{{Header}} __NOINDEX__
{{#seo:
|description={{project_name_long}} Release Notes, Changelog
|image=Oldstablewhonix.jpg
}}
{{intro|
{{project_name_short}} Release Notes, Changelog
}}
[[File:Oldstablewhonix.jpg|thumb]]
= Additional Changes =
Since {{project_name_short}} is based on {{kicksecure}}, maintained by the same contributors, the reader should also take notice of the {{kicksecure_wiki
|wikipage=Changelog
|text=Changelog
}} since changes in {{Kicksecure}} also apply to {{project_name_short}} but are not listed (duplicated) here.

{{upstream_wiki}}

Earlier changes are archived here: [[Old_Stable_and_Earlier_Releases|Old Stable and Earlier Releases]]

= 17.0.4.5 =
[https://github.com/whonix/anon-apps-config <code>anon-apps-config</code>]:
* tmpfiles.d improvement <ref>
https://github.com/Whonix/anon-apps-config/commit/925112ac645c7b763fe555c872f65a76e0e8b59e
</ref>
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* install snowflake-client by default https://forums.whonix.org/t/replacing-meek-snowflake/5190 <ref>
https://github.com/Whonix/anon-meta-packages/commit/8704fba06559c61301353ca95c33b8311bdf79b2
</ref>
[https://github.com/whonix/anon-ws-disable-stacked-tor <code>anon-ws-disable-stacked-tor</code>]:
* tmpfiles.d improvement <ref>
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/a5800571e1be00a4238cda324116b734388ab836
</ref>
* add symlinks from /etc/profile.d to /etc/zprofile.d <ref>
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/289afa5ee2b95b733eb8388813e1c0b9e402555f
</ref>
[https://github.com/whonix/kloak <code>kloak</code>]:
* seccomp <ref>
https://github.com/Whonix/kloak/commit/59056a25d1e14d6d81ee8a9666eda0bc62fe342a
</ref>
* Merge branch 'chatgpt' <ref>
https://github.com/Whonix/kloak/commit/07d37f52867816ede568c7fb88bde1ae012359e3
</ref>
* one more missing seccomp filter <ref>
https://github.com/Whonix/kloak/commit/cda8d74c37227656cc09c1f7324a69b8f908c9cc
</ref> (Thanks to Vinnie Monaco!)
* Merge branch 'master' into dev <ref>
https://github.com/Whonix/kloak/commit/e475b1c9c552643328da48f39bef999a88d6be21
</ref> (Thanks to Vinnie Monaco!)
* added missing seccomp filters <ref>
https://github.com/Whonix/kloak/commit/34e9f421d75ef5e99f71c6d84bb6fb088ac91637
</ref> (Thanks to Vinnie Monaco!)
* disable broken seccomp SystemCallFilter https://github.com/vmonaco/kloak/pull/38#issuecomment-1627688486 <ref>
https://github.com/Whonix/kloak/commit/c8178aea02117addfb28dba06e824ece7732dee2
</ref>
* seccomp <ref>
https://github.com/Whonix/kloak/commit/2f08794c4b238bb08e0e06a9b10f031f739955be
</ref>
* Added a running variable to control the while loop and added a signal handler (handle_signal) to catch the interrupt signal (SIGINT) and terminate the program gracefully. Fixed the command-line argument handling by checking if argc is less than 2 (instead of assuming argc > 1). If no arguments are provided, the program displays the usage message and exits. Updated the ioctl() call to check the return value for errors. If the ioctl() operation fails to get the device name, an error message is printed, and the program exits. Removed the check for root access since it was only printing a message and not affecting the program's execution. If root access is required, it should be checked externally before running the program. Closed the device file descriptor (fd) before exiting the program to release system resources properly. <ref>
https://github.com/Whonix/kloak/commit/2a8b5a6934019598beb8290ac4b214407395c54e
</ref>
* The rescue_len variable was not initialized, causing undefined behavior. I added the initialization rescue_len = 0 to fix it. In the init_inputs() function, I added error handling for the malloc call to allocate memory for the pfds array. In the emit_event() function, I added error handling for the libevdev_uinput_write_event function call to check if writing the event to uinput was successful. <ref>
https://github.com/Whonix/kloak/commit/54f0b3e111a44bb95223200575fe9d19a8c70c09
</ref>
* fixed typo <ref>
https://github.com/Whonix/kloak/commit/d11ed97e3c26318ca96a07806d492597950f36bb
</ref> (Thanks to Vinnie Monaco!)
* fixed apparmor profile: added r to /sys/devices/virtual/input <ref>
https://github.com/Whonix/kloak/commit/edf0a41c9ad05e901d6726804112308dc098965f
</ref> (Thanks to Vinnie Monaco!)
* fixed apparmor profile: added w to /dev/uinput <ref>
https://github.com/Whonix/kloak/commit/5870a8d3c79567333fbb720d2ea1af43ceee2aea
</ref> (Thanks to Vinnie Monaco!)
* fixed apparmor profile: added r to /dev/uinput <ref>
https://github.com/Whonix/kloak/commit/1e16893c10fbfcac899fe341cae87022a295e626
</ref> (Thanks to Vinnie Monaco!)
* formatted main.c <ref>
https://github.com/Whonix/kloak/commit/2edb4b2bc4c72d6ca457afb4f8265f5ea69e0da9
</ref> (Thanks to Vinnie Monaco!)
* added pkg-config to build depends <ref>
https://github.com/Whonix/kloak/commit/1db17e2ac3113cc5253330d5d459fd64dba93164
</ref> (Thanks to Vinnie Monaco!)
* added libsodium init <ref>
https://github.com/Whonix/kloak/commit/c2142bf9eafbc4ed8360e1e8a286fbabc68a74d2
</ref> (Thanks to Vinnie Monaco!)
* added deb dependencies <ref>
https://github.com/Whonix/kloak/commit/4f271826d6c1621ad8e4a85046da12525698e88f
</ref> (Thanks to Vinnie Monaco!)
* fixed verbose output format <ref>
https://github.com/Whonix/kloak/commit/5fca94d9e7c27a0b3d9dd8332371987fef6047ec
</ref> (Thanks to Vinnie Monaco!)
* added build flags to makefile <ref>
https://github.com/Whonix/kloak/commit/ca5510586597ebd6287afa9c878c2bfc3bbf2b9b
</ref> (Thanks to Vinnie Monaco!)
* use libsodium for prng <ref>
https://github.com/Whonix/kloak/commit/ea6f6be0a33f19038b42aff42aacfd09020b3041
</ref> (Thanks to Vinnie Monaco!)
* added support for multiple input devices <ref>
https://github.com/Whonix/kloak/commit/5dc5412f78b7111c42818b973a7a25248b5d49ca
</ref> (Thanks to Vinnie Monaco!)
* Merge branch 'master' of github.com:vmonaco/kloak into mouse <ref>
https://github.com/Whonix/kloak/commit/36f83eb631be27e325d9209e956e04f37fbe470c
</ref> (Thanks to Vinnie Monaco!)
* removed restrictions on event types <ref>
https://github.com/Whonix/kloak/commit/59c47d88e4b579e93a85209484681f536035e8d6
</ref> (Thanks to Vinnie Monaco!)
* fixed typo <ref>
https://github.com/Whonix/kloak/commit/99d2af051dccbee7f2cd3f35fbc2d7ae64af00c7
</ref> (Thanks to Vinnie Monaco!)
* started support for EV_REL events <ref>
https://github.com/Whonix/kloak/commit/7b94b28e472cef7e3c52960986a3bc7dfa651f94
</ref> (Thanks to Vinnie Monaco!)
[https://github.com/whonix/onion-grater <code>onion-grater</code>]:
* Fixed issue where replacement contained something that belonged to pattern <ref>
https://github.com/Whonix/onion-grater/commit/3b2e9a7eab4a4d3c793a354910bb678f28dccf4f
</ref> (Thanks to apachesub22!)
* Added example grater profile for LND <ref>
https://github.com/Whonix/onion-grater/commit/d281ad64d2a7bf1628bf3e1d3879fd9e22a78976
</ref> (Thanks to apachesub22!)
[https://github.com/whonix/qubes-whonix <code>qubes-whonix</code>]:
* tmpfiles.d improvement <ref>
https://github.com/Whonix/qubes-whonix/commit/edcb3ba51b48963a33d98a898279bdb8fd214bd9
</ref>
[https://github.com/whonix/uwt <code>uwt</code>]:
* add symlinks from /etc/profile.d to /etc/zprofile.d <ref>
https://github.com/Whonix/uwt/commit/539fa2eed39d24a161337ceb421d66f232863ec9
</ref>
[https://github.com/whonix/whonix-base-files <code>whonix-base-files</code>]:
* add symlinks from /etc/profile.d to /etc/zprofile.d <ref>
https://github.com/Whonix/whonix-base-files/commit/175a2585c3d4099fd2abed91e263f8af4716a201
</ref>
[https://github.com/whonix/whonix-firewall <code>whonix-firewall</code>]:
* Fix MTU problem by allowing RELATED fragmentation-needed ICMP by enabling `GATEWAY_ALLOW_INCOMING_ICMP_FRAG_NEEDED=1` by default. Run `iptables -A INPUT -p icmp --icmp-type fragmentation-needed -m state --state RELATED -j ACCEPT` on Whonix-Gateway. <ref>
https://github.com/Whonix/whonix-firewall/commit/5f1e0ef0fce2dfc991547a16a5b23637bb27f57c
</ref>
[https://github.com/whonix/whonix-welcome-page <code>whonix-welcome-page</code>]:
* add symlinks from /etc/profile.d to /etc/zprofile.d <ref>
https://github.com/Whonix/whonix-welcome-page/commit/d94157bc77610016365c1e33e3e327abcf62efbc
</ref>

= 17.0.1.9 =
* '''port to Debian 12 (<code>bookworm</code>)'''
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* fix, run replace-ips in Qubes when Tor is restarted <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/ef1f27974fcd59773f679ed17e5a4d293b72ea2e
</ref>
[https://github.com/whonix/onion-grater <code>onion-grater</code>]:
* bookworm aa-logprof <ref>
https://github.com/Whonix/onion-grater/commit/c5be0367942f5e4f5e0b4428cce1c3826e89893d
</ref>
[https://github.com/whonix/qubes-whonix <code>qubes-whonix</code>]:
* fix: make sure replace-ips runs before restarting Tor This is useful to support `release-upgrade` script testing inside `sys-whonix` refactoring <ref>
https://github.com/Whonix/qubes-whonix/commit/5d77f9d93c62997e3d85e892be604ae9f7f0b3aa
</ref>
* Drop salt dependency It isn't available in bookworm QubesOS/qubes-issues#7896 <ref>
https://github.com/Whonix/qubes-whonix/commit/f3bd2aa4ea6e33248274bbb171c36eae618f8716
</ref> (Thanks to Marek Marczykowski-Górecki!)
[https://github.com/whonix/uwt <code>uwt</code>]:
* abolish /rw/config parsing (Does not influence Qubes specific /rw/config parsing.) <ref>
https://github.com/Whonix/uwt/commit/ac4c16c1c35396bcbab45930e6866500e60f5c3d
</ref>
[https://github.com/whonix/whonix-base-files <code>whonix-base-files</code>]:
* bump /etc/whonix_version <ref>
https://github.com/Whonix/whonix-base-files/commit/403f2e7553ec996c5371232caf312b45c2abc5f0
</ref>

= {{project_name_short}} 16 Changelog =

{{project_name_short}} 16 was released on September 11 and 12, 2021 for KVM and VirtualBox. <ref>[https://forums.whonix.org/t/whonix-16-0-2-7-kvm-debian-11-bullseye-based-major-stable-release/12264 Whonix 16.0.2.7 KVM (Debian 11 bullseye based) - Major Stable Release].</ref> <ref>[https://forums.whonix.org/t/whonix-16-has-been-released-debian-11-bullseye-based-for-virtualbox-major-release/12297 Whonix 16 has been Released! (Debian 11 bullseye based) - for VirtualBox - Major Release].</ref> {{q_project_name_long}} 16 was released on 28 September, 2021. <ref>[https://forums.whonix.org/t/qubes-whonix-16-has-been-released-debian-11-bullseye-based-major-release/12465 Qubes-Whonix 16 has been Released! (Debian 11 bullseye based) - Major Release].</ref> As per the [[About#Support_Schedule|Support Schedule]], {{project_name_short}} 15 was deprecated on 14 November, 2021 -- all users should upgrade as soon as possible. <ref>[https://forums.whonix.org/t/whonix-15-end-of-security-support-and-deprecation-notice-all-users-should-move-to-whonix-16/12473 Whonix 15 End of Security Support and Deprecation Notice - All users should move to Whonix 16!]</ref>

Significantly, {{project_name_short}} 16 is based on the Debian <code>bullseye</code> (Debian 11) distribution which was [https://www.debian.org/News/2021/20210814 officially released] on August 14, 2021 instead of Debian <code>buster</code> (Debian 10). The bullseye release has nearly 60,000 packages and around 72 per cent of them were updated. <ref><blockquote>This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as "obsolete" and removed. 42,821 packages were updated and 5,434 packages remained unchanged.</blockquote></ref>

This means users have access to many new software packages in concert with existing packages. In addition, this release will serve as a development foundation for many exciting upcoming security enhancements such as [[Hardened_Malloc_Kicksecure|Hardened Malloc {{kicksecure}} (HMK)]], [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]] and other items on the [[Security Roadmap|{{project_name_short}} Security Roadmap]].

= {{project_name_short}} 16 Updates =

As {{project_name_short}} is a rolling distribution, users will benefit from regular small security and usability improvements, features and bug fixes as they enter the {{project_name_short}} stable repository. The most notable changes will be announced here.

