changelog.upstream

commit 1f6ed2cc7047e1144e811d94dddc7306ee93b61e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:55:20 2020 -0500

    add support for passing parameters to usr/lib/security-misc/apt-get-update

commit 2291b7f787bcec5f64f632c6f3e8dfb12c67b4ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:43:31 2020 -0500

    bumped changelog version

commit 8627c9f76d1bdf26a423a92506d3d8c0eb1afc2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:18:02 2020 -0500

    /usr/lib/security-misc/apt-get-update increase default timeout_after="600"

commit 829e28aa90ff5cb38edcc3cfab8ec91939ae5844
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:17:07 2020 -0500

    /usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support

commit 0bd0a4a647aef9899e1cbb5671ccfa3ca36efe18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:14:34 2020 -0500

    bumped changelog version

commit 85d2aa1365ae5dfc43944a938794954452c26fe0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:13:42 2020 -0500

    hide stdout (but not stderr) by sysctl during initramfs

commit d69c1839cd30145c30247e0962a97cfd38f79d60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:02:26 2020 -0500

    bumped changelog version

commit b9d65338bcc76552e4d2169106cd04e6276eb320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 05:55:13 2020 -0500

    unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...)
    
    this might reduce performance
    
    * `spectre_v2=on`
    * `spec_store_bypass_disable=on`
    * `tsx=off`
    * `tsx_async_abort=full,nosmt`
    
    Thanks to @madaidan for the suggestion!
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647

commit 2711d0f7f08362f97383fbae81ce9d520b19dcbc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:32 2020 -0500

    bumped changelog version

commit 4df0d6c01cc91139dc9eef1dc4265e8cacde8cdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:06 2020 -0500

    readme

commit c1a0da60beacd027c1c7c94ae44a9d7b1ab708b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 00:46:48 2020 -0500

    set kernel boot parameter `l1tf=full,force` and `nosmt=force`
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17

commit efc40da4fb1fffcc760685cda0e49dc04da4c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 12:02:27 2020 -0500

    bumped changelog version

commit 07dcb32fc28abf33eaf0425c67cc5cf9ee1f5a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 11:55:38 2020 -0500

    readme

commit f4c54881ac21ed095f54a59f9c0baf582ef76d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:49:19 2020 -0500

    description

commit 25317f23e3a80fdd9f6965990cd397ddcab11a4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:41:16 2020 -0500

    bumped changelog version

commit be79f0688a47dca129ac61dd78b18a2638e8650c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:20 2020 -0500

    readme

commit c0d3726b002d136e602c6bdaf07c5d94c5591ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:03 2020 -0500

    comment

commit a37da1c96880b14a8271712801e6da3d3ea766eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:39:06 2020 -0500

    add digits to drop-in file names

commit 2ab940c60311ae38079d2ceb09e04eedac2aad90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:34:18 2020 -0500

    bumped changelog version

commit bac6cd601baaca7453c55719e9dfa84d5109135d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:54 2020 -0500

    readme

commit 3a4d283169b381bdc93c4ff5ce7b08c11a0830b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:30 2020 -0500

    description

commit e0aa67677d3561cae6544c24e12021dd04f26133
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:30:36 2020 -0500

    merge the many modprobe.d config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit 6a4c493213929b354a3c8d2acf2325473ae63cfd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:26:36 2020 -0500

    merge the many sysctl config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit f653b94e7747436323e2083d416ab86560e3cd71
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:49:02 2020 -0500

    bumped changelog version

commit ca057713e2e1f3c4a47216aadb51ba0ca012e39e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:39:04 2020 -0500

    readme

commit 8616728ce0a6e5eaa799949abb5bfccd0a7effa7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:35:15 2020 -0500

    remove duplicate

commit d4a37b6df2a2de4822e3e4bac93ca3e10712af7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:18:17 2020 -0500

    remove-system.map: source /usr/lib/helper-scripts/pre.bsh

commit 3b283ec00f03b580d2f8b76f95449240a163dd48
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:10:47 2020 -0500

    bumped changelog version

commit 531f17cb68b331beb19a6e6c8b76575ebe38f95e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:08:08 2020 -0500

    add update initramfs trigger
    
    https://github.com/Whonix/security-misc/pull/53

commit df0b2afda1e1d5a3fddfd8c48b62a5de8295d687
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:12:32 2020 -0500

    bumped changelog version

commit 18041efa2f704d2a177b033ff8008aacdb7dde3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:01:17 2020 -0500

    fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live

commit 627b95e0b363e2e46a5de8a7aa5065bc66242293
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:51:25 2020 -0500

    bumped changelog version

commit fbe9b60d95d43452bf661461197efced431806a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:49:02 2020 -0500

    fix Whonix / Kicksecure
    
    /var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
    /var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
    
    sudo adduser user console

commit 960e1ff6e82f8593c2d242a6a0f1e1cf5805c85b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:32:57 2020 -0500

    bumped changelog version

commit 130434186811930d40407115af99116d4982da49
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:10:56 2020 -0500

    readme

commit 6f8d89c6c5609ed83d9dcd174375cb1ccfca91d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:54:06 2020 -0500

    error handling

commit 7211f6e0199d2ccb50437c7a5b0842050590b5dc
Merge: e110ea0 f6cc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:53:36 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit f6cc76acd729428f83d3497a2e83bfc4b14f1ff8
Merge: e110ea0 1df48a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 20:52:33 2020 +0000

    Merge pull request #55 from madaidan/sysctl.conf
    
    Process sysctl.conf in initramfs

commit 1df48a226d83b98dadc8bfb8dbc479dd656e2313
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:30:17 2020 +0000

    Update control

commit f7fde60b67a7ef44658cde3b835565407aafd133
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:28:32 2020 +0000

    Process sysctl.conf too

commit e110ea0b84329dfbe0175298b21e7732f7105436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:37:52 2020 -0500

    bumped changelog version

commit 0f17596aacb86afb7abcdd4781a9995dde23d3bb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:41 2020 -0500

    readme

commit 0618b5346493723865cc6f2a632822c8b6fa690a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:07 2020 -0500

    fix lintian warning

commit 47ce3bec75f9aeb808993a70579ba93d2527a371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:05:54 2020 -0500

    bumped changelog version

commit 73e830d0ac1ece338b0e80ca1a020d84a15d1774
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 10:08:57 2020 -0500

    readme

commit 8ab4623f8e81ad1b67858b458f2ae4085e7c8e65
Merge: 8015954 087465a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 06:06:39 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 087465a0cdecc4765f7b659256cdd5e8cdef73ab
Merge: 8015954 528c5fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:30 2020 +0000

    Merge pull request #53 from madaidan/sysctl-initramfs
    
    Set sysctl values in initramfs

commit 528c5fc4c41026396a63ac91af7c156dd0d4f191
Merge: 9dc43ea 8015954
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:03 2020 +0000

    Merge branch 'master' into sysctl-initramfs

commit 80159545a580830565ec01a507915add9c44838a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 02:42:10 2020 -0500

    fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup
    
    https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764
    
    do show lxqt-sudo password prompt if there is a sudoers exceptoin
    
    improved pkexec wrapper logging

commit d90ca4b1ad18289d6bcfcef51cfb032a0b4423eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:12:13 2020 -0500

    refactoring

commit 082f04f2d4101828455a4a9b2852376a72ced6ce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:04:58 2020 -0500

    add logging to pkexec wrapper

commit 1059ccf2254d0aac40d2c14680fea2a4012a2d66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:28:28 2020 -0500

    bumped changelog version

commit 660837dc380440f6b00d3baf9395222376163b3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:25:32 2020 -0500

    fix case when user "user" does not exists

commit 18c726c3eebc93f69062f1e4c1d3c7ab394985c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:23:02 2020 -0500

    comment

commit b8652681e741236af2e20876d7103b2dfb0ae9bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:21:47 2020 -0500

    fix legacy

commit cc21f912a372faef8322801e9a48882f29159c2d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:20:36 2020 -0500

    bumped changelog version

commit 2078cd237f2aaad8d68c1c5eab3f9942460ecd3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:18:30 2020 -0500

    readme

commit c377c5ff83437a5447ecc9c873150421f4f1e691
Merge: 8341242 539f24b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:01:38 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 539f24b65ee7739487d8038fcb1fdfb1ed62ab22
Merge: 8341242 0953bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 14:01:17 2020 +0000

    Merge pull request #54 from madaidan/panic_on_oops
    
    Document panic_on_oops

commit 0953bbe1d7f3e789aef2218a65c14c586dab4bcb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jan 13 21:05:35 2020 +0000

    Update control

commit 9dc43eae38b55951cae2a9bf93114bcf742f8c8b
Author: madaidan <>
Date:   Sun Jan 12 21:42:07 2020 +0000

    Description

commit 8c4e0ff1c4d6191dbb40b28cfc23a8185cc0cbdb
Author: madaidan <jeremy_stevens12@protonmail.ch>
Date:   Sun Jan 12 21:37:37 2020 +0000

    Set sysctl values in initramfs

commit 8341242abc342d9cbd82afe12f512daf73a9e59a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:19:29 2020 -0500

    bumped changelog version

commit 130a4cf6d433f4d862e10e31abbc2b1f3b1614d2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:17:06 2020 -0500

    readme

commit 61a2d390a7d6195d556898db8afa57822a9bc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:15:12 2020 -0500

    lintian

commit 3fae8e771ffbdd3023921b296e46cf982034d2ac
Merge: 13a1e13 e9f4dbd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:14:43 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit e9f4dbdda579db83f330054253100bc7c5d1e2be
Merge: 13a1e13 6088444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 20:14:10 2020 +0000

    Merge pull request #52 from madaidan/vivid
    
    Blacklist the vivid kernel module

commit 6088444c371f021ca23daa3a0ab1ee431d429a61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:38:17 2020 +0000

    Update control

commit a662a76a52970530a4a3c3d6a284ce9400dc74c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:37:00 2020 +0000

    Blacklist vivid

commit 13a1e1321e05965ad9449fafa4406c4d3b781dcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 1 05:59:59 2020 -0500

    bumped changelog version

commit 5031e7cc4b8bfc4037ba6ea029e20637090ccacb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 08:18:38 2019 -0500

    better output if trying to login with non-existing user

commit b2bdeb90957da4ebe38e7f12fba0330b89e0983d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:08:32 2019 -0500

    bumped changelog version

commit 2a3aae62b1cf97313b925fac94261e28af7ea3d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:06:52 2019 -0500

    fix

commit 427deec3f50664f2fbb244b6cf060bb5b9e821b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:03:48 2019 -0500

    bumped changelog version

commit e89552c9846f85b4bbf73595080d71dcd873fe29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 05:55:44 2019 -0500

    add user "user" to group "console" in Whonix and Kicksecure
    
    enable Console Lockdown in Whonix and Kicksecure

commit b5a2d1dc581b53974aaa148f6d8f3054c9d1c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:54:58 2019 -0500

    bumped changelog version

commit 20697db3ee5d227176c4d31e6c96454a64f47797
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:53:02 2019 -0500

    improve console lockdown info output

commit 788914de95ee9299d685e8b65466feee1085cf18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:46:32 2019 -0500

    group ssh check was removed
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27

commit 06ed728d791abe0ad3c93091fd8ebc088f73c4ef
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:42:14 2019 -0500

    bumped changelog version

commit f3ff32ddbb8a7cf7555b9f1b2154e83154532a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:39:24 2019 -0500

    Protect /bin/mount from 'chmod -x'.
    
    /bin/mount exactwhitelist
    /usr/bin/mount exactwhitelist
    
    Remove SUID from 'mount' but keep executable.
    
    /bin/mount 745 root root
    /usr/bin/mount 745 root root
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/61

commit e4e9c4e3b09138af25e94a6db81b0f759ddb4d1b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 05:59:43 2019 -0500

    bumped changelog version

commit 9c0d6b605707dbcb7db9cd227257a5dcd612f784
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:09:07 2019 -0500

    copyright

commit edc08988f26532daf90bc4a4f007aef53e62eeaf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:08:53 2019 -0500

    copyright

commit 9156d3584cd7ba9064d5af54afd95b6d8e73907b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:59:05 2019 -0500

    Description

commit 3ea946b365d8b05cabce63f4d26b3153559aa465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:51 2019 -0500

    RemainAfterExit=yes

commit 2787ae976580d20ea4da5213c7f624f984510934
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:35 2019 -0500

    copyright

commit 6d56eb9ef0e2cfbba46df2294deb9c8e6b9aa2b7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:18 2019 -0500

    minor

commit 0e14706f32728123f1d345b73266934fe454a989
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:45:26 2019 -0500

    copyright

commit 1a0f7a77335940a11e33ca519d8f64429b8ee966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:43:32 2019 -0500

    debugging

commit 5271892cb1e4646b79388d064227d4662b682583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:42:54 2019 -0500

    debugging

commit 683028049c46516ba105b1b73364960b3b87efd6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:41:23 2019 -0500

    debugging

commit e3e1ff2a310c46fab67309edd88e73096843edcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:35:46 2019 -0500

    exit with error if a config line cannot be processed rather than skipping
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/59

commit d5c99f3a60372a00ded4b1b4340775aab1421d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:27:21 2019 -0500

    output

commit e5623fcd2b32b58e72c2ef80955072f013672e0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:21:52 2019 -0500

    comment

commit d7f58db52c926c11157671c4555ca97f02929a76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 27 05:30:12 2019 -0500

    bumped changelog version

commit 674840e6f9fb362dc713da3edde07132b5ae17d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 26 05:44:35 2019 -0500

    /fusermount matchwhitelist
    
    unbreak AppImages such as electrum Bitcoin wallet
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/57

commit 507a30d6e39f17fcb09b92033fe1d831e7d4baf4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:35:49 2019 -0500

    bumped changelog version

commit 04f438f75d4566822026373e78988e9d4e42b8b5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:09:37 2019 -0500

    comment

commit 9da0e428ed4635fb5ca98b2d72b56b553404a742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:31 2019 -0500

    debugging

commit e18ec533c3ebb382f974d30db3cd1f5eace648c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:02 2019 -0500

    comment

commit 0326cd5ee9371213420d2afdcbfb0a05d9a808e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 08:07:55 2019 -0500

    bumped changelog version

commit ede536913daa0c7ddfe55e20c93d7b752daa5de3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 06:00:41 2019 -0500

    no longer hardcode amd64

commit d03a3d9ac03bc29ba349107855936dd194e12271
Merge: 9d77d88 27a42a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 05:57:24 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 27a42a9da82bc1f22135ffa509925f63177f25d9
Merge: ac49c55 79241c5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:11 2019 +0000

    Merge pull request #50 from madaidan/modules
    
    Make /lib/modules unreadable

commit ac49c55d1fafff5f36bd7c595f50db295ff616a2
Merge: 0c3d4ad 98e88d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:03 2019 +0000

    Merge pull request #49 from madaidan/kver
    
    Detect kernel upgrades

commit 0c3d4ad255de75b57a2e316bf8a7fd77a2fc0d4d
Merge: 9d77d88 d1a0650
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:54:23 2019 +0000

    Merge pull request #48 from madaidan/kernel-hardening
    
    Use only one slub_debug parameter

commit 79241c5d09c4a7123cf90b45289b53d893135efb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 20:28:29 2019 +0000

    Make /lib/modules unreadable

commit 98e88d1456ca0e8fa23809115c51c380a4bb2d3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:57:43 2019 +0000

    Detect kernel upgrades

commit d1a0650fd944973ab614c1da06f8e555b31b73ae
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:44:52 2019 +0000

    Use only one slub_debug parameter

commit 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 09:39:50 2019 -0500

    comments

commit 7a80837b4f0a7201f3e092ad9b99b4cddb6043b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 08:48:04 2019 -0500

    bumped changelog version

commit 617c0a0e15f1c113b6e7fd748bb75978e4f23fcd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 07:21:26 2019 -0500

    disable remount-secure.service - Disable for now until development finished / tested.

commit 3e131174d5919303462295cb0852a9254885ae7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 05:00:35 2019 -0500

    comments

commit bef41a38c26548d50101f7ea636316e1e2107a55
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:58:00 2019 -0500

    bumped changelog version

commit 046ceeae4df3b45916f35b0789af341c4f3d911a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:57:36 2019 -0500

    readme

commit 9f072ce4f99467f82986be348c9cedc2eb7f017d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:46:02 2019 -0500

    comment

commit 26fe9394fff2eb5be2f19272ea76ed187a8237e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:41:54 2019 -0500

    disable lockdown for now due to module loading

commit 9ec5b0ee82263e1afb38c44348e69437ddc5c9c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:49 2019 -0500

    description: lockdown not enabled yet

commit b05669accfe6fac8070003bbd57939ca2c621445
Merge: 11b4192 1ff51ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:04 2019 -0500

    Merge branch 'madaidan-kernel-hardening'

commit 1ff51ee061dcdb1a898ebb68c0267ce926e0fca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:37:28 2019 -0500

    merge

commit 535c258b834028e5638fd2b37b1a6f352e2b4558
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Dec 18 20:43:01 2019 +0000

