changelog.upstream

commit 0a018bdebca167d671d8bda81a2b0d929d396945
Merge: 57fc487 0b81316
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 11 10:13:57 2024 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 0b8131630041dbd80f1aa61dcedde446208c06f7
Merge: 57fc487 03ed546
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 11 10:12:46 2024 -0400

    Merge pull request #211 from wryMitts/patch-1
    
    Create proc group on install

commit 03ed546cd8992b29855ca1c2748ed988dd3c765d
Author: wryMitts <158655396+wryMitts@users.noreply.github.com>
Date:   Sun Mar 10 16:55:10 2024 -0400

    Create proc group on install
    
    Fixes https://github.com/Kicksecure/security-misc/issues/210

commit 57fc487e5e5ffad765f1418236744319cc666871
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Mar 10 13:19:26 2024 +0000

    bumped changelog version

commit a5206bde336c159be065345e7dd5cb86b2b6a27f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Mar 10 08:44:53 2024 -0400

    `proc-hidepid.service` add `gid=proc`
    
    This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.
    
    https://github.com/Kicksecure/security-misc/issues/208

commit 0f0d9ca2a42cf9fc04e405ae90f3d67bc0794e12
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 4 11:48:30 2024 +0000

    bumped changelog version

commit 6b76373395622bac0e701c6d15c6656658febced
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 4 06:44:26 2024 -0500

    fix panic-on-oops started every 10s in Qubes-Whonix
    
    by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach
    
    Thanks to @marmarek for the bug report!
    
    https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450

commit af6c6971a741c69a584ba3f92dbfed12e40784dc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 4 06:33:51 2024 -0500

    comment

commit e013070e0bfc43d006e09ae1c5ae3533f7bebc5f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 4 06:33:21 2024 -0500

    newline

commit a5cc1774f2fbf6475e7b56601fbcd84a2a63fed0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 13:32:44 2024 +0000

    bumped changelog version

commit 808e72f24bf30b3476ab6b87f96eb636632c195c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 08:11:26 2024 -0500

    use long options
    
    https://github.com/Kicksecure/security-misc/issues/172

commit 2d1d1b246f3fe061d4f817da5cecf46010839e1d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 08:07:29 2024 -0500

    improve output
    
    https://github.com/Kicksecure/security-misc/issues/172

commit d8f5376c4f36f5deb734e6dead42a62566d13480
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 07:58:06 2024 -0500

    improve output
    
    https://github.com/Kicksecure/security-misc/issues/172

commit cf84762a3a84d2be3b9510dddb32bdc433170dfa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 07:52:41 2024 -0500

    improve output
    
    https://github.com/Kicksecure/security-misc/issues/172

commit f2958bbfa5e67ee10380a25d996826233469080a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 07:49:30 2024 -0500

    comment

commit bc8f9edc3197e33e75ea1d691834d9abbdcdefd0
Merge: 02d6f67 b23d167
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 07:48:19 2024 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit b23d167342ef242a1e9d4e91b6a4b945e80c3e7e
Merge: 02d6f67 ef44ece
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Feb 26 07:46:02 2024 -0500

    Merge pull request #204 from DanWin/sysfs-mount
    
    Make /sys hardening optional and allow access to /sys/fs to make polkit work

commit 02d6f67741ef93d9ab39e02ac56b27c551a19dca
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 20:08:17 2024 +0000

    bumped changelog version

commit d13d1aa7ec7e9ac9f1aa87e4b36228bfd3af6eb2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 15:07:53 2024 -0500

    comments

commit a1f898e3b317f49a5bb9507c8b9d3bd3c4e23abf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 19:58:01 2024 +0000

    bumped changelog version

commit c3dd178b19be8c078ed6a2f46a072bef3d144c06
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 14:57:50 2024 -0500

    output

commit ef44ecea44ee516b1ba92175eb78b2e8143c4502
Author: Daniel Winzen <daniel@danwin1210.de>
Date:   Thu Feb 22 16:51:23 2024 +0100

    Add option to disabe /sys hardening

commit 3bc1765dbbd333a1d607ab6962281b4d0a5c4b60
Author: Daniel Winzen <daniel@danwin1210.de>
Date:   Wed Feb 21 20:37:34 2024 +0100

    Allow access to /sys/fs for polkit

commit 6b73e6c2a9ff1efe211e41e005e4ecaa63731d82
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 16:07:16 2024 +0000

    bumped changelog version

commit 37a7abdf0c1e6d8179bd09d3c1bd0363e8bc0a96
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 11:07:01 2024 -0500

    ConditionKernelCommandLine=!remountsecure=0

commit eb3e0b9292f71a5dba312500508f893779fb1b9c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 14:52:55 2024 +0000

    bumped changelog version

commit c0924321b84874ae7fc72c59fd58e4c4ae8bc6d9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 09:52:36 2024 -0500

    fix systemd unit ExecStart

commit d148a769b7106831c0b27a7ad63d91ab42257678
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 14:50:05 2024 +0000

    bumped changelog version

commit 6d7cf3c12a8a772fee1cd893d5504767690b3b77
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 09:49:48 2024 -0500

    output

commit f7831db197b2fff33b66eeb44efd749e482315e0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 09:17:41 2024 -0500

    do not exit non-zero if folder does not exist

commit 5bdd7b8475bdfde8dbee5318fb43d0c2a236e3b0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 09:14:52 2024 -0500

    output

commit 44a15cd97da3066e39d2d7df1f456e703036a6e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 09:13:56 2024 -0500

    mount --make-private
    
    https://github.com/Kicksecure/security-misc/issues/172

commit c0f98b05b609c7c8ac6f86e123af9e0642d82697
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 06:03:59 2024 -0500

    comment
    
    https://github.com/Kicksecure/security-misc/pull/202

commit 1e1613aa93dca1e7fe7f24dbd32028a0cadd21fd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 06:02:28 2024 -0500

    allow /opt exec as usually optional binaries are placed there such as firefox
    
    https://github.com/Kicksecure/security-misc/pull/202

commit 7c7b4b24b4959f3ef96ff7ef0b11fa4c0bd48c8e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 06:01:00 2024 -0500

    fix home_noexec_maybe -> most_noexec_maybe
    
    https://github.com/Kicksecure/security-misc/pull/202

commit 38783faf60b85c4e855bf78c87e1c07765776b50
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 22 05:58:53 2024 -0500

    add more bind mounts of mount options hardening
    
    as suggested in https://github.com/Kicksecure/security-misc/pull/202

commit ad9d913902d7e696f1114da74d84f9cdcb22bc25
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 3 18:28:27 2024 +0000

    bumped changelog version

commit 02090da08cfd411314ffeeb6df95f73c701f06c6
Merge: 8037ce5 ba13657
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 3 12:51:07 2024 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit ba13657d894f2f30d8deb7c08b85e5fbc1dcea21
Merge: 8037ce5 b16c99a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 3 12:50:28 2024 -0500

    Merge pull request #197 from raja-grewal/mitigations
    
    Additional Explicit CPU Mitigations

commit b16c99ab62a902b1f61b9d4fe63273cd614e757c
Author: raja-grewal <rg_public@proton.me>
Date:   Mon Jan 29 13:39:40 2024 +0000

    Remove hardcoded `spec_rstack_overflow` setting

commit 139b10a9aad85018f87bdc4bb227e938f7955235
Author: raja-grewal <rg_public@proton.me>
Date:   Mon Jan 29 12:59:13 2024 +0000

    Control RAS overflow mitigation on AMD Zen CPUs

commit 6c54e35027e86ec045102cd1d95f84aa30bc55c9
Author: raja-grewal <rg_public@proton.me>
Date:   Mon Jan 29 12:58:51 2024 +0000

    Enable mitigations for RETBleed vulnerability and disable SMT

commit 4509a5fc95204080f2855849d22c7e05393455d9
Author: raja-grewal <rg_public@proton.me>
Date:   Mon Jan 29 12:58:14 2024 +0000

    Enable known mitigations for CPU vulnerabilities and disable SMT

commit 4231155efa0970d2456b67cc89c8828b0766cf7f
Author: raja-grewal <rg_public@proton.me>
Date:   Mon Jan 29 12:57:48 2024 +0000

    Add reference for kernel parameters

commit 8037ce52f96dcc6f8007c1567daf38ff013352d6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jan 25 13:59:29 2024 +0000

    bumped changelog version

commit 185bfe749787a8c6e93103ae8c6b0751a169e276
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jan 25 06:54:36 2024 -0500

    use `interest-noawait` instead of `interest-await`
    
    fixes https://github.com/Kicksecure/security-misc/issues/196

commit 64e41b113cae893d1f27f441f99340389ba8b9b3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jan 18 14:10:51 2024 +0000

    bumped changelog version

commit 1855fa08b1386b1ea8697767104e7ad0f1521c9c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jan 18 08:54:39 2024 -0500

    readme

commit f0e2a82b558f64611f037424c6f8f12de32737f6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 19:18:25 2024 +0000

    bumped changelog version

commit 314e5b490c6864b745fbf5fd6d9bb2c724d478b8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 14:03:09 2024 -0500

    use wildcards
    
    instead of outdated, incomplete list
    
    https://github.com/Kicksecure/security-misc/issues/160

commit 08619d6a7307b6ab05a3ba7e71ea33b00db20b27
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:59:36 2024 -0500

    minor RPM updates
    
    https://github.com/Kicksecure/security-misc/issues/160

commit 3048e0ac76e4eba1c53b43ba2424157505578cdd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:54:07 2024 -0500

    usrmerge
    
    https://github.com/Kicksecure/security-misc/issues/190

commit 5a6cd4c2abd243c91575e9477a921aa290c68ba5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:51:30 2024 -0500

    remove now empty /bin from copying since it is empty after usrmerge
    
    https://github.com/Kicksecure/security-misc/issues/190

commit 071b984a1eaaa8a8ea6a40e4ee36eabcde2d630d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:49:05 2024 -0500

    `sort -d`
    
    https://github.com/Kicksecure/security-misc/issues/190

commit 011e55e3e52485ccd728b4bb249efbc816f38806
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:45:17 2024 -0500

    remove duplicates after usrmerge
    
    https://github.com/Kicksecure/security-misc/issues/190

commit 0efee2f50fd38feade7700c2f033cc3d4c200d34
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:39:56 2024 -0500

    usrmerge
    
    fixes https://github.com/Kicksecure/security-misc/issues/190

commit 18a06935e0cca3dc090643aad406d861e4583085
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 17 13:23:20 2024 -0500

    run permission hardener when new packages are install files to /usr or /opt
    
    (basically anywhere)
    
    fixes https://github.com/Kicksecure/security-misc/issues/189

commit 66e6371221c3395a0523e30e8ef1a051d3e6cdd0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 14:26:34 2024 +0000

    bumped changelog version

commit 0d78ecaee37536379ad2f230f45904f57425cb19
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 09:26:21 2024 -0500

    README

commit 3ba8fe586e1abe133bd41076278f8663aba7e641
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 09:23:54 2024 -0500

    update permission-hardener.service
    
    Which is now only an additional opt-in systemd unit,
    because permission-hardener is run by default at security-misc
    package installation time.
    
    https://github.com/Kicksecure/security-misc/pull/181

commit 186f6015da7b3314c95c2833032c6fe953a71afd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 14:14:18 2024 +0000

    bumped changelog version

commit 6aa55698ab2a0f3771d28293d7ad14da2763a16f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 09:10:59 2024 -0500

    delete legacy folder /etc/permission-hardening.d if empty
    
    https://github.com/Kicksecure/security-misc/pull/181

commit 9cafd78fe21baa3c2a36853f57e0638b2facfe5c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 09:05:09 2024 -0500

    rm_conffile /etc/permission-hardening.d
    
    https://github.com/Kicksecure/security-misc/pull/181

commit fa53848b5cda135fbb8a3855e8508692084fc7e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 13:58:55 2024 +0000

    bumped changelog version

commit 4f7973bc5628cdc24f5224bd98858249307635d3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 08:56:26 2024 -0500

    comment

commit ed7c09fc46b26440439adf748f597da277a3f1e4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 08:45:13 2024 -0500

    permission-hardening -> permission-hardener migration
    
    mv --verbose /var/lib/permission-hardening /var/lib/permission-hardener
    
    https://github.com/Kicksecure/security-misc/pull/181

commit a90cd43631216f28a18a1b3f066b9f6ef3301ac4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 08:32:52 2024 -0500

    fix postinst for new permission-hardener
    
    https://github.com/Kicksecure/security-misc/pull/181

commit 862bf6b5ab29917138325023eb3507f5fbd5653c
Merge: dc8d9ee bc02c72
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 16 08:19:28 2024 -0500

    Merge remote-tracking branch 'ben-grande/clean'

commit dc8d9eece32dec06e63c580c886a240019b3f33e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 9 05:52:49 2024 +0000

    bumped changelog version

commit 1199871d7bbc7316a7e5822d77eee0666b55b203
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 7 06:37:34 2024 -0500

    undo IPv6 privacy due to potential server issues
    
    https://github.com/Kicksecure/security-misc/issues/184

commit 128bb01b35d20e97351dfb53768f35482f9756a2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 7 06:36:25 2024 -0500

    undo IPv6 privacy due to potential server issues
    
    https://github.com/Kicksecure/security-misc/issues/184

commit df0f9d3267644c4aea87add2dcade86044c496f0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 6 09:19:57 2024 -0500

    README

commit 86f91e3030ef0b08000fc28a3a172e6a47918e4e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 6 09:10:45 2024 -0500

    revert umask 027 by default
    
    because broken because this also happens for root while it should not
    
    https://github.com/Kicksecure/security-misc/issues/185

commit 3f1304403fbf04f15dac01963c66f82cd84452d4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 6 08:15:31 2024 -0500

    disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP
    
    https://github.com/Kicksecure/security-misc/issues/184

commit e8f8dcd0fb1c23a62974849f55516da9dce5948e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jan 4 02:03:26 2024 +0000

    bumped changelog version

commit 70a86fa994c0a894643e876fc86226ad0443a741
Merge: db0503e 71060f1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 3 05:12:48 2024 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 71060f1f53ca7a275f10c4b6ab3e6c25585d5440
Merge: db0503e 74afcc9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 3 05:00:41 2024 -0500

    Merge pull request #182 from raja-grewal/io_uring
    
    Clarify validity of disabling io_uring

commit 74afcc9c63ad064f20778ad2870690925c3cee81
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jan 3 17:52:23 2024 +1100

    Clarify validity of disabling io_uring

commit bc02c72018d6458d4c1852dd441287b277421514
Author: Ben Grande <ben.grande.b@gmail.com>
Date:   Tue Jan 2 17:08:45 2024 +0100

    Fix unbound variable
    
    - Run messages preceded by INFO;
    - Comment unknown unused variables;
    - Remove unnecessary variables; and
    - Deal with unbound variable due to subshell by writing to a file;

commit db0503e71d5c37865cbb0a01cb8fa00af2a4e574
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 2 14:55:13 2024 +0000

    bumped changelog version

commit abf72c2ee4286ec069f75e66acf05a42f3645c89
Author: Ben Grande <ben.grande.b@gmail.com>
Date:   Tue Jan 2 13:34:29 2024 +0100

    Rename file permission hardening script
    
    Hardener as the script is the agent that is hardening the file
    permissions.

commit f138cf0f78c03e3952801d01d25d5f8065ff1457
Author: Ben Grande <ben.grande.b@gmail.com>
Date:   Tue Jan 2 12:17:16 2024 +0100

    Refactor permission-hardener
    
    - Organize comments from default configuration;
    - Apply and undo changes from a single file controlled by parameters;
    - Arrays should be evaluated as arrays and not normal variables;
    - Quote variables;
    - Brackets around variables;
    - Standardize test cases to "test" command;
    - Test against empty or non-empty variables with "-z" and "-n";
    - Show a usage message when necessary;
    - Require root to run the script with informative message;
    - Permit the user to see the help message without running as root;
    - Do not create root directories without passing root check;
    - Use long options for "set" command;

commit a94f2a3f4626a9292660bc7f98a6513f34d0f5b2
Merge: 94c0e26 8daf97a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 2 05:30:49 2024 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 8daf97ab0181a9cbb9e9dec57f1f00270dbb3a50
Merge: 94c0e26 f055fe5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 2 05:29:35 2024 -0500

    Merge pull request #178 from raja-grewal/io_uring
    
    Disable asynchronous I/O

commit 94c0e26a082f61f71e89b1fb7386a58166ffa411
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Dec 29 20:15:50 2023 +0000

    bumped changelog version

commit 5b36599c0ce35857239c82459828db1ec4215411
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Dec 29 14:57:38 2023 -0500

    /dev/, /dev/shm, /tmp
    
    https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716

commit e15596e7af6fc645dd652c043397baaa91954915
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 16:28:10 2023 +0000

    bumped changelog version

commit f64a869bfdd4c746afd206367885851946deb692
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 11:03:22 2023 -0500

    readme

commit c86c83cef760906a0d1c56ee8a8c744b2e07f212
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 10:31:58 2023 -0500

    formatting
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 971ff687b1423499c54495a03e5e6fafcbfefb2a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 10:30:35 2023 -0500

    do not mount /dev/cdrom by default
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 9fce67fcd942a7e3e0dd2e874226fcdab5e33ba3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 10:28:47 2023 -0500

    remove superfluous, broken `remount` mount option
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 40fd8cb6081512e2bc0ef1a7a1ee17cd317024c2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:51:09 2023 -0500

    no `nofail` mount option to avoid breaking the boot of a system
    
    unit testing belongs elsewhere
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 4aa645f29ff741b6e5cdf629deade1923fdcc234
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:46:33 2023 -0500

    comment
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 2b7aeedb4a543d0a43a35918999338097d13bb16
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:44:51 2023 -0500

    mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and
    nodev,nosuid,noexec
    
    as per:
    https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 0d9e9780daca563a726470a3a5d6fa8c20487240
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:37:14 2023 -0500

    formatting
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 00f9ab43947795c1144d797547968c7c149d6f21
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:36:05 2023 -0500

    /dev devtmpfs
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 55709b3aa0acd6cad0c9fedb8782c49fbea79689
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:30:57 2023 -0500

    /tmp tmpfs
    
    https://github.com/Kicksecure/security-misc/issues/157

commit b0dd967611c27f5b8e2472bb74a664aead7a229e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:27:45 2023 -0500

    usrmerge
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 269fada14a616c53d7421e88e662f6893eb1fd88
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:25:14 2023 -0500

    combine bind lines
    
    https://github.com/Kicksecure/security-misc/issues/157

commit 0810c1ce3c9e19c745b8f0d2cd9410353b172779
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:10:31 2023 -0500

    fix bluetooth in readme
    
    fixes https://github.com/Kicksecure/security-misc/issues/180

commit 37b4ab15a823134e616a2a0fe1dda18d5ebfa3c0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 09:04:10 2023 -0500

    readme

commit 79f398d219b9c4cdf8ea0f9e3135a08fa32659a8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 08:45:20 2023 -0500

    formatting

commit c90ada3c398205227d906e2b2108d36d92edcf3c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 08:37:23 2023 -0500

    pandoc -f markdown -t markdown --wrap=auto --columns=80 README.md -o README.md

commit 34bf297bd17af2adf59804bd133a00b7dc1942b7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 08:32:34 2023 -0500

    formatting

commit d5fc9f620169b6975c8d3ef685f47e62cb6b9262
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 25 08:26:03 2023 -0500

    improve bluetooth in readme
    
    as suggested by @monsieuremre
    
    https://github.com/Kicksecure/security-misc/issues/180

commit 7fa597deca7ff2b2932a5f5fad56be57bd78b6cf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Dec 22 16:31:58 2023 +0000

    bumped changelog version

commit f70a034da2b4b615855504e7080baf1a7e7b461c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Dec 22 08:31:58 2023 -0500

    exclude hardened malloc from SUID disabler
    
    fixes https://github.com/Kicksecure/security-misc/issues/179

commit f055fe5da2219b68f46c3c577d79fcfd7e79cfc6
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Dec 15 08:33:36 2023 +0000

    Disable asynchronous I/O
    
    io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.

commit 99f2edd4f685cdc9a47b32107125408e12a294c2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Dec 12 16:51:21 2023 +0000

    bumped changelog version

commit 039de1dc9bd6f3cc6595d66f54d0d88d9b537b17
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Dec 12 11:50:11 2023 -0500

    add hardened fstab `/usr/share/doc/security-misc/fstab-vm`
    
    to the documentation folder as an example
    
    not directly used by security-misc
    
    will later be used by Kicksecure VM build process
    
    https://github.com/Kicksecure/security-misc/issues/157

commit dcaafa6c8bf380dd990942e9c10e280943b442a6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 17:06:45 2023 +0000

    bumped changelog version

commit 5a73817a9575fe5bcaf3fd354e5f175db7d45ba4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:38:49 2023 -0500

    move to `/usr/lib/issue.d/20_security-misc.issue`
    
    https://github.com/Kicksecure/security-misc/pull/167

commit dfaea492c76a277b9cbe84982a135cb4f03a557c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:37:02 2023 -0500

    remove `etc/issue.net.d/20_security-misc`
    
    since not mentioned on debian.org

commit 69c895af09f05000ace5f273f3e5032aabf8c64e
Merge: c9ea7a4 36850f8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:27:53 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 36850f89fb07678ca24eb580a18247e593eac608
Merge: c9ea7a4 0d7af97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:27:16 2023 -0500

    Merge pull request #167 from monsieuremre/patch-4
    
    Non-Identifiable and Generic Issue Banners that include the Recommended Keywords

commit c9ea7a4dca6e985c3a1044a3b4ddda83909fbc51
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:02:55 2023 -0500

    use `amd_iommu=force_isolation` instead of `amd_iommu=force_enable`
    
    because we set `iommu=force` already anyhow
    
    fixes https://github.com/Kicksecure/security-misc/issues/175

commit e83c1d7ed662bb0533c670dd5b7a6745a75e9ca4
Merge: c4e21ca befd21e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:01:02 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit befd21e0c0c38eaf91c7096e9f60120f533a5842
Merge: c4e21ca f2ad838
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 11:00:29 2023 -0500

    Merge pull request #176 from monsieuremre/patch-1
    
    Iommu Kernel Parameters

commit c4e21ca5f49fbc2d67853eebca647539acbca815
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 10:58:16 2023 -0500

    added development philosophy
    
    https://github.com/Kicksecure/security-misc/issues/154

commit feab1432f9d0966118ca233c9f88270b98c3f120
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 10:48:27 2023 -0500

    clarify scope
    
    https://github.com/Kicksecure/security-misc/issues/154

commit dc04040cb3644c9e3be9b44a34da4a5f7b61f2cc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 10:36:48 2023 -0500

    typo

commit 2634dbff2bd9d7482e7b02be2b5b6fa1c58ef6c7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Dec 4 10:36:21 2023 -0500

    shuffle

commit f2ad8383cfea4bba42e8b246b05b85101d707641
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:51:38 2023 +0000

    fix

commit dd15823a97e953750d7a8288c7d3b8d5f554d6f9
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:50:07 2023 +0000

    undo superfluousness

commit 83e13bb62d028cfeea7a4d3f3def3bff8d2b5eaa
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:42:34 2023 +0000

    Update 40_enable_iommu.cfg

commit 0d7af9707f802fb600d9eb39bbe0b3bd4a65e3b0
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:31:12 2023 +0000

    Update 20_security-misc

commit 04d27a10b0cd1c22cb166c9fccb93a09d5f388f0
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:30:55 2023 +0000

    Update 20_security-misc

commit 7963f811e1bb6f5e0e2ba41e96b14e4a3a70f847
Merge: c8b9f5a 82bd913
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sun Dec 3 19:30:22 2023 +0000

    Merge branch 'Kicksecure:master' into patch-4

commit 82bd9138de750a3590be9c91c898cbd04c550e7e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 20 13:13:10 2023 +0000

    bumped changelog version

commit c2b3ff5243c69c4e1ba28e9966bf0ffd3ce550ce
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 20 04:40:28 2023 -0500

    moved libpam-tmpdir dependency to kicksecure-meta-packages
    
    https://github.com/Kicksecure/security-misc/pull/147

commit c8b9f5a917e6c415575d6763a65930f1a91a7c78
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 18 10:03:19 2023 +0000

    net

commit 3b614f3753608bd62ff6bc6e56e15f280994c646
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 18 10:02:16 2023 +0000

    20_security-misc

commit 4e4df5dd7c6b5cf1deb179a2c3f8fe7a8844884d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Nov 11 22:29:57 2023 +0000

    bumped changelog version

commit a51674410cb8a7ac2119ea7c85f986223ce8fc25
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Nov 11 17:29:37 2023 -0500

    fix

commit 8d58077d68e6363313cdc62f7fac14840f5d9a8e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Nov 11 20:22:34 2023 +0000

    bumped changelog version

commit 5b85a0b34d30d191654158506e0209b34a8f9fe8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Nov 11 14:46:35 2023 -0500

    license

commit 7757080519858492a7fcbf735ec854029b29d67a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Nov 11 13:41:28 2023 -0500

    change license to AGPL-3+
    
    https://forums.whonix.org/t/license-change-to-agplv3/17455

commit 20f804f19c046e3ef2b38c367de9d5c80cccccd9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 17:28:21 2023 -0500

    bumped changelog version

commit a1e00be0e09a7271a3fae9e9abdbe9a2279b7197
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:58:23 2023 -0500

    update link

commit 5bb357cac02c7217f4e897a0625f531602ac69cf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:55:00 2023 -0500

    spice-client-glib-usb-acl-helper matchwhitelist

commit 7309445ee518c093ba3f9aec56197e391e0a194a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:52:27 2023 -0500

    comment

commit f09d97fc9efc98d8b197a497e2ce4c5965be531a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:50:19 2023 -0500

    whitelist VirtualBox

commit 64c8c7a8d5a42d2e3da9ce243bc708d1bcbe6039
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:47:31 2023 -0500

    whitelist SSH

commit 9682b51d548396717867a0c336f1fb1677ccfe2b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:44:36 2023 -0500

    whitelist virtualbox

commit a40b9bc095bb0f363911dacee050234b3a555744
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:40:22 2023 -0500

    comments

commit 2c1a3da433b8dc96039caab17e81666896ade58c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:38:50 2023 -0500

    VirtualBoxVM matchwhitelist

commit 4e96ffaabb7c2e73bf686e56bcaa220f4d2e9e93
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:37:19 2023 -0500

    chrome-sandbox matchwhitelist

commit df5f3e80566da210ee5d807cc1b5dd53678fdae0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:36:22 2023 -0500

    output

commit 72f6e6bb9c2426535bfc48175d88707331ec5346
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:28:23 2023 -0500

    output

commit 3bc831a1f71a80a178601bdd5c7f06b22ada75ab
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:27:29 2023 -0500

    lintian

commit fd1f38b2ebe31aec04b22d968b38305504f7f935
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 16:22:42 2023 -0500

    remount-secure systemd unit
    
    https://github.com/Kicksecure/security-misc/pull/152

commit 79f9c1fb3adac319342a22c099401cb21af4429f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 15:48:09 2023 -0500

    add sysinit-post.target
    
    https://github.com/Kicksecure/security-misc/pull/152

commit 2de5ab41201c561a2684f15196ce37b0f34038a9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Nov 6 13:47:30 2023 -0500

    clarify scope of application specific hardening
    
    fixes https://github.com/Kicksecure/security-misc/issues/154

commit 5a96616b39e7188903bd0d35c9812a02fddc02f9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 21:13:14 2023 -0500

    bumped changelog version

commit ad079ac5cc4d7ce2270e9abf21fa520fc9b2761f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:55:55 2023 -0500

    readme
    
    https://github.com/Kicksecure/security-misc/pull/152

commit be023c77223c4ec0e26ffe2a88acd94653efee9a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:54:43 2023 -0500

    readme
    
    https://github.com/Kicksecure/security-misc/issues/159

commit e1f413c1ee5107468cb2a9c4aa8bd061d0dc911b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:53:26 2023 -0500

    disable harden-module-loading.service for now
    
    due to issues
    
    https://github.com/Kicksecure/security-misc/issues/159

commit f2ea1abc9b3efc035f4d1381bece458de9b89ff3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:53:03 2023 -0500

    comment

commit 95d1cfb4a03afc987cf89bb0f4cd6d2f1ad431b1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:49:36 2023 -0500

    Revert "remove no longer required remount-service systemd unit"
    
    This reverts commit 479ab61a1d0c91d26c2cd200d97b39b2b786e073.
    