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = The majority of the enhancements below also also apply to {{q_project_name_short}}. Exceptions include:
* [[Keystroke_Deanonymization#Kloak|kloak]]
* [[Linux_Kernel_Runtime_Guard_LKRG|Linux Kernel Runtime Guard (LKRG)]]
* [https://github.com/kicksecure/tirdad tirdad] (TCP ISN CPU Information Leak Protection)
* [https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg Kernel Hardening through Kernel Boot Parameters]
* [https://github.com/Kicksecure/security-misc Strong Linux User Account Separation] / [[Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords_Protection|Protection against Bruteforcing Linux User Account Passwords]]
* {{kicksecure_wiki
|wikipage=Apparmor-profile-everything
|text=Apparmor profile everything
}} <ref>https://github.com/Kicksecure/apparmor-profile-everything</ref> (AppArmor for everything: APT, systemd, init, all systemd units, all applications)
* [https://www.kicksecure.com/wiki/Hardened-kernel hardened-kernel patch] and [https://github.com/Kicksecure/hardened-kernel/blob/master/usr/share/hardened-kernel/hardened-vm-kernel configuration]

Many of these will be possible once the use of in-VM kernels is simplified and promoted in Qubes OS. <ref>https://github.com/QubesOS/qubes-issues/issues/5212</ref> <ref>https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581</ref>
}}

== {{project_name_short}} 16.0.9.8 ==
[https://github.com/whonix/anon-apps-config <code>anon-apps-config</code>]:
* Merge branch 'Whonix:master' into master <ref>
https://github.com/Whonix/anon-apps-config/commit/5492e70c3a1f9c4c5c63064b72664d4ade3013e3
</ref> (Thanks to idk!)
* re-create #11 without the eepsite/docroot history, disable eepsite by default <ref>
https://github.com/Whonix/anon-apps-config/commit/baa0b6b850dca52300b34fac6263b82ad9236317
</ref> (Thanks to idk!)
* add a hosts.txt file <ref>
https://github.com/Whonix/anon-apps-config/commit/64aa02e51e796577556206b2f441c855ce916a96
</ref> (Thanks to idk!)
* i2p-config: no longer use white spaces in file names, use underscores instead <ref>
https://github.com/Whonix/anon-apps-config/commit/f1815a6e4010e02f5cbc4c2fd7c2f6b2f3ced82f
</ref>
* revert /var/lib/i2p/i2p-config folder permissions change for now <ref>
https://github.com/Whonix/anon-apps-config/commit/1def6aa5544f107dd663b75afdf0a63bea64a458
</ref>
* port I2P config to systemd tmpfiles.d https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/22 <ref>
https://github.com/Whonix/anon-apps-config/commit/9b6cf93516b281afe30413b1f58b2991153a8cef
</ref>
* undisplace <ref>
https://github.com/Whonix/anon-apps-config/commit/aa06cadbb9c56af47d78e145ae9d5916d7b7c2d5
</ref>
* fix permissions on the I2P configuration directory <ref>
https://github.com/Whonix/anon-apps-config/commit/c5a3bc549edba258f57ed8081199036fcb7534c7
</ref> (Thanks to idk!)
* check in router.config <ref>
https://github.com/Whonix/anon-apps-config/commit/bd8e5a9a2c3aee6ca5205fca559513fed7bd1ab5
</ref> (Thanks to idk!)
* remove unnecessary divert for router.config.anondist <ref>
https://github.com/Whonix/anon-apps-config/commit/f3f0a235c234954ca0950c6e2401dd4adefe60a5
</ref> (Thanks to idk!)
* move i2p config to /var/lib/i2p/i2p-config <ref>
https://github.com/Whonix/anon-apps-config/commit/8dd15db4da24b9331657f1a0aa82a13ac2af7e60
</ref> (Thanks to idk!)
* check in config.d directories <ref>
https://github.com/Whonix/anon-apps-config/commit/2e16e3a6a1dbb6c358d25283ed058151e14d73fd
</ref> (Thanks to idk!)
* first, use displace to create migratable configuration files which contain the required Whonix defaults <ref>
https://github.com/Whonix/anon-apps-config/commit/cc43b42a864970541478a4a4125f4b1f13e26a8b
</ref> (Thanks to idk!)
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* systemctl --system daemon-reload <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4d20b8d295aa56dc25d381f7cc4cc12417a8d11
</ref>
* add workaround for upstream bug Tor fails to start a few times before succeeding to start https://forums.whonix.org/t/failed-to-start-anonymizing-overlay-network-for-tcp-tor-fails-to-start-a-few-times-before-succeeding-to-start/16289/12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029554 <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/cf35a5025573c2f2052c7c6baecfeae4f071d00c
</ref>
* anon-log: minor fix, output errors to stderr instead of stdout <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/b2a4539afd403ca9558db95a638282845350c67d
</ref>
* anon-log: use journalctl instead of /run/tor/log <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/31121526c5456a4bc8dd98dceb67a588661593e2
</ref>
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* remove monero-gui <ref>
https://github.com/Whonix/anon-meta-packages/commit/b38990fff7200661bfc8ad8d90d308bbc1546feb
</ref>
* consistent use of `Pre-Depends: legacy-dist` <ref>
https://github.com/Whonix/anon-meta-packages/commit/8070118d9723f5443ef0b4df78223815bcfbe722
</ref>
* install metadata-cleaner by default https://forums.whonix.org/t/metadata-cleaner-gui-for-mat2/12919 add `metadata-cleaner` to `whonix-workstation-packages-recommended-gui` Thanks to @mfc for the suggestion! <ref>
https://github.com/Whonix/anon-meta-packages/commit/1359a55c6190acf01a0b071f52df6da1d696b136
</ref>
[https://github.com/whonix/whonix-welcome-page <code>whonix-welcome-page</code>]:
* disable end of year banner <ref>
https://github.com/Whonix/whonix-welcome-page/commit/1932bff1d7de114228d7a93fcfe922853925ec3f
</ref>

== {{project_name_short}} 16.0.9.0 ==
[https://github.com/whonix/anon-apps-config <code>anon-apps-config</code>]:
* I2P config: Disable Frequent connection to news letter server No need to make unnecessary connections to external server for each couple of minutes. Harmful anonymity practice. <ref>
https://github.com/Whonix/anon-apps-config/commit/f8aa6c26e8c38f3504a5540aad6a920d421f69bb
</ref> (Thanks to TNT BOM BOM!)
* I2P config: Update router.config.anondist Since I2P going to run over Tor which is a socks5 then reseeding should be over socks5 as well. <ref>
https://github.com/Whonix/anon-apps-config/commit/1556b5f152622cb72045e800ee13df03e50ca420
</ref> (Thanks to TNT BOM BOM!)
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* add onion-grater-list manpage <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/6a531fd46f07f79b9dfb564f2cf7b1fd867c2fda
</ref> (Thanks to nyxnor!)
* improve onion-grater-list <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/6ca9097f099d8848858793d6c5e56b2da183522e
</ref> (Thanks to nyxnor!)
* add onion-grater-list <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/12e9103b7d84ca602d6a3951a82d041e36dd4da0
</ref> (Thanks to nyxnor!)
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* install Thunderbird by default https://forums.whonix.org/t/thunderbird-no-longer-installed-by-default/6505/12 <ref>
https://github.com/Whonix/anon-meta-packages/commit/d7a64ffa81fa03c431382a00d55b0cb6c8161eb1
</ref>
[https://github.com/whonix/onion-grater <code>onion-grater</code>]:
* signed commit <ref>
https://github.com/Whonix/onion-grater/commit/73b5aeb85e3defb65cd5da16102777f34fabd4ad
</ref>
* revert <ref>
https://github.com/Whonix/onion-grater/commit/196c69cca36d593d17a811ec0000c02327097c97
</ref>
* support multiple directories and multiple matchers allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845 <ref>
https://github.com/Whonix/onion-grater/commit/884d6eba523ec98a88b3cc1326d71c7fd83847c8
</ref> (Thanks to nyxnor!)
* no need to edit systemd file to set arguments <ref>
https://github.com/Whonix/onion-grater/commit/2353be12767d933ebc43b6dd3f49928191a43b41
</ref> (Thanks to nyxnor!)
* fix old apparmor variable <ref>
https://github.com/Whonix/onion-grater/commit/ed4af1fcc9b07f6e6278dad18a4ecfc080c35fb7
</ref> (Thanks to nyxnor!)
* make bitcoind accept 127.0.0.1 and 0.0.0.0 <ref>
https://github.com/Whonix/onion-grater/commit/9addd1d6dd9671b18e5415a196b92d7f6ee5846c
</ref> (Thanks to nyxnor!)
[https://github.com/whonix/whonix-welcome-page <code>whonix-welcome-page</code>]:
* Revert "Revert "Depends: kicksecure-welcome-page"" This reverts commit f9c5482f4e55002412a0e0e1df3ca06110886302. <ref>
https://github.com/Whonix/whonix-welcome-page/commit/8b524f98f6f25acd4ab38bad878dcfa966f67059
</ref>
* End of year banner for welcome page <ref>
https://github.com/Whonix/whonix-welcome-page/commit/ce0001668678fd4bd0fe10eb15a2c3378d389a38
</ref> (Thanks to Your Name!)
* Revert "Depends: kicksecure-welcome-page" This reverts commit 36ad250c1dbb3436b93f0b96f25b7ef88e9aab26. <ref>
https://github.com/Whonix/whonix-welcome-page/commit/f9c5482f4e55002412a0e0e1df3ca06110886302
</ref>
* Merge branch 'master' of https://github.com/Whonix/whonix-welcome-page <ref>
https://github.com/Whonix/whonix-welcome-page/commit/aa6485dd3f04d4e21685d7f27f90c3daef42ab35
</ref> (Thanks to Your Name!)
* Revert local HP back to without endofyear banner <ref>
https://github.com/Whonix/whonix-welcome-page/commit/97402c419f26178a1cd642957aabdabd365f6d9e
</ref> (Thanks to Your Name!)
* set Firefox ESR from Debian package sources homepage to about:blank This is to disable kicksecure-welcome-page in Whonix. <ref>
https://github.com/Whonix/whonix-welcome-page/commit/e5f6f06e3d4af99505bd507be509d19c2dde9765
</ref>
* Depends: kicksecure-welcome-page <ref>
https://github.com/Whonix/whonix-welcome-page/commit/36ad250c1dbb3436b93f0b96f25b7ef88e9aab26
</ref>
* Whonix local HP referencing Kicksecure local HP <ref>
https://github.com/Whonix/whonix-welcome-page/commit/e9a09e154a4686876cd81e534be766a4144410e1
</ref> (Thanks to Your Name!)
* Whonix End of Year Banner <ref>
https://github.com/Whonix/whonix-welcome-page/commit/5a8bca82b700ef1060bd4fa9fcbf886bd6f6f2e6
</ref> (Thanks to Your Name!)

