whonix_build_both script: small hack to build both virtual machines, as long as whonix_build does not support --all. * not re-creating the packages, if nothing changed * get version number from latest git tag while building from source code * automatically add to debian changelog from which git head it was build * new way to find out locally using {{project_name_short}} version (now using dpkg-query); automatically bumping upstream version of {{project_name_short}}, no longer bumping deb revision; deleted whonix_shared/usr/share/whonix/version (no longer required) * build-steps/1200_create-debian-packages: Only purge local repository before adding new packages, do not purge remote (production) repository. * .gitignore: added debian/patches; added .pc * build-steps/1200_create-debian-packages: allow without root and without --torgateway or --torworkstation switch * Makefile: create lintian.log not in source folder but in its parent folder * using git archive instead of tar for tarball creation * new internal (repository) folder readme; new signature folder readme; new main folder readme; and upload scripts * output (adretemp82) {{project_name_gateway_short}} and {{project_name_workstation_short}} * whonix_shared/etc/apt/sources.list.whonix: ** out commented sources (deb-src) ** only using: "deb https://security.debian.org/debian-security/ stable/updates main contrib non-free" and ** deb "https://deb.debian.org/debian stable main contrib non-free" ** added comment: "#deb https://deb.debian.org/debian/ stable-updates main contrib non-free" ** technical comments * If bare BARE_METAL is set to 1 (when using whonix_build with --bare-metal), skip scripts, which are not required for creating {{project_name_short}} with physical isolation, so physical isolation users can also use the whonix_build script. * added tor-ctrl * new man page: tor-ctrl * whonixcheck, timsync: inform at cli, if we are still waiting for whonixcheck and/or timesync's results {{project_name_gateway_short}} * Control Port Filter Proxy: [[Dev/onion-grater|onion-grater, a Tor Control Port Filter Proxy, design documentation]] * new man page: controlportfilt * added tor-ctrl * added firewall rules for Control Port Filter Proxy * Control Port Filter Proxy: Lie when we are asked "GETINFO net/listeners/socks". Source Code * removed dependency for bc, no longer required for whonixcheck/timesync (using expr instead) * added imagemagick, because it is required for /usr/bin/backgroundd * whonix_workstation/usr/share/whonix/postinst.d/70_gpgconf: added sanity test "sudo -u user gpg --gpgconf-test" * build source code: better way to parse command line options * deleted obsolete file whonix_shared/usr/share/whonix/postinst.d/70_grub (now solved in chroot.d post script) * deleted obsolete and neglected TODO file, see https://github.com/Whonix/Whonix/issues for TODO * installing from separate local apt repository when building from source code * build-steps/1100_prepare-build-machine and development/{{project_name_short}}-Shared_packages: added haveged to build depends * build-steps/1200_create-debian-packages: create local signing key for local APT repository, yes a signing key is also required for local installation from local package repository, see script comments * help-steps/pre: added some colorful output * added colored outputs to the build scripts debian/control: set priority of whonix-x-(packages|files|postinst) and (dummy)tor to important and made the other ones optional. This has the advantage, that if the user tries to remove an essential package, APT will loudly complain, while less important packages can be removed. * debug-steps/interactive-chroot-img: mounting local APT repository, if already available (will fail open, if not) * new variable dist_build_apt_codename * added buildconfig.d configuration folder * Extracted code for packaging {{project_name_short}} in debian/rules and made a rules-helper.bsh script, which I can maintain better. * dummytor: renamed package tor to dummytor and use Provides: tor. This prevents {{project_name_gateway_short}} from fetching dummytor. * renamed whonix_shared/usr/share/whonix/chroot-scripts-post.d/70_sources to whonix_shared/usr/share/whonix/chroot-scripts-post.d/75_sources, so it runs after all apt install actions * renamed skip_scripts variable to WHONIX_BUILD_SKIP_SCRIPTS * added WHONIX_BUILD_SKIP_SCRIPTS support to build-steps * converted native debian package into non-native debian package; new help-steps/make-tarball for creating debian orig tarball * added debian/watch * whonix_gateway/usr/lib/whonix/whonixsetup/ft_m_1: no longer try to reload a Tor which is eventually not started * renamed VERSION variable to WHONIX_BUILD_WHONIX_VERSION * whonix_shared/usr/bin/whonix_repository: - support adding multiple keys in /usr/share/whonix/keys/whonix-keys.d/* - more simple and robust code for revoke_keys - tested everything * now using debuild - now also signing packages - (local repository was already signed) * moved local apt repository to whonix_binary folder so it is no longer in the source folder and won't get included in the source tarball * added debug-steps/reprepro-wrapper * new variable WHONIX_BUILD_UPGRADE_BUILD_MACHINE to turn off apt update and apt full-upgrade and setting dpkg --force-confold during build step "prepare build machine" * clean up /etc/apt/apt.conf.d/90whonix-build-confold at the end * deleted whonix_shared/etc/apt/apt.conf.d/20whonix-oldconfig, no longer required since we now have proper packaging * debian/rules: also parse /etc/init.d folders for gateway and workstation * add {{project_name_short}} apt repository to /etc/sources.list.d/whonix.list using the whonix_repository tool renamed variable DISTRUST_WHONIX_APT_REPO to WHONIX_APT_REPOSITORY_DISTRUST_ENV renamed variable WHONIX_APT_REPOSITORY_DISTRUST to WHONIX_APT_REPOSITORY_DISTRUST_CONFIG * if the builder provides its own signing key in buildconfig.d WHONIX_LOCAL_SIGNING_KEY_FOLDER variable, use that key, otherwise use an automatically created signing key * added repository upload script (adretemp68) {{project_name_gateway_short}} and {{project_name_workstation_short}} * much work on an auto updater and packaging {{project_name_short}} for Debian * added KDE Lowfat Settings * improved many script output messages * whonixcheck: code simplification; more robust progress_bar in corner cases. * htpdate: 180 seconds for curl timeout as per https://mailman.boum.org/pipermail/tails-dev/2013-February/002635.html * An anonymous user suggested, that MAC addresses used by {{project_name_short}} starting with vendor prefix 080027 are too uncommon.; Used https://github.com/EtiennePerot/macchiato/tree/master/oui/wireless_laptop.sh (Integrated wireless interfaces in laptop computers) to find more popular MAC vendor ids.; Changed MAC addresses: ** {{project_name_gateway_short}} eth0 '00:26:82:47:5c:e1' (Gemtek Technology Co., Ltd. - HP Laptop) ** {{project_name_gateway_short}} eth1 '00:13:02:9c:f1:91' (Intel Corporate - Fujitsu Amilo Pi 1556 Notebook, Intel Corporation PRO/Wireless 3945ABG Network Adapter) ** {{project_name_workstation_short}} eth0 '00:21:00:4d:8f:08' (GemTek Technology Co., Ltd. - HP Pavilion TX2510EA) * Added Time Sanity Check init script. * /etc/apt/preferences.d/50_banned-packages * Let htpdate wait for bootclockrandomization. * whonixcheck and timesync: Warn if bootclockrandomization and/or timesanitycheck failed. * Time Sanity Check before and after htpdate * configuration folder /etc/systemcheck.d for .d-style configuration files * added khelpcenter4 package * added faketime package * added timeprivacy script * new man pages: ** uwt ** timesync ** time_privacy ** scurl * /etc/kde4/kdm/kdmrc: Working around a rare bug, where kdm did not start because of a timeout by using higher timeout. https://forums.debian.net/viewtopic.php?f=6&t=45648 * new generic uwt/timeprivacy wrapper * deleted old uwt wrappers * using new generic uwt master wrapper /usr/bin/uwtwrapper instead of many copies of the same script * fixed the bug where the uwt wrappers gave wrong arguments to curl and therefore broke applications dependent on curl, such as apt-file, update-flashplugin * added libgl1-mesa-dri to prevent error (EE) AIGLX error: dlopen of /usr/lib/i386-linux-gnu/dri/swrast_dri.so failed (/usr/lib/i386-linux-gnu/dri/swrast_dri.so: cannot open shared object file: No such file or directory) in /var/log/Xorg.0.log * Removed xdg-utils, since we do not need them to create desktop icons and start menu entries. * Check total RAM. If more than 512 MB → start KDE. If less (like 128 MB) → do not start KDE. This should be quite convenient, because users with low RAM could reduce ({{project_name_gateway_short}}) RAM to 128 MB and even if they sometimes wanted to configure/check something, they could assign 512 RAM and automagically boot into the graphical KDE desktop. There are also many settings in /etc/systemcheck.d/ to configure this feature, so if you want you can also add much RAM and still don't boot a desktop environment, use different display managers and so on. * whonixcheck: now reading /etc/systemcheck.d/ configuration folder * whonixcheck: added option WHONIXCHECK_NO_EXIT_ON_TRANS_PORT_DETECTION_FAILURE * whonixcheck, timesync: bugfix: will now kill the process, if the cancel button in zenity is pressed * added apparmor-profiles (but didn't enable enforce mode or added any useful profiles) * added apparmor-utils (but didn't enable enforce mode or added any useful profiles) * added /etc/default/grub * higher console resolution 1024x768 (without X) * enable "apparmor=1 security=apparmor" by default (but didn't enable enforce mode or added any useful profiles) * more verbose output while booting, since on slow machines it may look like there is no progress otherwise * reduced timeout from 300 to 180 to be on par with Tails * added /usr/bin/whonix_repository which can be used to easily disable {{project_name_short}} APT repository {{project_name_gateway_short}} * first time connection wizard * graphical {{project_name_gateway_short}} (got a KDE desktop now), wallpaper with most important information * /etc/whonix_firewall.d/ for .d-style configuration files * added option for Flash Proxy to firewall config in /etc/whonix_firewall.d/ * /etc/apt/sources.list.d/torproject.list: Activated torproject.org Debian Wheezy repository, so obfs3 can be downloaded. * added support for obfs3 out of the box * new man pages: ** leaktest ** armwrapper ** {{project_name_short}} ** whonixsetup * /usr/local/bin/whonix_firewall: comment for using Custom Open Ports on external interface * added SocksPorts separate for KDE and GNOME wide applications * /usr/bin/whonix_firewall: Port 9150 is no longer a custom port. It is now SOCKS_PORT_TBB_DEFAULT, supposed to be used by stock TBB running unmodified inside {{project_name_workstation_short}}. * /usr/local/etc/torrc.d/50_user.conf: added 127.0.0.1:9150 for consistency * increased {{project_name_gateway_short}} RAM from 128 MB to 768 MB, because {{project_name_gateway_short}} becomes graphical * arm wrapper to start arm without a password now passing command line arguments to arm * arm wrapper also announces its existence when run because "set -x" is now set to avoid confusion * Removed custom socks port 9151, because this is TBB's default Tor Control Port. Therefore we shouldn't train users to use it as custom socks port to avoid confusion. {{project_name_workstation_short}} * Added Boot Clock Randomization. This is useful before timesync succeeded, naturally timesync runs before timesync succeded, to make sure that the host clock and {{project_name_workstation_short}} clock differ.; Open for arguments if that should be added to {{project_name_gateway_short}} as well. See TimeSync design. * added kmix * added graphical alternatives manager, galternatives * torbrowser: Deactivate tor-launcher, a Vidalia replacement as browser extension, to prevent running Tor over Tor. https://gitlab.torproject.org/legacy/trac/-/issues/6009 https://gitweb.torproject.org/tor-launcher.git TOR_SKIP_LAUNCH=1 * XChat: No longer moving XChat plugins into a new folder. Using dpkg-divert instead to deactivate them. User documentation explains how to re-enable them. * new man pages: ** xchat-reset ** torbrowser ** leaktest ** {{project_name_short}} ** whonix_firewall * added proxy settings for KDE wide application * torbrowser new --lang "language" command line option, see man torbrowser * torbrowser: new option for advanced users --nokilltb Source Code * whonix_gateway/usr/local/bin/leaktest: using true instead of echo, since we set -x anyway * whonix_gateway/usr/local/bin/leaktest: added comment in/out for "FascistFirewall 1". * improved error handling * code refactoring * help-steps/pre: fewer useless debug output * Gateway and Workstation: /etc/X0.hosts Add xhost exception, as required for zenity, since cron starts as root and whonixcheck (zenity) starts as user. * better documented package lists * shared: added debsums to package selection. Added a sanity check using debsums to the chroot-script 30_internal-checks. * chroot-scripts-pre.d * chroot-scripts-post.d * postinst.d * added skip_scripts variable * No longer setting KDEDIRS in whonix_workstation/etc/environment. Using whonix_shared/etc/X11/Xsession.d/50whonix instead. * WHONIX_TARGET_ARCH can now be set in build configuration * {{project_name_gateway_short}} and {{project_name_workstation_short}}: Deleted /etc/sudoers.d/whonix and created multiple small files instead. * new file release/list_source_files * new build-step 32_verify_copied_files: checks if everything from the whonix_gateway/whonix_workstation and whonix_shared actually was correctly copied using diff. * Added Tor Project Archive (0x886DDD89) key, which signs the deb.torproject.org repositories and archives as chroot script. It later gets updated by torproject keyring package. * no longer required to mess with /etc/rc.local and /etc/environment so the user can easly edit without any conflicts with {{project_name_short}} configuration files (moved to /etc/profile.d/ instead) * {{project_name_gateway_short}}, new chroot script, whonix_shared/usr/local/share/whonix/chroot-scripts-post.d/70_tor: downloading tor related software from Torprojects repository in case it contains newer software. At time of writing obfsproxy in Torprojects repository already contained obfs3 while Debian repository had only obfs2. * whonix_shared/etc/apt/sources.list: changed from wheezy to stable, because wheezy became stable. * gateway and workstation, package selection: Removed virtuoso-minimal, which was installed as workaround in 0787deb78d24678d87ef704ed206dd0b6b4d7e3e as dependency for nepomuk (nepomuk comes with kde-workspace). Since nepomuk now gets disabled, virtuoso is no longer required. * deleted defunct chroot-script whonix_shared/usr/local/share/whonix/chroot-scripts/40_variables, it never worked, variables set by it were ignored by following chroot-scripts. Those variables get set in /home/user/{{project_name_short}}/help-steps/variables. * Disable uwt while building {{project_name_short}}, because it is not functional while building {{project_name_short}} from source code. Instead of doing this in every build and chroot script, do it in a central place, the help-steps/variables script. * mass rename whonix_(gateway|workstation|shared)/usr/local/... to whonix_(gateway|workstation|shared)/usr/... ; mass rename /usr/local/... to /usr/... * Removed line for changing partition uuid from build-steps/35_run-chroot-scripts-img, because it didn't really belong there and made it its own step build-steps/34_change_partition_uuid. * We no longer place uwt wrappers into /usr/local/bin/. Therefore we now use dpkg-divert /usr/bin/ to /usr/bin/ and symlink /usr/bin/ to /usr/bin/uwtwrapper. * whonix_shared/usr/bin/scurl: better way to forward extra arguments, using {1+"@"} instead of $* * whonix_shared/usr/share/whonix/chroot-scripts-pre.d/70_banned_packages: Removed code 'echo "package-name hold" | dpkg --set-selections', because it is no longer necessary, we're now using /etc/apt/preferences.d/ instead. * build-steps/10_prepare-build-machine: added ruby-ronn to build dependencies (required for creating man pages) * whonixcheck, timesync: better handling of short and long options; -help → --help -autostart → --autostart -cron → --cron * whonixcheck: now using whonix-keys.d folder * whonixcheck, timesync: output and startup functions are now the same on {{project_name_gateway_short}} and {{project_name_workstation_short}}, since {{project_name_gateway_short}} is now graphical as well * DummyTor now gets created along with the other packages in debian/control * added two new help-steps prevent-daemons-from-starting and unprevent-daemons-from-starting, because the (un)chroot are ignored for bare-metal and preventing daemons from starting is still recommended for bare-metal. * whonix_shared/usr/share/whonix/apt.conf: changed ip from 192.168.0.11 to 127.0.0.1 to make it independent from host network configuration * got rid of whonix_shared/usr/share/whonix/apt.conf, using APT command line rather * build-steps: using http_proxy variable for setting up apt-cacher-ng as proxy for grml-debootstrap * build-steps/2600_export-vbox-vm: added --manifest (hashes which can be used to determine if the appliance components arrived intact) * build-steps/2600_export-vbox-vm: also added --manifest, --product, --vendor, --vendorurl, --version (Not yet using: --producturl) * Using config-package-dev to solve conflicts when {{project_name_short}} deb packages overwrite files owned by other packages. * build-steps/2000_install-common-packages: prevent mounting /etc/resolv.conf from the host inside the chroot, /etc/resolv.conf from {{project_name_short}} source folder can get installed.; * deleted whonix_workstation/etc/polipo/config (not installed, not in use) * build-steps/1100_prepare-build-machine: - no longer installing dependencies for creating virtual machines for bare metal builds - no longer installing dependencies for bare metal builds for virtual machine builds - removed debootstrap as build dependency, because grml-debootstrap Depends on it and therefore automatically fetches it - removed git as build dependency, git is only required to download the source code but anyone who has the source code, doesn't need git (if not planing to contribute) - replaced qemu with qemu-utils, because that includes the required tools - code refactoring - * build-steps/1300_create-debian-img: removed unneeded --keep_src_list option from grml-debootstrap# * build-steps/2500_create-vbox-vm: removed hardware modifications, very little gain, while it breaks enabling uefi * run update-grub while building {{project_name_short}} and fix /boot/grub/grub.cfg due to a known bug in grub * new WHONIX_DEB_DEBUG variable * install from local APT repository, no longer required to copy packages manually into the image * update-rc.d $display_manager remove as dpkg post invoke hook, otherwise as soon as a display manager (kdm by default) get upgraded, its postinst script will revert {{project_name_short}} post chroot script and {{project_name_short}} feature, which deactivated the /etc/init.d/ autostart mechanism, what would break {{project_name_short}} feature to decide to start a display manager depending on free RAM and other configurable settings * build-steps/1100_prepare-build-machine: speed up apt update * help-steps/variables: removed deprecated SNAPSHOT_DESCRIPTION variable * adding {{project_name_short}} APT repository signing key with apt-key while building {{project_name_short}} (adretemp40) {{project_name_workstation_short}} * longer installing polipo by default. It is not required for anything. * torbrowser: Added a meaningful error message, if the Tor Browser folder does not exist and recommend to run the updater in that case. {{project_name_gateway_short}} and {{project_name_workstation_short}} * Added /etc/hostname with content "host". Even though grml-debootstrap already creates /etc/hostname with content "host build-steps/35_run-chroot-scripts-img: added support for bare metal users. Source Code * torbrowser: merged tb_start function into tb_start_new_tab. (0.6.1) {{project_name_gateway_short}} and {{project_name_workstation_short}} * timesync: added autostart status notification * Added /etc/apt.conf.d/20oldconfig: never ask if a configuration file should get updated by dpkg. Always keep the locally installed one. * Running whonixcheck after a random amount of time (minimum 60 seconds + a random number between 0 and 500) to make the network fingerprint less predictable. {{project_name_gateway_short}} * torrc, firewall: added port 9050 {{project_name_workstation_short}} * workstation: Disable Apper's mechanism to automatically check for updates, to work around upstream bugs: - https://bugs.freedesktop.org/show_bug.cgi?id=62575 and https://bugs.freedesktop.org/show_bug.cgi?id=62576 * timesync: When timesync is run by cron.hourly (/usr/local/bin/htpdate_hourly), and there is nothing important to tell, say nothing. Otherwise there would be such a popup every hour. * timesync: When timesync is automatically started and nothing important has to be reported, use kdialog --passivepopup, because that is non-intrusive and will automatically fade out. When timesync is manually started, always use zenity. * timesync: No need for flashing a progress meter, if htpdate already succeeded. * whonix_workstation/home/user/.bashrc: Do not "cat /etc/motd" on {{project_name_workstation_short}} login shell, only in virtual console. (Konsole) * Workstation: Graphical notify-send notification that start of whonixcheck gets delayed. * Workstation package selection: added libnotify-bin for whonixcheck. * whonixcheck: Removed transitional popup, that whonixcheck is no longer autostarted at every boot of {{project_name_workstation_short}}. * torbrowser: Downloading Tor Browser and signature from http://idnxcnkne4qt76tg.onion/dist/torbrowser/linux instead from https://www.torproject.org/dist/torbrowser for better security when run inside {{project_name_short}}. * torbrowser: Added --max-time 300 to signature download to defeat a endless data or slow retrieval attack. * torbrowser: downloading signature file before Tor Browser itself. - Would be a pity to download Tor Browser (takes long) only to recognize, that the signature download (takes very little time) fails. * whonix_workstation/usr/local/share/whonix/kde/share/applications/whonix-whonixcheck.desktop: improved icon description. * torbrowser: Removed tb_create_user_js, since no longer required to change Tor Browser's proxy settings. (Now using rinetd.) * torbrowser: Always starting Tor Browser with cd ~/tor-browser_"TB_LANG"/ ~/tor-browser_"TB_LANG"/App/Firefox/firefox --profile Data/profile instead of cd ~/tor-browser_"TB_LANG"/ ~/tor-browser_"TB_LANG"/start-tor-browser and therefore not starting Vidalia/Tor when the user manually downloaded or updated TBB. * Workstation: Added rinetd. It prevents Tor over Tor by just installing Tor or by using the complete Tor Browser Bundle, which starts Vidalia and Tor.; This is because, it listens on port 9050 and 9150 and therefore lets a default Tor or TBB fail to start.; Fowards port 127.0.0.1:9050 (Workstation) to 192.168.0.10:9050 (Gateway). Fowards port 127.0.0.1:9150 (Workstation) to 192.168.0.10:9150 (Gateway). Source Code * whonix_shared/usr/local/share/whonix/chroot-scripts/50_adduser-user: Not re-creating user "user", and therefore perhaps changing an existing password. That should support re-running the script and bare metal better. * gateway firewall: renamed variable, GATEWAY_ALLOW_INCOMMING_SSH → GATEWAY_ALLOW_INCOMING_SSH; typo fixes * renamed: whonix_shared/etc/profile.d/whonixcheck.sh → whonix_shared/etc/profile.d/20_whonixcheck.sh * whonix_shared/usr/local/bin/delay: added small help file. It is required to prevent getting the logins sparred. * whonix_shared/usr/local/bin/whonixcheck-scripts/15_kill-old-instances fixed * whonixcheck: load help_output module earlier so it also works for the check_autostart module whonix_shared/usr/local/bin/whonixcheck-scripts/25_autostart: disable debugging * build-steps/30_copy-into-img: Remove symlink /etc/localtime before copying to prevent "cp: /usr/share/zoneinfo/UTC' and/etc/localtime' are the same file" error. * whonixcheck: better way to autostart * timesync: added option for -autostart * chown --recursive user:user → chown --recursive "USERNAME":"USERNAME" * build-steps/15_prepare-build-machine: using "$USERNAME" instead of user * chown --recursive user:user → chown --recursive "USERNAME":"USERNAME" * more consistency: /home/"USERNAME" → "HOMEVAR" * build-steps/15_prepare-build-machine: added creation of user "user". * build-steps/20_create-debian-img: arch as variable $ARCH; comments for alternative architectures for custom builds * help-steps/variables: added "export DEBIAN_FRONTEND=noninteractive " * Added new build step 15_prepare-build-machine to ease building from source. * whonixcheck: removed redundant variable COUNTER * torbrowser: using general trap; reduced code duplication by sourcing the tbbversion function * whonixcheck: split the script, which had grown too big over time into many smaller scripts * timesync: using whonixcheck error handler, reduced code duplication * timesync: split timesync script into many smaller scripts and reduced code duplication comments * help-steps/variables: Variable WHONIX_SOURCE_FOLDER supports now being used by different user than "user". * whonix_build: Removed "chmod +x "$WHONIX_SOURCE_FOLDER"/build-steps/20_create-debian-img" - no longer required, no longer using the executable bit to decide which steps to run. This is now done using command line switches and variables. * Fix: build script when not using as user "user" - deactivate trap before running the id command. * release/whonix_release: Added --armor to gpg --detach-sign. .asc files look better (look like plain text) than .sig (look like binary). * release/whonix_news: No longer required to update the version manually.; It is now read from whonix_shared/usr/local/share/whonix/version.; * release/upload_whonix_news: added automatic signing and verification to upload script.; deleted release/whonix_news.asc, since no longer required. * upload_download_readme: Added automatic sign, verify to upload script.; release/README.asc deleted, since no longer required. release/whonix_release: comments * release/upload_download_readme: Read version from /whonix_shared/usr/local/share/whonix/version. No longer required to manually edit version. * whonixcheck: more modular, own function for get_local_whonix_version. * whonixcheck: No longer hardcoding architecture variable ARCH. Now using uname. * torbrowser: made the script more modular * Not trying to creating any users (and thus changing their passwords), if these user accounts already exist. This should support (physical isolation) users better, who changed these passwords already. gateway torrc: using bridge for obfs bridge comment instead of Bridge - both work (tested), but since regular bridges are also already written in lowercase, it is more consistant. (bridges.torproject.org also uses "bridges" in lowercase.) (0.6.0) {{project_name_gateway_short}} and {{project_name_workstation_short}} * Run update-command-not-found while building to prevent prompting the user "Please run update-command-not-found.". * Prevent from installing: popularity-contest (privacy); geoclue (privacy); resolvconf (can mess up /etc/resolv.conf); ufw (can mess up firewall); and also for custom builds: canonical-census, unity-lens-shopping, unity-scope-video-remote, unity-scope-musicstores, geoclue-ubuntu-geoip; using dpkg hold; users who wish can overwrite those default banned packages which shouldn't be necessary for anyone but experts {{project_name_gateway_short}} * torrc: Added comment for mumble server onion service. {{project_name_workstation_short}} * Disable xchat plugins no longer with xchat-reset, only disable while building so the user is free to re-enable them. * Removed redundant hiddenserver-install. No longer required. {{project_name_short}} documentation explains how to install it a hidden server. Source Code * Now easier to understand. More modular. New step based layout. * Got rid of unclear whonix_internal_install_script. Chroot-Scripts are now in whonix_.../usr/local/share/whonix/chroot-scripts/. * whonix_build -all -tg -tw -fast -tg-fast -fw-fast -clean -clean-tg -clean-tw * Running whonix_build_clean "MACHINE" before whonix_build_clean "MACHINE", i.e. when running whonix_build -all/tg(-fast)/tw(-fast) won't break anymore if running whonix_build -clean(-tg/-tw) has been forgotten beforehand. * Moved workstation specific icons to workstation folder.; Moved icons to /usr/local/share/whonix/icons/.; Moved gpg public keys to /usr/local/share/whonix/gpg-pubkeys/. * chmod -x whonix_workstation/home/user/.bashrc * Removed whonix_workstation/usr/local/share/whonix/chroot-scripts/70_audio, redundant on Debian/KDE, audio will work out of the box. * torbrowser: No longer adding additional extensions.torbutton.banned_ports, it was always redundant. * added /etc/apt/apt.conf.d/99timeout to handle APT timeouts better * workstation: added failsafe mechanism to {{project_name_short}} second, optional, extra firewall * workstation: Creating the dummytor package while building {{project_name_short}}. * Gateway: No longer required to set +i on /etc/resolv.conf. Removed. DHCP is configured to prevent overwriting it and resolvconf is a banned package. * gateway: added /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate to prevent showing an error message while booting = {{project_name_short}} 0.5.6 Changelog = {{project_name_gateway_short}} * Fixed a time zone bug, which prevented Tor to connect in some cases. = {{project_name_short}} 0.5.5 Changelog = {{project_name_gateway_short}} and {{project_name_workstation_short}} * Fixed htpdate_hourly. * whonixcheck: improved messages. * whonixcheck: better method for Tor Browser local and remote version phrasing. * uwt: Fixed a bug: "''libtorsocks(18790): Could not open socks configuration file (/tmp/tmp.pKSaitLYTN) errno (13), assuming sensible defaults for Tor.''" * Deactivate automatic update check in /etc/apt/apt.conf.d/10periodic. It is handled by whonixcheck. This makes fingerprinting {{project_name_short}} users harder. * whonix_createvm: Disable clipboard sharing at build time. Only matters if guest additions are installed which is recommended against. Just in case. * whonix_release: Removed sha sums. New versions will no longer contain sha sums. A more secure method, gpg signatures are provided. * Enabled auto login on tty1 for {{project_name_gateway_short}} and {{project_name_workstation_short}}. * Added haveged, which is an entropy gathering daemon. * adrelanos.asc: changed e-mail address from proper at secure-mail dot biz to adrelanos@[outdated, redacted]. Key otherwise unchanged. Fingerprint remains the same. There is no need to update. Just mail to the my current riseup e-mail address. * Installing command-not-found.