    More kernel hardening

commit 11b4192fbdbc02af97e7dc32677bdb3a549b0000
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:28:42 2019 -0500

    comments

commit 42ff53e9ad26190dcbff154f6cfd039e3f6bdf83
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:42:07 2019 -0500

    bumped changelog version

commit 2152fa2d61fa72935b70e60b98ccbe2e1b31db43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:38:53 2019 -0500

    comment

commit f8f2e6c7041d98572452be2e53094d0c539b1616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:35:13 2019 -0500

    fix disablewhitelist feature

commit 47ddcad0c0af27093f61cf77008224bf66572532
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:29:47 2019 -0500

    rename keyword whitelist to exactwhitelist
    
    add new keyword disablewhitelist
    
    refactoring

commit 175d1c284552a08881286e8c3ca5d8eb9b97a144
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:13:13 2019 -0500

    bumped changelog version

commit 0409aac3aeb7acc273e19b16e78409994c731f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:09:04 2019 -0500

    readme

commit 1ff56625a170c392f6099b41f371c56032362ea0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:42:03 2019 -0500

    polkit-agent-helper-1 matchwhitelist to match both
    
    - /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
    - /lib/policykit-1/polkit-agent-helper-1

commit d484b299ea1a93a401d00a212d675b5837b8aaa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:38:31 2019 -0500

    matchwhitelist /qubes/qfile-unpacker to match both
    
    - /usr/lib/qubes/qfile-unpacker whitelist
    - /lib/qubes/qfile-unpacker

commit 34bf2457136db227cc27a5d0fe9282f09780a310
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:35:45 2019 -0500

    output

commit ba30e45d15ec53b2d0a67ce96f5132d3f59bf870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:32:42 2019 -0500

    output

commit ee9c5742da99673785068b0393e3587a77c99a31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:29:48 2019 -0500

    output

commit 6d05359abcf460cbec266401530a9ab1aaaaf47f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:21:52 2019 -0500

    output

commit a1e78e8515a87ebc8fc2211b3e1e91824fd3865a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:20:56 2019 -0500

    fix needlessly re-adding entries

commit 906b3d32e769bbd30ed5698268899a7d2ec71d95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:09:57 2019 -0500

    output

commit 4f76867da6ce5710cf486175cd84adcd72640049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:08:02 2019 -0500

    lower debugging

commit dc6e5d8508a09bd7f2b9bfed02bc502797c11361
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:06:38 2019 -0500

    fix

commit 87b999f92aab4f4176f366308c27c4fe5471580c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:43 2019 -0500

    refactoring

commit 065ff4bd058ab26df3d3af1022da9d6a7405ab61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:24 2019 -0500

    sanity_tests

commit fef1469fe62bf923ba89077934c8b0e5d8cd0258
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:51:14 2019 -0500

    exit non-zero if capability removal failed

commit 3670fcf48baecffe098c96eb67cbd601bc3e0069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:49:33 2019 -0500

    depend on libcap2-bin for setcap / getcap / capsh

commit 17a8c294702acb30c397abc984d69c356cec2cd7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:47:49 2019 -0500

    fix capability removal error handling
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/45

commit b631e2ecd8ae0e08850edd81bf64b02666fb6234
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:36:41 2019 -0500

    refactoring

commit 7aea304549cea2c885c2d813c7a15f617f4ebf2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:26:15 2019 -0500

    comment

commit f4b1df02ee66309d12724cf7124b14180c855f14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:42:40 2019 -0500

    Remove suid / gid and execute permission for 'group' and 'others'.
    
    Similar to: chmod og-ugx /path/to/filename
    
    Removing execution permission is useful to make binaries such as 'su' fail closed rather
    than fail open if suid was removed from these.
    
    Do not remove read access since no security benefit and easier to manually undo for users.
    
    chmod 744

commit 58a4e0bc7d1b87d4d169f31dc5935c75e929c0b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:12:10 2019 -0500

    dbus-daemon-launch-helper matchwhitelist

commit 15e3a2832da603f5caa9aadc6d68aaf503f013c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:57:23 2019 -0500

    comment

commit 6eb8fd257aecd84686b4d7a9824a98bace9a705e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:56:36 2019 -0500

    suid utempter/utempter matchwhitelist
    
    to cover both:
    
    /usr/lib/x86_64-linux-gnu/utempter/utempter
    /lib/x86_64-linux-gnu/utempter/utempter

commit 9409209b48fb8f803b88d72c0e7febaa74f5bd2c
Merge: 008ce48 bce02ff
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 10:29:08 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit bce02ffdc01c22c8d5528eb5eaa7729a6b3137dd
Merge: 008ce48 8f11a52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 15:26:07 2019 +0000

    Merge pull request #47 from madaidan/msr
    
    Blacklist CPU MSRs

commit 8f11a520f4c406fa3187ad530f945a564b78a28c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:54:16 2019 +0000

    Update control

commit dd93b11321e171c56affcd660c0830d6a91ad87e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:52:43 2019 +0000

    Blacklist CPU MSRs

commit 008ce4817c6ad2218af05d14626b0f2c70a6e90d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:55:03 2019 -0500

    bumped changelog version

commit d300db3cde0f7ee8e3884a1225ec1d196a318728
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:45:11 2019 -0500

    output

commit 3921846df6e21a80d87f451e89f96f5b3092dd53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:36:42 2019 -0500

    comment

commit 1213415ce649e7305af0b6c6ef2f8435caab5cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:23:35 2019 -0500

    bumped changelog version

commit 2ddf7b5db5d335d4f64d0df2c0caab0c80a2a046
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:51 2019 -0500

    /lib/ nosuid

commit 1e8457ea476a693dd1e455e4c455bf2e763cec23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:10 2019 -0500

    no longer remount /lib
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25

commit 10c19d6a8fc6b6bc03067dc3be88f486aa78d438
Merge: b2260f4 fffdf50
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 13:00:41 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit fffdf5090c707c698de4adacfd5837809b33aa99
Merge: 1c99b56 f5a52ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 17:59:56 2019 +0000

    Merge pull request #46 from madaidan/remount-secure
    
    Don't remount /sys/kernel/security

commit f5a52aeddc4742b4dbd8a0075d759b2ceaaae691
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 21 14:55:28 2019 +0000

    Don't remount /sys/kernel/security

commit b2260f48f4ab978b531d8ca9df2dc1a787b6666f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 08:03:33 2019 -0500

    add support for /etc/exec / /usr/local/etc/exec
    
    to allow enabling exec on a per VM basis

commit 1c99b56c9b99cceab6fe38580d06197dd4bcfb77
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:55 2019 -0500

    bumped changelog version

commit 161b6f6b885586cd65b8ac13b0bd113691465522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:29 2019 -0500

    readme

commit b74e5ca97244209e041f55483027365eacdf44c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:47:00 2019 -0500

    comment

commit 8fb17624bc3471a3676e76b3695179cde1ec21da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:51 2019 -0500

    comment

commit aef796a524f9156b584a7d8d203decc446c5d3b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:23 2019 -0500

    disable debugging

commit 1fe83d683f97af6730948aecce3216a51979c695
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:43:55 2019 -0500

    comment

commit 7c3da38bd53427501bcb0ac0d56bd626ce9e6adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:25 2019 -0500

    comment

commit 9050058bc2427a701095901a5bd275767437391b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:01 2019 -0500

    fix

commit 0c4db8c2b054a10554f163c31e3e626a80981c52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:38:25 2019 -0500

    bumped changelog version

commit 6b13a644df279ec3ccf3814e86233baafc0cf437
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:37:41 2019 -0500

    add /usr/lib/security-misc/permission-hardening-undo

commit af8b04b73d6d64792fc1ffb7f6b04b273c0ca7ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:58:01 2019 -0500

    rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
    rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
    
    https://github.com/Whonix/security-misc/pull/45

commit 2350e0f5d06d9625835ba1547aab0054b795c0c5
Merge: 3ea5871 efd65a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:57:10 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit efd65a3f15fc9380e2019c9d7ad0bf82adcc230d
Merge: c336bc4 c28ddf5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 11:56:31 2019 +0000

    Merge pull request #45 from madaidan/apparmor
    
    Delete apparmor profiles

commit 3ea587187e9d0a927799a66d15d163ee56a41978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:53:07 2019 -0500

    no need to exclude xorg nosuid on Debian
    
    http://forums.whonix.org/t/permission-hardening/8655/25

commit c336bc4fd229d9a6370df5520aaa4e872465de5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:39:13 2019 -0500

    comment

commit fac17a963d3dec1b399fd9b41ebebcedb7e90f43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:28:19 2019 -0500

    bumped changelog version

commit b5f88efe2072eca99c245fc60442c82a270fab8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:27:01 2019 -0500

    fix

commit 2088628c8d44306e51c8a1407caee99e5eb4ce5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:24:08 2019 -0500

    debugging

commit 2dca031527fa38a932619ed2336a5aa472a85205
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:22:46 2019 -0500

    debugging

commit 195e00cc8796d532a68f90b7c1f8f30d17f24246
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:16:38 2019 -0500

    output

commit 78d33d8b57fdef3b16e8ab5b4f6b0487d51b9657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:12:20 2019 -0500

    bumped changelog version

commit 4b21b6df4167a2a95392a39182c636bdc097bc7e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:11:44 2019 -0500

    fix

commit ff48b672a8537e65c3d0b3ccfb65fb29c2d3766c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:00:17 2019 -0500

    bumped changelog version

commit 8436da2b7b0b9d309b57ed6ab36f2042fd82f4ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:58:50 2019 -0500

    output

commit da15265e1c311be16c1dd0a8681e630548fac0e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:55:23 2019 -0500

    fix

commit 2a248fe0de1b86b416c705ecce81dcb549581d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:39 2019 -0500

    fix

commit 4f12664362fb4304ed43185ed5805f686bdeb0af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:07 2019 -0500

    output

commit e3355843c835c650d4701a2b94b93cc0040ca419
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:51:22 2019 -0500

    fix

commit 234ec5fe93c9b03c02e076621ac919f12062c4e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:47:35 2019 -0500

    fix

commit 65b5adb2d731f52533bda24eb6868d9e2968e2ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:38:39 2019 -0500

    bumped changelog version

commit 7ff900c20457ee42d415c4eddf3b08f1ac5e4461
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:37:43 2019 -0500

    fix

commit 2b5a49a61b221161f3b42d3a692d2e22df2afec2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:31:55 2019 -0500

    bumped changelog version

commit e1a5ee4bcf5ecb447ae7da0b137f81d520673cde
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:26:55 2019 -0500

    output

commit 66aaf3e22cda9bb58ab72e750a5711556cf1de25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:25:54 2019 -0500

    output

commit 7aa7d0b5a0e3b602b527131581f350b9b32fb0d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:22:27 2019 -0500

    improve error handling

commit 8919d38de9206b4802b471c2f40787a2f9d70269
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:21:46 2019 -0500

    disable debugging

commit cf5dee64fd4e1c44a8726db49b8328841ee6327f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:18:34 2019 -0500

    refactoring

commit 29cd9a0c38924fc2eb7520db886efc19541476cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:17:35 2019 -0500

    fix

commit 486027a4d75917fe2741370aa1e707b8ca14f693
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:15:38 2019 -0500

    fix

commit 1fd26be864ebd0dab8419e0b2b321522166d6271
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:51 2019 -0500

    fix

commit 0fc97c37beae5d48fed9ec714f19007f402952c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:39 2019 -0500

    fix

commit 1018d5b3b0b58a641aaca0419a06c246091932d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:51 2019 -0500

    output

commit 4388fc4d5ace9046c9eacb8354d9960599735ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:19 2019 -0500

    refactoring

commit ed20980f4c6c3fb304d8436399f5e14ead7b3ae3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:07:10 2019 -0500

    refactoring

commit 315ce86b9a66d15aea2d50f5271c228ee8bd3909
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:33:03 2019 -0500

    refactoring

commit 0c5848494b147b067afa2b70451fc7e5087823f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:21:26 2019 -0500

    do not remount if already has intended mount options

commit 203f4ad46e6a6950edd4b2a83f47ac71428928e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:17:10 2019 -0500

    refactoring

commit e7fd0dadb03e7f90adfa9ebdaf07530f02a846e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:09:35 2019 -0500

    output

commit e6ea21c7757ad732bd9bcce2c6a7a364780e1b14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:08:35 2019 -0500

    record existing modes in separate dpkg-statoverwrite databases
    
    to have a history of what was modified and to allow to undo changes

commit 89be5f2ecb998c46ff4864996cd86b97fa56d176
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 02:05:39 2019 -0500

    bumped changelog version

commit c28ddf5c4dbfd92aba9a59874f529a4afe69c497
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:31 2019 +0000

    Delete usr.lib.security-misc.pam_tally2-info

commit cfe69dd66900f7aad5311c02d2b4ee7b400fb90b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:27 2019 +0000

    Delete usr.lib.security-misc.permission-lockdown

commit d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:07:01 2019 -0500

    suid /usr/lib/chromium/chrome-sandbox whitelist

commit 77b3dd5d6b5de0070da7e71154ecbe2e099e3b7f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:02:33 2019 -0500

    comments

commit d7bd477e7379cd5d74d81e81080d375041cc3b29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:59:27 2019 -0500

    add "/usr/lib/xorg/Xorg.wrap whitelist"
    
    until this is researched
    
    https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
    https://lwn.net/Articles/590315/

commit 17e8605119fc671c4cbe4343851cf3c46b830508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:57:24 2019 -0500

    add matchwhitelist feature
    
    add "/usr/lib/virtualbox/ matchwhitelist"

commit 3fab3876693f20303c95f03c45af9adb9ae680e2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:50:35 2019 -0500

    suid /usr/bin/firejail whitelist
    
    There is a controversy about firejail but those who choose to install it
    should be able to use it.
    https://www.whonix.org/wiki/Dev/Firejail#Security

commit d3f16a5bf46a7d10316259788f3d97364fe2e545
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:47:10 2019 -0500

    sgid /usr/lib/qubes/qfile-unpacker whitelist

commit 508ec0c6fa44d9185aa22f5fa81ae9dbbefdb19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:34:07 2019 -0500

    comment

commit 1b569ea7908dcba409c94dacd477d2fbfeafe522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:32:36 2019 -0500

    comment

commit f88ca2588920ac16a6b41e8c48021bf85801c2a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:58:07 2019 -0500

    fix terminology, sguid -> sgid
    
    Thanks to @madaidan for the bug report!
    
    https://forums.whonix.org/t/permission-hardening/8655/21

commit 1cd5fb6a0020504c7897acf169772d39b67f4bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:50:25 2019 -0500

    bumped changelog version

commit ff0a26fb5d65450c0a2b5fb86758d3d823a717e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:49:19 2019 -0500

    comment

commit 71496a33ab27455d2856284d21f261dd20780dc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:47:53 2019 -0500

    skip folders are these are not suid / guid

commit 9321ecff4139f0776f93a9bd8c9606bcaf94f568
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:43:53 2019 -0500

    no more need to add/remove /

commit b95225b6a6b45b84778ba2427ae4628f102e6d05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:37:05 2019 -0500

    pipefail

commit cad6f328f40bb8b3c414e2bd6c7cb86e625f6d64
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:34:44 2019 -0500

    minor

commit 3265f9894d1c677419718de52570d304a4e69279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:27:43 2019 -0500

    output

commit 28d12c3966e3ddfadbf7d44e7c7bcdc37e1a7d25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:09:22 2019 -0500

    bumped changelog version

commit 1615ebec58b563224c7c02cd2b1f83b0954c48ca
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:07:44 2019 -0500

    output

commit 1e11b775cf1d2994f2e0da8d0191ef38eebe21a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:05:05 2019 -0500

    output

commit 731f80289566e118ba6c121c406775abc4c03bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:04:12 2019 -0500

    output

commit cd8efe58008c7b0e90ac88ac098b3fd08e75d716
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:03:22 2019 -0500

    output

commit c0ddb76d7463753e3250fc7da466fa763ef08dd5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:50:51 2019 -0500

    bumped changelog version

commit b31abea0af60874d4a48fd0da56978b0081eaef8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:49:31 2019 -0500

    improve error handling

commit 79cd3b86b6e5e186da66fd329b04fb3b42c0276e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:47:23 2019 -0500

    comment

commit b3458cc6ee368968de1510e9d05ddd3791fe5f6d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:45:59 2019 -0500

    fix checking existing entries to avoid needless calls to dpkg-statoverride

commit 370f3c5e541612021fa181e39507aa4ba8131731
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:35:05 2019 -0500

    comment

commit 133d09f2984506e0b0fd2e17a893b8d3e37b8431
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:33:16 2019 -0500

    output

commit 1ffa8e197e9ba9722d5fb2695de343df9d9db597
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:31:26 2019 -0500

    speed up setuid removal by using find with '-perm /u=s,g=s'
    
    https://forums.whonix.org/t/permission-hardening/8655/19

commit 4cfdf2c65b57f410163653304871ee3eb1d3f6ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:21:27 2019 -0500

    fix, re-enforce nosuid even if changed on the disk

commit e36868e675cbd80a36053956dbef71992cceca24
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:02:46 2019 -0500

    output

commit 50b8f65490555d9d12fd28991040c00a358b3b84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:59:28 2019 -0500

    add sanity test: count if we really processed all files

commit e28da89253f646969cdc2b0b46617bd603f917a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:48:06 2019 -0500