== {{project_name_short}} 16.0.8.2 ==
[https://github.com/whonix/anon-apps-config <code>anon-apps-config</code>]:
* pref(“mailnews.start_page.enabled”, false); <ref>
https://github.com/Whonix/anon-apps-config/commit/49ecbc1c2a8d9fc20b5784a8c81c06e685449b86
</ref>
* Drop everything related to  Enigmail Updated to reflect Tails version as of 2022 <ref>
https://github.com/Whonix/anon-apps-config/commit/906f86ba462ef8fb0a8f84a2dc540511fe18fb88
</ref> (Thanks to @HulaHoop!)
* Updated to reflect Tails version as of 2022 <ref>
https://github.com/Whonix/anon-apps-config/commit/113998b6453c61c8861eb0cae80e55d2624f8ebb
</ref> (Thanks to @HulaHoop!)
* update onionjuggler conf <ref>
https://github.com/Whonix/anon-apps-config/commit/b0654176ae94091eb4e0920ec1a1e15d8b2d2ecc
</ref> (Thanks to nyxnor!)
* chmod +x etc/onionjuggler/conf.d/30_whonix.conf to fix lintian warning W: anon-apps-config: script-not-executable etc/onionjuggler/conf.d/30_whonix.conf <ref>
https://github.com/Whonix/anon-apps-config/commit/8773f211e508b26f4ee3ec21cb5e47faaf75cb11
</ref>
* add onionjuggler whonix conf <ref>
https://github.com/Whonix/anon-apps-config/commit/73aa4a4668a4d1d55ac9f454217dab3c2d0ca04b
</ref> (Thanks to nyxnor!)
* disable ntp time check disabled time check since it uses ntp which doesnt exist in whonix. (it has no effect on the connection) <ref>
https://github.com/Whonix/anon-apps-config/commit/dc2b157e61dfb7b324a3f61589c75c9acca23ac8
</ref> (Thanks to TNT BOM BOM!)
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* fix AppArmor <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/32368cbbcc4f09302836fba67a58f927514ac141
</ref>
* addgroup -> adduser fix <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/3e16fad210bc03b18320bf740238966d85c504cb
</ref>
* improve anon-verify output <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/d619a1bf3edeb463dfb75dde15f870e910da6965
</ref>
* anon-verify: fix enumeration of all Tor config drop-in snippets for new `%include /etc/torrc.d/*.conf` syntax <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/02f368f72e03e202f1b4e749678d48c4b6396eba
</ref>
[https://github.com/whonix/anon-ws-disable-stacked-tor <code>anon-ws-disable-stacked-tor</code>]:
* addgroup -> adduser fix <ref>
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/6f4104b0db9d2b70d43e16a1af59a6f2338a8582
</ref>
[https://github.com/whonix/onion-grater <code>onion-grater</code>]:
* correct bitcoind binding ports <ref>
https://github.com/Whonix/onion-grater/commit/38316044dc73eab7519890514db44f044f479d69
</ref> (Thanks to nyxnor!)
* correct bitcond pattern for all default ports of the chains <ref>
https://github.com/Whonix/onion-grater/commit/12477ae6da0c82bc79898184c086287a6512a8db
</ref> (Thanks to nyxnor!)
* fix systemd seccomp violation after suspend/resume by adding `SystemCallFilter` `select` Sep 25 01:06:57 host audit[841]: SECCOMP auid=4294967295 uid=106 gid=116 ses=4294967295 subj==/usr/lib/onion-grater (enforce) pid=841 comm="onion-grater" exe="/usr/bin/python3.9" sig=31 arch=c000003e syscall=23 compat=0 ip=0x792fb3bac2a3 code=0x80000000 <ref>
https://github.com/Whonix/onion-grater/commit/86584992cb4e83873617a9471ac7b05c9e1a0981
</ref>
[https://github.com/whonix/whonix-firewall <code>whonix-firewall</code>]:
* shfmt <ref>
https://github.com/Whonix/whonix-firewall/commit/48eb9e019551ea714fb6b1ee8de54c3b7c168571
</ref>
* shfmt <ref>
https://github.com/Whonix/whonix-firewall/commit/ebc69f2718c9edb8ae6cbb6dc9070108b9a902d1
</ref>
* shfmt <ref>
https://github.com/Whonix/whonix-firewall/commit/9d364febd84cdb739f3703975ee39324f21e4d87
</ref>
* shfmt <ref>
https://github.com/Whonix/whonix-firewall/commit/4d036535a3ef0faeb7b27d0f5cc4d7e76ca5761c
</ref>
* verbosity <ref>
https://github.com/Whonix/whonix-firewall/commit/058c03186f9474ba7223a4766d4ed92e89a750ba
</ref>
* set all defaults first before parsing config folder Thanks to @nyxnor for the report! https://forums.whonix.org/t/how-to-unset-firewall-array/15604 <ref>
https://github.com/Whonix/whonix-firewall/commit/cdf359736aa6e81e0c7200723849afd0b2ba9277
</ref>
* not opening ports instead of closing, wording <ref>
https://github.com/Whonix/whonix-firewall/commit/5ec6e1fac57c5dd6d5f6a80170c61476e95141b3
</ref> (Thanks to nyxnor!)
* be verbose no port is being opened <ref>
https://github.com/Whonix/whonix-firewall/commit/3c5fd6b4eb446cd997384818bee35d2baf0629bc
</ref> (Thanks to nyxnor!)
* double quote "$@" <ref>
https://github.com/Whonix/whonix-firewall/commit/682be4c3c74668f21aa873bfe92c3a52d8caf81b
</ref> (Thanks to nyxnor!)
* always inform SOCKSIFIED if set to '0' <ref>
https://github.com/Whonix/whonix-firewall/commit/b303e37017a25fe6893cc739cde430755f3c1f92
</ref> (Thanks to nyxnor!)
* print informational messages https://forums.whonix.org/t/print-ports-opened-in-the-firewall/15469 <ref>
https://github.com/Whonix/whonix-firewall/commit/950cdaf1a721aa3e5230ab83d1fe678b84a64a56
</ref> (Thanks to nyxnor!)
* make the main script pass arguments to child also make the script be called by path, so easier to test by placing script at /usr/local/bin <ref>
https://github.com/Whonix/whonix-firewall/commit/6e0dd7bed6138f2121938399b6d30bc9f2016ce1
</ref> (Thanks to nyxnor!)
[https://github.com/whonix/whonix-welcome-page <code>whonix-welcome-page</code>]:
* new file:   usr/share/doc/homepage/whonix-welcome-page/img/Search-ahmia.png <ref>
https://github.com/Whonix/whonix-welcome-page/commit/b62cec05bed9a9c88d4d8db08e0d95f397a05b1a
</ref>
* minor: link to root domain, not index.html <ref>
https://github.com/Whonix/whonix-welcome-page/commit/6c09f925606c04de7ca9a3a538efeaa6cf32ed8f
</ref>
* ahmia <ref>
https://github.com/Whonix/whonix-welcome-page/commit/d22f55e315780a68c84f2b718196ed782b8bbb59
</ref>
* add icon for brave search <ref>
https://github.com/Whonix/whonix-welcome-page/commit/79cb1bf2f159dcb7beb65b6bacb93e04c39d3962
</ref>
* Add onions as much as possible instead of TLS only https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/106 <ref>
https://github.com/Whonix/whonix-welcome-page/commit/50837699666ce86e922ab215e09f615924885956
</ref> (Thanks to TNT BOM BOM!)

== {{project_name_short}} 16.0.5.3 ==
TODO: https://forums.whonix.org/t/whonix-16-0-5-3-for-virtualbox-point-release/13817

== {{project_name_short}} 16.0.5.0 ==

[https://github.com/{{project_name_short}}/derivative-maker <code>derivative-maker</code>]:
* rename `Whonix-Workstation-CUSTOM` to `Whonix-Custom-Workstation` <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/59f0feb3e06633b08551156a0229a8ef88514aac
</ref>
* fix qcow2 Whonix-Custom-Workstation build <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/bb3e5d175cadc123cd4444d4d18703d4a93a2b28
</ref>
* improve images upload script <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/5dbfc39d33f420c769343e5893bf1da5a378392e
</ref>
* introduce variable `dist_build_files_to_upload` <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/0f4f4822602c987ac5f3b07919ff24b6345c4691
</ref>
* improve error message if build dependency is missing <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/380d0552bc6365afcdce55822cb9def002f5dcb7
</ref>
* sanity test <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/a28bd92eff008ad480112f5ca7a9f48059c360e8
</ref>
* sanity test <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/7f0c73d95e0a09c1c962f50e13e14b7c577b2ffe
</ref>
* add `--delete --utm` incomplete boilerplate implementation <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/2fdcce77c69de6bed06fc27481cae63ccb260ef6
</ref>
* rename /etc/derivative-makerconfig.d to /etc/buildconfig-dist.d rename derivative-maker to derivative-maker <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/cac7bf755068b4977dbaf034df069ac6a95f3ba0
</ref>
* generic variables names <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/6a0c415fc1bd98e42d4bd3ad2102a6cd954f459c
</ref>
* generic variables names <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/1c9855844e3483033daff2f169f89af71e028357
</ref>
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* remove torrc-d-cleaner since no longer required because Tor now has wildcard support and is configured to parse config files ending with `*.conf` only. <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/decc367b9412c6171a18a496744353637353cc8c
</ref>
* run repair-torrc from tor-config-sane <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/827c46e6ec1899ca78200ca626961ebb9aa1e914
</ref>
* only `%include` config files ending with `*.conf` https://www.whonix.org/wiki/Dev/Tor <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/3dd761b7a745496e9ad27ef4b8275262175aa1a6
</ref>
* cleanup, remove workaround for old bug https://forums.whonix.org/t/configuring-onion-service/9042 <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/0c083154890edf39829ab9038ba5d556f4295395
</ref>
* downgrade copyright to avoid Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/e8189b7b9cf72eae1d6dcffd863edd4eb8a79ec1
</ref>
* workaround for Tor Duplicate Config File Restart Bug https://www.whonix.org/wiki/Dev/Tor#Tor_Duplicate_Config_File_Restart_Bug <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/032aedbdba67fcf2697d946afdf2c980957bba0b
</ref>
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* add `tor-ctrl` to `whonix-shared-packages-recommended-cli` <ref>
https://github.com/Whonix/anon-meta-packages/commit/70773aef3432fb380c5e8aeb302d1d7ada65628c
</ref>
[https://github.com/whonix/qubes-whonix <code>qubes-whonix</code>]:
* lower debugging <ref>
https://github.com/Whonix/qubes-whonix/commit/1e81681e31ed64def79994f273bceecd064df1fa
</ref>
[https://github.com/whonix/whonix-firewall <code>whonix-firewall</code>]:
* lower debugging <ref>
https://github.com/Whonix/whonix-firewall/commit/8c682cc28ad2fe0537672c94ebe6e6a232de9356
</ref>
[https://github.com/whonix/whonix-welcome-page <code>whonix-welcome-page</code>]:
* remove hardcoded font, use font from Debian package sources instead <ref>
https://github.com/Whonix/whonix-welcome-page/commit/2785b2c01eb307d2652391297a6b6fc42730e47b
</ref>
* update copyright since complete rewrite <ref>
https://github.com/Whonix/whonix-welcome-page/commit/a709e46407a5ffac5977a749b412b256aabc38a4
</ref>
* Welcome Page Revision <ref>
https://github.com/Whonix/whonix-welcome-page/commit/56b8aa8b677ac4bc1d9d7c62ab52ab6100c2581f
</ref> (Thanks to Your Name!)