* Removed redundant mdadm and lvm2 from package selection. Physical Isolation and other advanced users most likely know if they need those packages. {{project_name_workstation_short}} * easier to install [[Chat#TorChat|TorChat]] * pre-installed [[Mixmaster]], a tool to send e-mail without registering e-mail accounts * easier to install [[E-Mail#Mozilla_Thunderbird_with_TorBirdy|TorBirdy]] * pre-installed rawdog, an rss reader to read {{project_name_short}} News Blogs * autologin for kde user * added [[Dev/Dummy Tor|Dummy Tor]] package * whonixcheck: runs once a day. * Leaktest script fixed. * Added icons for {{project_name_short}} online readme, torbrowser, whonixcheck and timesync. * installing kde-baseapps-bin package. It is required for KDE applications proxy settings. (Only for stream isolation, manually installed applications.) * MAT, the [[Metadata]] Anonymisation Toolkit, now fully installed and therefore easier to use * added GnuPG frontend: KGpg * install accessibility tools * install process manager: ksysguard * {{project_name_workstation_short}} KDE settings: ** double click instead of single click ** kgpg settings hide user id and keyservers ** KGpg settings: Decided not to set hkp://2eghzlv2wwcq7u7y.onion as keyserver, because it was offline. ** Dolphin show menu bar ** Konsole unlimited scrollbag ** plasma-widget-folderview, which allows to show the content of the ~/Desktop folder on the desktop. ** kde desktop set to folderview by default to show desktop icons. ** set default wallpaper to /usr/share/wallpapers/stripes.png ** New icons and desktop shortcuts. ** {{project_name_short}} specifc start menu default icons. * new /home/user/.bashrc - adds displaying /etc/motd (contains password and help) and bash completion. * removed leafpad and kate. added kwrite as editor. * whonixcheck: show "apt update && apt full-upgrade" again even if apper is available because apper has bugs. (unsigned package warning) * torbrowser: ** wrapper script supports now -new-tab link.com, for example: torbrowser -new-tab https://www.startpage.com ** the script may no longer be run as root. ** can now be run as any user, not just as "user", but this is untested. Only tested for user "user". ** new -lang switch for language help. ** better error message if network is down and curl fails. ** more help if network is down or script is broken. ** added Tor Browser Updater icon ** added graphical progress meter. ** graphical user interface ** removed gpg key download code and move it to deprecated_code. Downloading the keys at Tor Browser update time from the keyservers was a relict from TorBOX times, where a build script created TorBOX. It was due to trust and space reasons to include only the gpg fingerprint and the gpg keyserver commands to download the key. Anyone using {{project_name_short}} binary builds or source code without audit already trusts {{project_name_short}}. Deploying the gpg public keys for Tor Browser download instead of downloading them from them keyservers adds no additional trust problem. Auditors can instead of comparing the gpg fingerprint, download they keys and compare them with the ones shipped with {{project_name_short}}. Not relying on the keyservers will make the Tor Browser update script much more robust. ** better and less scaring error message if torbrowser script bug is ever caught. ** Creating tor-browser_"$TB_LANG"/Docs/version. Tor Browser changelog has been forgotten to update by upstream. https://sourceforge.net/projects/whonix/discussion/general/thread/6122990d/ To play it safe and having a chance of finding out the installed version, we create a file ourselves to remember it. ** Fixed profile not found bug, in case Tor Browser wasn't fully loaded by hard coding to wait 30 seconds before trying to open extra tabs * whonixcheck, torbrowser, htpdate: Notice Endless data attacks and Slow retrieval attacks by adding --max-time 300 to curl. {{project_name_gateway_short}} * package selection: installing tor-geooipdb. arm needs it to show countries. * 0.4.5 undocumented: added settings to whonix_firewall, these were and are documented on the applications page * whonixcheck ** now runs automatically at least every 24 hour on {{project_name_gateway_short}} as well. ** On {{project_name_gateway_short}}. Will now display the results when automatically run to all logged in users using the wall command. ** Also download {{project_name_short}} version and news file on the gateway for users using custom workstations. * Fixed whonix_gateway/usr/local/bin/leaktest. * Usability: arm can now be run without password. * whonixcheck: Source Code * You can now just drop files inside the whonix_gateway, whonix_workstation or whonix_shared folders and don't need to add every single file inside int_copy_*. * Faster debugging. ** new switch: whonix_createvm -t"$MACHINE"-copyimg required for building from source code... ** This eases debugging. Before we created the img using grml-debootstrap and directly copied into it and directly run the chroot script inside it. Creating a clean modification required to re-create the whole img using grml-debootstrap which always took a long time, even though using apt-cacher-ng. From now, only a copy of the img is modified. Using whonix_createvm -tg-copyimg (or -tw-copyimg) will copy the original img created by grml-debootstrap from /home/user/whonix_binary/"VMNAME".img to /home/"USERNAME"/whonix_binary/"VMNAME"_copy.img. Only/home/"USERNAME"/whonix_binary/"$VMNAME"_copy.img gets modified from now.; ** whonix_build: added -fast switch, which skips the -createimg step * whonix_createvm: ** only set Workstation hardware clock to UTC. ** No longer setting Gateway hardware clock to UTC. *** This is because Tor leaks it to entry guards (and bridges?). *** torproject.org #7277: timestamp leaked in TLS client hello https://gitlab.torproject.org/legacy/trac/-/issues/7277 *** torproject.org #4852: Clients send NETINFO with time https://gitlab.torproject.org/legacy/trac/-/issues/4852 ** {{project_name_gateway_short}} is therefore less fingerprintable. * removed comment, pae is now documented in the faq * added release folder, whonix_release file are still just notes, not a automatic script. * new switches for mounting and unmounting images are tX-(un)mountimg and tX-(un)mountvdi * start-tor-browser: comment fix. Added export in front of the TOR_TRANSPROXY, TOR_SOCKS_HOST, TOR_SOCKS_PORT variables. Fixes https://github.com/adrelanos/tbb-scripts/issues/1 Thanks to scruloose for reporting! * torbrowser: found zenity workaround, therefore removed kdialog. * whonixcheck: found zenity workaround, therefore removed kdialog. * whonixcheck: removed old wget/uwt comments. * htpdate: changed curl to /usr/bin/curl to circumvent uwt wrapper. * /usr/local/bin/htpdate_hourly more comments for debugging. * apt-get-update: small fix. Now returning return code of apt update. * whonixcheck: better error handling if apt-get-update fails. * added backup of documentation * License file: Added sources of icons and their licenses. Reformatting. * torbrowser: Removed old comments. * torbrowser: i686 to "$ARCH" * torbrowser: en-US to "$LANG" * torbrowser: Check if TB_LANG exists and is not empty. If it is empty, set to default en-US. Otherwise leave it untouched. * torbrowser: Improved comments. * torbrowser: Easier readable version phrasing. * torbrowser: #for commented out commands; ## for comments * torbrowser: code refactoring. Removed redundancy of downloading the update information twice. Improved comments and echos. * torbrowser: No longer deleting Tor/Vidalia from the downloaded TBB package. No longer trying to safe space. The wasted space is minimal, while this could have unforeseen consequences. * torbrowser: gpg fingerprints are now inside variables. Fingerprints and how to verify them is now noted in echos. * torbrowser: use more variables for download links. Now just one comment has to be removed to download from .onion instead. * torbrowser: removed old out commented code for deleting stuff. * torbrowser: simpler startup script creation method and fixed a quote bug. * torbrowser: using rm --force to suppress error messages. * torbrowser: deleting TorBrowser_installation_FAILED in case it was created earlier. * torbrowser: ed editor startup script modification method comment removed. * torbrowser: many changes. Added a graphical user interface * torbrowser: comments; echos. * torbrowser: new startup script creation method and fixes a quote bug. * torbrowser: using rm --force to suppress error messages. * torbrowser: deleting TorBrowser_installation_FAILED in case it was created earlier. * whonixcheck: better method for Tor Browser local and remote version phrasing, same as in the torbrowser script. * whonixcheck: moved news file location from sf project web to sf file release system due to traffic limits for sf project web. * moved /home/user/.local/share/applications to /etc/skel/.local/share/applications * torbrowser: no progress bar, if -force-install is used. * torbrowser: updated extensions.torbutton.banned_ports * torbrowser: Workaround for the "The proxy server is refusing connections" bug introduced in latest Tor Browser. https://gitlab.torproject.org/legacy/trac/-/issues/8336 * torbrowser: Removed redundant misc settings from user.js... user_pref("extensions.torbutton.prompt_torbrowser", false); user_pref("general.autoScroll", true); * added /etc/dpkg/origins/whonix to honor Debian policy * package selection: added debian-keyring (40 MB) as comment. Currently not required. Just to keep it in mind and for discussion. * many code simplifications and code refactoring * added /etc/environment for Tor Browser * {{project_name_workstation_short}}_packages: marked non essential packages, which are safe to remove and which could make a complete operating system with ## LITE; shuffle; revised comments. * Workstation package selection: added and unfortunately commented out software-center due to too many bugs which make it unusable https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=software-center * {{project_name_gateway_short}}_packages, {{project_name_workstation_short}}_packages: added sysvinit-utils and bsdutils. Dependencies for whonixcheck. * LICENSE ** Moved picture licenses to {{project_name_short}}-documentation repository.; ** "Except in this file or in files where otherwise noted, content in this the {{project_name_short}} source package is licensed under {{project_name_short}} source code license." ** improved formatting ** added links to webcitation.org * removed doc backup, created extra repository https://github.com/adrelanos/{{project_name_short}}-documentation * Renamed start-torbrowser to start-tor-browser. The {{project_name_short}} specific name start-torbrowser was too confusing. * /etc/inittab: using getty instead of login. getty does not break {{project_name_short}} | more. * gateway/workstation packages: explicitly installing util-linux because it contains getty. * Copying temporary apt.conf into {{project_name_short}}-G/W instead of only into {{project_name_short}}-G. * Using apt-cacher-ng for downloading source code. * added damngpl * Append "127.0.0.1 host.localdomain host" to /etc/hosts as per [https://mailman.boum.org/pipermail/tails-dev/2013-January/002457.html Let's share username, /etc/hostname and /etc/host among all anonymity distributions] * new debug build option: -tX-interactive * deleted adrelanos.asc from the untested_adre branch. It continues to life in the master branch. * {{project_name_workstation_short}}_packages: removed dhcp3-client since not required * moved whonix_workstation/etc/apt/apt.conf to whonix_workstation/etc/apt/apt.conf.d/99whonix * whonix_shared/etc/apt/sources.list: added security non-free * whonixcheck: If it was run by cron and there is nothing to tell, say nothing.; comments; echos; output * int_copy_workstation: chattr -i on resolv.conf removed because it was redundant * renamed whonix_shared/etc/apt/apt.conf.d/10periodic to whonix_shared/etc/apt/apt.conf.d/20noperiodic * 20noperiodic takes precedence over 10periodic ** no longer required to backup /etc/apt/apt.conf.d/10periodic ** no longer required to replace /etc/apt/apt.conf.d/10periodic * whonixcheck; timesync: overwrite all instances of let with || true because let throws an error when the result is 0 * whonix_createvm: added -tw-bare-metal-pre and -tw-bare-metal-post * gateway: new, out commented by default, /etc/apt/sources.list.d/torproject.list * package selection: explicitly installing bash-completion, less, more = {{project_name_short}} 0.4.5-fix2 = [0.4.5-fix] for testers. This is just a hotfix for torbrowser and whonixcheck. The Tor Browser locally installed version check was broken, because The Tor Project forgot to update the changelog and because the keyserver was offline. The torbrowser and the whonixcheck scripts now use a more robust method. ([https://sourceforge.net/projects/whonix/discussion/general/thread/6122990d/ Bug report and discussion]) * fixes torbrowser udpate script * fixes whonixcheck * fixes timesync command = {{project_name_short}} 0.4.5-fix1 = Testers release with same goals as {{project_name_short}} 0.4.5-fix2, but didn't work. = {{project_name_short}} 0.4.5 Changelog = * {{project_name_gateway_short}} and {{project_name_workstation_short}} ** added gnupg-curl package ** shared partition uuid ** new apt-cacher-ng_uwt helper script ** whonixcheck: stream isolation fix when not using Tor, which should really only happen if the user manually added a VPN or transproxy. ** whonixcheck: improved possible reasons help message if Tor is not detected (VPN, transproxy, false positive). ** whonixcheck: now uses mktemp ** whonixcheck: Suggestions for "Your Internet connection appears to be down.". ** whonixcheck: using curl instead of wget for download ** whonixcheck: enforcing tlsv1 ** whonixcheck: uwt no longer required in whonixcheck ** package selection: added curl and bc for whonixcheck ** timesync and whonixcheck: check_htpdate now checks if htpdate pid file exists. ** timesync can now also be run when zenity is installed but X window system not started ** timesync now fails faster if done file exists but no success file ** Hacked the htpdate init script to work with Wheezy and fixed disabling of VirtualBox additions time sync (if installed). ** timesync: Waiting longer for htpdate result. ** fixed help messages in whonixcheck and timesync ** motd fix * {{project_name_gateway_short}} ** pre-installing obfsproxy ** Renamed user unsafe to clearnet. ** torrc: Shuffle settings in torrc. Moved more important things, which might be subject to change are to the top. ** torrc: Added table of contents as comment. ** Expanded nslookup help in gateway help file whonix. * {{project_name_workstation_short}} ** Experimental set workstation image size to 50 GB, only space which really is in use should be filled up. ** running whonixcheck daily at random time on workstation ** Keyserver choice comment in gpg.conf. ** Installing image viewer gwenview. ** Installing virtuoso-minimal as dependency for nepomuk (nepomuk came with kde-workspace). Perhaps not best solution. ** Deleting /usr/share/applications/kde4/knetattach.desktop. * Source Code ** Mounting .img images instead of .vdi images. This makes it easier to add support other virtualizers. ** ./whonix_createvm -createvm renamed to ./whonix_createvm -createvboxvm ** switch -convertfromraw renamed to -converttovdi ** switch -tX-delete renamed to -tX-vboxdelete ** switch -tX-delete renamed to -tX-vboxdelete ** /usr/share/whonix moved to /usr/local/share/whonix ** moved whonix_internal_install_script(s) to (tg/ws)/usr/share/whonix/ ** {{project_name_short}} news format moved to [[Dev/News]] = {{project_name_short}} 0.4.4 Changelog = * {{project_name_gateway_short}} and {{project_name_workstation_short}} ** Switched to Debian Wheezy. ** Added Secure Distributed Network Time Synchronization. Thanks to the Tails developers for their fine, free and Open Source tails_htp! ** Added timesync gui. ** Deactivated VirtualBox time synchronization. ** Deactivating VirtualBox guest additions time synchronization if they are installed. ** Creating a snapshots by default ** Rebranding, the project is now called {{project_name_short}}. ** Spoofing virtual hardware information. ** Added BitCoin address for donations. ** Added adrelanos's gpg key. key for integrated {{project_name_short}} Version and News notification (whonixcheck). ** Improved GPG verification mechanism. ** torcheck renamed to whonixcheck ** Greatly improved whonixcheck, now checks {{project_name_short}} version, SocksPort, TransPort, stream isolation, Tor Browser version, operating system version and network time synchronization. ** Improved uwt, uwt -t server_type -i ip -p port .... ** Deactivated whonix_config_uuids_fstab. Regression. ** Deactivated autologin. ** gpg.conf improvements ** Installed ca-certificates Debian package. ** Boots faster because of "VBoxManage storagectl --sataportcount 4". ** No longer removing friendly-recovery. ** Added selectively IsolateDestAddr and IsolateDestPort. ** Expanded and revised whole documentation. ** Gateway and Workstation IPs changed to avoid confusion. * {{project_name_gateway_short}} ** No longer uses transparent proxying. {{project_name_workstation_short}} can still use transparent proxying. {{project_name_gateway_short}} now uses uwt for apt-get, gpg, ssh, (tails_)htpdate ** Improved help file: {{project_name_short}}. ** Added unsafe user account, which can connect without Tor. Not used, unless user logs in as unsafe user. ** Optional feature for /usr/local/bin/whonix_firewall, when activated (disabled by default), root user can connect without Tor. ** Now using stream isolation and uwt. ** Revised helpfile whonix. ** Installing Tor from Debian repositories. ** Allow starting Tor Controller arm without password. ** Now longer opening port 22 on external interface by default. We no longer install over ssh. * {{project_name_workstation_short}} ** KDE is the new desktop environment. KDM the desktop manager. It is a minimal KDE with very few KDE applications. ** Removed Openbox. ** Running every day Whonixcheck ** Greatly improved Whonixcheck, cron job hopefully fixed. ** Installed MAT (Metadata Anonymization Toolkit). ** new commands: *** xchat-reset (Deletes XChat configuration files and recreates the {{project_name_short}} original ones, which are tweaked for privacy.) *** hiddenserver-install (Installs and configures lighttpd) ** Increased RAM for {{project_name_workstation_short}} to 768 MB. ** Two shortcuts for Tor Browser. One with default homepage check.torproject.org and one with check.torproject.org and {{project_name_short}} readme ** New help file whonix. ** Changed {{project_name_short}} readme url. ** Tor Browser Start and Update script: ** Better error handling. ** Better gpg verification. ** Uses now checks {{project_name_short}} version, SocksPort, TransPort, stream isolation, Tor Browser version, completely (from the rest of the system) separate streams for GPG and wget. ** Running every day Whonixcheck cron job hopefully fixed. ** Partially fixed gnome-terminal black on black bug. Uses ugly colors and users are hopefully motivated to change the colors. ** new commands: *** xchat-reset (Deletes XChat configuration files and recreates the {{project_name_short}} original ones, which are tweaked for privacy.) *** hiddenserver-install (Installs and configures lighttpd) * Source Code ** Now building with grml-debootstrap and chroot instead of building inside VirtualBox.
** Now hosted on github, https://github.com/{{project_name_short}}/derivative-maker/ and therefore safe against malicious edits by random people. ** All files are now inside their own files and no longer in single big scripts. ** Much more comments. ** Deprecated onevm (no maintainer). ** Deprecated uninstall and uninstall-vm (would require rewrite, was less tested, no users, we don't install the operating system version manually anymore). ** Error handling for everything. ** Uwt *** wrappers share now most code. *** New option: -force-install-uwt-dev-passthrough. *** No longer requires sudo. *** Added uwt patch from anonym. Thanks! Other unrelated fixes. Updated uwt wrappers for latest uwt. *** Now using mktemp for torsocks temporary configuration file. Thanks to intrigeri for suggesting it. *** Some fixes as per https://mailman.boum.org/pipermail/tails-dev/2012-September/001575.html ** torsocks patch deactivated, since no longer required for Debian Wheezy. ** Many fixes, more robustness, step based build system. ** Reduce cpu and network time synchronization. ** Improved uwt, uwt -t server_type -i ip -p port .... ** {{project_name_gateway_short}} ** Lowest and cpu disk priority while building. ** import_tpo_archive_key import torproject.org gpg key no longer used. No longer required since switch to Debian Wheezy. Now using Debian repos. ** Added developers-only clearnet traffic passthrough script. ** Bare metal: *** (untested/unfinished) sudo ./whonix_createvm -tg-bare-metal-pre *** (untested/unfinished) sudo ./whonix_createvm -tg-bare-metal-pre ** Firewall has now uses uwt for apt-get, gpg, ssh, (tails_)htpdate ** Improved help file: {{project_name_short}}. ** Optional feature for /usr/local/bin/whonix_firewall, when commented out (disabled by default), root user can connect without Tor. ** Now using stream isolation and uwt. ** Firewall has now an error handler. = {{project_name_short}} 0.2.1 Changelog =
***2012-07-16 0.2.1***
* Download Version
 * Changes
  * You need to make a clean install for both {{project_name_gateway_short}} and {{project_name_workstation_short}}, incremental update from 0.1 is not supported!
  * Updated to Ubuntu 12.04.
  * Solves "Identity correlation through circuit sharing" by separating streams through different SocksPorts.
  * Integrated leaktest script.
  * Improved {{project_name_short}} network fingerprint.
   * All TCP and DNS traffic originating from {{project_name_workstation_short}} and {{project_name_gateway_short}} gets routed through Tor. In the past, {{project_name_gateway_short}} send in the clear and an adversary could have found out, that you are using {{project_name_short}}.
  * Improved hardware fingerprinting resistance.
   * {{project_name_workstation_short}} disc uuids are now the same among all {{project_name_short}} users.
   * MAC addresses are now the same among all {{project_name_short}} users.
   * CPU model and capabilities are now hidden. (VirtualBox --synthcpu on)
  * Improved support for (obfuscated) bridges.
  * {{project_name_gateway_short}} greeting help file.
  * Optionally downloading the alpha version of Tor is easy.
  * Optionally downloading obfsproxy from the Tor alpha repository is easy.
  * Tor Controller**arm** now preinstalled on {{project_name_gateway_short}}.
  * Firewall updates.
   * {{project_name_gateway_short}} and {{project_name_workstation_short}} have now a IPv6 firewall for defense in     depth.
   * {{project_name_workstation_short}} has now also an**optional** firewall for defense in depth.
  * Critical issue were an old Tor consensus and entry guards from our build machine was fixed, because we no longer start services while installing them.
  * Powersaving, which is default in Ubuntu, has been disabled for the virtual machines. Screen no longer blacks out.
  * {{project_name_workstation_short}} GPG no longer spills operating system and version information, added other privacy and security improving options to gpg.conf as well.
  * torcheck bash script, combined graphical and console version, starts on boot and every 24 hour. It checks Tor Browser version, Tor Socks- and TransPort IPs and if stream isolation is functional.
 * Open issues
  * CPU with PAE required, since Ubuntu Precise no longer ships a non-PAE kernel. We consider switching to Debian once Wheezy is out.
  * torcheck does not work on {{project_name_gateway_short}}.
  * Gnome Terminal is black on black. Please change colors manually.
  * More open issues on Whonix/Dev.

* New shell script features
 * Build documentation has been greatly revised and fully automated builds are now supported.
 * The Virtual Machines are now created by command line, ensuring that no step can be forgotten.
 * You need to make a clean install for both {{project_name_gateway_short}} and {{project_name_workstation_short}}, incremental update from 0.1 is not supported!
 * More comments, which explain almost everything.
 * Huge stylistic improvements.
 * The scripts are now modular. (Consist of functions.)
 * It is now easier to maintain, understand, bugfix and add new features.
 * Scripts can now be run over SSH.
 * Automatic GPG key download for required software and verification.
 * obfsproxy supported out of the box after minor update (commenting in feature).
 * Install torsocks and uwt.
 * Building {{project_name_short}} inside {{project_name_short}} (VirtualBox inside VirtualBox) is supported.
 * Deleting all logs to prevent leaking information about your system.
 * Fixed a leak, where the host's DNS settings could leak into the {{project_name_gateway_short}}.
 * {{project_name_gateway_short}} script
  * new switches
   * -install
   * -uninstall
  * Reverting changes, in case the script fails.
  * Optional features are clearly marked.
   * Onion Services.
   * Even more restrictive firewall rules.
   * More Socks Ports.
   * Best possible protection against Identity correlation through circuit sharing. (Removes Trans and DnsPort)
   * Leak Testing.
 * {{project_name_workstation_short}} script
  * -install
  * -xchat resets XChat.
  * -update-torbrowser updates TorBrowser.
  * -hiddenserver
  * -uwt
  * -update
  * -uninstall
= older =
Changelog:
2012-03-25 0.1.3
* improve fingerprint resistance
* introduce stream isolation features (will be automatically enabled when Tor 0.2.3 becomes stable)
* significantly reduce image sizes
* upgrade TB to current latest stable (2.2.35-9)
2012-03-07 0.1.2
* Internal release, script clean up.