    https://github.com/Kicksecure/security-misc/pull/152

commit 24b4d59ce41bc95e0b0aadf401223dc40b0f9c8f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:14:33 2023 -0500

    bumped changelog version

commit 4482f1841cfc6caa063e2274db890cfa01944811
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:13:14 2023 -0500

    newline

commit c5167c8f0d398946fdfae56fa78b32fade4cb451
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 20:12:03 2023 -0500

    fix systemd unit
    
    https://github.com/Kicksecure/security-misc/issues/159

commit 2571bbf315693f65f564ef4ad1b2ff4941f2ebc3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 18:42:25 2023 -0500

    duplicate

commit aa170878838b2218da8295be8b6898bc86056cec
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 18:42:08 2023 -0500

    update path

commit d203e539aa975b042cd6ec9608a0cc16b3314372
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 18:17:59 2023 -0500

    bumped changelog version

commit 4ebab940c750154a396c4ffdbde61367e12c72f8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:56:35 2023 -0500

    description too long, fixed

commit ad010ef5b4c90e4abbd1c88724f99450740fb2eb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:52:44 2023 -0500

    debugging

commit 826e76d037f88636fdde7d4ef1eb72f29ac5f4a5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:43:33 2023 -0500

    bumped changelog version

commit 3130a39d8c280d913fb632a40562438b82a499bb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:43:07 2023 -0500

    set -e

commit 18a2d814cc0c477599b276bb319ed8bdd34499ea
Merge: 4fda9d2 36f3c30
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:42:28 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 36f3c30440e73c8bf4946742095f0495994fed99
Merge: 4fda9d2 2e64d89
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 17:41:56 2023 -0500

    Merge pull request #148 from monsieuremre/module-loading-hardening
    
    Harden the loading of new modules to the kernel after install

commit 4fda9d2e8459c043ec27178ceb87483229b45d5f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:46:18 2023 -0500

    bumped changelog version

commit 4219347f0a739ed1ea93a596968295ddcd3a940f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:43:44 2023 -0500

    fix permission-hardener config parsing issue

commit e72f79236b7b704c60c6920b51c86832f4fda9e3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:41:41 2023 -0500

    refactoring

commit dea0d9a78a99c441a1738f88cef2cd3c5f433454
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:40:49 2023 -0500

    fix permission-hardener config parsing issue

commit 017ae18ad7a757a18c5a7a92677f24053280e8b5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:39:10 2023 -0500

    fix permission-hardener config parsing issue

commit 65e3c14643ca2b5167e0f5bc30a6bbc45cb4f645
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:35:11 2023 -0500

    fix permission-hardener config parsing issue

commit 40e536a9beb48f1938e67ae2010fc34f80e3bd1f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:04:03 2023 -0500

    bumped changelog version

commit 51decff2fd48c2437b08136e97d4211e5eaccd89
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 16:03:36 2023 -0500

    exclude qfile-unpacker from permission hardener

commit 52b6e92e002987952c908eeb05a293dd401ee9be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:58:21 2023 -0500

    bumped changelog version

commit 1900c1ab07e4d55577815b942b34457596a1d703
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:57:49 2023 -0500

    pam exclude from permission-hardener

commit 76e3a3c5f9fa5e95b90e4ea3f3ba7019615a3d1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:29:38 2023 -0500

    bumped changelog version

commit d4494fd3c341796081dd8c114c8cc97e627c236c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:27:09 2023 -0500

    disable remount-secure dracut modules
    
    pending new systemd based implementation
    
    https://github.com/Kicksecure/security-misc/pull/152

commit 949c1633701ac168e908794d4dd74c5a9b09a437
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:14:43 2023 -0500

    bumped changelog version

commit 4a19fbae0be2ab99c1f21826eca2ec3cef605a0e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:13:01 2023 -0500

    move permission-hardening to /usr/bin to make it more easily accessible

commit c75f80b29f2fee3f2ead579390b8d3a8ff86b9d2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 15:09:29 2023 -0500

    lower verbosity of permission hardener
    
    fixes https://github.com/Kicksecure/security-misc/issues/158

commit 0544657123100b333211a91ef32054dc7e14c7db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:56:06 2023 -0500

    bumped changelog version

commit 42be6310237bdb663f38982b221327a337251e0a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:54:05 2023 -0500

    readme

commit 55ba5d48321ec4224bcbf03cf2bf51226cf34e50
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:51:31 2023 -0500

    renamed:    usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf
    renamed:    usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
    renamed:    usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf

commit eab5d7d4ec58baaf7eedc777e250ad9f00e4b71b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:50:13 2023 -0500

    cleanup

commit 811d1cd0dd0dcb9021d2f72638dd6c12b734964c
Merge: 9343795 5a75bcf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:49:43 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 5a75bcfb19ac6c555a52cb1600e4efd13a8cfc06
Merge: 9343795 229032d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:49:00 2023 -0500

    Merge pull request #145 from monsieuremre/wifi-and-bluetooth
    
    Wifi and Bluetooth Patch | Security and Privacy

commit 93437952b4f64866dfe6067d8caf19415112418d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:41:01 2023 -0500

    readme

commit f32b5438872ad0b9e10cb7b0519f1f18fce1913e
Merge: 56b90ee 4946f85
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:38:20 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 4946f85d43083c64bc3f8f02e26b08f79b622bfe
Merge: 817ca11 1abac79
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:37:47 2023 -0500

    Merge pull request #146 from monsieuremre/thunderbird
    
    Thunderbird Hardening

commit 56b90eecbfb21e546d52d1f41ce9361f2843cd71
Merge: 3178677 817ca11
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:35:23 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 817ca116f693893e6dcb69254ee91815d200b8a1
Merge: d9b5d77 fbd9e5d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:34:13 2023 -0500

    Merge pull request #153 from monsieuremre/readme
    
    Updated Readme

commit 317867758478619fe1df4ebdb5e22240c40104c0
Merge: dcead44 d9b5d77
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:32:21 2023 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit d9b5d770cfd5f7747f1d606f3136a93034928f30
Merge: dcead44 ac224b2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 14:31:26 2023 -0500

    Merge pull request #150 from monsieuremre/sysreq
    
    Disable SysRq by default

commit dcead44cc6d4272b0966562046f9dab1792845b6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 11:32:46 2023 -0500

    output

commit f6bf69b41fa3e1168c2c49884197770e1a78b888
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Nov 5 11:31:09 2023 -0500

    update link

commit 2e64d89b042227fe5f38bb6d6a859deb4c5183b7
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 4 21:18:45 2023 +0000

    undo unnecessary manual activation

commit 19eceaa8108879ee5477b157fb2175993c487959
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 4 20:56:46 2023 +0000

    more fix

commit a187d23c4187fd08611e5cba85d09666dfd9f735
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 4 20:56:08 2023 +0000

    big fix

commit fbd9e5d017c4b00d838e9f225c7748c4b362f023
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Sat Nov 4 14:33:35 2023 +0000

    README.md

commit 97054b2b1076d6d428996967304b29620923eff4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 15:55:17 2023 -0400

    revert enabling kernel module signature enforcement
    
    due to issues
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63
    
    https://github.com/dell/dkms/issues/359

commit 978e3e4abd8f55a877dfe0d6e39b45ee9f58ba6d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 14:53:40 2023 -0400

    readme

commit 0242c04dc26638dc1250e3f681b46d15459cf8aa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 14:51:14 2023 -0400

    port to DKMS drop-in folder
    
    undisplace /etc/dkms/framework.conf.security-misc
    moved to /etc/dkms/framework.conf.d/30_security-misc.conf

commit d1b5a3ffd525ec92554ffc9c666f8007c8522aac
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:55:34 2023 -0400

    /usr/sbin/pam-tmpdir-helper exactwhitelist
    
    https://github.com/Kicksecure/security-misc/pull/147

commit 48adb44c6fd157673cdf7fab3b86ecf7c6b31966
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:17:24 2023 -0400

    bumped changelog version

commit b6d53f698d0ad21a31da6bf74a44577a0c8869fc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:17:00 2023 -0400

    Revert "allow loading unsigned modules due to issues"
    
    This reverts commit 661bcd8603425934188cf139f33e20675ff4b765.

commit 04b210ee88589ef9e6e214d3a5a614780244abc9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:10:48 2023 -0400

    bumped changelog version

commit 5e73f78ed9282bf0895b01d44d9c261ea0050cce
Merge: ceffd2b 8e66a41
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:10:33 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 8e66a4177868ee7b51dafdb06062b0cb7cbc7415
Merge: ceffd2b 7dc99d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:10:00 2023 -0400

    Merge pull request #147 from monsieuremre/PAM-tmp-files-hardening
    
    Depend on libpam-tmpdir for very solid extra security

commit 7dc99d54c0358842745ee48c7cc24f589fd63d14
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:09:39 2023 -0400

    fix

commit 2a602e78d6ca0f87f11de9a30ae2114468243075
Merge: 3ee4be6 ceffd2b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:08:50 2023 -0400

    Merge branch 'master' into PAM-tmp-files-hardening

commit ceffd2b3ee453122e66f594ec31dde6ec3bb7187
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 12:06:43 2023 -0400

    bumped changelog version

commit cdd66ee3762c441843d421a9e6b11a20580ed7ac
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 10:48:46 2023 -0400

    wrap-and-sort

commit c33a3d9aadcc4c0ff90f330239eff4b7c905a022
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 10:44:48 2023 -0400

    readme

commit d71ac03d96c9861513ff56c68aec9090ef5c50bb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 10:36:15 2023 -0400

    comment

commit 8326aecdb460fffa450bbf3ec0b051010f87ee2a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 10:33:02 2023 -0400

    bumped changelog version

commit b85d48eb83005da8fd9edc658c71493f407e3670
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 10:31:59 2023 -0400

    do not change default umask for root
    
    since this causes permission issues in `/etc/`
    
    https://github.com/Kicksecure/security-misc/pull/151

commit 07540db90d60b10cbd10881b0024d8e8871330de
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 09:45:12 2023 -0400

    Revert "Revert "set default umask to 027""
    
    This reverts commit f8913ceb2e2fdd274011377c41b5d08e7459e4af.

commit f8913ceb2e2fdd274011377c41b5d08e7459e4af
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 09:43:44 2023 -0400

    Revert "set default umask to 027"
    
    This reverts commit cd216095eb8d9387437e653d7764ec765ce42a10.

commit 43bd789c30a562aa60349d019107277a428aece8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 09:28:08 2023 -0400

    bumped changelog version

commit cd216095eb8d9387437e653d7764ec765ce42a10
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Nov 3 09:12:24 2023 -0400

    set default umask to 027
    
    using package libpam-umask
    
    https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19
    
    https://github.com/Kicksecure/security-misc/pull/151

commit ac224b270a3a0945d187202f8cca89af0e71a166
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 13:01:55 2023 +0000

    disable sysrq

commit 07882f61a8003026a9e4c135a6e18a8fd204060f
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 10:44:19 2023 +0000

    enable service on install
    
    not sure if this would be the right way to do it

commit 9f063584c1f96267b04f8f7fe0eee773f9345370
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 10:28:41 2023 +0000

    disable-kernel-module-loading

commit 3e604618a8ba2531553af4f9af00470bd9629615
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 10:24:35 2023 +0000

    harden-module-loading.service

commit 3ee4be652b28201ba208757ce5144e51c453ad70
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 09:36:58 2023 +0000

    depend on libpam-tmpdir

commit 1abac794b564d178df37a385cf0d25bac5842c3c
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 09:15:20 2023 +0000

    very secure and private defaults

commit 5a583ca48ce608fee4fe55c1d6948505e83a98d8
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Nov 2 08:30:26 2023 +0000

    typo in file name

commit 229032d691c614a926cf3cf96b44752364e4e087
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Wed Nov 1 17:54:05 2023 +0000

    Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf

commit 1049298e7bfa4ca0e8f02b4086f8aa086d51c725
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Wed Nov 1 17:52:40 2023 +0000

    Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf

commit 76e684cc0ac0544219d200eeefae1356864fe702
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Wed Nov 1 17:51:27 2023 +0000

    Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf

commit a768f1f1ebfc29b0c0105f2965a4290f8dfd8e63
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 12:26:21 2023 -0400

    bumped changelog version

commit bb14a058520b13e242fea9f3022c439c4677bd1d
Merge: 5ed2a5c 44906e8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 11:11:54 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 44906e8f398aae6e9565b131b82124e738e2d0d1
Merge: 5ed2a5c f2c23a2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 11:11:27 2023 -0400

    Merge pull request #142 from monsieuremre/patch-5
    
    ssh config

commit 5ed2a5ce4a24a1a9c3e722a30aa9c6af1dc5d78a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 11:10:36 2023 -0400

    bumped changelog version

commit bb1161986b6d108c4fc5a16a48cdac55f98ab35d
Merge: 7d57684 b7cddd6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 10:31:04 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit b7cddd6e552cb5f5139de91ef2aeae6fde691136
Merge: 7d57684 c975c3c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 1 10:30:26 2023 -0400

    Merge pull request #143 from monsieuremre/patch-6
    
    new lines 990-security-misc.conf

commit fc8e201e84e4c777c087fd113c539ca368fd3a31
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 14:49:24 2023 +0000

    rename

commit 90a88225a4fde2f09cc14b24f8467bb1ded90c9d
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 14:38:31 2023 +0000

     security-misc.maintscript

commit 13b4ddbb627d2279b41d1dcbe5c8ce1ac384b088
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 14:34:21 2023 +0000

    30_security-misc.conf

commit b298d152fc10c66892698d9dcae769a44a32037b
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 14:32:08 2023 +0000

    30_security-misc.conf

commit 3d4b04fddc16067ed345074683281e74f41eeadf
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 12:35:39 2023 +0000

    99_ipv6-privacy.conf

commit e90f62eaabfeee7483af573ef8e9d015ba1977dc
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 12:34:15 2023 +0000

    99_randomize_mac.conf

commit 604d839537c409604ed2c4c88992ea1a31368f6f
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 12:30:26 2023 +0000

    99_ipv6-privacy-extensions.conf

commit c975c3c0ff7cc5a1e29b651c2db6c27e3f952870
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 11:07:53 2023 +0000

    new lines 990-security-misc.conf
    
    added new recommended hardening settings with comments

commit f2c23a28319e359c642da2dde424456a1064763f
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Fri Oct 27 10:53:45 2023 +0000

    ssh config

commit 7d576842fb6f3c124db2b6deb5abfc095974a67f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 20:08:41 2023 -0400

    bumped changelog version

commit 7cff267002485fd0abca98d12b0024e061f4ba51
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:31:14 2023 -0400

    remove duplicates

commit 928cdb81d43dfd337c82917182d2914d9c9d0915
Merge: a330a9f 39fed05
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:29:55 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 39fed058f4734029b303fac4ea9a1b11f652fab4
Merge: 92a6ecc 99355c6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:27:41 2023 -0400

    Merge pull request #140 from monsieuremre/patch-3
    
    New lines in default permission config

commit a330a9fd75314931639e7e873adc31c5cc65d555
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:20:21 2023 -0400

    refactor permission-lockdown

commit 8bf5ff82be706599f33228ecd6df42be0dc29f39
Merge: 1123d23 92a6ecc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:15:04 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 92a6ecc40a4d3bd4d8f3cec7dd9b1334c72399dc
Merge: ca9603a 91c4452
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 19:13:34 2023 -0400

    Merge pull request #141 from monsieuremre/patch-4
    
    New permission-lockdown

commit 1123d23114201988ac3f5f50ab6e74a5307d3d52
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 18:45:07 2023 -0400

    remount-secure: disable debugging to save space in initrd

commit 91c445244c47c163e2466f8c4dff710eda20c337
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 19:41:07 2023 +0000

    actually we do it once indeed

commit 88f396264ca9d072e4e5de4e1acaee54f3b39749
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 19:35:59 2023 +0000

    avoiding /etc/passwd

commit b5ba03247a5b5bb1f4e010130e4a575ad1397117
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 19:31:25 2023 +0000

    readability

commit f487752ba1b469eb0b2f85657e2ee0860f58496b
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 19:30:58 2023 +0000

    not limiting ourselves. we do not do this not just once.

commit 88cd5a905d8aa0f6033ac4ba72903fbad4a90b4b
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 19:25:24 2023 +0000

    strip unnecessary

commit d9f10c221a2b6794f0a3c5bcd1c15e2a4f352751
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 18:17:50 2023 +0000

    new permission-lockdown

commit 99355c616974d167e3a5424d63cd56b1f64f0eaf
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Thu Oct 26 17:45:28 2023 +0000

    new lines 30_default.conf

commit ca9603af1713ff37392662c9d1b4251052e7b983
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 12:23:48 2023 -0400

    bumped changelog version

commit 5f4222c1c3d7fa057b31bba7b0b5c2e83c92a7be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 12:20:48 2023 -0400

    enable SUID Disabler and Permission Hardener by default
    
    https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
    
    https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706

commit e5d989af5ac2899985c48d60311856fb86e0ddeb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 26 12:04:13 2023 -0400

    comment

commit 8557e0963ed6159f7f6c816ad4e009cc7323a760
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:55:37 2023 -0400

    bumped changelog version

commit b7e2d49f5f3f49fab2e1c0647f10bda1921e0a80
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:41:05 2023 -0400

    comment

commit 5d71217e597aa3366658524ec5395c9f76dd527b
Merge: 6a22351 a2f811a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:40:13 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 6a22351d298e475ecae22bb99249a308b294ff9a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:30:07 2023 -0400

    renamed:    usr/lib/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/990-security-misc.conf

commit b7c52800f4c16b1573e372089704a68fd47c5906
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:28:43 2023 -0400

    renamed:    etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf
    renamed:    etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
    renamed:    etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf

commit a2f811aff0cb4e73c3975093012c223127495707
Merge: 3317332 ee6716e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Oct 25 17:26:46 2023 -0400

    Merge pull request #135 from monsieuremre/kernel-fix
    
    Kernel hardening fix

commit ee6716e178806912da08b671ae31504ed2f3ac56
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Tue Oct 24 20:43:10 2023 +0000

    security-misc.maintscript

commit 3317332cb431115f81d832ba974181c74427c884
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Oct 24 05:51:11 2023 -0400

    bumped changelog version

commit 42c802cd1eca3d2586abde871e4842cdf83490c4
Merge: f3b40f1 5320c11
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Oct 24 05:30:15 2023 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 5320c11f3f92b66b7dcab7ca1f67fcba2de5deba
Merge: f3b40f1 f0857fd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Oct 24 05:22:33 2023 -0400

    Merge pull request #134 from monsieuremre/patch-1
    
    Fix double mount issue for /var/log and /var/tmp

commit 1f489719efb37492b9c040ba4e332e8dd70fde1f
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Mon Oct 23 16:38:58 2023 +0000

    rename

commit 9dda6f69a7df792966005f9c6feb057483cd9ea4
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Mon Oct 23 16:38:40 2023 +0000

    more rename

commit 89381fe7abcc2f4418b95c3eb290c975bf6d612c
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Mon Oct 23 16:38:23 2023 +0000

    rename

commit f0857fd5608525115bd8a96c2f75368263f6f830
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date:   Mon Oct 23 15:33:05 2023 +0000

    Fix double mount issue for /var/log and /var/tmp
    
    Mounting var with bind and mounting a subdirectory causes /var/tmp and /var/log bind mounted twice each. can be checked with lsblk. When we bind mount var only after having mounted the subdirectories, everything is mounted only one.

commit f3b40f12cb4bad0f2f00d4ba2dec59fb315c0798
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 19:23:22 2023 -0400

    bumped changelog version

commit d2e8a6dad3b94d574cb9c043303160b06893ab97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 19:21:51 2023 -0400

    debugging

commit e7aafd64d4418d43426b310653861f9024a54255
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 19:16:12 2023 -0400

    refactoring

commit ee15f749bb4e68350498e52e8505bed43c98cbaf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:54:58 2023 -0400

    bumped changelog version

commit d521662d04892fb6d5477fa4450fb5488892a87a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:49:36 2023 -0400

    comment

commit 0e80acf38d430784fbb779f4f10c81bfe8a3813f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:45:10 2023 -0400

    fix

commit a1c3b87fcee07496af4b42e387b46488b58b73a0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:29:08 2023 -0400

    bumped changelog version

commit f6d1346e2bde51cd70bc60246c0bfba923c00c3d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:22:08 2023 -0400

    fix

commit 9a649ddd091b116c9091f3fa582d411b5186375a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:16:40 2023 -0400

    bumped changelog version

commit 11382881b56556741fad5f0291ccb57a24e9c617
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:12:26 2023 -0400

    comments

commit 5182d7502b34a95fd751c69c4bc3f01d5f5e02b9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 16:08:21 2023 -0400

    improve remount-secure

commit 555d83792df9aa599ae9e0e7c41af49b0601c1c1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:44:47 2023 -0400

    bumped changelog version

commit a88c0a3ad2d83fe72612faf97866e255c5527384
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:44:30 2023 -0400

    fix

commit 316282952f7d2470c89f268beea01b8bac9bb4bb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:40:59 2023 -0400

    bumped changelog version

commit a7629b98cf4e7f86bab07c2b75fa712adcd63ee5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:40:49 2023 -0400

    fix

commit 7112eac3be014938f757e0c0def74bb04dc72d2f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:37:21 2023 -0400

    output

commit f80b5fe3767502f6890bdfb7bc32a602c94828d6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:36:16 2023 -0400

    fix

commit ce0babce215dc4ec08101cff5e0d25ad6ec87e70
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:35:03 2023 -0400

    comment

commit fa0804b7ae46ecfc1e9e82ca83342c9d456aa9c3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:33:21 2023 -0400

    bumped changelog version

commit 70cbe4daaa5cd857c49f2f9b9241f24e2867ab5a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:33:11 2023 -0400

    fix

commit 36f2acb93f65958b27bae030f1d2bd66a278e073
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:28:04 2023 -0400

    bumped changelog version

commit 9b9e9ce1c0feb4ca854189754c47ca826eef1c32
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:27:01 2023 -0400

    fix

commit 3731716a497c233127bff3febbe22d5cf088aad8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:14:22 2023 -0400

    fix

commit eec87a0508a6242430a1f0b8ad341f4c3ea43059
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:11:26 2023 -0400

    fix

commit f3286cf440992661ba85b5c7e41b92ffaca62cf3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:10:21 2023 -0400

    fix

commit eb90d38d8ca6d6292dbb8013bb9bca8ec26f4792
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 15:05:33 2023 -0400

    fix

commit f44020973897d98fdc21ced748ad64106979829e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:46:42 2023 -0400

    bumped changelog version

commit 7f03c2b13742e583e426c91ff4e111b6c0e7da43
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:45:45 2023 -0400

    fix

commit c85db586cadbe781704e62405a76e43650046d2c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:44:58 2023 -0400

    improve

commit 7c0ea4324aa1713f365f7352a3e4db1b703d9750
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:39:52 2023 -0400

    fix

commit b29b626b41545fd49b67631820ae40d0fe000f22
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:30:28 2023 -0400

    bumped changelog version

commit 6198ae317c4d8cbd06d95d5e2a585892f455cab6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:29:02 2023 -0400

    fix

commit 245fad09868c2d84bee66d65ecca32704786919b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 14:00:06 2023 -0400

    fix

commit 619f1705e13232680f38bc630f19f2ace32f48ad
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:58:55 2023 -0400

    output

commit 52fa7db0874be85a3db296499ab76f84a5f518db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:57:38 2023 -0400

    output

commit 8a592c2e371de1136d566e707ba56ce89309230a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:56:17 2023 -0400

    fix remountsecure kernel parameter logic

commit 3c183294cd8a402418eafc1e657c6524be49c487
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:31:55 2023 -0400

    bumped changelog version

commit e689f38ad0ba9727d482dbab25ea5d88e67a8edf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:31:44 2023 -0400

    todo

commit 6675a2e93194ea15daeb22bee707cf49563f69fe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:30:50 2023 -0400

    fix

commit 4288e10554f854d6dd9be092ddbf6a62686b1549
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:25:31 2023 -0400

    fix, rework remount-secure kernel parameters parsing

commit b0181af099a2bc20a6d8cc20e6e27371ecc50bf1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:12:25 2023 -0400

    fix

commit 28cb53341d48ece9e042caea03e7159b0f93c2ee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 13:11:44 2023 -0400

    remount-secure dracut module: improve output

commit f70f36e6cfead0038075d715e430e15aedae459f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 12:55:41 2023 -0400

    bumped changelog version

commit 479ab61a1d0c91d26c2cd200d97b39b2b786e073
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 12:55:20 2023 -0400

    remove no longer required remount-service systemd unit

commit 84ca0ac8a0b6a72a28e030081299b402749b9348
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 12:54:25 2023 -0400

    improve remount-secure

commit 1696c37251fe6158118ac3a694c2e11439de5c46
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:28:18 2023 -0400

    bumped changelog version

commit e7d30955e88b0a052e9159c11f4c1e1a47dadb49
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:28:08 2023 -0400

    debugging

commit 975a017dec26f671b7869ba4ad94b3a4d2faf999
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:13:05 2023 -0400

    bumped changelog version

commit 8eb4607a0e8c3db10f64e4ed5a02e87fd3ee8903
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:12:54 2023 -0400

    improve

commit f1da0ce7461fab2eeb421daa886ddd9856c9fd52
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:11:10 2023 -0400

    fix

commit 26826e8398c4d3feed07e8e3e095a87bbde9907a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 11:06:34 2023 -0400

    fix

commit a423b85f81e0c066271ad7db78902ccddbeabb5a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:50:30 2023 -0400

    bumped changelog version

commit 233fa4625bb60ef65c707d28e7c8a51ef5a1d66e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:49:53 2023 -0400

    output

commit 3ebe8cf4de5c77f26f93ac40bdc596c0c38451f5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:41:42 2023 -0400

    refactoring

commit 24d2e26397e8f1e8e350fb60206ab1c5b597cbe6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:40:19 2023 -0400

    no longer reproducible

commit fcba70df2e4e6c71fd29852d6f0b20f80e2e2d5e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:38:48 2023 -0400

    refactoring

commit a05bd3dd0e7319807fa7ea523407ec82ce8aa39c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:37:02 2023 -0400

    /home last because most likely to fail

commit 41077c94fbc1a0c90ee870292fe82e16a70b52f1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:32:24 2023 -0400

    improve remount-secure

commit ef69e512bd2e2eba0e292470bfef6336216e2605
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:25:57 2023 -0400

    refactoring

commit d5cb7ecec9d10069e2e37a2f88680dff6d3f6eb6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:22:21 2023 -0400

    use findmnt

commit 1120d0652ddead556801958973d61502b75f9fc7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:16:53 2023 -0400

    bumped changelog version

commit 45ce0ff74d8f42d6a424e0742989008403891f8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:16:43 2023 -0400

    debugging

commit b81a991731e912fa0f7d4ca59b0531bafb02a25a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:15:11 2023 -0400

    fix

commit 292a5c3a8a37bc9dd807913bd76826e57e978b67
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:11:31 2023 -0400

    fix

commit bb57b1a289cc64cc5b2ab5518c151df5355a9f29
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:10:51 2023 -0400

    fix

commit 4f6f45fb3902f6c49d01b5ccb33a4e24804cd02a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:01:54 2023 -0400

    bumped changelog version

commit 181a6424796b1cafc87a8d74aad197135381a389
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:01:38 2023 -0400

    root check

commit 84fd41931ce3ba4d6e3785dc8052ee14ce62b80e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:44:17 2023 -0400

    /var/run -> /run

commit 33d97a2560fe4aaab24f90057e825802541a408b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:39:54 2023 -0400

    improve output of remount-secure dracut module

commit c409e3221e179437ed0b162dde1e72cd116ba795
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:36:03 2023 -0400

    implement remount-secure

commit f472ce690ae350085d40cfd5ec46084dc559a51d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:57:35 2023 -0400

    comments

commit 90f2b5e11c341c38bb0b11db603ceeba28e14b1c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:51:37 2023 -0400

    code simplification

commit 167683ce763e97838e62950f00313b63d7c968b0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:50:57 2023 -0400

    code simplification

commit 05e9accf64a3a6bfa24aac7aaa62620f814b05d1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:12:30 2023 -0400

    bumped changelog version

commit e065f85c8809d04a9a4c041dd8b9b81bacd04e24
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:10:48 2023 -0400

    add remount-secure dracut module

commit f0ee470ecd0fc37125165dd6a5cefb47339b14b4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:51:05 2023 -0400

    comment

commit e257f2a3806ba7013e8e47005fde1385044bc8d9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:50:14 2023 -0400

    remount-secure:
    no longer use /usr/libexec/helper-scripts/pre.bsh as not simple with dracut

commit 27b3ba8bdf2556066a4be02cd1be9a4451a591b2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:06:00 2023 -0400

    bumped changelog version

commit ed11c68ac64c1ec4eaa590dbb56734d450c89b04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:51:52 2023 -0400

    move remount-secure to /usr/bin/remount-secure to make it easier to manually run

commit 6f4bf57ff2bc878f03a50d91a5db0afaf897d70e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:48:56 2023 -0400