== {{project_name_short}} 16.0.4.2 ==

[https://github.com/whonix/anon-apps-config <code>anon-apps-config</code>]:
* disable Thunderbird default homepage by default to avoid https connection for better security hardening Thanks to @HulaHoop for the suggestion! https://forums.whonix.org/t/canning-thunderbirds-startpage/13007/1 <ref>
https://github.com/Whonix/anon-apps-config/commit/7892543371ccc224c8fca50a76e71e08704f8afe </ref>
[https://github.com/Kicksecure/anon-connection-wizard <code>anon-connection-wizard</code>]:
* add tag ap_conn_done_pt <ref>
https://github.com/Kicksecure/anon-connection-wizard/commit/c6685af1a9fc4bbd1c912e7ff3277538baaff893
</ref>
* add tag conn_done_pt <ref>
https://github.com/Kicksecure/anon-connection-wizard/commit/850604b878fd1208bdb1c6b08324efac717a5285
</ref>
* update default bridges <ref>
https://github.com/Kicksecure/anon-connection-wizard/commit/54fb98886fcbfbce235633773287cb838d382cb5
</ref>
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* fix Tor Browser 11.06 - New Identity function error message suppressed subscription to event 'STREAM related to: https://www.whonix.org/wiki/Tor_Browser#New_Tor_Circuit_Function Thanks to @torjunkie to the bug report! https://forums.whonix.org/t/tb-v11-06-new-identity-function-error-message/13326 <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/39f623f968bb1e143e3c402f008e7c0f7b71a817
</ref>
* arm -> nyx <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/2ee2f10eb0115f6b49d6c10df33b35ef9c1db12d
</ref>
* renamed:    usr/share/applications/gateway-arm.desktop -> usr/share/applications/gateway-nyx.desktop <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/0ac977c2ba3b636ed8402e2bf76b3214276bec3a
</ref>
* fix onion-grater-remove <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/822fe4e4f79dc9f0a3b24ce8a78d6908edbc5985
</ref>
[https://github.com/Kicksecure/icon-pack-dist <code>anon-icon-pack</code>]:
* renamed:    usr/share/icons/anon-icon-pack/arm.ico -> usr/share/icons/anon-icon-pack/nyx.ico <ref>
https://github.com/Kicksecure/icon-pack-dist/commit/6592b37cfed4db2b6e8a2cb856a6f4550ccbbfa7
</ref>
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* install kicksecure-default-applications-cli per default on the workstation due to recent kicksecure-meta-packages refactoring <ref>
https://github.com/whonix/anon-meta-packages/commit/ae6cb1ce8027606782e4202377c2926fc227276a
</ref>
* install kicksecure-recommended-cli by default on gateway and workstation due to refactoring of kicksecure-meta-packages <ref>
https://github.com/whonix/anon-meta-packages/commit/9c160f1492fd634e0e4baf0a9c498a68476ba571
</ref>
* remove setup-dist from whonix-shared-packages-dependencies-cli because now part of kicksecure-dependencies-cli <ref>
https://github.com/whonix/anon-meta-packages/commit/bb5ae8c8580e522406ebd4c255b0c9cf1df237be
</ref>
* improve multiple architecture support / split dummy-dependency package into multiple packages <ref>
https://github.com/whonix/anon-meta-packages/commit/b52179af6e0db1dfc6e65802b836addb14f13974
</ref>
[https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo <code>anon-shared-build-apt-sources-tpo</code>]:
* fix, update path <ref>
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/6c529f3d83b8fd34c88b7940d38b4e0efb12c283
</ref>
[https://github.com/whonix/anon-ws-disable-stacked-tor <code>anon-ws-disable-stacked-tor</code>]:
* Tor emulation: fix, pass all command line options to `tor` when being called with `--verify-config` https://github.com/nyxnor/tor-ctrl/issues/9 <ref>
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/e6c05d99006849caf4326d58d4cca4cb0e001c1b
</ref>
* implement `tor --verify-config` tor-ctrl uses 'tor --verify-config' fixes https://github.com/nyxnor/tor-ctrl/issues/9 <ref>
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/7a1e0b59d39bc705c1e39be69a2c3dedb04c0f04
</ref>
[https://github.com/Kicksecure/apparmor-profile-everything <code>apparmor-profile-everything</code>]:
* ConditionPathExists=!/run/qubes-service/no-sdwdate <ref>
https://github.com/Kicksecure/apparmor-profile-everything/commit/da5e8a834380e520877ec51f2bcfe78e3e688cf3
</ref>
[https://github.com/Kicksecure/apparmor-profile-hexchat <code>apparmor-profile-hexchat</code>]:
* harden profile and remove xchat support https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951331#23 <ref>
https://github.com/Kicksecure/apparmor-profile-hexchat/commit/d2a9d37b0e387144ed8e73a16c4a0c4037d1f984
</ref>
[https://github.com/Kicksecure/bootclockrandomization <code>bootclockrandomization</code>]:
* ConditionPathExists=!/run/qubes-service/no-bootclockrandomization ConditionPathExists=!/run/qubes-service/no-bcr <ref>
https://github.com/Kicksecure/bootclockrandomization/commit/f02a3553c61a901d6ce98d1d5629be4c2a032cdf
</ref>
* Make delay_plus_or_minus overridable via env var <ref>
https://github.com/Kicksecure/bootclockrandomization/commit/1837346b080132d3f7ca8dac81d13d489cfa2662
</ref> (Thanks to deeplow!)
[https://github.com/Kicksecure/helper-scripts <code>helper-scripts</code>]:
* `/usr/libexec/helper-scripts/terminal-wrapper`: add support for `gnome-terminal` <ref>
https://github.com/Kicksecure/helper-scripts/commit/d3390d4c0889794204791329555615756ed4aa40
</ref>
* hardened-malloc-type-test: Hardened Malloc version 10 compatibility <ref>
https://github.com/Kicksecure/helper-scripts/commit/893974f9ee9ac69a9e55c37692818fd7d63b48b7
</ref>
* anon-consensus-del: also restart vanguards <ref>
https://github.com/Kicksecure/helper-scripts/commit/a70612f9ca94a2b84697dc27792fdd0f7f74ad40
</ref>
* `/usr/libexec/helper-scripts/curl_exit_codes`: add newer curl exit codes <ref>
https://github.com/Kicksecure/helper-scripts/commit/54e2888ccf378ae60127b26774407460041cb8e5
</ref>
[https://github.com/Kicksecure/kicksecure-meta-packages <code>kicksecure-meta-packages</code>]:
* install kicksecure-default-applications-cli by default in Kicksecure <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/ea7851dedf6b7a7f5df9b6b3a71d35726793e116
</ref>
* split into kicksecure-recommended-cli and kicksecure-default-applications-cli <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/f1790451a9ccb3883a3fef70963cdf7266a8a271
</ref>
* add setup-wizard-dist to kicksecure-desktop-applications-recommended <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/dbb182f8b4de5f13f3f82efc103f06a5236832f0
</ref>
* add setup-dist to kicksecure-dependencies-cli <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/4dd31bd6d25e43a8cf4d675b8f030d13fd7d1057
</ref>
* add systemcheck to kicksecure-recommended-cli <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/0062df31d04a136b013bccabfac9c4f28e2e699d
</ref>
* move a lot packages from kicksecure-dependencies-cli to kicksecure-dependencies-cli since this is more apprpriate. haveged, jitterentropy-rngd, man-db, bzip2, net-tools, dnsutils, iputils-ping, file, lsof, pciutils, strace, sysfsutils, procps, e2fsprogs, less, most, apparmor-utils, bash-completion, nano, udisks2, libblockdev-crypto2, sensible-utils, secure-delete, openvpn, curl, wget, usability-misc, open-link-confirmation, hardened-malloc | dummy-dependency <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/2e4eec07603c539807a5429f26ef81fbe7769c0a
</ref>
* no longer install zsh by default <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/19eaae178b143662f0309a2505705d943cf97cd6
</ref>
* add equivs to kicksecure-recommended-cli <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/80704660561357a7f377dbc562968386b2173613
</ref>
* legacy <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/cb20b19da6400f83b59bd5f5b601c9bbf20e86d4
</ref>
* legacy <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/0c14c945ed13d36ff78ccc0a30b544b40ac63da9
</ref>
* hardened-malloc-kicksecure-enable -> hardened-malloc-light-enable <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/d7e51eebebe6faeb1a580cc7cde83412da9e68f3
</ref>
* improve multiple architecture support / split dummy-dependency package into multiple packages <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/bdfcbc1d60fd39368715e39b3a5ca6b6d84a2726
</ref>
* dummy-dependency: remove lkrg, binaries-freedom, orca-screen-reader-support for simplicity because these packages are not a dependency yet <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/3f1cea7767ccc6e01b6a9e5a0d6893571b3d70ba
</ref>
[https://github.com/Kicksecure/live-config-dist <code>live-config-dist</code>]:
* version <ref>
https://github.com/Kicksecure/live-config-dist/commit/f9aa298ec0b8cf38e52ead61daa5093bb1b4f445
</ref>
[https://gitlab.com/kicksecure/monero-gui <code>monero-gui</code>]:
* monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200018/https://github.com/monero-project/monero-gui/releases/tag/v0.17.3.0 https://web.archive.org/web/20211213200116/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.3.0.tar.bz2 https://web.archive.org/web/20211213200210/https://www.getmonero.org/downloads/hashes.txt <ref>
https://gitlab.com/kicksecure/monero-gui/-/commit/0d9356e5f8815fd9cade046e1a357e853814884b
</ref>
* delete for upcoming update <ref>
https://gitlab.com/kicksecure/monero-gui/-/commit/198b2df3c2c23767f7f9b6f1dbc4078bcd67ed0b
</ref>
[https://github.com/Kicksecure/msgcollector <code>msgcollector</code>]:
* `/usr/libexec/msgcollector/error_handler`: fix exit code capturing <ref>
https://github.com/Kicksecure/msgcollector/commit/77a6c4d465dc998470e290a5ada5356ad70cc748
</ref>
[https://github.com/whonix/onion-grater <code>onion-grater</code>]:
* disable `ProcSubset=pid` due to onion-grater crash at startup > onion-grater[23859]: FileNotFoundError: [Errno 2] No such file or directory: '/proc/stat' <ref>
https://github.com/Whonix/onion-grater/commit/4b13181ac4743c9a969164b81bf840eb85325fb7
</ref>
* fix, prevent dh_compress from compressing the OnionShare onion-grater profile Thanks to @DaemonFuu for the bug report! https://forums.whonix.org/t/onion-grater-deb-package-contains-compressed-40-onionshare-yml/13154 <ref>
https://github.com/Whonix/onion-grater/commit/e36db8f769230959ea07ce44ede333aef00a39e5
</ref>
* towards OnionShare 2.4 support <ref>
https://github.com/Whonix/onion-grater/commit/63eb2f20b302dbdb902629d166c444bb4826d4df
</ref>
* towards OnionShare 2.4 support <ref>
https://github.com/Whonix/onion-grater/commit/132ac995c750d6fd19e095bf1f2fc76f41985ee6
</ref>
* towards OnionShare 2.4 support <ref>
https://github.com/Whonix/onion-grater/commit/2d67dfddb301ed0589f368b47051cdd74e745c61
</ref>
[https://github.com/Kicksecure/open-link-confirmation <code>open-link-confirmation</code>]:
* add infinite recursive loop protection <ref>
https://github.com/Kicksecure/open-link-confirmation/commit38e03d1737b185934fc0a6f4c3558b1666c2a978
</ref>
[https://github.com/whonix/qubes-whonix <code>qubes-whonix</code>]:
* `/usr/share/tinyproxy/default.html.anondist`: also customize html body in case tinyproxy does not show html head <ref>
https://github.com/Whonix/qubes-whonix/commit/47fb073dae35b9e6b23b6c5a227a85ed7f129ee3
</ref>
* qvm-sync-clock.anondist code simplification <ref>
https://github.com/Whonix/qubes-whonix/commit/1359ef3e47715c04d4a4d071b3ca0679a4020b01
</ref>
* initial version of qvm-sync-clock.anondist <ref>
https://github.com/Whonix/qubes-whonix/commit/f2190c69cb5859b0f0b6242fc20a84811ef83fb3
</ref>
[https://github.com/Kicksecure/sdwdate <code>sdwdate</code>]:
* do not start `qubes-sync-time` (conflicts with `sdwdate`), if file `/etc/sdwdate.d/qubes-sync-time-disabled-by-sdwdate.marker` exists. That file exists in a default sdwdate installation. <ref>
https://github.com/Kicksecure/sdwdate/commit/96151eb6a7c061f7ce56bb1c76a327cbc90046a3
</ref>
* fix sdwdate-log-viewer to include seccomp failures https://forums.whonix.org/t/sdwdate-loop-conclusion-tor-already-reports-circuit-established-seccomp-issue/13260/13 <ref>
https://github.com/Kicksecure/sdwdate/commit/8bb53ef360939fe4529f3c39e5811ee44ea96c75
</ref>
* update 20_arch_syscall_whitelist.conf unlinkat needs to be whitelisted otherwise sdwdate fails with error: SECCOMP auid=4294967295 uid=102 gid=108 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=3328 comm="sdwdate" exe="/usr/bin/python3.9" sig=31 arch=c00000b7 syscall=35 compat=0 ip=0xf37077846c74 code=0x80000000 <ref>
https://github.com/Kicksecure/sdwdate/commit/6b5f10195133d88fdc89d2fe737651fbf2e07063
</ref> (Thanks to Emanuele Rossi!)
* ConditionPathExists=!/run/qubes-service/no-sdwdate <ref>
https://github.com/Kicksecure/sdwdate/commit/e6032989d3053e92758aefc83e3413c593de354c
</ref>
* add qubes-sync-time.service and qubes-sync-time.timer to sdwdate-log-viewer <ref>
https://github.com/Kicksecure/sdwdate/commit/8911f33e4d48877ad415379c7e252318c255a9d9
</ref>
* add `bootclockrandomization.service` to sdwdate-log-viewer <ref>
https://github.com/Kicksecure/sdwdate/commit/caca7f412c4b19b5c7db2e3394a870e4d5124fa7
</ref>
* Qubes suspend post: disable qubes.GetRandomizedTime since no longer required. sdwdate / anondate can nowadays fix the time without it. <ref>
https://github.com/Kicksecure/sdwdate/commit/6215a9ea996e9db970059c3b4ad58d17016b7483
</ref>
* Qubes suspend pre/post: disable restart of Tor since that is no longer required. And even if it was required, this would be handled by sdwdate / anondate. <ref>
https://github.com/Kicksecure/sdwdate/commit/7a43153a2fe80eb492b1abf14f1f20bb66da02f5
</ref>
* `date --utc` https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/17 <ref>
https://github.com/Kicksecure/sdwdate/commit/0d43f1a2a6f8796d6d46e34a81788a0a7293f089
</ref>
[https://github.com/Kicksecure/sdwdate-gui <code>sdwdate-gui</code>]:
* notify-shutdown: skip notify shutdown if sdwdate is not running <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/374bc31c8bd97de6e2f4f578e120daf70527e9eb
</ref>
* do no autostart if file /run/qubes-service/no-sdwdate exists <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/c694998f22e36ff142213ff177e789acec3f2dce
</ref>
* ConditionPathExists=!/run/qubes-service/no-sdwdate <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/7d9b5044a35d19e44454e0fbdf34efa055b30ef5
</ref>
* restart action: use `sdwdate-clock-jump` instead of restarting sdwdate manually <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/a60a996ce2228830607aa7afdde8aec9d512daa0
</ref>
* port to QREXEC_REMOTE_DOMAIN part of https://phabricator.whonix.org/T930 <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/21d35022ab47dde44eacbef75c5d6c2260125521
</ref>
* fix "Denied: whonix.NewStatus" dom0 permission when shutting down Whonix-Gateway [Qubes OS 4.1] Thanks to @unknown for the bug report! https://forums.whonix.org/t/qubes-os-4-1-denied-whonix-newstatus-dom0-permission/12954 <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/e371e234a15cbaf89181798a204192d2a92df089
</ref>
* `sdwdate-gui-shutdown-notify.service`: `Before=shutdown.target umount.target final.target` <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/d4f963b6e5aa434dfc38229faaf2a7eef932dde4
</ref>
* avoid start/restart of sdwdate-gui notify shutdown service during package install/upgrade dh_installsystemd --no-start --no-stop-on-upgrade <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/5141ec63cd230ec825e7f15ff5d74e81605b174f
</ref>
[https://github.com/Kicksecure/security-misc <code>security-misc</code>]:
* fix, skip deletion of system.map files on read-only filesystems This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324 <ref>
https://github.com/Kicksecure/security-misc/commit/4f6f588fb53d2756d867ac7e29fb42f4f8fdb335
</ref>
[https://github.com/Kicksecure/setup-wizard-dist <code>setup-wizard-dist</code>]:
* Kicksecure <ref>
https://github.com/Kicksecure/setup-wizard-dist/commit/30a03972b164f91faa20e11d50fb4ec2d5ffea0d
</ref>
[https://github.com/Kicksecure/systemcheck <code>systemcheck</code>]:
* Kicksecure <ref>
https://github.com/Kicksecure/systemcheck/commit/3f2d5f8b4082e148c9d293c1f22bf7f50697655b
</ref>
* Kicksecure <ref>
https://github.com/Kicksecure/systemcheck/commit/9ba59c89e4f651463cb23007a7f921be419145c1
</ref>
* fix, skip check_network_interfaces eth0 on Kicksecure <ref>
https://github.com/Kicksecure/systemcheck/commit/4051ffb6afc07dddee329117e93e3656d971d6d3
</ref>
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 <ref>
https://github.com/Kicksecure/systemcheck/commit/f200d0fd05a097734f346e89a50fc1a4dab39574
</ref>
[https://github.com/Kicksecure/tb-starter <code>tb-starter</code>]:
* update links to documentation <ref>
https://github.com/Kicksecure/tb-starter/commit/756060c7ee158d3d156c1d9129b90c57f4bbd664
</ref>
[https://github.com/Kicksecure/tb-updater <code>tb-updater</code>]:
* alpha tbb_hardcoded_version="11.5a2" <ref>
https://github.com/Kicksecure/tb-updater/commit/4cdf6dbbf79c19ecfc8f8a9ff0cc4f48f494b14e
</ref>
* tbb_hardcoded_version="11.0.6" <ref>
https://github.com/Kicksecure/tb-updater/commit/e4f73a11bd0e01ccbee63eccd2c04b01c6234110
</ref>
* update links to documentation <ref>
https://github.com/Kicksecure/tb-updater/commit/b6d5ef20fcca243e32f7c0c51f63dbc74c04915a
</ref>
* update links to documentation <ref>
https://github.com/Kicksecure/tb-updater/commit/c3a7e8205a2474f6d12afe8810b51a3c6691dd84
</ref>
* tbb_hardcoded_version="11.0.4" <ref>
https://github.com/Kicksecure/tb-updater/commit/13b84940fe14cce61a3c9046e320d49461ae695e
</ref>
* tbb_hardcoded_version="11.0.3" <ref>
https://github.com/Kicksecure/tb-updater/commit/09c73931fef1bfa39f59a5395baef2757ac66688
</ref>
* switch to "direct" digital signature verification - no longer download and verify sha256 hash file as this is no longer required - use only `gpg` to verify digital signature of Tor Browser - higher security - code simplification This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`. - https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077 - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759 Unfortunately this breaks arm64 downloads. - https://forums.whonix.org/t/arm64-tor-browser/11806 <ref>
https://github.com/Kicksecure/tb-updater/commit/f79cb405e16aebbb70f63032089ae7fbac6df9f1
</ref>
* tbb_hardcoded_version="11.0.2" <ref>
https://github.com/Kicksecure/tb-updater/commit/279125241b1f27c167792a56d14830deb1a39836
</ref>
* alpha tbb_hardcoded_version="11.5a1" <ref>
https://github.com/Kicksecure/tb-updater/commit/161a93905fed20c969603eef8359f233da94735a
</ref>
* add updated signing key as annoucned here: https://blog.torproject.org/new-release-tor-browser-115a1/ Thanks to @pgerber for the bug report! fixes https://github.com/Kicksecure/tb-updater/issues/16 <ref>
https://github.com/Kicksecure/tb-updater/commit/ab1700b724bfb50002ac5d3a793765b96ebc3ca8
</ref>
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 <ref>
https://github.com/Kicksecure/tb-updater/commit/57e9817fd41d70462dbc04908db7bebbafa5140c
</ref>
[https://github.com/Kicksecure/tor-control-panel <code>tor-control-panel</code>]:
* add tag ap_conn_done_pt <ref>
https://github.com/Kicksecure/tor-control-panel/commit/4e4f87b865c61dcc98a8611e3306dbd39ccdc6dd
</ref>
* fix parsing Tor config file is using plain (not using pluggable transport) bridge https://forums.whonix.org/t/bridges-dont-work/13210/12 <ref>
https://github.com/Kicksecure/tor-control-panel/commit/05a733f9952054708786b158201f2d431f6cb3b1
</ref>
* add tag conn_done_pt <ref>
https://github.com/Kicksecure/tor-control-panel/commit/dabfac891b3defb46900db8821805cee02b0025e
</ref>
* update default bridges <ref>
https://github.com/Kicksecure/tor-control-panel/commit/15fd57ac7aa82196a64361e9891690ed49ac68b8
</ref>
[https://github.com/Kicksecure/developer-meta-files <code>developer-meta-files</code>]:
* disable buster <ref>
https://github.com/Kicksecure/developer-meta-files/commit/be5c0f984e3745f3a7361bd345c25d5bdf967ddb
</ref>
* delete unused release/new_release <ref>
https://github.com/Kicksecure/developer-meta-files/commit/c47672486c5a7b86b067206787ffe9e9ca5d5e8d
</ref>
* remove old Whonix news files <ref>
https://github.com/Kicksecure/developer-meta-files/commit/812dd00037a4d02bb8ed10d425a1b0f0eb35da2a
</ref>
* disable buster <ref>
https://github.com/Kicksecure/developer-meta-files/commit/d7d07a729ef28467bcdb348bcd4514067433d293
</ref>
* whonixdevelopermetafiles -> developer-meta-files <ref>
https://github.com/Kicksecure/developer-meta-files/commit/8da9fac06e1f3799bf267bbc63a997802b013631
</ref>
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 <ref>
https://github.com/Kicksecure/developer-meta-files/commit/99e2726a2e36bfdda5572fb03a5647a54747b32a
</ref>
* deleted:    release/upload_whonix_news_v4 <ref>
https://github.com/Kicksecure/developer-meta-files/commit/f36b3550f849f6cef3fd372276973c82c98107ce
</ref>
* include kicksecure <ref>
https://github.com/Kicksecure/developer-meta-files/commit/9af0fd941b3ec7a7befcdbdf12442197a90e1e5d
</ref>
[https://github.com/whonix/whonix-firewall <code>whonix-firewall</code>]:
* use `curl` with `--cert-status` Thanks for @yodawins for the suggestion! https://forums.whonix.org/t/scurl-secure-curl-wrapper/7125/8 <ref>
https://github.com/Whonix/whonix-firewall/commit/cda126ad2bdde60c42a3fc3349845ad3afc5ebf4
</ref>
[https://github.com/whonix/derivative-maker <code>Whonix build script</code>]:
* tor-ctrl <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/38827606b04cd08e7439e27e3c79216ab36879bf
</ref>
* add tor-ctrl <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/e90bc12bfbbb1754cf4b3863c772b38e9e116acb
</ref>
* squashfs-tools-ng <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/0f682f9dd382897fc55f87f35b8b0462e336aa89
</ref>
* remove buster repository <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/ed5a8a6fce5f6d3963c6dcc2966138354a6858fe
</ref>