2012-03-03 0.1.1-alpha
* Different default selection of client applications
2012-02-29 0.1-alpha
* Initial Release
{{Footer}} [[Category:Development]] = {{project_name_short}} 13 Changelog = {{project_name_short}} 13 was released on May 31, 2016. https://forums.whonix.org/t/whonix-13-released/2505 {{project_name_short}} 13 contains many small security and usability improvements, features and bug fixes. https://phabricator.whonix.org/maniphest/query/TfpGK0Sq8w1j/#R A handful of issues were fixed in both {{project_name_short}} 13 and {{project_name_short}} 14 and backported to both versions. Descriptions of changes in [https://sourceforge.net/projects/whonix/featureblog/2015/12/whonix-12-released/ {{project_name_short}} 12] and [https://sourceforge.net/projects/whonix/featureblog/2015/06/testers-wanted-whonix-11--110030---release-candidate/ earlier versions] can be found on sourceforge.net. == All Platforms == === AppArmor === * Fixed the Tor Browser AppArmor profile to allow correct functionality. https://phabricator.whonix.org/T672 * Resolved AppArmor conflicts affecting Pidgin, Chromium and Evince. https://phabricator.whonix.org/T314 * Merged AppArmor profiles for sdwdate, timesync and whonix-check into their corresponding packages and now install them by default. https://phabricator.whonix.org/T201 === Bug Fixes === * Fixed broken whonix-setup-wizard functionality. https://phabricator.whonix.org/T499 === Code === * Updated {{project_name_short}} code for Tor Browser tb-updater. https://phabricator.whonix.org/T666 * Refactored the {{project_name_short}} socks redirection firewall rules to reduce their size and use less script code. https://phabricator.whonix.org/T465 The same firewall rules are still applied. * Refactored {{project_name_short}} code so that scripts only use configuration files that end with the .conf extension. https://phabricator.whonix.org/T286 === Improved Functionality and Usability === * Modified whonixcheck to test for slow or fast system clocks which prevent Tor from properly connecting. https://phabricator.whonix.org/T482 * Implemented an explicit check for timekeeping watchdog kernel messages in whonixcheck, so users are warned about clock jumps which prevent / time-out Tor connections. https://phabricator.whonix.org/T480 * Enforced maximized terminal windows for xdg desktop users. https://phabricator.whonix.org/T451 For instance, tor-arm, restart Tor and other terminal programs. * Enabled Transparent Proxy Ports for {{project_name_gateway_short}} by default (except for {{project_name_short}}-Firewall). https://phabricator.whonix.org/T435 This does not enable transparent proxying by default, but is required in Qubes so [https://phabricator.whonix.org/T434 tinyproxy traffic can be redirected] to 127.0.01 instead of to qubes-netvm-gateway. * Configured {{project_name_short}} to use ''/etc/skel'' instead of writing to the home folder directly to maintain forward compatibility with Qubes. Further, this allows for proper error-handling where "user" is hardcoded in {{project_name_short}}, and a newly created account with a different name has been used. https://phabricator.whonix.org/T419 * Deprecated the timesync progress bar and replaced it with a tray icon using sdwdate-gui to improve usability and reduce confusion. https://phabricator.whonix.org/T300 * Created a stable-proposed-updates repository for users who want to help in testing {{project_name_short}} fixes, without resorting to the testers repository which comes with many more changes. https://phabricator.whonix.org/T200 * Moved the WhonixBackupScript to the usability-misc package to make it more accessible. https://phabricator.whonix.org/T159 * Replaced XChat with HexChat, since the former is no longer actively maintained, and created a new AppArmor profile to contain it. https://phabricator.whonix.org/T40 * Implemented a VPN_FIREWALL feature as part of whonix-ws-firewall. https://phabricator.whonix.org/T158 === Security Enhancements === * Created a security-misc package that turns off Nautilus and Dolphin file previews by default, since this poses security risks. https://phabricator.whonix.org/T418 * A known, good version of Tor is now maintained and uploaded to the {{project_name_short}} repository from deb.torproject.org https://phabricator.whonix.org/T472 * Uploaded the Tor 0.3.2.9 major (stable) release to the {{project_name_short}} repository to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser. https://phabricator.whonix.org/T764 * Extended the lifetime of the {{project_name_short}} signing key. https://phabricator.whonix.org/T497 * Sourced new onion services webservers for the sdwdate feature, which ensures the system's clock is correctly set for security, privacy and anonymity purposes. https://phabricator.whonix.org/T266 == {{q_project_name_long}} == === Bug Fixes === * Fixed qubes-whonix-firewall systemd service start. https://phabricator.whonix.org/T528 This fixes various bugs relating to Tor starting / failing multiple times and qubes-whonix-torified-updates-proxy sometimes failing. * Resolved whonixcheck fixes for Qubes R4. https://phabricator.whonix.org/T724 * Corrected false positive failure messages for the updates proxy test in Qubes R4. https://phabricator.whonix.org/T723 Qubes R4 RC1. * Disabled qubes-SetDateTime / qubes.SyncNtpClock in {{q_project_name_short}} VMs since it interfered with timesync. https://phabricator.whonix.org/T384 * Resolved accumulation of old Tor Browser instances in ''/var/cache/tb-binary/.tb/'' which caused users to run into full disk error messages. https://phabricator.whonix.org/T671 * Resolved an occasional error message whereby {{project_name_short}} templates incorrectly reported they were not connected to the {{project_name_gateway_short}} ProxyVM. https://phabricator.whonix.org/T496 * Resolved the broken anon-ws-disable-stackedtor function in [[Qubes|{{q_project_name_short}}]]. https://phabricator.whonix.org/T454 * Enforced the opening of all links from {{project_name_gateway_vm}}, whonix-gw and whonix-ws in the {{project_name_workstation_vm}} AppVM to prevent error messages. https://phabricator.whonix.org/T452 === Builds === * Corrected the build failure of {{project_name_workstation_short}} template in {{q_project_name_short}} R3.2 and added the qubes-template-whonix to continuous integration service TravisCI. https://phabricator.whonix.org/T527 * Resolved {{project_name_short}} template build failures in Qubes R4 related to Tor Browser downloads. https://phabricator.whonix.org/T710 * Changed the {{q_project_name_short}} build process to install {{project_name_short}} from the {{project_name_short}} binary APT repository. This simplifies code, results in faster builds, removes build dependencies inside the template, and reduces the overall template size. https://phabricator.whonix.org/T498 * Allowed the {{project_name_short}} build script to run as root and reworked user_name. https://phabricator.whonix.org/T416 === Code === * Removed fetching of {{project_name_short}} source code in qubes-template-whonix. https://phabricator.whonix.org/T507 * Removed the qubes-update-check system service from {{q_project_name_short}} Templates, since it was unnecessary. https://phabricator.whonix.org/T433 The qubes-update-check.service already has improved upgrade notifications. * Reworked / removed a number of installed packages in {{q_project_name_short}} which are only required for the [[Non-Qubes-Whonix|{{non_q_project_name_short}}]] desktop. https://phabricator.whonix.org/T429 For instance, plasma-widget-folderview, kde-kdm-autologin, split the anon-shared-desktop-kde package and so on. * Removed the default username and password in the {{q_project_name_short}} terminal, because it is not required. https://phabricator.whonix.org/T428 === Improved Functionality and Usability === * Ported whonixcheck and tb-updater to Qubes' qrexec-based updates proxy, since Templates are non-networked by default in Qubes R4. https://phabricator.whonix.org/T491 * Changed the tb-updater configuration to use Qubes updates proxy, since Qubes R4 sets the NetVM of Templates to none by default. https://phabricator.whonix.org/T477 * Implemented the ability to install {{project_name_workstation_short}} and {{project_name_gateway_short}} from dom0 with a sudo apt install whonix-(workstation|gateway) feature. https://phabricator.whonix.org/T461 * Ported the bind-directories functionality upstream to Qubes. https://phabricator.whonix.org/T414 * Implemented the new bind-directories functionality in [[Qubes|{{q_project_name_short}}]]. https://phabricator.whonix.org/T501 * Implemented a check for whether the whonix-gw ProxyVM ({{project_name_gateway_vm}}) has a NetVM which is set to "none", with a warning shown if this is the case. https://phabricator.whonix.org/T421 * Implemented a new feature so that following an update of the {{project_name_workstation_short}} Template, newly created AppVMs based on the updated Template come with an up-to-date version of Tor Browser. https://phabricator.whonix.org/T417 * Modified whonixcheck to check if: {{project_name_gateway_short}} is running in a NetVM or ProxyVM; {{project_name_workstation_short}} is running in an AppVM; and to skip the test if a Template is detected. https://phabricator.whonix.org/T406 === Security Enhancements === * Prevented ''/usr/lib/qubes/qubes-setup-dnat-to-ns'' from running in {{q_project_name_short}} to stop it from modifying firewall rules. https://phabricator.whonix.org/T502 = {{project_name_short}} 14 Changelog = {{project_name_short}} 14 was released on August 6, 2018. Significantly, {{project_name_short}} 14 is based on the Debian stretch (Debian 9) distribution which was released in mid-2017, instead of Debian jessie (Debian 8). https://www.debian.org/releases/stretch/ Users now have access to numerous updated and new software packages, a more modern branch of GnuPG, and more. https://www.debian.org/News/2017/20170617 https://www.debian.org/releases/stable/amd64/release-notes/ https://www.debian.org/releases/stable/i386/release-notes/ == All Platforms == === AppArmor === * Fixed the whonixcheck AppArmor profile to remove continuous denied messages relating to signal. https://forums.whonix.org/t/apparmor-and-kernel-4-14-18-1-creates-tons-of-kern-log-pop-ups/4811 * Fixed the AppArmor profile for obfs4proxy to enable correct functioning of Tor Bridges in {{project_name_gateway_short}}. https://phabricator.whonix.org/T676 * Fixed the Tor Browser AppArmor profile to allow correct functionality. https://phabricator.whonix.org/T672 * Corrected the tor-controlport-filter AppArmor profile to ensure correct functioning. https://phabricator.whonix.org/T587 * Removed the Pidgin AppArmor profile, since Pidgin is recommended against for security reasons. https://phabricator.whonix.org/T568 * Hardened the Control Port Filter AppArmor profile. https://phabricator.whonix.org/T532 * Disabled installation of apparmor-notify (AppArmor notifications) by default, thereby removing the reporting of mostly harmless denied messages. https://phabricator.whonix.org/T557 The {{project_name_short}} documentation recommends that advanced users install apparmor-notify to investigate relevant warnings. === Bug Fixes === * Corrected the broken whonix-setup-wizard autostart on {{project_name_gateway_short}}. https://phabricator.whonix.org/T640 * Fixed sdwdate-gui freezing when using right-click in the menu. https://phabricator.whonix.org/T626 * Fixed dependency issues which prevented the whonix-setup-wizard gui from starting. https://phabricator.whonix.org/T592 * Implemented the correct Tor --verify command for {{project_name_gateway_short}} torrc configuration checks to prevent the reporting of false positives. https://phabricator.whonix.org/T787 * Modified the uwt wrapper script to correctly handle symbolic links. https://phabricator.whonix.org/T797 * Changed the {{project_name_gateway_short}} firewall prerouting rules for socks ports so they do not interfere with trans port traffic. https://phabricator.whonix.org/T462 * Modified whonixcheck to first test if network interfaces are up to prevent the test from failing unnecessarily. https://phabricator.whonix.org/T490 * Fixed a whonixcheck whonix-firewall check race condition. https://phabricator.whonix.org/T675 === Builds === * Resolved genmkfile build dependencies for building {{project_name_workstation_short}} and {{project_name_gateway_short}}. https://phabricator.whonix.org/T700 * Confirmed the new and upgraded {{project_name_short}} 14 builds are identical. https://phabricator.whonix.org/T760 https://phabricator.whonix.org/T761 * Fixed debian/control parsing with respect to make_deb_build_dependencies / make_deb_runtime_dependencies. https://phabricator.whonix.org/T643 === Code === * Updated {{project_name_short}} code for Tor Browser tb-updater. https://phabricator.whonix.org/T666 * Changed the bindp compile to postinstall to make it cross-platform (Qubes, 64-bit, 32-bit). https://phabricator.whonix.org/T688 * Rewrote sclockadj in C and updated the sdwdate package to compile sclockadj. https://phabricator.whonix.org/T686 https://phabricator.whonix.org/T650 * Implemented symlinks for onion-grater profiles to maintain functionality following profile upgrades. https://phabricator.whonix.org/T768 * Enhanced onion checking in sdwdate to improve the unit test. https://phabricator.whonix.org/T648 * Ported msgcollector to python3 and python3-pyqt5. https://phabricator.whonix.org/T632 * Ported whonix-setup-wizard to python3. https://phabricator.whonix.org/T628 * Ported python-guimessages to python3. https://phabricator.whonix.org/T627 * Rewrote sdwdate to ensure python exceptions are written to the journal. https://phabricator.whonix.org/T608 * Rewrote control-port-filter-python to ensure exceptions are written to the journal. https://phabricator.whonix.org/T603 * Re-added some non-essential packages to {{project_name_short}} that were removed from Debian stretch. https://phabricator.whonix.org/T601 gtk3-engines-oxygen. * Ported helper-scripts so they instead use Tor authentication cookies. https://phabricator.whonix.org/T578 * Ported whonixcheck check_tor_socks_port_reachability.bsh to use the Tor unix domain socket socks file. https://phabricator.whonix.org/T548 * Ported anon-ws-disable-stacked-tor to systemd socket activation to remove unnecessary, idle socat listeners. https://phabricator.whonix.org/T623 This also reduces the RAM load caused by too many socat instances. * Removed auditd configuration folder parsing ''/etc/audit/rules.d/'' by default, since the feature has been implemented upstream. * Implemented anonymous counting of {{project_name_short}} users via the whonixcheck {{project_name_short}} News function. https://phabricator.whonix.org/T689 This measure takes place over Tor using a v3 onion. It does not include collection of IP addresses or unique identifiers of any kind, and can be [https://www.kicksecure.com/wiki/Systemcheck_Hardening#Prevent_Kicksecure_%E2%84%A2_Warrant_Canary_Check_and_User_Census_Counting easily disabled]. * Implemented, but did not activate changes to the {{project_name_short}} firewall so: sdwdate is stopped before suspend; timesync-fail-closed mode is set before suspend; sdwdate is restarted after resume; and {{project_name_short}} firewall enters full mode after resume following successful sdwdate activation. https://phabricator.whonix.org/T551 * Configured auditd to process the configuration folder ''/etc/audit/rules.d/'' by default to aid debugging. https://phabricator.whonix.org/T535 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833474 * Implemented monitoring of changes to ''/var/lib/tor/lock'' access rights via auditd to aid debugging. https://phabricator.whonix.org/T537 * Modified anon-ws-disable-stacked-tor to maintain Tor Browser functionality with Unix domain socket files redirection and prevent Tor over Tor scenarios. https://phabricator.whonix.org/T192 * Configured whonixcheck to test for failed daemons. https://phabricator.whonix.org/T488 * Implemented a sdwdate sd_notify systemd watchdog. https://phabricator.whonix.org/T639 * Disabled systemd-resolved and instead implemented a ''/lib/systemd/system/systemd-resolved.service.d/'' drop-in. https://phabricator.whonix.org/T762 * Ported ''/usr/sbin/service'' to systemctl as the latter runs non-interactively. https://phabricator.whonix.org/T637 * Disabled timedatectl network time synchronization in Debian stretch to prevent conflicts with sdwdate. https://phabricator.whonix.org/T589 * Removed brltty, brltty-speechd and brltty-x11 since they create a local listener port which may conflict with onion-grater. https://phabricator.whonix.org/T563 * Modified anon-ws-disable-stacked-tor systemd-unit-files-generator so it is configurable. https://phabricator.whonix.org/T796 * Rewrote slockadj3 in C and determined how to prevent spamming of sclockadj3 time changes to logs. https://phabricator.whonix.org/T691 https://github.com/systemd/systemd/issues/5207 https://phabricator.whonix.org/T686 https://phabricator.whonix.org/T50 === Improved Functionality and Usability === * Implemented the major new [[Anon_Connection_Wizard|Anon Connection Wizard]] feature to simplify connections to the Tor network via a Tor bridge and/or a proxy. https://phabricator.whonix.org/T699 * Integrated the Tor Pluggable Transport meek_lite. https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601 * Integrated anon-connection-wizard into whonix-setup-wizard, so that the latter can now start the former. https://phabricator.whonix.org/T716 * Removed the Control Port Filter Proxy script from anon-ws-disable-stacked-tor since it is no longer required for proper Tor connections or Tor Browser functions (its functionality is now replaced by [https://github.com/{{project_name_short}}/onion-grater onion-grater]). This means [[Next|Ricochet, Zeronet]] and [[OnionShare|OnionShare]] are now compatible with {{project_name_short}}. OnionShare is not installed by default in {{project_name_short}} 14 because it is not in the stretch repository, however it may be manually installed using the [[OnionShare#Installation|available wiki instructions]]. https://phabricator.whonix.org/T657 [https://github.com/{{project_name_short}}/onion-grater onion-grater]:
Filters out Tor control protocol commands that are dangerous for anonymity such as GETINFO ADDRESS using a whitelist. Acts as a proxy between the client application and Tor.

For example it allows using Tor Browser's New Identity feature on Anonymity Distribution Workstations, fixes Tor Browser's about:tor default homepage and Tor Button status indicator without exposing commands that are dangerous for anonymity.
* Installed necessary dependencies for proper ZeroNet functionality. https://phabricator.whonix.org/T701 * Installed onioncircuits by default in {{project_name_gateway_short}}. https://forums.whonix.org/t/onioncircuits-viewing-the-status-and-circuits-of-tor/2539 * Added --list-interface to tor-controlport-filter, as it works better with dynamic IP addresses. https://phabricator.whonix.org/T579 * Added a ''/etc/tor-controlport-filter.d'' configuration extension feature. https://phabricator.whonix.org/T576 * Fixed the control-port-filer-python configuration to rewrite HS_DESC replies by Tor, so OnionShare is supported. https://phabricator.whonix.org/T574 * Merged the tor-controlport-filter by Tails for various enhancements. https://phabricator.whonix.org/T573 * Implemented more user-friendly error messages (instead of tb-starter error handlers) when non-{{project_name_short}} related Tor Browser issues cause start-tor-browser to fail and exit zero. https://phabricator.whonix.org/T510 * Implemented sane built-in defaults for whonix-gw-firewall, whonix-ws-firewall, whonixcheck, sdwdate, uwt, onion-grater, rads, open-link-confirmation, tb-starter and tb-updater, even if configuration files do not exist. https://phabricator.whonix.org/T503 * Changed uwt to set AllowOutboundLocalhost / AllowInbound which can help make servers utilizing Tor onion services work. https://phabricator.whonix.org/T357 * Implemented a sd_notify watchdog feature for onion-grater so the service is restarted if it appears to be running, but has became unresponsive. https://phabricator.whonix.org/T274 * Created a bindp {{project_name_short}} package to enable {{project_name_workstation_short}} applications that use Tor ephemeral onion services to bind on all interfaces as necessary. https://phabricator.whonix.org/T561 * Modified sdwdate to check if the clock is changed "behind the back" of the program and suggest a manual user fix. https://phabricator.whonix.org/T481 * Improved default torsocks information / warning messages when wrapped commands are invoked to reduce user confusion. https://phabricator.whonix.org/T73 * Both [[Non-Qubes-Whonix|{{non_q_project_name_short}}]] and {{q_project_name_short}} are now compatible with the Tor Project's sandboxed Tor Browser. This is no longer recommended, since the The Tor Project has ceased development and [https://gitlab.torproject.org/legacy/trac/-/issues/25540 stopped building and distributing sandboxed-tor-browser binaries]. === Security Enhancements === * Confirmed functionality of the kloak anti-keystroke deanonymization tool in {{project_name_short}}. https://phabricator.whonix.org/T583 By default, kloak is packaged in {{project_name_short}} 15 for the {{non q project name short}} platform. Unfortunately {{q_project_name_short}} is unsupported (dysfunctional) due to the following Qubes issues:
* https://github.com/QubesOS/qubes-issues/issues/2558 * https://github.com/QubesOS/qubes-issues/issues/1850
* Identified more reliable onion servers as appropriate time sources for sdwdate, which enables correct network time synchronization for anonymity-focused distributions. https://phabricator.whonix.org/T647 * Implemented Tails' Control Port Filter Proxy in {{project_name_short}} and merged recent changes since it was forked. https://phabricator.whonix.org/T617 https://phabricator.whonix.org/T612 * Fixed security and hardening (stack canary) issues with the bindp libindp.so package (which were merged upstream). https://phabricator.whonix.org/T599 * Uploaded Tor version 0.3.3.9 (stable) release to the {{project_name_short}} repository to enable full v3 onion functionality for both hosting of onion services and access to v3 onion addresses in Tor Browser. https://phabricator.whonix.org/T764 * Onion sources are now preferred for {{project_name_short}} updates/upgrades for greater security. Note: this change has been reverted due to the unreliable nature of onion connections at present - see footnote. Previously both clearnet and onion sources were in use and priority was given to the latter, with v3 onion connections being preferred (clearnet provided a fallback). Onions will not be set by default until [https://gitlab.torproject.org/asn/onionbalance OnionBalance] is available for v3 onions, and the repositories can be reached reliably. * Disabled the apt-timer in Debian stretch to prevent auto updates, thereby preventing the attendant security risks associated with background updates without user input. https://phabricator.whonix.org/T590 * Disabled nautilus previews by default due to the security risks. https://phabricator.whonix.org/T500 * Implemented uwt to set TORSOCKS_ISOLATE_PID in Debian Stretch so all uwt wrapped applications are stream isolated. https://phabricator.whonix.org/T356 * Implemented tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false" for better security and stream isolation. https://phabricator.whonix.org/T610 * Disabled the systemd DNS resolver feature in order to reduce the attack surface and to remove the potential for adverse anonymity impacts. https://phabricator.whonix.org/T471 * Established a dedicated {{project_name_short}}.org repository, with appropriate redirects from {{project_name_short}} mirrors. https://phabricator.whonix.org/T475 * Removed the DHCP client from {{project_name_gateway_short}} and switched to a static network configuration so the dhclient is no longer present on all interfaces, including the internal network. https://phabricator.whonix.org/T559 * Disabled VLC metadata collection by default. https://phabricator.whonix.org/T736 * Disabled "Obey DRM limitations" in Okular, The default {{project_name_short}} PDF reader. since Digital Rights Management (DRM) can be used as a tracking vector. https://www.locklizard.com/track-pdf-monitoring/ https://phabricator.whonix.org/T776 == {{non_q_project_name_short}} == {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = Desktop shortcuts are no longer available in [[Non-Qubes-Whonix|{{non_q_project_name_short}}]]. Until it is determined how to enable kde-folderview in Debian stretch. }} === Bug Fixes === * Increased the {{project_name_gateway_short}} VRAM in VirtualBox from 8 to 16 MB to avoid error messages and possible video problems when using full screen mode. https://phabricator.whonix.org/T680 * Corrected sdwdate-gui systray so it properly registers in kde systray and does not appear as a gap in the Entry column. https://phabricator.whonix.org/T638 * Corrected the sdwdate-gui tray icon so it is visible in Debian stretch. https://phabricator.whonix.org/T598 * Corrected the virtualization detection method to properly recognize KVM. https://github.com/Whonix/shared-folder-help/commit/2130d872d4e346bc490e70fca79e572d1d1f86df === Builds === * Reduced the size of the default, binary {{project_name_short}} images by approximately 50 per cent using zerofree. https://phabricator.whonix.org/T790 https://forums.whonix.org/t/reducing-size-of-ova-images VirtualBox .ova and libvirt qcow2 raw images. The {{project_name_gateway_short}} is reduced from 1.7 GB to 850 MB, while the {{project_name_workstation_short}} is reduced from 2 GB to 1.1 GB. === Code === * Removed kmix-disable-autostart since it is no longer required to make sure the clipboard history icon is loaded into the system tray. https://phabricator.whonix.org/T722 === Improved