    `remount-secure`: add support for `--force`; output

commit 6dec5cb1d6b841bc6ea92986d6567902109f5ed0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:32:19 2023 -0400

    debugging

commit bc768aa196a08218aac0b6ef1c4ca013f2034122
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:31:57 2023 -0400

    output

commit c069c73109b45fbb8fa230ad4f90f4252db730f2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:29:38 2023 -0400

    refactoring

commit abc35927345e14bbe4b9f13d205a648ce7a8bd8d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:23:48 2023 -0400

    remount-secure: stricter error handling

commit 59a5fea25d0b0c39a6e7b3b11f9242ebe5eaa462
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 05:41:56 2023 -0400

    documentation

commit ac63b0eb3db3d168908459fecd6b3275cce015bc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 05:41:11 2023 -0400

    remove duplicate

commit ef3f1575733c668f652326cdb4f4fba8c71bf0ed
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 14:19:24 2023 -0400

    bumped changelog version

commit ae2c1c5a7a02a5f3f6a8bcd4a90fdc9e3b512e62
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 14:18:50 2023 -0400

    fix xession environment variable

commit 43375fa1f4d32f04907edf1297fef737342b49ea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 12:34:59 2023 -0400

    bumped changelog version

commit d543825d85a5d84274c21cd85db6df777948606e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 12:24:59 2023 -0400

    comments

commit dd43ab634d9ab0a59234798e1b14ba99099c65c9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Oct 13 15:22:58 2023 -0400

    bumped changelog version

commit 645ee814e4f3dc330dd6fb24ec4fac0e278c4f42
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Oct 13 15:22:48 2023 -0400

    fix

commit 13a4f37e50805a0e51b8f63808e166318e39a074
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 12:51:37 2023 -0400

    bumped changelog version

commit 2d4524108445829d7ac80e828e9a1442cf038a6b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 11:37:01 2023 -0400

    avoid duplicate environment variables

commit e96e6aa38e29888a64fa35f85becc1596118a812
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 10:43:40 2023 -0400

    bumped changelog version

commit fa820e897895eda93011a0f2bbd915ffffcb1459
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 10:40:27 2023 -0400

    refactoring environment variables loading mechanism

commit 358e4226f1b3db32e560e4bbe1c663828eac7059
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:48:35 2023 -0400

    bumped changelog version

commit 81ad786dfcdd416056c6ae8a9d02231bda6fcbde
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:19:07 2023 -0400

    Kicksecure

commit ab56b7ca0cf1a2cb6bc19514750ca618f4ebb7fe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:10:05 2023 -0400

    Kicksecure

commit 29aaf13c13ec1023d33e84442db0f5afeaa4436d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 23 08:18:12 2023 +0000

    bumped changelog version

commit 8a6baea99017fd971ae4a5e89599b87bc945b276
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 22 16:16:15 2023 +0000

    comment

commit 609c8c0697ecf3414e38de9d32dc367a25172802
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 21 09:36:44 2023 +0000

    bumped changelog version

commit 94a326ec7ff8704be224e76b2f3f9c2a12cbd4a7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 21 09:11:31 2023 +0000

    bookworm

commit b610cdcbcd85ee4c433a3df0662e225b52b592cd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 16 11:09:02 2023 +0000

    bumped changelog version

commit 0c56d3d9d2dd1b40b07226b70d3d1b9343757d1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 16 10:49:05 2023 +0000

    readme

commit 63599a09d795d82b0f069f88d73fd607129af0ef
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 14 09:59:20 2023 +0000

    bumped changelog version

commit 25760f70246dd07376465d9a4222098fd24b8516
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 13 08:34:41 2023 +0000

    bookworm

commit be990188f56f059585cf70589de03afb992b9ea2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 12 18:01:55 2023 +0000

    bumped changelog version

commit 07b3ce0bcdb6ddb72c7064f527ff4d6250b54ad2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 12 16:22:32 2023 +0000

    Standards-Version: 4.6.1.0

commit 4e28ace103e11373d1b5cf5de8be6b1f94c567ce
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 17:31:59 2023 +0000

    bumped changelog version

commit b11a336b4ff6c748d20aade6e98b25c251bd8c8e
Merge: c921d4e b0b73db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 16:58:11 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit b0b73db3c84f8cc7594b6b181e0e495cd7e92571
Merge: c921d4e cf003df
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 12:57:46 2023 -0400

    Merge pull request #126 from raja-grewal/Comment
    
    Update comments

commit cf003dfad85434f5a52524fdd97a7f619ba82429
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue May 16 02:11:44 2023 +1000

    Update comments

commit c921d4e915af50dd1773016b0015be584e1e3f5f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 11:56:30 2023 +0000

    bumped changelog version

commit 39676395f814007f74ce1edb0aee0ada4d4fa478
Merge: 6511dac 1f38fcf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 11:34:57 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit 1f38fcfefa1ccd732e4500522cc0978bda69ab0b
Merge: d66a9ba 6ab400c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 07:34:16 2023 -0400

    Merge pull request #125 from JeremyRand/typo
    
    mmap-rnd-bits: Fix typo in error message

commit d66a9bac551e7544eed592a69f576d27880e2bf3
Merge: 6511dac 9d23717
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 07:34:00 2023 -0400

    Merge pull request #124 from JeremyRand/doc-aslr
    
    README: Document mmap-rnd-bits

commit 6ab400c9d982bde16271052f181c87255046037e
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Tue May 9 10:55:31 2023 +0000

    mmap-rnd-bits: Fix typo in error message

commit 9d23717b6d3f94d8fad5ab00628dcbf41fa2cab5
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Mon May 8 13:45:18 2023 +0000

    README: Document mmap-rnd-bits

commit 6511dac1d4aea1800ce8e51d1f6cdbae4d31e10c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 12:00:12 2023 +0000

    bumped changelog version

commit 0c10b3f0383d69c2d504b3e346da68b056d1dca8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:59:59 2023 +0000

    output

commit a815c9b9867b0ec56737e60eb1dfeec6a57af6f1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:54:31 2023 +0000

    bumped changelog version

commit 5d4d04a2ebeeea7e096c1680779f2897a03838c6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:54:00 2023 +0000

    output

commit 2d465c624975cc2ca308878e0ef1508316d3316e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:51:25 2023 +0000

    refactoring

commit b756314eb894dde4d017e0aec5876b56f0178de4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:09:32 2023 +0000

    bumped changelog version

commit 014a28ba07406e5d69f86e90ddb8a27b3778c3a8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:04:21 2023 +0000

    comment

commit ec01c1a99630f44a73763b019a1bad6dc52bbf4e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:02:31 2023 +0000

    minor mmap-rnd-bits improvements

commit 3dc406f138ee3dc81b54db2c8c4b795fc6b7c9d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:01:22 2023 +0000

    minor

commit 40e940ec58928049bb38b85d15beaead80740192
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:54:24 2023 +0000

    minor mmap-rnd-bits improvements

commit f4fd0f90120e8983b37bc5822cf98a215d25990e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:53:07 2023 +0000

    minor mmap-rnd-bits improvements

commit a8e4121befe19bb7d2f74582655a14bded23a37d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:52:07 2023 +0000

    minor mmap-rnd-bits improvements

commit 9184e6bb921a9c7356e8d2c7216a1da91f963304
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:51:19 2023 +0000

    fix

commit 89168ef40ce713b27974e4e38f6e3e63646d78bc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:49:56 2023 +0000

    minor mmap-rnd-bits improvements

commit d6d79e96c9a3f25b75d92a46dc97d6191d6ac691
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:44:29 2023 +0000

    minor mmap-rnd-bits improvements

commit 15d0ee100834e01e3f17ee179c3120f37eb3cae5
Merge: 1137e6c 2d40bbc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:37:34 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit 2d40bbc8fec7ceea47b64fdebc9e751b26e0cf27
Merge: 5c6db28 48a68ba
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 10:14:43 2023 -0400

    Merge pull request #120 from JeremyRand/aslr-ppc64le
    
    vm.mmap_rnd_bits: Fix ppc64le

commit 48a68ba237895c0c6c24ebd256ae6a9adec2628f
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:43:41 2023 +0000

    mmap-rnd-bits: Handle unwritable /etc/sysctl.d/

commit 434cfb427f739258bd3280ce148cdbe85c800f8a
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:36:05 2023 +0000

    mmap-rnd-bits: Check that configs are valid integers

commit 76ca8a27f94d89ed783b900257934c0749e631ce
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:29:14 2023 +0000

    mmap-rnd-bits: Handle missing kernel config file

commit 2cf105700a98297f65026e43b435fe017a04ba07
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:08:20 2023 +0000

    postinst: Don't fail if mmap-rnd-bits fails

commit 61f63255acdf942e52af35d7f6d1c271a671e6f7
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Fri Mar 24 12:32:58 2023 +0000

    vm.mmap_rnd_bits: Fix ppc64le
    
    Probably fixes a bunch of other non-x86_64 arches too.

commit 5c6db28881463e8c764872a8cd268c23ac64b8f1
Merge: 8a34d6c ed5f8be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Mar 31 04:52:55 2023 -0400

    Merge pull request #122 from raja-grewal/tcp
    
    Remove outdated comment about SACK, DSACK, and FACK

commit 8a34d6c067bdebc513f34cd3c434b0675f118e10
Merge: 1137e6c 7a4212d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Mar 31 04:52:18 2023 -0400

    Merge pull request #121 from raja-grewal/copyright
    
    Update Copyright

commit ed5f8be9ebd4f34c8b8de78abe0a8df0775b80aa
Author: Raja Grewal <rg_public@proton.me>
Date:   Thu Mar 30 19:17:43 2023 +1100

    Remove outdated comment about SACK, DSACK, and FACK

commit 7a4212dd76c866e1db4dd4875e51c0d49bb3574d
Author: Raja Grewal <rg_public@proton.me>
Date:   Thu Mar 30 17:08:47 2023 +1100

    Update copyright

commit 1137e6c9104565b8f7546a9a5450ec2c2330efb7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 30 05:58:47 2023 -0500

    bumped changelog version

commit 8c3204a5e42b0c4dc6ff9c66568ac78abc4dbd47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 25 15:20:30 2023 -0500

    comment

commit 65c29f493b56798bc67de7ea451f8f65d99d3093
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 25 15:13:19 2023 -0500

    move kexec disabling to dedicated file `/etc/sysctl.d/30_security-misc_kexec-disable.conf`
    
    so ram-wipe can `config-package-dev` `hide` this config file

commit 56c7c57b3a3929f57c9173f9156b2b9f7f7f854e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:09:40 2023 -0500

    bumped changelog version

commit b87d9eb86544a7f06772a0db803711b49ec3f554
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:08:13 2023 -0500

    lintian

commit a4820086508a64156aa222d61d5f0f88bf56fb3e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:05:53 2023 -0500

    bumped changelog version

commit 7bda2ad3e8f30668428e054f57613d7c2ed2a4d6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 06:34:17 2023 -0500

    move ram-wipe scripts to dedicated ram-wipe package

commit 11d0bb2c006eb7add5f9b0e70a199098972af25e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:05:18 2023 -0500

    bumped changelog version

commit c50665218776733919845044b39466c57117542d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:05:06 2023 -0500

    fix

commit b3d85f115cf486f4a2805d954ba6dd741817dd71
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:02:01 2023 -0500

    bumped changelog version

commit 6faa050dd8d26bd6436688b32bbc7a6515f9cb14
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:54:04 2023 -0500

    migrate ram-wipe to dedicated package

commit ad5d0d4b12e73b74166aafb5c34252f1e1af1854
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:37:45 2023 -0500

    disable kexec (revert enabling kexec)
    
    remove kexec-utils for ram-wipe since moved to its own package

commit 87c4e77c017aba7d57ae1fc7cf41a1f3143f1a04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:23:00 2023 -0500

    migrate to ram-wipe package

commit 3867acf723f26416a047260010518829adcefc03
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 05:34:48 2023 -0500

    bumped changelog version

commit d769099db1dbf90350838430cda2de7196076c5d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 05:34:07 2023 -0500

    use warn instead of info for now
    
    because dracut does not show info messages when kernel parameter quiet is set

commit 7fa6946694a997e04b17ecb3a167d767543093a2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:17:02 2023 -0500

    bumped changelog version

commit f3b84e15be40ef64969b70bc62ab4bf8d40352b6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:16:18 2023 -0500

    refactoring

commit 96d6ca7ae01d537ab972798417b9453d57c03cd7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:09:09 2023 -0500

    improve kernel and initrd file detection

commit 8367b27a0df2e6ea5bc2d57d1520cfdd2f4d35e2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:08:18 2023 -0500

    output

commit da0fc9f5bd5d1551f46fb5625010b317d30274b3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:07:43 2023 -0500

    improve kernel and initrd file detection

commit 5b11eecaecdec7487224b90708da82c10ccc4d63
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 06:45:10 2023 -0500

    refactoring

commit e81dd6cd25f58871c1f6b4a082f81eec34a518b5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:13:57 2023 -0500

    bumped changelog version

commit 938b87d26c195b6804796d4fa6050a453278700c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:06:10 2023 -0500

    comment

commit 0b1310a21944939d94de18d8ac6d494446d23d0c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:05:47 2023 -0500

    output

commit 2fd302f580509842d290b2b0a27079dca445d5cd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:02:21 2023 -0500

    output

commit 921bc3e867411e5a96ca3e4641a7501038cf5139
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:49:24 2023 -0500

    bumped changelog version

commit 080abe574ba10b8365587a1c89085efe88f210ee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:48:21 2023 -0500

    output

commit 5689c07f97d2775b9445f75a10554e70875a5636
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:37:46 2023 -0500

    comment

commit 8e2db269b01e5d3c28346dd7713074a346fa3e72
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:36:51 2023 -0500

    cleanup

commit a07af631559e9c9312c263826969b5b028509a2e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:35:56 2023 -0500

    output

commit 1d22ebde08984968deb143dab244a2b6e30d45e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:23:35 2023 -0500

    bumped changelog version

commit 539156c0dad74c584adb02beacdcf7a3a9b8b982
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:23:25 2023 -0500

    drop_caches

commit 02f44459ad194444122e98a9f743c2725edb4e43
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:22:45 2023 -0500

    DRACUT_QUIET=no

commit abbaea582de898e48a852a0a153fe336341afe17
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:16:23 2023 -0500

    bumped changelog version

commit ab89d0e06e68fa47fa4058416a6c8700551f1b9a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:59:00 2023 -0500

    cleanup

commit 2e833b40a1af1f194ec392ff0c05b0060bb27fe8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:43:09 2023 -0500

    prevent "wait: pid 55 is not a child of this shell"

commit 3777ecba8568cf5458b05b3eeedf98f0ba51cd69
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:34:19 2023 -0500

    comment

commit e0ded5e69d38a02f9896277a67c0d209e4ee4ad4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:34:04 2023 -0500

    comment

commit 996c6af2d84cf23f323ca80c04fab26beea2aa1b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:31:23 2023 -0500

    lower debugging

commit 4fca8f4225f134316e734d5f85d12b9e39b99b0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:28:11 2023 -0500

    comment

commit fa579cad8980c8d9231a9e2682267910544be175
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:20:48 2023 -0500

    bumped changelog version

commit c9107bb044e3038d837e371aa7467edcedbbdb16
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:11:48 2023 -0500

    debugging

commit b7bb24f984cb5669d9cc9b3522ee57a05070cef9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:09:11 2023 -0500

    description

commit 2bd9cc5bc1ac94d039a7e515d3a839af820fb4be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:08:12 2023 -0500

    output

commit 2456fed3614268abfb238f3a0783719adb45b711
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:00:42 2023 -0500

    output

commit c0b5fea6806ea07b667a341b2400aacb7191b27f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:59:52 2023 -0500

    protect against wipe RAM reboot loop

commit c1b87d250c4e5decd726e7fd67b482ff1eaecbf1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:37:47 2023 -0500

    bumped changelog version

commit 91aedb234aa7c516dca8016f6b82536cfe25f410
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:36:36 2023 -0500

    output

commit 368ad8e636ae30eb60c8f2c6ce7117970a77c021
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:36:05 2023 -0500

    cleanup

commit d8bf40f7a28f53f2f51c41b77663e5a40a5d8fb4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:35:45 2023 -0500

    refactoring

commit 166a6863a1c249e68e3f38109b115503bc5663ec
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:35:15 2023 -0500

    output

commit 20596488be39f92f069523a3d86c0e6b6ec15399
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:34:20 2023 -0500

    long options

commit 1e19c2cbad8cdf97f6bb460c90cfa330492b8019
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:32:25 2023 -0500

    Depends: kexec-tools
    
    required for cold boot attack defense second RAM wipe after reboot

commit b0630f58c136d6c7a964447806ec8ee603a73aa8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:24:05 2023 -0500

    debugging

commit dde01f36634337a24d0cd37cfe5a456ff77e8b0e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:23:23 2023 -0500

    long options

commit 6e0926eece54a55502fa67c2abedf5b718e306e6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:22:58 2023 -0500

    long options

commit 51a5f68c7654774d37986916029607da588189ab
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:22:25 2023 -0500

    refactoring

commit 83800fcb4fd365aab58a5f70f78f39af7d9371dc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:18:58 2023 -0500

    --no-legend

commit 822cf646182f8ff649ea08da2fd4365022871a61
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:13:36 2023 -0500

    output

commit bb2f0a3c4421e3686477a6dff81bb87d5dcd836f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:12:15 2023 -0500

    minor

commit c3a822af0e9c8bb6c9b34b732ba48710e3ee1974
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:09:25 2023 -0500

    test if readable

commit 227871c12c57ecc5ff6d4075ea59a7dc9eca3dd3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:07:34 2023 -0500

    output

commit c09f4da1922f40f666dae0570295b5ab5c02e8a9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:06:56 2023 -0500

    code simplification

commit 01fee8a7b4a12c8c2be4173337decc37ec3e6019
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:06:31 2023 -0500

    refactoring

commit f675f8da0d33ab18efa782ee155a8632e9a3dc0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:05:58 2023 -0500

    quotes

commit d0daf75db3529e206565604a63e11ee1268ed39b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:05:24 2023 -0500

    quotes

commit 8bcf7e3c235c1193f3a6d43a7c8b23b50e972de7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:57 2023 -0500

    minor

commit 2cc3c6c59ca88cf44751bc2e9bb7055b46102284
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:42 2023 -0500

    lower debugging

commit 10932bb5d83c469f556b46f42ee517e882d87a4f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:23 2023 -0500

    minor

commit c88e95ce33f30f67726ac086c1b8d020b1024ebc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:07 2023 -0500

    output

commit 06034d2e4f97712fc84ad75e3fa8ba6bf4fccfee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:03:06 2023 -0500

    fix

commit 059ebb212d03f5d01d46362530702dbeaefdce5e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:35:30 2023 -0500

    comment

commit c0304ec029198665aaf63c843f5b7d5567f95208
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:35:09 2023 -0500

    minor

commit d5271d6250f0f6ea5adf7bc71fc48fddab1a9af4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:31:40 2023 -0500

    bumped changelog version

commit d31c17ea047fbbd698ad9f074a00d6fba2aaf283
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:31:14 2023 -0500

    fix

commit 41d116aa2f6d5ab33a1d5889f6ae251e5b8b5538
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:30:12 2023 -0500

    lintian

commit e83ba18553832134b2f6da6ce98b0ee0c852961e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:29:12 2023 -0500

    minor

commit 53ab93d8f6553eab1682290d42faf0d466f06219
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:27:42 2023 -0500

    bumped changelog version

commit bb121e52bbab151b2104f1a333cabc3889ef47b0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:27:22 2023 -0500

    chmod +x

commit 42ab341a58de4c54b20b8f6dc4e048ce61068cf4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:57:36 2023 -0500

    bumped changelog version

commit d37b19fb6bb3cadbb74d011be026fd8d2653ac17
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:55:05 2023 -0500

    comment

commit 0367250dc74f9e6ec38f9da5809ff661493134a8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:54:35 2023 -0500

    comment

commit c1df2fd601f3445a0a811a679efa7d2176026558
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:52:14 2023 -0500

    comment

commit c2b20603fdd62a3f82c842c7ebeaad0f70e005d0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:49:18 2023 -0500

    output

commit 999a82ed946c8fd57654a0a90e2a2e53ef98a788
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:46:21 2023 -0500

    output

commit 2860560edb7951a8ac9de1c23c9655c655b40f23
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:43:07 2023 -0500

    minor

commit 450ff378b067070618e4a972f8131acac5b292e0
Merge: 929f49f b8e82ff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:38:14 2023 -0500

    Merge remote-tracking branch 'friedy10/master'

commit b8e82fffca0138afaf20e1b2faf755ce1533af45
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Sat Jan 7 11:31:02 2023 -0500

    Get rid of /dev/kmsg

commit 78a4fad6674bb11fa682b908e0d3bc63705e7d20
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Sat Jan 7 11:14:31 2023 -0500

    Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec

commit 8da3b9c40c6ee073addcc06d5227b3043438b768
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 21:40:17 2023 -0500

    fix last line

commit 7cf51a1b433bfb2ccf4fa14b7807184e9e3681c5
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 21:32:57 2023 -0500

    Checking job queue instead of dbus

commit 4b7053a6353cf0e092a6ef712e955b4318671bfc
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:28 2023 -0500

    Update wipe-ram.sh

commit 779ad24b573b83c08e89569e5213e018377d1535
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:18 2023 -0500

    Update wipe-ram-needshutdown.sh

commit d45ba826bca6f5efef846de01a34a0a8c7936442
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:10 2023 -0500

    Update module-setup.sh

commit b3d4314a069a608380ca9dd01d76c653bdb87078
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:51 2023 -0500

    Update wipe-ram.sh

commit 33877250172349cccb2c776c1fa7aed2e8ad716f
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:42 2023 -0500

    Update wipe-ram-needshutdown.sh

commit ec68ee6ded7294c161b3d0793bf8874b12262190
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:32 2023 -0500

    Update module-setup.sh

commit 014d10b9778907a9282ec337023f8c2b01b0ca6b
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:09 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare.service

commit 62dcdcf7649175e0587a84708e8f0aa318a45d30
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:51:45 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit f4637509205c11eddaa13151b93c961e9d345be6
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:48:22 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare.service

commit 14abfbfccdd3403d90a16dd5b2a1057ccf4da3d5
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:48:03 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit 37a5264696797c0807570606361e04cb8dcb2395
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:34 2023 -0500

    Update wipe-ram.sh

commit 7ac45acd0f3e3e0a68e3fc4036787e8e7d4ebe9f
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:23 2023 -0500

    Update wipe-ram-needshutdown.sh

commit 114a37fcd39ff20ddd9e8cca829763a9b96a8115
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:14 2023 -0500

    Update module-setup.sh

commit 1eeb32b7b96ab1df63d808b6715fef7a6e1a9482
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:01 2023 -0500

    Update wipe-ram.sh

commit c5accc5ad191fe54a96e12cd1f1286508da8243c
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:46:51 2023 -0500

    Update wipe-ram-needshutdown.sh

commit f9ebc3cfa86674025ccd65c22cde2427ea2f4ae3
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:46:40 2023 -0500

    Update module-setup.sh

commit 28687092ef4f57afab5e8d32f68492799694a379
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:52:36 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit d67d3c1d7d788fff589806457ff140e8f82089a0
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:51:18 2023 -0500

    Update wipe-ram.sh

commit 7fa64d68423d24668e44eb0d7e19ccf4845ee711
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:50:58 2023 -0500

    Update wipe-ram-needshutdown.sh

commit 14c7239681300edc4f715bc96c5235cddf677c60
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:50:42 2023 -0500

    Update module-setup.sh

commit 73913ea5afef8354f433f7cf87c7cd64c16be0a0
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 12:49:34 2023 -0500

    Added checks

commit a7015f4ddff892cab17f96713ddb0a720ebb7901
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 10:50:34 2023 -0500

    added files

commit 929f49f333fc88d91ed4cef849921b0b4a69bfea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 14:37:51 2022 -0500

    bumped changelog version

commit 75beb52bd5b7cee4a48eead53dbbe7fac9f6cc9e
Merge: 98f753d 58b622f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 06:24:41 2022 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 58b622f0fe373b6e2fb30b9564b22f1064f690b0
Merge: 98f753d f81714b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 06:23:26 2022 -0500

    Merge pull request #114 from raja-grewal/framebuffer
    
    Add some framebuffer drivers into blacklist

commit f81714be506d1b15c0e79cbe8378bf8a18a2256f
Merge: d67845f 98f753d
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Dec 13 05:14:56 2022 +0000

    Merge branch 'Kicksecure:master' into framebuffer

commit d67845fea89f4a74ed4b0a6eefbf2bf228b13a1b
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Dec 13 16:11:24 2022 +1100

    Typo

commit 98f753d8ffcf6673a3130d45c23b84a4c35917b1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:21:58 2022 -0500

    bumped changelog version

commit 6d7a78262464c054c46df155605a480f1b32f22c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:21:46 2022 -0500

    fix

commit 421f03ae9e648d366146415532d4dd9dda106980
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:20:56 2022 -0500

    fix

commit ad1e722879ef049ef421f0062ee383770d66bfee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:00:33 2022 -0500

    bumped changelog version

commit a806c782d78d691617dd650808a0403ce72d4a1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:00:23 2022 -0500

    fix

commit 4601e106c4823f2cb0dc7a8ba601670395c96326
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:49:26 2022 -0500

    bumped changelog version

commit 39b35ef9ac7489685df5486334a0acf5936e9b47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:49:15 2022 -0500

    fix

commit 73963a9e6847fd8099093da1253267d79db7d261
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:31:37 2022 -0500

    bumped changelog version

commit d05c10172178d04781976026243297fa153125a0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:31:24 2022 -0500

    debugging

commit 36454c2dbf43de4805f2f156b05d263c37b9615a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:25:47 2022 -0500

    debugging

commit e06b173a1be8c0e3e47a9c4bab2d94fe88d422e0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:24:14 2022 -0500

    debugging

commit 97722d1926bc106a0645783fcb55b7d5691c873b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:14:15 2022 -0500

    bumped changelog version

commit 497b5b45442b1293b130fef63de1b84d091d27eb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:14:04 2022 -0500

    fix

commit 6f695902fb70cbbc95b71f827216ab84edcfeb83
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Nov 23 23:53:40 2022 +1100

    Add comment about legacy Apple fiesystems

commit d7222b5678aa182866c389d8a88f55b6488e74e0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 22 06:03:13 2022 -0500

    bumped changelog version

commit e5255a630ad3c9c99b6b7ffa4c7be43a44dffba9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 22 05:57:30 2022 -0500

    pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)

commit d419898ee494fb159ed6811a719dbb4a5ffb469a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 17 10:15:36 2022 -0500

    bumped changelog version

commit 09e6af5c080f776d56d7e2390f88c4ae7e01bdb7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 02:01:23 2022 -0500

    pam-info refactoring

commit caf0099064747a2048363e3600a53af51df549ad
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 02:00:32 2022 -0500

    pam-info refactoring

commit 487f63bb01c6dfc71d0e4efef2c70dae94093dce
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:56:01 2022 -0500

    comment

commit f59f959a8d43ebd80a4037e65ec26df7143bcaf5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:55:14 2022 -0500

    pam-info fix

commit ae113442a162969561a24fcf17718ceb6a11d928
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:49:45 2022 -0500

    pam-info refactoring

commit bb6b509d06a1ae34ee407cb309c530e5dddfedfd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:44:21 2022 -0500

    pam-info refactoring

commit e5d7ab7082908e64596ccd1da835a781cae22456
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:44:12 2022 -0500

    comment

commit 23b936b573c8989222a50d1ef8c35dc95589bb0e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:31:14 2022 -0500

    also support /usr/local/etc/pam-info-debug

commit 95487346dbb18c4ac9133fc21b4abed12dc346b3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:29:41 2022 -0500

    pam-info: create debug log file ~/pam-info-debug.txt
    
    when file /etc/pam-info-debug exists

commit 2872c2ab52ae9a1eaa25ea8b9852401e82d5616a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:00:59 2022 -0500

    comments

commit 6033de78152cb5d7a9659f58aa8035ae2a7d6532
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 11:58:50 2022 -0500

    debugging

commit daa30d4e7830ba38ed52f83e6ac93c3a4e03ee33
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Nov 9 20:43:59 2022 +1100

    Include several framebuffer drivers into blacklist
    
    These were previously commented out to test for compatibility issues.

commit 2319458e9f1a0ae2b60cf5786122c19459bbaea1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Aug 24 18:28:39 2022 -0400

    bumped changelog version

commit cdfc175953a8ab358bb8e6db2610df11733ba258
Merge: ff84514 ae4d498
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Aug 22 06:09:30 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit ae4d4989b0e8ea79b5661f098e9814379ff9401e
Merge: ff84514 d500205
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Aug 22 06:09:40 2022 -0400

    Merge pull request #113 from raja-grewal/master
    
    Comment out machine check exception

commit d500205f556ba896417eb0bae1df0144b00ef7b9
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Aug 21 23:03:13 2022 +1000

    Update README.md

commit 92669dba186c6ac40ff601fd39639945cd7633c6
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Aug 21 23:02:44 2022 +1000