== {{project_name_short}} 16.0.3.7 ==

[https://github.com/Kicksecure/anon-apt-sources-list <code>anon-apt-sources-list</code>]:
* Depends: <code>fasttrack-archive-keyring</code>. <ref>
https://github.com/Kicksecure/anon-apt-sources-list/commit/9f7f8a607b5410672fb3d35d5613de5f83cdc6de
</ref>
[https://github.com/whonix/anon-gw-anonymizer-config <code>anon-gw-anonymizer-config</code>]:
* Moved <code>anon-consensus-delete</code> to <code>helper-scripts</code> (as <code>anon-consensus-del</code>). <ref>
https://github.com/Whonix/anon-gw-anonymizer-config/commit/a4977845b00c43253bbcd7972bf91ddf88497f0f
</ref>
[https://github.com/whonix/anon-gw-base-files <code>anon-gw-base-files</code>]:
* KVM desktop background. <ref>
https://github.com/Whonix/anon-gw-base-files/commit/654f88a52a649c92b52e2304f886be7260d4ff77
</ref>
[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* Moved <code>kicksecure-recommended-cli</code> from <code>whonix-shared-packages-recommended-cli</code> to <code>kicksecure-recommended-cli</code>. <ref>
https://github.com/whonix/anon-meta-packages/commit/eca63bd00415f7f2365aff736bd5a76d9fb0968b
</ref>
* Removed packages <code>pwgen</code>, <code>codecrypt</code>, <code>gpg</code>, <code>gpg-agent</code>, <code>dirmngr</code>, <code>magic-wormhole</code>, <code>diceware</code>, and <code>makepasswd</code> from <code>whonix-workstation-packages-recommended-cli</code> since these will be moved to <code>kicksecure-meta-packages</code>. <ref>
https://github.com/whonix/anon-meta-packages/commit/ad8163d84b826f18bf3cfe50c98dabe8c9b41d59
</ref>
* No longer install <code>python3-msgpack</code> by default; it is no longer needed and was removed from <code>whonix-workstation-packages-recommended-cli</code>. <ref>
https://github.com/whonix/anon-meta-packages/commit/fd008df8d2a0f9bcebdaef7c9281837c2827f628
</ref>
* Remove legacy packages. <ref>
https://github.com/whonix/anon-meta-packages/commit/e9ea226efe8ad88735383bdb5b43e701604f3604
</ref> <ref>
https://github.com/whonix/anon-meta-packages/commit/3f029f172961d28458e3ed7cdffa61285d06dd3c
</ref>
[https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo <code>anon-shared-build-apt-sources-tpo</code>]:
* Ensure compatibility with APT signed-by; port to `apt-key-install` by package <code>helper-scripts</code>. <ref>
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/15e0d448a25d91f1f258c44c70452efb0f74c2e8
</ref>
* `/etc/apt/sources.list.d/torproject.list`: use APT `signed-by`. <ref>https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302</ref> <ref>https://support.torproject.org/apt/</ref> <ref>
https://github.com/Kicksecure/anon-shared-build-apt-sources-tpo/commit/882a14d0627b2fc0afa06bd7fed56070d78b4ed5
</ref>
[https://github.com/whonix/anon-ws-base-files <code>anon-ws-base-files</code>]:
* KVM desktop background. <ref>
https://github.com/Whonix/anon-ws-base-files/commit/e859c9baa21176f39c9c5310c03d59710893678a
</ref>
[https://github.com/Kicksecure/apparmor-profile-everything <code>apparmor-profile-everything</code>]:
* `sdwdate-aae.service`: Backported changes from <code>sdwdate</code>. <ref>
https://github.com/Kicksecure/apparmor-profile-everything/commit/3b2c68137002add0126462bc8bc03f1d26f8922a
</ref>
[https://github.com/Kicksecure/grub-live <code>grub-live</code>]:
* Fixed dependencies. <ref>
https://github.com/Kicksecure/grub-live/commit/c8e7c06774a25cb4da426641701c6622ebb52642
</ref>
[https://github.com/Kicksecure/helper-scripts <code>helper-scripts</code>]:
* Disabled <code>anondate</code> AppArmor profiles because they are not ready. <ref>
https://github.com/Kicksecure/helper-scripts/commit/d7d9e5323bf68925090b1965d4955185b77387d7
</ref>
* `onion-time-pre-script`: Do not use `anondate-set` on {{project_name_workstation_long}} because <code>sdwdate</code> can establish onion connections irrespective of {{project_name_workstation_long}} system clock (so long as {{project_name_gateway_long}} Tor is functional). <ref>
https://github.com/Kicksecure/helper-scripts/commit/79ed8b3ceb1cd1e96a5e84c9006da756f0e69180
</ref>
* `/usr/libexec/helper-scripts/terminal-wrapper`: Added support for adding window title for `xfce4-terminal` emulator through the `terminal_emulator_window_title` environment variable. <ref>
https://github.com/Kicksecure/helper-scripts/commit/c65c560cee7ba194b374a0f75370bd215d60a69d
</ref>
* <code>anondate-get</code>: If Tor consensus time is later than the system clock, but minimum time is later than the Tor consensus time, show the minimum time instead of no result. <ref>
https://github.com/Kicksecure/helper-scripts/commit/73e232e41e8b24a7cfa9db22ee23ad365a18bb05
</ref>
* <code>onion-time-pre-script</code>: Added a user check to prevent broken file permissions. <ref>
https://github.com/Kicksecure/helper-scripts/commit/1b5397fd6b3a3826ab6dfaa2121a8f98aee276c2
</ref>
* <code>anondate-set</code>: Disabled Tor restart code since it is not needed. <ref>
https://github.com/Kicksecure/helper-scripts/commit/9e8627cf147cdabe36d65bc69a24eb987ce95374
</ref>
* Added `usr/sbin/anon-consensus-del-files`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/4c4c2ba5d5ae76ab0400ee1f0dc9736f967ec087
</ref>
* Split into `anon-consensus-del` and `anon-consensus-del-files`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/4b0497157282b44598e1c5b6d1eefa6372b5c531
</ref>
* Created a more descriptive file name: `/run/sdwdate/request_tor_restart` &rarr; `/run/sdwdate/request_anondate-set`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/3de950184dc5c7d08230dd865f226ce9e124310b
</ref>
* <code>anondate</code>: Unduplicated output in journal <ref>
https://github.com/Kicksecure/helper-scripts/commit/18e02945bd021996a0a4d90c04a6dd0cae5e79c0
</ref> and lowered verbosity to avoid spamming logs. <ref>
https://github.com/Kicksecure/helper-scripts/commit/21f03ed1009107e10b36695881ca86b43013ed8f
</ref>
* <code>onion-time-pre-script</code>: Added a counter for how many times a script was run; output. <ref>
https://github.com/Kicksecure/helper-scripts/commit/84c4121938d8d8d1d73bc43fd0c842777b8508f0
</ref>
* Added `/usr/libexec/helper-scripts/origins-parser`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/0493bc3de3a561b66e309fa9e936cd2e6433f583
</ref>
* <code>anondate-set</code>: Ensure the system clock is not set backwards. <ref>
https://github.com/Kicksecure/helper-scripts/commit/543978493b230fb77616a7ce59551c8595603e2a
</ref>
* Updated `minimum_unixtime`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/f583d7d0041ab4cec4031346591f2206e130ba62
</ref>
* <code>aa-logprof</code> corrections. <ref>
https://github.com/Kicksecure/helper-scripts/commit/634368a2e49f554cdfaa1c4a00d7a4d73daad404
</ref>
* <code>anondate-get</code>: The minimum time is shown instead if it is later than Tor certificate lifetime. <ref>
https://github.com/Kicksecure/helper-scripts/commit/3659666a92054b628c2b8c762a56cdfc5a184452
</ref>
* Fixed certificate lifetime parsing by <code>anondate</code>. <ref>
https://github.com/Kicksecure/helper-scripts/commit/b752d08ac8797211953bc5361e3411e5db4133bc
</ref>
* Fixed parsing Tor consensus time if Tor has not fetched a Tor consensus yet. <ref>
https://github.com/Kicksecure/helper-scripts/commit/d6b085322005f92f1aeb8ae9cb951921c7f77ab4
</ref>
* Added <code>anondate</code> output to journal (and therefore <code>sdwdate-log-viewer</code>). <ref>
https://github.com/Kicksecure/helper-scripts/commit/3449194476ab5e31035fe011c259aa4074fa508e
</ref>
* Rebased AppArmor profiles on <code>aa-logprof</code>. <ref>
https://github.com/Kicksecure/helper-scripts/commit/ba05cd447fab73c1f95bb47008ab3721fc39a512
</ref>
* Redesigned recovery from a slow clock. <ref>
https://github.com/Kicksecure/helper-scripts/commit/4746cbd02d32b4e513accaed677c0bee28b531f6
</ref>
* Imported <code>anon-consensus-del</code> from <code>anon-gw-anonymizer-config</code>. <ref>
https://github.com/Kicksecure/helper-scripts/commit/48a0adb850051907efcb41e1643453ac08d966ce
</ref>
[https://github.com/Kicksecure/kicksecure-meta-packages <code>kicksecure-meta-packages</code>]:
* Removed <code>fasttrack-archive-keyring</code> from <code>kicksecure-recommended-cli</code> (added to <code>anon-apt-sources-list</code>). <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/fb962e2c0062c086a0034f5ef3ac2a31416a278b
</ref>
* Added <code>pwgen</code>, <code>codecrypt</code>, <code>gpg</code>, <code>gpg-agent</code>, <code>dirmngr</code>, <code>magic-wormhole</code>, <code>diceware</code>, <code>makepasswd</code> to <code>kicksecure-recommended-cli</code>. <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/13f4ca0314080f2d2591462252bb929a9a20bfd1
</ref>
* Added <code>firefox-esr</code>. <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/a973ec1758afce15af75be1a63972edb140a61e2
</ref> <ref>Appreciation is expressed to @HulaHoop.</ref>
* Continued removal of Chromium. <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/7a41d45da8d3692484c97d27947183234ff4a79d
</ref> <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/d458baa0ec28b46ed88ba72273b5748eed54d6c0
</ref> <ref>Appreciation is expressed to @HulaHoop.</ref>
* Legacy fixes. <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/92fa630d2b242b350beed87fc0465fa9adf6f6ce
</ref>
[https://github.com/Kicksecure/msgcollector <code>msgcollector</code>]:
* Improved `/usr/lib/systemd/user/usertest.service`. <ref>
https://github.com/Kicksecure/msgcollector/commit/807d3ed9154a226ff9bb737c69fbf05a59f52efb
</ref>
* `/usr/libexec/msgcollector/one-time-popup`: Create a folder if not existing (mkdir -p). <ref>
https://github.com/Kicksecure/msgcollector/commit/2febd8e861b1fafb4c6a55fba8dc09473805263e
</ref>
[https://github.com/Kicksecure/rads <code>rads</code>]:
* Removed unnecessary `--no-restart-after-upgrade` ("Undo a previous --restart-after-upgrade (or the default of compat 10). If no other options are given, this will cause the service to be stopped in the prerm script and started again in the postinst script."). <ref>
https://github.com/Kicksecure/rads/commit/c79945c2103b5c049f6411747b6aa472a65d726d
</ref>
* Removed `--no-restart-on-upgrade` ("Note that the --no-restart-on-upgrade alias is deprecated and will be removed in compat 14. This is to avoid confusion with the --no-restart-after-upgrade option."). <ref>
https://github.com/Kicksecure/rads/commit/372540203b789c1b6eb615f5ad942d76a52c0796
</ref>
* Added a hint on how to switch virtual console, see: [[Desktop#Virtual_Consoles|Virtual Consoles]]. <ref>
https://github.com/Kicksecure/rads/commit/9bebad7d1e8dd8cb0cdc5244f19203be3045c667
</ref>
* Added a workaround for issue "no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)". Gnome's gdm display manager's systemd unit replaces tty1 even in case gdm is not started. <ref>This workaround essentially runs `chvt 2` in case rads does not start a display manager such as gdm (in case there is not enough RAM). This has restored the behavior of a user being greeted with an agetty login prompt. See: [https://forums.whonix.org/t/no-login-prompt-getty-started-on-tty1-anymore-in-whonix-16-debian-bullseye-based/12475 no login prompt / getty started on tty1 anymore in Whonix 16 (Debian bullseye based)].</ref> <ref>
https://github.com/Kicksecure/rads/commit/0fdcee7f930e6f7af5e838b3a273b9b76accd904
</ref>
[https://github.com/Kicksecure/sdwdate <code>sdwdate</code>]:
* Improved tests. <ref>
https://github.com/Kicksecure/sdwdate/commit/ed4f91095545414539d8a9e14e8f4e81afa9883a
</ref>
* Run `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher` under user/group `sdwdate`. <ref>
https://github.com/Kicksecure/sdwdate/commit/33f2667c404103f3d39fd139c2cedf55b1731a97
</ref>
* Renamed: `lib/systemd/system/sdwdate-restart-tor-request-file-watcher.service` &rarr; `lib/systemd/system/sdwdate-start-anondate-set-file-watcher.service`. <ref>