    /bin/sudo whitelist / /bin/bwrap whitelist

commit 55faa7b9978df52bcb98a562554473f80db1f171
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:43:23 2019 -0500

    fix missing processing files bug
    
    https://forums.whonix.org/t/permission-hardening/8655/16

commit fbe2479f486add30cd29f5c4063a140c42c502fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:54:56 2019 -0500

    count processed file system objects
    
    to be able to verify if any were "forgotten"

commit 195ea522f5a8582851792b53047185717a6f679e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:52:14 2019 -0500

    fix

commit 6f8231be70940e2afb0ec8e4a0d60bb4f166f5b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:51:55 2019 -0500

    debugging

commit ed50f98010c8b7878d518273703e00fa561e980b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:47:22 2019 -0500

    output

commit 089c40135f2a7f0da128808a27b696e36aff6821
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:15:00 2019 -0500

    bumped changelog version

commit 6d30e3b4a2c0e5cf53d88b4a033511aa49b8f227
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:13:23 2019 -0500

    do not remove suid from whitelisted binaries ever
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit d5f1bd8dd29a4f9e1ccb6fed82a255f7b7abfe6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:02:30 2019 -0500

    fix mode sanity check
    
    no longer use seq due to issue
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit ddc0eec63d744e4600f3b1b8cdf60fef6d647cbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:12:36 2019 -0500

    bumped changelog version

commit 65248a94efa4646127d8e11447e49a37f3ff986e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:06:50 2019 -0500

    readme

commit 8e112c34232b8ef88fb0c0fb19f2983de4e5a0a1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:24 2019 -0500

    description

commit 24ea70384bb6c34f283ff1e71e4f7ed34133db5f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:03 2019 -0500

    description

commit 0ae3e689b5f12101156b4be84631679c622f2e98
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:35:02 2019 -0500

    comment

commit 050f4d8b9482e1513ceccfb39394606b173fd8a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:34:37 2019 -0500

    comment

commit 36043fe5ccdbd798483096a104a40b9cc013a487
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:33:41 2019 -0500

    comment

commit fb4254547b39160c410b1f83ed56aa7653291df1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:32:04 2019 -0500

    comment

commit cca0908d9a73430fb97577fb6ae42b7416e72e6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:11:38 2019 -0500

    fix

commit e254b8b52d61432084273a3ec91bb5f4b377163f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:09:17 2019 -0500

    fix

commit 7f8b3c76de6e140b676d960004e779f9846c8cb8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:02:17 2019 -0500

    output

commit 071c64dc413c8a868866ddf699f653b371ac3b19
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:01:49 2019 -0500

    enable 'set -e'

commit b97c66707c3d3e8bb9164a35fe83974642f9652c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:59:05 2019 -0500

    minor

commit 17b4f12276349f28d9fc37944ece87fb6f7827a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:58:42 2019 -0500

    output

commit 48fe7312bf6b87a94678ed8a2eb0a01f2a88e371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:57:41 2019 -0500

    update config

commit 87d820d84cd44e427c8990cf295da7ab6890040e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:54:16 2019 -0500

    comment

commit 918cbb4e257bab0ee4bb6eb303df5e65e34b9963
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:51:25 2019 -0500

    output

commit c8cf09a4cbe7721e3d97c62785a5d25fe3f61115
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:50:16 2019 -0500

    output

commit 46466c12ad9dcc62d52dd3e887665ced6bdedf3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:49:11 2019 -0500

    parse drop-in config folder rather than only one config file

commit 66fd31189dd1c2ccc5e6fb51278b0646c5188320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:37:33 2019 -0500

    improve output if set-user-id / set-group-id is set

commit 6dd6530fa539a55feecc28cecdc812b787b555a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:32:26 2019 -0500

    remove hardening-enable
    
    please invent package security-paranoid instead
    
    https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609

commit 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:29:37 2019 -0500

    remove "/lib/ nosuid" from permission hardening
    
    Takes 1 minute to parse. No SUID binaries there by default.
    remount-secure mounts it with nosuid anyhow.
    Therefore no processing it here.

commit af0f074987b21ba4ad3f331ddaa622082d76fceb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:27:11 2019 -0500

    remount /lib with nosuid,nodev
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22

commit 7f201604779e442660c4c13798b2b48d706576ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:24:00 2019 -0500

    comment

commit a135ae94009c4f6492ed8c779ceaefcfaf19e123
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:22:59 2019 -0500

    use must manually enable permission-hardening.service
    
    until development finished

commit fa6f1e156898572513cacb1d65b042482896011a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:19:39 2019 -0500

    output

commit a26cb94bfd252f939f02ee50c76efb67dcb0235c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:49:21 2019 -0500

    globstar no longer required

commit c66e9abe18f0809df4f6b84772774431afcadd6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:57 2019 -0500

    comment

commit d1d0afff34a562d29726fbb3382ebe932e04a267
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:02 2019 -0500

    fix
    
    fso: /lib/
    usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
    
    https://forums.whonix.org/t/kernel-hardening/7296/326

commit e74d2e4f94f4cdb2f3a83f27e17e19e9e4078961
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:23:14 2019 -0500

    output

commit eb8635903379d1245c2c1c35eaf33c1a45ef514a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:20:05 2019 -0500

    refactoring

commit bb84fca184ee32f227fb5b210f9eea7afbdf75c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:08:46 2019 -0500

    refactoring

commit f92b41419558f01e7ec0ec3edba3af6a550c5911
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:06:28 2019 -0500

    refactoring

commit 4c44871e9d3070d73f298eca051ee303b01ea56c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:02:05 2019 -0500

    comment

commit 6876a2eaa87e3eead822e5f4f7d1fc53d0853ebd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:01:40 2019 -0500

    comment

commit 35c4fce61b784a4093339b64e5564d93c1f91870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:54:46 2019 -0500

    fix "dpkg-statoverride: warning: stripping trailing /"

commit 9bd9012ab17f2c3422cdab20f57e3852ae1f14de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:46:50 2019 -0500

    refactoring

commit 788a2c1ba3d35eb26440386e2c3269fb8cf4992d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:45:01 2019 -0500

    comment

commit 55933f88766f9b2fa2f284c5d0ff098e1e11b657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:43:36 2019 -0500

    refactoring

commit 9e493a9f481e03d8bd41794eee4e4efd0e39a593
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:42:09 2019 -0500

    refactoring

commit b92a690c166cf3bc97d34ae977cc0c6d2342cb86
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:40:47 2019 -0500

    refactoring

commit 98535e3a2bc5d0d54694a1ea71f3afef3f468943
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:39:25 2019 -0500

    refactoring

commit ecbba2fd61f6d182dcd51f42b579ecb50ffdbedd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:38:39 2019 -0500

    refactoring

commit 20b8a407ac5984ba621ebb0150b47067c32ddc76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:25:17 2019 -0500

    refactoring

commit 6cd9eb44fbc451a08908a9899ca114843c32edf3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:24:07 2019 -0500

    refactoring

commit 706dba104d201de4eed6886bf9570bf6851c2c3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:19:12 2019 -0500

    code simplification

commit 01dd567f8b3764ae241a4df39d54617089532b9d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:16:43 2019 -0500

    fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it

commit 4f65b0fc1e33037e86289627e1c9bcf040af86c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:13:27 2019 -0500

    refactoring

commit bfee6b60cbd799e31b75e20bc5820f65f9993899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:11:11 2019 -0500

    comment

commit d64cdc124793bda57916b2c4d73465b17ae44af6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:41 2019 -0500

    refactoring

commit 7c5c65a6c13ddf23d7324283815d653974802fd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:13 2019 -0500

    comment

commit b31d8cd3fc905b61707f77e08cff72e74f18c46b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:03:40 2019 -0500

    fix

commit c626290673d44b2a6485aeb24888f35c3782c151
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:02:26 2019 -0500

    refactoring

commit d5ff1d6f28a62f858fd0a9edf905d6727413a3c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:00:39 2019 -0500

    refactoring

commit 640ca1d24dad657f0590c98a353dc21ed18b4395
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:57:57 2019 -0500

    skip symlinks
    
    https://forums.whonix.org/t/kernel-hardening/7296/323?

commit cc8f795799e76d61b60f31e718effb88478b0fea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:47:04 2019 -0500

    comment

commit 4e5b222a081a5e8463ebe6832e7fbe68a1fb7978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:43:33 2019 -0500

    comment

commit fa895ee11ec5897eb73ce066dfe5bde337cb297c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:40:42 2019 -0500

    refactoring

commit 2c163bf4398d67730efb23d70e2f9fc41ebb0459
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:39:53 2019 -0500

    check string length of permission variable
    
    https://forums.whonix.org/t/kernel-hardening/7296/322

commit a89befd902f6976ebef303b22ee9f9cbc3a1cc23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:20:54 2019 -0500

    code simplification

commit 72812da63f60bd1955e52ac52ce583c9d9a18c95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:16:32 2019 -0500

    comment

commit 39a41cc27ba93ede21e69270b3b113a037f77064
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:14:45 2019 -0500

    refactoring

commit 2ed6452590c443d88862f12ef25dcd5acbe98de9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:12:43 2019 -0500

    downgrade to info

commit a5e55dfcfca5b15bbbdc22788e6615d080c44819
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:11:39 2019 -0500

    quotes

commit 3187cee4fba89d72f8d0c26a9987b33adc0d8faa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:10:13 2019 -0500

    output

commit 5160b4c7816ce449e0dd9cbfaae28050ef2af676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:08:05 2019 -0500

    disable xtrace

commit 27bfe95d253178790ee10f591af0d586907463d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:07:49 2019 -0500

    add echo wrapper

commit a6988f3fb8034c2f5be6d3ee6300f9e756e0dfce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:06:31 2019 -0500

    output

commit 1819577b88ae795c1a6107cf76e084859c9f6d2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:04:34 2019 -0500

    fix

commit 278c60c5a01c8dcb8a035950bd9e56ed7d1d431d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:01:36 2019 -0500

    exit non-zero if some line cannot be parsed
    
    therefore make systemd notice this
    
    therefore allow the sysadmin to notice this

commit 66bcba831317cf4810e9123b305597ee85fc94bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:58:35 2019 -0500

    improve character whitelisting

commit 8f14e808a9b27f980299ed493f1ecb85acbe1c70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:49 2019 -0500

    send error messages to stderr

commit d8c9fac2e5c8bc511f593d9a477307f8a15cf2e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:08 2019 -0500

    output

commit f19abaf6271fcd87226b9ef5ae3f1b567d96cd90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:31:37 2019 -0500

    refactoring

commit c5d1e9dda7059d18fad303128f6f09c98fe955b7
Merge: 62eb462 a20b300
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:30:31 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a20b30013f9ae229d1fe86cc5992aac474a9d8e6
Merge: 62eb462 9df7407
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:29:58 2019 +0000

    Merge pull request #44 from madaidan/permission-hardening
    
    Remove SUID bits

commit 9df74072862b31871d0aad7bed8333fc8344ffec
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:33 2019 +0000

    Remove SUID bits

commit 3c2ca0257f08f2c7fa0d0adb74345110801f9fc0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:08 2019 +0000

    Support for removing SUID bits

commit 62eb462920e8614ea904a8d3517f7592e67ecab8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:46:48 2019 -0500

    skip console_users_check for Qubes users

commit ab68182e118b8e76e2ce2a749b956cf96e3d02b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:27:51 2019 -0500

    bumped changelog version

commit 2cab38a8b3f7423f8956c72f1bf6c399ea70c495
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:24:14 2019 -0500

    readme

commit 4ca9fc592029cbd28969f1e7fe56907bc7c261cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:53:10 2019 -0500

    fix

commit f68efd53cf000b92818e6c97b4c590a2c4b73a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:52:09 2019 -0500

    remount /sys/kernel/security with nodev,nosuid[,noexec]
    
    as suggested by @madaidan
    
    http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238

commit 2c4170e6f3366709c391db396a74547d4fed9589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:47:58 2019 -0500

    description

commit 2d5ef378f36af5d2d94c342c284be4395352bc34
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:39:39 2019 -0500

    description

commit 300f010fc24846b6416501929ca24c4d80eca8d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:29:00 2019 -0500

    increase priority of pam-abort-on-locked-password-security-misc
    
    since it has its own user help output
    
    so it shows before pam tally2 info
    
    to avoid duplicate non-applicable help text

commit a10597de92c316cc32ab552865a6658b38b19f5e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:04:15 2019 -0500

    bumped changelog version

commit 729fa26eca292d60bcbeaba05d8878ff6112876e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:00:08 2019 -0500

    use pam_acccess only for /etc/pam.d/login
    remove "Allow members of group 'ssh' to login."
    remove "+:ssh:ALL EXCEPT LOCAL"

commit 22b6480bc4691e76ef155452d2b9df05c5265f68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 11:44:02 2019 -0500

    bumped changelog version

commit 88bea2a6efa8823739ba65b2f5b67cb90071ca3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:53:10 2019 -0500

    comment

commit 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:51:39 2019 -0500

    refactoring

commit d2f6ac0491f179382f4b68455d19956049e6cd23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:50:23 2019 -0500

    fix, do user/group modifications in preinst rather than postinst

commit 64ae53edb90929492e11ac81e3e18bcc8164b428
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 08:25:30 2019 -0500

    bumped changelog version

commit d80bf036f3b6b70df9208d1ca603c5602298bbf8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 03:50:43 2019 -0500

    Disable permission hardening now until development finished / tested.

commit b72eb30056e186ce13b03907fc37e8d5ebb5df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:32:05 2019 -0500

    quotes

commit c258376b7ed565d0e23963ddab56ce35892ff23f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:31:10 2019 -0500

    use read (built-in) rather than awk (external)

commit 02165201ab850e32c9f9ad5c4f46cb26dd71dddb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:23:43 2019 -0500

    read -r; refactoring
    
    as per https://mywiki.wooledge.org/BashFAQ/001

commit 7467252122cb2e7600ce5ab3dce9dac2aa7a0676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:22:16 2019 -0500

    quotes

commit 9bea9960173cf06dcbc0aefa2fb3b10df1f84c69
Merge: 6f94423 af62da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:21:47 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit af62da34457a56fee43a6003036a3bb387b23b32
Merge: 6f94423 d7e2dea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 20:45:16 2019 +0000

    Merge pull request #42 from madaidan/permission-hardening
    
    File permission hardening

commit d7e2deae9250abd79ab83c2025b98476dde710d3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:54 2019 +0000

    Create permission-hardening.service

commit 6c564f6e9549462412299fd5b2f7e303409c5dad
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:11 2019 +0000

    Create permission-hardening.conf

commit 61e19fa5f1343554e9a213a1a9762cef4707ab3d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:49:28 2019 +0000

    Create permission-hardening

commit 6f944234a988b226942832473a5a6825006dcac9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:26:29 2019 -0500

    bumped changelog version

commit e64741c01e94849f7ad57231a106e45c4fe3dc65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:25:19 2019 -0500

    readme

commit c192644ee328ff8d5d244d10c082b3a871b151b1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:21:35 2019 -0500

    security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed.
    
    Thereby fix apparmor issue.
    
    > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
    > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    
    It is no longer required, because...
    
    existing linux user accounts:
    
    * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`.
    
    new linux user accounts (created at first boot):
    
    * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.

commit edcc2de71dea9cf2f94ec008d2817a0cdfdf5b7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:38:33 2019 -0500

    bumped changelog version

commit 1227ccd1f7aa8d96f70d6c5fa20aa985435ca89c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:37:53 2019 -0500

    After=qubes-sysinit.service

commit 17d81d0083b05316515461154473c8a5d769b776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:27:01 2019 -0500

    bumped changelog version

commit ebae9eef38035a75c8aa3281735eab79ed6f4c46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:25:19 2019 -0500

    skip sudo_users_check in Qubes
    
    Qubes users can use dom0 to get a root terminal emulator.
    