    Comment out machine check exception

commit ff8451469ad3b9cbd101ca4b93d72a2ac6cebe37
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Aug 13 11:40:04 2022 -0400

    bumped changelog version

commit 272a33fe2c3c7666de96f9037094db8e9ab8e09e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Aug 13 11:35:25 2022 -0400

    addgroup -> adduser fix

commit 7d5246693c5c07f76e3f2e29c3ed39d4910673ff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Aug 12 07:52:26 2022 -0400

    bumped changelog version

commit 82da4ed18f5682c0cc76cd435b6de2459c7b5f83
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 28 09:56:24 2022 -0400

    comments

commit a6bee1493d4113ab63f8d0671f97989b00d23544
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 28 09:55:12 2022 -0400

    cold-boot-attack-defense wait longer to make messages readable by user

commit 109594952335f94c2a21f22d6a517ecc8b864d81
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 26 10:00:53 2022 -0400

    bumped changelog version

commit 053142cdb57f23172fd0155dde4ff4c0183c4f65
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 26 10:00:21 2022 -0400

    fix

commit 73f6523e09f12fc56da0ed3555d050686ff441f3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 08:07:37 2022 -0400

    bumped changelog version

commit 0c5b1e9f577d52e2c056e786e32c14ff37db344b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:49:56 2022 -0400

    undo `"force kernel to panic on "oopses"`
    
    because implemented differently already
    
    https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713

commit c1c04b4619eea4c79a0dbb5cced3ebb77482877c
Merge: 465775c bfe6b88
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:43:19 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit bfe6b888395abf554623a9e530fe7e6605047e12
Merge: 465775c ca764d8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:27:24 2022 -0400

    Merge pull request #111 from raja-grewal/harden
    
    Increased kernel hardening at boot

commit ca764d8de0f17bb7e6d44e3d79ea1805276fc521
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 20 04:06:35 2022 +1000

    force kernel to panic on "oopses"

commit 1660aaa6dd1013ede105baebbb8ff3e1afc7b268
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 03:38:41 2022 +1000

    update details around disabling SMT

commit bfd78a2c06153ebadfee39190055edf0a13958f4
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 03:16:08 2022 +1000

    update SRBDS mitigation

commit c3ebb9160ffbbd2972cc898e3c1c0055d89beb5c
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:33:16 2022 +1000

    CPU mitigation - MMIO Stale Data

commit 59e90ff1226bd6330d85244cf7c73ecf7fd5fdf1
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:32:41 2022 +1000

    CPU mitigation - L1D FLushing

commit 8531fbf99dea1b4cd806babd6072a8a1f0506eb3
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:30:49 2022 +1000

    CPU mitigation - SRBDS

commit 73f1e233327cc0edec83eac322b7f03bcb7fba22
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:29:46 2022 +1000

    shuffle and rewording

commit 39314b291263a93fcb11756ce12bd8691a1fa0f6
Merge: bb831d5 c4a1094
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:49:08 2022 +1000

    Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden

commit bb831d57bcdcc8195a4b8169a4ddc25fb0c61173
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:38:32 2022 +1000

    delete repeated commands

commit c77a2a78bc48df2af7653a306bd1b046a8f99a6b
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:37:31 2022 +1000

    enforce default net.ipv6.icmp_ignore_bogus_error_responses

commit c4a10947608b0d5508ef5b18e0ab34a2ee4f35de
Merge: 2b23703 465775c
Author: Raja Grewal <rg_public@proton.me>
Date:   Mon Jul 18 13:36:23 2022 +0000

    Merge branch 'Kicksecure:master' into harden

commit 465775c9dc1b97c98a5470acaffabb103ea7239f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 16 08:00:16 2022 -0400

    bumped changelog version

commit 1fafb5f53bbec57812f535e79bfb475628cc58e3
Merge: 24d6a93 27aa523
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jul 15 08:09:16 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 27aa5231e2d1dafd89ba19c8d6becf461e781605
Merge: 24d6a93 a72bbb1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jul 15 08:06:08 2022 -0400

    Merge pull request #112 from raja-grewal/blacklist
    
    Corrected kernel module disabling

commit a72bbb1883613ee56be29949c153e0edb2d72a29
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 23:42:13 2022 +1000

    Corrected kerenl module disabling

commit 24d6a93eacf5b41cfb9133471049776a16a07b03
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 08:28:34 2022 -0400

    bumped changelog version

commit 2b237039cf1db66100f7f0bb4880981ee0489abf
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 22:25:53 2022 +1000

    Update README.md

commit 8f31e5d1d172eb117bde63702f63081da182d5c5
Merge: 6aa9a94 c410890
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 07:26:58 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit c410890a8ade6d4be13dc99a7003f03ebded8153
Merge: 6aa9a94 fe0cc10
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 07:24:12 2022 -0400

    Merge pull request #110 from raja-grewal/master
    
    Incorporated Ubuntu’s kernel module blacklists and more verbose errors

commit 4e93b4d37e4c6d23a0ac76ddb2144c6504a66ad1
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 21:10:39 2022 +1000

    Revert "enforce defualt net.ipv4.ip_forward"
    
    This reverts commit 57b5b2145c4e6779f0b879ee4199d46938f20965.

commit a47922ad28fc9ebba93615a6ffdaaeb4887cc140
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:47:07 2022 +1000

    enforce of IOMMU TLB invalidation

commit 33df16af805597057c7aad0d5a4fb135ed9e286b
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:37:03 2022 +1000

    disables random.trust_bootloader

commit d0779a96fc054df925523a76510c1aae5d672f96
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:36:34 2022 +1000

    add reference

commit 74858d257b8de40f082ce21241e680a5eeaf4053
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:34:35 2022 +1000

    enable randomize_kstack_offset

commit f572332108c06eb77d24e776910463e69d49acd3
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:32:03 2022 +1000

    disable slub_debug

commit 57b5b2145c4e6779f0b879ee4199d46938f20965
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:30:43 2022 +1000

    enforce defualt net.ipv4.ip_forward

commit 79156262c9e3fe92344847b627afc64b2c7f7717
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:29:42 2022 +1000

    enforce default net.ipv4.icmp_ignore_bogus_error_responses

commit dabcaf22e1006cc60297c55e3e254f080562d552
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:28:03 2022 +1000

    enforce default kernel.randomize_va_space

commit fe0cc1089086273794bd6b54df3528ff78c10f6a
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 17:18:47 2022 +1000

    Updated README.md

commit 48089e5ba43b0b72449f888b98b63119ed57e2fd
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 17:02:12 2022 +1000

    More verbose kernel module blocking error logs

commit 40ec791774f2a6ae7d42ccf2bfbe4a98a9963f08
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 16:58:16 2022 +1000

    Updated comments

commit ef1ef9917d896f1cd837f399def6a75704e9bfd2
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Jul 10 04:53:25 2022 +1000

    Blacklist automatic loading of CD-ROM modules

commit 61ef9bd59f9ff39c140f782ff5b41d0a3c6d97bc
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Jul 10 04:52:00 2022 +1000

    Incorporated Ubuntu’s kernel module blacklists

commit 6aa9a9472f10d4d6270dd59fbcd94d9001aca9e6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:42:24 2022 -0400

    bumped changelog version

commit 3b844eaab25fecf90292c88291be77abf0be694c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:42:11 2022 -0400

    output

commit 73d2c9d921c5c75ef3cca5461acc350c648f26d2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:40:15 2022 -0400

    output

commit adfdac6dea0e8f971c59557b383d116cd51619fd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:40:01 2022 -0400

    output

commit 1df2cfd1add8b2277cb37499ced4fbb713c17668
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:38:37 2022 -0400

    comment

commit fede41e6e03c33f2f6569f03593f76edb9969e6a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:38:04 2022 -0400

    fix

commit 52c46e4706d5799d452f260616a3909c9a3bc78f
Merge: 1b8500c dc41a58
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:37:41 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit dc41a58102a114e21209aabeef9ad6b851365898
Merge: 1b8500c e5f8004
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:37:57 2022 -0400

    Merge pull request #108 from Krish-sysadmin/master
    
    Continue for loop if unable to change one directory's permission

commit 1b8500cc22fdd6a51ec66ae1b04abccb9a529150
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 17:41:13 2022 -0400

    bumped changelog version

commit 277749f27b2da8d33b70fb6f88c6757fab77e636
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:49:08 2022 -0400

    genmkfile debinstfile

commit eb8535fe870e79a5c818a38c414147819d32346d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:48:39 2022 -0400

    renamed:    usr/bin/disabled-by-security-misc -> bin/disabled-by-security-misc

commit 26b2c9727f5ba6f78f5cd10c28c3561a97c81be9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:39:40 2022 -0400

    not blacklist CD-ROM / DVD yet
    
    https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31

commit d5c16503411bee4199c35a51226fc59924d6e142
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:28:09 2022 -0400

    shuffle

commit ca19d78d48ca88f5b00dcceb18ac4803c7893ca4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:27:15 2022 -0400

    shuffle

commit d018bdaf73e109a61c0687a171af843c890729e0
Merge: 1b287a6 780dc8e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:26:08 2022 -0400

    Merge remote-tracking branch 'raja-gerwal/master'

commit 780dc8eec99915a7466249e219ad59c5db5f0364
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 04:11:25 2022 +1000

    replace /bin/false -> /bin/disabled-by-security-misc

commit fa2e30f5125e438250acfdc52107a936ecb7b1b4
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 03:04:37 2022 +1000

    Updated descriptions of disabled modules

commit da389d6682f6eb1d0c0172c50a4b529152384415
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 02:12:04 2022 +1000

    Revert "replace /bin/false ->  /bin/true"
    
    This reverts commit f0511635a9725f79863c41a7b8d9f8a077ba8788.

commit 28381e81d4a57c59929a37745fa8ba5f3e0b25cb
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:28:30 2022 +0000

    Update README.md

commit f0511635a9725f79863c41a7b8d9f8a077ba8788
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:27:53 2022 +0000

    replace /bin/false ->  /bin/true

commit 18d67dbc5309a2403bece92881e671f46dc27f86
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:26:55 2022 +0000

    Blacklist more modules

commit 1b287a6430527c762f9bf909bcda58ab52041668
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 11:16:33 2022 -0400

    bumped changelog version

commit 92ff868ecefed4377c5f1e99eb5e5eecbb021564
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 11:05:36 2022 -0400

    readme

commit b8ba6085357631fb1f346a613d7e354aaf780560
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:57:28 2022 -0400

    readme

commit 949edf3e1753fcd403015c2d0dc8f3503a7f62d2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:48:58 2022 -0400

    readme

commit 1c0e0719483c68ce04b5c14159ad09a87c386deb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:45:55 2022 -0400

    comments

commit 5d47f5f74cc9f5e186de8db5305a44029ebbb362
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:45:09 2022 -0400

    comments

commit 435c689cf9ee9e94dec42ab3c45bc02beb8f9c40
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:44:28 2022 -0400

    comments

commit c20d588d7871bce1b8a02d46e6f658844a014572
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:42:37 2022 -0400

    comments

commit 8f03ce049a1f48bb088cf92f4f39cceb2e3a5ae6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:41:55 2022 -0400

    readme

commit b342ce930ea14a365ba23f37642cc9c098470362
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:28:22 2022 -0400

    add `/etc/default/grub.d/40_cold_boot_attack_defense.cfg`

commit e5f8004a9401727f1be2db492ea756bc19090866
Author: Krish-sysadmin <kjain@fedoraproject.org>
Date:   Tue Jul 5 03:37:40 2022 +0200

    Update hide-hardware-info

commit 69af8be7b80dcc30e3a5d1b0a1d1aa198528b876
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 19:10:55 2022 -0400

    drop_caches before and after sdmem

commit 67bdd58bf2a8090a29e35b85fb4a25d42a8f8a1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 19:07:06 2022 -0400

    sync

commit 01b82bf0f0b96b3e08e272b8b2e69c1b3f0dcc16
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 18:30:06 2022 -0400

    bumped changelog version

commit 973f117aa6a7418ea29125753f6c6b6f7e7986a4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 18:12:36 2022 -0400

    wipe RAM at shutdown: Ensure any remaining disk cache is erased by Linux' memory poisoning
    
    by running:
    `echo 3 > /proc/sys/vm/drop_caches`
    
    Inspired by Tails:
    https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/lib/initramfs-pre-shutdown-hook

commit e783ddc71e5e528051e1bd0fda3f60decc0af9bf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 17:37:16 2022 -0400

    bumped changelog version

commit 95187bd357e6f2f855afbf546da42c6229a8394e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 17:21:33 2022 -0400

    fix

commit 3bd87d019fb08644578d2ee73d2ac7185687f115
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:03:52 2022 -0400

    bumped changelog version

commit 148a050468658c254b67de2de61cad3e147e2178
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:03:45 2022 -0400

    fix

commit 82e7863d5b1efff2c558204bfdf04812af10660b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:02:28 2022 -0400

    improvement

commit aebca1b3dce026bbccefa38381e62f30904e5a6d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:52:08 2022 -0400

    bumped changelog version

commit 1144b39e5efcb318ad92413f623b6f039fd7a5fa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:50:59 2022 -0400

    debugging

commit c29b21c08a839d8dafe2c9654a58f2b178055935
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:45:19 2022 -0400

    output

commit ed8ce9a7d0869d62eecea7ffc59c176bec061d08
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:32:51 2022 -0400

    bumped changelog version

commit d34fe21963442c6025b56209d0ba10479cde09a6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:32:42 2022 -0400

    fix

commit 7a448e01a1f2be432c763678742301b64739b920
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 14:27:04 2022 -0400

    bumped changelog version

commit 32fdcf522be994e693f39c347ab1063ccd94255b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 14:47:45 2022 -0400

    - introduce `wiperam=skip` kernel parameter to skip wipe ram
    - introduce `wiperam=force` kernel parameter to force wipe ram inside VMs

commit 036f518ddc067461979f5b61a576b7f74b7c6e65
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 13:56:29 2022 -0400

    improvement

commit 0e2fae2b693d6c45344cfdf592bac0adf3338d58
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 13:50:18 2022 -0400

    skip ram wipe inside VMs
    
    https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596/40

commit e06405c7be683450e6c6f737171b4f10513254e7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:56:16 2022 -0400

    undo

commit 1b97d9cb766b00914769e5add699a8bdbcf1e7aa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:30:31 2022 -0400

    fix

commit 26be74bfe5c51a8ae41bb736847d3e93e7ae27d7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:25:07 2022 -0400

    bumped changelog version

commit 92c543e71ff5386f4458102e1795132399292328
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:24:52 2022 -0400

    output

commit d4161b2748665ca3b67e5ced5ae576acb93cda46
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:23:42 2022 -0400

    output

commit 1ce7b27297bce446fb5726eba1cbb0cd3746fa85
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:23:12 2022 -0400

    improvement

commit aae4fdcffd0e3ed168975bc84db149843ffdfe47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:06:33 2022 -0400

    bumped changelog version

commit 8b584c570af5d9ada8083af9bd80f3f992e3dceb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:06:22 2022 -0400

    lintian

commit a1f752ad00563b61a62a2dd33058365f1b6027de
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:03:58 2022 -0400

    bumped changelog version

commit f5e0c1742abc009b1af95f0d106a5e1cd90d1ef4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:02:05 2022 -0400

    credits

commit 42e24f3c241471d91af6f16b74b5bf85dfad85d7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:54:49 2022 -0400

    update file names

commit 52aaac9b6d3a9611317e919d78840554bfce9778
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:53:52 2022 -0400

    rename

commit 619bb3cf4d347c1575c58c74adbbede94d60f79b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:53:24 2022 -0400

    rename

commit 2a8504cf1bd2a4d7e373bde3f34f6f22e3d5ebc4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:51:14 2022 -0400

    move

commit af8b211c238f6fe83db5990dc0984d1c532456ae
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:50:20 2022 -0400

    improvements

commit 0b0cda8f8f2ff1da256473115df37456273cdcdd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:24:40 2022 -0400

    bumped changelog version

commit e9cd5d934b04f7d06a14616ef52a914198f03b97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:24:27 2022 -0400

    copyright

commit 1c51d156494e743c7ad89f76510209a97eef5e45
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:23:53 2022 -0400

    lintian

commit 4b0cd53fee691f68dd6292869b6f6870bc0b6cbe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:22:41 2022 -0400

    bumped changelog version

commit 9ab81d45810b71374520603c32812e22685f59cb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:22:00 2022 -0400

    do not power off too fast so wipe ram messages can be read

commit 19439033de840ed39039f04db7b13f6e168a627e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:19:56 2022 -0400

    copyright

commit fc202ede16ee41aceeec356ba35ba71cc7fc821d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:18:28 2022 -0400

    delete no longer required `usr/lib/dracut/modules.d/40sdmem-security-misc/README.md`

commit 6d3a08a9365207923edd2f0b6f8aebdc635d3b33
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:17:40 2022 -0400

    improvements

commit 87e5f49f8dc72f14e96cc06b924566668991037f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:18:02 2022 -0400

    bumped changelog version

commit 6eba53767f3af2436fd00b807e71a94dff813dfc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:17:52 2022 -0400

    lintian

commit 81c15e88afd11d3359ae748d5c43e7bcc8b9a855
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:15:48 2022 -0400

    bumped changelog version

commit 8a072437cc6478757a8f21f3a6a0ea51a97b978b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:13:30 2022 -0400

    ram wipe on shutdown: fix, added `need_shutdown` hook
    
    Otherwise dracut does not run on shutdown.
    
    Without `need_shutdown` file `/run/initramfs/.need_shutdown` does not get created.
    And without that file `/usr/lib/dracut/dracut-initramfs-restore`,
    which itself is started by `/lib/systemd/system/dracut-shutdown.service` does nothing.

commit 4d937f551f6cccf40f933576a7fa210066f1fc8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:03:35 2022 -0400

    bumped changelog version

commit 924077e04cd0d5b06a410b2a9289047286500e8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:53 2022 -0400

    verbose

commit db301dfd7feb07799a00871f0e1f8fdccef0b777
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:39 2022 -0400

    comment

commit 73d2ada0deb98064979ea1feedb01c6312c4b4d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:01 2022 -0400

    comment

commit 67eaf8c9167da545189390b6f0f58b0b5b20976c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:40:38 2022 -0400

    comments

commit 72908d6b0dd65d6c9691977047b2bfdaa16ba147
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:34:55 2022 -0400

    comments

commit 43ea4dbb8363c511270fd704b138633da9ad088a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:18:59 2022 -0400

    bumped changelog version

commit 295811a88f9505687447ebf605fa108bc795da46
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:14:52 2022 -0400

    improvements

commit e5d85d69efefdfcee63c8c7d4ced1ed1bf1aeee7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 10:02:18 2022 -0400

    bumped changelog version

commit af8ff65f8404ac1d423ad3c28342d8fe7bc3a018
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 10:01:51 2022 -0400

    comment

commit cfae7de6a842b77e50f9e6f5cb1eed0eac63ff2f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:58:37 2022 -0400

    lintian

commit 83519a58c7c1eccee7544fbc3ec0cf67bda976a7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:54:27 2022 -0400

    bumped changelog version

commit 024d52a67ebb6028d5df890e469fec5dc42be00a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:52:53 2022 -0400

    improve usr/lib/dracut/modules.d/40sdmem-security-misc/module-setup.sh

commit 29253004b6be7c7d2b3fce6cceff2df3e845f15a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:38:18 2022 -0400

    minor

commit 6f19af1542d3b6d2d6af89136ce909f7f7335ff1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:35:08 2022 -0400

    add shebang /bin/sh
    
    to fix lintian warning
    security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh

commit 38cdf2722bc0aa224e1ec253e77728d4e00b9be0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:32:55 2022 -0400

    - Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
    - Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
    
    Thanks to @friedy10!
    
    https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
    
    https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596

commit adca1ebdf6c83c5c1c846cdb29f3e16ea9cdf32f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 11:05:07 2022 -0400

    bumped changelog version

commit d7dd188651a5227be6b1d95e7ae9a97e0cbb34f0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 09:27:02 2022 -0400

    remove unicode

commit 55d16e1602c0221dbe00996a206d0691ef93ae71
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 09:04:03 2022 -0400

    remove unicode

commit fcaec49675ce7e240bdd049aab184fbee0945c7d
Merge: 5c43197 995e4ba
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:20:24 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 995e4ba7fafc1bf4f691b83dde415c57cebed63d
Merge: 616fe85 6e8f584
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:19:03 2022 -0400

    Merge pull request #104 from ntninja/patch-1
    
    Fix issues found with permission-hardening on my system

commit 5c43197f10df3a49704a66ef3e3d56f122be4775
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:11:28 2022 -0400

    minor

commit 6e8f584d88333d3a6fec1318ba92f76e328bf7ce
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Wed Jun 8 05:29:42 2022 +0000

    permission-hardening: Keep `pam_unix.so` password checking helper SetGID shadow

commit 2bdda9d0a0a289dafb260c926d29df274c9a67da
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:18:05 2022 +0000

    permssion-hardening: Do not skip config file lines without trailing newline (ancient bash bug)

commit 3910e4ee159d8b5f80c5086915583e4e20ecd6fe
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:11:51 2022 +0000

    permission-hardening: Keep `passwd` executable but non-SetUID

commit 9fd8e1c9b0250c9e00b555838bd381f162dfd8c4
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:03:56 2022 +0000

    permission-hardening: Fix issue with pipelining failures causing incorrect user/group lookup results

commit 616fe857f7a5cde1f4ad0d31e03876dcd2ab7f0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed May 25 06:07:17 2022 -0400

    bumped changelog version

commit 7e2efe0155b97955428e64181c9a6b32402ee9db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 20 15:27:10 2022 -0400

    readme

commit 2d37e3a1af3739eedd9191a0f0c78a2762c5fa38
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 20 14:46:38 2022 -0400

    copyright

commit 78a9956b73498bad471ee1cb0fa0993f2e5ce3c0
Merge: 4a3ed17 7651308
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 19:41:33 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 76513087872943442df32451de5af158c2bbe944
Merge: 4a3ed17 93efa50
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 19:39:42 2022 -0400

    Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions
    
    hide-hardware-info: re-enable restrictions on sysfs when using SELinux

commit 4a3ed17160c14ba7122d770665b53bde96038307
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 17:25:58 2022 -0400

    readme

commit bb0307290b59d0273f9ad585e881c91071e3edea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Apr 16 14:18:35 2022 -0400

    update link

commit 2677db34baeb120a402b684d4a62ccf616b5528c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Apr 10 12:40:16 2022 -0400

    readme

commit 93efa506dac6135f1a5c260ec95d985e7fedc53d
Author: 0xC0ncord <me@concord.sh>
Date:   Thu Mar 17 11:41:57 2022 -0400

    hide-hardware-info: disable selinux whitelist by default

commit 0051a6935acd2f452a9189d1581ccac7377dd23d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 14:06:54 2022 -0500

    bumped changelog version

commit b0a0004a85387a4f7520a688f6d2a9826d8e68fb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 13:47:10 2022 -0500

    output

commit 4f6f588fb53d2756d867ac7e29fb42f4f8fdb335
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 13:44:55 2022 -0500

    fix, skip deletion of system.map files on read-only filesystems
    
    This is required for Qubes /lib/modules read-only implementation at time of writing.
    
    Thanks to @marmarek for the bug report!
    
    https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324

commit 356232677a036cd1a673d805caa4d74a327ea096
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 9 14:32:33 2021 -0500

    readme

commit 4172232eb75aaca301e51529e49df76ca86b93b3
Author: 0xC0ncord <me@concord.sh>
Date:   Fri Oct 8 22:17:12 2021 -0400

    hide-hardware-info: make indentation consistent

commit 060d7d890a0292addaa1e85bb1b2ff7eece23378
Author: 0xC0ncord <me@concord.sh>
Date:   Fri Oct 8 22:11:58 2021 -0400

    hide-hardware-info: re-enable restrictions on sysfs when using SELinux
    
    When using SELinux, restrict the parts of sysfs explicitly to ensure
    restrictions are working as expected.

commit 96026a5e90a56cade2dff5f3dfc3687687e92c56
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Sep 14 14:18:52 2021 -0400

    bumped changelog version

commit c72567dbd215fcd60c4719fe1ebc9a0f350a2b97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Sep 14 14:18:44 2021 -0400

    fix

commit 03276fbec502df9e9fc228a0c05f3c85fd1483af
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 12 11:57:20 2021 -0400

    bumped changelog version

commit d62bbaab82a33a485a82d42d8db5674d200a1c3d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 12 11:40:58 2021 -0400

    fix, unduplicate kernel command line

commit fb0540650c26689165b2fd0558b87ef7c3154a6e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 11 16:33:14 2021 -0400

    readme

commit 64e9f0016aa5804740a099890a5ef648dde07883
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 9 12:35:37 2021 -0400

    bumped changelog version

commit bd31b4085c853d8b182e3a13534827a695f5493a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 9 12:16:18 2021 -0400

    remove Debian buster support in /etc/default/grub.d

commit d16d9a545502af1ec25a165a27bdbc1033b97d59
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 09:46:20 2021 -0400

    bumped changelog version

commit ac0c492663b9d90f99e5969193b35b53d4175d1d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 08:22:55 2021 -0400

    do not set kernel parameter `quiet loglevel=0` for recovery boot option
    
    for easier debugging

commit 49902b8c56512c3ee8b3d16b0ca513e44349c66d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 08:19:41 2021 -0400

    move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg

commit bb3a3178f17d1b882f38ba18db7835833f758805
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 04:55:23 2021 -0400

    bumped changelog version

commit f5b0e4b5b856ba6fa0dea7fa18c38221d972e8a3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 04:55:16 2021 -0400

    debugging

commit a67d1754d459a221930cb92754b51bec348f8035
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 5 16:04:28 2021 -0400

    bumped changelog version

commit 6257bfa926f960b3b772dd528fe6004f81d990ea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 5 15:54:20 2021 -0400

    debugging

commit 1b09d5671829c51bd17f44410d4122b6de7aa6e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 18:29:00 2021 -0400

    bumped changelog version

commit a4e18a2ae8c19a664bb1be5bc4ec43f10a876969
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 18:28:37 2021 -0400

    `dracut` `reproducible=yes`

commit 1a10293b0408a4197620ce78cffb62cb8c00908c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 12:00:55 2021 -0400

    bumped changelog version

commit e2810f348b413bb307449a911c12a46924686a9f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 11:50:31 2021 -0400

    Depends: libpam-modules-bin

commit 3c64ec8f917ed1237454d1526647a84bf00c9e83
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 2 14:36:53 2021 -0400

    bumped changelog version

commit be8c10496f26d33378deb2427e56892771456ee5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Sep 1 15:55:53 2021 -0400

    fix faillock implementation
    
    dovecot / ssh are exempted

commit 8b104f544a9e4e8da1691659fefa4999a4f6f085
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Sep 1 15:45:36 2021 -0400

    fix, add sshd to pam_service_exclusion_list
    
    to avoid faillock

commit 224ae730c13f4add672fffaf58206eeb7ae24090
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 22 05:32:18 2021 -0400

    bumped changelog version

commit db43cedcfdf918556ae3989209a4d984527a6416
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 22 05:23:24 2021 -0400

    LANG=C str_replace

commit ef2b067c0385dbae7b16bc79a10582995d8ba5fe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:24:12 2021 -0400

    bumped changelog version

commit 08adf4a07d97940ef924f53863ec4aa62f88fb04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:23:49 2021 -0400

    readme

commit 7d73b3ffa0bf13ba78debfb7f099758b0d0fbef3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:21:26 2021 -0400

    add hardened malloc compatibility for haveged workaround
    
    `/lib/systemd/system/haveged.service.d/30_security-misc.conf`
    
    `SystemCallFilter=getrandom`
    
    Otherwise haveged will exit with a core dump.

commit 8676beef90040bdf0782e0a9c683c6463ddb48b5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 18:26:32 2021 -0400

    bumped changelog version

commit 582492d6d8c5f756be4d809898707cb196c5c765
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 17:13:00 2021 -0400

    port from pam_tally2 to pam_faillock
    
    since pam_tally2 was deprecated upstream

commit 2bf0e7471cbd3b813ce385d994e43e48636f7a0b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 15:11:01 2021 -0400

    port from pam_tally2 to pam_faillock
    
    since pam_tally2 was deprecated upstream

commit 2aea74bd715d865f44f91aaab6ca1bf0a00a2b0b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 15:06:04 2021 -0400

    renamed:    usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info
    renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
    renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc

commit 6376bbff801f79dbb154611c3ad330b4cd863f69
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Aug 5 17:03:43 2021 -0400

    bumped changelog version

commit 3756016f42d97c6bf32c9bf5fed02904a63f4a5c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 13:04:34 2021 -0400

    `lintian --suppress-tags obsolete-command-in-modprobe.d-file`
    
    https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24

commit 50bdd097df4c87cd4507311df9c0b14d237c534b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:56:31 2021 -0400

    move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS

commit 4fadaad8c0a79df5996372c05db635d500e41fee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:52:10 2021 -0400

    lintian FHS

commit 6607c1e4bd085ee952952e6db17714326df4b7f6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:48:57 2021 -0400

    move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS

commit 0492f28aa10dc93063ff3b46107fa705c5ee0d7e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:37:39 2021 -0400

    enable "`apt-get --error-on=any`" by default
    
    makes apt exit non-zero for transient failures
    
    `/etc/apt/apt.conf.d/40error-on-any`
    
    https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068

commit 240ec7672a4d513e7e6cca280aca3d67c265d1cc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:19:26 2021 -0400

    replace no longer required `/usr/lib/security-misc/apt-get-wrapper` with `apt-get --error-on=any`

commit 8eae6356684052415f8bc494db077e033653d971
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 11:51:31 2021 -0400

    update lintian tag name

commit 5e3338f8d3ff799a2da4257e24b57bd55541187f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 05:48:25 2021 -0400

    bullseye

commit bb3e65f7a80770238bda3733bed89c15a9c76852
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 03:25:35 2021 -0400

    bullseye

commit c94281121e20289b718f24c13e399e5e8cac0ebd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 16:37:02 2021 -0400

    comment

commit 3599e8e2dabf13ad76901a9c282469f23d4d1308
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 16:24:41 2021 -0400

    readme

commit 82f3961a7165cc1e778be785950f1a255af43b4f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 13:12:08 2021 -0400

    bumped changelog version

commit 5a65c35479f267b026c03e195658ef9d98ee519c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 13:11:18 2021 -0400

    port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger

commit f03c7978c7c12eb0efed1d9298f52149a8149cb3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:31:45 2021 -0400

    bumped changelog version

commit b3e34f7f43346c123d20e9a1606b1023b535f669
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:27:07 2021 -0400

    comment

commit 7e128636b3a4ea7fe5dfa12018685ab7b5dda706
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:26:20 2021 -0400

    improve LKRG VirtualBox host configuration
    
    as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999

commit 3ebe9e7c530b39f1b0429a97eab2627f2bbd1635
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 24 18:10:06 2021 -0400

    bumped changelog version

commit 257cef24baa038b21ef511e9d95c4229a5e16f68
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 24 18:03:40 2021 -0400

    add LKRG compatibility settings automation for VirtualBox hosts
    
    https://github.com/openwall/lkrg/issues/82

commit 0f86ffef04e533be1c88584b6419c276d176fc05
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 23 11:20:39 2021 -0400

    bumped changelog version

commit 74e39cbf690dae2bf72bd9f152ea91c364f5feff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 11:18:56 2021 -0400

    pam-abort-on-locked-password: more descriptive error handling
    
    https://forums.whonix.org/t/restrict-root-access/7658/1

commit 0f3dbfc4a1fb08b5542e265dfbeab4e7f401549d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 10:16:57 2021 -0400

    bumped changelog version

commit eff5af03184f52181894884b90a8d867a1f10956
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 10:16:33 2021 -0400

    https://forums.whonix.org/t/restrict-root-access/7658/116

commit 419f1d89c25ca833ac63f2e174beeb9afb0cce00
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 7 12:13:37 2021 -0400

    bumped changelog version

commit 30d1ce36af7835d47e0b53af475f3a7e99617b77
Merge: 0305baf 70a1eb2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 7 12:11:58 2021 -0400

    Merge remote-tracking branch 'github-whonix/master'

commit 70a1eb25a5976e0461056ff2c56bd82ab5df6c2c
Merge: 0305baf 97d8db3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jun 5 15:55:41 2021 -0400

    Merge pull request #101 from madaidan/sudo
    
    Restrict sudo's file permissions

commit 97d8db3f74b9fc00c8f4416cb72966e62c7de88e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 5 19:16:42 2021 +0000

    Restrict sudo's file permissions

commit 0305baf21173f0ee292986200f1242ca0395c74d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 07:36:59 2021 -0400

    bumped changelog version

commit d87bee37f788fb7605626cd4a8d61ed9e6fee252
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 07:21:18 2021 -0400

    comment

commit 809930c0212aa41d60b1a498bd4ce85f06668bae
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 05:36:01 2021 -0400

    comment

commit 5bd59991cbf72ba9ebd8feadd4da397bbcd9d469
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed May 5 08:37:56 2021 -0400

    bumped changelog version

commit 6e759f9196412b1742db1e4c68a70867e1ad8629
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:17:30 2021 -0400

    config-package-dev displace /etc/dkms/framework.conf
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit e2afd00627b097f75467cd0e2fe7e15977141026
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:14:30 2021 -0400

    modify DKMS configuration file `/etc/dkms/framework.conf`
    
    Lower parallel compilation jobs to 1 if less than 2 GB RAM to avoid freezing of virtual machines.
    