https://github.com/Kicksecure/sdwdate/commit/df3c81a547181e2ff6774a2d963c2d8eeb85475b
</ref>
* Renamed: `usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` &rarr; `usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. <ref>
https://github.com/Kicksecure/sdwdate/commit/6ac8dea8aa72b88cc89e78176c0fdc260180093d
</ref>
* Implemented a more descriptive file name: `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` &rarr; `/usr/libexec/sdwdate/sdwdate-start-anondate-set-file-watcher`. <ref>
https://github.com/Kicksecure/sdwdate/commit/7c14d799afd992c3ec98122f1cf9da75fd75588c
</ref>
* Implemented a more descriptive file name: `/run/sdwdate/request_tor_restart` &rarr; `/run/sdwdate/request_anondate-set`. <ref>
https://github.com/Kicksecure/sdwdate/commit/ff0dba14988e482eeab00e74367f302835fadfae
</ref>
* Added `/usr/libexec/sdwdate/sdwdate-test`. <ref>
https://github.com/Kicksecure/sdwdate/commit/73e3b075d70ca08a8bd75a4e80933fa20d22af93
</ref>
* Moved <code>sclockadj</code> compilation from a postinst to systemd unit to allow simplification of dependency resolution during release upgrade. <ref>
https://github.com/Kicksecure/sdwdate/commit/3986d420d44f147a3ca489c075ab564f1410fe10
</ref>
* Ported to pathlib fix TypeError: 'missing_ok' is an invalid keyword argument for remove(). <ref> https://github.com/Whonix/updates-status/issues/105</ref> <ref>
https://github.com/Kicksecure/sdwdate/commit/bfdea776ba638541c4d2b168a32588c3721a71a3
</ref> <ref>Appreciation is expressed to @marmarek for the bug report.</ref>
* Added seccomp utimensat Sep 23 15:37:39 host audit[33040]: SECCOMP auid=4294967295 uid=111 gid=121 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=33040 comm="touch" exe="/usr/bin/touch" sig=31 arch=c000003e syscall=280 compat=0 ip=0x70ca67e4bafa code=0x80000000. <ref>
https://github.com/Kicksecure/sdwdate/commit/525716fb646d7654d065fbc16ae4af802ec552df
</ref>
* Added <code>sdwdate-log-viewer</code>. <ref>
https://github.com/Kicksecure/sdwdate/commit/ecf9e8a38b248ff4815caafb0d8c9548c1a7aadb
</ref>
* Rewrite profile using <code>aa-logprof</code>. <ref>
https://github.com/Kicksecure/sdwdate/commit/540df96abf3dbc338ff48c38b2896a11615fc293
</ref>
* Redesigned recovery from a slow clock. <ref>
https://github.com/Kicksecure/sdwdate/commit/87cab6af3ed8b9f18c74e47f3f93afaab833ffe8
</ref>
* Ensure Tor consensus is deleted before restarting Tor in `/usr/libexec/sdwdate/sdwdate-restart-tor-request-file-watcher` to increase robustness of recovering from skewed time. <ref>See: [[Dev/TimeSync|TimeSync: {{project_name_short}} Time Synchronization Mechanism]].</ref> <ref>
https://github.com/Kicksecure/sdwdate/commit/650ee383881a3223310b576ffe0c480bd4535d3f
</ref>
* Fixed and excluded sdwdate-pre (addgroup) from SystemCallFilter. <ref>See: [https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/165 Whonix on Mac M1 (ARM)].</ref> <ref>
https://github.com/Kicksecure/sdwdate/commit/efb78881f58d5c4198deac881a1123281b4d741c
</ref>
* `usr/libexec/sdwdate/sdwdate-addgroup` &rarr; `usr/libexec/sdwdate/sdwdate-pre`. <ref>
https://github.com/Kicksecure/sdwdate/commit/7d93312c1a7bdb288a36227410d1df5898586bc9
</ref>
* Fixed sdwdate addgroup if failed during build process. <ref>
https://github.com/Kicksecure/sdwdate/commit/0f509ebc045ae88314f0abfe6faac1ddd48a8440
</ref>
[https://github.com/Kicksecure/sdwdate-gui <code>sdwdate-gui</code>]:
* <code>sdwdate-gui</code> log viewer: set the window title. <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/933883ec710eb0a5a43a276e0c6789b7744d42a3
</ref>
* Fixed harmless but nuisance warnings in Qubes R4.1 <ref>"Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-gw-16_shutdown from whonix-gw-16 to sys-whonix" "Denied: whonix.NewStatus Denied whonix.NewStatus+whonix-ws-16_shutdown from whonix-ws-16 to sys-whonix"</ref> by preventing `sdwdate-gui-shutdown-notify.service` from running inside the Template. <ref>Appreciation is expressed to @zellchristensen for the bug report and @marmarek for the bug diagnosis.</ref> <ref>https://github.com/QubesOS/qubes-issues/issues/6983</ref> <ref>
https://github.com/Kicksecure/sdwdate-gui/commit/5d844f993af7bc69c30140d35de8b8cf72331780
</ref>
[https://github.com/Kicksecure/swap-file-creator <code>swap-file-creator</code>]:
* `dh_installsystemd --no-stop-on-upgrade`: Use --no-stop-on-upgrade to not stop (and therefore not restart) the swap-file-creator systemd unit after package upgrade since there is no reason to re-create the swap file during upgrade of this package. --no-start is unused because a swap file should be created after installation of this package. dh_installsystemd manpage: --no-stop-on-upgrade "Do not stop service on upgrade. This has the side-effect of not restarting the service as a part of the upgrade." <ref>
https://github.com/Kicksecure/swap-file-creator/commit/f03cd0c0c18a384a3440e9dbe1adebdeafa6d496
</ref>
* Lowered the verbosity of output during boot to avoid a "swap file created" message overwriting the console login prompt. <ref>The alternative, configuring the login prompt to wait for swap-file-creator to be done instead would lead to a slower boot process.</ref> <ref>
https://github.com/Kicksecure/swap-file-creator/commit/b2b9dae3c16cacc6f786a74ac0fe723cd7794735
</ref>
[https://github.com/Kicksecure/systemcheck <code>systemcheck</code>]:
* Moved the location of the deprecation popup. <ref>
https://github.com/Kicksecure/systemcheck/commit/078eb326852c504640fc12c0dcff0fca35ee74ed
</ref>
* Ensure the deprecation notice is shown during a package upgrade. <ref>
https://github.com/Kicksecure/systemcheck/commit/e3a5ee7d47f761b7c920e80ac0e15fd25cd24536
</ref>
* Added a deprecation notice popup. <ref>
https://github.com/Kicksecure/systemcheck/commit/5f0c7deab97101c0217af07e4cf62cf2c45c8b06
</ref>
* `usr/libexec/systemcheck/canary-download.py` &rarr; `usr/libexec/systemcheck/canary-download`. <ref>
https://github.com/Kicksecure/systemcheck/commit/001fa395bf22f62a12296b719600b06fbf56c944
</ref>
* `etc/apparmor.d/usr.lib.systemcheck.canary` &rarr; `etc/apparmor.d/usr.libexec.systemcheck.canary`. <ref>
https://github.com/Kicksecure/systemcheck/commit/8e8b0854a37f19626e2f017457a67d4e8ce506e0
</ref>
[https://github.com/Kicksecure/tb-updater <code>tb-updater</code>]:
* Update: tbb_hardcoded_version="11.0.1". <ref>
https://github.com/Kicksecure/tb-updater/commit/79c0779916d9707a4a75e0bdf39749395f979d74
</ref>
* Took out the passage about removed backup functionality. <ref>
https://github.com/Kicksecure/tb-updater/commit/d9a5d7d11d4caf198f21a2f32b9aaa733a4ad17d
</ref> <ref>Appreciation is expressed to Frank.</ref>
* Update: alpha tbb_hardcoded_version="11.0a10". <ref>
https://github.com/Kicksecure/tb-updater/commit/862bc8c882af3ce06435d7197787420376d8fd51
</ref>
* Update: tbb_hardcoded_version="11.0". <ref>
https://github.com/Kicksecure/tb-updater/commit/73c5d33fbfb63552cbbc8e501f197bd51efa8573
</ref>
* Update: alpha tbb_hardcoded_version="11.0a9". <ref>
https://github.com/Kicksecure/tb-updater/commit/9f0ab50d81b662ff54f915d58b800c8151976958
</ref>
* Update: tbb_hardcoded_version="10.5.10". <ref>
https://github.com/Kicksecure/tb-updater/commit/3ae332a8726a45359b1a323593816f93b61fb00b
</ref>
* Further updates: tbb_hardcoded_version. <ref>
https://github.com/Kicksecure/tb-updater/commit/5bbbbcb4e2bd3792c8fbeb81e68360d75fcdbb4a
</ref>
[https://github.com/Kicksecure/timesanitycheck <code>timesanitycheck</code>]:
* Updated `/usr/share/timesanitycheck/minimum_unixtime`. <ref>
https://github.com/Kicksecure/timesanitycheck/commit/a2ae8d50a0ff51fae27b65971f3751b7d071c082
</ref>
* Fixed a typo, renamed `/usr/share/timesanitycheck/date-minium-file-create` &rarr; `/usr/share/timesanitycheck/date-minimum-file-create`. <ref>
https://github.com/Kicksecure/timesanitycheck/commit/84e27705b4b547f885ac7aa1af18fff12ecbb0dd
</ref>
* Updated `/usr/share/timesanitycheck/minimum_unixtime`. <ref>
https://github.com/Kicksecure/timesanitycheck/commit/256b6feabfc8aba4eecf3d0388ed508d98a29301
</ref>
[https://github.com/whonix/uwt <code>uwt</code>]:
* Added a uwt wrapper for `dnf-3` (for {{q_project_name_short}} 16 <code>dom0</code> UpdateVM support). <ref>https://github.com/QubesOS/qubes-issues/issues/6913</ref> <ref>https://github.com/QubesOS/qubes-issues/issues/6891#issuecomment-920220943</ref> <ref>
https://github.com/Whonix/uwt/commit/bd48b023a99b575ea7cd3ea598ea98f43fb8eded
</ref>
[https://github.com/whonix/whonix-firewall <code>whonix-firewall</code>]:
* Added an opt-in configuration for outgoing IP filtering through `outgoing_allow_ip_list`. <ref>
https://github.com/Whonix/whonix-firewall/commit/0dcdd8d318f895aee862d618778edbdb27647443
</ref>
[https://github.com/Kicksecure/legacy-dist <code>whonix-legacy</code>]:
* Improved <code>release-upgrade</code>. <ref>
https://github.com/Kicksecure/legacy-dist/commit/2cc3e23b7c9318560e82041d8510b464e18604cf
</ref> <ref>
https://github.com/Kicksecure/legacy-dist/commit/9df84beded4c52493789c0b5966e4e8de755d305
</ref> <ref>
https://github.com/Kicksecure/legacy-dist/commit/da7a850ea0bb8ba7f49edab080ee5a82b859f407
</ref> <ref>
https://github.com/Kicksecure/legacy-dist/commit/50a25523032ab8938e234f0888f9777a620b639f
</ref>
* <code>release-upgrade</code>: Ensure the meta package is downloaded and installed. <ref>
https://github.com/Kicksecure/legacy-dist/commit/3aa25297c40c5fe4890d2cfad7b1c8d34a8433e3
</ref>
* <code>release-upgrade</code>: Abort if no installed meta package has been detected. <ref>
https://github.com/Kicksecure/legacy-dist/commit/d8cda99a5a376981ff8dfc3dda2534f982fa86e3
</ref>
* <code>release-upgrade</code>: Added meta package detection. <ref>
https://github.com/Kicksecure/legacy-dist/commit/2d998d2884388ccad6e1110905522fc14352b892
</ref>
[https://github.com/Kicksecure/libvirt-dist <code>whonix-libvirt</code>]:
* RAM reduced to 1.5GB <ref>Appreciation is expressed to @HulaHoop.</ref> <ref>
https://github.com/Kicksecure/libvirt-dist/commit/c2962f7e9fdafa5486b0998110c18976d0410780
</ref> <ref>
https://github.com/Kicksecure/libvirt-dist/commit/68249c4f7af9aae47444d51ee0d5b6e6d7480ed8
</ref> <ref>
https://github.com/Kicksecure/libvirt-dist/commit/a38adbfe7c087919959e0c0331a7a0d1fd36a551
</ref>
* Decreased RAM to 256MB, updated descriptionp, and updated the description for activating desktop. <ref>
https://github.com/Kicksecure/libvirt-dist/commit/039cf62f31784193158711321964375b8cf0bff8
</ref> <ref>Appreciation is expressed to @HulaHoop.</ref>
[https://github.com/Kicksecure/xfce-desktop-config-dist <code>whonix-xfce-desktop-config</code>]:
* KVM desktop background. <ref>
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/94d1c6a8048755235e924420ca9cf19da3758e6a
</ref>
[https://github.com/derivative-maker/derivative-maker <code>Whonix build script</code>]:
* Re-enabled downloading of Tor from `deb.torproject.org`. <ref>See: [[Dev/Tor|Tor integration in {{project_name_short}} Development Notes]].</ref> <ref>[https://forums.whonix.org/t/tor-integration-in-whonix/10593 Tor integration in Whonix].</ref> <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/8360f544bcd4bba4cb60f3fde9011f43d5d89803
</ref>
* CI changes. <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/6850283e88d52dd96a5f82412f99d0818117d905
</ref>
* Fixed `help-steps/repo_download_chroot_script`. <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/5542f3491045ac2ef9db42f8ffcc112baef4cd7b
</ref>
* {{project_name_short}} [[KVM]]: Enable extended L2 entries, and reduced cluster size.
** I/O perf should improve thanks to extended L2, see: [https://blogs.igalia.com/berto/2020/12/03/subcluster-allocation-for-qcow2-images/ Subcluster allocation for qcow2 images].
** Decreasing cluster size produces smaller images. <ref>
https://github.com/{{project_name_short}}/derivative-maker/commit/bec122d15dc891a9b7ecad9fba702f3979783b65
</ref> <ref>Appreciation is expressed to @HulaHoop.</ref>