    For example:
    qvm-run -u root debian-10 xterm

commit 53e4717c629039104f45a1da8251e3dd1b5e3baa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:05:29 2019 -0500

    bumped changelog version

commit bc45ed385e5a2b1b53f81915698e1176359dedf7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:03:02 2019 -0500

    readme

commit ac96708b243a766d65e39a037bcf142e526a2382
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:01:11 2019 -0500

    improve usr/bin/hardening-enable

commit a345a0fb64f7b8421356b913730284b0e6e3e953
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:27:12 2019 -0500

    abort installation if ssh.service is enabled but no user is member of group ssh

commit 50ac03363f6074cc88b6a7c965a822335624924c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:18:32 2019 -0500

    output

commit c7c65fe4e7a1fb73921a1b8de25662ff2a21e2a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:15:53 2019 -0500

    higher priority usr/share/pam-configs/tally2-security-misc
    
    so it can give info before pam stack gets aborted by other pam modules

commit 3bd0b3f837d5ad8c87e59b99c6baef1e2c74507b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:10:41 2019 -0500

    notify when attempting to use ssh but user is member of group ssh

commit cea598dc1a96245c4ccd00646e9790f3c9635ffe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:43:05 2019 -0500

    refactoring

commit 54f5e02c2192a1cd6a30bc04abd77b177b1953c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:42:30 2019 -0500

    comment

commit b4265195f4823618c60274458f885ef61c2452e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:41:36 2019 -0500

    refactoring

commit 0f65b2e85c74a379d8ec5321b13e7e332d8eaaa3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:38:19 2019 -0500

    abort installation if no user is a member of group "console"; output
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7

commit 1dbca1ea2d80ff7f60a0f426b444994d6bd97d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:27:09 2019 -0500

    add usr/bin/hardening-enable

commit 19cc6d7555364c5d2ee548899679c153e1555a20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:10:43 2019 -0500

    pam description

commit 24423b42f0dc23704bddbb0f205ad3115e77d90f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:03:05 2019 -0500

    description

commit 6b01e5be149f9126308404e6a32931efb3bac277
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:01:22 2019 -0500

    comment

commit 66bebefc9fa26341c41847f35f26e16df3ce0a37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:00:23 2019 -0500

    description

commit 52e0f104cc6edf1fe0953ca815445c351f813812
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:59:55 2019 -0500

    comment

commit 731d486fa061756b129188959230cb8bf1d78fae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:58 2019 -0500

    refactoring

commit 221a2df2a2621b1d3f391ee3265af7d4f35e1b2b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:37 2019 -0500

    refactoring

commit b871421a542af37771dbe56f09cc16472aa691c7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:57:43 2019 -0500

    usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc

commit d36669596f4c71ce885e46fce66fffc7a7443d27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:56:30 2019 -0500

    comment

commit 1a0f353708832217b9bc5e3ecd044605de6adca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:47:40 2019 -0500

    comment

commit eed1f0a4620d7db5933fb29189328c934db50d9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:46:32 2019 -0500

    comment

commit 2491b6239319c52221f6c58fcfa1c3a247a9ee30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:43:45 2019 -0500

    refactoring, add all groups first before adding any users to any groups

commit 1464f01d191ee4e01ed2ec94f4faf8d17ec62b03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:30:42 2019 -0500

    description

commit 491dd4d93d133ca23eaf5c501b7ab3d3bbf52a27
Merge: 9432d16 a78a7e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:22:16 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a78a7e5571b178cbf4cddd065306d130431bc185
Merge: 373e873 6846a94
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 06:21:44 2019 +0000

    Merge pull request #41 from madaidan/system.map
    
    Check for more locations of System.map

commit 6846a943277c5ad9049cbf3e21fcd739c316cf44
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 19:38:12 2019 +0000

    Check for more locations of System.map

commit 9432d1637866087bcc2f1bf0837535a10f96faeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 12:13:42 2019 -0500

    /usr/bin/cat mrix,

commit 373e8733d37cb795c7c48642346b0b6dc6dce30c
Merge: c1800b1 447eb14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:34:42 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 447eb144325a532b0aaf7ce772d5a04005b2af1f
Merge: c1800b1 668b642
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 16:34:21 2019 +0000

    Merge pull request #40 from madaidan/system.map
    
    Remove hyphen from remove-system.map

commit c1800b13fe33a1c129dcb30c51dbead7f894b818
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:26:39 2019 -0500

    separate group "ssh" for incoming ssh console permission
    
    Thanks to @madaidan
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16

commit 668b6420de8024fdeaf948f1750beb8b62d9ffb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 14:15:02 2019 +0000

    Remove hyphen

commit 55225aa30e78e9a988527ed2da2019dc0a0b2631
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:16:07 2019 -0500

    description

commit 34a2bc16c85b06e1eccb2f72da89e198184ba72c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:15:58 2019 -0500

    description

commit d823f06c7858c1380325e3dbbbcfb1854fa64309
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:13:42 2019 -0500

    description

commit 9ba84f34c68263e5151d5b54264c1edb90603424
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:59 2019 -0500

    comment

commit dc1dfc8c20218a5ca986f49dc96cbfc71d50533e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:16 2019 -0500

    output

commit 8636d2f62995947620fbbd76fc653aab89dda7eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:10 2019 -0500

    add securetty

commit 532a1525c2350a634b14a84d94997b8db81243a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:55 2019 -0500

    comment

commit 14aa6c50774786890686fee2a6d6eed49dadcac1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:23 2019 -0500

    comment

commit 8b3f5a555ba04bb1d2e6bafb8345782aae875a51
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:25:45 2019 -0500

    add console lockdown to pam info output

commit 021b06dac95dd742952446e9ff455305c7d2b09b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:04:45 2019 -0500

    add hvc0 to hvc9

commit 8a59662a44ea46c5ba86be82ec2bc43e912c79be
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:02:45 2019 -0500

    comment

commit 090ddbe96a48424e0e3f187b917e023f9b710798
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:00:41 2019 -0500

    description

commit cda67247557ce2028017ba4e6e8824c2ae2f5118
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:56:57 2019 -0500

    add pts/0 to pts/9

commit 218cbddba9b053eac4ecb486ea7fbc9e160f18c6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:52:06 2019 -0500

    comment

commit 6479c883bf04464b299ce42185df2429f7b5cab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:40:20 2019 -0500

    Console Lockdown.
    
    Allow members of group 'console' to use tty1 to tty7. Everyone else except
    members of group 'console-unrestricted' are restricted from using console
    using ancient, unpopular login methods such as using /bin/login over networks,
    which might be exploitable. (CVE-2001-0797)
    
    Not enabled by default in this package since this package does not know which
    users shall be added to group 'console'.
    
    In new Whonix builds, user 'user" will be added to group 'console' and
    pam console-lockdown enabled by package anon-base-files.
    
    /usr/share/pam-configs/console-lockdown
    
    /etc/security/access-security-misc.conf
    
    https://forums.whonix.org/t/etc-security-hardening/8592

commit 52934c9288a596b233c1ce3b5f68a29248602c96
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:32 2019 -0500

    bumped changelog version

commit 6faa977cd73efd90809c7034d15102095adcfe63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:06 2019 -0500

    readme

commit 6d92d03b31c8251d3df72aab5e9dfa3327feed1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:54:50 2019 -0500

    description

commit 5a4eda0d05bc57680e3f3df2b84471f5f16b8356
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:53:33 2019 -0500

    also support /usr/local/etc/remount-disable and /usr/local/etc/noexec

commit 0afcc5e798823f4ed3eff2d5f94b3d3fe8ad5069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:43:21 2019 -0500

    bumped changelog version

commit 2954dcbccfb2990e95056d20fc9b279569dcacee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:24:55 2019 -0500

    minor

commit f3647e74787483f0d8076de742cc6f36645f1396
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:18:18 2019 -0500

    RemainAfterExit=yes

commit af0cf058e7ad5b26c708b1013d8ca8dc172a15e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:18:20 2019 -0500

    bumped changelog version

commit 9b14f24d5e24ac4a6facb20d4fd436f35bed305f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:17:32 2019 -0500

    refactoring

commit a6133f59125db7482c3f56110ce6ba1a17d15e09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:16:43 2019 -0500

    output

commit c1ea35e2ef54119d940b225da41c87e6db32981e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:54 2019 -0500

    output

commit 4bec41379d2baaa81930395ff2329ff42f10ff13
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:13 2019 -0500

    fix remount with noexec if /etc/noexec exists

commit bff425fec2adc3c80fee50466ef81bec19c237cf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:32:18 2019 -0500

    bumped changelog version

commit b22289f2a8e77ccd9a693871612b61842b1f48c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:30:05 2019 -0500

    readme

commit 470cad6e9176f57d33b038640b20443c3fa971fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 05:14:02 2019 -0500

    remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707

commit 8cf5ed990a3940c108d661c6c169b5720b1459d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:52:24 2019 -0500

    comment

commit 19add3299c9215d05208e3c2e748527bf87e66b5
Merge: 0c25a96 9679292
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:46:19 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 96792928787c1c129a964bd81e97450d2edb29a6
Merge: 0c25a96 af9e19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 20:33:47 2019 +0000

    Merge pull request #39 from madaidan/rp_filter
    
    Enable reverse path filtering

commit af9e19c51f256504c5c2206e31da1911872b6ef8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:14:55 2019 +0000

    Update control

commit 30289c68c24a8aa2ce5f336b79f92cffb7aa98c7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:13:10 2019 +0000

    Enable reverse path filtering

commit 0c25a96b59b5bb55c04c88015eb8b50d79815a23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 02:18:32 2019 -0500

    description / comments

commit d26ba05c4776cdff0750b872f3da70fd25fca1f4
Merge: 6ca48ff 73c6410
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 01:52:04 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 73c6410a0e1e6e56529ba8ea98681867bd8acb37
Merge: 6ca48ff 8d63da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 06:51:31 2019 +0000

    Merge pull request #38 from madaidan/distrust-cpu
    
    Distrust the CPU for initial entropy

commit 8d63da3cef6e114deaa6943ea9a633d6620a974b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:46:12 2019 +0000

    Update control

commit 5da2a27bf064d6efefd0d0ba8041e85c4941d3a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:43:00 2019 +0000

    Distrust the CPU for initial entropy

commit 6ca48fffdcab8665d75584435dd6a24d6b881347
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:22:41 2019 -0500

    bumped changelog version

commit ab696f557140fca19c09ac08ba61e9ce55947ed8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:05:39 2019 -0500

    readme

commit 25aed91eb167a092ece06a9aa4ab56fea165073e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:20:46 2019 -0500

    description

commit 0c4e5df3e0214c10390b672645d9f80ef4457392
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:18:05 2019 -0500

    description

commit 5ac2a6f9ac53f75256c655d329149bccd2d9aa37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:17:32 2019 -0500

    description

commit ff3412fbe06476cb295dfd9d61b26694f289d389
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 27 10:22:31 2019 -0500

    fix, make sure to undo pam changes on package removal
    
    Thanks to minimal for the bug report!
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11

commit 62b924eea7d50f58649e089ff9cf8d73075cac63
Merge: 9091f69 ba02dcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 13:00:36 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit ba02dcb267a95d332bd01bb3fc725e051ccb3246
Merge: 9091f69 d9d6d07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 18:00:11 2019 +0000

    Merge pull request #37 from madaidan/apparmor-fixes
    
    Fix permission-lockdown

commit d9d6d0771433700f49c4ddf156a0b5bc7098d94b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Nov 26 17:12:12 2019 +0000

    /dev/pts/[0-9]* rw,

commit 9091f69eddb76059995e2f44734437746a3fd108
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:51:36 2019 +0000

    bumped changelog version

commit 57ce06c0ebaa1e451c39b85c8db27babed4b149e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:41:45 2019 +0000

    readme

commit aa5451c8cda02e6df3dc089bf813e6acd9878a59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 01:39:53 2019 -0500

    Lock user accounts after 50 rather than 100 failed login attempts.
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19

commit 6277db1383451822769948bbebac31f719e98e74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:07:45 2019 +0000

    bumped changelog version

commit 6a6a638ef01d337da137dc04bcff984f7a36f425
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:06:28 2019 +0000

    readme

commit fe1f1b73a77d11c136cedcdb3efcb57f4c68c6af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 11:20:32 2019 +0000

    load jitterentropy_rng kernel module for better entropy collection
    
    https://www.whonix.org/wiki/Dev/Entropy
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
    
    https://forums.whonix.org/t/jitterentropy-rngd/7204

commit d32024a3da3cdfbb07f61dd3e9a52535e747de6b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 05:53:19 2019 -0500

    /usr/sbin/pam_tally2 mrix,
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152

commit 03e80238477bef26cf14a86a136d2ab688c87d08
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 14:11:30 2019 -0500

    output

commit e76e1475b0009451b930061bff553684b6490d33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 12:24:35 2019 -0500

    comment

commit a99dfd067ac8a43bdcd779cf57b3533bdaa404fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:31:55 2019 +0000

    bumped changelog version

commit 81e4f580af1ea12e79e387d4977771f37c50e7c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:29:02 2019 +0000

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix,

commit 8ad8dbea5a5c0bacd03cefb66ad8a1989e1cb0fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 18 19:16:16 2019 +0000

    bumped changelog version

commit 9a20b85fe16584dda909fd5f1aa6bbb62d06bcf0
Merge: 477d476 2b17c0f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 11:20:17 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 2b17c0f3e4dcd7cb9f2239da649b4a885c27e7cf
Merge: 477d476 e92022a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 16:19:55 2019 +0000

    Merge pull request #36 from madaidan/hidepid-fix
    
    Remove proc-hidepid systemd sandboxing

commit e92022a21cbe2df76026b36482f5c71e3471b344
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Nov 16 14:56:28 2019 +0000

    Remove systemd sandboxing

commit 477d476bb1a7507951c2c04622056de5a8d41a56
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:29:44 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include <abstractions/base>'

commit 11dc23bf082cb0579b5a4a1bc5788ec0b5140973
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:28:32 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include <abstractions/base>'

commit d1d61b106b54a360ca71bb506e2410ac70ea07ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 18:44:50 2019 +0000

    bumped changelog version

commit 9f2932faab4be91528f3404fcbace7012040dac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 13:32:21 2019 -0500

    /usr/bin/id rix,

commit 6b7df973f621dc9cbe107ee5d709600005f49e65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:57:45 2019 +0000

    bumped changelog version

commit 2e73c053b561eb2ffcd815cba8006da810b02184
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:55:00 2019 +0000

    fix lintian warning

commit 6e28774f95414c5660b76fca3696710beb2affa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:23:15 2019 +0000

    bumped changelog version

commit 94d40c68d4292c0c399c3b12e1af76cb89e7f436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 10:02:55 2019 -0500

    do not set kernel boot parameter page_poison=1 in Qubes since does not work
    
    https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012

commit f57702c1589047f5d0eff7a7bdffb928117532f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 09:55:43 2019 -0500

    comments; copyright

commit 74293bcd2f2670abf3e62ac8dad54d9f4e545bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:25 2019 -0500

    output

commit 2b5b06b602f9537c9a5473651cd1a16a4e16e5ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:19 2019 -0500

    output

commit d6977becbaf644cdc98c081b3c3e3fd366c4072d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:51:14 2019 -0500

    refactoring

commit daf00067953a61d749a07a0e0b4ec7cd397e4c39
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:50:27 2019 -0500

    comment

commit 78defc4d0bedf4a727d617f3de0294d9f59e3aa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:34:31 2019 -0500

    add /var/cache/security-misc/state-files/placeholder file
    
    to make sure folder already exists to avoid AppArmor issue
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76

commit 7c0ec7e50797c0da719f389e61445ff7d8e252b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:23:40 2019 -0500

    readme

commit b55c2fd62e200f96bd552445ad4c517d6a0aee92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 02:50:51 2019 -0500

    Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird
    to make phising attacks more difficult. Fixing URL not showing real Domain
    Name (Homograph attack).
    
    https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415

commit bf62306d4fc3b3168204254ca354028a1fe857a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:34:35 2019 +0000

    bumped changelog version

commit e1375802eb1521eb0bc9089f2ab12056fa326f17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:32:28 2019 +0000

    apparmor fix
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67

commit 6e5d8b357d977991953e153d618dbdda2b05c0e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:06:51 2019 +0000

    bumped changelog version

commit 203d5cfa6845e23d73ff3790019bac9579f3524b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 11:19:44 2019 -0400

    copyright

commit f001250ae61789bef7b2b19d5c40831273b0acca
Merge: d832ab9 5a3cbe8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 10:31:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5a3cbe81000c3a9bbc69ba03c944c6c5ae9115bf
Merge: d832ab9 0e49bdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 14:30:45 2019 +0000

    Merge pull request #35 from madaidan/apparmor
    
    Apparmor profiles

commit 0e49bdc45f6c94b3f6c2874fd48a6b1c75519790
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:14 2019 +0000

    Licensing

commit 5d5ad92638ea0ca079bbf8bb03201e8d5c030b1c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:05 2019 +0000

    Licensing

commit 0699747fcb6d79ba6abeccdba99c3bc032c615c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:24:37 2019 +0000

    Debian packaging

commit fe4e29d392ed8db5571d69b10ef0f8a24eec1829
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:22:47 2019 +0000

    Depend on dh-apparmor

commit 1b8b3610b17ae31bc81c3827cea24bd09822a0e3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:59 2019 +0000

    Create usr.lib.security-misc.pam_tally2-info

commit 29b05546e4248bdf95b62ea356bd98767e3a59b0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:08 2019 +0000