    `parallel_jobs=1`
    
    This does not necessarily belong into security-misc, however likely
    security-misc will need to modify `/etc/dkms/framework.conf` in the future to
    enable kernel module signing.
    
    https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit 3ba3b371873d221db6845fb0fe52191b8b349b0a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:08:30 2021 -0400

    add `/etc/dkms/framework.conf.security-misc`
    
    original, from
    - https://github.com/dell/dkms/blob/master/dkms_framework.conf
    - https://raw.githubusercontent.com/dell/dkms/master/dkms_framework.conf
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit 1d35bdf2912d1dfd0b49ce727338f86d17decd72
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Apr 5 11:58:47 2021 -0400

    bumped changelog version

commit 41734ec523eb3cd233fe4651b9807222c8ccb1d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Apr 3 11:44:13 2021 -0400

    systemd RemainAfterExit=yes
    
    for better usability
    
    https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33

commit e8ea94325b1df7bc0c47eabdfbd7c24b2fe51539
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Mar 17 12:31:34 2021 -0400

    bumped changelog version

commit a67007f4b7b7763a0b131acb246cfe84ac65540f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Mar 17 09:45:21 2021 -0400

    copyright

commit 0c4a7207e46933a504badfb9c1ce26a9ef82d370
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Mar 4 07:09:01 2021 -0500

    bumped changelog version

commit a1819e8cabc45ea197da7e3a4a94ffbab1376423
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 09:15:44 2021 -0500

    comment

commit 3382192b89de3891d45261f138652bdb48c5674b
Merge: 7f30d70 2e8e3c0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 09:12:18 2021 -0500

    Merge remote-tracking branch 'github/master'

commit 2e8e3c07c4dda7f8500237dfa7a1d2bc7aecef5d
Merge: 7f30d70 4db7d6b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 14:11:28 2021 +0000

    Merge pull request #100 from 0xC0ncord/bugfix/selinuxfs_restrictions
    
    hide-hardware-info: allow unrestricting selinuxfs

commit 7f30d702953b2e46255e3e8e71ee47af3f5a5725
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 6 06:31:45 2021 -0500

    bumped changelog version

commit 83c0be5177929b67e3c9eba18c02904498d378cb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 6 06:27:54 2021 -0500

    readme

commit 4db7d6be643f9e7c9c3b81d3945b8d2c3e4c5269
Author: Kenton Groombridge <me@concord.sh>
Date:   Sat Feb 6 03:02:08 2021 -0500

    hide-hardware-info: allow unrestricting selinuxfs
    
    On SELinux systems, the /sys/fs/selinux directory must be visible to
    userspace utilities in order to function properly.

commit 3120ff3ec98edecdc2855261d3ba26cad8803c74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 29 23:37:03 2021 -0500

    bumped changelog version

commit af3244741dba7425148378aacf853e82deddee1f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 29 23:15:52 2021 -0500

    comment

commit d9aaf5910553b04b965ea729476b586d72043aea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 28 02:15:46 2021 -0500

    bumped changelog version

commit b0b7f569ee7da1101c9100c1b053b910f8660436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 28 02:11:54 2021 -0500

    comment

commit f2595cc2542b326a74d4c651897160c04bd1e162
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 27 05:50:16 2021 -0500

    bumped changelog version

commit 9622f28e255a101ee7239e3ffd42d8d80637654a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 27 05:49:34 2021 -0500

    skip counting failed login attempts from dovecot
    
    Failed dovecot logins should not result in account getting locked.
    
    revert "use pam_tally2 only for login"

commit 480f74cab6d79886fe29eeecc5b7ebc1f138f8dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 24 05:10:36 2021 -0500

    bumped changelog version

commit 6757104aa4d1e661b046e71f7bda511d73e83d61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 24 05:04:48 2021 -0500

    use pam_tally2 only for login
    
    to skip counting failed login attempts over ssh and mail login

commit 126c31c37d17a55b0980dcae8c546aeed4282a99
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 19 19:41:43 2021 -0500

    bumped changelog version

commit 14d13fb03ed627cfb378873ad46f4d3ac795a9f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 19 19:41:42 2021 -0500

    readme

commit 611fbe2c619d9b5fab748faf2b0f59274a914187
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 18 05:39:34 2021 -0500

    description

commit 0e8ea5eb727d609d70e8f639dde62583a3ff47f3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 14 02:36:49 2021 -0500

    bumped changelog version

commit ddd62c1eef031c2befc626acbe4d48d8cdbea1d0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:24:11 2021 -0500

    readme

commit 468d8b600dda7cce87bbdf972244ef2f610935d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:20:58 2021 -0500

    readme

commit b5cee63999a7277b32f3850a5d8821c73ed05933
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:19:31 2021 -0500

    new file:   README_generic.md

commit 94627f0875e69c9314faab8b0dc2dbe22af5c88f
Merge: 353e74f 79876f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:18:41 2021 -0500

    Merge remote-tracking branch 'github/master'

commit 79876f7b1261006885a713dbfda97609c8e81f3f
Merge: 353e74f 3066b5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 08:17:04 2021 +0000

    Merge pull request #99 from madaidan/docs
    
    Overhaul documentation

commit 3066b5ad972f16069361999afbca0978986db862
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jan 12 02:17:13 2021 +0000

    Overhaul documentation

commit 353e74fb5f0c150b9de3554b88619480c338ef59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 5 08:30:37 2021 -0500

    bumped changelog version

commit a258f35f385aff7b6fef71e23b94c4681e52bed2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 5 02:11:08 2021 -0500

    comment

commit a4d7e4614174e6f0357a068af0b7fd46e963a89f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 10 05:20:57 2020 -0500

    bumped changelog version

commit c5097ed599078091aef1fcb63b237d9835040c34
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:23:09 2020 -0500

    comment

commit b2b614ed2a1a62ff4c917aba80eeef505810dbf8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:15:52 2020 -0500

    cover more folders in /usr/local

commit 5bd267d7747521fa5bb053da19dc79991e2c4bb5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:10:50 2020 -0500

    refactoring

commit 11cdce02a048b323c6f56cb15f98e6060aab8346
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:10:10 2020 -0500

    refactoring

commit f73c55f16c10ee2cd0532f4032cec56c484bd4d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:08:58 2020 -0500

    /opt
    
    https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68

commit 261ef85c14ff9c13d3d7734d8c9eba5a54497187
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:53:06 2020 -0500

    bumped changelog version

commit c031f22995a1e073bd81189ee97a3de32a2b278f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:14:48 2020 -0500

    SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
    
    `whitelists_disable_all=true`

commit b09cc0de6af2d7e12110a0f3030234539288abad
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:10:26 2020 -0500

    Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
    
    This reverts commit 36a471ebce883f7a1660977f486b21ece320d0c2.

commit 704f0500ba4e23a1e5b33688db02e03b1169046d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:03:16 2020 -0500

    fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf
    
    since whitelist needs to be defined before SUID removal commands

commit 36a471ebce883f7a1660977f486b21ece320d0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:02:34 2020 -0500

    SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
    
    `whitelists_disable_all=true`

commit 318ab570aacd48b7f163331dc2ba8b012e0d2336
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 04:28:15 2020 -0500

    simplify disabling of SUID Disabler and Permission Hardener whitelist
    
    split `/etc/permission-hardening.d/30_default.conf` into multiple files
    
    `/etc/permission-hardening.d/40_default_whitelist_[...].conf`
    
    therefore make it easier to delete any whitelisted SUID binaries

commit cf07e977bd6697af7a4326d7705447d500d35593
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 29 09:09:42 2020 -0500

    add `/bin/pkexec exactwhitelist` for consistency
    
    since there is already `/usr/bin/pkexec exactwhitelist`

commit fe274838861ada125eccdca11ba044123fdae663
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 28 06:08:10 2020 -0500

    bumped changelog version

commit 28a326a8a14f56d588ed6f2b4d7d748d53120109
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 28 05:31:12 2020 -0500

    add feature `/usr/lib/security-misc/permission-hardening-undo /path/to/filename`
    
    to allow removing 1 SUID
    
    fix, show INFO message if file does not exist during removal rather than ERROR

commit 0ef35f877066ddac21737e707829c4571bb76abd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 6 10:18:09 2020 -0500

    bumped changelog version

commit abae787186d48b2cccf220cbf7b553f8478e60be
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:47:16 2020 -0500

    usability: pam abort when attempting to login to root when root password is locked

commit 581e31af81015fb85ee1bdd81586dbea13804955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:46:57 2020 -0500

    comment

commit dfe9b0f6c7364e4d3cc3bf13ad7c0fccc2cb7e10
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:42:47 2020 -0500

    fix, no longer unconditionally abort pam for user accounts with locked passwords
    
    as locked user accounts might have valid sudoers exceptions
    
    Thanks to @mimp for the bug report!
    
    https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521

commit 211769dc65a5c98cbdb55ce62e83c9e2a9fa1540
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:41:51 2020 -0500

    comment

commit 79521397310f5e4e200291b2e2380e8e58953f18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:39:32 2020 -0500

    comment

commit bb72c1278dd02a48a631d8e798cd78100576a1a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:36:39 2020 -0500

    copyright

commit f4843b1deb95948f9fe2a2870ecbe61c1cab798a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:29:25 2020 -0400

    bumped changelog version

commit c1e0bb831025854afbd88e5c353a000c4dadaede
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:11:49 2020 -0400

    shebang

commit b06d4ca29983938fa81acfc379366e6c1516c69a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:09:22 2020 -0400

    bumped changelog version

commit 3f656be5746ec4d219371fb0d67c222df7fe52d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 05:48:10 2020 -0400

    chmod +x /etc/X11/Xsession.d/50panic_on_oops
    chmod +x /etc/X11/Xsession.d/50security-misc

commit 881d695bff7d65c66bbf8e0973f883c75a3d1ebb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 5 07:03:37 2020 -0400

    bumped changelog version

commit 3adb2c92d9551f649b177753fede18da3cc4b0eb
Merge: feb7cea 5856013
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 3 14:10:32 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 58560138cdc36fa5f6142f75f0fed53bcad96363
Merge: feb7cea 06ffd5d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 3 18:09:07 2020 +0000

    Merge pull request #77 from madaidan/debugfs
    
    Restrict access to debugfs

commit 06ffd5d2201152c60eb4309860b8c42be386dccb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Sep 28 19:21:20 2020 +0000

    Restrict access to debugfs

commit feb7cea4c508a94d1140bc08856d0fe586da694e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:30:42 2020 -0400

    bumped changelog version

commit da1ac48cde8ea5057d1606a2fba42ea179677378
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:29:50 2020 -0400

    unblacklist squashfs as this would likely break Whonix-Host ISO
    
    https://github.com/Whonix/security-misc/pull/75#issuecomment-700044182

commit 4070133ed65af409adeb6f8c7970d3bc7074b02b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:25:57 2020 -0400

    unblacklist vfat
    
    https://github.com/Whonix/security-misc/pull/75#issuecomment-695201068

commit 77d461ec08ffdf0eb6a5d124927d9f9748c0dd3c
Merge: 5fc7b79 3684ab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:24:59 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 3684ab585eeab46ff17a1d410ce1bcff1a63968c
Merge: ae90107 a813e7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 14:24:15 2020 +0000

    Merge pull request #75 from flawedworld/patch-1
    
    Blacklist more modules (based on OpenSCAP for RHEL 8)

commit ae90107e6df4d312a6734985df38b8533d1283c8
Merge: 5fc7b79 8f7727e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 14:23:42 2020 +0000

    Merge pull request #76 from flawedworld/patch-2
    
    Add IPv6 sysctl options and enforce kernel.perf_event_paranoid=3

commit a813e7da07a39e96e0cd7937aee7568307a00287
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Sat Sep 19 20:46:19 2020 +0100

    Blacklist more modules

commit 5fc7b791db473c22ea43ff899e2dbe232c42a2b7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 09:28:27 2020 -0400

    bumped changelog version

commit bff6ce7abb920d55edc49b19340a1e9251a4cd8c
Merge: 98c0dec 9239c8b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 06:54:50 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 9239c8b8074018090d4fa1381aa06e66a99359cc
Merge: 98c0dec 8dfdec1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 10:54:21 2020 +0000

    Merge pull request #71 from onions-knight/patch-1
    
    Update thunar.xml

commit 8f7727e823a86a1826686d5c95d0070721c7acba
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Fri Sep 18 23:36:30 2020 +0100

    Add some IPv6 options

commit 944fed3c459dd55820cb1eca68f86816bdf8469f
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Fri Sep 18 23:29:04 2020 +0100

    Disallow kernel profiling by users without CAP_SYS_ADMIN
    
    It's the default on a lot of stuff, but still nice to have.

commit 98c0decaa46c6fb839062ff9af0556d821c254e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 3 09:43:43 2020 -0400

    bumped changelog version

commit 7e267ab49850362c02374a15fdba2409a5487a0f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 3 08:12:19 2020 -0400

    fix, allow group `sudo` and `console` to use consoles
    
    fix /etc/security/access-security-misc.conf syntax error
    
    Thanks to @81a989 for the bug report!
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/31

commit b09f5ddc154d6561fd97b436feeb6a6225f89206
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 29 08:33:07 2020 -0400

    bumped changelog version

commit ac8bc4f006dbc1583e35ba033e38dac8392127e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 29 06:30:07 2020 -0400

    readme

commit 861f9d1022e61766c7474d9eb79489ba64ac2055
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 14 13:57:32 2020 -0400

    bumped changelog version

commit 3cd7b144bba1a92ca771b16fc5215073c7561a1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 14 13:47:58 2020 -0400

    move "kernel.printk = 3 3 3 3" to separate file /etc/sysctl.d/30_silent-kernel-printk.conf
    
    so package debug-misc can easily disable it
    
    https://phabricator.whonix.org/T950

commit 81cb6ad2462a900f9c5193278de70ada62a5585b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 23 12:27:25 2020 -0400

    bumped changelog version

commit 6485df8126b52a2072824fa442e8d1dd5cb18981
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 23 12:26:31 2020 -0400

    Prevent kernel info leaks in console during boot.
    
    add kernel parameter `quiet loglevel=0`
    
    https://phabricator.whonix.org/T950

commit aa5631b02b0127b4681ae08c973b08b23befd701
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 08:43:40 2020 -0400

    bumped changelog version

commit 8d2e4b68dcae87b27f519196488e0ed7e8b95ef2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 08:00:31 2020 -0400

    Prevent kernel info leaks in console during boot.
    
    By setting `kernel.printk = 3 3 3 3`.
    
    https://phabricator.whonix.org/T950
    
    Thanks to @madaidan for the suggestion!

commit 4898a9e753e9399e83e4a39d8fa340e1ad9d4f6d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 07:54:33 2020 -0400

    fix, sysctl-initramfs: switch log to /run/initramfs/sysctl-initramfs-error.log
    
    since ephemeral, in RAM, not written to disk, no conflict with grub-live
    
    https://forums.whonix.org/t/kernel-hardening/7296/435

commit 701da5f6cc911e3946904c152078dc6c637e5070
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 07:24:44 2020 -0400

    formatting

commit cb51847085c1b62c99ab160373c52a388bdfe300
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 15 14:05:37 2020 -0400

    readme

commit df218ad6582ab88be16e66cf13951d0a5271411b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Apr 14 12:40:31 2020 -0400

    bumped changelog version

commit 8851c9ed29e79d2ef5df9c7b7086878e69b90bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Apr 14 12:39:34 2020 -0400

    fix: disable proc-hidepid.service

commit b6dde34bfb696218cc14ac89d169ec0e37814bff
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:56:34 2020 -0400

    bumped changelog version

commit e0b8640fb9d03feb6b01fed4469d901e3f9a5dc0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:56:34 2020 -0400

    readme

commit 253578afdf9a4aeb8c5495ca815d0326086dc986
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:50:32 2020 -0400

    /etc/security/access-security-misc.conf white list ttyS0 etc.
    
    ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9
    
    Thanks to @subpar_marlin for the bug report and helping to fix this!
    
    https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43
    
    https://forums.whonix.org/t/etc-security-hardening/8592

commit b3ce18f0f9f1da0552a4a1bd882a5b5dda13626e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:54:10 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 442931529121e9e402e7ac56e27df3dcec43167b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:52:55 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 72be31e870057b035651c1b5a7e9a9db149e9d25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:48:13 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 938e929f39ff68296ab01a4b619f963ad3bdf535
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:37:51 2020 -0400

    add pkexec to suid default whitelist
    
    /usr/bin/pkexec exactwhitelist
    /usr/bin/pkexec.security-misc-orig exactwhitelist

commit 695ad5b83d0e89b1c3b8a5f09f2d7d0a17d8e72f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 9 09:45:30 2020 +0000

    bumped changelog version

commit 67b9d06b25a651b89e35abdd227a1740871395cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 9 09:45:29 2020 +0000

    readme

commit 565ff136e5f1e714b4094fcd9cfdf99a0fb99850
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 21:04:02 2020 +0000

    vm.swappiness=1
    
    import from swappiness-lowest
    
    https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278

commit 642d4d8d939f33c19564dcc5a0ed46d85feb80aa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 17:13:21 2020 +0000

    bumped changelog version

commit a9d0baffe600b9ac5bb7d6ee4e7c5c5830bc60ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:57:32 2020 +0000

    python -> python3

commit 4153d8d08874256647d3200333d6754baac2ea63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:51:22 2020 +0000

    apparmor-profile-anondist -> apparmor-profile-dist

commit 72228946dca93b5c8257ac5a6ad59e54b7b14d11
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:46:11 2020 +0000

    fix etc/default/grub.d/40_kernel_hardening.cfg
    
    in Qubes if no kernel package is installed

commit bfd6018d8d108ee8691556529121fe2a679de1d2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:51:11 2020 +0000

    bumped changelog version

commit 0441f2ed7ad01585c11c9fb6a05cd3884408c9d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:30:05 2020 +0000

    readme

commit 663811a8192d7d08769eaf5e9c057b9dcca34562
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:04:13 2020 +0000

    anon-base-files -> dist-base-files

commit cc8489df2ff655276be31073ec2fff57a9e8b448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 13:29:23 2020 -0400

    bumped changelog version

commit 350a15dfbf9186c4bd81159b7656b5707a95c5db
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 13:22:32 2020 -0400

    readme

commit 5c81e1f23fa07a0e3c96d15dc3cc24d41332fe3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 09:25:45 2020 -0400

    import from anon-gpg-conf

commit 1b2a34ea80fa9efeb02acaa8595e3c38fd9d06ca
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 4 16:51:42 2020 -0400

    bumped changelog version

commit 1188a44f47602248911d81f4dc3af08b830b65b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 4 16:49:30 2020 -0400

    port to python 3.7

commit a2c932aa5a354798ce1383e988519f9a2cb69374
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 07:58:51 2020 -0400

    bumped changelog version

commit ae8c5fff3c70c00931b95cd04b8729d2c1bd2a60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 07:22:47 2020 -0400

    readme

commit a7f2a2a3b6b408a0545f55b8fed9cc17fbd8f843
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 06:04:45 2020 -0400

    console lockdown: allow members of group `sudo` to use console
    
    https://forums.whonix.org/t/etc-security-hardening/8592
    
    https://github.com/Whonix/security-misc/pull/74#issuecomment-607748407
    
    https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown

commit 7764ee0d202193dc67f5805fc23be2b804962186
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 05:58:16 2020 -0400

    comments

commit d9f2a0e4a1837ef1604e4cd17ce8ae60996c9782
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 17:34:59 2020 -0400

    remove 'Build-Depends: ronn' since no longer required

commit eda9c57a628ebf1083f87789842d5403c6e05122
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 16:57:33 2020 -0400

    remove genmkfile

commit 2609fe9c3efff611dc5bce20d62580dace02757b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 16:33:29 2020 -0400

    add debian install file

commit d4b2baa9b66d480d5e45c628f8bc4ff11fab765f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 10:58:16 2020 -0400

    bumped changelog version

commit 2ceea8d1fe9f2425488c6696f75f2ecfd9ff2235
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:49:59 2020 -0400

    update copyright year

commit b6de867dec85efb03cf38aa85494607edb4500f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:26:44 2020 -0400

    bumped changelog version

commit ad022fc0b703f28f24665d28b072f1a993978370
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:21:06 2020 -0400

    fix

commit 354af7085be7e266913c3ae79701cd1abc729d06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 31 07:41:45 2020 -0400

    bumped changelog version

commit 814f613a2fac12b892dfb6dcf53ee628e340c7b2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 31 07:08:25 2020 -0400

    When using systemd-nspawn (chroot) then `login` requires console 'console' to be permitted.

commit a369a0a94dca7fff68234e4f75d74a4e9d63df5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 18:42:02 2020 -0400

    bumped changelog version

commit c22adbd92fcab45fb3b1d3e98528c4790bb20a6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 18:39:23 2020 -0400

    notify if security-misc installation is forced

commit 7ee5fc1b760dff0f86d8cf07a77cbd42d40f7a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:16:46 2020 -0400

    bumped changelog version

commit f663b5eff8a6f2fa406039ced4441c5a4a9c1477
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:15:02 2020 -0400

    skip check if any non-root user is a member of group sudo and console if
    environment variable `SECURITY_MISC_INSTALL` is set to `force`

commit bc22fc9fdba834d0a2d8fdc75b86934e56b317c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:12:43 2020 -0400

    skip check if any non-root user is a member of group sudo and console if file
    /var/lib/security-misc/skip_install_check exists

commit d7a69628b1def631b04219da7aee764eebea37df
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:56:48 2020 -0400

    bumped changelog version

commit 5f0dd8270ba6311018e654cca3b8b86818af5a82
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:14:35 2020 -0400

    consistent use of quotes

commit 66ea1a3a127642c5515ac6fd80952a56568620bc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:14:15 2020 -0400

    minor

commit 23bd7ead59c0bdd793a955aaa613552b37a38dab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:12:42 2020 -0400

    remove trailing space

commit 7c25fc517e6f42d4364a55407f6bf0c84d130c8e
Merge: 20f0c57 1cbc7f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:12:25 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 1cbc7f6bed8acc112b610e05f527cffc6e9e1e87
Merge: 20f0c57 89ada11
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 18:11:57 2020 +0000

    Merge pull request #73 from madaidan/sysctl-initramfs
    
    Only remount in sysctl-initramfs if already mounted read-only

commit 89ada11cf9a76cf02b3d5f92fd5c66194fe40ff0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Mar 21 17:49:07 2020 +0000

    Only remount if already mounted read-only

commit 20f0c574d5424c78ab6b4d3829a6662615967ba5
Merge: e4118cb 2938182
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 13:28:43 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 2938182ce6303e6e55086e2e9e82f8263a3c8e76
Merge: e4118cb c8826d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 17:26:37 2020 +0000

    Merge pull request #72 from madaidan/master
    
    Fix sysctl-initramfs logs

commit c8826d6702ebaf280994effb22aea39b4cfd2dac
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Mar 21 17:15:25 2020 +0000

    Fix sysctl-initramfs logs

commit 8dfdec1d3b0fde7b2836b38e5aefab1b6b6df9f2
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
Date:   Tue Mar 17 16:38:53 2020 +0000

    Update thunar.xml
    
    Adding Delete option for thunar on right mouse click (removed in Debian 10). See https://forums.whonix.org/t/whonix-host-calamares-branding-suggestion/7772/26

commit e4118cb21eb8765bc8f4e7b5e05d464d72575824
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 12 04:43:08 2020 -0400

    bumped changelog version

commit e6e7886a6e3dca1a75943c5a04c4d29ab8682cec
Merge: 04a87f7 711e786
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Mar 11 09:08:41 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 711e786be504179c832172acb39d567b323520e6
Merge: 04a87f7 4d0de87
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Mar 11 13:06:23 2020 +0000

    Merge pull request #70 from madaidan/userfaultfd
    
    Fix unprivileged_userfaultfd

commit 4d0de87f799d8032731140e9a5815d4773d91baa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Mar 8 17:49:49 2020 +0000

    Disable unprivileged userfaultfd use again

commit efb2683cfc168c3b110c6664ee61eabcf85f3f30
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Mar 8 17:49:12 2020 +0000

    Hide unprivileged_userfaultfd error

commit 04a87f7029736e5ce66f18bb6c42cadf3500b26b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Mar 8 09:43:24 2020 -0400

    bumped changelog version

commit 284a49110030b21aa3136447217273337a12acaf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Mar 8 08:07:10 2020 -0400

    disable `vm.unprivileged_userfaultfd=0` for now
    
    because broken
    
    https://forums.whonix.org/t/kernel-hardening/7296/406
    
    reverts "Restrict the userfaultfd() syscall to root as it can make heap sprays easier."
    