== {{project_name_short}} 16.0.3.1 ==

[https://github.com/whonix/anon-gw-base-files <code>anon-gw-base-files</code>]:
* Fixed the background image. <ref>
https://github.com/Whonix/anon-gw-base-files/commit/2ca7a856386a14f6dd69e7547e4977d652867841
</ref>

[https://github.com/whonix/anon-ws-base-files <code>anon-ws-base-files</code>]:
* Fixed the desktop background. <ref>
https://github.com/Whonix/anon-ws-base-files/commit/05e6e06250df24e72cb9aa14f5ab294f10dc17c1
</ref> <ref>
https://github.com/Whonix/anon-ws-base-files/commit/706a7eff48adab1306cd127e85062286c77392ca
</ref>

[https://github.com/whonix/corridor <code>corridor</code>]:
* Changelog. <ref>
https://github.com/Whonix/corridor/commit/cd7d2d4ba8ed55ff7b4f9508621c37d4afd3ce1d
</ref>

[https://github.com/Kicksecure/grub-live <code>grub-live</code>]:
* Fixed <code>grub-live</code> (<code>initramfs-tools</code> version). <ref>[https://forums.whonix.org/t/bullseye-live-boot-needs-grub-disable-linux-uuid-true-parameter-in-etc-grub-d-11-linux-live/9066 Bullseye: live-boot needs GRUB_DISABLE_LINUX_UUID="true" parameter in /etc/grub.d/11_linux_live].</ref> <ref>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994138</ref> <ref>
https://github.com/Kicksecure/grub-live/commit/42e806430a90829c8f06df873a1aa82a0c05a4ca
</ref>

[https://github.com/Kicksecure/hardened-kernel <code>hardened-kernel</code>]:
* Added <code>--remote-name</code>. <ref>
https://github.com/Kicksecure/hardened-kernel/commit/dd4d64c70d36d854f6b3f8faff281677000bd1cb
</ref>

[https://github.com/Kicksecure/helper-scripts <code>helper-scripts</code>]:
* Added `/usr/libexec/helper-scripts/desktop-background-skel-test`. <ref>
https://github.com/Kicksecure/helper-scripts/commit/6472efd1ce1769338881020e5aac03a221ccb6e1
</ref>
* <code>terminal-wrapper</code>: <code>xfce4-terminal --hold</code> supported since Debian <code>bullseye</code>. <ref>
https://github.com/Kicksecure/helper-scripts/commit/0199146c78a421c0429654636299a6e2fd795672
</ref>

[https://github.com/Kicksecure/kicksecure-meta-packages <code>kicksecure-meta-packages</code>]:
* Fixed and installed <code>policykit-1-gnome</code> by default. <ref>[https://forums.whonix.org/t/zulucrypt-appears-blank/12322 zuluCrypt appears blank].</ref> <ref>
https://github.com/Kicksecure/kicksecure-meta-packages/commit/aa3b4ff0c6f977da88ebad2c94fdbd6b38ea0160
</ref>

[https://github.com/Kicksecure/repository-dist <code>repository-dist</code>]:
* Legacy. <ref>
https://github.com/Kicksecure/repository-dist/commit/d3b7a4284aefd17d9173c65a95f0d6cb037e07e9
</ref>
* Legacy: upgraded existing `/etc/apt/sources.list.d/derivative.list` to use `[signed-by=/usr/share/keyrings/derivative.asc]`. <ref>
https://github.com/Kicksecure/repository-dist/commit/eb569b6225a67d78bee385c9d30981cdf7aeb91a
</ref>
* Changed `Depends: python3` to `Depends: python3:any` <ref>
https://github.com/Kicksecure/repository-dist/commit/73ccff0d64314490703eda5c376e04129fd6170e
</ref>
* Removed the no loner required `Depends: gnupg`. <ref>
https://github.com/Kicksecure/repository-dist/commit/3781fc5bd5e8396675b304e309427cc02e752a57
</ref>
* Implemented `Depends: helper-scripts`. <ref>
https://github.com/Kicksecure/repository-dist/commit/de2c03eb1e97ef4cc51979bbf0a51ac9d35879cf
</ref>
* Cleanup and removed legacy transitional package <code>whonix-repository</code>. <ref>
https://github.com/Kicksecure/repository-dist/commit/d25317d734052fee49bef8cd3d2e11161872e26f
</ref>
* Renamed: `usr/share/keyrings/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative.asc` and renamed `usr/share/keyrings/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative.pub`. <ref>
https://github.com/Kicksecure/repository-dist/commit/4afbd86c840c81fb64fdd27f5676accf854cad20
</ref>
* Deleted legacy `/etc/apt/trusted.gpg.d/derivative.asc` because now using `signed-by` and `/usr/share/keyrings/derivative.asc` <ref>
https://github.com/Kicksecure/repository-dist/commit/c7836751a6cc25cab5888815011df5a1d493e75c
</ref>
* Ported to APT sources.list `signed-by`. <ref>
https://github.com/Kicksecure/repository-dist/commit/e3e2db96441401015c4fa61f423b43a240390b97
</ref>
* Renamed:
** `usr/share/repository-dist/derivative-distribution-signing-key.asc` to `usr/share/keyrings/derivative-distribution-signing-key.asc` (gpg)
** `usr/share/repository-dist/derivative-distribution-signify-key.pub` to `usr/share/keyrings/derivative-distribution-signify-key.pub (signify) <ref>
https://github.com/Kicksecure/repository-dist/commit/d3f117937ecfd89d0a5159dd35e5813bd99d9aca
</ref>
* Use APT sources.list `signed-by`. <ref>[https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].</ref> <ref>
https://github.com/Kicksecure/repository-dist/commit/f113c374a5e36f25c98441d166d34863fdd9268a
</ref>

[https://github.com/Kicksecure/sdwdate <code>sdwdate</code>]:
* AppArmor fix. <ref>
https://github.com/Kicksecure/sdwdate/commit/a68789aa1fa4d753b724fe99c03fbb29b4fb859b
</ref>

[https://github.com/Kicksecure/security-misc <code>security-misc</code>]:
* Fixed: unduplicate kernel command line. <ref>
https://github.com/Kicksecure/security-misc/commit/d62bbaab82a33a485a82d42d8db5674d200a1c3d
</ref>
* Removed Debian <code>buster</code> support in `/etc/default/grub.d`. <ref>
https://github.com/Kicksecure/security-misc/commit/bd31b4085c853d8b182e3a13534827a695f5493a
</ref>

[https://github.com/Kicksecure/systemcheck <code>systemcheck</code>]:
* Updated the path APT `signed-by`. <ref>[https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].</ref> <ref>
https://github.com/Kicksecure/systemcheck/commit/5ac0a09063e7a90d2e340f25b7e6bc854f376b1e
</ref>

[https://github.com/Kicksecure/tb-updater <code>tb-updater</code>]:
* <code>alpha tbb_hardcoded_version="11.0a6"</code>. <ref>
https://github.com/Kicksecure/tb-updater/commit/778637418b37389e9d42769f6d200398e5544cda
</ref>
* <code>tbb_hardcoded_version="10.5.6"</code> <ref>
https://github.com/Kicksecure/tb-updater/commit/6011e9e5dc2833892eadce7c0be2a6b65431cf04
</ref>

[https://github.com/Kicksecure/usability-misc <code>usability-misc</code>]:
* Added <code>--remote-name</code>. <ref>
https://github.com/Kicksecure/usability-misc/commit/ae50fc3e75b16b4f54004cd9d0c2a74d38cb5c06
</ref>
* Ported to APT `signed-by`. <ref>[https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302 APT repository signing keys per APT sources.list - signed-by].</ref> <ref>
https://github.com/Kicksecure/usability-misc/commit/02486c1af3053828001f55fe3ed02b46be1aefcd
</ref>

[https://github.com/Kicksecure/xfce-desktop-config-dist <code>whonix-xfce-desktop-config</code>]:
* Fixed the desktop background. <ref>
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/2c986f88f3e85fec6412acd2fcfb9f254e92c479
</ref> <ref>
https://github.com/Kicksecure/xfce-desktop-config-dist/commit/829286e9e0291fefc87f4031ce1b3276cfb1045b
</ref>