Functionality and Usability === * Created the grub-live package which can [[VM_Live_Mode|run {{project_name_short}} as a live system]]. https://phabricator.whonix.org/T714 grub-live is not installed by default in {{project_name_short}} 14 and is an optional package only. * Added Kscreen to {{project_name_short}} by default in order to allow DPI (dots per inch) scaling and other basic desktop features of Plasma 5. https://phabricator.whonix.org/T703 * Removed the VirtualBox shared folder and confirmed automounting of shares is enabled in Debian stretch. https://phabricator.whonix.org/T702 === Security Enhancements === * Removed okular from anon-shared-applications-kde to anon-workstation-default-applications so it is not installed on {{project_name_gateway_short}}. https://github.com/{{project_name_short}}/anon-meta-packages/commit/a22b1807c79cb1d21447c83ed251c331cf6222f1 * Hide the CPUID in VirtualBox 5 by setting generic values via HostCPUID. https://phabricator.whonix.org/T408 == {{q_project_name_short}} == === Bug Fixes === * Implemented whonixcheck fixes for Qubes R4. https://phabricator.whonix.org/T724 * Corrected false positive failure messages for the updates proxy test in Qubes R4. https://phabricator.whonix.org/T723 Qubes R4 RC1. * Resolved non-functionality of Tor Browser due to jemalloc corruption. https://phabricator.whonix.org/T651 * Resolved segfaults in Tor Browser caused by excessive string length in the XDG_CONFIG_DIRS environment variable. https://phabricator.whonix.org/T767 * Resolved accumulation of old Tor Browser instances in ''/var/cache/tb-binary/.tb/'' which caused users to run into full disk error messages. https://phabricator.whonix.org/T671 * Corrected dependencies in the qubes-whonix package to resolve issues when upgrading to Debian stretch. https://phabricator.whonix.org/T620 * Fixed a corridor lintian warning on Debian related to systemd documentation. https://phabricator.whonix.org/T607 * Resolved error messages associated with tput using an empty TERM environment variable. https://phabricator.whonix.org/T505 * Resolved the failure of tb-updater to copy Tor Browser into the user's home directory on first VM startup in Qubes R4. https://phabricator.whonix.org/T781 https://github.com/Kicksecure/tb-updater/issues/2 https://phabricator.whonix.org/T789 * Implemented the correct appmenus for {{q_project_name_short}} 14 Templates and fixed missing appmenu entries. https://github.com/QubesOS/qubes-issues/issues/4033 https://github.com/QubesOS/qubes-issues/issues/4093 * Resolved the false positive timedatectl error message when using whonixcheck. https://github.com/QubesOS/qubes-issues/issues/3469 * Corrected the absent 'Connected to Tor.' message, which arose due to a missing notification daemon. https://github.com/QubesOS/qubes-issues/issues/4098 * Resolved non-persistence of files in ''/usr/local'', such as the Tor configuration file. A persistent configuration now applies upon reboot. https://github.com/QubesOS/qubes-issues/issues/4095 * Implemented a qvm-features-request whonix-ws=1, so that newly created {{project_name_workstation_short}} AppVMs inherit the anon-vm tag. https://github.com/QubesOS/qubes-issues/issues/3595 https://phabricator.whonix.org/T791 The [https://www.whonix.org/wiki/Dev/Qubes#anon-vm_tag anon-vm tag] enforces selected settings from Templates to TemplateBasedVMs which are necessary for anonymity. * Created qubes-core-admin-addon-whonix to enforce the anon-vm tag for newly created {{project_name_workstation_short}} AppVMs. https://phabricator.whonix.org/T792 * Removed redundant warning messages affecting {{project_name_workstation_short}} Disposables that related to the first invocation of an open-link-confirmation. https://github.com/QubesOS/qubes-issues/issues/4113 * Fixed an APT package issue whereby some users were downgraded to a known vulnerable version. https://github.com/QubesOS/qubes-issues/issues/4055 The bug caused a version downgrade to APT 1.0.9.8.4 * Corrected an aptitude update failure which affected all {{q_project_name_short}} VMs. https://github.com/QubesOS/qubes-issues/issues/3882 * Installed Tor Browser by default in {{project_name_workstation_short}}-Disposables, as it was previously missing upon VM launch. https://github.com/QubesOS/qubes-issues/issues/3740 * Fixed the periodic failure of {{project_name_workstation_short}} AppVMs to start correctly, which prevented the launch of any user applications. https://github.com/QubesOS/qubes-issues/issues/2334 * Fixed an error which caused ''/etc'' in {{q_project_name_short}} templates to be owned by user:user https://github.com/QubesOS/qubes-issues/issues/1156 === Builds === * Corrected the build failure of the {{project_name_workstation_short}} template in {{q_project_name_short}} R3.2 and added qubes-template-whonix to the continuous integration service TravisCI. https://phabricator.whonix.org/T527 * Removed older unstable {{project_name_short}} 14 builds from Qubes' unstable repository. https://github.com/QubesOS/qubes-issues/issues/3766 * Resolved unexpected build failures. https://github.com/QubesOS/qubes-issues/issues/4063 * Removed {{project_name_short}} 14 templates from Qubes' unstable repository, since testing versions now reside in qubes-templates-community-testing. https://github.com/QubesOS/qubes-issues/issues/4086 * Backported versioning of {{project_name_short}} template names from Qubes R4 to Qubes R3.2 to simplify the installation procedure for users on the earlier platform. https://github.com/QubesOS/qubes-issues/issues/4130 === Code === * Removed cups and system-config-printer from {{project_name_workstation_short}}, since printing capabilities are better suited to alternate VMs and this also removes a local TCP listener that is otherwise created. https://phabricator.whonix.org/T619 * Corrected anon-meta-packages compatibility for Qubes R3.2 and R4. https://phabricator.whonix.org/T697 * Installed pulseaudio-qubes for audio support and removed pulseaudio and VLC from {{project_name_gateway_vm}}. https://phabricator.whonix.org/T641 * Created a qvm-features-request whonix-gw=1 as a prerequisite for sdwdate-gui-qubes. https://github.com/QubesOS/qubes-issues/issues/4080 === Improved Functionality and Usability === * Confirmed full {{q_project_name_short}} compatibility with Qubes R4. https://phabricator.whonix.org/T698 * Confirmed Qubes-Whonix-Workstation has full DispVM support. https://phabricator.whonix.org/T463 * Created a tb-updater storage path for Qubes R4 so new AppVMs and Disposables have a copy of the latest Tor Browser version. https://phabricator.whonix.org/T726 https://forums.whonix.org/t/qubes-dispvm-technical-discussion/3232/58 * Created {{q_project_name_short}} 14 SaltStack state files with flexible versioning for future releases. https://github.com/QubesOS/qubes-issues/issues/3765 https://phabricator.whonix.org/T788 * Modified {{q_project_name_short}} Salt code so the repository is not hard-coded, allowing users to choose either the qubes-templates-community or qubes-templates-community-testing repository. https://github.com/QubesOS/qubes-issues/issues/4087 === Licensing === * Added a COPYING file to the {{q_project_name_short}} template repository to assure users they are covered by a free software license. https://phabricator.whonix.org/T810 {{project_name_short}} is licensed under GPLv3. The repository in question can be found [https://github.com/whonix/qubes-template-whonix here]. === Security Enhancements === * Added {{q_project_name_short}} tags on domain-load rather than upon VM creation to avoid missing tags for users that upgrade. https://github.com/QubesOS/qubes-issues/issues/4094 ----- = {{project_name_short}} 14 Updates = As {{project_name_short}} is now a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the {{project_name_short}} stable repository. Those will be announced here. == Documentation == * Simplified [[Documentation|{{project_name_short}} Documentation]]. https://phabricator.whonix.org/T521 https://forums.whonix.org/t/splitting-whonix-documentation-into-a-short-and-long-edition-for-better-usability * Documented multiple Qubes Templates. https://phabricator.whonix.org/T811 For example this simplifies processes when installing additional software safely. https://www.whonix.org/wiki/Multiple_Qubes-Whonix_Templates * Documented a recovery procedure after a (suspected) compromise. https://phabricator.whonix.org/T580 https://forums.whonix.org/t/document-recovery-procedure-after-compromise * Created a systemd-socket-proxyd instructions template. https://phabricator.whonix.org/T544 This template simplifies instructions for [[Onion Services]]. * Conducted research into Single Tor-Gateway with Multiple Workstations versus Multiple Tor-Gateways mapped 1:1 to Workstation VMs. https://phabricator.whonix.org/T567 https://www.whonix.org/wiki/Multiple_Whonix-Workstation * Documented identity correlation attacks and defenses / removing the Apache recommendation. https://phabricator.whonix.org/T523 Apache has a large attack surface and some features erode privacy and leak information about a server's configuration. https://www.whonix.org/wiki/Hidden_Services#Hidden_Webserver https://forums.whonix.org/t/website-fingerprinting-defenses-at-the-application-layer? * Created an APT Qubes template. https://phabricator.whonix.org/T545 The template reminds Qubes users that newly installed packages must be installed in the Template to be persistent. * Documented how to use [[SecBrowser]] and configured a secbrowser wrapper that disables Tor. The wrapper was integrated into tb-updater and tb-starter. https://forums.whonix.org/t/todo-research-and-document-how-to-use-tor-browser-for-security-not-anonymity-how-to-use-tbb-using-clearnet/3822 * Updated the [[Dev/onion-grater|onion-grater (Control Port Filter Proxy)]] wiki page. https://phabricator.whonix.org/T877 * Created documentation for [[ZeroNet]] support. https://phabricator.whonix.org/T597 https://www.whonix.org/wiki/ZeroNet * Finalized wiki edits for numerous, outstanding documentation fixes and additions. Including: * [[Multiple Whonix-Workstation|Multiple Whonix-Workstations]] and [[Multiple Whonix-Gateway|Gateways]] * [[Onionizing_ Repositories|Onionizing Repositories]] * [[Qubes/Disposables|Qubes Disposables]] * [[SecBrowser]] * [[System_Hardening_Checklist|System Hardening Checklist]] * As well as all entries in the first half of the main Table of Contents. == Website Fixes and Outreach == * Website fixes: implemented the proposed download directory structure as well as download redirects, stable download links and permalinks. This greatly assists with documentation efforts, since documentation does not break and need updating based on a new point release being available. * Implemented numerous mediawiki fixes for better website presentation. https://phabricator.whonix.org/T809 * Opened a Peertube video channel. https://phabricator.whonix.org/T870 {{project_name_short}} already has a Youtube channel, but Peertube provides a further avenue for information on new/fresh projects. * Updated [[Dev/Redistribution#Announcement|Release Announcements]] to collate all places where this should be posted. https://phabricator.whonix.org/T847 * Post Whonix release announcements in crypto currency Reddit forums. https://phabricator.whonix.org/T846 * Researched social media strategies to increase {{project_name_short}} awareness. https://phabricator.whonix.org/T836 * Established mirroring of all {{project_name_short}} announcements. https://phabricator.whonix.org/T830 * Bookmarked the outreach workboard. https://phabricator.whonix.org/T839 https://phabricator.whonix.org/project/board/144/ * Signed the {{project_name_short}} developer team up to various developer mailing lists. https://phabricator.whonix.org/T840 == All Platforms == === AppArmor === * Corrected the dnscrypt-proxy AppArmor profile for full functionality. * Removed unnecessary and extensive capabilities from the Tor Browser AppArmor profile. https://forums.whonix.org/t/why-does-the-tor-browser-apparmor-profile-have-sys-admin-sys-chroot-and-ptrace-capabilties/7409 https://github.com/Kicksecure/apparmor-profile-torbrowser/pull/6
The Tor Browser AppArmor profile has capability sys_admin, capability sys_chroot, and ptrace. This looks pretty insecure. ptrace will allow the Tor Browser to modify and inspect other running processes. sys_admin will allow the Tor Browser to do a whole load of things that it probably shouldn’t be able to. sys_chroot will allow the Tor Browser to chroot which can make an attacker able to put a setuid program inside a chroot jail with a fake /etc/passwd and /etc/shadow which can fool it into giving it root access.
* Amended the Tor Browser AppArmor profiles so 8.* versions correctly launch. https://forums.whonix.org/t/tor-browser-8-wont-launch/5863 https://github.com/Kicksecure/apparmor-profile-torbrowser/commit/5b1550cc51d73652d63af1fd010d9beb34e2069e * Added capability sys_module to whonixcheck because it is required for ifconfig. https://forums.whonix.org/t/whonix-apparmor-profiles-development-discussion/108/682 https://github.com/Kicksecure/systemcheck/commit/5873f4c3bb1665a6fb92224968805f561aca87e3 * Added a wildcard for non-Tor or modified Tor Browser Bundles. https://github.com/Kicksecure/apparmor-profile-torbrowser/pull/3 This allows the same apparmor profile to be used for i2p browser (~/.i2pb/i2p-browser) or for a hypothetical ZeroNet browser (~/.zerob/zeronet-browser/) and so on. * Deprecated /etc/apparmor.d/home.tor-browser.start-tor-browser due to broken functionality. https://github.com/Kicksecure/apparmor-profile-torbrowser/commit/21c36545df427bd8943a92279af78e53ea627056 * Added various permissions to the XChat AppArmor profile for greater functionality. https://github.com/Kicksecure/apparmor-profile-hexchat/pull/2 === Bug Fixes === * Implemented an automated /var/lib/tor permission fix. https://phabricator.whonix.org/T855 whonixcheck runs as user whonixcheck, so a wrapper might be needed which is called using sudo (with a sudoers.d exception for this test). * Installed the missing pinentry-qt package so Enigmail decryption is functional. https://phabricator.whonix.org/T820 https://forums.whonix.org/t/missing-pinentry-package-whonix-14/5630 * Fixed the Whonix custom firewall settings start menu entry in Whonix Xfce. https://github.com/Whonix/whonix-firewall/commit/8d9767a72fdbaac863f8e372a10dfa6f2779ce6f * Fixed the false-positive "Tor Browser not installed" message in tb-starter. https://github.com/Kicksecure/tb-starter/commit/7f3ac3b6d7beb659333f39b0506cd32fb07dc1bb * Onion-grater: fix Tor control auth cookie authentication even if HashedControlPassword is set. https://github.com/Whonix/onion-grater/commit/70e735dae1c15920c356b07fc6aaf4b9589b465a * Fixed output when using open-link-confirmation. https://github.com/Kicksecure/open-link-confirmation/commit/30810e6fa96b80a749505ea60e9dfb0d915edf14 * Change etc/.skel to etc/skel/Downloads in all code. https://github.com/Kicksecure/usability-misc/commit/63c1ba7cae2914bd3bcfe5d7d2e5edf495a79c02 https://forums.whonix.org/t/bug-not-all-files-form-etc-skel-are-copied-to-home-user/6778 === Builds === * Released new Whonix 14 builds to address the APT security update bug. See: [[Operating_System_Software_and_Updates#apt_security_update_-_DSA_4371-1|apt security update - DSA 4371-1]] https://forums.whonix.org/t/fixed-apt-rce-announced-new-whonix-images-needed-whonix-build-not-safe-at-the-moment/6715 === Code === * whonixcheck: grep journal for "fail", "error" and "denied". https://phabricator.whonix.org/T854 * Re-implemented Tor Browser local version number detection. https://phabricator.whonix.org/T400 * Decided against virtualizer configurations which attempt to hide the CPU model. Such as --cpuid-portability-level or --cpuidremoveall in VirtualBox, since the attempts have proven futile or even posed security risks. https://phabricator.whonix.org/T408 https://phabricator.whonix.org/T881 * Moved kcalc, okular, gwenview, kgpg, libkf5kipi31.0.0 and libkf5kipi-data from hardened-desktop-applications-kde to non-qubes-whonix-workstation-kde and qubes-whonix-workstation. https://github.com/Whonix/anon-meta-packages/commit/04851c3ef4a5fa4e4e25917860392273b80a3ebb * Simplified code by using apt-key rather than custom code when adding a gpg key. https://github.com/Kicksecure/repository-dist/commit/24f6479ec1c7015aa50aa2caf1a6d66aec28f429 * Fixed the mime type in whonix-repository. https://github.com/Kicksecure/repository-dist/commit/e6de603931735647aa69ab97202a8eb01589a42b * Refactored the whonixcheck code and included an option to show "sudo apt-get-update-plus dist-upgrade" if it is available. https://github.com/Kicksecure/systemcheck/commit/2dcc1257f728639772f66f055134ea6ed960012c https://github.com/Kicksecure/systemcheck/commit/7f9d648909e790a8d188dda5f83622367fd432c3 * Ported the IP check in whonixcheck to https://check.torproject.org/api/ip https://github.com/Kicksecure/systemcheck/commit/5111b2765e7e2d0b8d24cdfb5e7c6996da7a1e25 * sdwdate-gui: permission lockdown, fixed merge conflicts, avoidance of 'clock is fast' false positives and other miscellaneous fixes. https://github.com/Kicksecure/sdwdate-gui/commit/964fcb62d1961b52f4b126cc427d429cf2475ef4 https://github.com/troubadoour/sdwdate-gui/commit/0b7d851476ac5c9d352de537f0ddfea8f1095b34 https://github.com/Kicksecure/sdwdate-gui/commit/63b9a0b1c7f979362ec114aebed5d62d2138f63f https://github.com/Kicksecure/helper-scripts/commit/a87cd4fa6cadc541262a90f810a585fa4c4bdc0b * anon-ws-disable-stacked-tor: set 'restart' rather than 'start' to support running scripts. https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/1f7bf8ff3af2548cb735ab9450c7395d9d4065cf * Added a mechanism to add variables to Debian packaging maintainance scripts. So arbitrary packaging scripts can be avoided. https://github.com/Kicksecure/dist-base-files/commit/fe5433f52678597c4e26ca06ecfab4c3619e45de * Thunderbird is no longer installed by default in {{project_name_short}}. https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505 Due to breakage that has been experienced; see [https://forums.whonix.org/t/thunderbird-enigmail-no-longer-installed-sudo-apt-get-dist-upgrade-the-following-packages-will-be-removed-enigmail/5968 here] for details. * Beautified the Whonix landing page for Tor Browser v8.0+. https://github.com/Whonix/whonix-welcome-page/pull/5 The landing page was otherwise stuck in the left corner and not centered. * Implemented use of /usr/lib/helper-scripts/terminal-wrapper rather than hardcoding Konsole. This is useful if trying to avoid unnecessary package installation; for example just installing sdwdate on Debian. https://github.com/Kicksecure/sdwdate-gui/commit/f9a269b352eeb2965a352c91e0a033576c01f0e1 https://github.com/Kicksecure/helper-scripts/commit/bb3fab3b3de448ede51417f2b2b2e4760d9a467b https://forums.whonix.org/t/calling-1-package-from-whonix-repo-will-pull-all-the-packages/6182/7 * Deprecated anon-workstation-extra-applications, anon-workstation-langpack-common and anon-shared-desktop-langpack-kde. https://forums.whonix.org/t/whonix-langpacks-useful/5692 https://github.com/Whonix/anon-meta-packages/commit/64db5cf89152d0114aaa331f8321fec061bea2c1 === Improved Functionality and Usability === * Changed (Qubes-)Whonix default applications from KDE to Xfce. https://phabricator.whonix.org/T888 Poll: https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235 https://groups.google.com/g/qubes-devel/c/pkvvm1WNznY * Installed magic-wormhole by default as an OnionShare alternative. https://phabricator.whonix.org/T771 https://forums.whonix.org/t/onionshare-alternatives/4877/11 This is because OnionShare is not in Debian stable. magic-wormhole is a great alternative to easily share data between two endpoints, although it requires a uwt wrapper to support stream isolation. * Set mousepad as the default editor for sudoedit. https://github.com/Kicksecure/usability-misc/pull/7 https://forums.whonix.org/t/use-sudoedit-in-whonix-documentation-and-whonix-software/7599 * Added support for Xfce, thunar and gksudo in Whonix-Gateway. https://github.com/Whonix/anon-gw-anonymizer-config/commit/252416d91a2158da3b07f1791416ecc8c261f18c * Allow multiple flashproxy ports in Whonix firewall. One example implementation is to use iptables to force all traffic through those ports. This requires two flashproxy ports -- one for TCP traffic and one for DNS. https://github.com/Whonix/whonix-firewall/commit/5ffcbb5ad30b04a6c5ea57734a8907cdc08c9b9f https://github.com/Whonix/whonix-firewall/commit/6882aa9a449e0b6317f96f35d54ddcfcf56df858 https://github.com/Whonix/whonix-firewall/commit/5cf35f4ffe9d2f7ff2d2f8200dd0f2ad82ea5f14 * Disabled {{project_name_short}} onion apt sources by default due to unreliability. https://forums.whonix.org/t/disable-onions-by-default-due-to-unreliability/6650 https://github.com/Kicksecure/repository-dist/commit/f04391c5ad438732c5a9ae886b926530e277e9cd https://github.com/Kicksecure/anon-apt-sources-list/commit/8846e18a3bae24ed64fb5e9351f2ef614eaf1566 * Added a new branch for compression/decompression tools. This includes small, efficient GUI decompression tools like xarchiver, unxz, unrar and p7zip. https://forums.whonix.org/t/archive-decompression-tools/6533 https://github.com/Whonix/anon-meta-packages/pull/19 * Implemented support for the new Snowflake pluggable transport in Anon-Connection-Wizard. https://github.com/Whonix/anon-connection-wizard/pull/22 * Implemented the Tor Controller GUI in {{project_name_short}} with various fixes. https://forums.whonix.org/t/tor-controller-gui-tor-control-panel-testers-wanted/5444 === Security Enhancements === * Removed mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 due to the fingerprinting risk. https://phabricator.whonix.org/T878 Otherwise this redirects and discloses the traffic to onion addresses. * Run whonixcheck in Whonix-Workstation on first time boot. https://phabricator.whonix.org/T821 whonixcheck will now always run and check for updates on first boot of Whonix-Workstation since numerous updates will likely be available, including kernel updates. * Added a spectre/meltdown test to whonixcheck. https://github.com/Kicksecure/systemcheck/commit/4d65231b87b1dbc7827cd47c86f1f4d5476bcda2 https://github.com/Whonix/commit/47d9bdde4f9985aa8b29d64c2bd81f17addf18b6 * Enforce connections to deb.debian.org instead of us.debian.org and now use https (SSL/TLS) by default, as well as fixing build --connection onion. https://phabricator.whonix.org/T721 https://lists.debian.org/debian-security/2017/10/msg00006.html * Implemented optional tb-updater onion mirrors download support. https://phabricator.whonix.org/T678 The optional --onion parameter can also be set through an environment variable export tb_onion=true or in the /etc/torbrowser.d/50_user.conf config with the same syntax. * Corrected systemd hardening for onion-grater. https://github.com/madaidan/onion-grater/commit/f0312d95bc721580088a10c4230ab10ff97f30f9 * Added systemd sandboxing for sdwdate. https://github.com/Kicksecure/sdwdate/pull/21 * Enforced tor+http in apt sources lists to make use of apt-transport-tor. apt-transport-tor (tor+http) is the default from {{project_name_short}} 14 onward because it provides better error handling and stream isolation. https://github.com/Kicksecure/repository-dist/commit/8beb14f2782a2730c07a2b233f44b5ea5df021c2 https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/32d6efed5344aaac9de5c3dac04ba1a3d6236905 https://github.com/Kicksecure/anon-apt-sources-list/commit/d74b8e8abd7832200d57aee8736e8f31084db964 * Disabled uncommon network protocols for improved security. Disables DCCP, SCTP, RDS and TIPC in case they have unknown vulnerabilities; serious problems were discovered in the past. https://github.com/Kicksecure/security-misc/pull/7 https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391 * Added a Bitcoin Core onion-grater profile. https://forums.whonix.org/t/bitcoin-core-onion-grater-profile/6216 To allow the creation of a mainnet or testnet hidden service and discarding of the private key to keep services ephemeral. https://github.com/Whonix/onion-grater/pull/1 https://github.com/Whonix/onion-grater/pull/2 == {{non_q_project_name_short}} == === Bug Fixes === * Disabled KDE session restoration to prevent VirtualBox error notifications upon boot in either Whonix-Gateway or Whonix-Workstation. https://phabricator.whonix.org/T822 https://forums.whonix.org/t/kdesudo-error-popup-window-sdwdate-gui https://github.com/Whonix/anon-apps-config/commit/008d206ec20c74e0d03926b939522b7036b8693b * Start the KDE desktop session login with an empty session / resolve the kdesudo error popup window related to sdwdate-gui. https://phabricator.whonix.org/T737 * Fixed the Whonix-Gateway Xfce / CLI keyboard layout error. https://github.com/Kicksecure/usability-misc/commit/c2a0c84b4a12b5bebc241b65a932b96a33cacedb * Fixed a lintian error for sdwdate-gui / missing xml files for specific desktop environments. https://github.com/Whonix/commit/5760a2491cc42482945e3d50ed0ccb33d539d92d https://github.com/Whonix/commit/98fd2361ec4e1ef73de3660ccb4c21e5ec86bf5f https://github.com/Whonix/commit/8679c7f1b94e269b8f110743654c2431a0725cc2 === Code === * Closed all KDE-related requests and bug fixes following the shift to Xfce. https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235 This includes: ** Change default application to not use kmail. https://phabricator.whonix.org/T738 ** Change KDE theme and KDE mouse theme. https://phabricator.