    https://duasynt.com/blog/linux-kernel-heap-spray

commit 44351ec9b78d59aeeef44675e8e203c7ace243f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 7 21:44:19 2020 -0500

    remove no longer needed code for installation of apparmor profiles

commit 71ae6239168d829e25670ffa856ee0f011a168a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 5 08:36:27 2020 -0500

    bumped changelog version

commit 76eb9579a3038982301fc622c84cd48fa3d88ffd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 5 08:33:00 2020 -0500

    readme

commit 15dde15a36c3cac0088773670b84f7e1e2b1423f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:42:24 2020 -0500

    typo

commit 8887af26d6a82613ee1f9c3a10ba42fdd2444d1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:19:49 2020 -0500

    bumped changelog version

commit 1dea4dbcf6fa3299e513d01005b514e42bf51538
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:18:38 2020 -0500

    readme

commit cd19c2da006d38cd0cd3653b31e398d16396d825
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:18:24 2020 -0500

    fix lintian warning

commit 7e3fedefb234e584d900c036c424ac083a9efa3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:12:50 2020 -0500

    bumped changelog version

commit 201d6b5efc355b08b5f94f9284d2242dec9c56b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:07:42 2020 -0500

    readme

commit 63c6405ab74f0dd5f3ec3838135b29304a3d1fc8
Merge: e3e39f2 453aa8a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 07:34:46 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 453aa8a4eb76fe56ad67f1aea8abfeb122e68a9c
Merge: e3e39f2 60fbf8b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 12:28:32 2020 +0000

    Merge pull request #65 from madaidan/userfaultfd
    
    Restrict the userfaultfd() syscall to root

commit e3e39f22354595c9f21c243d7bdadc1487374db8
Merge: 649ec5d bd7678c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 05:01:41 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 649ec5dfa1d2c0e324d8054b4c7402ab2b462d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:56 2020 -0500

    pkexec wrapper: fix gdebi / synaptic
    
    but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d
    exceptions.
    
    http://forums.whonix.org/t/cannot-use-pkexec/8129/53

commit 32269d32b63e549f76b4090b675dd53256fbc42d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:15 2020 -0500

    description

commit b31caefdeb8b76537982e359e708b57081d7b381
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:02 2020 -0500

    description

commit bd7678c574819298b364185fe7e3362c7e8d4930
Merge: d04d4bf 42d3b98
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 28 12:04:05 2020 +0000

    Merge pull request #66 from madaidan/mce
    
    Fix docs

commit 42d3b986c41854fc2990557d2333874e9379793b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Feb 27 17:41:14 2020 +0000

    Update control

commit d04d4bf0950b60b8e5bf51b2303bbecdbc5fe326
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:08:10 2020 -0500

    description

commit 4043d2af3f8239a2056610363fc9d53770ebc336
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:06:48 2020 -0500

    description

commit 0e5187ff249c686908506896e01125e37d194543
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:00:27 2020 -0500

    description

commit 60fbf8b0de8a631d8a63c64f7e8181fee501c237
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Feb 24 18:24:07 2020 +0000

    Update control

commit 6b64b36b0190198f5edfda6c704a9efe3ea5b9a6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Feb 24 18:23:15 2020 +0000

    Restrict the userfaultfd() syscall to root

commit 221000db5b184664c09dfe9cb7055de45331a7e1
Merge: 01eaee9 c7f2537
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 17 03:17:11 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit c7f2537930925e3ec250db81791a107af003079b
Merge: 01eaee9 8ea4e50
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 17 08:16:34 2020 +0000

    Merge pull request #64 from madaidan/extra_latent_entropy
    
    Gather more entropy during boot

commit 8ea4e50c8e9c3c9ee650b665a32b78f67aedc1aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Feb 16 19:52:40 2020 +0000

    Update control

commit f6b6ab374ea2b24dfd4ac49bc1a595b50ab3d952
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Feb 16 19:51:32 2020 +0000

    Gather more entropy during boot

commit 01eaee997e34aa73a11dffe032ace5ef23c37e28
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:35:44 2020 -0500

    bumped changelog version

commit 412a83923dd09f36a25ebf9ce1991369d09c5e34
Merge: dce54d5 4399a51
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:30:32 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit dce54d5d0f7c6017037b5fb6a5851dd90ce5d762
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:29:38 2020 -0500

    bumped changelog version

commit 3df008f0b9aa08c8b92c89439abeb029f5d1f316
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:28:30 2020 -0500

    readme

commit 4399a512bef77ddec428bd4150cacebb77fc22da
Merge: 757df8f a79ce7f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 19:43:05 2020 +0000

    Merge pull request #63 from madaidan/ldisc_autoload
    
    Document ldisc_autoload better

commit a79ce7fa68c22048d3e10789fe209b14b818d0fb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Feb 15 17:30:21 2020 +0000

    Document ldisc_autoload better

commit 757df8fceb29d9b6143cf26e73cb31dde69d0a71
Merge: 9bbae90 a9a1581
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:43:43 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit a9a1581720739966e94f18be556552e9d75d63b1
Merge: 9bbae90 1e5946c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:42:20 2020 +0000

    Merge pull request #60 from madaidan/sysrq
    
    Restrict the SysRq key

commit 1e5946c795e3962fdc2229146b9331d36a1d6c41
Merge: 0f49736 9bbae90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:41:52 2020 +0000

    Merge branch 'master' into sysrq

commit 9bbae903fe5ee58d4a22dfeab51cbb179b8cfb14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:29:48 2020 -0500

    remove-system.map: lower verbosity output

commit cce35e5109489df44916a08722d9016bb1e578ec
Merge: 14140ad e403517
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:27:52 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit e40351796e297673e1ec45dee7483079e96d9639
Merge: 5124f8c 31009f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:25:15 2020 +0000

    Merge pull request #62 from madaidan/shred
    
    Shred System.map files

commit 5124f8cebcf6113547d11fc5193f83af1a2b6f84
Merge: ac8757a 9b76713
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:18:56 2020 +0000

    Merge pull request #61 from madaidan/disable_early_pci_dma
    
    Avoid holes in IOMMU

commit ac8757a031a02c6cbad564e6a857954c0cf01a54
Merge: ad6b766 ace6211
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:09:46 2020 +0000

    Merge pull request #59 from madaidan/ldisc
    
    Restrict loading line disciplines to CAP_SYS_MODULE

commit 31009f0bfa10e7b67f5823a5be92273e5414fff3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 23:46:19 2020 +0000

    Shred System.map files

commit 9b767139ef82279e00d86f7f1e1e8bf73d795651
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:52:01 2020 +0000

    Avoid holes in IOMMU

commit 0f497369574811b0e7fb832636a5618e62618619
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:18:18 2020 +0000

    Update control

commit d251c43344a04e1dd8afbf12352432810874e021
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:17:20 2020 +0000

    Restrict the SysRq key

commit ace62111761451a13c446767dfd3c32b9b70a7f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 17:51:17 2020 +0000

    Update control

commit 0ea7dd161b3e643c23624e6dcb450116824b6301
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 17:50:19 2020 +0000

    Restrict loading line disciplines to CAP_SYS_MODULE

commit ad6b76688677cd4f9f0b2f2524c0f6b0a381bf29
Merge: 14140ad 14f8458
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 18:40:58 2020 +0000

    Merge pull request #57 from madaidan/sysctl
    
    Prevent symlink/hardlink TOCTOU races

commit 14140ad41ba45b2457570a7df28b42cfd3bf3155
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:39:45 2020 -0500

    bumped changelog version

commit d1fa191bc0ad58ea4fbb5b4db383311f87319dfe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:38:21 2020 -0500

    readme

commit 76a51a3b45113b4f771397bf32daae3fb38af6a6
Merge: 163e20b 5ebab39
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:37:34 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 5ebab397b201f431e3d0ca3bebfb71fa61a7ed2b
Merge: 163e20b 2796c2d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 18:36:41 2020 +0000

    Merge pull request #58 from madaidan/mitigations
    
    Improve CPU mitigations documentation

commit 2796c2dd00fca0bb458bdb4ea5c2cdbd35854bef
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:43:19 2020 +0000

    Update control

commit 700c7ed9085f2c9f0f271ddf8781f119e8ac5714
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:42:13 2020 +0000

    Create 40_cpu_mitigations.cfg

commit ba0043b8a7249e55e0a0d3b87f6c54de5283f057
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:36:05 2020 +0000

    Update 40_kernel_hardening.cfg

commit 14f845837476810f1eb3038d9d41f9ad8088b916
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:05:32 2020 +0000

    Update control

commit 5cb21d0d4d36fd516f17a9b5378443859f497027
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:03:23 2020 +0000

    Prevent symlink/hardlink TOCTOU races

commit 163e20b886f298cb9d3aca54c14f66991001b396
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 5 06:31:48 2020 -0500

    bumped changelog version

commit 3024006f63be34f0c9d2968b1839a855419792dd
Merge: 8c5cd86 024576e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 4 00:24:50 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 024576e3307e45c90b97ed8658ee82ceb1ed00aa
Merge: 8c5cd86 e4c6e89
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 4 05:24:05 2020 +0000

    Merge pull request #56 from HulaHoop0/patch-1
    
    kvm.nx_huge_pages=force

commit e4c6e897cf37cbf5de6d90888a0ddbe56db11c2f
Author: HulaHoop0 <55955185+HulaHoop0@users.noreply.github.com>
Date:   Mon Feb 3 16:06:46 2020 +0000

    kvm.nx_huge_pages=force

commit 8c5cd865f49cea986cdfc00a4cb4f0f913d4d3e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 09:23:13 2020 -0500

    bumped changelog version

commit 1f6ed2cc7047e1144e811d94dddc7306ee93b61e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:55:20 2020 -0500

    add support for passing parameters to usr/lib/security-misc/apt-get-update

commit 2291b7f787bcec5f64f632c6f3e8dfb12c67b4ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:43:31 2020 -0500

    bumped changelog version

commit 8627c9f76d1bdf26a423a92506d3d8c0eb1afc2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:18:02 2020 -0500

    /usr/lib/security-misc/apt-get-update increase default timeout_after="600"

commit 829e28aa90ff5cb38edcc3cfab8ec91939ae5844
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:17:07 2020 -0500

    /usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support

commit 0bd0a4a647aef9899e1cbb5671ccfa3ca36efe18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:14:34 2020 -0500

    bumped changelog version

commit 85d2aa1365ae5dfc43944a938794954452c26fe0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:13:42 2020 -0500

    hide stdout (but not stderr) by sysctl during initramfs

commit d69c1839cd30145c30247e0962a97cfd38f79d60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:02:26 2020 -0500

    bumped changelog version

commit b9d65338bcc76552e4d2169106cd04e6276eb320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 05:55:13 2020 -0500

    unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...)
    
    this might reduce performance
    
    * `spectre_v2=on`
    * `spec_store_bypass_disable=on`
    * `tsx=off`
    * `tsx_async_abort=full,nosmt`
    
    Thanks to @madaidan for the suggestion!
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647

commit 2711d0f7f08362f97383fbae81ce9d520b19dcbc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:32 2020 -0500

    bumped changelog version

commit 4df0d6c01cc91139dc9eef1dc4265e8cacde8cdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:06 2020 -0500

    readme

commit c1a0da60beacd027c1c7c94ae44a9d7b1ab708b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 00:46:48 2020 -0500

    set kernel boot parameter `l1tf=full,force` and `nosmt=force`
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17

commit efc40da4fb1fffcc760685cda0e49dc04da4c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 12:02:27 2020 -0500

    bumped changelog version

commit 07dcb32fc28abf33eaf0425c67cc5cf9ee1f5a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 11:55:38 2020 -0500

    readme

commit f4c54881ac21ed095f54a59f9c0baf582ef76d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:49:19 2020 -0500

    description

commit 25317f23e3a80fdd9f6965990cd397ddcab11a4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:41:16 2020 -0500

    bumped changelog version

commit be79f0688a47dca129ac61dd78b18a2638e8650c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:20 2020 -0500

    readme

commit c0d3726b002d136e602c6bdaf07c5d94c5591ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:03 2020 -0500

    comment

commit a37da1c96880b14a8271712801e6da3d3ea766eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:39:06 2020 -0500

    add digits to drop-in file names

commit 2ab940c60311ae38079d2ceb09e04eedac2aad90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:34:18 2020 -0500

    bumped changelog version

commit bac6cd601baaca7453c55719e9dfa84d5109135d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:54 2020 -0500

    readme

commit 3a4d283169b381bdc93c4ff5ce7b08c11a0830b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:30 2020 -0500

    description

commit e0aa67677d3561cae6544c24e12021dd04f26133
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:30:36 2020 -0500

    merge the many modprobe.d config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit 6a4c493213929b354a3c8d2acf2325473ae63cfd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:26:36 2020 -0500

    merge the many sysctl config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit f653b94e7747436323e2083d416ab86560e3cd71
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:49:02 2020 -0500

    bumped changelog version

commit ca057713e2e1f3c4a47216aadb51ba0ca012e39e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:39:04 2020 -0500

    readme

commit 8616728ce0a6e5eaa799949abb5bfccd0a7effa7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:35:15 2020 -0500

    remove duplicate

commit d4a37b6df2a2de4822e3e4bac93ca3e10712af7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:18:17 2020 -0500

    remove-system.map: source /usr/lib/helper-scripts/pre.bsh

commit 3b283ec00f03b580d2f8b76f95449240a163dd48
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:10:47 2020 -0500

    bumped changelog version

commit 531f17cb68b331beb19a6e6c8b76575ebe38f95e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:08:08 2020 -0500

    add update initramfs trigger
    
    https://github.com/Whonix/security-misc/pull/53

commit df0b2afda1e1d5a3fddfd8c48b62a5de8295d687
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:12:32 2020 -0500

    bumped changelog version

commit 18041efa2f704d2a177b033ff8008aacdb7dde3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:01:17 2020 -0500

    fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live

commit 627b95e0b363e2e46a5de8a7aa5065bc66242293
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:51:25 2020 -0500

    bumped changelog version

commit fbe9b60d95d43452bf661461197efced431806a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:49:02 2020 -0500

    fix Whonix / Kicksecure
    
    /var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
    /var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
    
    sudo adduser user console

commit 960e1ff6e82f8593c2d242a6a0f1e1cf5805c85b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:32:57 2020 -0500

    bumped changelog version

commit 130434186811930d40407115af99116d4982da49
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:10:56 2020 -0500

    readme

commit 6f8d89c6c5609ed83d9dcd174375cb1ccfca91d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:54:06 2020 -0500

    error handling

commit 7211f6e0199d2ccb50437c7a5b0842050590b5dc
Merge: e110ea0 f6cc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:53:36 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit f6cc76acd729428f83d3497a2e83bfc4b14f1ff8
Merge: e110ea0 1df48a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 20:52:33 2020 +0000

    Merge pull request #55 from madaidan/sysctl.conf
    
    Process sysctl.conf in initramfs

commit 1df48a226d83b98dadc8bfb8dbc479dd656e2313
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:30:17 2020 +0000

    Update control

commit f7fde60b67a7ef44658cde3b835565407aafd133
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:28:32 2020 +0000

    Process sysctl.conf too

commit e110ea0b84329dfbe0175298b21e7732f7105436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:37:52 2020 -0500

    bumped changelog version

commit 0f17596aacb86afb7abcdd4781a9995dde23d3bb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:41 2020 -0500

    readme

commit 0618b5346493723865cc6f2a632822c8b6fa690a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:07 2020 -0500

    fix lintian warning

commit 47ce3bec75f9aeb808993a70579ba93d2527a371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:05:54 2020 -0500

    bumped changelog version

commit 73e830d0ac1ece338b0e80ca1a020d84a15d1774
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 10:08:57 2020 -0500

    readme

commit 8ab4623f8e81ad1b67858b458f2ae4085e7c8e65
Merge: 8015954 087465a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 06:06:39 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 087465a0cdecc4765f7b659256cdd5e8cdef73ab
Merge: 8015954 528c5fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:30 2020 +0000

    Merge pull request #53 from madaidan/sysctl-initramfs
    
    Set sysctl values in initramfs

commit 528c5fc4c41026396a63ac91af7c156dd0d4f191
Merge: 9dc43ea 8015954
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:03 2020 +0000

    Merge branch 'master' into sysctl-initramfs

commit 80159545a580830565ec01a507915add9c44838a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 02:42:10 2020 -0500

    fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup
    
    https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764
    
    do show lxqt-sudo password prompt if there is a sudoers exceptoin
    
    improved pkexec wrapper logging

commit d90ca4b1ad18289d6bcfcef51cfb032a0b4423eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:12:13 2020 -0500

    refactoring

commit 082f04f2d4101828455a4a9b2852376a72ced6ce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:04:58 2020 -0500

    add logging to pkexec wrapper

commit 1059ccf2254d0aac40d2c14680fea2a4012a2d66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:28:28 2020 -0500

    bumped changelog version

commit 660837dc380440f6b00d3baf9395222376163b3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:25:32 2020 -0500

    fix case when user "user" does not exists

commit 18c726c3eebc93f69062f1e4c1d3c7ab394985c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:23:02 2020 -0500

    comment

commit b8652681e741236af2e20876d7103b2dfb0ae9bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:21:47 2020 -0500

    fix legacy

commit cc21f912a372faef8322801e9a48882f29159c2d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:20:36 2020 -0500

    bumped changelog version

commit 2078cd237f2aaad8d68c1c5eab3f9942460ecd3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:18:30 2020 -0500

    readme

commit c377c5ff83437a5447ecc9c873150421f4f1e691
Merge: 8341242 539f24b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:01:38 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 539f24b65ee7739487d8038fcb1fdfb1ed62ab22
Merge: 8341242 0953bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 14:01:17 2020 +0000

    Merge pull request #54 from madaidan/panic_on_oops
    
    Document panic_on_oops

commit 0953bbe1d7f3e789aef2218a65c14c586dab4bcb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jan 13 21:05:35 2020 +0000

    Update control

commit 9dc43eae38b55951cae2a9bf93114bcf742f8c8b
Author: madaidan <>
Date:   Sun Jan 12 21:42:07 2020 +0000

    Description

commit 8c4e0ff1c4d6191dbb40b28cfc23a8185cc0cbdb
Author: madaidan <jeremy_stevens12@protonmail.ch>
Date:   Sun Jan 12 21:37:37 2020 +0000

    Set sysctl values in initramfs

commit 8341242abc342d9cbd82afe12f512daf73a9e59a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:19:29 2020 -0500

    bumped changelog version

commit 130a4cf6d433f4d862e10e31abbc2b1f3b1614d2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:17:06 2020 -0500

    readme

commit 61a2d390a7d6195d556898db8afa57822a9bc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:15:12 2020 -0500

    lintian

commit 3fae8e771ffbdd3023921b296e46cf982034d2ac
Merge: 13a1e13 e9f4dbd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:14:43 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit e9f4dbdda579db83f330054253100bc7c5d1e2be
Merge: 13a1e13 6088444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 20:14:10 2020 +0000

    Merge pull request #52 from madaidan/vivid
    
    Blacklist the vivid kernel module

commit 6088444c371f021ca23daa3a0ab1ee431d429a61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:38:17 2020 +0000

    Update control

commit a662a76a52970530a4a3c3d6a284ce9400dc74c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:37:00 2020 +0000

    Blacklist vivid

commit 13a1e1321e05965ad9449fafa4406c4d3b781dcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 1 05:59:59 2020 -0500

    bumped changelog version

commit 5031e7cc4b8bfc4037ba6ea029e20637090ccacb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 08:18:38 2019 -0500

    better output if trying to login with non-existing user

commit b2bdeb90957da4ebe38e7f12fba0330b89e0983d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:08:32 2019 -0500

    bumped changelog version

commit 2a3aae62b1cf97313b925fac94261e28af7ea3d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:06:52 2019 -0500

    fix

commit 427deec3f50664f2fbb244b6cf060bb5b9e821b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:03:48 2019 -0500

    bumped changelog version

commit e89552c9846f85b4bbf73595080d71dcd873fe29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 05:55:44 2019 -0500

    add user "user" to group "console" in Whonix and Kicksecure
    
    enable Console Lockdown in Whonix and Kicksecure

commit b5a2d1dc581b53974aaa148f6d8f3054c9d1c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:54:58 2019 -0500

    bumped changelog version

commit 20697db3ee5d227176c4d31e6c96454a64f47797
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:53:02 2019 -0500

    improve console lockdown info output

commit 788914de95ee9299d685e8b65466feee1085cf18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:46:32 2019 -0500

    group ssh check was removed
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27

commit 06ed728d791abe0ad3c93091fd8ebc088f73c4ef
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:42:14 2019 -0500

    bumped changelog version

commit f3ff32ddbb8a7cf7555b9f1b2154e83154532a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:39:24 2019 -0500

    Protect /bin/mount from 'chmod -x'.
    
    /bin/mount exactwhitelist
    /usr/bin/mount exactwhitelist
    
    Remove SUID from 'mount' but keep executable.
    
    /bin/mount 745 root root
    /usr/bin/mount 745 root root
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/61

commit e4e9c4e3b09138af25e94a6db81b0f759ddb4d1b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 05:59:43 2019 -0500

    bumped changelog version

commit 9c0d6b605707dbcb7db9cd227257a5dcd612f784
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:09:07 2019 -0500

    copyright

commit edc08988f26532daf90bc4a4f007aef53e62eeaf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:08:53 2019 -0500

    copyright

commit 9156d3584cd7ba9064d5af54afd95b6d8e73907b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:59:05 2019 -0500

    Description

commit 3ea946b365d8b05cabce63f4d26b3153559aa465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:51 2019 -0500

    RemainAfterExit=yes

commit 2787ae976580d20ea4da5213c7f624f984510934
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:35 2019 -0500

    copyright

commit 6d56eb9ef0e2cfbba46df2294deb9c8e6b9aa2b7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:18 2019 -0500

    minor

commit 0e14706f32728123f1d345b73266934fe454a989
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:45:26 2019 -0500

    copyright

commit 1a0f7a77335940a11e33ca519d8f64429b8ee966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:43:32 2019 -0500

    debugging

commit 5271892cb1e4646b79388d064227d4662b682583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:42:54 2019 -0500

    debugging

commit 683028049c46516ba105b1b73364960b3b87efd6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:41:23 2019 -0500

    debugging

commit e3e1ff2a310c46fab67309edd88e73096843edcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:35:46 2019 -0500

    exit with error if a config line cannot be processed rather than skipping
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/59

commit d5c99f3a60372a00ded4b1b4340775aab1421d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:27:21 2019 -0500

    output

commit e5623fcd2b32b58e72c2ef80955072f013672e0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:21:52 2019 -0500

    comment

commit d7f58db52c926c11157671c4555ca97f02929a76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 27 05:30:12 2019 -0500

    bumped changelog version

commit 674840e6f9fb362dc713da3edde07132b5ae17d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 26 05:44:35 2019 -0500

    /fusermount matchwhitelist
    
    unbreak AppImages such as electrum Bitcoin wallet
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/57

commit 507a30d6e39f17fcb09b92033fe1d831e7d4baf4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:35:49 2019 -0500

    bumped changelog version

commit 04f438f75d4566822026373e78988e9d4e42b8b5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:09:37 2019 -0500

    comment

commit 9da0e428ed4635fb5ca98b2d72b56b553404a742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:31 2019 -0500

    debugging

commit e18ec533c3ebb382f974d30db3cd1f5eace648c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:02 2019 -0500

    comment

commit 0326cd5ee9371213420d2afdcbfb0a05d9a808e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 08:07:55 2019 -0500

    bumped changelog version

commit ede536913daa0c7ddfe55e20c93d7b752daa5de3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 06:00:41 2019 -0500

    no longer hardcode amd64

commit d03a3d9ac03bc29ba349107855936dd194e12271
Merge: 9d77d88 27a42a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 05:57:24 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 27a42a9da82bc1f22135ffa509925f63177f25d9
Merge: ac49c55 79241c5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:11 2019 +0000

    Merge pull request #50 from madaidan/modules
    
    Make /lib/modules unreadable

commit ac49c55d1fafff5f36bd7c595f50db295ff616a2
Merge: 0c3d4ad 98e88d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:03 2019 +0000

    Merge pull request #49 from madaidan/kver
    
    Detect kernel upgrades

commit 0c3d4ad255de75b57a2e316bf8a7fd77a2fc0d4d
Merge: 9d77d88 d1a0650
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:54:23 2019 +0000

    Merge pull request #48 from madaidan/kernel-hardening
    
    Use only one slub_debug parameter

commit 79241c5d09c4a7123cf90b45289b53d893135efb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 20:28:29 2019 +0000

    Make /lib/modules unreadable

commit 98e88d1456ca0e8fa23809115c51c380a4bb2d3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:57:43 2019 +0000

    Detect kernel upgrades

commit d1a0650fd944973ab614c1da06f8e555b31b73ae
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:44:52 2019 +0000

    Use only one slub_debug parameter

commit 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 09:39:50 2019 -0500

    comments

commit 7a80837b4f0a7201f3e092ad9b99b4cddb6043b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 08:48:04 2019 -0500

    bumped changelog version

commit 617c0a0e15f1c113b6e7fd748bb75978e4f23fcd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 07:21:26 2019 -0500

    disable remount-secure.service - Disable for now until development finished / tested.

commit 3e131174d5919303462295cb0852a9254885ae7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 05:00:35 2019 -0500

    comments

commit bef41a38c26548d50101f7ea636316e1e2107a55
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:58:00 2019 -0500

    bumped changelog version

commit 046ceeae4df3b45916f35b0789af341c4f3d911a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:57:36 2019 -0500

    readme

commit 9f072ce4f99467f82986be348c9cedc2eb7f017d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:46:02 2019 -0500

    comment

commit 26fe9394fff2eb5be2f19272ea76ed187a8237e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:41:54 2019 -0500

    disable lockdown for now due to module loading

commit 9ec5b0ee82263e1afb38c44348e69437ddc5c9c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:49 2019 -0500

    description: lockdown not enabled yet

commit b05669accfe6fac8070003bbd57939ca2c621445
Merge: 11b4192 1ff51ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:04 2019 -0500

    Merge branch 'madaidan-kernel-hardening'

commit 1ff51ee061dcdb1a898ebb68c0267ce926e0fca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:37:28 2019 -0500

    merge

commit 535c258b834028e5638fd2b37b1a6f352e2b4558
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Dec 18 20:43:01 2019 +0000

    More kernel hardening

commit 11b4192fbdbc02af97e7dc32677bdb3a549b0000
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:28:42 2019 -0500

    comments

commit 42ff53e9ad26190dcbff154f6cfd039e3f6bdf83
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:42:07 2019 -0500

    bumped changelog version

commit 2152fa2d61fa72935b70e60b98ccbe2e1b31db43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:38:53 2019 -0500

    comment

commit f8f2e6c7041d98572452be2e53094d0c539b1616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:35:13 2019 -0500

    fix disablewhitelist feature

commit 47ddcad0c0af27093f61cf77008224bf66572532
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:29:47 2019 -0500

    rename keyword whitelist to exactwhitelist
    
    add new keyword disablewhitelist
    
    refactoring

commit 175d1c284552a08881286e8c3ca5d8eb9b97a144
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:13:13 2019 -0500

    bumped changelog version

commit 0409aac3aeb7acc273e19b16e78409994c731f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:09:04 2019 -0500

    readme

commit 1ff56625a170c392f6099b41f371c56032362ea0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:42:03 2019 -0500

    polkit-agent-helper-1 matchwhitelist to match both
    
    - /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
    - /lib/policykit-1/polkit-agent-helper-1

commit d484b299ea1a93a401d00a212d675b5837b8aaa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:38:31 2019 -0500

    matchwhitelist /qubes/qfile-unpacker to match both
    
    - /usr/lib/qubes/qfile-unpacker whitelist
    - /lib/qubes/qfile-unpacker

commit 34bf2457136db227cc27a5d0fe9282f09780a310
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:35:45 2019 -0500

    output

commit ba30e45d15ec53b2d0a67ce96f5132d3f59bf870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:32:42 2019 -0500

    output

commit ee9c5742da99673785068b0393e3587a77c99a31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:29:48 2019 -0500

    output

commit 6d05359abcf460cbec266401530a9ab1aaaaf47f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:21:52 2019 -0500

    output

commit a1e78e8515a87ebc8fc2211b3e1e91824fd3865a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:20:56 2019 -0500

    fix needlessly re-adding entries

commit 906b3d32e769bbd30ed5698268899a7d2ec71d95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:09:57 2019 -0500

    output

commit 4f76867da6ce5710cf486175cd84adcd72640049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:08:02 2019 -0500

    lower debugging

commit dc6e5d8508a09bd7f2b9bfed02bc502797c11361
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:06:38 2019 -0500

    fix

commit 87b999f92aab4f4176f366308c27c4fe5471580c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:43 2019 -0500

    refactoring

commit 065ff4bd058ab26df3d3af1022da9d6a7405ab61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:24 2019 -0500

    sanity_tests

commit fef1469fe62bf923ba89077934c8b0e5d8cd0258
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:51:14 2019 -0500

    exit non-zero if capability removal failed

commit 3670fcf48baecffe098c96eb67cbd601bc3e0069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:49:33 2019 -0500

    depend on libcap2-bin for setcap / getcap / capsh

commit 17a8c294702acb30c397abc984d69c356cec2cd7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:47:49 2019 -0500

    fix capability removal error handling
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/45

commit b631e2ecd8ae0e08850edd81bf64b02666fb6234
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:36:41 2019 -0500

    refactoring

commit 7aea304549cea2c885c2d813c7a15f617f4ebf2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:26:15 2019 -0500

    comment

commit f4b1df02ee66309d12724cf7124b14180c855f14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:42:40 2019 -0500

    Remove suid / gid and execute permission for 'group' and 'others'.
    