    Create usr.lib.security-misc.permission-lockdown

commit d832ab91bdd9cdbf2a9c3bbee39351082a59f759
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 23 10:22:03 2019 +0000

    bumped changelog version

commit bce5274a15e4d34907c2f65b9811dd44705c120e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:22:29 2019 -0400

    quotes fix

commit e20b9e21334ef9e16e1fd147fec4ff33f0721d4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:08:18 2019 -0400

    better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo

commit d4e02de43a068a22a9fd1b15c4d2b314baf97283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:04:44 2019 -0400

    set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass

commit 1a65a91039276f73c68feb5c19b1a3dd86b07cbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:56:05 2019 -0400

    long rather than short option

commit b55913637bb66b3c1e9fcab3d1576cb1325419ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:48 2019 -0400

    silence output by mount/grep

commit a1154170c9f65011ae1a9da51ea1d797381853a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:17 2019 -0400

    Call original pkexec in case there are no arguments.

commit 9c8f678cb935d5d63b238d4641bde84c5495127b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:41 2019 +0000

    bumped changelog version

commit 1e4d0ea1d072c193281ac176592108c88e80bad0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:05 2019 +0000

    fix lintian warning

commit 343d9cc9169dd3e0b4afebaeaa43d0051cbb5e37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:53:55 2019 +0000

    fix

commit 2d436f36021d1148862ff5e2db62577580761bf6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:36 2019 +0000

    bumped changelog version

commit af3f42dabf708b6f6e2c4e2595d6af496b520372
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:12 2019 +0000

    readme

commit 40707e70dbbf74e5ee3cd25bd2737f880d4bca5c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 05:46:49 2019 -0400

    Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
    
    https://forums.whonix.org/t/cannot-use-pkexec/8129
    
    Thanks to AnonymousUser for the bug report!

commit 31b771ac2e1cd692851f0d58191c3147d4a09335
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:43 2019 +0000

    bumped changelog version

commit 2613525b945c98c676a919cb4a9d54b90e51cbbf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:19 2019 +0000

    readme

commit 957deac5cb1e3fdf54990bad21c502388af2407e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:38:25 2019 +0000

    fix lintian warning
    
    W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19

commit d301e7f3653bdb4b56c42deab9d0566ff1b27380
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:36:44 2019 +0000

    description, fix lintian warning

commit ce6b64a9baba3763f2137c81c1e022c4e6344d3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:55:07 2019 +0000

    bumped changelog version

commit 20b7faa61fb7c425f15492fd8aaa67e4fe06a6d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:54:43 2019 +0000

    readme

commit c9d75ef9ea76fee0cff882143f289d9662826330
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:46:47 2019 -0400

    abort installation if no user is part of group sudo
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
    
    Thanks to minimal for the bug report!

commit a5045dc26e3b7d6acd6ae2c5727920824f992cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:18:32 2019 -0400

    set -e

commit 0b8725306f2c603c28ab78be7000df25ca2ea430
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:13:44 2019 -0400

    renamed:    etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf

commit 4aba02756680eb5e0dac9d84ba434edd735c68c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:12:36 2019 -0400

    syntax check

commit 8b9aa8841a67adb9b3b64a1d43022e950768bc42
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:11:01 2019 -0400

    fix

commit cfbd77040a51b68dc6e3c1f8f82861cfc4b6e761
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:10:29 2019 -0400

    set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
    does not exist or is empty

commit b05663c5f65f59ce652995c403feb9b4e088b4ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:55 2019 -0400

    shuffle
    
    https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80

commit 28a440091dd98fd4f3284cce01d692c08aa96bf1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:16 2019 -0400

    code simplification

commit 3c4e261c20ce7cab51ad9b6596db09e009efbdeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:05:23 2019 -0400

    remove trailing spaces

commit c8e0303d6d59e3303c0582ff8ab2664762199c81
Merge: 4b1b3b7 8a42c5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:04:34 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8a42c5b02387da454ff5661057be88a7c6fe9d9c
Merge: 994ca02 61f7423
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 09:59:12 2019 +0000

    Merge pull request #34 from madaidan/whitelist
    
    Add a whitelist for /sys and /proc/cpuinfo

commit 994ca024c24cf80075b2f03bc65475a5d9980d94
Merge: 4b1b3b7 259b1f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:19:46 2019 +0000

    Merge pull request #33 from madaidan/documentation
    
    Improve documentation

commit 61f742304d26e73df8433bd6fa03d33d39e39625
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:46:59 2019 +0000

    return 0

commit 259b1f2c71ec4566011a148e5bc703a41f0ebd90
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:21:24 2019 +0000

    Update control

commit ffba0e017940d2be08c1e37514d396ac39f55e35
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:04:15 2019 +0000

    Elaborate

commit 4f5b7816ecda6375b051c75a3b0aff93519b4a66
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:01:49 2019 +0000

    Elaborate

commit 99a762d3dc6ecbdb160b7840081848444b56c3fa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:53:04 2019 +0000

    KASLR is different from ASLR

commit a14a2854c6e72f2b4b3e5c8d02b63a46c3179a00
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:52:14 2019 +0000

    Elaborate

commit f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 15:39:23 2019 +0000

    Restrict sysfs/cpuinfo if the whitelist is disabled

commit af607d5eb233d85d493d796afde76728f0e0e3cd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:02:03 2019 +0000

    Create sysfs and cpuinfo groups

commit 42c1701d5ca446da37a493b27c125b78bd8d183d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:00:03 2019 +0000

    Whitelist user@.service

commit a47a2fca8bcdf8ff480cea879720b9599c491358
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:58:58 2019 +0000

    Create 30_whitelist.conf

commit 6b78dbcd07a9d2361c5ab41f5151e24a80309e13
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:57:02 2019 +0000

    Add way to whitelist things

commit 4b1b3b7d6675adbde57d9cf5cbcc880f95199ef1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:23:01 2019 +0000

    bumped changelog version

commit c19964360a6d42e73e5d2f3b90afd5f676933d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:10:08 2019 +0000

    readme

commit c22738be027f69391a4ac40ce85bfacf35ff1742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:45 2019 +0000

    comments

commit 75f36bc2c9bf5c50061f05198c504d84b128e5da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:07 2019 +0000

    comments

commit e92a8a69665f982e8b5a37f7081fa75197cde828
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:24:02 2019 +0000

    comments

commit 60c044a9d669dd816ff473f19e19b87f87cc9008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 05:30:56 2019 +0000

    copyright / comments

commit cd2135ff82de82278eaa680d30bea2fe68f94f52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Oct 6 10:18:24 2019 +0000

    comments

commit 8b4f2befd46d4db4d2a83d9e79ebcf9abf98fd02
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:15:34 2019 +0000

    comment out sack by default
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick

commit 02096f8d7c7ee1f61285cf96564616f2828aa6c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:13:46 2019 +0000

    Revert "undo Disabling TCP SACK, DSACK, FACK"
    
    This reverts commit 5fb4eb8e561e7c37cea977072944501fc32ee883.

commit 62a0239207ee355e3d07e0097c963a0ded496e76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 11:33:15 2019 +0000

    bumped changelog version

commit 54b83ae44dbda76b9b2696488194b53612bfc377
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:20:18 2019 -0400

    readme

commit 5fb4eb8e561e7c37cea977072944501fc32ee883
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:00:47 2019 -0400

    undo Disabling TCP SACK, DSACK, FACK
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5

commit c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991
Merge: 213aef6 a33851a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 06:58:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a33851a3c99a5eb9021d2d28b3164ed10025fbd9
Merge: 213aef6 d0c6bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 10:58:08 2019 +0000

    Merge pull request #32 from madaidan/disable-dsack-fack
    
    Disable TCP DSACK and FACK

commit 213aef6eb9288efffe9fb0458f0aa8a44a6dafa6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:40:26 2019 +0000

    bumped changelog version

commit aaebb32b668f4447c011f4e150f959c8d0e1ce09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:39:05 2019 +0000

    readme

commit c87fc75f2a7d6ed38362729d27030f83b08292d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:36:21 2019 +0000

    fix, run remove-system-map.service during sysinit.target

commit 25b674678472623c06d948f4cbb967f360ba15f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:54 2019 +0000

    fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target

commit d2bc3a2a08a00c68f05ed99caf16aad0b1e11ea4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:41 2019 +0000

    chmod +x usr/lib/security-misc/hide-hardware-info

commit ffe0d62c8148ec60f7528002e988b969ebb868ca
Merge: ddc778b 7bcf73d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 04:49:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 7bcf73deaa1c77f9c650d8844ad94d24e38746fd
Merge: ddc778b 7345287
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 08:46:21 2019 +0000

    Merge pull request #31 from madaidan/hide-hardware-info
    
    Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root

commit d0c6bb1e9064ffdf45f7ac606f708c3f5e7dc247
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:35:54 2019 +0000

    Disable TCP DSACK and FACK

commit 7345287560bc701f8b4aead985238d66104b228c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:32:52 2019 +0000

    Use sysinit.target instead

commit e06eeec6788a46a28682b2c83f1de9f83eacf3bd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:42:06 2019 +0000

    Disable hide-hardware-info.service by default

commit 87917d2f03d5e510f4e2cbdbea2a7692146e820b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:38:07 2019 +0000

    Add licensing

commit b06ab912c04d3d8746afa7492d0c3bb17bf71932
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:37:29 2019 +0000

    Add licensing

commit ec5fcf813b80347e5d8aa55dbd5d77860e62ccc6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:50:48 2019 +0000

    Update control

commit ce97e5ed8203809619d8fdf630242712c188cede
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:29 2019 +0000

    Create hide-hardware-info.service

commit 9449f5017a6feff7e70d625d54d75d514ed2e596
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:14 2019 +0000

    Create hide-hardware-info

commit ddc778b45281b9f7f42496ffbd4f2137d6fa9d5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:34:11 2019 +0000

    bumped changelog version

commit 75258843e9d4da9b0be7aec42528e093e0861992
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:43 2019 +0000

    copyright

commit 8e39cea876a8ff9ca496b9230dd13e4201f1e2f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:25 2019 +0000

    comment

commit bac462f2112d0290cad82717e1efed19c8fafac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:02 2019 +0000

    comment

commit bec680d4f3ccc406c5d8c5a67d7957be04f6a0de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 12:30:23 2019 +0000

    pam_tally2-info: fix, do nothing when started as user "user"
    
    xscreensaver runs as user "user", therefore pam_tally2 cannot function.
    xscreensaver has its own failed login counter.
    
    as user "user"
    /sbin/pam_tally2 -u user
    pam_tally2: Error opening /var/log/tallylog for update: Permission denied
    /sbin/pam_tally2: Authentication error
    
    https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698

commit c2e444479cf723a7ddb3c51cd6394795daba108e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:08:13 2019 +0000

    bumped changelog version

commit c9425a1404af73bf5d92fd7d1665130335d9e789
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:07:50 2019 +0000

    readme

commit 619550da2393dfe683be827a51d4390b6280ace1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:00:24 2019 +0000

    description

commit b95b66e42986a359835127d6c56aabb1e9d9008f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:56:37 2019 +0000

    description

commit ae804a15e73a4a8b9ef3b605e3fca7ba24e135a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:21:02 2019 +0000

    description

commit 3d187dab99cd6d0a2906e73c86e0dd8c94cbc648
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 12 12:50:42 2019 +0000

    bumped changelog version

commit f13a73e569e6adacd38aaa59f4484919a3896359
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:35:42 2019 -0400

    undo SysRq restrictions
    
    https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079

commit fbd1a5bde922be9c571d54567c977618e2c4bfc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:23:00 2019 -0400

    hidepid before sysinit.target

commit 1f75a1065049a1c75e0cb597f2bcc1a8e0eca93b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 12:10:24 2019 +0000

    bumped changelog version

commit 1b4391417619a51cfe22d9eee21d9fa644d145b6
Merge: 9d875d7 d0b3bc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:36 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit d0b3bc7d3da6a4e3a04adb85cc5c7aa6c22bb466
Merge: 9d875d7 60db7e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:19 2019 +0000

    Merge pull request #30 from madaidan/patch-23
    
    fix typo

commit 60db7e6294ab405a862c1cbc62140c9e89208b25
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Sep 7 20:08:56 2019 +0000

    fix typo

commit 9d875d7c31b4cd15873709c57ebb338d89477ab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:11:32 2019 +0000

    bumped changelog version

commit b3103b1ba8a1b8d7718ee167230dc938bc8b64b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:10:35 2019 +0000

    readme

commit 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:47:34 2019 +0000

    blacklist modules with /bin/false rather than /bin/true to fail with error
    
    message rather than failing without notification

commit 8132052ce01215a98cb4464e5f78d75349e77b10
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:44:23 2019 +0000

    run update-grub from postinst so /etc/default/grub.d changes take effect

commit 661bcd8603425934188cf139f33e20675ff4b765
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:39:56 2019 +0000

    allow loading unsigned modules due to issues
    
    https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23

commit 9ee9309f542472a8c8045df44573a5ec38e32a90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:04:57 2019 +0000

    bumped changelog version

commit ea0779e42aa8416c142eb3d37f8cede42794e0f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:00:20 2019 +0000

    rm_conffile /etc/sudoers.d/umask-security-misc

commit 3a9939dccbea16408e8ba1c739748234bde68d89
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:40 2019 +0000

    bumped changelog version

commit 51705c201bd9959a77a53201e492100b751d0508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:17 2019 +0000

    readme

commit 5960c1682a5177355147fce67c383ce6f861d60c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:46:22 2019 +0000

    description

commit fccfacfdafd197951e5a9598b9fb47309021ec84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:45:54 2019 +0000

    description

commit cb8170fd800816c2f6123cd67819340da8f51551
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:44:56 2019 +0000

    comment

commit ccdbc52b82993f0078c16ba99248eb4569539344
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:43:55 2019 +0000

    comment

commit 051856bc8e587250d9b6936661d8f05d965c3e59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:42:38 2019 +0000

    remove trailing space

commit 610d3488e9d4372c442eeb33c57a4a791c48267b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:33:06 2019 +0000

    bumped changelog version

commit b15becd48d3437b8a3965b84d5cdb80012fe32e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:32:42 2019 +0000

    readme

commit 0e20e33d1629e532e77e1f3e21b546ea125f28b0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:31:57 2019 -0400

    description

commit 0b3dcef13d6462d9586908a91ff4d976070b26a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:30:40 2019 -0400

    description

commit f2e5883b4c72118d00f77e4dfc3187e5d9bf6391
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:29:48 2019 -0400

    description

commit a4913ae092e26af4368e0f493b8b79d11329eb18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:28:43 2019 -0400

    description

commit a2aeb401a25f3576b8ed95b62fd47edad8e61e2c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 13:44:37 2019 +0000

    bumped changelog version

commit 3a5bdddf5c790829252ff7d5443a3d4d3b9218d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 08:43:46 2019 -0400

    depend on adduser

commit 8bbebf64cff87ce37a100a1da74cfd0e811ed571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:41:27 2019 +0000

    bumped changelog version

commit 07cba361ed663672de3d0263e8262c61b4d43b4e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:39:56 2019 +0000

    readme

commit 0ae5c5ff14c308ff5307926fbe6d93f44e1c7615
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 12:14:22 2019 -0400

    remove umask changes since these are causing issues are are not needed anymore
    
    thanks to home folder permission lockdown
    
    https://forums.whonix.org/t/change-default-umask/7416/45

commit 41c4682280b7bc8e700d9ed41b55e464c0511b69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:57:12 2019 +0000

    bumped changelog version

commit e77260fd9cab49f85d5790188485dce7f9eeee23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:53:55 2019 +0000

    readme

commit 793c9b6801ffda5d75d389b8e7a2a6d140d8d382
Merge: a74b983 44d62e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:48:23 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a74b983283e9aa1662cd6be87148184f380fa297
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:46:59 2019 +0000

    remove LLC - IEEE 802.2 from blacklist
    
    since required by KVM
    
    https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
    
    https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22
    
    https://github.com/Whonix/security-misc/pull/29

commit 44d62e05b5a60a3d45afd829fb67970afa7678b7
Merge: 0140df8 a8b6281
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:45:52 2019 +0000

    Merge pull request #29 from onions-knight/patch-1
    
    Update uncommon-network-protocols.conf

commit a8b62811199b6c4e5d86439cd0fc9e9c18dc027b
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
Date:   Mon Aug 19 11:30:57 2019 +0000

    Update uncommon-network-protocols.conf
    
    Removing llc from blacklisted network protocols as it is needed by KVM for networking.
    See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107

commit 0140df866839d4f02ba5988eec8c72a71136482a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:43:28 2019 +0000

    virusforget

commit 113ab4256861edc068ea09b2d8fb96355cb71867
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:31:23 2019 +0000

    virusforget

commit 416906d4f9ad522a65d8847c9d03f4497bbd898f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:19:35 2019 +0000

    virusforget

commit 2d867d9fee691ba088cf42badc4def562d82bd0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:10:18 2019 +0000

    virusforget

commit 8e76e6b8b3129bcda1c82322cc56e31edac43e3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:48:12 2019 +0000

    fix

commit 3f068f77febebbe425f9d6cd1ef2d620fb6ec379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:47:20 2019 +0000

    keep cache folder outside of reach of user since even user can remove files
    
    owned by root in its home folder

commit 1fa1efa58e6f719766394bc8b94d4aa4076bdc0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:22:09 2019 +0000

    credits

commit 1e026a3ebbacb1011edbbf5b0fbcfe7b5e6338c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 18 22:50:44 2019 +0000

    initial development version of VirusForget

commit e15b5603057fd9c67ac1ab34493e8b9f05fbac9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:54:08 2019 +0000

    bumped changelog version

commit c897682794639fa7848acf5ba4b33aabbbcd0644
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:53:45 2019 +0000

    readme

commit e535232728ec7ff6846a3102b73707c549ea64c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:49 2019 +0000

    description

commit 7ffdd7c240b55c1d5fae9279b42319a5e8be74ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:42 2019 +0000

    description

commit 207399439f29b4b421a8e91fc1b965d9e82ba35c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:36 2019 +0000

    description

commit d4fb485e7090a7424f3f80b18b010fbc9859283c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:35:31 2019 +0000

    description

commit 41b2819ec88364290c5d91daa2236919ea589c1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:33:47 2019 +0000