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/T69 ** Disable the Baloo file indexer. https://phabricator.whonix.org/T630 ** Add /media to desktop icons. https://phabricator.whonix.org/T705 ** Add /media to pinned places in Dolphin. https://phabricator.whonix.org/T706 ** Disable/remove KDE system and network settings. https://phabricator.whonix.org/T733 ** Disable web shortcuts. https://phabricator.whonix.org/T734 ** settings-plasma search/configure search configurations from Whonix-Gateway. https://phabricator.whonix.org/T735 ** Non-Qubes-Whonix KDE plasma 5 fixes. https://phabricator.whonix.org/T633 * Implemented numerous Xfce fixes: Whonix builds, desktop shortcuts, xfce4-terminal, related meta-packages and general fixes.https://github.com/{{project_name_short}}/pull/423/commits/bb87de2006d5ea6389480d4443b58ea82c11bef2 https://github.com/Kicksecure/helper-scripts/pull/4 https://github.com/Whonix/anon-meta-packages/pull/15 * Created a configuration file for Whonix Xfce Desktop. https://github.com/Kicksecure/desktop-config-dist * Updated the check for installed meta packages for Whonix Xfce and Whonix CLI. https://github.com/Kicksecure/systemcheck/commit/7eec772015948573319e281da67b9b1ffb93e201 * Removed pulseaudio from hardened-desktop-applications-xfce. https://github.com/Whonix/anon-meta-packages/commit/fd2570327ea7a4da054c2d3825ff04debc70a557 * Removed Ristretto from hardened-desktop-applications-xfce. So it is not installed on Whonix-Gateway by default. https://github.com/Whonix/anon-meta-packages/commit/8bfca1d9a9c7a0e76bcd0222f9fd01dd72a0277b * Deprecated non-qubes-vm-enhancements-gui. https://github.com/Whonix/anon-meta-packages/commit/1de173ad50669a575171200d76b0d3e4878fb78b https://github.com/Whonix/anon-meta-packages/commit/28582d8272a38b9d0ce7cd234f94a7b983358a64 * Merged whonix-shared-packages-recommended-cli into whonix-shared-packages-dependencies-cli. https://github.com/Whonix/anon-meta-packages/commit/eaac36060f9fea574c098967b85690d41f122562 * Port to and take ownership of /etc/xdg/xfce4/xfconf/xfce-perchannel-xml https://github.com/Kicksecure/security-misc/commit/137bc073c5d65988cce832336ebee5c47071e732 https://github.com/Kicksecure/desktop-config-dist/commit/c8959135d699bc3ce74b95f736cbfbbc8ff391d9 https://github.com/Kicksecure/desktop-config-dist/commit/0e9daa97e9f9e70120c969aa9c9d52cace46971a * Modified whonix-firewall to remove the old IP 192.168.0.10 reference in non-qubes-whonix-gateway. https://github.com/Whonix/whonix-firewall/commit/c55b2652eecd214804afb32d89dc8fdf05e31221 * Minimized VirtualBox Whonix-Gateway CLI differences with non-qubes-whonix-workstation cli. To prevent broken functionality due to missing packages. https://forums.whonix.org/t/whonix-cli-development/6309 === Improved Functionality and Usability === * Implemented Whonix for arm64 / Raspberry Pi (RPi). https://forums.whonix.org/t/whonix-for-arm64-raspberry-pi-rpi/1788 * Implemented a unified Whonix download rather than separate Whonix-Gateway / Whonix-Workstation downloads. Virtual ovas and KVM libirt.xz files are both available as a single download containing both VMs. https://forums.whonix.org/t/unified-whonix-download-rather-than-separate-whonix-gateway-whonix-workstation-download/6851 https://forums.whonix.org/t/whonix-virtualbox-14-0-1-4-4-unified-ova-downloads-testers-wanted/6979/2 * Re-enabled hidden files and volume management. https://github.com/Kicksecure/security-misc/pull/4 * Whonix Setup Wizard: added instructions on how to change keyboard layout in Xfce. https://github.com/Whonix/whonix-setup-wizard/commit/7fa64df04025d304fa97458a23f730bcc8aedbd8 * Added mupdf and Ristretto to non-qubes-whonix-workstation-xfce. https://github.com/Whonix/anon-meta-packages/commit/701edd4aa46d76b03fc84a482a9046834beb43ab * Show the pulseaudio plugin by default. https://github.com/Kicksecure/desktop-config-dist/commit/0aba7c2c3676469ea28f7949a5e58795cd529e34 * Increased Whonix-Workstation VRAM in Non-Qubes-Whonix to 2GB to improve performance. https://forums.whonix.org/research-disabling-tbb-e10-mutiprocess-for-performance-boost/6431 https://github.com/Whonix/commit/e75f61f32eee4d947bbeea61d898fcce815b57e5 === Security Enhancements === * Disabled maximizing of the Tor Browser window when moving to the top of the screen. https://phabricator.whonix.org/T880 https://forums.whonix.org/t/whonix-xfce-14-0-0-9-6-for-virtualbox-released/6368/14 * Disabled previews / thumbnails in Thunar for better security. https://github.com/Kicksecure/security-misc/commit/008a97d9e7f891a706a277c8e9bb2e3a958d1e63 == {{q_project_name_short}} == === Bug Fixes === * Corrected Tor Browser in whonix-ws-14 based VMs sometimes blocking JavaScript on first start. https://phabricator.whonix.org/T894 https://forums.whonix.org/t/tor-browser-in-whonix-blocks-javascript-only-when-started-for-the-first-time-and-in-dispvms/6843 This was reported to occur in approximately 50 percent of start up cases. * Qubes templates: removed the broken graphical updater (Apper). Since it does not report upgrades, even when they are available. https://phabricator.whonix.org/T373 * Resolved the command failure when running qubesctl state.sls qvm.{{project_name_workstation_vm}}. Which failed with return code 1. https://github.com/QubesOS/qubes-issues/issues/4154 * Added missing Whonix tags anon-vm / anon-gateway to user-created, Whonix-based VMs. https://github.com/QubesOS/qubes-issues/issues/4155 https://github.com/QubesOS/qubes-core-admin-addon-whonix/pull/6 * Fixed failure of Whonix-Gateway to respond after an update. Related to the missing package python3-xcffib. https://github.com/QubesOS/qubes-issues/issues/4443#issuecomment-436484078 * Corrected an update error caused by an expired release file. https://github.com/QubesOS/qubes-issues/issues/3323 * Corrected a false whonixcheck notification about outdated packages after performing an in-place upgrade. https://github.com/QubesOS/qubes-issues/issues/4340 === Builds === * Amended builder.conf so template build commands are not ignored. https://github.com/QubesOS/qubes-issues/issues/4536 * Deprecated Whonix 13. https://github.com/QubesOS/qubes-builder/pull/81 === Code === * Set $tag:anon-vm $anyvm deny in template-whonix-ws.sls. https://github.com/QubesOS/qubes-core-admin/pull/221 * Removed the default installation of emacs and vim. https://github.com/QubesOS/qubes-issues/issues/4195 * Modified the Spectre / Meltdown check so it only runs in Qubes R4 and above. https://github.com/QubesOS/qubes-issues/issues/4295 === Security Enhancements === * Confirmed Qubes-{{project_name_short}} templateMVs cannot upgrade in timesync-fail-closed mode. https://phabricator.whonix.org/T858 * Confirmed the efficacy of jitterentropy random number generation in Xen. https://github.com/QubesOS/qubes-issues/issues/4174 = {{project_name_short}} 15 Changelog = {{project_name_short}} 15 was released on July 1, 2019. Some fixes/changes were implemented in both {{project_name_short}} 14 and 15. Significantly, {{project_name_short}} 15 is based on the Debian buster (Debian 10) distribution which was officially released on July 6, 2019 instead of Debian stretch (Debian 9). The buster release has nearly 60,000 packages and over 62 per cent of them were updated https://www.debian.org/News/2019/20190706 More than 91 per cent of the source packages included in Debian 10 are reproducible (will build bit-for-bit identical binary packages). -- see the [https://www.debian.org/releases/stable/releasenotes official Debian 10 release notes] to learn more. == All Platforms == === Bug Fixes === * Fixed file saving issues in scurl wrappers. https://phabricator.whonix.org/T899 https://github.com/Kicksecure/usability-misc/blob/master/usr/bin/scurl/pull/1 A few fixes were needed, such as: * Remove --remote-name and replace it with --remote-name-all. * Improve download wrappers and add --remote-header-name. * Fixed the partial truncation of text in Whonix Connection Wizard. https://phabricator.whonix.org/T923 * Installed cryptsetup by default so errors do not appear when using a GUI and interacting with encrypted containers. https://phabricator.whonix.org/T890 For instance, an error would otherwise appear when using Xfce file manager with encrypted USBs. https://forums.whonix.org/t/have-cryptsetup-installed-by-default-in-whonix/6684/5 === Builds === * Ported the build script to cowbuilder; build packages in chroot and use mmdebstrap for better security. https://forums.whonix.org/t/fixed-apt-rce-announced-new-whonix-images-needed-whonix-build-not-safe-at-the-moment/6715 === Code === * Modified whonixcheck so it suggests to start networking / onion-grater if it is not running. https://phabricator.whonix.org/T853 * Improved the /usr/share/sdwdate/unit_test https://phabricator.whonix.org/T712 Specifically: * Make it simpler (to split urls into chunks of 3). * Generate average, total etc. for each pool. * Add curl command for the failures (timeouts). * Improved the sdwdate message Tor consensus message. https://phabricator.whonix.org/T850 * Confirmed the sanity of systemd DNS after porting to Debian buster. https://phabricator.whonix.org/T866 * Established sane built-in defaults even if configuration files are non-existing. https://phabricator.whonix.org/T503 This was completed for whonix-gw-firewall, whonix-ws-firewall, whonixcheck, sdwdate, uwt, onion-grater (Control Port Filter Proxy), rads, open-link-confirmation, tb-starter, tb-updater and anon-ws-disable-stacked-tor. * Updated the onion list time sources for sdwdate so that offline and unwanted onions were removed. https://github.com/TNTBOMBOM/sdwdate/commit/2985fc70625ae13aed45225b8c83592575c21a78 === Improved Functionality and Usability === * Ported {{project_name_short}} from Debian stretch to Debian buster. https://forums.whonix.org/t/port-whonix-from-debian-stretch-to-debian-buster/7101 * Install [https://packages.debian.org/firejail Firejail] and [https://packages.debian.org/firetools Firetools] by default inside {{project_name_short}}. https://phabricator.whonix.org/T869 https://forums.whonix.org/t/install-firejail-firetools-by-default/5363/3 * Added the [https://packages.debian.org/mat2 Metadata anonymisation toolkit v2 (MAT2)] by default.
MAT2 only removes metadata from your files, it does not anonymise their content, nor can it handle watermarking, steganography, or any too custom metadata field/system.
https://phabricator.whonix.org/T885 https://forums.whonix.org/t/add-mat2-to-whonix-15/6489 * Added a LUKS container GUI ([https://packages.debian.org/zulucrypt-gui zulucrypt-gui]) [https://packages.debian.org/zulumount-gui zulumount-gui] is also installed. by default to make management and creation of containers easy. https://phabricator.whonix.org/T769 https://forums.whonix.org/t/zulucrypt-in-whonix-14/4876 * [[OnionShare]] is now installed by default for easier, anonymous sharing of files. https://phabricator.whonix.org/T595 https://forums.whonix.org/t/feature-request-onionshare-support/300/7 * Added [https://packages.debian.org/keepassxc KeePassXC] as the default Password Manager in Whonix-Workstation. https://github.com/Whonix/anon-meta-packages/commit/8d5e892d3b603bb1390d3c152f70f8b8e8bfefef * Removed the [https://packages.debian.org/ricochet-im Richochet instant messaging application] since it is no longer working in {{project_name_short}} 15. Primarily due to incompatibility with v3 onions. https://forums.whonix.org/t/remove-ricochet-from-whonix/5009 * [https://packages.debian.org/nyx Nyx] has replaced tor-arm as the Tor controller, providing (slightly) better functionality and usability. https://forums.whonix.org/t/what-about-nyx/6380 nyx is actually the same project; just the name has changed and the presentation is very similar. * Set VLC X11 video decoding by default so it works more reliably and avoids known problems. https://phabricator.whonix.org/T798 === Security Enhancements === * The [https://packages.debian.org/jitterentropy-rngd Jitter RNG Daemon (jitterentropy)] is now installed by default to improve randomness if entropy on the system runs low. https://phabricator.whonix.org/T817
Using the Jitter RNG core, the rngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. ... Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy.
== {{non_q_project_name_short}} == === Bug Fixes === * Corrected a VirtualBox error related to guest utils not starting. https://phabricator.whonix.org/T848 https://forums.whonix.org/t/failed-failed-to-start-virtualbox-guest-utils/5975/4 === Builds === * Significantly reduced the size of {{non_q_project_name_short}} images using zerofree. https://forums.whonix.org/t/reducing-size-of-ova-images/5095 === Improved Functionality and Usability === * Added grub-live [[Live Mode]] as a default package. https://phabricator.whonix.org/T886 https://github.com/Kicksecure/grub-live https://github.com/Whonix/anon-meta-packages/pull/18 https://forums.whonix.org/t/installing-whonix-live-mode-in-all-distributed-images/6467 This means {{non_q_project_name_short}} users can boot into live-mode out of the box, without needing to install it. * Added a description to whonix-vbox images. https://phabricator.whonix.org/T825 Such as the root password, {{project_name_short}} home page and so on. https://forums.whonix.org/t/add-description-to-whonix-vbox-images/5828/1 * Implemented Whonix KVM serial console support. https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271 === Security Enhancements === * Disabled boot devices and modified audio settings in VirtualBox Workstation and Gateway to improve security. https://phabricator.whonix.org/T782 The floppy and optical settings were disabled in both the Gateway and Workstation, while the Gateway audio was also disabled. * [https://github.com/Whonix/kloak Forked] the [https://github.com/vmonaco/kloak kloak - Keystroke Anonymization Tool] and installed it by default in {{non_q_project_name_short}}.
kloak is a privacy tool that makes keystroke biometrics less effective. This is accomplished by obfuscating the time intervals between key press and release events, which are typically used for identification. This project is experimental.
https://forums.whonix.org/t/kloak-keystroke-anonymization-tool/7089 * Improved the default kernel hardening options for better security. See recent pull requests [https://github.com/Kicksecure/security-misc here]. https://forums.whonix.org/t/kernel-hardening/7296/9 The specific changes include:
Kernel symbols in /proc/kallsyms are hidden to prevent malware from reading them and using them to learn more about what to attack on your system. Kexec is disabled as it can be used for live patching of the running kernel. The BPF JIT compiler is restricted to the root user and is hardened. ASLR effectiveness for mmap is increased. The ptrace system call is restricted to the root user only. The TCP/IP stack is hardened. This package makes some data spoofing attacks harder. SACK is disabled as it is commonly exploited and is rarely used. This package disables the merging of slabs of similar sizes to prevent an attacker from exploiting them. Sanity checks, redzoning, and memory poisoning are enabled. The kernel now panics on uncorrectable errors in ECC memory which could be exploited. Kernel Page Table Isolation is enabled to mitigate Meltdown and increase KASLR effectiveness. SMT is disabled as it can be used to exploit the MDS vulnerability. All mitigations for the MDS vulnerability are enabled. DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have unknown vulnerabilities.
== {{q_project_name_short}} == === Bug Fixes === * Correctly configured {{q_project_name_short}} Xfce default start menu entries (whitelisted appmenus). https://phabricator.whonix.org/T883 === Builds === * Created Qubes-Whonix 15 template configuration files. https://github.com/QubesOS/qubes-template-configs/pull/6/commits/d4f429669b849fc73973e2e557a24cceab47c45e https://github.com/QubesOS/qubes-builder/pull/82/commits/64a661241430c6a22ca98bb11370b2a3e3cf0e12 * Confirmed the Whonix-15-gateway template builds. https://github.com/QubesOS/qubes-issues/issues/4957 === Improved Functionality and Usability === * Simplified instructions for [https://www.qubes-os.org/doc/managing-vm-kernels/ VM kernel] in {{q_project_name_short}} by installing the same recommended Qubes packages as Qubes Debian packages. https://github.com/Whonix/qubes-whonix/commit/8d8ab41bbf9c7fa63f3e79b8511d439efe33caeb https://github.com/Whonix/qubes-whonix/commit/c08dfed97cfba369ff753b4d96755b47240fffb2 * In Disposables, tb-updater / tb-starter was modified to no longer copy Tor Browser to the user home directory at first boot -- /var/cache/tb-binary is now directly used to improve startup performance. https://github.com/QubesOS/qubes-issues/issues/4918 Neither are backups of Tor Browser maintained anymore; previously three backups were stored. === Security Enhancements === * Confirmed {{q_project_name_short}} TemplateMVs cannot upgrade in timesync-fail-closed mode. https://phabricator.whonix.org/T858 timesync-fail-closed means sdwdate did not succeed yet. Networking for all but Tor and sdwdate should still be locked in this scenario. ----- = {{project_name_short}} 15 Updates = As {{project_name_short}} is now a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the {{project_name_short}} stable repository. Those will be announced here. {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = The majority of the enhancements below also also apply to {{q_project_name_short}}. Exceptions include: * [[Keystroke_Deanonymization#Kloak|kloak]] * [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] * [https://github.com/Kicksecure/tirdad tirdad] (TCP ISN CPU Information Leak Protection) * [https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg Kernel Hardening through Kernel Boot Parameters] * [https://github.com/Kicksecure/security-misc Strong Linux User Account Separation] / [[Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords|Protection against Bruteforcing Linux User Account Passwords]] * {{kicksecure_wiki |wikipage=Apparmor-profile-everything |text=Apparmor profile everything }} https://github.com/Kicksecure/apparmor-profile-everything (AppArmor for everything: APT, systemd, init, all systemd units, all applications) * [https://www.kicksecure.com/wiki/Hardened-kernel hardened-kernel patch] and [https://github.com/Kicksecure/hardened-kernel/blob/master/usr/share/hardened-kernel/hardened-vm-kernel configuration] Many of these will be possible once the use of in-VM kernels is simplified and promoted in Qubes OS. https://github.com/QubesOS/qubes-issues/issues/5212 https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581 }} == All Platforms == In 2019, [[Point_Release|point releases]] were announced on 10 September, 22 and 23 November. https://forums.whonix.org/t/whonix-virtualbox-15-0-0-4-9-point-release/8076 https://forums.whonix.org/t/whonix-kvm-15-0-0-4-9-point-release/8096 https://forums.whonix.org/t/whonix-virtualbox-15-0-0-6-6-point-release/8524 https://forums.whonix.org/t/whonix-kvm-15-0-0-7-1-point-release/8540 In 2020, point releases were announced on 16 and 27 February, 19 and 21 March, 29 May, 10 and 18 June, 27 August, 7 and 17 and 30 September, and 17 December. https://forums.whonix.org/t/whonix-kvm-kicksecure-15-0-0-8-7-released-a-qunatum-leap-forward/8921 https://forums.whonix.org/t/whonix-virtualbox-15-0-0-8-9-point-release-vanguards-tcp-isn-leak-protection-extensive-hardening/8994 https://forums.whonix.org/t/whonix-virtualbox-15-0-0-9-4-point-release/9157 https://forums.whonix.org/t/qubes-whonix-15-templatevms-4-0-1-202003070901-point-release/9159 https://forums.whonix.org/t/whonix-virtualbox-15-0-1-3-4-point-release/9616 https://github.com/Whonix/compare/15.0.0.9.4-developers-only...15.0.1.3.4-developers-only https://forums.whonix.org/t/whonix-kicksecure-kvm-15-0-1-3-4-released/9729 https://forums.whonix.org/t/whonix-kicksecure-kvm-15-0-1-3-9-released/9785 https://forums.whonix.org/t/whonix-kicksecure-kvm-15-0-1-4-9-released/10167 https://forums.whonix.org/t/whonix-kicksecure-15-0-1-4-8-for-virtualbox-point-release/10231 https://forums.whonix.org/t/qubes-whonix-15-templatevms-4-0-6-202009121407-point-release-testers-wanted/10274 https://forums.whonix.org/t/whonix-15-0-1-5-1-for-virtualbox-point-release/10294 https://forums.whonix.org/t/whonix-15-0-1-5-4-for-virtualbox-point-release/10835 In 2021, point releases were announced on 17, 19, 22 and 27 April, 9 and 12 July. https://forums.whonix.org/t/whonix-for-virtualbox-15-0-1-7-2-point-release/11349 https://forums.whonix.org/t/qubes-whonix-15-templatevms-15-4-0-6-202103292247-point-release/11355 https://forums.whonix.org/t/whonix-kvm-15-0-1-7-2-point-release-is-out/11458 https://forums.whonix.org/t/whonix-for-virtualbox-15-0-1-7-3-point-release-includes-virtualbox-6-1-20-compatibility-fix/11496 https://forums.whonix.org/t/whonix-15-0-1-9-3-for-virtualbox-point-release/11876 https://forums.whonix.org/t/qubes-whonix-15-templatevms-15-4-0-6-202106242108-point-release/11891 https://forums.whonix.org/t/whonix-kvm-15-0-1-9-3-released/11923 === AppArmor === [https://github.com/Kicksecure/apparmor-profile-everything apparmor-profile-everything]: * Further development of AppArmor for everything. APT, systemd, init, all systemd units, all applications. https://github.com/Kicksecure/apparmor-profile-everything/compare/f3140ea2153fcee68a901ef0c86d552d6fa0ec3e...ffbe4873836b7bc364f3bfee1fef56ba8fd9b0be https://github.com/Kicksecure/apparmor-profile-everything/compare/ffbe4873836b7bc364f3bfee1fef56ba8fd9b0be...63fdd0312a81f878d266ae9197803ccbd6bc18df More work is required such as [https://forums.whonix.org/t/multiple-boot-modes-for-better-security-persistent-user-live-user-persistent-admin-persistent-superadmin-persistent-recovery-mode/7708 multiple boot modes for better security: persistent user | live user | persistent admin | persistent superadmin | persistent recovery mode] before it is installed by default. * Implemented proper whitespace handling. https://github.com/Kicksecure/apparmor-profile-everything/commit/d3eccd40b1547114159ef5309518a75f14800391 See: [[Dev/bash]]. * Fixed various denial errors. https://github.com/Kicksecure/apparmor-profile-everything/commit/ded4058ba369e00409c761b2c9a3126beb0f6fb3 [https://github.com/Kicksecure/apparmor-profile-torbrowser apparmor-profile-torbrowser]: * Implemented apparmor-profile-torbrowser improvements, see: [https://forums.whonix.org/t/why-does-the-tor-browser-apparmor-profile-have-sys-admin-sys-chroot-and-ptrace-capabilties/7409 Why does the Tor Browser AppArmor profile have sys_admin, sys_chroot and ptrace capabilities?] * Removed SecBrowser code since it is now deprecated. https://github.com/Kicksecure/apparmor-profile-torbrowser/commit/1ae495a91cd2121ebe8b98a798122a5dfa19ed92 Other AppArmor improvements: * Implemented AppArmor Live Mode fixes and various enhancements. https://forums.whonix.org/t/whonix-apparmor-profiles-development-discussion/108 https://forums.whonix.org/t/live-mode-etc-apparmor-d-tunables-home-d-live-mode-breaks-aa-enforce/5868 * Numerous apparmor profile enhancements were added. * Added a new apparmor-watch tool to check for DENIED and ALLOWED log messages. https://github.com/Kicksecure/helper-scripts/commit/8aabfbbe96595b92d8cc7bf35fb3ca690d9a2313 * Implemented apparmor-info which parses AppArmor denial logs to hide unnecessary information and remove duplicates. https://github.com/Kicksecure/helper-scripts/commit/3ddf9feba6ddebc7657712c6a604c9dfe500889e === Bug Fixes === [https://github.com/whonix/anon-apps-config anon-apps-config]: * Disabled GPG default key servers. https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607/8 * Removed SecBrowser code since it is deprecated. https://github.com/Whonix/anon-apps-config/commit/8ec996766db99d98e69202a341805a54263b9209 [https://github.com/Kicksecure/anon-connection-wizard anon-connection-wizard]: * Updated usr/share/anon-connection-wizard/bridges_default from ~/tor-browser/Browser/TorBrowser/Data/Tor/torrc. https://github.com/Kicksecure/anon-connection-wizard/commit/fba74756136ac85b68e64f63311d64107cf5383f * Fixed error handling. https://github.com/Kicksecure/anon-connection-wizard/commit/380b4b3411aa9f8a1a31e8a2b2decedc52d431df * Minor non-Whonix reliability fix. https://github.com/Kicksecure/anon-connection-wizard/commit/cb20675cecb5c023dc47e3a8df680c98df544501 * Modified wording to be similar to the newer tor-launcher. https://github.com/Kicksecure/anon-connection-wizard/commit/47a9303bcb8c34517c90fb4439e03951a029281b * Partial fix for meek lite in {{project_name_short}}. See: [https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/9 censorship circumvention / Tor pluggable transports]. https://github.com/Kicksecure/anon-connection-wizard/commit/3d1d5ad3f5ec5a9da997c248cdc78ad0c8669533 * Added /usr/lib/anon-gw-anonymizer-config/edit-etc-resolv-conf as another part of fixing meek lite in {{project_name_short}}. See: [https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-meek-azure-bridge-tls-error/11383 Whonix Gateway CLI-15.0.1.5.4 - meek-azure bridge "TLS_ERROR"]. https://github.com/Kicksecure/anon-connection-wizard/commit/2b33df7e051a2d7426b6312ecc9a128f7e7ffa95 * Fixed anon-connection-wizard truncated text. * Fixed a bug in Whonix 15.0.0.8.9 where anon-connection-wizard added %include /etc/torrc.d/95_whonix.conf to /etc/tor/torrc configuration file even though Whonix was already ported to %include /etc/torrc.d/ * Fixed some “unknown connection tag” messages in Whonix-Gateway. * Fixed default bridges. https://github.com/Kicksecure/anon-connection-wizard/commit/56cdf3e3de1753f61827cf402116357b3292a80b https://forums.whonix.org/t/anon-connection-wizard-crash/11782 [https://github.com/whonix/anon-gw-anonymizer-config anon-gw-anonymizer-config]: * Reload apparmor profiles after installation to make the package work -- a reboot is no longer required. https://github.com/Whonix/anon-gw-anonymizer-config/commit/57e1b3a3678b3026a2ab30b031f42f4ca7f4f173 * Partial meek lite fix in {{project_name_short}} -- added /usr/lib/anon-gw-anonymizer-config/edit-etc-resolv-conf. https://github.com/Whonix/anon-gw-anonymizer-config/commit/3242a0fc37b24847a6168cd7563af9ab582dbb4a See forum threads: [https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/9 censorship circumvention / Tor pluggable transports] and [https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-meek-azure-bridge-tls-error/11383 Whonix Gateway CLI-15.0.1.5.4 - meek-azure bridge "TLS_ERROR" ]. [https://github.com/whonix/anon-meta-packages