    Similar to: chmod og-ugx /path/to/filename
    
    Removing execution permission is useful to make binaries such as 'su' fail closed rather
    than fail open if suid was removed from these.
    
    Do not remove read access since no security benefit and easier to manually undo for users.
    
    chmod 744

commit 58a4e0bc7d1b87d4d169f31dc5935c75e929c0b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:12:10 2019 -0500

    dbus-daemon-launch-helper matchwhitelist

commit 15e3a2832da603f5caa9aadc6d68aaf503f013c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:57:23 2019 -0500

    comment

commit 6eb8fd257aecd84686b4d7a9824a98bace9a705e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:56:36 2019 -0500

    suid utempter/utempter matchwhitelist
    
    to cover both:
    
    /usr/lib/x86_64-linux-gnu/utempter/utempter
    /lib/x86_64-linux-gnu/utempter/utempter

commit 9409209b48fb8f803b88d72c0e7febaa74f5bd2c
Merge: 008ce48 bce02ff
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 10:29:08 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit bce02ffdc01c22c8d5528eb5eaa7729a6b3137dd
Merge: 008ce48 8f11a52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 15:26:07 2019 +0000

    Merge pull request #47 from madaidan/msr
    
    Blacklist CPU MSRs

commit 8f11a520f4c406fa3187ad530f945a564b78a28c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:54:16 2019 +0000

    Update control

commit dd93b11321e171c56affcd660c0830d6a91ad87e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:52:43 2019 +0000

    Blacklist CPU MSRs

commit 008ce4817c6ad2218af05d14626b0f2c70a6e90d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:55:03 2019 -0500

    bumped changelog version

commit d300db3cde0f7ee8e3884a1225ec1d196a318728
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:45:11 2019 -0500

    output

commit 3921846df6e21a80d87f451e89f96f5b3092dd53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:36:42 2019 -0500

    comment

commit 1213415ce649e7305af0b6c6ef2f8435caab5cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:23:35 2019 -0500

    bumped changelog version

commit 2ddf7b5db5d335d4f64d0df2c0caab0c80a2a046
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:51 2019 -0500

    /lib/ nosuid

commit 1e8457ea476a693dd1e455e4c455bf2e763cec23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:10 2019 -0500

    no longer remount /lib
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25

commit 10c19d6a8fc6b6bc03067dc3be88f486aa78d438
Merge: b2260f4 fffdf50
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 13:00:41 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit fffdf5090c707c698de4adacfd5837809b33aa99
Merge: 1c99b56 f5a52ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 17:59:56 2019 +0000

    Merge pull request #46 from madaidan/remount-secure
    
    Don't remount /sys/kernel/security

commit f5a52aeddc4742b4dbd8a0075d759b2ceaaae691
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 21 14:55:28 2019 +0000

    Don't remount /sys/kernel/security

commit b2260f48f4ab978b531d8ca9df2dc1a787b6666f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 08:03:33 2019 -0500

    add support for /etc/exec / /usr/local/etc/exec
    
    to allow enabling exec on a per VM basis

commit 1c99b56c9b99cceab6fe38580d06197dd4bcfb77
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:55 2019 -0500

    bumped changelog version

commit 161b6f6b885586cd65b8ac13b0bd113691465522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:29 2019 -0500

    readme

commit b74e5ca97244209e041f55483027365eacdf44c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:47:00 2019 -0500

    comment

commit 8fb17624bc3471a3676e76b3695179cde1ec21da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:51 2019 -0500

    comment

commit aef796a524f9156b584a7d8d203decc446c5d3b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:23 2019 -0500

    disable debugging

commit 1fe83d683f97af6730948aecce3216a51979c695
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:43:55 2019 -0500

    comment

commit 7c3da38bd53427501bcb0ac0d56bd626ce9e6adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:25 2019 -0500

    comment

commit 9050058bc2427a701095901a5bd275767437391b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:01 2019 -0500

    fix

commit 0c4db8c2b054a10554f163c31e3e626a80981c52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:38:25 2019 -0500

    bumped changelog version

commit 6b13a644df279ec3ccf3814e86233baafc0cf437
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:37:41 2019 -0500

    add /usr/lib/security-misc/permission-hardening-undo

commit af8b04b73d6d64792fc1ffb7f6b04b273c0ca7ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:58:01 2019 -0500

    rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
    rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
    
    https://github.com/Whonix/security-misc/pull/45

commit 2350e0f5d06d9625835ba1547aab0054b795c0c5
Merge: 3ea5871 efd65a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:57:10 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit efd65a3f15fc9380e2019c9d7ad0bf82adcc230d
Merge: c336bc4 c28ddf5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 11:56:31 2019 +0000

    Merge pull request #45 from madaidan/apparmor
    
    Delete apparmor profiles

commit 3ea587187e9d0a927799a66d15d163ee56a41978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:53:07 2019 -0500

    no need to exclude xorg nosuid on Debian
    
    http://forums.whonix.org/t/permission-hardening/8655/25

commit c336bc4fd229d9a6370df5520aaa4e872465de5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:39:13 2019 -0500

    comment

commit fac17a963d3dec1b399fd9b41ebebcedb7e90f43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:28:19 2019 -0500

    bumped changelog version

commit b5f88efe2072eca99c245fc60442c82a270fab8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:27:01 2019 -0500

    fix

commit 2088628c8d44306e51c8a1407caee99e5eb4ce5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:24:08 2019 -0500

    debugging

commit 2dca031527fa38a932619ed2336a5aa472a85205
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:22:46 2019 -0500

    debugging

commit 195e00cc8796d532a68f90b7c1f8f30d17f24246
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:16:38 2019 -0500

    output

commit 78d33d8b57fdef3b16e8ab5b4f6b0487d51b9657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:12:20 2019 -0500

    bumped changelog version

commit 4b21b6df4167a2a95392a39182c636bdc097bc7e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:11:44 2019 -0500

    fix

commit ff48b672a8537e65c3d0b3ccfb65fb29c2d3766c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:00:17 2019 -0500

    bumped changelog version

commit 8436da2b7b0b9d309b57ed6ab36f2042fd82f4ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:58:50 2019 -0500

    output

commit da15265e1c311be16c1dd0a8681e630548fac0e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:55:23 2019 -0500

    fix

commit 2a248fe0de1b86b416c705ecce81dcb549581d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:39 2019 -0500

    fix

commit 4f12664362fb4304ed43185ed5805f686bdeb0af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:07 2019 -0500

    output

commit e3355843c835c650d4701a2b94b93cc0040ca419
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:51:22 2019 -0500

    fix

commit 234ec5fe93c9b03c02e076621ac919f12062c4e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:47:35 2019 -0500

    fix

commit 65b5adb2d731f52533bda24eb6868d9e2968e2ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:38:39 2019 -0500

    bumped changelog version

commit 7ff900c20457ee42d415c4eddf3b08f1ac5e4461
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:37:43 2019 -0500

    fix

commit 2b5a49a61b221161f3b42d3a692d2e22df2afec2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:31:55 2019 -0500

    bumped changelog version

commit e1a5ee4bcf5ecb447ae7da0b137f81d520673cde
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:26:55 2019 -0500

    output

commit 66aaf3e22cda9bb58ab72e750a5711556cf1de25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:25:54 2019 -0500

    output

commit 7aa7d0b5a0e3b602b527131581f350b9b32fb0d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:22:27 2019 -0500

    improve error handling

commit 8919d38de9206b4802b471c2f40787a2f9d70269
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:21:46 2019 -0500

    disable debugging

commit cf5dee64fd4e1c44a8726db49b8328841ee6327f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:18:34 2019 -0500

    refactoring

commit 29cd9a0c38924fc2eb7520db886efc19541476cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:17:35 2019 -0500

    fix

commit 486027a4d75917fe2741370aa1e707b8ca14f693
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:15:38 2019 -0500

    fix

commit 1fd26be864ebd0dab8419e0b2b321522166d6271
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:51 2019 -0500

    fix

commit 0fc97c37beae5d48fed9ec714f19007f402952c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:39 2019 -0500

    fix

commit 1018d5b3b0b58a641aaca0419a06c246091932d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:51 2019 -0500

    output

commit 4388fc4d5ace9046c9eacb8354d9960599735ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:19 2019 -0500

    refactoring

commit ed20980f4c6c3fb304d8436399f5e14ead7b3ae3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:07:10 2019 -0500

    refactoring

commit 315ce86b9a66d15aea2d50f5271c228ee8bd3909
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:33:03 2019 -0500

    refactoring

commit 0c5848494b147b067afa2b70451fc7e5087823f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:21:26 2019 -0500

    do not remount if already has intended mount options

commit 203f4ad46e6a6950edd4b2a83f47ac71428928e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:17:10 2019 -0500

    refactoring

commit e7fd0dadb03e7f90adfa9ebdaf07530f02a846e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:09:35 2019 -0500

    output

commit e6ea21c7757ad732bd9bcce2c6a7a364780e1b14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:08:35 2019 -0500

    record existing modes in separate dpkg-statoverwrite databases
    
    to have a history of what was modified and to allow to undo changes

commit 89be5f2ecb998c46ff4864996cd86b97fa56d176
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 02:05:39 2019 -0500

    bumped changelog version

commit c28ddf5c4dbfd92aba9a59874f529a4afe69c497
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:31 2019 +0000

    Delete usr.lib.security-misc.pam_tally2-info

commit cfe69dd66900f7aad5311c02d2b4ee7b400fb90b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:27 2019 +0000

    Delete usr.lib.security-misc.permission-lockdown

commit d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:07:01 2019 -0500

    suid /usr/lib/chromium/chrome-sandbox whitelist

commit 77b3dd5d6b5de0070da7e71154ecbe2e099e3b7f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:02:33 2019 -0500

    comments

commit d7bd477e7379cd5d74d81e81080d375041cc3b29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:59:27 2019 -0500

    add "/usr/lib/xorg/Xorg.wrap whitelist"
    
    until this is researched
    
    https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
    https://lwn.net/Articles/590315/

commit 17e8605119fc671c4cbe4343851cf3c46b830508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:57:24 2019 -0500

    add matchwhitelist feature
    
    add "/usr/lib/virtualbox/ matchwhitelist"

commit 3fab3876693f20303c95f03c45af9adb9ae680e2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:50:35 2019 -0500

    suid /usr/bin/firejail whitelist
    
    There is a controversy about firejail but those who choose to install it
    should be able to use it.
    https://www.whonix.org/wiki/Dev/Firejail#Security

commit d3f16a5bf46a7d10316259788f3d97364fe2e545
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:47:10 2019 -0500

    sgid /usr/lib/qubes/qfile-unpacker whitelist

commit 508ec0c6fa44d9185aa22f5fa81ae9dbbefdb19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:34:07 2019 -0500

    comment

commit 1b569ea7908dcba409c94dacd477d2fbfeafe522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:32:36 2019 -0500

    comment

commit f88ca2588920ac16a6b41e8c48021bf85801c2a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:58:07 2019 -0500

    fix terminology, sguid -> sgid
    
    Thanks to @madaidan for the bug report!
    
    https://forums.whonix.org/t/permission-hardening/8655/21

commit 1cd5fb6a0020504c7897acf169772d39b67f4bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:50:25 2019 -0500

    bumped changelog version

commit ff0a26fb5d65450c0a2b5fb86758d3d823a717e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:49:19 2019 -0500

    comment

commit 71496a33ab27455d2856284d21f261dd20780dc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:47:53 2019 -0500

    skip folders are these are not suid / guid

commit 9321ecff4139f0776f93a9bd8c9606bcaf94f568
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:43:53 2019 -0500

    no more need to add/remove /

commit b95225b6a6b45b84778ba2427ae4628f102e6d05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:37:05 2019 -0500

    pipefail

commit cad6f328f40bb8b3c414e2bd6c7cb86e625f6d64
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:34:44 2019 -0500

    minor

commit 3265f9894d1c677419718de52570d304a4e69279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:27:43 2019 -0500

    output

commit 28d12c3966e3ddfadbf7d44e7c7bcdc37e1a7d25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:09:22 2019 -0500

    bumped changelog version

commit 1615ebec58b563224c7c02cd2b1f83b0954c48ca
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:07:44 2019 -0500

    output

commit 1e11b775cf1d2994f2e0da8d0191ef38eebe21a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:05:05 2019 -0500

    output

commit 731f80289566e118ba6c121c406775abc4c03bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:04:12 2019 -0500

    output

commit cd8efe58008c7b0e90ac88ac098b3fd08e75d716
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:03:22 2019 -0500

    output

commit c0ddb76d7463753e3250fc7da466fa763ef08dd5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:50:51 2019 -0500

    bumped changelog version

commit b31abea0af60874d4a48fd0da56978b0081eaef8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:49:31 2019 -0500

    improve error handling

commit 79cd3b86b6e5e186da66fd329b04fb3b42c0276e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:47:23 2019 -0500

    comment

commit b3458cc6ee368968de1510e9d05ddd3791fe5f6d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:45:59 2019 -0500

    fix checking existing entries to avoid needless calls to dpkg-statoverride

commit 370f3c5e541612021fa181e39507aa4ba8131731
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:35:05 2019 -0500

    comment

commit 133d09f2984506e0b0fd2e17a893b8d3e37b8431
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:33:16 2019 -0500

    output

commit 1ffa8e197e9ba9722d5fb2695de343df9d9db597
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:31:26 2019 -0500

    speed up setuid removal by using find with '-perm /u=s,g=s'
    
    https://forums.whonix.org/t/permission-hardening/8655/19

commit 4cfdf2c65b57f410163653304871ee3eb1d3f6ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:21:27 2019 -0500

    fix, re-enforce nosuid even if changed on the disk

commit e36868e675cbd80a36053956dbef71992cceca24
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:02:46 2019 -0500

    output

commit 50b8f65490555d9d12fd28991040c00a358b3b84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:59:28 2019 -0500

    add sanity test: count if we really processed all files

commit e28da89253f646969cdc2b0b46617bd603f917a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:48:06 2019 -0500

    /bin/sudo whitelist / /bin/bwrap whitelist

commit 55faa7b9978df52bcb98a562554473f80db1f171
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:43:23 2019 -0500

    fix missing processing files bug
    
    https://forums.whonix.org/t/permission-hardening/8655/16

commit fbe2479f486add30cd29f5c4063a140c42c502fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:54:56 2019 -0500

    count processed file system objects
    
    to be able to verify if any were "forgotten"

commit 195ea522f5a8582851792b53047185717a6f679e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:52:14 2019 -0500

    fix

commit 6f8231be70940e2afb0ec8e4a0d60bb4f166f5b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:51:55 2019 -0500

    debugging

commit ed50f98010c8b7878d518273703e00fa561e980b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:47:22 2019 -0500

    output

commit 089c40135f2a7f0da128808a27b696e36aff6821
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:15:00 2019 -0500

    bumped changelog version

commit 6d30e3b4a2c0e5cf53d88b4a033511aa49b8f227
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:13:23 2019 -0500

    do not remove suid from whitelisted binaries ever
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit d5f1bd8dd29a4f9e1ccb6fed82a255f7b7abfe6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:02:30 2019 -0500

    fix mode sanity check
    
    no longer use seq due to issue
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit ddc0eec63d744e4600f3b1b8cdf60fef6d647cbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:12:36 2019 -0500

    bumped changelog version

commit 65248a94efa4646127d8e11447e49a37f3ff986e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:06:50 2019 -0500

    readme

commit 8e112c34232b8ef88fb0c0fb19f2983de4e5a0a1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:24 2019 -0500

    description

commit 24ea70384bb6c34f283ff1e71e4f7ed34133db5f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:03 2019 -0500

    description

commit 0ae3e689b5f12101156b4be84631679c622f2e98
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:35:02 2019 -0500

    comment

commit 050f4d8b9482e1513ceccfb39394606b173fd8a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:34:37 2019 -0500

    comment

commit 36043fe5ccdbd798483096a104a40b9cc013a487
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:33:41 2019 -0500

    comment

commit fb4254547b39160c410b1f83ed56aa7653291df1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:32:04 2019 -0500

    comment

commit cca0908d9a73430fb97577fb6ae42b7416e72e6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:11:38 2019 -0500

    fix

commit e254b8b52d61432084273a3ec91bb5f4b377163f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:09:17 2019 -0500

    fix

commit 7f8b3c76de6e140b676d960004e779f9846c8cb8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:02:17 2019 -0500

    output

commit 071c64dc413c8a868866ddf699f653b371ac3b19
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:01:49 2019 -0500

    enable 'set -e'

commit b97c66707c3d3e8bb9164a35fe83974642f9652c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:59:05 2019 -0500

    minor

commit 17b4f12276349f28d9fc37944ece87fb6f7827a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:58:42 2019 -0500

    output

commit 48fe7312bf6b87a94678ed8a2eb0a01f2a88e371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:57:41 2019 -0500

    update config

commit 87d820d84cd44e427c8990cf295da7ab6890040e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:54:16 2019 -0500

    comment

commit 918cbb4e257bab0ee4bb6eb303df5e65e34b9963
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:51:25 2019 -0500

    output

commit c8cf09a4cbe7721e3d97c62785a5d25fe3f61115
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:50:16 2019 -0500

    output

commit 46466c12ad9dcc62d52dd3e887665ced6bdedf3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:49:11 2019 -0500

    parse drop-in config folder rather than only one config file

commit 66fd31189dd1c2ccc5e6fb51278b0646c5188320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:37:33 2019 -0500

    improve output if set-user-id / set-group-id is set

commit 6dd6530fa539a55feecc28cecdc812b787b555a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:32:26 2019 -0500

    remove hardening-enable
    
    please invent package security-paranoid instead
    
    https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609

commit 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:29:37 2019 -0500

    remove "/lib/ nosuid" from permission hardening
    
    Takes 1 minute to parse. No SUID binaries there by default.
    remount-secure mounts it with nosuid anyhow.
    Therefore no processing it here.

commit af0f074987b21ba4ad3f331ddaa622082d76fceb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:27:11 2019 -0500

    remount /lib with nosuid,nodev
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22

commit 7f201604779e442660c4c13798b2b48d706576ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:24:00 2019 -0500

    comment

commit a135ae94009c4f6492ed8c779ceaefcfaf19e123
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:22:59 2019 -0500

    use must manually enable permission-hardening.service
    
    until development finished

commit fa6f1e156898572513cacb1d65b042482896011a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:19:39 2019 -0500

    output

commit a26cb94bfd252f939f02ee50c76efb67dcb0235c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:49:21 2019 -0500

    globstar no longer required

commit c66e9abe18f0809df4f6b84772774431afcadd6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:57 2019 -0500

    comment

commit d1d0afff34a562d29726fbb3382ebe932e04a267
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:02 2019 -0500

    fix
    
    fso: /lib/
    usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
    
    https://forums.whonix.org/t/kernel-hardening/7296/326

commit e74d2e4f94f4cdb2f3a83f27e17e19e9e4078961
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:23:14 2019 -0500

    output

commit eb8635903379d1245c2c1c35eaf33c1a45ef514a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:20:05 2019 -0500

    refactoring

commit bb84fca184ee32f227fb5b210f9eea7afbdf75c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:08:46 2019 -0500

    refactoring

commit f92b41419558f01e7ec0ec3edba3af6a550c5911
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:06:28 2019 -0500

    refactoring

commit 4c44871e9d3070d73f298eca051ee303b01ea56c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:02:05 2019 -0500

    comment

commit 6876a2eaa87e3eead822e5f4f7d1fc53d0853ebd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:01:40 2019 -0500

    comment

commit 35c4fce61b784a4093339b64e5564d93c1f91870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:54:46 2019 -0500

    fix "dpkg-statoverride: warning: stripping trailing /"

commit 9bd9012ab17f2c3422cdab20f57e3852ae1f14de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:46:50 2019 -0500

    refactoring

commit 788a2c1ba3d35eb26440386e2c3269fb8cf4992d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:45:01 2019 -0500

    comment

commit 55933f88766f9b2fa2f284c5d0ff098e1e11b657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:43:36 2019 -0500

    refactoring

commit 9e493a9f481e03d8bd41794eee4e4efd0e39a593
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:42:09 2019 -0500

    refactoring

commit b92a690c166cf3bc97d34ae977cc0c6d2342cb86
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:40:47 2019 -0500

    refactoring

commit 98535e3a2bc5d0d54694a1ea71f3afef3f468943
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:39:25 2019 -0500

    refactoring

commit ecbba2fd61f6d182dcd51f42b579ecb50ffdbedd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:38:39 2019 -0500

    refactoring

commit 20b8a407ac5984ba621ebb0150b47067c32ddc76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:25:17 2019 -0500

    refactoring

commit 6cd9eb44fbc451a08908a9899ca114843c32edf3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:24:07 2019 -0500

    refactoring

commit 706dba104d201de4eed6886bf9570bf6851c2c3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:19:12 2019 -0500

    code simplification

commit 01dd567f8b3764ae241a4df39d54617089532b9d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:16:43 2019 -0500

    fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it

commit 4f65b0fc1e33037e86289627e1c9bcf040af86c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:13:27 2019 -0500

    refactoring

commit bfee6b60cbd799e31b75e20bc5820f65f9993899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:11:11 2019 -0500

    comment

commit d64cdc124793bda57916b2c4d73465b17ae44af6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:41 2019 -0500

    refactoring

commit 7c5c65a6c13ddf23d7324283815d653974802fd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:13 2019 -0500

    comment

commit b31d8cd3fc905b61707f77e08cff72e74f18c46b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:03:40 2019 -0500

    fix

commit c626290673d44b2a6485aeb24888f35c3782c151
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:02:26 2019 -0500

    refactoring

commit d5ff1d6f28a62f858fd0a9edf905d6727413a3c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:00:39 2019 -0500

    refactoring

commit 640ca1d24dad657f0590c98a353dc21ed18b4395
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:57:57 2019 -0500

    skip symlinks
    
    https://forums.whonix.org/t/kernel-hardening/7296/323?

commit cc8f795799e76d61b60f31e718effb88478b0fea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:47:04 2019 -0500

    comment

commit 4e5b222a081a5e8463ebe6832e7fbe68a1fb7978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:43:33 2019 -0500

    comment

commit fa895ee11ec5897eb73ce066dfe5bde337cb297c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:40:42 2019 -0500

    refactoring

commit 2c163bf4398d67730efb23d70e2f9fc41ebb0459
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:39:53 2019 -0500

    check string length of permission variable
    
    https://forums.whonix.org/t/kernel-hardening/7296/322

commit a89befd902f6976ebef303b22ee9f9cbc3a1cc23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:20:54 2019 -0500

    code simplification

commit 72812da63f60bd1955e52ac52ce583c9d9a18c95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:16:32 2019 -0500

    comment

commit 39a41cc27ba93ede21e69270b3b113a037f77064
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:14:45 2019 -0500

    refactoring

commit 2ed6452590c443d88862f12ef25dcd5acbe98de9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:12:43 2019 -0500

    downgrade to info

commit a5e55dfcfca5b15bbbdc22788e6615d080c44819
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:11:39 2019 -0500

    quotes

commit 3187cee4fba89d72f8d0c26a9987b33adc0d8faa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:10:13 2019 -0500

    output

commit 5160b4c7816ce449e0dd9cbfaae28050ef2af676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:08:05 2019 -0500

    disable xtrace

commit 27bfe95d253178790ee10f591af0d586907463d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:07:49 2019 -0500

    add echo wrapper

commit a6988f3fb8034c2f5be6d3ee6300f9e756e0dfce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:06:31 2019 -0500

    output

commit 1819577b88ae795c1a6107cf76e084859c9f6d2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:04:34 2019 -0500

    fix

commit 278c60c5a01c8dcb8a035950bd9e56ed7d1d431d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:01:36 2019 -0500

    exit non-zero if some line cannot be parsed
    
    therefore make systemd notice this
    
    therefore allow the sysadmin to notice this

commit 66bcba831317cf4810e9123b305597ee85fc94bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:58:35 2019 -0500

    improve character whitelisting

commit 8f14e808a9b27f980299ed493f1ecb85acbe1c70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:49 2019 -0500

    send error messages to stderr

commit d8c9fac2e5c8bc511f593d9a477307f8a15cf2e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:08 2019 -0500

    output

commit f19abaf6271fcd87226b9ef5ae3f1b567d96cd90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:31:37 2019 -0500

    refactoring

commit c5d1e9dda7059d18fad303128f6f09c98fe955b7
Merge: 62eb462 a20b300
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:30:31 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a20b30013f9ae229d1fe86cc5992aac474a9d8e6
Merge: 62eb462 9df7407
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:29:58 2019 +0000

    Merge pull request #44 from madaidan/permission-hardening
    
    Remove SUID bits

commit 9df74072862b31871d0aad7bed8333fc8344ffec
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:33 2019 +0000

    Remove SUID bits

commit 3c2ca0257f08f2c7fa0d0adb74345110801f9fc0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:08 2019 +0000

    Support for removing SUID bits

commit 62eb462920e8614ea904a8d3517f7592e67ecab8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:46:48 2019 -0500

    skip console_users_check for Qubes users

commit ab68182e118b8e76e2ce2a749b956cf96e3d02b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:27:51 2019 -0500

    bumped changelog version

commit 2cab38a8b3f7423f8956c72f1bf6c399ea70c495
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:24:14 2019 -0500

    readme

commit 4ca9fc592029cbd28969f1e7fe56907bc7c261cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:53:10 2019 -0500

    fix

commit f68efd53cf000b92818e6c97b4c590a2c4b73a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:52:09 2019 -0500

    remount /sys/kernel/security with nodev,nosuid[,noexec]
    
    as suggested by @madaidan
    
    http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238

commit 2c4170e6f3366709c391db396a74547d4fed9589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:47:58 2019 -0500

    description

commit 2d5ef378f36af5d2d94c342c284be4395352bc34
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:39:39 2019 -0500

    description

commit 300f010fc24846b6416501929ca24c4d80eca8d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:29:00 2019 -0500

    increase priority of pam-abort-on-locked-password-security-misc
    
    since it has its own user help output
    
    so it shows before pam tally2 info
    
    to avoid duplicate non-applicable help text

commit a10597de92c316cc32ab552865a6658b38b19f5e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:04:15 2019 -0500

    bumped changelog version

commit 729fa26eca292d60bcbeaba05d8878ff6112876e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:00:08 2019 -0500

    use pam_acccess only for /etc/pam.d/login
    remove "Allow members of group 'ssh' to login."
    remove "+:ssh:ALL EXCEPT LOCAL"

commit 22b6480bc4691e76ef155452d2b9df05c5265f68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 11:44:02 2019 -0500

    bumped changelog version

commit 88bea2a6efa8823739ba65b2f5b67cb90071ca3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:53:10 2019 -0500

    comment

commit 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:51:39 2019 -0500

    refactoring

commit d2f6ac0491f179382f4b68455d19956049e6cd23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:50:23 2019 -0500

    fix, do user/group modifications in preinst rather than postinst

commit 64ae53edb90929492e11ac81e3e18bcc8164b428
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 08:25:30 2019 -0500

    bumped changelog version

commit d80bf036f3b6b70df9208d1ca603c5602298bbf8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 03:50:43 2019 -0500

    Disable permission hardening now until development finished / tested.

commit b72eb30056e186ce13b03907fc37e8d5ebb5df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:32:05 2019 -0500

    quotes

commit c258376b7ed565d0e23963ddab56ce35892ff23f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:31:10 2019 -0500

    use read (built-in) rather than awk (external)

commit 02165201ab850e32c9f9ad5c4f46cb26dd71dddb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:23:43 2019 -0500

    read -r; refactoring
    
    as per https://mywiki.wooledge.org/BashFAQ/001

commit 7467252122cb2e7600ce5ab3dce9dac2aa7a0676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:22:16 2019 -0500

    quotes

commit 9bea9960173cf06dcbc0aefa2fb3b10df1f84c69
Merge: 6f94423 af62da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:21:47 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit af62da34457a56fee43a6003036a3bb387b23b32
Merge: 6f94423 d7e2dea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 20:45:16 2019 +0000

    Merge pull request #42 from madaidan/permission-hardening
    
    File permission hardening

commit d7e2deae9250abd79ab83c2025b98476dde710d3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:54 2019 +0000

    Create permission-hardening.service

commit 6c564f6e9549462412299fd5b2f7e303409c5dad
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:11 2019 +0000

    Create permission-hardening.conf

commit 61e19fa5f1343554e9a213a1a9762cef4707ab3d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:49:28 2019 +0000

    Create permission-hardening

commit 6f944234a988b226942832473a5a6825006dcac9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:26:29 2019 -0500

    bumped changelog version

commit e64741c01e94849f7ad57231a106e45c4fe3dc65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:25:19 2019 -0500

    readme

commit c192644ee328ff8d5d244d10c082b3a871b151b1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:21:35 2019 -0500

    security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed.
    