    PAM: abort on locked password
    
    to avoid needlessly bumping pam_tally2 counter
    
    https://forums.whonix.org/t/restrict-root-access/7658/1

commit e0e25364e2d14459b918eea2cb63cbe10b8371f3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:57:48 2019 +0000

    bumped changelog version

commit cfd18d4486c763a79bc174bded7d8cf0b3dd567f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:56:29 2019 +0000

    readme

commit ed90d8b025c1f852856fea0e620c240f35e78a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:55:20 2019 +0000

    change default umask to 027
    
    as per:
    
    https://forums.whonix.org/t/change-default-umask/7416/47

commit b9127faac300024f7d8851d41037bebd5d3fe05c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:51 2019 +0000

    bumped changelog version

commit e004a5e0cf22c5add683ed8c1ff6f88bdc4053ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:25 2019 +0000

    readme

commit f9e3825e9166b9814beb5e0a8e30caa540e66a27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:09 2019 +0000

    fix lintian warning

commit ec99720811c53bf0ad3a1f36e0d34371ebc6d283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:59:14 2019 +0000

    bumped changelog version

commit 6a68c3bd9cd47a8542460a95d90bcf7e34d9f768
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:57:30 2019 +0000

    readme

commit 224f95799c36f56c2165fe9284abaceaa84f1d3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 11:15:25 2019 -0400

    sudo default umask 006
    
    https://forums.whonix.org/t/change-default-umask/7416/43

commit 17cfcb63b6358f51a65df9623bc23ddf869b06cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:50:56 2019 -0400

    code simplification; report locked account earlier

commit 5754671c460c67bd7d8e064841383ea7b7f90824
Merge: 34672b8 9781598
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:36:43 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 97815986321b6daf9c1f0c6f33a4b282ca05438c
Merge: 34672b8 85502ad
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:36:00 2019 +0000

    Merge pull request #27 from madaidan/patch-21
    
    Blacklist bluetooth

commit 85502ad430f560070806c8b95b7fed3fe7028587
Merge: 4a6f87f 34672b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:35:51 2019 +0000

    Merge branch 'master' into patch-21

commit 34672b88a86285e1d3eaf35f0a2b3c2e974ffd26
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:18:02 2019 +0000

    bumped changelog version

commit a11e3cea9eb160ba84dbc273ea4cb48bc687158f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:08:48 2019 +0000

    readme

commit ff9bc1d7ea81a8507f44d9bb1301b9665614ebdd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 13:37:28 2019 +0000

    informational output during PAM:
    
    * Show failed and remaining password attempts.
    * Document unlock procedure if Linux user account got locked.
    * Point out, that there is no password feedback for `su`.
    * Explain locked (root) account if locked.
    * /usr/share/pam-configs/tally2-security-misc
    * /usr/lib/security-misc/pam_tally2-info

commit 454e1358220abf75def0d88a22426086a55c0802
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:33:41 2019 +0000

    pam_tally2.so even_deny_root

commit 63b476221c7b9ece6b99f9e194fab80e300275d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:30:56 2019 +0000

    use requisite rather than required to avoid asking for password needlessly
    
    if login will fail anyhow

commit ce4a30d3cecb7e9bddb96c79aab871804cb90bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:52:26 2019 +0000

    bumped changelog version

commit a7c25a451c78f7b9a5720e1b6fc7d168eb0afa4f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:50:53 2019 +0000

    remove unneeded dependency on libpam-cgfs

commit 633854c6bec439af9718439c8207012322800166
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:13:25 2019 +0000

    bumped changelog version

commit 0feb54b28e90b5c4cfcd529914a3892362c34966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:10:18 2019 +0000

    add Depends: apparmor-profile-anondist to fix apparmor issue
    
    sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
    kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

commit 8fdc77fed553d7ba6123d738b9cb3efe98f3f08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:33:23 2019 +0000

    output to stdout

commit 5213cfbcdcb41a5aa714d1031b36436adeb0359c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:08:18 2019 +0000

    bumped changelog version

commit 2875adb7221769dcd23ef701dae8b9ad24708590
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:07:55 2019 +0000

    readme

commit 01b3a0bfaeda0dad87644ad8d54c61e07dd501f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:52:53 2019 +0000

    description

commit 547ba91d799780487782cdd8088c556d978494e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:45:30 2019 +0000

    sanity test

commit dee195d89e94ff343cec60308cbbb5464d2a7b18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:40:41 2019 +0000

    description

commit 799acad724977dea220c2228f9da0db3d6b5170e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:39:43 2019 +0000

    skip, if not a folder

commit 6321ff5ad5938a929d4a997b4f1b03db2ac4b5fd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:38:44 2019 +0000

    refactoring

commit 15094cab4fbbb1fd0c20bd8241ea20bd6c0bd331
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:36:30 2019 +0000

    avoid ' character in usr/share/pam-configs; in description

commit 97d1945e61053efd3b73fb9f761b3ea1c9271cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:32:58 2019 +0000

    no log needed, informative output to stdout instead

commit a085d46c567b0b5dbbaddd8f3e5873d87d904c4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:31:58 2019 +0000

    change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown

commit f8c828b69a8f52108d19af4076e718930b5dcd07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:19:02 2019 -0400

    output

commit e5da6d9699de1d3c4aaefee7d301a4c47f33e4bd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:54 2019 -0400

    copyright

commit 1595789d7c310c80196345e06b6bacc8fb7c0baf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:16 2019 -0400

    comment

commit ce06fdf91103afbaf84523ce998570af733b5bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:15:53 2019 -0400

    formatting

commit 21489111d107023f150988137180154ba62e1ff2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 08:34:03 2019 +0000

    run permission lockdown during pam
    
    https://forums.whonix.org/t/change-default-umask/7416

commit 42f2d5f6664f15baebdaf200a5690cf32cdbe284
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:39:28 2019 +0000

    description

commit 52df8dc0149d597c3106daa7112a01db444e34f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:37:21 2019 +0000

    optional        pam_umask.so    usergroups umask=006

commit f210294f4091b6a09c902a446b125c26022c5d2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:24:24 2019 +0000

    description

commit dbea7d1511d8e1b2604960d37146ec931d9dfe15
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:22:14 2019 +0000

    add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
    
    on kernel package upgrade;
    
    self-document this package: during upgrade the following will be written
    to stdout:
    
    Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
    /etc/kernel/postinst.d/30_remove-system-map:
    removed '/boot/System.map-4.19.0-5-amd64

commit f1d8cbc9fb2b800205923cce77a8e242dddd133c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:02:09 2019 +0000

    bumped changelog version

commit 41f4441d9dc5777d4ea7424f8422164c548da091
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:47 2019 +0000

    readme

commit a82448d46af4fb9dce2de84025b8b820a11fae01
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:25 2019 +0000

    description

commit ff8c0979435b491cf462c5ef6e8e02f6d85f1d81
Merge: 6f8acf0 a8ea379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a8ea37952669b3f40a452cb580442126ec44233a
Merge: 6f8acf0 9a49b8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:34 2019 +0000

    Merge pull request #28 from madaidan/patch-22
    
    Require all loaded kernel modules to be signed with a valid key.

commit 9a49b8ecbb863a995862a4d380c6a03f6c0991ac
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Aug 13 13:33:07 2019 +0000

    Create 40_only_allow_signed_modules.cfg
    
    Require all loaded kernel modules to be signed with a valid key.

commit 6f8acf06d79c77e3bee15cc8696a433271e2b7c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 12:07:07 2019 +0000

    bumped changelog version

commit 52cee9128316d649ba7ffa9600d0fdc33c99a9a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 11:39:32 2019 +0000

    readme

commit aacd9c7679b05b7ee59df484f21a24fe7aa5901d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:34:38 2019 +0000

    description

commit c0b5c70de498d891e4edd5b9af2292909be36776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:33:22 2019 +0000

    description

commit 2f37a66fd009c9cba423c0f95833a71c8669af46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:31:29 2019 +0000

    description

commit e83ec79a25d09b2467e2389959d87267bab7f1f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:30:51 2019 +0000

    enable usr/share/pam-configs/mkhomedir-security-misc by default

commit 1eb806a03ef25bb387fa80f45dd6509925437048
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:29:49 2019 +0000

    pam_mkhomedir.so umask=006

commit c50eb3c9b07b9e54951eb08206db6d28383f6cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:28:55 2019 +0000

    add usr/share/pam-configs/mkhomedir-security-misc based on
    /usr/share/pam-configs/mkhomedir

commit 75769151cd7980042357f18c5567adab2a031049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 11:37:02 2019 +0000

    bumped changelog version

commit a2fa18c38159161418edcdaacb1baad215f5d31d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 07:07:28 2019 -0400

    pam_tally2.so deny=100
    
    during testing, due to issues
    
    https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12

commit d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:06:39 2019 -0400

    effectively (not directly) add "required        pam_tally2.so debug" to /etc/pam.d/common-account
    
    This is required because otherwise something like "sudo bash" would count as a
    failed login for pam_tally2 even though it was successful.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=707660
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 0f896a9d8d6f7c125311a0e226755f8a00214f3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:05:37 2019 -0400

    add onerr=fail audit to pam_tally2

commit a703865dcf736996a58e6f684fc02f0e9dfa8cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 12:02:41 2019 +0000

    bumped changelog version

commit 1fe3036a4903588b89edd82e7097a665271fd27f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:13:43 2019 +0000

    readme

commit e076470f68dc18908c5ab1889232aaaa0fcb9f3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:58 2019 +0000

    renamed:    usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc

commit 830111e99aa6f45688c4ba00a7f41ea323f15f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:22 2019 +0000

    split usr/share/pam-configs/security-misc
    into
    usr/share/pam-configs/tally2-security-misc
    usr/share/pam-configs/wheel-security-misc

commit 5d0aec1321b4f46f1834ba9ad166d2445a995fbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 19:12:27 2019 +0000

    bumped changelog version

commit 89d32402b2dd2182dc6e7788d41708eaaeeb02c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 14:52:29 2019 -0400

    fix, do not use "," inside /usr/share/pam-configs files

commit 4a6f87f3fa104f0e0a62809fe08f7d07d15dd9f7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:33:28 2019 +0000

    Update control

commit 5a4ea39566621431e931d5bc09957e04f18bbeee
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:30:57 2019 +0000

    Create blacklist-bluetooth.conf

commit 864de10659d0145ae8883b98b1746a7debc9492a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:17:51 2019 +0000

    bumped changelog version

commit 47368ae4fccc85ab3197f07316b03c123187f9a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:15:30 2019 +0000

    readme

commit c09fb208d163be4ff7ace9f41cfee03147018cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:44:50 2019 +0000

    bumped changelog version

commit ac1220e14bd9428420cf01ef68e5acb690b6afa4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:59 2019 +0000

    depend on sudo so group sudo exists during postinst

commit 09f75fb1ff03d7a95951a0f6bcb9d84f1744b583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:36 2019 +0000

    description

commit 2ad087dcd9e4fd3e747a47577b9d4ba1088d6a33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:30:40 2019 +0000

    description

commit 404f597c0aaddeef3c8c555d2d7f5a9993f9e512
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:29:42 2019 +0000

    description

commit c921872016672073927fce34ed764263c8d6db5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:27:13 2019 +0000

    description

commit 39e1b1c5f0622c062f12c532400ca170d3eb789f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:26:25 2019 +0000

    update file path

commit cf906687561acee7f61fdf100b801d670a74a94f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:25:02 2019 -0400

    lock user accounts after 5 failed authentication attempts using pam_tally2

commit 3e29761560085f9e3d84250e29a2ea5e34766432
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:17:06 2019 -0400

    debug at the end

commit 5cdb3edb321046bf9dc09e91665e63faf16e9786
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:16:41 2019 -0400

    usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc

commit 031a1c8751504b00f131fd8d518f59b975353369
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 22 01:16:18 2019 +0000

    bumped changelog version

commit f38f307b37d2efb036c5b4e85f48921b0acfadeb
Merge: 8c538ba b2582fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 09:12:33 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b2582fbd4c2364c7bca95b4038eec2ef2a2fae41
Merge: 8c538ba 077899c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 12:40:37 2019 +0000

    Merge pull request #26 from fepitre/fix-files
    
    Fix files

commit 077899c23d518416cd9ee801a3607585d3a51aab
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:23:06 2019 +0200

    Add .gitignore

commit 5fbe7537613a2034d80983e095cdd8d2971b1bcc
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:19:35 2019 +0200

    spec: update %files section
    
    QubesOS/qubes-issues#1885

commit 8c538ba318e5524d07034f2f718e4b5ae483176d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:38:26 2019 +0000

    bumped changelog version

commit 1c7441ddf194fd54f40f1b0d16c408fd29d49b9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:16:14 2019 +0000

    alias /etc/securetty -> /etc/securetty.security-misc,

commit 940054d53ff9b7027f414268370245627675a60a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:08:23 2019 +0000

    bumped changelog version

commit 08d37471d486f13aebeb2c355280f3b207eb044b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:06:17 2019 +0000

    readme

commit c0a4a10d6b89000735227f51464cc1ce76f8419b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:05:11 2019 +0000

    description

commit 7352b2ac31d7fde7e15da044c7f7279d7eddc8ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:03:54 2019 +0000

    description

commit b153e8f7df1f2a8e815b910aa6962ae3abe80755
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:48 2019 +0000

    fix path

commit 4bf2360b9579b12775487e4215af5afa1c180f04
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:27 2019 +0000

    description

commit 9f2e300e72263380a0a99e59efe636652f4a8ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:48:33 2019 +0000

    description

commit d044780c04e0bcfc9d91a0cf6fc26d9f778bb50d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:42:14 2019 +0000

    description

commit 75e5714d183b8ad08bc7a96643b2a38727620530
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:40:01 2019 +0000

    description

commit 8c2f983578a0af63258bfe7e2b95f230e43df860
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:39:42 2019 +0000

    description

commit 2299ed041f101f1fa9711d83a31ad6e8d07d3023
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:36:51 2019 +0000

    passwordless recovery / emergency console
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
    https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d
    
    https://forums.whonix.org/t/restrict-root-access/7658/46

commit 50036b2934410b57936a4909d022d436cd27cdfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 19:13:57 2019 +0000

    bumped changelog version

commit 3f9437f1ecfd292f06ce021f12cb5430da280f84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 14:25:19 2019 -0400

    Revert "set back to default group "root" rather than group "sudo" membership required to use su"
    
    This reverts commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c.

commit 1b772c6a9aac9e6c203c0c89b49e589a2b6e83d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 19:45:52 2019 +0000

    bumped changelog version

commit 2499ae0890bb524d3756e6135d5d6986e74210ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:28:50 2019 -0400

    description

commit d0124b24d19e0c34c23931bd252ccffe2f786b3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:27:56 2019 -0400

    description

commit 4b604bbb240d5fb32428ef0aafde3d6646752d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:26:47 2019 +0000

    bumped changelog version

commit f21fa8d95d19665e1cb1320062007472284bd9b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:03:30 2019 +0000

    readme

commit 5c741d2149f12554e63d0fcb0d129cbbdad66569
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:02:30 2019 +0000

    shuffle

commit d247b7534b9e3a161fdba296c32dd85b7e91a665
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:01:46 2019 +0000

    sort description by categories

commit 168ea5a660561fdaa438fdf88f6cecf1f2677324
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:48:17 2019 -0400

    shuffle

commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:44:28 2019 -0400

    set back to default group "root" rather than group "sudo" membership required to use su
    
    since root login will be locked by default anyhow
    
    Thanks to @madaidan for providing the rationale!
    
    https://forums.whonix.org/t/restrict-root-access/7658/42

commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:16:49 2019 +0000

    description

commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:11:59 2019 +0000

    fix, add 'group=sudo' and 'debug' for debugging
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 1731196c9fda93233917bcf6dba48834be03a448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:51:32 2019 +0000

    bumped changelog version

commit 6af2d7facb391724d48dece28c1a34f4aaaf3929
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:25 2019 +0000

    copyright

commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:04 2019 +0000

    set -e

commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 17:59:49 2019 +0000

    use pre.bsh

commit 7afddb028f423254adcd6026aaf12627cebbee17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:30:39 2019 +0000

    bumped changelog version

commit c13485f532203dbb3675d367be3bc16811719442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:29:10 2019 +0000

    readme

commit ea90f95f1c7b8200db222e42a5f72221212a71e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:40 2019 +0000

    cleanup

commit ea8b22ee78439a3cd5f7305f9588940320740ab9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:14 2019 +0000

    shuffle

commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:25:08 2019 +0000

    description

commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:23:39 2019 +0000

    formatting

commit 41675ddcff4d561282db9b43d2d9f993a39600c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:21:34 2019 +0000

    removed: The amount of hashing rounds used by shadow is bumped to 65536.
    This increases the security of hashed passwords.
    