anon-meta-packages]: * Fixed ristretto missing thumbnails and popup by installing tumbler by default -- added “Depends: tumbler” to whonix-workstation-packages-recommended-gui https://github.com/whonix/anon-meta-packages/commit/0ad99f40b5496bf4ddb38aa5aa8ec42e6d923075 tumbler is a “Recommends:” of ristretto. [https://forums.whonix.org/t/which-image-viewer-to-install-by-default/9268/3 Which image viewer to install by default?] * OnionShare is no longer installed by default. https://github.com/whonix/anon-meta-packages/commit/3e0d2bdceea7046e1120e289e0077d3127057ee5 Debian buster -- which {{project_name_short}} 15 is based on -- packages version 1.3.2. This only supports legacy v2 onions which are being [https://blog.torproject.org/v2-deprecation-timeline phased out and deprecated on July 15th, 2021]. https://lists.torproject.org/pipermail/tor-dev/2020-May/014322.html [https://forums.whonix.org/t/onionshare-whonix-integration-development-discussion/300 OnionShare Whonix integration development discussion]. The [[OnionShare|Flatpak installation method]] is recommended at this time. * Bumped python-msgpack to python3. ZeroNet now uses python3 and python2 is removed from Debian as of bullseye. https://github.com/whonix/anon-meta-packages/commit/d95f9ec9333591ad1edd100662c5a71b5cd66f9b * Split the repository-dist GUI / CLI dependencies. https://github.com/whonix/anon-meta-packages/commit/7fa7f26037976fea5b48bb1852d7caa5809e3ee2 https://forums.whonix.org/t/kicksecure-minimal-version/11613/4 [https://github.com/Whonix/anon-ws-disable-stacked-tor anon-ws-disable-stacked-tor]: * Fixed "Firefox is offline" messages in Tor Browser 10.5a17 and above. https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/73a4e81dee4a2cb5f0453d024d41f20a307802e8 Various fixes for [[I2p|I2P]] inside Whonix-Workstation: https://forums.whonix.org/t/i2p-inside-whonix-workstation-broken/8610/83 i2p is not yet installed by default because of this [https://forums.whonix.org/t/installation-and-fix-of-i2p-inside-whonix-workstation-by-default/8610/106 reason]. * Preparation for installation of i2p by default. * Do not autostart i2p.service if installed. * Do not autostart privoxy.service if installed. * Do not autostart i2p.service in Qubes Template. * Do not autostart privoxy.service in Qubes Template. * Fixed the i2pbrowser local browser homepage. [https://github.com/Kicksecure/open-link-confirmation open-link-confirmation]: * Remove SecBrowser code since it is deprecated. https://github.com/Kicksecure/open-link-confirmation/commit7c8fce21d7146a370adbd3073f25b4602901b813 [[Qubes-Whonix]]: * Enabled a workaround for a Qubes (Xen) Monero bug - “Automatic fallback to softwarecontext renderer”. * sdwdate-gui: Fixed an unwanted automatic restart of Qubes-Whonix-Workstation after shutdown and no longer qrexec notify self on shutdown. * Fixed a msgcollector sudoers issue when qubes-core-agent-passwordless-root package was removed. * vm-config-dist is now installed in {{q_project_name_short}} so the QMLSCENE_DEVICE=softwarecontext workaround is available. https://github.com/whonix/anon-meta-packages/commit/4e6db57c3fba6329dd1f23818523e43fa4e1e98d * Fixed the [https://github.com/QubesOS/qubes-issues/issues/5930 Networks VMs are restarting themselves without valid reason] bug in Qubes-Whonix. * Fixed the [https://github.com/QubesOS/build-issues/issues/1769 qvm-kill'ing a DispVM leaves a spurious entry in qubes.xml] bug in Qubes-Whonix. * Allow dummy-dependency to fulfill the dependency of qubes-core-agent-passwordless-root in Qubes-Whonix. * Attempted to fix the Qubes-Whonix bug: [https://forums.whonix.org/t/setting-up-anon-base-files-shows-machine-id-prompt-followed-by-ominous-warning/8045 Setting up anon-base-files shows machine-id prompt followed by "OMINOUS WARNING"]. [https://github.com/Kicksecure/security-misc security-misc]: * Fixed security-misc to allow group sudo and console to use consoles. * No longer unconditionally abort pam for user accounts with locked passwords. [https://github.com/Kicksecure/tb-default-browser tb-default-browser]: * Removed SecBrowser code since it is deprecated. https://github.com/Kicksecure/tb-default-browser/commit/e2a05621ae54cad84dccc293ed43089fcc745b87 [https://github.com/Kicksecure/tb-starter tb-starter]: * Removed SecBrowser-specific code since it is deprecated. * Added custom user.js support. https://github.com/Kicksecure/tb-starter/commit/b5d2280ad445bc1fbdb613424664bf8503e6f395 * Updated Tor Browser Integration. https://forums.whonix.org/t/tor-browser-integration/11912 * Fixed a tb-starter bug. [https://github.com/Kicksecure/tirdad tirdad]: * Load tirdad before LKRG so LKRG does not judge tirdad to be malicious. https://github.com/Kicksecure/tirdad/commit/2fc3c726dd09dbf9cfe0ad51a327d02ce392a16b * /etc/modprobe.d/30-tirdad.conf softdep p_lkrg pre: tirdad: Imported from the LKRG package since it does not belong there and because Debian packaging for LKRG is now provided by upstream. /usr/lib/anon-gw-anonymizer-config/torrc-d-cleaner: * During package upgrades of anon-gw-anonymizer-config, avoid moving /etc/torrc.d/95_whonix.conf to /etc/torrc.d/backup/95_whonix.conf.dpkg-new. https://github.com/Whonix/anon-gw-anonymizer-config/commit/97baabc4b71abf6395ef0d1815cd63e74b7da050 [https://github.com/whonix/whonix-firewall whonix-firewall]: * Miscellenous improvements. [https://github.com/Whonix/whonix-firewall/compare/a8ceb10498b48b70110593c41dab95f11cb9c4fb...16932a004befd1b2c175648f29e6eb77c42f2cc5 fix, don’t lock down network if IPv6 isn’t available and thereby no need to firewall, apparmor profile added in complain mode]. * Remove deprecated variable SOCKS_PORT_TBB_GPG. https://github.com/Whonix/whonix-firewall/commit/24dd32c992a426c43d08e972fb8004614a314f75 * Whonix-Gateway firewall: implemented INTERNAL_OPEN_PORTS. * Deprecated support for SOCKS_PORT_CUSTOM=" 9230 " syntax; use INTERNAL_OPEN_PORTS+=" 9230 " instead. * Refactoring / code simplification. [https://forums.whonix.org/t/internal-open-ports-setting/11404 INTERNAL_OPEN_PORTS setting] https://github.com/Whonix/whonix-firewall/commit/f8fce1133fbb1408b281dd9175b781f657fa3d5e * Fixed denial errors. https://github.com/Whonix/whonix-firewall/commit/b5e89fb8e13e8b64006aa65cd39baa2c50abe823 Other fixes: * Fixed whonixcheck msgcollector permission errors. * Corrected authentication failures related to Anon Connection Wizard and {{project_name_short}} repository. https://github.com/Whonix/commit/5067d7eca6cfb36b71fe62ff7f3461f87bcdb3f6 * Resolved the APT error relating to Debian's suite value changing from 'testing' to 'stable'. https://forums.whonix.org/t/apt-get-error-e-repository-tor-https-cdn-aws-deb-debian-org-debian-security-buster-updates-inrelease-changed-its-suite-value-from-testing-to-stable/7704 * Fixed starting pkexec-based applications from start menu, such as gdebi, synaptic and gparted. https://forums.whonix.org/t/cannot-use-pkexec/8129 * Added an encrypted swap file to the system to avoid Whonix-Gateway freezing (for systems with low RAM) during the apt full-upgrade procedure. This also creates a new encrypted swapfile with a random password on every boot. https://github.com/Whonix/swap-file-creator https://forums.whonix.org/t/swap-swap-file-whonix-gateway-freezing-during-apt-get-dist-upgrade-encrypted-swap-file-creator/8317 * Worked around a NoScript race condition that permitted JavaScript on around 30 sites in Tor Browser when the Security Slider was set to Safest. https://forums.whonix.org/t/noscript-with-security-slider-at-safest-permits-around-30-sites/8160 https://github.com/Whonix/commit/9fa062aafe9d3d8ad94aa6850225664f914174f0 * Prevented the keyboard-configuration debconf popup during apt full-upgrade. https://forums.whonix.org/t/keyboard-configuration-debconf-popup-during-apt-get-dist-upgrade/8318 https://github.com/Kicksecure/legacy-dist/commit/4bb3f9a93cef7a2076a70b986aa2c34d28ae1acf * Implemented a command-not-found permission fix to avoid the ''WARNING:root:could not open file '/etc/apt/sources.list''' message. https://github.com/Kicksecure/legacy-dist/commit/4202681132b1f0307cc95ceb3a1ca231fe6d9b3d https://forums.whonix.org/t/command-not-found-warningcould-not-open-file-etc-apt-sources-list/7903 * Fixed the bug parsing torrc.d twice. * Added x11-xserver-utils to kicksecure-desktop-environment-essential-gui to fix Xfce logout button. [https://forums.whonix.org/t/whonix-host-operating-system/3931/109 Whonix host operating system] * Disabled vm.unprivileged_userfaultfd=0 because it is currently broken. [https://forums.whonix.org/t/kernel-hardening/7296/406 Kernel Hardening] Reverts “Restrict the userfaultfd() syscall to root as it can make heap sprays easier.” https://duasynt.com/blog/linux-kernel-heap-spray * pkexec wrapper: fixed gdebi / synaptic but at the cost of checking for passwordless sudo /etc/suders /etc/sudoers.d exceptions. [https://forums.whonix.org/t/cannot-use-pkexec/8129/53 cannot use pkexec] * SecBrowser / i2pbrowser: no longer use firejail by default even if installed since it is not currently maintained by a contributor in Whonix / Kicksecure. * Fixed an onioncircuits error report related to user permissions.
disksd[572]: failed to load module crypto: libbd_crypto.so.2: cannot open shared object file: No such file or directory
[https://forums.whonix.org/t/onion-circuits-does-not-appear-in-the-tor-control-panel/8838 onioncircuits started from tor-control-panel by running it under user debian-tor rather than root]. * Added an ENOUGH_RAM setting to swap-file-creator (1950 MB RAM default), so if there is enough RAM a swap file is not created (improving boot time). [https://forums.whonix.org/t/swap-swap-file-whonix-gateway-freezing-during-apt-get-dist-upgrade-encrypted-swap-file-creator/8317 Fix Non-Qubes-Whonix Whonix-Gateway slow boot]. * first-boot-skel: fixed /etc/skel/.bashrc to /home/user/.bashrc handling if the home folder is completely empty. * Disabled the Tor Browser security slider question at first start because it is [https://forums.whonix.org/t/broken-security-slider/8675 broken]. Also: check for noexec, remount exec and work on [https://github.com/Kicksecure/tb-updater/compare/224ab0e448e5c3c349e6f2518aea7d1f4ccf9c08...52933f4b607ca2e724c9f39e59576ac731bbf4a7 Qubes DispVM exec / noexec]. * Disabled proc-hidepid due to pkexec issues. * Removed command-not-found from the default package installation, since it is not working out of the box which leads to confusing error messages. It is also not compatible with apt speedup, see: [https://forums.whonix.org/t/speeding-up-apt-update-with-acquire-languages-none-and-contents-deb-defaultenabled-false-its-so-much-faster/8894/1 Speeding up "apt update" with Acquire::Languages=none and Contents-deb::DefaultEnabled=false - It's so much faster!] For instructions on how to use command-not-found, see [[Command-not-found|here]]. * Ensured consistent parsing of /usr/local/etc/name.d for applications by Whonix that also parse /etc/name.d. Parsing /rw/config/name.d is still possible for compatibility but will be deprecated. * Fixed adduser -- no longer writing to /nonexistent. * Set the environment variable QMLSCENE_DEVICE=softwarecontext (in VirtualBox, and also after upgrades in KVM) to workaround a [https://github.com/monero-project/monero-gui/issues/2878 VM-specific Monero bug]. * Implemented a sdwdate python 3.7 fix if the host timezone is set to something other than UTC. * Fixed a false positive live mode detection in live mode indicator. * Fixed update-torbrowser not seeing version 10.0.6 due to a new, upstream version format. https://forums.whonix.org/t/update-torbrowser-does-not-see-version-10-0-6/10711 * Tor Browser Starter by Whonix Developers: fixed opening URLs which contain question marks and added more folder permission checks. * ro-mode-init: fixed the non-functional Live Mode Indicator. https://forums.whonix.org/t/ro-mode-init-live-mode-indicator-not-working/6795/17 * Fixed Thunderbird connectivity out of the box with a [https://forums.whonix.org/t/torbirdy-replacement/8782/35 torbirdy replacement]. * qtox is no longer installed by default. https://forums.whonix.org/t/tox-qtox-whonix-integration/1219/18 no longer installed by default * Disabled the following Tor stream isolation ports since the related applications in Whonix have been deprecated: ** Mixmaster update (9120) ** Mixmaster (9121) ** Privoxy (9112) ** Polipo (9113) ** TorChat (9119) ** Tor Browser Updater by Whonix Developers gpg key download (9116) The key is now hardcoded in package source code. ** Tor Messenger (9153) * Installation no longer requires auditd by default. https://github.com/Whonix/anon-gw-anonymizer-config/commit/520f232dd68dafd9e66f0c78a37ebc3223d691c0 https://phabricator.whonix.org/T537 * [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: Fixed missing ristretto thumbnails and popup by installing tumbler by default -- this adds “Depends: tumbler” to whonix-workstation-packages-recommended-gui. https://github.com/Kicksecure/kicksecure-meta-packages/commit/493155ea1b77c22b3e0e4749105503b42f03d2c7 tumbler is a “Recommends:” of ristretto. [https://forums.whonix.org/t/which-image-viewer-to-install-by-default/9268/3 Which image viewer to install by default?] === Builds === [https://github.com/Kicksecure/kicksecure-meta-packages kicksecure-meta-packages]: * Removed os-prober from non-qubes-vm-enhancements-cli since it is only useful for multi-boot which is rarely done inside VMs because it can cause build issues. https://github.com/Kicksecure/kicksecure-meta-packages/commit/31c50ba43b8acd9477f375f1635b931eaaa599f4 * Split repository-dist GUI / CLI dependencies. https://forums.whonix.org/t/kicksecure-minimal-version/11613/4 https://github.com/Kicksecure/kicksecure-meta-packages/commit/25f3d81398d90653ea632604381b161a63cfadd0 * Removed SecBrowser code since it is deprecated. https://github.com/Kicksecure/kicksecure-meta-packages/commit/6fc4f399b9ae2dab67b062a640be2364d33acb7b [https://github.com/Kicksecure/repository-dist repository-dist]: * Reduced dependencies for CLI version; split dependencies into repository-dist (CLI) and repository-dist-wizard (GUI). https://forums.whonix.org/t/kicksecure-minimal-version/11613 https://github.com/Kicksecure/repository-dist/commit/e1faf410205132c3fa19800febe44f5c8e169998 Whonix Build Script: * Ported onion support from onion v2 to onion v3. * Mac M1 / arm64 architecture support development. https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310 Other changes: * Bumped base Debian packages to 10.1. * Work on [https://github.com/Kicksecure/hardened-kernel hardened Linux kernel for VMs and hosts]. [https://github.com/Kicksecure/hardened-kernel/compare/84824c97b26181a65893d7a4580bd025d4b48eaf...e21751758d643dbdb2e0a3f7b0e2407f3172dc34 Build CI builds on Travis CI] [https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/292 Integration with APT and packaging] is not yet complete. Help welcome! * [https://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/whonix-for-arm64-raspberry-pi-rpi/1788/126 Work on fixing arm64 / RPi builds -- incomplete]. Help is welcome to finish this work. * Fixed packaging issues preventing experimental ppc64el builds. * Fix building without using cowbuilder to allow for build support in more environments; that is, building with export make_use_cowbuilder=false. * Fixed errors causing Whonix-Gateway build failures on a physical host. See: [https://forums.whonix.org/t/error-failed-bilding-whonix-gateway-on-physical-host/9742 Error. Failed bilding Whonix gateway on physical host.] * Packages are now more standalone in nature -- no Whonix-specific build dependencies (genmkfile) are required. In other words, packages can now be built without genmkfile. === Contentious Changes === * Tor Browser Updater (by Whonix developers): reduced old versions being kept to 0 in /var/cache/tb-binary. === Developer Notes === anon-base-files: * Do not create a home folder during postinst. * Leave user user creation to Qubes. * Fixed and actually use --no-create-home. [https://github.com/Kicksecure/repository-dist repository-dist]: * The same GPG signing key is now used with new e-mail addresses. https://github.com/Kicksecure/repository-dist/commit/b369b4417083d9f270898d40531c6f04bd91d88b [https://github.com/Kicksecure/sdwdate sdwdate]: * Split [https://github.com/whonix/anon-meta-packages Anon Meta Packages] into Anon Meta Packages (Whonix) and [https://github.com/kicksecure/kicksecure-meta-packages {{kicksecure}} Meta Packages]. * Renamed whonix-repository to repository-dist. * Renamed setup-dist to setup-dist. * Renamed whonix-setup-wizard to setup-wizard-dist. * Renamed whonixcheck to systemcheck. * Ported to onion v3. https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/176 https://forums.whonix.org/t/sdwdate-time-sources-criteria/11035/4 ** Removed all v2 onion sources. ** Ported to onion v3 onion sources. * Restored MAX_FAILURE_RATIO=0.34 since enough v3 onions are available. https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/191 MAX_FAILURE_RATIO=0.7 was previously set, see: https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/191 https://github.com/Kicksecure/sdwdate/commit/2173934e555975c61db81b54da259aacca87cfbd * Added /usr/share/sdwdate/onion_test_confirm; this is a script to check if onions correspond to archived link. https://github.com/Kicksecure/sdwdate/commit/05bee21d01827644376713990c4246f4f29bdb52 * Moved comment field rules to [https://www.kicksecure.com/wiki/Sdwdate#Comment_Field_Rules Sdwdate: Comment Field Rules]. https://github.com/Kicksecure/sdwdate/commit/0d546e5f2f53805c1cd21fe936f0f352da98c6f9 * Change the onion source comment format, the archived link now appears first. https://github.com/Kicksecure/sdwdate/commit/f20463362bc15f2f6bf70e6d1199620644f89855 * Implemented a more human-readable format. https://github.com/Kicksecure/sdwdate/commit/eff69c4bfe6dfe91e9558cd85d952236f40dbdfe * Config test changes. https://github.com/Kicksecure/sdwdate/commit/d4c94e61d548a1e362741f6ee31ac3f0a7cd1b4b * Implemented arm64 architecture support fixes. https://github.com/Kicksecure/sdwdate/commit/149835c753b937eee8854a50a35e0d61da37073c * Fixed onion_tester. https://github.com/Kicksecure/sdwdate/commit/85fcd64b5e9c8c0a51682ef3d1083bf80c54901b * Split arch-specific syscalls from the base whitelist. https://github.com/Kicksecure/sdwdate/commit/154008697f6530c3609d8de2509e3a6436691fa5 * Added one more SystemCallFilter syscall for arm64. https://github.com/Kicksecure/sdwdate/commit/41e714f326d45773c90c9cba667967aa866c46aa * Added extra SystemCallFilter syscalls required for restarting sdwdate on arm64. https://github.com/Kicksecure/sdwdate/commit/fd5cadd6c79287fea165f62c9937a0be0cae2f85 * Fixed systemd sandboxing for the arm64 platform. https://github.com/Kicksecure/sdwdate/commit/3759520aac6f13d5882f9450a54f49a5afa938cb * Fixed systemd sandboxing for the powerpc64 / ppc64el platform. https://forums.whonix.org/t/apply-systemd-sandboxing-by-default-to-some-services/7590/58 https://github.com/Kicksecure/sdwdate/commit/4d1aeac0fa2e119bc7e0277175acd86aa45503c6 [https://github.com/Kicksecure/developer-meta-files developer-meta-files]: * prepare_release: added libvirt raw image support and multiple platform support. https://github.com/Kicksecure/developer-meta-files/commit/1a8f1c6916683f76c611895cb9f3349a66fa0e29 Other changes: * Added anon-base-files to whonix-host-xfce-kvm-freedom. * Added hardened-malloc to hardened-packages-dependencies-cli. * Removed unneeded dependency live-config-systemd. * No longer depend on logrotate. * [https://forums.whonix.org/t/whonix-development-news/9251 Whonix Development News] * Significant progress regarding Whonix-Host development. * Whonix is slowing migrating from GitHub to GitLab. See: [https://forums.whonix.org/t/whonix-moving-from-github-to-gitlab/9676/6 Whonix moving from GitHub to GitLab]. The current developers-only version and next stable version of Whonix can be built completely from GitLab. === Documentation === * Documented how to use [[Recovery|recovery mode]]. * Created detailed [[Dev/Project Networking|Whonix Networking Implementation Documentation]] which documents the differences with Debian networking. https://forums.whonix.org/t/whonix-networking-implementation-developer-documentation-feedback-wanted/8274 * Wrote [[Dev/VirtualBox#VirtualBox_Guest_Additions_Bugs|research notes]] on how to write good VirtualBox bug reports that actually have a chance of getting fixed. * Wrote [[Dev/VirtualBox|VirtualBox developer documentation]] on VirtualBox Licensing Issues, unavailable in Debian main and Debian backports, missing features, VirtualBox security and arguments for keeping VirtualBox Support. * Documented [[Onion_Services#Step_3:_Configure_Onion_Services_Authentication|Onion Services Authentication]] for v3 onions. * Researched and documented [[Dev/Entropy|entropy / randomness generation]]. * Rebranded Whonix as a research project. https://forums.whonix.org/t/whonix-experimental-for-how-long/5206/6 Old: “Whonix is experimental software. Do not rely on it for strong anonymity.” New: “Whonix is a research project.” * Added [[Vanguards|vanguards documentation]]. [https://forums.whonix.org/t/vanguards-additional-protections-for-tor-onion-services/8064/11 vanguards - Additional protections for Tor Onion Services] * Added [[Security-misc|security-misc documentation]] for [https://github.com/Kicksecure/security-misc#enhances-miscellaneous-security-settings stable security features], testing security features and experimental security features. * Documented how to create and use a [[One_Time_Pad|Physical One-time Pad]] for unbreakable message or email encryption (perfect secrecy). * Created an entry on [[VoIP#Asterisk_VoIP_Server_over_OpenVPN_in_Tor_Hidden_Service|How To setup Asterisk VoIP server over OpenVPN in Tor hidden service]]. * Documented how to change the [[Timezone|system timezone]]. Multiple, new wiki chapters:
* [https://www.kicksecure.com/wiki/Mobile_Phone_Security Mobile Phone Security] * [[Cold_Boot_Attack_Defense|Cold Boot Attack Defense]] * [[AEM|Evil Maid Attack]] * [[Miscellaneous_Threats_to_User_Freedom|General Threats to User Freedom]] * [[Login_spoofing|Login Spoofing]] * [[Orca|Orca Screen Reader]] * [[Phone_Number_Validation|Phone Number Validation vs User Privacy]] * [[Policy_On_Nonfreedom_Software|Policy On Non-Freedom Software]] * [[Social_Engineering|Social Engineering and (Spear) Phishing]] * [[Telegram]] * [[Tor_Myths_and_Misconceptions|Tor Myths and Misconceptions]] * [[Tuning|Tuning VM Performance]] * [[Please_Use_Search_Engines_And_See_Documentation_First|Utilize Search Engines and Documentation]] * [[VM_Fingerprinting|VM Fingerprinting]] threats and defenses * [[YouTube|Watching]] and [[yt-dlp|Downloading YouTube Videos]]
Multiple wiki improvements/enhancements:
* [[Dev/Build_Documentation/Physical_Isolation|Build Documentation: Physical Isolation]] * [[Full_Disk_Encryption|Full Disk Encryption]] * [[USB Installation|Installation of {{project_name_short}} on a USB]] * [[Metadata]] * [[Hardware_Threat_Minimization#Speakers|Minimizing threats posed by speakers]] * [[Multiple Whonix-Gateway|Multiple Whonix-Gateway]] instructions for Non-Qubes-Whonix * [[root|Safely Use Root Commands]] * [https://www.kicksecure.com/wiki/Sdwdate#sdwdate_Clock_Randomization sdwdate Clock Randomization] and [https://www.kicksecure.com/wiki/Sdwdate#sdwdate_Time_Sources_Criteria Time Sources Criteria] * [[Protection_Against_Physical_Attacks#Screen_Lock|Secure screen locking documentation]] * [[Stream_Isolation|Stream Isolation]] instructions for manually installed applications * [[Dev/Strong_Linux_User_Account_Isolation|Strong Linux User Account Isolation]] * [[Firmware_Security_and_Updates#Supply_Chain_Attacks|Supply Chain Attacks]] * [[SysRq|System Recovery using SysRq Key]] * [[Two-factor_authentication_2FA|Two-factor Authentication (2FA)]] * [[Stream_Isolation#Transparent_Proxy|What is a TransparentProxy]] * [[Whonix-Workstation_Firewall|Whonix-Workstation Firewall]] * [[Dev/Default_Application_Policy|{{project_name_short}} Default Application Policy]]