== {{project_name_short}} 16.0.2.7 ==

[https://github.com/whonix/anon-gw-base-files <code>anon-gw-base-files</code>]:
* Fixed the <code>bullseye</code> background image. <ref>[https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image].</ref> <ref>https://github.com/Whonix/anon-gw-base-files/commit/ef3ac0fdda5d56ecfb9c946cb0224b7aa627a25e</ref>

[https://github.com/whonix/anon-meta-packages <code>anon-meta-packages</code>]:
* Integrated <code>kicksecure-dependencies-system</code>. <ref>[https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut].</ref> <ref>https://github.com/whonix/anon-meta-packages/commit/bd10983f849960f6176be2886b7287a2a9a48959</ref>

[https://github.com/whonix/anon-ws-base-files <code>anon-ws-base-files</code>]:
* Fixed the <code>bullseye</code> background image. <ref>[https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image].</ref> <ref>https://github.com/Whonix/anon-ws-base-files/commit/4990b0578dbecddac34682104d844f4a7a8d3589</ref>

[https://github.com/Kicksecure/binaries-freedom <code>binaries-freedom</code>]:
* Added the Debian install file (generated using <code>genmkfile debinstfile</code>). <ref>https://github.com/Kicksecure/binaries-freedom/commit/3cca621377fe9191e45ac40eecacbc45a702658f</ref>
* <code>binaries-freedom</code> is an empty package at present. <ref>[https://forums.whonix.org/t/policy-for-inclusion-of-compiled-software/6635 Policy for Inclusion of Compiled Software].</ref> <ref>https://github.com/Kicksecure/binaries-freedom/commit/86223e3cbb5c6aab67616201a2936266d677c6bf</ref>

[https://github.com/Kicksecure/debug-misc <code>debug-misc</code>]:
* <code>dracut</code>. <ref>https://github.com/Kicksecure/debug-misc/commit/eb232484bc4d248d866456c0eb236c17a137cc4c</ref>
* Removed ‘rhgb’ from GRUB_CMDLINE_LINUX_DEFAULT. <ref>https://github.com/Kicksecure/debug-misc/commit/017c41ed068e5b675f741bc34c3d1f1733a5c8af</ref>
* <code>add_dracutmodules+=" debug "</code> <ref>https://github.com/Kicksecure/debug-misc/commit/915882889918bf7969fa7b9f7bb6f7dfcb5bb554</ref>

[https://github.com/Kicksecure/grub-live <code>grub-live</code>]:
* <code>dracut</code>. <ref>https://github.com/Kicksecure/grub-live/commit/7a1b20db9185b4cbbe04937f7993783f2261195b</ref> <ref>https://github.com/Kicksecure/grub-live/commit/df99255112d9eae360cce8534b9cfa92795125c6</ref>
* Fixed and removed <code>dracut</code> <code>kernel_cmdline="rootovl"</code> since that is already conditionally set in the <code>grub</code> boot menu (otherwise the system will always boot into live mode). <ref>https://github.com/Kicksecure/grub-live/commit/cb94f18bd47a56d0427e9ae822f966f32fd55f2e</ref>
* Removed <code>dracut</code> <code>hostonly="yes"</code> since that is already the Debian default. <ref>https://github.com/Kicksecure/grub-live/commit/3bded2153eb311ee6f8571bf67483d3514d97ed0</ref>
* Added <code>dracut</code> support based on [https://github.com/friedrich12/dracut-grub-live friedrich12 / dracut-grub-live]. <ref>[https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/10 replacing initramfs-tools with dracut].</ref> <ref>https://github.com/Kicksecure/grub-live/commit/1989d6e12ac4e5eec03ed3b492c4c84fd6695fd9</ref>

[https://github.com/Kicksecure/helper-scripts <code>helper-scripts</code>]:
* Improved diagnostic messages. <ref>https://github.com/Kicksecure/helper-scripts/commit/8a4939227c4ff0016451a3be8a8de8f7c7360b56</ref>

[https://github.com/Kicksecure/kicksecure-meta-packages <code>kicksecure-meta-packages</code>]:
* Installed <code>flatpak</code> by default and added it to <code>kicksecure-recommended-cli</code>. <ref>[https://forums.whonix.org/t/flatpak-as-a-software-source-flathub-as-a-source-of-software/8500 FlatPak as a Software Source / flathub as a source of software].</ref> <ref>See: [[Install_Software#flatpak|flatpak]].</ref> <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/be19b89acba35c5b6e9350b3f4aa5d8c13288ba3</ref>
* Installed <code>extrepo</code> by default and added it to <code>kicksecure-recommended-cli</code>. <ref>[https://forums.whonix.org/t/extrepo-safely-adding-repos/8539 extrepo - safely adding repos].</ref> <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/7f4f2930d720836cd4051a4ba6e38959037f2d95</ref>
* Switched from <code>lightdm</code> to <code>gdm3</code> because <code>lightdm</code> autologin is non-functional. <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/e11275ee58b15bbb9ec5d745046b4b369b681c99</ref>
* <code>kicksecure-dependencies-system</code> Depends: <code>linux-initramfs-tool</code>, <code>dracut</code> and <code>initramfs-tools</code>. <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/b1616daee3c2c228de8db866ea168be088e4ea5c</ref> <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/7c1ed0864ec1916497df39f1660d5fb97ba01e80</ref>
* Introduced and integrated <code>kicksecure-dependencies-system</code>. <ref>[https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487 replacing initramfs-tools with dracut].</ref> <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/a586c06595c836122c6f357d07f28541b16f988d</ref> <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/6b42c87bef0ee62fd57f4435cb69997243b3f6d8</ref>
* Removed <code>initramfs-tools</code> from <code>non-qubes-vm-enhancements-cli</code> for <code>dracut</code> support. <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/3b67c5c18981c7a3072ece594f94f98e9537cb1f</ref>
* Introduced <code>kicksecure-qubes-cli</code> and <code>kicksecure-qubes-gui</code>. <ref>https://github.com/Kicksecure/kicksecure-meta-packages/commit/eac116b98463f9b50812fe4c43b5420181b62b3e</ref>

[https://gitlab.com/kicksecure/monero-gui <code>monero-gui</code>]:
* Updated to <code>monero-gui-linux-x64-v0.17.2.3.tar.bz2</code>. <ref>https://web.archive.org/web/20210902155943/https://github.com/monero-project/monero-gui/releases/tag/v0.17.2.3</ref> <ref>https://web.archive.org/web/20210902155938/https://downloads.getmonero.org/gui/monero-gui-linux-x64-v0.17.2.3.tar.bz2</ref> <ref>https://web.archive.org/web/20210902160006/https://www.getmonero.org/downloads/hashes.txt</ref> <ref>https://gitlab.com/kicksecure/monero-gui/-/commit/a34bac079c2a31b533117070cf38c7a4957f36c3</ref>

[https://github.com/whonix/qubes-whonix <code>qubes-whonix</code>]:
* Dropped <code>initramfs-tools</code> from <code>qubes-whonix-shared-packages-recommended</code>; this is left to Qubes for <code>dracut</code> support. <ref>[https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/13 replacing initramfs-tools with dracut].</ref> <ref>https://github.com/Whonix/qubes-whonix/commit/683c5ee6247dd562fa52789c5475621f43a95377</ref>

[https://github.com/Kicksecure/sdwdate <code>sdwdate</code>]:
* Fixed a dependency issue. <ref>https://github.com/Kicksecure/sdwdate/commit/95f62a51727ab153c83a1a5650786b2ffd778038</ref>

[https://github.com/Kicksecure/security-misc <code>security-misc</code>] improvements:
* Do not set kernel parameter <code>quiet loglevel=0</code> for recovery boot option for easier debugging. <ref>https://github.com/Kicksecure/security-misc/commit/ac0c492663b9d90f99e5969193b35b53d4175d1d</ref>
* Moved grub quiet to a separate configuration file <code>/etc/default/grub.d/41_quiet.cfg</code>. <ref>https://github.com/Kicksecure/security-misc/commit/49902b8c56512c3ee8b3d16b0ca513e44349c66d</ref>
* <code>dracut reproducible=yes</code>. <ref>https://github.com/Kicksecure/security-misc/commit/a4e18a2ae8c19a664bb1be5bc4ec43f10a876969</ref>
* <code>Depends: libpam-modules-bin</code>. <ref>https://github.com/Kicksecure/security-misc/commit/e2810f348b413bb307449a911c12a46924686a9f</ref>
* Fixed faillock implementation - <code>dovecot / ssh</code> are exempted. <ref>https://github.com/Kicksecure/security-misc/commit/be8c10496f26d33378deb2427e56892771456ee5</ref>
* Fixed and added <code>sshd</code> to <code>pam_service_exclusion_list</code> to avoid faillock. <ref>https://github.com/Kicksecure/security-misc/commit/8b104f544a9e4e8da1691659fefa4999a4f6f085</ref>

[https://github.com/Kicksecure/systemcheck <code>systemcheck</code>]:
* Now run <code>check_sudo</code> earlier. <ref>https://github.com/Kicksecure/systemcheck/commit/09129d482c339a21c1b5c55447d50906a0b64fd9</ref>

[https://github.com/Kicksecure/usability-misc <code>usability-misc</code>]:
* Removed <code>/etc/lightdm/lightdm.conf.d/autologin.conf</code> (comments only) since it might interfere with autologin. <ref>https://github.com/Kicksecure/usability-misc/commit/b6461000a276594155ab88d994b4b4268451030e</ref>

[https://github.com/Kicksecure/vm-config-dist <code>vm-config-dist</code>]:
* <code>config-package-dev</code> displaces <code>/etc/gdm3/daemon.conf</code>. <ref>https://github.com/Kicksecure/vm-config-dist/commit/c071e8b630fe63963fbf5554986c0fecdcb6bd74</ref>
* Added and enabled <code>gdm</code> autologin. <ref>https://github.com/Kicksecure/vm-config-dist/commit/1417726fc0a08bae8fe94c3dca3555aeef82677b</ref> <ref>https://github.com/Kicksecure/vm-config-dist/commit/fc802381584056fbaef1e7388c720c2c3c3dcb19</ref> <ref>https://github.com/Kicksecure/vm-config-dist/commit/bf00f606b3188c5a023f446cb31f910349708b4e</ref>
* Added the original <code>/etc/gdm3/daemon.conf</code>. <ref>https://github.com/Kicksecure/vm-config-dist/commit/ee1f0c3a4b8f7c18c4228385506e18e9a0cfe0ee</ref>
* Fixed autologin. <ref>https://github.com/Kicksecure/vm-config-dist/commit/b0c1af96519f82a9dcd2baf4f414c5efbc5d87f2</ref> <ref>https://github.com/Kicksecure/vm-config-dist/commit/a41b9d9bd270dec8a3cb76ddade164d0de914696</ref>
* Disabled <code>dracut</code> module resume in VMs since it might break the boot process if built inside <code>chroot</code>. <ref>https://github.com/Kicksecure/vm-config-dist/commit/ee07d87be47c3c48f4369b5816876d5d826999a4</ref>
* <code>vbox-guest-installer</code>: recommend, migrate from VirtualBox guest addition ISO to VirtualBox guest addition packages. <ref>[[VirtualBox/Guest_Additions#Migration_to_Guest_Additions_Packages|Migration to Guest Additions Packages]].</ref> <ref>https://github.com/Kicksecure/vm-config-dist/commit/b23e33b69dde7a62d8b63884900095aeacc19024</ref>

[https://github.com/Kicksecure/legacy-dist <code>whonix-legacy</code>]:
* Updated version. <ref>https://github.com/Kicksecure/legacy-dist/commit/b9d166ff16d3f8d61a0554784df9976cd88c6e72</ref>
* Improved <code>release-upgrade</code>. <ref>https://github.com/Kicksecure/legacy-dist/commit/8a17fef51a03c62205172494704dad11c361c31d</ref> <ref>https://github.com/Kicksecure/legacy-dist/commit/8d8fb6be0628a19e32c76fcd3edd732d7ba3bd5f</ref>

[https://github.com/Kicksecure/xfce-desktop-config-dist <code>whonix-xfce-desktop-config</code>]:
* Fixed the <code>bullseye</code> background image (actually still broken). <ref>[https://forums.whonix.org/t/whonix-xfce-wallpaper-background-image/7984 Whonix XFCE Wallpaper / Background Image].</ref> <ref>https://github.com/Kicksecure/xfce-desktop-config-dist/commit/9d386ab84f420cf28a2661787500366af1088da1</ref>

= Documentation Updates =

New wiki chapters:
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2">
* [[Bitcoin_Core|Bitcoin Core]]
* [https://www.kicksecure.com/wiki/Mental_Model Computer Security Mental Model]
* [https://www.kicksecure.com/wiki/Cryptocurrency_Security_Threats Cryptocurrency Security Threats]
* [[PyLRU|How-to: Install PyLRU in {{project_name_short}}]]
* [[ElectrumX|How-to: Use ElectrumX Personal Server in {{project_name_short}}]]
* [[Monero_Wallet_Isolation|How-to: Use Monero with Wallet Isolation in {{q_project_name_short}}]]
* [https://www.kicksecure.com/wiki/Keepassxc KeePassXC Password Manager]
</div>

Wiki improvements/enhancements:
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2">
* [https://www.kicksecure.com/wiki/Dev/About_Computer_(In)Security About Computer (In)Security]
* {{kicksecure_wiki
|wikipage=Mobile_Phone_Security
|text=Mobile Devices Privacy and Security
}}
* [[Multiple_Whonix-Gateway#Qubes-Whonix_â„¢|Create {{project_name_gateway_short}} ProxyVMs]]
* [[Social_Engineering|Social Engineering and (Spear) Phishing]]
* [[Systemcheck|systemcheck]]
* [[Two-factor_authentication_2FA|Two-factor Authentication (2FA)]]
</div>

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]