    Since we do not do that currently.
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:20:14 2019 +0000

     Removes read, write and execute access for others for all users who have home
     folders under folder /home by running for example "chmod o-rwx /home/user"
     during package installation or upgrade. This will be done only once per folder
     in folder /home so users who wish to relax file permissions are free to do so.
     This is to protect previously created files in user home folder which were
     previously created with lax file permissions prior installation of this
     package.

commit 4740e8b3357914aee16079b980b8861376cd222c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:13:55 2019 +0000

    cleanup

commit 834fcc4671a50f10426a62cb5986d79f991903b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:17:16 2019 +0000

    bumped changelog version

commit e9eb38b5dbbddffb12103c14edc3745e239365a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:04:09 2019 +0000

    formatting

commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:58:47 2019 +0000

    bumped changelog version

commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:57:51 2019 +0000

    remove no longer shipped files in etc/pam.d/*

commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:55:31 2019 +0000

    bumped changelog version

commit cb668459e81d74baf28ac43173bb50c7210e37a4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 10:35:10 2019 -0400

    port umask from /etc/pam.d to /usr/share/pam-configs implementation
    
    https://forums.whonix.org/t/change-default-umask/7416

commit ac25733de871b0da5ef42e2e0283a44d94ac3112
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:01:53 2019 +0000

    remove etc/pam.d/common-password.security-misc rounds=65536
    
    due to unclean implementation, see:
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 12:33:51 2019 +0000

    convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
    
    https://forums.whonix.org/t/restrict-root-access/7658/32

commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 11:41:37 2019 +0000

    remove modifying to /etc/pam.d directly (unrelased)
    config-package-dev displace /etc/securetty
    remove trailing spaces
    
    https://forums.whonix.org/t/restrict-root-access/7658/31

commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:28:04 2019 +0000

    bumped changelog version

commit aee6b346359db4973fdc80d565f7a6972bb884a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:26:17 2019 +0000

    fix lintian warning

commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888
Merge: f5356ce 93190eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 14:08:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1
Merge: f5356ce 1aee08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:08:01 2019 +0000

    Merge pull request #25 from madaidan/patch-20
    
    Improve documentation of blacklisting uncommon network protocols

commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:30:09 2019 +0000

    Update control

commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:28:56 2019 +0000

    Update uncommon-network-protocols.conf

commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:26:14 2019 +0000

    Update control

commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:16:38 2019 +0000

    bumped changelog version

commit bea98474ba8a189b4c174ce6613547b8f377de68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:21 2019 +0000

    chmod +x usr/lib/security-misc/panic-on-oops

commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:01 2019 +0000

    fix lintian warning

commit 2a893c0562438aaf0c34a25538a8e21bb11ba197
Merge: 3df6a44 a54500c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:50:35 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a54500c6f18719520ae66c335870d3e8f03e9e14
Merge: 7d3a615 1e4d349
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:37 2019 +0000

    Merge pull request #23 from madaidan/patch-18
    
    Blacklist more uncommon network protocols

commit 7d3a61564dc01b899466defe957a7bc65d38dc89
Merge: 3df6a44 932524c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:08 2019 +0000

    Merge pull request #24 from madaidan/patch-19
    
    Move disable-coredumps.conf to correct position

commit 932524cbd1b15df06bd4e395dc391dd489ba100f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 15:28:48 2019 +0000

    Move disable-coredumps.conf to correct position

commit 1e4d3495167c0305ec1fce8568658a06750df674
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:28:39 2019 +0000

    Update control

commit 4058e283a542900e7c8bcc060012d7c33964e36a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:27:19 2019 +0000

    Blacklist more uncommon network protocols

commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:37 2019 +0000

    Remove duplicate

commit a8b44c75f9ca6df1460ce0feca647f2f370f8833
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:07 2019 +0000

    Update control

commit 2d27bdd808374a71cd9d7187326be99420411583
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:55:37 2019 +0000

    Blacklist more uncommon network protocols

commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:56:23 2019 -0400

    also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops

commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c
Merge: 8793708 e4bb770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:55:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit e4bb77037e9327eea7b8fd92961192613d6e0763
Merge: a9441e7 0f15303
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:48 2019 +0000

    Merge pull request #21 from madaidan/patch-16
    
    Make the kernel panic on oopses

commit 0f15303eb4dd5701cae5b3985be47918e2e4700a
Merge: 45f8102 a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:24 2019 +0000

    Merge branch 'master' into patch-16

commit 8793708906d037746a2e946177d8a4d1884b391a
Merge: 50c00fc a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 03:23:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a9441e7be4794e88f782f1ff5dd95f00e3928279
Merge: 50c00fc 24b326d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 07:21:47 2019 +0000

    Merge pull request #22 from madaidan/patch-17
    
    Restrict access to the root account

commit 24b326d906375bb543b936936519231f51154dcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:24:41 2019 +0000

    Update control

commit 24d9eadcb267b34ce31981d841e58d4e2c769793
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:59 2019 +0000

    Use 65536 hashing rounds

commit 86117d957763a4dd07fb9a84c07a2934a02d32f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:19 2019 +0000

    Create common-password.security-misc

commit 8ad9a54b094a4a15ef726f513e38c953cc247b80
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:17:17 2019 +0000

    Don't allow root login from a terminal

commit 890298a3c882000a8351186521e9c1852dec298a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:15:56 2019 +0000

    Restrict su to users in the root group

commit 38099a2a5d830a522fd51b9d9953ae47a14c5289
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:11:17 2019 +0000

    Create su.security-misc

commit 45f8102d565512938e5c533ffcd4cc06ea68b580
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:04:47 2019 +0000

    Update control

commit 2a1742705563c264b3ea634345373cce2986d283
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:01:30 2019 +0000

    Create security-misc

commit 4ac700ded0cca668f585ea466e167f055783e28d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:59:39 2019 +0000

    Create 50panic_on_oops

commit 52c61011d4000b49edb0783fcca05952b0da7ee2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:58:56 2019 +0000

    Create panic-on-oops

commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 8 00:23:52 2019 +0000

    bumped changelog version

commit 223b6918339dc53b8ff8499d3d52210ee07e24a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:39:58 2019 +0000

    add 'Depends: libpam-cgfs'
    
    https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick

commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:00:27 2019 +0000

    bumped changelog version

commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 22:18:47 2019 +0000

    shut up pam-auth-update

commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:31:56 2019 +0000

    move to pam-auth-update --force
    
    --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.

commit 8399a1136788dfbbfd5dfb5c11356776e90326cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:11:08 2019 +0000

    bumped changelog version

commit d4c79cce69d454202304a7d8369fa7b0f1c50946
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:09:26 2019 +0000

    add "Depends: libpam-runtime" so pam-auth-update is available
    
    for Debian maintainer script

commit f68b96241c6afc7dffa8831f35d38bf1bf49508a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:08:28 2019 +0000

    comment

commit 91fb21aafbab4811ac2055decae0fc58f624c259
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:51:40 2019 -0400

    Due to error:
    Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
    Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
    
    run:
    pam-auth-update --package
    from Debian maintainer scripts

commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:37:46 2019 -0400

    apparmor fixes (this broke whonixcheck apparmor profile)

commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:39:12 2019 +0000

    bumped changelog version

commit 3558a9949fe9924d027b267152125b33e25085c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:37:25 2019 +0000

    Enable APT seccomp sandboxing.
    
    Thanks to @torjunkie for the suggestion!
    
    https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702

commit 93e81b433036ef2f226d0a2b1422034aba54ea3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:28 2019 +0000

    bumped changelog version

commit 3cd1a5ec094cff0151c888418b7b14d5413eb353
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:00 2019 +0000

    fix lintian warning

commit b73cdfd7cc3918633459315f5d9867f6a8798208
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:53:10 2019 +0000

    bumped changelog version

commit 7b0b9da32c660e527741a56543c78ee3ac93d541
Merge: 6df7b3c 649878f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 07:06:54 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0
Merge: 6df7b3c 8888147
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 11:06:25 2019 +0000

    Merge pull request #20 from madaidan/patch-15
    
    Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt

commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:26:31 2019 +0000

    Update control

commit 46409be8b664db730113b4495ef69bee0f41c53a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:25:28 2019 +0000

    Use install instead of blacklist

commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:24:44 2019 +0000

    Blacklist n-hdlc

commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 15:23:49 2019 +0000

    bumped changelog version

commit f82731698c20028531de673903faca10aa136416
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 14:53:01 2019 +0000

    re-enable PrivateNetwork=true

commit 81b38529d92e9bea79db8694200d70b08d3b42a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:58:20 2019 +0000

    add copyright for files in etc/pam.d/*

commit 552b6edbedfbb346c1738ea3edbad16368780c7b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:51:00 2019 +0000

    fix machine readable copyright format

commit a05264934b1160f44966e3e0b32e54841b15dd06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:46:01 2019 +0000

    add copyright for etc/login.defs.security-misc

commit 48e511347c7d85478b8593e55f061a53aefbafaa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:37:55 2019 +0000

    fix lintian warning

commit 93c08210545dd77b608515351154bcc16c8464b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:35:45 2019 +0000

    config-package-dev displace files for change umask
    
    https://forums.whonix.org/t/change-default-umask/7416

commit a73f0566e978afb6d5b9693bf432a2496bedd61f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:25:23 2019 +0000

    change default umask to 006
    
    session optional  pam_umask.so usergroups
    
    https://forums.whonix.org/t/change-default-umask/7416/17

commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:24:29 2019 +0000

    revert to Debian buster original

commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae
Merge: 24cc8e3 8c60e7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 09:21:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75
Merge: 24cc8e3 cfaafe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:20:21 2019 +0000

    Merge pull request #18 from madaidan/patch-14
    
    Change the default umask to 006

commit 24cc8e380df8706cd8e9765d89bd44ac78c58936
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:43:02 2019 -0400

    comment out proc-hidepid.service hardening for now
    
    since broken in Qubes Debian AppVMs
    
    https://forums.whonix.org/t/kernel-hardening/7296/104

commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8
Merge: 3c176ce 344d009
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:08:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:07:14 2019 -0400

    allow permissions openat mkdir
    
    since required in Qubes Debian templates

commit 344d00903250d699fc64d7fa9fad80475ade92e5
Merge: f26ad14 b8f2aee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 06:39:28 2019 +0000

    Merge pull request #19 from madaidan/patch-15
    
    Add licensing to proc-hidepid.service

commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:22:43 2019 +0000

    Add licensing

commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:16:12 2019 +0000

    Update control

commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:59 2019 +0000

    Update common-session-noninteractive

commit a9af85f58529e0dcb154b669bd53aba8333d5634
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:16 2019 +0000

    Update common-session

commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:11:31 2019 +0000

    Create common-session-noninteractive

commit 501901f7c04514c66a4f97f5eb0e523aa55a1094
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:54 2019 +0000

    Change default umask to 006

commit 09a5c27f475ea6947180088b4efb615101fdbf9c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:29 2019 +0000

    Create common-session

commit a319333493ad1839ff7fb1d4b6f43dc719b57844
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:09:51 2019 +0000

    Create login.defs

commit f26ad14d4cab627c04dfa375ac831a3a09c9a165
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:58 2019 -0400

    bumped changelog version

commit b8ace6e3f6a94268e0f63907e62bf968445ae548
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:31 2019 -0400

    bump

commit f3a48009878e0edb033633d609f82a167cd8e616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:23:51 2019 +0000

    bumped changelog version

commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:38 2019 -0400

    fix package description

commit e47339706170c92b8db44f014942ea7d94d1ff9e
Merge: 24b19c5 ec78a3e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:12 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec
Merge: 9525ff8 67de524
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:28 2019 +0000

    Merge pull request #17 from madaidan/patch-13
    
    Disable coredumps

commit 67de5247c8e7cd68c851a3d62168e9de69000afe
Merge: dbfb9e1 9525ff8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:04 2019 +0000

    Merge branch 'master' into patch-13

commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32
Merge: 24b19c5 22267c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:09:23 2019 +0000

    Merge pull request #16 from madaidan/patch-12
    
    Mount /proc with hidepid=2

commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:21:46 2019 +0000

    Update control

commit 024a698249392bdc6ebd362a2c978bc0e02bd55f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:20:38 2019 +0000

    Update control

commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:19:04 2019 +0000

    Create disable-coredumps.conf

commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:16:50 2019 +0000

    Create coredumps.conf

commit f040081a5998fddd1ea4bc30140e41c405842371
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:13:52 2019 +0000

    Prevent setuid processes from creating coredumps.

commit c6b669f1a53bfef08a82994422f9e1b627a937d5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:11:13 2019 +0000

    Create disable-coredumps.conf

commit 22267c895b15e10c98bae365ef2bef12f95454aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:30:41 2019 +0000

    Update control

commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:28:41 2019 +0000

    Update proc-hidepid.service

commit dcf57bebf0d28089045a29477f26ad35d1041392
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:27:24 2019 +0000

    Create proc-hidepid.service

commit 24b19c597685233e3ebc7a5200bf929319f8a63f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:35:13 2019 +0000

    bumped changelog version

commit befa03fea80c53bac3c4b1bb530be2f965ce6157
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:34:48 2019 +0000

    fix lintian warning

commit 250919b821a00c93ee4fe7d92f6f3ed812110aac
Merge: ecf5d80 60e6dfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 06:06:02 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e
Merge: ecf5d80 9e9c854
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:05:34 2019 +0000

    Merge pull request #15 from madaidan/patch-11
    
    Update control

commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:34:35 2019 +0000

    Update control

commit b26d861dffdbca124322cbfbda99ab71a3142e06
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:33:48 2019 +0000

    Update control

commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:20:53 2019 +0000

    bumped changelog version

commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:18:30 2019 +0000

    fix lintian warning

commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:17:35 2019 +0000

    chmod +x usr/lib/security-misc/remove-system.map

commit fe69dc6173e8a3e45ff7996597e9e50f09033279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:09:35 2019 +0000

    bumped changelog version

commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:02:49 2019 -0400

    update files list

commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd
Merge: 0a0be1a ab31223
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:00:21 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b
Merge: 5e02100 3801a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:59:16 2019 +0000

    Merge pull request #14 from madaidan/patch-10
    
    Add some hardening for other distributions

commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
Merge: 7e12e16 b809185
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:58:32 2019 +0000

    Merge pull request #13 from madaidan/patch-9
    
    Remove System.map and restrict the SysRq key.

commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
Merge: 0a0be1a 641407c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:57:42 2019 +0000

    Merge pull request #11 from madaidan/patch-7
    
    Protect against DMA attacks

commit 3801a53a9e01aafa3783276059a7907f5b20b96e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:17:58 2019 +0000

    Update tcp_hardening.conf

commit c54125270b44140b9ecfe0420205ac685b2a3505
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:15:57 2019 +0000

    Create dmesg_restrict.conf

commit b8091850082fe1b956d6cff11fc7aa17786e693e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 16:09:52 2019 +0000

    Update remove-system-map.service

commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 15:03:54 2019 +0000

    Update remove-system.map

commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 12:59:45 2019 +0000

    Use a for loop to detect if System.map exists

commit 3116a56f1353681fbb97d4e7f92ee069f2577b33
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:25:32 2019 +0000

    Create remove-system-map.service

commit 382e336f69097f3baa7693da6aaf8833b05cf322
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:20:27 2019 +0000

    Create remove-system.map

commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:16:43 2019 +0000

    Restrict what the SysRq key can do

commit 0a0be1ad2889182b15d5851740ff43fb75773571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:57:42 2019 +0000

    bumped changelog version

commit 7806af14193f195e825678471ba65c64e07d7d0a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:51:53 2019 +0000

    readme

commit 4e32438d75726014573b35c9b101abf59dfc3ba4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:47:05 2019 +0000

    debian/control syntax fix

commit a098b18560e30ef238f693bf8f05933489027dd4
Merge: 2a62899 90d676e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:46:30 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 90d676ec1864bd915310673d134d62d10a17a42f
Merge: 2a62899 1a07d90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:45:31 2019 +0000

    Merge pull request #12 from madaidan/patch-8
    
    Update control

commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 19:26:03 2019 +0000

    Update control

commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:46:52 2019 +0000

    syntax fix
    
    GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
    
    https://forums.whonix.org/t/kernel-hardening/7296/70

commit f1147318c04642f355eae96786c26ec1cb53977c
Merge: cd73466 aec6da2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:41 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74
Merge: cd73466 2178fb3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:24 2019 +0000