=== Improved Functionality and Usability === [https://github.com/Kicksecure/anon-apt-sources-list anon-apt-sources-list]: * Removed extra spaces. https://github.com/Kicksecure/anon-apt-sources-list/commit/478336061969596efe9b7ddc3b36c51afb51139a * Disabled deb-src by default and implemented comment consistency. https://github.com/Kicksecure/anon-apt-sources-list/commit/4832b9233b923624aa5df742e302576bdbd1882b * Implemented the same format as https://onion.debian.org. https://github.com/Kicksecure/anon-apt-sources-list/commit/4832b9233b923624aa5df742e302576bdbd1882b * Removed the trailing slash ("/") from Debian security repository. https://github.com/Kicksecure/anon-apt-sources-list/commit/a7429c32d94c406e4f00478fa095989fb98e4546 Since it is not used on https://onion.debian.org. * Updated to Debian v3 onion sources: https://onion.debian.org https://github.com/Kicksecure/anon-apt-sources-list/commit/e3a261a3ab032f964c65c47a3187d6f4624f01f4 [https://github.com/Kicksecure/anon-connection-wizard anon-connection-wizard]: * Updated the default bridges in anon-connection-wizard from The Tor Project https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js and removed ‘-max 3’ from the snowflake command. * Removed the deprecated obfs3 bridges option from Anon Connection Wizard. anon-consensus-delete: * Created a new anon-consensus-delete command line utility. * [[Tor#Tor_Consensus_Re-Download|Tor Consensus Re-Download]] * While [[Tor_Entry_Guards|Tor Entry Guards]] persist, it results in Tor re-downloading the Tor Consensus document. This is not usually required. [[Tor#anon-log|anon-log]]: * Created the new anon-log command line utility. * anon-log simplifies the manual [[Tor#Dump_Tor_Log|dump Tor log]] command by only showing relevant log entries and no non-issues. [[Tor#Configuration_Check|anon-verify]]: * Report extraneous Tor configuration files (files that do not end with file extension .conf). * Ignore file names starting with dot (.) Quote Tor manual: ‘Files starting with a dot are ignored.’ * Ignore subfolders when using %include /path/to/folder Quote Tor manual: ‘Files on subfolders are ignored.’ * Fix checking of all files in torrc.d folders for issues. [https://github.com/Kicksecure/binaries-freedom binaries-freedom]: * Upgraded the Bitcoin Electrum wallet to version 4.1.2. Added electrum-4.1.2-x86_64.AppImage. See: https://github.com/Kicksecure/binaries-freedom/commit/8ba7669ec2177434619d449b0190bd44ee0d2da0 * Added ThomasV signing key. https://github.com/Kicksecure/binaries-freedom/commit/368a6667fb8c4d162cfeb20bcd5b91d6a02d29f8 * Added SomberNight signing key. https://github.com/Kicksecure/binaries-freedom/commit/6e7ef0e7468f03a99fb32c0a5aefb4c7016ed404 * Updated to version 4.1.4. https://github.com/Kicksecure/binaries-freedom/commit/c5905a63a1934db3a7fe628dc2f69092e2f539f9 [https://github.com/Kicksecure/helper-scripts helper-scripts]: * Added apt-key-install. https://github.com/Kicksecure/helper-scripts/commit/5b0c3c7e9526691ce1b0e27bf51ef6994596963f This is a utility to install APT signing key to the system Input file. It can support GPG keys in either ASCII-armored or binary format. Due to apt-key deprecation by Debian; see [https://forums.whonix.org/t/apt-key-deprecation-apt-2-2-changes/11240/1 apt-key Deprecation / Apt 2.2 changes]. [https://github.com/Kicksecure/genmkfile genmkfile]: * Changed the output of genmkfile deb-chl-bumpup-manual. https://github.com/Kicksecure/genmkfile/commit/c2c649bc91cddc4fa1884213cc0b6bed14d43f2f gvfs: * Installed gvfs by default: https://phabricator.whonix.org/T965 [https://forums.whonix.org/t/cannot-access-encrypted-usb-drive-with-thunar-in-whonix-15/8131/10 Cannot access encrypted USB drive with Thunar in Whonix 15] [https://forums.whonix.org/t/whonix-host-operating-system/3931/109 Whonix host operating system] [https://forums.whonix.org/t/whonix-xfce-development/6213/99 Whonix Xfce Development] [https://forums.whonix.org/t/use-sudoedit-in-whonix-documentation-and-whonix-software/7599/22 Use sudoedit in {{project_name_short}} documentation and Whonix software] * Fixed access to LUKS encrypted USB drive with Thunar. * Added gvfs to kicksecure-desktop-applications-xfce. [https://github.com/Kicksecure/helper-scripts helper-scripts]: * Added the initramfs-debug-enable debugging tool which enables xtrace (set -x). https://github.com/Kicksecure/helper-scripts/commit/ab21083cf0330f081172ca060b1fa996b6387442 * Removed unnecessary cat calls. https://github.com/Kicksecure/helper-scripts/commit/fa66630cbb81e99cbfe34326bd14558cc26b8e97 https://github.com/Kicksecure/helper-scripts/commit/1ac0cdca37dcaa073caebdccce58ff4c7f47f4ae * Disabled running anondate-get as diagnostic utility since it cannot currently be run due to no new privs apparmor issues with the sdwdate apparmor profile. This AppArmor bug is likely fixed in Debian bullseye. https://github.com/Kicksecure/helper-scripts/commit/9aa8fe97277d7bdbdf8530c796b512345b6bed8f [[Monero]]: * Installed [https://gitlab.com/kicksecure/monero-gui Monero GUI] by default in Whonix-Workstation. * Upgraded the monero-gui package to version 0.17.2.1. https://gitlab.com/kicksecure/monero-gui/-/commit/7aee0082903927991367008810d38cfb3f4870f5 [https://github.com/whonix/onion-grater onion-grater]: * Added new command line tools onion-grater-add / onion-grater-remove which will allow to simplify instructions that require onion-grater configuration changes. * Removed Whonix specificity from onion-grater. [https://github.com/Whonix/onion-grater/compare/2711bdde4d8530e4184d8a412b1905164c4bd7e3...ca0fe4bc85c436e1877e7dd43e645c5d63e667019 Remove Whonix specificity] (default config file) from onion-grater (Whitelisting filter for dangerous Tor control protocol commands). * Simplifed and updated 40_bitcoind.yml so it works with bitcoind v0.21 https://github.com/Whonix/onion-grater/commit/9539d88c7e0b8336b74586d8c93821cad946fc90 https://github.com/Whonix/onion-grater/commit/f72b60124841b29440eaa46d1233bb0c11e411f6 * Added Wahay profile. https://github.com/Whonix/onion-grater/commit/97b8feb8dcc739eb4ffd67528fa12c6ff425384b * Added changes for arm64. https://github.com/Whonix/onion-grater/commit/465180909f97a2853eaa0192c024af0a979bb080 Onion services authentication: [https://forums.whonix.org/t/onion-services-authentication/975 Onion Services Authentication] * Created a [https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/man/anon-auth-autogen.8.ronn anon-auth-autogen(8) Tor Authenticated Onion Service Configuration Generator]. * Created a [https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/man/anon-server-to-client-install.8.ronn anon-server-to-client-install(8) Tor Authenticated Onion Service “.auth_private” file (private key) Server to Client Installer]. [https://github.com/Kicksecure/sdwdate-gui sdwdate-gui]: * Ported from tor-control-status tor_status to anon-connection-wizard and fixed minor confusing log output. https://forums.whonix.org/t/full-system-apparmor-policy-testers-wanted/10381/83 https://github.com/Kicksecure/sdwdate-gui/commit/b0aef886b6eda84e9d787868f10b0f105402863b * Disabled systemxcheck “Connecting to Tor…” and “Connected to Tor.” messages in favor of sdwdate-gui. whonixcheck connectivity check code checks Tor as well as sdwdate. Due to slow Tor/onion speed it often times out. Improving that code is difficult, so sdwdate-gui is used instead as a solution that provides better visual feedback to users. [https://github.com/Kicksecure/security-misc security-misc]: * Implemented systemd RemainAfterExit=yes for better usability. https://github.com/Kicksecure/security-misc/commit/41734ec523eb3cd233fe4651b9807222c8ccb1d5 [https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33 Restrict Hardware Information to Root - Testers Wanted!] * pam abort when attempting to login to root when the root password is locked. [https://github.com/Kicksecure/systemcheck systemcheck]: * Depends: replaced bsdtar with libarchive-tools. https://github.com/Kicksecure/systemcheck/commit/577da7d2e5aa122b2ac0fd87ade605c9747f181d https://github.com/Kicksecure/systemcheck/pull/15 * Improved the text. https://forums.whonix.org/t/one-time-popup-notification-of-whonix-15-deprecation-once-whonix-16-was-released/11720/3 https://github.com/Kicksecure/systemcheck/commit/41fd10a4929448e820533910a3bdd5026199afe4 * Added a check for deprecated derivative (Whonix or Kicksecure) versions. https://forums.whonix.org/t/one-time-popup-notification-of-whonix-15-deprecation-once-whonix-16-was-released/11720 https://github.com/Kicksecure/systemcheck/commit/fa28f533b77b0232342dac81bd8b437cb01418ae * Ensured {{kicksecure}} compatibility. * Fix telling if Tor is disabled. https://github.com/Kicksecure/systemcheck/commit/2703fc9f692115c04d1525ad36c9ff22dde20b76 * Added a Package Manager Consistency Check. This reports if the output of command dpkg --audit is non-empty, which would indicate in most cases a previously interrupted upgrade. https://github.com/Kicksecure/systemcheck/commit/7f006875d930004295a9d7eed1cfdb0522d27586 * Reorderd tests. https://github.com/Kicksecure/systemcheck/commit/a1be8de3360d0377073acc9298d68d79b70f5543 * Fixed the AppArmor profile for ppc64le. https://github.com/Kicksecure/systemcheck/commit/6a928ddd1345decc552db1391742d46ca54fe482 [https://github.com/Kicksecure/tor-control-panel tor-control-panel]: * Removed obfs2 and obfs3. https://github.com/Kicksecure/tor-control-panel/commit/39c0d67c7b536cbf9dbf4cb7306161ce63d41ef6 * Utilize the same default bridges as anon-connection-wizard. https://github.com/Kicksecure/tor-control-panel/commit/115b65e34785793b37a6f8f87f70195c5cbfeb99 [[Tor]]: * Upgraded Tor to version 0.4.2.6-1, 0.4.3.5, 0.4.5.7 and then again to version 0.4.5.9 in a later release. tor_0.4.2.6-1~d10.buster+1_amd64.deb from deb.torproject.org [https://forums.whonix.org/t/tor-0-4-25-release-how-can-we-upgrade/8614 Tor 0.4.25 release how can we upgrade] [https://forums.whonix.org/t/onion-services-ddos-defense-tor-0-4-2-5/8644 Onion Services DDOS Defense Tor 0.4.2.5] [https://github.com/Kicksecure/tb-updater tb-updater]: * Upgraded Tor Browser to version 10 and later releases in this series. * Set alpha tbb_hardcoded_version=“10.5a16”. https://github.com/Kicksecure/tb-updater/commit/6900f4d100a8b71572f055a61bec557fa633c5ce * Set tbb_hardcoded_version=“10.0.18”. https://github.com/Kicksecure/tb-updater/commit/1bf4af07d859c89c66880d7376c1707841022b77 * Utilize the Heikki Lindholm GPG signing key for digital signature verification of arm64 builds from sourceforge.net created by Heikki Lindholm. https://forums.whonix.org/t/arm64-tor-browser-maintainer/11786 https://github.com/Kicksecure/tb-updater/commit/e0ad939dc0d8978198d0a85df6f2ff63947c0f6c * Added the Heikki Lindholm GPG signing key for arm64 builds. https://forums.whonix.org/t/arm64-tor-browser-maintainer/11786 https://github.com/Kicksecure/tb-updater/commit/129ee59b2768b902b6ad6f8ff58fc738ab3b3c02 * Created an arm64 port. https://github.com/Kicksecure/tb-updater/commit/285fa1a3569395a722486cb80a999e3d370efdcb * Added arm64 platform support. https://forums.whonix.org/t/arm64-tor-browser/11806 https://forums.whonix.org/t/arm64-tor-browser-maintainer/11786 https://github.com/Kicksecure/tb-updater/commit/36bbe964ddd40f3d81bfeb005db056ecf5095c78 * Updated the signing key. https://forums.whonix.org/t/tor-browser-downloader-gpg-download-signature-could-not-be-verified/11794 https://github.com/Kicksecure/tb-updater/commit/5c31abf6b689e1506624cecaaa90986080433c01 * Fixed DispVM mounting. https://github.com/Kicksecure/tb-updater/commit/ab0143d84c018563d553a124ca05adac9e79419a#r51740265 https://github.com/Kicksecure/tb-updater/commit/8310c98af8791ab0985ba67cad6720cf8ecbac38 * Updated to Tor Project onion v3 for --onion. https://github.com/Kicksecure/tb-updater/commit/e4f848d8fe084d528ddec94a7cbca12cae7c5bb2 * Depends: replaced bsdtar with libarchive-tools https://github.com/Kicksecure/tb-updater/commit/eb6ba9b1c48afc0a394b26e1c331564948a53bd1 https://github.com/Kicksecure/systemcheck/pull/15 [[Tor_Browser#Configuration|Tor Browser Downloader configuration options]]: * Added --onion to optionally download over onions. * Added --alpha to optionally download alpha rather than stable versions. [https://github.com/Kicksecure/usability-misc usability-misc]: * Added a [https://github.com/Kicksecure/usability-misc/compare/bd68a636e96fed2183468fa2dff11aa41077506e...b2906d2ff19252aa133bb28ae025c5e011e17a50#diff-6c843b512a028989c8d03bfca584de4c dpkg-noninteractive] wrapper script. * Improved the speed of "apt update" processes. [https://forums.whonix.org/t/speeding-up-apt-update-with-acquire-languages-none-and-contents-deb-defaultenabled-false-its-so-much-faster/8894/2 Speeding up "apt update" with Acquire::Languages=none and Contents-deb::DefaultEnabled=false - It's so much faster!]. * Updated the signing key. https://github.com/Kicksecure/usability-misc/commit/d5347a7a13f73a94e6cc2cc8764ec97324c1729d [https://github.com/whonix/uwt uwt]: * Now guess and tell the user which package needs installing. https://github.com/Whonix/uwt/commit/21aa111631f17e71b989636f62748d5f77d37c30 [https://forums.whonix.org/t/whonix-workstation-xfce-15-0-1-5-4-sudo-git-uwtwrapper-uwt-wrapper-error-usr-bin-git-anondist-orig-does-not-exist/11399 Whonix Workstation Xfce-15.0.1.5.4 - sudo git - uwtwrapper uwt wrapper ERROR: /usr/bin/git.anondist-orig does not exist.] * Improved output. https://github.com/Whonix/uwt/commit/7e6b623ffaf2d7359774904d1344387c7f746432 [https://forums.whonix.org/t/whonix-workstation-xfce-15-0-1-5-4-sudo-git-uwtwrapper-uwt-wrapper-error-usr-bin-git-anondist-orig-does-not-exist/11399 Whonix Workstation Xfce-15.0.1.5.4 - sudo git - uwtwrapper uwt wrapper ERROR: /usr/bin/git.anondist-orig does not exist.] [[VirtualBox]]: * Enabled serial console functionality in VirtualBox, see: [[Recovery#Serial_Console|Serial Console]]. https://forums.whonix.org/t/serial-console-in-virtualbox/8021 This helps for recovery efforts and simplifies setting up the kernel boot parameters inside the VM. * From the VirtualBox host, simplify the sending of SysRq commands to VirtualBox VMs using the vboxmanage command. https://forums.whonix.org/t/send-sysrq-commands-to-virtualbox-usability-helper-virtualbox-send-sysrq/8369 * No longer install [https://github.com/Kicksecure/serial-console-enable serial-console-enable] by default due to [https://forums.whonix.org/t/serial-console-in-virtualbox/8021/13 issues]. See also: [[Recovery#Serial_Console|Serial Console]]. [https://github.com/Kicksecure/libvirt-dist whonix-libvirt]: * Added UTM configs. https://github.com/Kicksecure/libvirt-dist/commit/f88e3b3876e5ed11b998fd7502ccaade4a57789f Other changes: * Added support for OnionShare “bundled Tor”. * Packaged str_replace for literal search and replace functions. * Display the pulseaudio plugin by default. * Added arc-theme, gnome-themes-extra, gnome-themes-extra-data and gtk2-engines-murrine for better visual presentation and a more modern look. * Set SUDO_EDITOR="mousepad" if: mousepad is installed and the environment variable SUDO_EDITOR has not already been set. * Full /etc/torrc.d/*.conf configuration snippet drop-in folder support. [https://forums.whonix.org/t/torrc-d-is-comming/4041/72 torrc.d cleaner] * The Whonix build script now optionally supports installing packages from the Whonix remote repository, rather than building packages locally. https://forums.whonix.org/t/whonix-build-script-now-optionally-supports-installing-packages-from-whonix-remote-repository-rather-than-building-packages-locally/8107 * Simplified the default sudo lecture (presenting text upon first run) so it only shows the default password for Whonix. https://forums.whonix.org/t/disable-or-change-sudo-lecture-at-frist-run-we-trust-you-have-received-the-usual-lecture-from-the-local-system-administrator-it-usually-boils-down-to-these-three-things/8323 https://github.com/Kicksecure/dist-base-files/commit/a929f1c438a9ac2a7cc01926e30b8d210debe442 https://github.com/Kicksecure/dist-base-files/blob/master/usr/share/derivative-base-files/sudo-default-password-lecture * [https://forums.whonix.org/t/whonix-host-operating-system/3931/88 Work towards Whonix Host operating system]. * Renamed package non-qubes-vm-audio to non-qubes-audio. * [[corridor]] -- Tor traffic whitelisting gateway and leak tester -- merged upstream changes and improved Debian host support. [https://github.com/Whonix/corridor/compare/f175fa0023801bb3101a9cb2b4a48cc3391dea24...a1e43fc0fe247685f475402ea14cdfea6536cc5e Merge upstream changes]. [https://github.com/Whonix/corridor/compare/d7aee8d362bb6a4929d8faa61cc4c79985ac88fe...f175fa0023801bb3101a9cb2b4a48cc3391dea24 Improved Debian host support]. * Added usability and output enhancements to grub-live, and improved the live mode indicator systray. [https://github.com/Kicksecure/grub-live/compare/870da602532ae80f2049e927edbae2883fcd7270...65948f2efeddd95dc689490aabf2cd393fc63b00 Usability, output enhancements]. [https://github.com/Kicksecure/desktop-config-dist/compare/c6f8413c1e968a6d00e783f01f9b5d6c2d6664c1...ae1b168f48f67044a85fbbe8cf88220524856fca Added compatibility] with [[Security-misc#Restrict_Hardware_Information_to_Root|restrict hardware information to root]] for Live Mode Indicator Systray. [https://github.com/Kicksecure/desktop-config-dist/compare/ae1b168f48f67044a85fbbe8cf88220524856fca...a6c3787381a362ddc92c1ab6a98894e28724e139 Fixed Live Mode Indicator Systray] to detect [[VM_Live_Mode/ro-mode-init|ro-mode-init]]. * Added packaging and other improvements to [[Hardened_Malloc|Hardened Malloc]] [https://github.com/Whonix/hardened_malloc/compare/01a64a9a899d2c32f03d55cb5a4016f7435f1794...a361a56f4d726d182c34d9e17db1c4d54650e281 Packaging enhancements, no longer depend on genmkfile, fix, use same version number as upstream (2.0)]. * Added a sudo askpass wrapper for automated testing. [https://forums.whonix.org/t/dsudo-default-password-sudo/8766 dsudo - add sudo askpass wrapper for automated testing]. This means as long as the password is set to changeme, it is possible to use dsudo and not be asked to enter the default password. * Added packaging and other enhancements for [[kloak]]. [https://github.com/Whonix/kloak/compare/f19cee00fd8c0851d103309096c9063c20103bb9...ad4288a320da42c74649dc352b8b93c55bfec9be Packaging enhancements, no longer depend on genmkfile, can be build using standard Debian packaging tools, apparmor enhancements]. * Refactored Qubes-Whonix network proxy setup. [https://github.com/Whonix/qubes-whonix/compare/bdf2b22394439443cba2656dec3f092846848d67...381a11cb005b1f646c90e25af3a256f19bb06e7c Refactoring /usr/lib/qubes-whonix/init/network-proxy-setup]. * Created [https://github.com/Kicksecure/debug-misc debug-misc]: opt-in package which enables miscellaneous debug settings for easier debugging. This replaces grub-output-verbose. * Added links to search engines to the Whonix landing page in Tor Browser. * Split most of /usr/share/tor/tor-service-defaults-torrc into /etc/torrc.d drop-in configuration snippets. * Hide verbose output messages during boot to improve startup speed (logs are still available in the journal). * Changed the desktop background images to better distinguish Whonix-Gateway from Whonix-Workstation and vice versa. * Upgraded packages by [https://www.debian.org/distrib/packages packages.debian.org] * Set hostname to localhost for VM builds. This is a sane default that works with default /etc/hosts without generating warnings about a wrong hostname when using sudo. /etc/hostname is not managed by any configuration package and can be changed. * Disable DNSCrypt by default for now due to issues. This might be re-introduced later as an opt-in package, see: [https://forums.whonix.org/t/use-dnscrypt-by-default-in-kicksecure-not-whonix/8117 Use DNSCrypt by default in Kicksecure? (not Whonix!)] * The Debian stable-updates repository is now enabled by default. See: [https://forums.whonix.org/t/enable-debian-stable-updates-repository-by-default/9382 enable Debian stable-updates repository by default]. * Merged python-guimessages into helper-scripts. * Set ClientOnionAuthDir in /var/lib/tor/authdir. * Permit Tor Browser to show improved error pages for onion service errors. * Whonix-Workstation Firewall: added a configuration option firewall_allow_udp=true to allow outgoing UDP. * anon-apps-config: Skip setting timezone to UTC if file /etc/noutc or /usr/local/etc/noutc exists. * whonixcheck now warns if dmesg contains “Bad RAM detected”. * Added a DVD drive by default for Whonix-Custom-Workstation. This avoids a grave usability issue whereby users cannot choose ISO in VirtualBox first start wizard (which asks for which ISO to boot). https://forums.whonix.org/t/no-longer-add-virtual-dvd-drive-to-vm-by-default/9337 * Created a [https://forums.whonix.org/t/constrained-system-resources-program-starter-wrapper/10914 constrained system resources program starter wrapper] which is useful to run applications with limited system resources. * Implemented an apt-get-reset command for improved usability. https://github.com/Kicksecure/usability-misc/commit/d8a390c2c546e560c9b31c483b9ab4bcc1f0b067 * whonix-welcome-page: added a link to https://web.archive.org/https://t.me/s/Whonix_ * Added gpg-dearmor. https://github.com/Kicksecure/helper-scripts/commit/5ffcd6d28454195889c8dd208a35a5d405524430 This is a wrapper to convert to GPG ASCII-armored format binary format. Due to apt-key deprecation by Debian. Only GPG binary format is understood by Debian’s APT; see: [https://forums.whonix.org/t/apt-key-deprecation-apt-2-2-changes/11240 apt-key Deprecation / Apt 2.2 changes].. === Kernel and Related Hardening === Significant [https://forums.whonix.org/t/kernel-hardening/7296/140 kernel] and other security hardening has been implemented; numerous enhancements have been made to [https://github.com/Kicksecure/security-misc security-misc]: https://github.com/Kicksecure/security-misc/compare/a99dfd067ac8a43bdcd779cf57b3533bdaa404fb...163e20b886f298cb9d3aca54c14f66991001b396 * Enabled kernel panic on kernel oops after boot, see: [https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713 set oops=panic kernel parameter or kernel.panic_on_oops=1 sysctl for better security]. * Enabled pam_umask.so usergroups, so group permissions are the same as user permissions. By default, Debian utilizes [https://wiki.debian.org/UserPrivateGroups User Private Groups (UPG)]. Also see: /usr/share/pam-configs/usergroups-security-misc * Removed read, write and execute access for others for all users who have home folders under folder /home. For example, this affects those running “chmod o-rwx /home/user” during package installation or an upgrade. This is only performed once for each folder in the parent /home folder, so users who wish to relax file permissions can do so. This action protects files in the user's home folder which were previously created with lax file permissions prior to the installation of this package. * Group sudo membership is required to use su. * [[Root#Passwordless_Recovery_Mode_Security_Discussion|Passwordless]], [[Recovery|recovery / emergency mode]] has been implemented. * Lock user accounts with pam_tally2 after five failed authentication attempts are detected. See: [[Recovery#Unlock_User_Account:_Excessive_Wrong_Password_Entry_Attempts|unlock instructions]]. This means it is possible to have short, easy-to-remember, "weak" passwords for the user user account, while still preventing compromised non-root users from bruteforcing it. * Fix pam_tally2 check when read-only disk boots without ro-mode-init or grub-live. * The thunderbolt and firewire modules were blacklisted, since they can be used for Direct Memory Access (DMA) attacks. * Every module must now be signed before being loaded; any module that is unsigned or signed with an invalid key cannot be loaded. This makes it harder to load a malicious module. * Uncommon network protocols were blacklisted: these are rarely used and may have unknown vulnerabilities. See: /etc/modprobe.d/uncommon-network-protocols.conf * Enabled [https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit IOMMU]. * The SysRq key is restricted to only allow shutdowns/reboots. * [https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 Restrict] the [[SysRq]] key so it can only be used for shutdowns and the Secure Attention Key. * A systemd service mounts /proc with hidepid=2 at boot, thereby preventing users from seeing each other’s processes. * A systemd service clears System.map on boot as these contain kernel symbols that could be useful to an attacker. [https://forums.whonix.org/t/kernel-hardening/7296/130 Forum discussion]. * Remove System.map after a kernel upgrade. * remove-system-map: use shred instead of rm. * The kernel logs are restricted to root only. * The BPF JIT compiler is restricted to the root user and is hardened. * The ptrace system call is restricted to the root user only. * Added user root to group sudo. This is necessary so it is still possible to login as a user in a virtual console. See: debian/security-misc.postinst * Kernel symbols in /proc/kallsyms are hidden. This prevents malware from reading and using them to learn more about system vulnerabilities that can be attacked. * Kexec is disabled because it can be used for live patching of the running kernel. * Bluetooth is blacklisted to reduce the attack surface. * Added experimental [https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener SUID Disabling and Permission Hardening]: [https://forums.whonix.org/t/disable-suid-binaries/7706 Disable SUID Binaries] https://github.com/Whonix/anon-apps-config/compare/a6a6c2ed3c58ef5b023866a8aed4ae1996d93420...9cbfad0aa30ce2014b65d997007baa3bf26005ca#diff-44b21d78d2546f10b7f1ba806e28e1f1 ** A systemd service removes SUID / GUID from non-essential binaries as these are often used in privilege escalation attacks. It is disabled by default for now during testing and can optionally be enabled by running systemctl enable permission-hardener.service as root. * Enables mitigations for the L1TF (L1 Terminal Fault) vulnerability. This is interesting when using security-misc or [[Kicksecure]]. * Unconditionally enable all kernel patches for CPU bugs (spectre, meltdown, L1TF and so on) -- this might reduce performance: This is interesting when using security-misc on the host or using {{kicksecure}} as the host operating system. [https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647 Should all kernel patches for CPU bugs be unconditionally enabled? Vs Performance vs Applicability] ** spectre_v2=on ** spec_store_bypass_disable=on ** tsx=off ** tsx_async_abort=full,nosmt * The MSR kernel module is blacklisted to prevent CPU MSRs from being abused to write to arbitrary memory. * Vsyscalls are disabled as they are obsolete, are at fixed addresses and are a target for ROP. * Page allocator freelist randomization is enabled. * The vivid kernel module is blacklisted as it is only required for testing and has been the cause of multiple vulnerabilities. * An initramfs hook sets the sysctl values in /etc/sysctl.conf and /etc/sysctl.d before init is executed so sysctl hardening is enabled as early as possible. * The kernel panics on oopses to prevent it from continuing to run a flawed process and to deter brute forcing. * Improve entropy collection: [https://en.wikipedia.org/wiki/RDRAND#Reception RDRAND reception] https://twitter.com/pid_eins/status/1149649806056280069 ** Load jitterentropy_rng kernel module. ** Distrust the CPU for initial entropy at boot as it is not possible to audit, may contain weaknesses or a backdoor. ** Disable trusting RDRAND. ** random.trust_cpu=off * Experimental: remount /home, /tmp, /dev/shm and /run with nosuid,nodev (default) and noexec (opt-in). To disable this, see footnote. Run “sudo touch /etc/remount-disable”. To opt-in noexec, run “sudo touch /etc/noexec” and reboot (easiest). Alternatively file /usr/local/etc/remount-disable or file /usr/local/etc/noexec could be used. [https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/1 (re-)mount home (and other?) with noexec (and nosuid among other useful mount options) for better security?] [https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/27 More work needed]. Help welcome! * [https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764 Fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup]. * Do show lxqt-sudo password prompt if there is a sudoers exception. * Improved pkexec wrapper logging. * Installation fix in the case when user user does not exist. * Better output if trying to login with a non-existing user. * Add user user to group console in Whonix and Kicksecure. * [https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19 Lock user accounts after 50 rather than 100 failed login attempts]. * Disable the busmaster bit on all PCI bridges during very early boot to avoid holes in IOMMU. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma" https://mjg59.dreamwidth.org/54433.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4444f8541dad16fefd9b8807ad1451e806ef1d94 * Only allow symlinks to be followed when outside of a world-writable sticky directory, or when the owner of the symlink and follower match, or when the directory owner matches the symlink’s owner. Prevent hardlinks from being created by users that do not have read/write access to the source file. These prevent many TOCTOU races: ** fs.protected_symlinks=1 ** fs.protected_hardlinks=1 * Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers from loading vulnerable line disciplines with the TIOCSETD ioctl which has been used in exploits before. Such as [https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html CVE-2017-2636]. https://lkml.org/lkml/2019/4/15/890 Sets dev.tty.ldisc_autoload=0 * For a full list of changes, see: https://github.com/Kicksecure/security-misc [https://github.com/Kicksecure/hardened-kernel hardened-kernel]: * Enabled CONFIG_KPROBES. https://github.com/Kicksecure/hardened-kernel/commit/1fdfc87335534e627a29b6cc8d140c5634ce9dd5 * Reverted “Optionally enable kprobes/ftrace for LKRG support” This reverts the [https://github.com/Kicksecure/hardened-kernel/commit/4d4993602e9222141f5dfda1373d44c647ff9920 following commit]. === KVM === * Command line control of KVM VMs is now supported. See: [[KVM#Command_Line_Interface_.28CLI.29|KVM Command Line Interface (CLI)]] * The microphone is disabled by default. * Switched RNG to /dev/urandom. * pvspinlock is enabled. * Fixed Whonix-Gateway firewall desktop shortcuts. * No longer install pulseaudio by default on Whonix-Gateway. * Various apparmor fixes. * Created new apparmor profiles for bootclockrandomization, permission lockdown, and pam tally2 information. * Ensured future compatibility for apparmor-profile-everything. * Improved the output of remove system.map. * Fixed the KVM prepare_release script. * Fixed the GPU tag in libvirt XML. * Updated Tor Browser to version 9.0.1, then later versions (9.5). * Fixed {{kicksecure}} KVM’s broken networking. * Moved to gitlab.com. https://forums.whonix.org/t/whonix-moving-from-github-to-gitlab/9676 * Other platforms build fix. * monero-gui can be uninstalled. * Fixed /etc/resolv.conf. * Enabled export QMLSCENE_DEVICE=softwarecontext for KVM. * Upgraded to the 2020 {{project_name_short}} Logo version. * Upgraded monero-gui. === Security Enhancements === [https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo anon-shared-build-apt-sources-tpo]: * Updated deb.torproject.org comments to onion v3 https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/0153003e7f3d1f7e2788e0ba697290a04f5017d3 http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/ Much stronger Linux user account isolation has been enforced in {{non_q_project_name_long}}: This does not yet apply to Qubes-Whonix. * Locked and expired the root account in new Whonix builds. Existing users who upgraded are [[Root|advised]] to lock their root account. [https://github.com/QubesOS/qubes-issues/issues/2695 Qubes issue]. * Disabled root login in [[Desktop#Virtual_Consoles|virtual consoles]] by default. This is a purposeful security feature and there are no user freedom restrictions; read more [[Root|here]]. * Added a [https://forums.whonix.org/t/add-tor-browser-first-startup-popup-to-ask-whether-security-slider-should-be-set-to-safest/7591 Tor Browser first startup popup] to ask whether the security slider should be set to safest -- this was disabled in a later release due to broken functionality. * [https://forums.whonix.org/t/anonymize-etc-machine-id/7721 Anonymized /etc/machine-id]. * anon-gpg-tweaks: disabled keyservers for improved security. See: [https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 gpg --recv-keys fails / no longer use keyservers for anything]. * Enabled [https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#apt-sandboxing APT seccomp sandboxing] and added more seccomp hardening. * Enforced [https://forums.whonix.org/t/msgcollector-security-hardening/7625 msgcollector security (mount option) hardening]. * Implemented systemd unit file hardening of services maintained by Whonix. * Tor Browser Starter (tb-starter Whonix package) hardening: implemented optional --hardening / tb_hardening="true" which utilizes Firejail and/or Hardened Malloc, see: [[Tor_Browser#Hardening|Tor Browser Hardening documentation]]. * Installed [https://forums.whonix.org/t/hardened-malloc/7474 Hardened Malloc] by default to ease usage (although it is not enabled by default to avoid breakage). * Upgraded Hardened Malloc to version 2 and switched to compile with clang rather than gcc as per upstream preference. * sudoedit is now used in Whonix software and documentation (rather than the lxqtsudo editor) for better security. https://forums.whonix.org/t/use-sudoedit-in-whonix-documentation-and-whonix-software/7599 Running any editor as root is insecure. sudoedit copies the file to a temporary location, edits it as a normal user and then overwrites the original using sudo. * Created an opt-in feature to restrict hardware information to root, see: [[Whonix-Workstation_Security_Hardening#Restrict_Hardware_Information_to_Root|Restrict Hardware Information to Root]]. https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/2 Added [https://github.com/mikeperry-tor/vanguards vanguards] to protect against guard discovery and related traffic analysis attacks: [https://nvd.nist.gov/vuln/detail/CVE-2020-8516 CVE-2020-8516 Hidden Service deanonymization] [https://github.com/Whonix/anon-gw-anonymizer-config/compare/0858b072659ce4a375ba9b08b84da3d45300336a...40c48fc0414828f48c5ff9465d839458c8b35b25 enable vanguards by default] [https://github.com/Whonix/anon-meta-packages/compare/a69156fc964e0410443b89430b48c255cefc652d...7ae0f0e054f9cac9496978658fcb97b035f48ee0 install by default] * The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information -- [https://lists.torproject.org/pipermail/tor-dev/2020-February/014157.html vanguards fixes this]. * Use [https://packages.debian.org/vanguards vanguards from packages.debian.org] * Ensured vanguards do not start in a Template in Qubes-Whonix. Eased installation of [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] for users of {{non_q_project_name_short}}, {{kicksecure}} and Debian hosts -- sudo apt install lkrg: Also available in Qubes OS Debian templates and Qubes-Whonix with use of an in-VM kernel. LKRG will likely be installed by default in Whonix and {{kicksecure}} in one of the next stable releases. * Improves overall system security and is compatible with tirdad. * Hardens kernel security by killing whole classes of exploits, detecting exploits and performing Linux kernel runtime integrity checking. * Worked with LKRG upstream to fix LKRG VirtualBox host support. * Packaging enhancements were incorporated, so any standard Debian build tool can be used. This is quick and easy. For example: “dpkg-buildpackage -b” * Disabled the “System is clean!” message to avoid spamming dmesg and tty1. * [https://forums.whonix.org/t/dkms-kernel-modules-lkrg-and-tirdad-fail-to-properly-recompile-on-kernel-upgrade/8931 Fixed] compilation using DKMS on kernel upgrade by adding support for make variable KERNELRELEASE (DKMS sets it). * Auto-load LKRG after installation. Since LKRG now supports module parameters and [https://www.openwall.com/lists/lkrg-users/2020/01/25/2 VirtualBox host support], it can be automatically started after installation since it would no longer kill VirtualBox VMs running on a host. * Upgraded LKRG to the latest upstream version (version 0.8.1; although not yet installed by default). [https://github.com/Kicksecure/sandbox-app-launcher sandbox-app-launcher]: * Wait (blocking) for processes inside the sandbox to be killed. https://github.com/Kicksecure/sandbox-app-launcher/commit/24ca2da82bc90add9cc1fe38ccb826714c4127fd * Replaced dynamic wrapper script creation with static script for code simplification. https://github.com/Kicksecure/sandbox-app-launcher/commit/f939fe8b579063478576e8fab02e3468a09dd03c [https://forums.whonix.org/t/system-wide-sandboxing-framework-sandbox-app-launcher/9008/352 System-wide sandboxing framework - sandbox-app-launcher]. * Fixed wrapper script creation and access rights. https://github.com/Kicksecure/sandbox-app-launcher/commit/133558cc97d3ee0523f555a53dfb2c9a1cd5daa8 * Improved the command to create a wrapper script for more self-explanatory bash xtrace. https://github.com/Kicksecure/sandbox-app-launcher/commit/a9a760071be1266157e989178e898d685a0de01a * Unduplicated/removed permission check code in function run_program because it is already performed in function setup_or_check which runs anyhow. https://github.com/Kicksecure/sandbox-app-launcher/commit/83b68c672277269207e9bb0a0ca6b2e5a3517a33 * Minor usability improvements: https://github.com/Kicksecure/sandbox-app-launcher/commit/cc319021ad289c78ffcde4889809f4757dac3840 ** Downgraded messages if removal previously completed to INFO:. This is not an issue worth notifying users about. ** Show INFO: after setup was successfully completed. ** ShowINFO: after remove was successfully completed. * Run all checks before start. https://github.com/Kicksecure/sandbox-app-launcher/commit/1f181df1709b63e113397c94ea29b425d01d1b7f [https://forums.whonix.org/t/system-wide-sandboxing-framework-sandbox-app-launcher/9008/325 System-wide sandboxing framework - sandbox-app-launcher]. * Indentation. https://github.com/Kicksecure/sandbox-app-launcher/commit/f176e5e5a2b3e0f621424472e9991544d8cd5172 * Use sal_is_run_with_root instead of extra id calls. https://github.com/Kicksecure/sandbox-app-launcher/commit/392aabdb4f6c293f076ecc2c08e69db3f7441a92 * Reordering. https://github.com/Kicksecure/sandbox-app-launcher/commit/2e5de688bfa7d280882f7f86ff502934b9b0cf6f * Implemented more robust checks. https://github.com/Kicksecure/sandbox-app-launcher/commit/984d90dd15992e482c35bba701cc6fff770ab467 * Removed if statement when copying wrapper-script-wx. https://github.com/Kicksecure/sandbox-app-launcher/commit/b818157203ff1ecba84e07e9565457db7153528a * Check for wrapper-script-wx. https://github.com/Kicksecure/sandbox-app-launcher/commit/e763f9122041800f15d5c4903701c3d7f7bf05b6 * Fixed AppArmor. https://github.com/Kicksecure/sandbox-app-launcher/commit/203f411b9201b7a3b8a78de5854bdbb73d32f7c2 * Added an option to list all currently configured sandboxes. https://github.com/Kicksecure/sandbox-app-launcher/commit/29c44641b00aebb12450a7a153c8ba9059dfaf99 * Pass app_user to bwrap-wrapper. https://github.com/Kicksecure/sandbox-app-launcher/commit/088e4a0170f817e99851db0a886cab9f2982fd92 * Pass variables to bwrap-wrapper. https://github.com/Kicksecure/sandbox-app-launcher/commit/c4fd64dcf572db1ba6dd10ae06da9bfd0c181e75 * Implemented proper whitespace handling. https://github.com/Kicksecure/sandbox-app-launcher/commit/41a88bad2885b01e95c89c633bd5311636e58a6e * Added proper quoting for multiple parameter support. https://github.com/Kicksecure/sandbox-app-launcher/commit/820aa9a2864281e2a2c842c101389edfa88f6940 * Added usr/share/sandbox-app-launcher/bwrap-wrapper. https://github.com/Kicksecure/sandbox-app-launcher/commit/12657eec166f8732fbc8fb45c4e50fcfc2a2b055 * Created an initial unfinished bwrap-wrapper implementation. https://forums.whonix.org/t/system-wide-sandboxing-framework-sandbox-app-launcher/9008/359 https://github.com/Kicksecure/sandbox-app-launcher/commit/fd0469807144edfe69fe0dbe9579a3b94235453a [https://github.com/Kicksecure/sdwdate sdwdate]: * Improved sandboxing. * Code refactoring. * Updated onion time sources. * Increased the timeout to 120 seconds to deal with potentially slow onions. * Implemented [https://www.kicksecure.com/wiki/Sdwdate#sdwdate_Time_Replay_Protection Time Replay Protection]. A minimum unixtime timestamp is utilized so that if sdwdate onion services later provide false time information due to a bug or attack, the clock is never set to a much earlier date (like 1980) or an earlier date than the release date. [https://github.com/Kicksecure/security-misc security-misc]: * pam-abort-on-locked-password: implemented more descriptive error handling. https://forums.whonix.org/t/restrict-root-access/7658/1 https://github.com/Kicksecure/security-misc/commit/74e39cbf690dae2bf72bd9f152ea91c364f5feff * Restricted sudo’s file permissions. https://github.com/Kicksecure/security-misc/commit/97d8db3f74b9fc00c8f4416cb72966e62c7de88e * config-package-dev: displaced /etc/dkms/framework.conf https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58 https://github.com/Kicksecure/security-misc/commit/6e759f9196412b1742db1e4c68a70867e1ad8629 * Modified DKMS configuration file /etc/dkms/framework.conf: lower parallel compilation jobs to 1 if there is less than 2 GB RAM to avoid virtual machine freezing (parallel_jobs=1). This does not necessarily belong in security-misc. However, it is likely security-misc will need to modify /etc/dkms/framework.conf in the future to enable kernel module signing. https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26 https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58 https://github.com/Kicksecure/security-misc/commit/e2afd00627b097f75467cd0e2fe7e15977141026 * Added /etc/dkms/framework.conf.security-misc original. From https://github.com/dell/dkms/blob/master/dkms_framework.conf and https://raw.githubusercontent.com/dell/dkms/master/dkms_framework.conf https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58 https://github.com/Kicksecure/security-misc/commit/3ba3b371873d221db6845fb0fe52191b8b349b0a Other security enhancements: * Advanced users can utilize [[Signify]] to [[Verify the images#Signify_Signatures|verify {{project_name_short}} digital signatures]]. * Updated various security-critical software including APT, electrum, Monero, Tor Browser, Tor Browser Downloader by Whonix Developers and Hardened Malloc. * Implemented [https://forums.whonix.org/t/tcp-isn-cpu-information-leak-protection-tirdad/8552 TCP ISN CPU Information Leak Protection] to prevent [https://dl.acm.org/doi/10.1145/1180405.1180410 de-anonymization of Tor onion services] and installed [https://github.com/Kicksecure/tirdad Tirdad kernel module for random ISN generation] by default. TCP ISN CPU Information Leaks can be used de-anonymize Tor onion services. tirdad fixes that. [https://bitguard.wordpress.com/2019/09/03/an-analysis-of-tcp-secure-sn-generation-in-linux-and-its-privacy-issues/ An analysis of TCP secure SN generation in Linux and its privacy issues] [https://github.com/Kicksecure/tirdad Tirdad kernel module for random ISN generation] Tor Project bug report: [https://gitlab.torproject.org/legacy/trac/-/issues/16659 Add research idea for Linux TCP Initial Sequence Numbers may aid correlation] Research paper: [https://dl.acm.org/doi/10.1145/1180405.1180410 Hot or not: revealing hidden services by their clock skew] [https://phabricator.whonix.org/T543 Whonix ticket] * [https://forums.whonix.org/t/dkms-kernel-modules-lkrg-and-tirdad-fail-to-properly-recompile-on-kernel-upgrade/8931 Fixed compilation] using DKMS on kernel upgrade by adding support for make variable KERNELRELEASE (DKMS sets it). * [https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592 Console lockdown]: allow members of group console to use console. Everyone else except members of group console-unrestricted are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. See CVE-2001-0797, using pam_access. * Protect Linux user accounts against brute force attacks -- lock user accounts after 50 failed login attempts using pam_tally2. * No longer install firejail by default because of [https://forums.whonix.org/t/tor-browser-hardening-hardened-malloc-firejail-apparmor-vs-web-fingerprint/7851/54 fingerprinting reasons]. * Prevent verbose output during boot to prevent kernel information leaks. * Extensive security hardening and updated packages. * Improved Thunderbird protocol level leak prevention by enforcing functionality previously provided by TorBirdy. See [https://forums.whonix.org/t/torbirdy-deprecated-replacement-required/8782 torbirdy deprecated - replacement required]. This was ported from Tails to anon-apps-config by Whonix developer HulaHoop. Sincere appreciation is expressed to Tails for the torbirdy replacement! * Improved systemd sandboxing for onion-grater. https://github.com/Whonix/onion-grater/commit/1fd8701dd6197b3325b83ad03bfd9ecedbcbdee6 * Implemented the OpenSSL security fix for Debian and Tor Browser (OpenSSL 1.1.1d) ([https://security-tracker.debian.org/tracker/CVE-2021-3449 CVE-2021-3449]). * Added a minimum-time-check feature for better security. https://github.com/Kicksecure/helper-scripts/commit/7ad34f8c7594d0ddcce4be12a660e2d0463649b9 * Created and implemented hardened-malloc-type-test. https://github.com/Kicksecure/helper-scripts/commit/0ae844a0b26e8d03b41eccc9d37ec0124bce7587 https://github.com/Kicksecure/helper-scripts/commit/a536530ad078e29381ff9ced69ec26b3b840c88b === VirtualBox === * As at April 2021, the [[VirtualBox/Recommended_Version|recommended VirtualBox version]] is 6.1.20. ** Implemented a {{project_name_short}} compatibility fix for VirtualBox version 6.1.20. https://github.com/{{project_name_short}}/derivative-maker/commit/9e6f38ed35132cd908bfa7f9408f1d74b389b2a9 See forum thread: [https://forums.whonix.org/t/whonix-virtualbox-failed-to-start-ns-error-failure-0x80004005-the-vm-session-was-aborted/11471 Whonix VirtualBox - failed to start - NS_ERROR_FAILURE (0x80004005) - The VM session was aborted.] and the wiki: [[VirtualBox/Troubleshooting#Failed_to_open_a_session_for_the_virtual_machine|Failed to open a session for the virtual machine]]. ** Switched to SATA AHCI virtual storage controller hardware. https://github.com/{{project_name_short}}/derivative-maker/commit/9e6f38ed35132cd908bfa7f9408f1d74b389b2a9 It is speculated this setting might lead the to the issue [[VirtualBox/Troubleshooting#High_Disk_Usage_Causing_Filesystem_Corruption|High I/O causing filesystem corruption]]; unfortunately it is unavoidable and there is presently no other solution due to [https://www.virtualbox.org/ticket/10031 this VirtualBox host software bug]. If it manifests, refer to the wiki link for possible workarounds. * Upgraded VirtualBox guest additions to version 6.1.14. * vm-config-dist: run [https://github.com/Kicksecure/vm-config-dist/blob/master/usr/bin/vbox-guest-installer vbox-guest-installer] when package [https://packages.debian.org/virtualbox-guest-additions-iso virtualbox-guest-additions-iso] is updated. * VirtualBox 6.1.12 upgrade: In earlier release updates, VirtualBox was upgraded to version 6.1.2; see [https://forums.whonix.org/t/please-update-whonix-vbox-guest-addition-modules/8798/3 Get VirtualBox from Debian sid and recompile for Debian buster] ** Rebuilt using VirtualBox 6.1.12. ** Uploaded VirtualBox 6.1.12 to {{project_name_short}} repository (downloaded from [https://www.virtualbox.org/ virtualbox.org] repository). ** Overcame [[Dev/VirtualBox#VirtualBox_Installation_Challenges|technical challenges acquiring VirtualBox 6.1.12 on Debian buster]]. ** Installed [https://packages.debian.org/virtualbox-guest-additions-iso virtualbox-guest-additions-iso] by default in new builds beginning from this version. Related: [[Dev/VirtualBox#VirtualBox_Guest_Additions_ISO_Freedom_vs_Non-Freedom|VirtualBox Guest Additions ISO Freedom vs Non-Freedom]] ** [https://github.com/Kicksecure/vm-config-dist vm-config-dist]: add a usability feature to install [[VirtualBox/Guest_Additions|VirtualBox guest additions]] from [https://packages.debian.org/virtualbox-guest-additions-iso virtualbox-guest-additions-iso] package. * Reverted to vmsvga grapics controller settings due to [https://forums.whonix.org/t/black-screen-on-15-0-0-6-6-and-15-0-0-7-1/8554 issues]. * [https://forums.whonix.org/t/whonix-virtualbox-15-0-0-8-7-testers-wanted-vanguards-tcp-isn-leak-protection-extensive-hardening/8914/4 Increased] Whonix-Gateway default RAM to 1280 MB. Otherwise, VirtualBox guest additions kernel modules fail to compile. * Current [https://www.kicksecure.com/wiki/VirtualBox/Troubleshooting#Screen_Resolution_Bug VirtualBox screen resolution situation]: ** Functional VirtualBox VM Window → View → Virtual Screen 1 → resize to resolution ** Functional VirtualBox VM Window → View → Adjust Window Size ** A workaround to improve this situation is still required. ** Added xserver-xorg-video-vmware to kicksecure-desktop-environment-essential-gui because it is required by VirtualBox Graphics Controller VMSVGA for auto resize and resize through VirtualBox settings menu. ** Again set the VirtualBox Graphics Controller to VMSVGA (equivalent to “VirtualBox → click a VM → Settings → Display → Graphics Controller → VMSVGA → OK”). Quote [https://www.virtualbox.org/manual/ch03.html VirtualBox manual]:
VMSVGA: Use this graphics controller to emulate a VMware SVGA graphics device. This is the default graphics controller for Linux guests.
This has better desktop resolution in CLI (virtual terminal) mode. When it was previously disabled, this led to a [https://forums.whonix.org/t/black-screen-on-15-0-0-6-6-and-15-0-0-7-1/8554 black screen] on 15.0.0.6.6 and 15.0.0.7.1. ** Increased Whonix VirtualBox Whonix-Gateway video RAM to 128 MB since the previous assignment of only 16 MB RAM can cause resize issues. ** Updated VirtualBox and VirtualBox guest addition to 6.1.4. The VirtualBox guest addition has been further upgraded to 6.1.6 in a later Whonix release. * Added a workaround for the bug causing the VirtualBox screen resolution to be too small; the screen resolution is now [https://forums.whonix.org/t/make-screen-resolution-1920x1080-by-default-for-all-vms/9143 1920x1080 by default for all VMs]. * Configured three (instead of four) virtual CPU cores by default as this can improve stability. https://www.virtualbox.org/ticket/19500 * Enabled the Debian stable-updates repository by default. https://forums.whonix.org/t/enable-debian-stable-updates-repository-by-default/9382 * Consolidated Whonix packages. https://forums.whonix.org/t/consolidating-whonix-packages/1945 * Installed fewer unneeded packages such as rsyslog (see footnote). https://forums.whonix.org/t/whonix-default-packages-review-mmdebstrap-varriant-related-risk-of-regressions/9254 * Unbreak VirtualBox clearnet DNS settings when not using DNSCrypt. === Website Improvements === * Wiki editing over onion. * Using {{project_name_short}} forums over onion. * Mostly fixed onion forum site redirects to clearnet. https://forums.whonix.org/t/onion-forum-site-redirects-to-clearnet/197/13 * Implemented the [https://community.torproject.org/onion-services/advanced/onion-location/ Onion-Location] header, which shows the “onion available” message to any Tor Browser user visiting the clearnet version of whonix.org. * Fixed a false Mediawiki message that identified {{project_name_short}} forum logins as insecure over onion (thereby offering a https connection to the onion URL). https://forums.whonix.org/t/wiki-miss-offer-secure-connection-while-the-connection-over-onion/10349/7
Mediawiki thinks the connection is insecure since it does not have internal concepts onion traffic. I am now sending http request X-Forwarded-Proto: https for onion to let mediawiki know that it’s a secure connection.
* Implemented Expect-CT security header for whonix.org. https://forums.whonix.org/t/expect-ct-security-header-for-whonix-org/10286/3 * Fixed URL with no onion mirror. https://forums.whonix.org/t/url-with-no-onion-mirror/10341 * Reviewed [https://www.hardenize.com/ hardenize.com] results (no clean HSTS-Preload / DNSSEC). https://forums.whonix.org/t/no-clean-hsts-preload-dnssec/10255 * Researched DANE TLSA (DNS-based Authentication of Named Entities) for whonix.org. https://forums.whonix.org/t/dane-tlsa-dns-based-authentication-of-named-entities-for-whonix-org/10218/2 * Whonix software signature verification documentation discussion: VirtualBox vs KVM - GPG / signify / codecrypt. https://forums.whonix.org/t/whonix-software-signature-verification-documentation-discussion-virtualbox-vs-kvm-gpg-signify-codecrypt/10043/22 * Checked broken discourse email replies. https://forums.whonix.org/t/discourse-reply-by-e-mail-broken/9650/3 * Investigated uploaded images not presenting after creating a topic. https://forums.whonix.org/t/uploaded-images-doesnt-show-up-after-creating-topic/5623 * Documented [[Website_Tests|Testing the {{project_name_short}} server]] with test websites such as hardenize.com / securityheaders.com / Mozilla Observatory / SSL Labs / hstspreload.org. * Improved documentation chapter [[Trust#Trusting_the_Whonix_Website|Trusting the {{project_name_short}} Website]]. * Considered [[Dev/About_Infrastructure#drop-www_vs_yes-www|drop-www vs yes-www]]. * Considered [[Dev/About_Infrastructure#Hide_Server_IP|Hide Server IP]]. * Set up a dedicated server for Kicksecure, with dedicated domain kicksecure.com, homepage, wiki and soon forums. This website is not yet public; a significant effort is required to rewrite the wiki for Kicksecure. = See Also = * [[History]] = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]