    Merge pull request #10 from madaidan/patch-6
    
    Enable more kernel hardening parameters

commit 641407c8e9c728429ec86e7c89e431896d88e116
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:38:50 2019 +0000

    Enable IOMMU

commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:34:45 2019 +0000

    Blacklist thunderbolt and firewire

commit 2178fb37a85808df0c455f7dd76fc72516d6ff28
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 17:54:34 2019 +0000

    Add more kernel hardening parameters

commit cd7346699c10e258d5af5f51ad56493e98e4eb1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 12:22:13 2019 +0000

    bumped changelog version

commit 60334797d003f63606645220fbc66393eb30cde0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 09:00:12 2019 +0000

    /etc/sysctl.d/tcp_sack.conf

commit d404624bacf220e5545c8e5ffbace937924c77cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 08:38:01 2019 +0000

    bumped changelog version

commit ae50d8134294d3746235d383c18fc187c18717d7
Merge: 5269cfe cd7172c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 03:59:58 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit cd7172c00cbf0cb69e159b6159ef0bfff663a507
Merge: 5269cfe 807ac7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 07:59:35 2019 +0000

    Merge pull request #9 from madaidan/patch-5
    
    Disables SACK.

commit 807ac7d65916071e4294f42d62b8b2353255c4bc
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 22 16:08:30 2019 +0000

    Create tcp_sack.conf

commit 5269cfeef99b500e4aa7c883434f3d5554559d16
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 05:40:04 2019 +0000

    bumped changelog version

commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810
Merge: ca1aa1e f9dc1b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 04:05:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea
Merge: ca1aa1e 2e81885
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jun 20 23:54:58 2019 -0400

    Merge pull request #8 from marmarek/packaging
    
    qubes-builder integration

commit 2e81885f691201e2229dadfd5ec7b554980ac689
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:52:01 2019 +0200

    Add rpm packaging
    
    QubesOS/qubes-issues#1885

commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:51:33 2019 +0200

    Add Makefile.builder for qubes-builder (Debian)
    
    QubesOS/qubes-issues#1885

commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jun 10 15:42:58 2019 +0000

    bumped changelog version

commit 8b5e84d76a762b6c8cac8626245d5311afbea221
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:53 2019 +0000

    cleanup, delete debian/security-misc.maintscript to fix lintian warning

commit f9acd890a703ce375ed07ad9e1be2bed019e49a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:24 2019 +0000

    lintian

commit 49873e8e0286f7604399c7e857c7714271991956
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:06:58 2019 +0000

    solve package file conflict
    
    https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375

commit d5127e716632af2f494e9b41571c44a56a887667
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 11:32:12 2019 +0000

    bumped changelog version

commit 9fe58728102f92d0584ef128c53f5e99d3956d92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 00:05:35 2019 -0400

    fix debian/watch lintian warning debian-watch-contains-dh_make-template

commit e7edbe5fb446f869e7b64802038f410c74ce538c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 20:48:59 2019 +0000

    bumped changelog version

commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 12:29:08 2019 -0400

    readme

commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:38:13 2019 +0000

    bumped changelog version

commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9
Merge: 65d7eb8 244234c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 18:25:47 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5
Merge: 65d7eb8 7177c60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:25:13 2019 +0000

    Merge pull request #7 from madaidan/patch-3
    
    Disable uncommon network protocols

commit 7177c6041a9b086a4cb90504a492136b4da732a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 20:30:49 2019 +0000

    Create uncommon-network-protocols.conf

commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 20:25:46 2019 +0000

    bumped changelog version

commit a2b184e5bb9942aa63a36fb918b203053a53f1e4
Merge: 71bf635 7d7b899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:53:27 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 7d7b899dd13f7123822bf269a639c68ff5cb737e
Merge: 71bf635 b814f33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:52:52 2019 +0000

    Merge pull request #6 from madaidan/patch-2
    
    Even more kernel hardening

commit b814f338b803ae33380551919b00144bb63a53b8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:33:03 2019 +0000

    Update tcp_hardening.conf

commit e6794721bd181f8884cd3817b5ae3c6c58747ae7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:29:20 2019 +0000

    Update ptrace_scope.conf

commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 11:08:32 2019 +0000

    bumped changelog version

commit c040117fe47acad2e5c76baa55d42a6ec9223955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:50:34 2019 +0000

    lintian

commit 26fe4305a1fd072a8608f62a30129ad249203684
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:48:27 2019 +0000

    bumped changelog version

commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 02:58:45 2019 -0400

    update path to pre.bsh

commit 137bc073c5d65988cce832336ebee5c47071e732
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:38:25 2019 -0400

    port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
    
    https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick

commit 3bd4da6794067708f517b099548c0aa2a2b65146
Merge: c80b746 b00a264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:32:29 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b00a264ce27c48584879d85275a3fa3f19030906
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:29:36 2019 -0400

    Disable thunar-volman by default.

commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 20:37:53 2019 +0000

    Create fs_protected.conf

commit 0296e51e06d94cea598fcad3bdbfa165e519a47b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:46:37 2019 +0000

    Create ptrace_scope.conf

commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:45:53 2019 +0000

    Create tcp_hardening.conf

commit 4216299ee847da0bdf4c714451a70b69f5881d8c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:42:55 2019 +0000

    Create kexec.conf

commit c80b7465bfb9164fb300dea71c38f58672199b17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 09:58:44 2019 +0000

    bumped changelog version

commit f917c27a197d49b7bcdbfe065fe0696792d05350
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:51:14 2019 -0400

    remove trailing spaces

commit 83e12f8e89cf0269daeca36946cdef07e23075b3
Merge: 74cdecf 5177444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:50:35 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5177444d624a8a935c461ebe1065d451d2f8da0f
Merge: 74cdecf 02e8888
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:46:03 2019 -0400

    Merge pull request #5 from madaidan/patch-1
    
    More kernel hardening

commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 20:17:33 2019 +0000

    Update 40_kernel_hardening.cfg

commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:42:03 2019 +0000

    Create 40_kernel_hardening.cfg

commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:36:30 2019 +0000

    Create mmap_aslr.conf

commit 197c1120a9f9f9a38548e4341d12b404fe72fde9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:35:42 2019 +0000

    Create harden_bpf.conf

commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:34:41 2019 +0000

    Create kptr_restrict.conf

commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 11:34:25 2019 +0000

    bumped changelog version

commit 09c35d5da251c190febaeb3437e151612597375d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 10:56:56 2019 +0000

    update

commit db9e60c894c06d316f124659571c4b360e3fc08b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 6 12:13:43 2019 +0000

    bumped changelog version

commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 14:06:00 2019 -0400

    port to debian buster

commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 09:26:18 2019 -0400

    fix lintian warning

commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 4 05:51:06 2019 -0400

    port to debian buster

commit db5c3ccde6edcafc5467674176c94008765c0ecc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 3 18:05:56 2019 -0400

    readme

commit 2913acda63b8d2309392ef7af6833a407d7cfa3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 10:02:51 2019 +0000

    bumped changelog version

commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 09:03:18 2019 +0000

    https://www.whonix.org/wiki/Dev/Licensing

commit c5768683f402289456375bb64a40250474005c25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 12 11:36:25 2019 +0000

    bumped changelog version

commit 811852656e5fdeae19c2a942207e4318c2f9b14d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 1 14:32:41 2019 +0000

    add improved legal protections clauses
    
    The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
    
    The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
    
    * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
    * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
    
    [1] https://www.debian.org/social_contract#guidelines
    [2] https://www.fsf.org/news/canonical-updated-licensing-terms
    [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
    
    For more considerations, see also:
    https://www.whonix.org/wiki/Dev/Licensing

commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 28 06:33:14 2018 +0000

    bumped changelog version

commit 63b080f40bab38bdb1c91519b90c3988640970d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 06:27:52 2018 -0500

    fix hiding network bookmark in thunar by default
    
    Thanks to @Algernon for suggesting the fix!

commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 03:08:20 2018 -0500

    Disables network bookmark by default.

commit 2bd6dabc7c523d7680917753e61130cf78d7067e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:55:41 2018 +0000

    bumped changelog version

commit 0c020af885b3dfb2924102e6cf41a5af114cc140
Merge: f9e1877 6f240c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:53:47 2018 +0000

    Merge remote-tracking branch 'origin/master'

commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb
Merge: f9e1877 f84f988
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 04:53:25 2018 -0500

    Merge pull request #4 from Algernon-01/master
    
    Enable hidden files and volume management again.

commit f84f988118e30a2a3d4d74ed008c1a626c35c365
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Thu Nov 8 07:22:35 2018 +0000

    Enabled hidden files and volume management.

commit 5aebf292149cca72cba3416c0de0f927d76d3281
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Fri Nov 2 10:16:09 2018 +0000

    Security and general settings for Thunar.

commit f9e18772d72abeb1d14e3dc2740950f91900ee69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 1 07:42:29 2018 +0000

    bumped changelog version

commit 4ecd32ef9996442532b78ae1d46694d0e452cec0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:26:13 2018 -0400

    description

commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:22:43 2018 -0400

    disable previews in thunar

commit 256e4bac52d6c93a957ef47d07be2b7a0add8435
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 13:20:11 2018 +0000

    bumped changelog version

commit 73e5319711b897beb8fecae57f7552d764e438e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 10:46:00 2018 +0000

    'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)

commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 27 16:49:44 2018 +0000

    bumped changelog version

commit 1211aee0206b0d829b1101348b2a9836996ceef9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Aug 21 05:18:37 2018 +0800

    readme

commit c296cba838f64ad4bf96b281c2e2de410a3db589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 1 15:18:55 2018 +0000

    bumped changelog version

commit edbf198a930de31a1423b962979583a1d9775e70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:50:36 2018 +0000

    readme

commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:38:57 2018 +0000

    update copyright

commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:22:05 2018 +0000

    update copyright

commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:15:17 2018 +0000

    update copyright

commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:09:42 2018 +0000

    update copyright

commit 674d2d8abf38842d43a1ea10668d860b258c7f70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:35:29 2017 +0000

    bumped changelog version

commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:26:29 2017 +0000

    readme

commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 26 14:37:34 2017 +0000

    bumped changelog version

commit dc2c9a9992551f5967e09b31a90721a9aadaf962
Merge: 61bd4d0 91ff0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:43:18 2017 +0000

    Merge remote-tracking branch 'origin/master'

commit 91ff0c2571b41710440006e770b8295c03b3a295
Merge: 61bd4d0 6e5e5d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:42:37 2017 +0000

    Merge pull request #2 from HulaHoopWhonix/patch-2
    
    Update README.md

commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Tue Mar 14 13:11:44 2017 +0000

    Update README.md

commit 61bd4d05b76088657e392cb311983617b8a68750
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 16:16:32 2017 +0000

    bumped changelog version

commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 15:00:33 2017 +0000

    "$@"

commit f6bc1884855d84599ee731f694e0073f1df73ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 28 15:22:54 2017 +0100

    comment

commit 18e23af784e69e1bd40725a23acac9aaa3b167ab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:59:37 2017 +0000

    cleanup

commit 6195450eb2721d987f185f127a5435e8c7f798cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:57:04 2017 +0000

    No longer ignore duplicate apt sources in apt-get-wrapper.
    
    No longer acceptable because these generate lots of noise in the terminal.

commit 191918027c1971bfb871abb438c4917e5b98bb74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:43:02 2017 +0000

    adjust apt-get-wrapper for Debian stretch's apt-get

commit 2130b4c654ae5e3f94e7febe00a47e3969858770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:16:32 2017 +0000

    use python rather than unbuffer
    
    because unbuffer eats exit code when process is killed

commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 19:36:38 2017 +0000

    apt-get-wrapper:
    - fix exit code handling
    - code simplification

commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 02:04:00 2017 +0000

    bumped changelog version

commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 00:17:36 2017 +0000

    add missing dependency tcl8.6 (which is required by unbuffer [package expect])

commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 26 23:57:17 2017 +0000

    fix, show progress during apt-get-wrapper
    
    fix, propagate signals to apt-get child process

commit 49cde21078ccc9f623add6f587ee719843647ee7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 21 19:54:41 2017 +0000

    Whonix 14 KDE plasma 5 fixes
    
    https://phabricator.whonix.org/T633

commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:37:10 2017 +0000

    minor

commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:32:04 2017 +0000

    override glib-compile-schemas with || true in postinst
    
    https://phabricator.whonix.org/T500

commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:25:28 2017 +0000

    disable previews in nautilus by default for better security
    
    copied solution by @unman
    
    https://github.com/QubesOS/qubes-issues/issues/1108
    
    https://github.com/QubesOS/qubes-core-agent-linux/pull/39
    
    https://phabricator.whonix.org/T500

commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 17 14:08:56 2017 +0000

    bumped changelog version

commit c59d15d48f1950697d4e1da13282688f4f483ea5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 15 20:46:22 2017 +0000

    Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
    
    https://phabricator.whonix.org/T633

commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 17:30:31 2017 +0000

    "$@"

commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 02:37:08 2017 +0000

    add usr/lib/security-misc/apt-get-update-sanity-test
    
    a CVE-2016-1252 sanity test script

commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 13 17:26:59 2017 +0000

    readme

commit 0bb059093f7b4940836057b069bbec3a51ed91ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:47:52 2017 +0000

    remove faketime from Build-Depends:
    
    since no longer used for reproducible builds

commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:35:25 2017 +0000

    remove debian/gain-root-command workaround

commit 90f175e117d9ca2b84072bee129539569143e10c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 8 14:26:26 2017 +0000

    double apt-get-update wrapper timeout from 120 to 240 seconds
    
    since it takes a bit longer than 120 seconds for me on a fast connection

commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 15:35:31 2017 +0000

    bumped changelog version

commit d80d576953ccea7f183bfe4b1e13655ebc03e557
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 13:11:38 2017 +0000

    fix lintian warning

commit 59633fbc604207947427839004afcbc8c8d5e4d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 08:35:40 2017 +0100

    packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support

commit 814d6c5f74dd4808f28a0650909672be62639cd1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 12 02:56:55 2017 +0000

    bumped changelog version

commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 02:33:44 2016 +0000

    apt-get-update: implement SIGINIT trap; hide 'ps' output

commit c4089d8d4017f713631fbc5f09ccf7047dcb7008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:36:04 2016 +0000

    update path to /usr/lib/security-misc/apt-get-wrapper

commit 7b01fb934140afdcd8f7275c92cd557a1080d18e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:35:17 2016 +0000

    remove obsolete comments

commit 8160cfe1d720707895172a18608366ddd65f9ec6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:29:31 2016 +0000

    moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc

commit 7b3ef3a00f28592852ee701d4ce3803348de6999
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 10 02:30:50 2016 +0000

    bumped changelog version

commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 21 17:42:55 2016 +0000

    readme

commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 10 16:10:30 2016 +0000

    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:27:58 2016 +0000

    bumped changelog version

commit 192d1e0cee505a59c5f62d01022562b12ca6646e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:19:54 2016 +0000

    /etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
    
    https://phabricator.whonix.org/T486

commit 492ce128909cfda8645738b092fd9e8722c64aa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 7 22:54:45 2016 +0000

    bumped changelog version

commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:53:40 2016 +0000

    fixed package description and package description linitan warnings

commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:36:59 2016 +0000

    added 'Replaces: tcp-timestamps-disable'
    
    https://phabricator.whonix.org/T486

commit 7b54755841907c2b86b12eed5035860e17445193
Merge: 10c87b8 be086ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:35:07 2016 +0000

    merged tcp-timestamps-disable package into security-misc package
    
    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit be086aea597ff5e4db29f56fa57399c67568d4b6
Merge: 10c87b8 d0eceae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:34:17 2016 +0000

    Merge pull request #1 from HulaHoopWhonix/patch-1
    
    Create tcp_timestamps.conf

commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:38 2016 +0000

    Update README.md

commit 989f2f54e22ff676df83463edaca439a4695af49
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:05 2016 +0000

    Update control

commit c7d88571e48fface5fc24d7d471724303e374f37
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:16:10 2016 +0000

    Update control

commit 27200cd98f6d2be7e55765a8d17a075299db7b2e
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:57:15 2016 +0000

    Update README.md

commit 92d738db56f048f2ee5de0239ddd6ba141373f99
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:53:12 2016 +0000

    Create nf_conntrack_helper.conf

commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:48:06 2016 +0000

    Create tcp_timestamps.conf

commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 21:05:03 2015 +0000

    updated README.md

commit ba7b06ce302006a12fe7886c4338b5e44a571fa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:16:14 2015 +0000

    bumped changelog version

commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:14:00 2015 +0000

    deactivate preview in Nautilus

commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:39 2015 +0000

    bumped changelog version

commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:24 2015 +0000

    initial commit