    Thereby fix apparmor issue.
    
    > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
    > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    
    It is no longer required, because...
    
    existing linux user accounts:
    
    * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`.
    
    new linux user accounts (created at first boot):
    
    * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.

commit edcc2de71dea9cf2f94ec008d2817a0cdfdf5b7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:38:33 2019 -0500

    bumped changelog version

commit 1227ccd1f7aa8d96f70d6c5fa20aa985435ca89c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:37:53 2019 -0500

    After=qubes-sysinit.service

commit 17d81d0083b05316515461154473c8a5d769b776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:27:01 2019 -0500

    bumped changelog version

commit ebae9eef38035a75c8aa3281735eab79ed6f4c46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:25:19 2019 -0500

    skip sudo_users_check in Qubes
    
    Qubes users can use dom0 to get a root terminal emulator.
    
    For example:
    qvm-run -u root debian-10 xterm

commit 53e4717c629039104f45a1da8251e3dd1b5e3baa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:05:29 2019 -0500

    bumped changelog version

commit bc45ed385e5a2b1b53f81915698e1176359dedf7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:03:02 2019 -0500

    readme

commit ac96708b243a766d65e39a037bcf142e526a2382
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:01:11 2019 -0500

    improve usr/bin/hardening-enable

commit a345a0fb64f7b8421356b913730284b0e6e3e953
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:27:12 2019 -0500

    abort installation if ssh.service is enabled but no user is member of group ssh

commit 50ac03363f6074cc88b6a7c965a822335624924c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:18:32 2019 -0500

    output

commit c7c65fe4e7a1fb73921a1b8de25662ff2a21e2a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:15:53 2019 -0500

    higher priority usr/share/pam-configs/tally2-security-misc
    
    so it can give info before pam stack gets aborted by other pam modules

commit 3bd0b3f837d5ad8c87e59b99c6baef1e2c74507b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:10:41 2019 -0500

    notify when attempting to use ssh but user is member of group ssh

commit cea598dc1a96245c4ccd00646e9790f3c9635ffe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:43:05 2019 -0500

    refactoring

commit 54f5e02c2192a1cd6a30bc04abd77b177b1953c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:42:30 2019 -0500

    comment

commit b4265195f4823618c60274458f885ef61c2452e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:41:36 2019 -0500

    refactoring

commit 0f65b2e85c74a379d8ec5321b13e7e332d8eaaa3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:38:19 2019 -0500

    abort installation if no user is a member of group "console"; output
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7

commit 1dbca1ea2d80ff7f60a0f426b444994d6bd97d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:27:09 2019 -0500

    add usr/bin/hardening-enable

commit 19cc6d7555364c5d2ee548899679c153e1555a20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:10:43 2019 -0500

    pam description

commit 24423b42f0dc23704bddbb0f205ad3115e77d90f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:03:05 2019 -0500

    description

commit 6b01e5be149f9126308404e6a32931efb3bac277
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:01:22 2019 -0500

    comment

commit 66bebefc9fa26341c41847f35f26e16df3ce0a37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:00:23 2019 -0500

    description

commit 52e0f104cc6edf1fe0953ca815445c351f813812
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:59:55 2019 -0500

    comment

commit 731d486fa061756b129188959230cb8bf1d78fae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:58 2019 -0500

    refactoring

commit 221a2df2a2621b1d3f391ee3265af7d4f35e1b2b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:37 2019 -0500

    refactoring

commit b871421a542af37771dbe56f09cc16472aa691c7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:57:43 2019 -0500

    usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc

commit d36669596f4c71ce885e46fce66fffc7a7443d27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:56:30 2019 -0500

    comment

commit 1a0f353708832217b9bc5e3ecd044605de6adca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:47:40 2019 -0500

    comment

commit eed1f0a4620d7db5933fb29189328c934db50d9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:46:32 2019 -0500

    comment

commit 2491b6239319c52221f6c58fcfa1c3a247a9ee30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:43:45 2019 -0500

    refactoring, add all groups first before adding any users to any groups

commit 1464f01d191ee4e01ed2ec94f4faf8d17ec62b03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:30:42 2019 -0500

    description

commit 491dd4d93d133ca23eaf5c501b7ab3d3bbf52a27
Merge: 9432d16 a78a7e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:22:16 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a78a7e5571b178cbf4cddd065306d130431bc185
Merge: 373e873 6846a94
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 06:21:44 2019 +0000

    Merge pull request #41 from madaidan/system.map
    
    Check for more locations of System.map

commit 6846a943277c5ad9049cbf3e21fcd739c316cf44
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 19:38:12 2019 +0000

    Check for more locations of System.map

commit 9432d1637866087bcc2f1bf0837535a10f96faeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 12:13:42 2019 -0500

    /usr/bin/cat mrix,

commit 373e8733d37cb795c7c48642346b0b6dc6dce30c
Merge: c1800b1 447eb14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:34:42 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 447eb144325a532b0aaf7ce772d5a04005b2af1f
Merge: c1800b1 668b642
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 16:34:21 2019 +0000

    Merge pull request #40 from madaidan/system.map
    
    Remove hyphen from remove-system.map

commit c1800b13fe33a1c129dcb30c51dbead7f894b818
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:26:39 2019 -0500

    separate group "ssh" for incoming ssh console permission
    
    Thanks to @madaidan
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16

commit 668b6420de8024fdeaf948f1750beb8b62d9ffb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 14:15:02 2019 +0000

    Remove hyphen

commit 55225aa30e78e9a988527ed2da2019dc0a0b2631
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:16:07 2019 -0500

    description

commit 34a2bc16c85b06e1eccb2f72da89e198184ba72c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:15:58 2019 -0500

    description

commit d823f06c7858c1380325e3dbbbcfb1854fa64309
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:13:42 2019 -0500

    description

commit 9ba84f34c68263e5151d5b54264c1edb90603424
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:59 2019 -0500

    comment

commit dc1dfc8c20218a5ca986f49dc96cbfc71d50533e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:16 2019 -0500

    output

commit 8636d2f62995947620fbbd76fc653aab89dda7eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:10 2019 -0500

    add securetty

commit 532a1525c2350a634b14a84d94997b8db81243a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:55 2019 -0500

    comment

commit 14aa6c50774786890686fee2a6d6eed49dadcac1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:23 2019 -0500

    comment

commit 8b3f5a555ba04bb1d2e6bafb8345782aae875a51
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:25:45 2019 -0500

    add console lockdown to pam info output

commit 021b06dac95dd742952446e9ff455305c7d2b09b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:04:45 2019 -0500

    add hvc0 to hvc9

commit 8a59662a44ea46c5ba86be82ec2bc43e912c79be
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:02:45 2019 -0500

    comment

commit 090ddbe96a48424e0e3f187b917e023f9b710798
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:00:41 2019 -0500

    description

commit cda67247557ce2028017ba4e6e8824c2ae2f5118
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:56:57 2019 -0500

    add pts/0 to pts/9

commit 218cbddba9b053eac4ecb486ea7fbc9e160f18c6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:52:06 2019 -0500

    comment

commit 6479c883bf04464b299ce42185df2429f7b5cab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:40:20 2019 -0500

    Console Lockdown.
    
    Allow members of group 'console' to use tty1 to tty7. Everyone else except
    members of group 'console-unrestricted' are restricted from using console
    using ancient, unpopular login methods such as using /bin/login over networks,
    which might be exploitable. (CVE-2001-0797)
    
    Not enabled by default in this package since this package does not know which
    users shall be added to group 'console'.
    
    In new Whonix builds, user 'user" will be added to group 'console' and
    pam console-lockdown enabled by package anon-base-files.
    
    /usr/share/pam-configs/console-lockdown
    
    /etc/security/access-security-misc.conf
    
    https://forums.whonix.org/t/etc-security-hardening/8592

commit 52934c9288a596b233c1ce3b5f68a29248602c96
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:32 2019 -0500

    bumped changelog version

commit 6faa977cd73efd90809c7034d15102095adcfe63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:06 2019 -0500

    readme

commit 6d92d03b31c8251d3df72aab5e9dfa3327feed1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:54:50 2019 -0500

    description

commit 5a4eda0d05bc57680e3f3df2b84471f5f16b8356
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:53:33 2019 -0500

    also support /usr/local/etc/remount-disable and /usr/local/etc/noexec

commit 0afcc5e798823f4ed3eff2d5f94b3d3fe8ad5069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:43:21 2019 -0500

    bumped changelog version

commit 2954dcbccfb2990e95056d20fc9b279569dcacee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:24:55 2019 -0500

    minor

commit f3647e74787483f0d8076de742cc6f36645f1396
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:18:18 2019 -0500

    RemainAfterExit=yes

commit af0cf058e7ad5b26c708b1013d8ca8dc172a15e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:18:20 2019 -0500

    bumped changelog version

commit 9b14f24d5e24ac4a6facb20d4fd436f35bed305f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:17:32 2019 -0500

    refactoring

commit a6133f59125db7482c3f56110ce6ba1a17d15e09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:16:43 2019 -0500

    output

commit c1ea35e2ef54119d940b225da41c87e6db32981e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:54 2019 -0500

    output

commit 4bec41379d2baaa81930395ff2329ff42f10ff13
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:13 2019 -0500

    fix remount with noexec if /etc/noexec exists

commit bff425fec2adc3c80fee50466ef81bec19c237cf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:32:18 2019 -0500

    bumped changelog version

commit b22289f2a8e77ccd9a693871612b61842b1f48c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:30:05 2019 -0500

    readme

commit 470cad6e9176f57d33b038640b20443c3fa971fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 05:14:02 2019 -0500

    remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707

commit 8cf5ed990a3940c108d661c6c169b5720b1459d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:52:24 2019 -0500

    comment

commit 19add3299c9215d05208e3c2e748527bf87e66b5
Merge: 0c25a96 9679292
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:46:19 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 96792928787c1c129a964bd81e97450d2edb29a6
Merge: 0c25a96 af9e19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 20:33:47 2019 +0000

    Merge pull request #39 from madaidan/rp_filter
    
    Enable reverse path filtering

commit af9e19c51f256504c5c2206e31da1911872b6ef8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:14:55 2019 +0000

    Update control

commit 30289c68c24a8aa2ce5f336b79f92cffb7aa98c7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:13:10 2019 +0000

    Enable reverse path filtering

commit 0c25a96b59b5bb55c04c88015eb8b50d79815a23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 02:18:32 2019 -0500

    description / comments

commit d26ba05c4776cdff0750b872f3da70fd25fca1f4
Merge: 6ca48ff 73c6410
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 01:52:04 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 73c6410a0e1e6e56529ba8ea98681867bd8acb37
Merge: 6ca48ff 8d63da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 06:51:31 2019 +0000

    Merge pull request #38 from madaidan/distrust-cpu
    
    Distrust the CPU for initial entropy

commit 8d63da3cef6e114deaa6943ea9a633d6620a974b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:46:12 2019 +0000

    Update control

commit 5da2a27bf064d6efefd0d0ba8041e85c4941d3a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:43:00 2019 +0000

    Distrust the CPU for initial entropy

commit 6ca48fffdcab8665d75584435dd6a24d6b881347
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:22:41 2019 -0500

    bumped changelog version

commit ab696f557140fca19c09ac08ba61e9ce55947ed8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:05:39 2019 -0500

    readme

commit 25aed91eb167a092ece06a9aa4ab56fea165073e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:20:46 2019 -0500

    description

commit 0c4e5df3e0214c10390b672645d9f80ef4457392
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:18:05 2019 -0500

    description

commit 5ac2a6f9ac53f75256c655d329149bccd2d9aa37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:17:32 2019 -0500

    description

commit ff3412fbe06476cb295dfd9d61b26694f289d389
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 27 10:22:31 2019 -0500

    fix, make sure to undo pam changes on package removal
    
    Thanks to minimal for the bug report!
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11

commit 62b924eea7d50f58649e089ff9cf8d73075cac63
Merge: 9091f69 ba02dcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 13:00:36 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit ba02dcb267a95d332bd01bb3fc725e051ccb3246
Merge: 9091f69 d9d6d07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 18:00:11 2019 +0000

    Merge pull request #37 from madaidan/apparmor-fixes
    
    Fix permission-lockdown

commit d9d6d0771433700f49c4ddf156a0b5bc7098d94b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Nov 26 17:12:12 2019 +0000

    /dev/pts/[0-9]* rw,

commit 9091f69eddb76059995e2f44734437746a3fd108
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:51:36 2019 +0000

    bumped changelog version

commit 57ce06c0ebaa1e451c39b85c8db27babed4b149e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:41:45 2019 +0000

    readme

commit aa5451c8cda02e6df3dc089bf813e6acd9878a59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 01:39:53 2019 -0500

    Lock user accounts after 50 rather than 100 failed login attempts.
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19

commit 6277db1383451822769948bbebac31f719e98e74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:07:45 2019 +0000

    bumped changelog version

commit 6a6a638ef01d337da137dc04bcff984f7a36f425
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:06:28 2019 +0000

    readme

commit fe1f1b73a77d11c136cedcdb3efcb57f4c68c6af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 11:20:32 2019 +0000

    load jitterentropy_rng kernel module for better entropy collection
    
    https://www.whonix.org/wiki/Dev/Entropy
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
    
    https://forums.whonix.org/t/jitterentropy-rngd/7204

commit d32024a3da3cdfbb07f61dd3e9a52535e747de6b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 05:53:19 2019 -0500

    /usr/sbin/pam_tally2 mrix,
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152

commit 03e80238477bef26cf14a86a136d2ab688c87d08
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 14:11:30 2019 -0500

    output

commit e76e1475b0009451b930061bff553684b6490d33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 12:24:35 2019 -0500

    comment

commit a99dfd067ac8a43bdcd779cf57b3533bdaa404fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:31:55 2019 +0000

    bumped changelog version

commit 81e4f580af1ea12e79e387d4977771f37c50e7c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:29:02 2019 +0000

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix,

commit 8ad8dbea5a5c0bacd03cefb66ad8a1989e1cb0fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 18 19:16:16 2019 +0000

    bumped changelog version

commit 9a20b85fe16584dda909fd5f1aa6bbb62d06bcf0
Merge: 477d476 2b17c0f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 11:20:17 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 2b17c0f3e4dcd7cb9f2239da649b4a885c27e7cf
Merge: 477d476 e92022a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 16:19:55 2019 +0000

    Merge pull request #36 from madaidan/hidepid-fix
    
    Remove proc-hidepid systemd sandboxing

commit e92022a21cbe2df76026b36482f5c71e3471b344
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Nov 16 14:56:28 2019 +0000

    Remove systemd sandboxing

commit 477d476bb1a7507951c2c04622056de5a8d41a56
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:29:44 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include <abstractions/base>'

commit 11dc23bf082cb0579b5a4a1bc5788ec0b5140973
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:28:32 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include <abstractions/base>'

commit d1d61b106b54a360ca71bb506e2410ac70ea07ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 18:44:50 2019 +0000

    bumped changelog version

commit 9f2932faab4be91528f3404fcbace7012040dac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 13:32:21 2019 -0500

    /usr/bin/id rix,

commit 6b7df973f621dc9cbe107ee5d709600005f49e65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:57:45 2019 +0000

    bumped changelog version

commit 2e73c053b561eb2ffcd815cba8006da810b02184
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:55:00 2019 +0000

    fix lintian warning

commit 6e28774f95414c5660b76fca3696710beb2affa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:23:15 2019 +0000

    bumped changelog version

commit 94d40c68d4292c0c399c3b12e1af76cb89e7f436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 10:02:55 2019 -0500

    do not set kernel boot parameter page_poison=1 in Qubes since does not work
    
    https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012

commit f57702c1589047f5d0eff7a7bdffb928117532f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 09:55:43 2019 -0500

    comments; copyright

commit 74293bcd2f2670abf3e62ac8dad54d9f4e545bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:25 2019 -0500

    output

commit 2b5b06b602f9537c9a5473651cd1a16a4e16e5ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:19 2019 -0500

    output

commit d6977becbaf644cdc98c081b3c3e3fd366c4072d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:51:14 2019 -0500

    refactoring

commit daf00067953a61d749a07a0e0b4ec7cd397e4c39
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:50:27 2019 -0500

    comment

commit 78defc4d0bedf4a727d617f3de0294d9f59e3aa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:34:31 2019 -0500

    add /var/cache/security-misc/state-files/placeholder file
    
    to make sure folder already exists to avoid AppArmor issue
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76

commit 7c0ec7e50797c0da719f389e61445ff7d8e252b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:23:40 2019 -0500

    readme

commit b55c2fd62e200f96bd552445ad4c517d6a0aee92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 02:50:51 2019 -0500

    Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird
    to make phising attacks more difficult. Fixing URL not showing real Domain
    Name (Homograph attack).
    
    https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415

commit bf62306d4fc3b3168204254ca354028a1fe857a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:34:35 2019 +0000

    bumped changelog version

commit e1375802eb1521eb0bc9089f2ab12056fa326f17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:32:28 2019 +0000

    apparmor fix
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67

commit 6e5d8b357d977991953e153d618dbdda2b05c0e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:06:51 2019 +0000

    bumped changelog version

commit 203d5cfa6845e23d73ff3790019bac9579f3524b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 11:19:44 2019 -0400

    copyright

commit f001250ae61789bef7b2b19d5c40831273b0acca
Merge: d832ab9 5a3cbe8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 10:31:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5a3cbe81000c3a9bbc69ba03c944c6c5ae9115bf
Merge: d832ab9 0e49bdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 14:30:45 2019 +0000

    Merge pull request #35 from madaidan/apparmor
    
    Apparmor profiles

commit 0e49bdc45f6c94b3f6c2874fd48a6b1c75519790
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:14 2019 +0000

    Licensing

commit 5d5ad92638ea0ca079bbf8bb03201e8d5c030b1c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:05 2019 +0000

    Licensing

commit 0699747fcb6d79ba6abeccdba99c3bc032c615c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:24:37 2019 +0000

    Debian packaging

commit fe4e29d392ed8db5571d69b10ef0f8a24eec1829
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:22:47 2019 +0000

    Depend on dh-apparmor

commit 1b8b3610b17ae31bc81c3827cea24bd09822a0e3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:59 2019 +0000

    Create usr.lib.security-misc.pam_tally2-info

commit 29b05546e4248bdf95b62ea356bd98767e3a59b0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:08 2019 +0000

    Create usr.lib.security-misc.permission-lockdown

commit d832ab91bdd9cdbf2a9c3bbee39351082a59f759
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 23 10:22:03 2019 +0000

    bumped changelog version

commit bce5274a15e4d34907c2f65b9811dd44705c120e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:22:29 2019 -0400

    quotes fix

commit e20b9e21334ef9e16e1fd147fec4ff33f0721d4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:08:18 2019 -0400

    better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo

commit d4e02de43a068a22a9fd1b15c4d2b314baf97283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:04:44 2019 -0400

    set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass

commit 1a65a91039276f73c68feb5c19b1a3dd86b07cbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:56:05 2019 -0400

    long rather than short option

commit b55913637bb66b3c1e9fcab3d1576cb1325419ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:48 2019 -0400

    silence output by mount/grep

commit a1154170c9f65011ae1a9da51ea1d797381853a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:17 2019 -0400

    Call original pkexec in case there are no arguments.

commit 9c8f678cb935d5d63b238d4641bde84c5495127b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:41 2019 +0000

    bumped changelog version

commit 1e4d0ea1d072c193281ac176592108c88e80bad0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:05 2019 +0000

    fix lintian warning

commit 343d9cc9169dd3e0b4afebaeaa43d0051cbb5e37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:53:55 2019 +0000

    fix

commit 2d436f36021d1148862ff5e2db62577580761bf6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:36 2019 +0000

    bumped changelog version

commit af3f42dabf708b6f6e2c4e2595d6af496b520372
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:12 2019 +0000

    readme

commit 40707e70dbbf74e5ee3cd25bd2737f880d4bca5c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 05:46:49 2019 -0400

    Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
    
    https://forums.whonix.org/t/cannot-use-pkexec/8129
    
    Thanks to AnonymousUser for the bug report!

commit 31b771ac2e1cd692851f0d58191c3147d4a09335
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:43 2019 +0000

    bumped changelog version

commit 2613525b945c98c676a919cb4a9d54b90e51cbbf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:19 2019 +0000

    readme

commit 957deac5cb1e3fdf54990bad21c502388af2407e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:38:25 2019 +0000

    fix lintian warning
    
    W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19

commit d301e7f3653bdb4b56c42deab9d0566ff1b27380
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:36:44 2019 +0000

    description, fix lintian warning

commit ce6b64a9baba3763f2137c81c1e022c4e6344d3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:55:07 2019 +0000

    bumped changelog version

commit 20b7faa61fb7c425f15492fd8aaa67e4fe06a6d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:54:43 2019 +0000

    readme

commit c9d75ef9ea76fee0cff882143f289d9662826330
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:46:47 2019 -0400

    abort installation if no user is part of group sudo
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
    
    Thanks to minimal for the bug report!

commit a5045dc26e3b7d6acd6ae2c5727920824f992cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:18:32 2019 -0400

    set -e

commit 0b8725306f2c603c28ab78be7000df25ca2ea430
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:13:44 2019 -0400

    renamed:    etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf

commit 4aba02756680eb5e0dac9d84ba434edd735c68c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:12:36 2019 -0400

    syntax check

commit 8b9aa8841a67adb9b3b64a1d43022e950768bc42
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:11:01 2019 -0400

    fix

commit cfbd77040a51b68dc6e3c1f8f82861cfc4b6e761
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:10:29 2019 -0400

    set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
    does not exist or is empty

commit b05663c5f65f59ce652995c403feb9b4e088b4ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:55 2019 -0400

    shuffle
    
    https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80

commit 28a440091dd98fd4f3284cce01d692c08aa96bf1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:16 2019 -0400

    code simplification

commit 3c4e261c20ce7cab51ad9b6596db09e009efbdeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:05:23 2019 -0400

    remove trailing spaces

commit c8e0303d6d59e3303c0582ff8ab2664762199c81
Merge: 4b1b3b7 8a42c5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:04:34 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8a42c5b02387da454ff5661057be88a7c6fe9d9c
Merge: 994ca02 61f7423
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 09:59:12 2019 +0000

    Merge pull request #34 from madaidan/whitelist
    
    Add a whitelist for /sys and /proc/cpuinfo

commit 994ca024c24cf80075b2f03bc65475a5d9980d94
Merge: 4b1b3b7 259b1f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:19:46 2019 +0000

    Merge pull request #33 from madaidan/documentation
    
    Improve documentation

commit 61f742304d26e73df8433bd6fa03d33d39e39625
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:46:59 2019 +0000

    return 0

commit 259b1f2c71ec4566011a148e5bc703a41f0ebd90
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:21:24 2019 +0000

    Update control

commit ffba0e017940d2be08c1e37514d396ac39f55e35
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:04:15 2019 +0000

    Elaborate

commit 4f5b7816ecda6375b051c75a3b0aff93519b4a66
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:01:49 2019 +0000

    Elaborate

commit 99a762d3dc6ecbdb160b7840081848444b56c3fa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:53:04 2019 +0000

    KASLR is different from ASLR

commit a14a2854c6e72f2b4b3e5c8d02b63a46c3179a00
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:52:14 2019 +0000

    Elaborate

commit f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 15:39:23 2019 +0000

    Restrict sysfs/cpuinfo if the whitelist is disabled

commit af607d5eb233d85d493d796afde76728f0e0e3cd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:02:03 2019 +0000

    Create sysfs and cpuinfo groups

commit 42c1701d5ca446da37a493b27c125b78bd8d183d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:00:03 2019 +0000

    Whitelist user@.service

commit a47a2fca8bcdf8ff480cea879720b9599c491358
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:58:58 2019 +0000

    Create 30_whitelist.conf

commit 6b78dbcd07a9d2361c5ab41f5151e24a80309e13
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:57:02 2019 +0000

    Add way to whitelist things

commit 4b1b3b7d6675adbde57d9cf5cbcc880f95199ef1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:23:01 2019 +0000

    bumped changelog version

commit c19964360a6d42e73e5d2f3b90afd5f676933d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:10:08 2019 +0000

    readme

commit c22738be027f69391a4ac40ce85bfacf35ff1742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:45 2019 +0000

    comments

commit 75f36bc2c9bf5c50061f05198c504d84b128e5da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:07 2019 +0000

    comments

commit e92a8a69665f982e8b5a37f7081fa75197cde828
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:24:02 2019 +0000

    comments

commit 60c044a9d669dd816ff473f19e19b87f87cc9008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 05:30:56 2019 +0000

    copyright / comments

commit cd2135ff82de82278eaa680d30bea2fe68f94f52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Oct 6 10:18:24 2019 +0000

    comments

commit 8b4f2befd46d4db4d2a83d9e79ebcf9abf98fd02
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:15:34 2019 +0000

    comment out sack by default
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick

commit 02096f8d7c7ee1f61285cf96564616f2828aa6c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:13:46 2019 +0000

    Revert "undo Disabling TCP SACK, DSACK, FACK"
    
    This reverts commit 5fb4eb8e561e7c37cea977072944501fc32ee883.

commit 62a0239207ee355e3d07e0097c963a0ded496e76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 11:33:15 2019 +0000

    bumped changelog version

commit 54b83ae44dbda76b9b2696488194b53612bfc377
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:20:18 2019 -0400

    readme

commit 5fb4eb8e561e7c37cea977072944501fc32ee883
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:00:47 2019 -0400

    undo Disabling TCP SACK, DSACK, FACK
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5

commit c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991
Merge: 213aef6 a33851a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 06:58:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a33851a3c99a5eb9021d2d28b3164ed10025fbd9
Merge: 213aef6 d0c6bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 10:58:08 2019 +0000

    Merge pull request #32 from madaidan/disable-dsack-fack
    
    Disable TCP DSACK and FACK

commit 213aef6eb9288efffe9fb0458f0aa8a44a6dafa6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:40:26 2019 +0000

    bumped changelog version

commit aaebb32b668f4447c011f4e150f959c8d0e1ce09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:39:05 2019 +0000

    readme

commit c87fc75f2a7d6ed38362729d27030f83b08292d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:36:21 2019 +0000

    fix, run remove-system-map.service during sysinit.target

commit 25b674678472623c06d948f4cbb967f360ba15f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:54 2019 +0000

    fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target

commit d2bc3a2a08a00c68f05ed99caf16aad0b1e11ea4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:41 2019 +0000

    chmod +x usr/lib/security-misc/hide-hardware-info

commit ffe0d62c8148ec60f7528002e988b969ebb868ca
Merge: ddc778b 7bcf73d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 04:49:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 7bcf73deaa1c77f9c650d8844ad94d24e38746fd
Merge: ddc778b 7345287
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 08:46:21 2019 +0000

    Merge pull request #31 from madaidan/hide-hardware-info
    
    Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root

commit d0c6bb1e9064ffdf45f7ac606f708c3f5e7dc247
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:35:54 2019 +0000

    Disable TCP DSACK and FACK

commit 7345287560bc701f8b4aead985238d66104b228c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:32:52 2019 +0000

    Use sysinit.target instead

commit e06eeec6788a46a28682b2c83f1de9f83eacf3bd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:42:06 2019 +0000

    Disable hide-hardware-info.service by default

commit 87917d2f03d5e510f4e2cbdbea2a7692146e820b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:38:07 2019 +0000

    Add licensing

commit b06ab912c04d3d8746afa7492d0c3bb17bf71932
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:37:29 2019 +0000

    Add licensing

commit ec5fcf813b80347e5d8aa55dbd5d77860e62ccc6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:50:48 2019 +0000

    Update control

commit ce97e5ed8203809619d8fdf630242712c188cede
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:29 2019 +0000

    Create hide-hardware-info.service

commit 9449f5017a6feff7e70d625d54d75d514ed2e596
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:14 2019 +0000

    Create hide-hardware-info

commit ddc778b45281b9f7f42496ffbd4f2137d6fa9d5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:34:11 2019 +0000

    bumped changelog version

commit 75258843e9d4da9b0be7aec42528e093e0861992
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:43 2019 +0000

    copyright

commit 8e39cea876a8ff9ca496b9230dd13e4201f1e2f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:25 2019 +0000

    comment

commit bac462f2112d0290cad82717e1efed19c8fafac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:02 2019 +0000

    comment

commit bec680d4f3ccc406c5d8c5a67d7957be04f6a0de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 12:30:23 2019 +0000

    pam_tally2-info: fix, do nothing when started as user "user"
    
    xscreensaver runs as user "user", therefore pam_tally2 cannot function.
    xscreensaver has its own failed login counter.
    
    as user "user"
    /sbin/pam_tally2 -u user
    pam_tally2: Error opening /var/log/tallylog for update: Permission denied
    /sbin/pam_tally2: Authentication error
    
    https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698

commit c2e444479cf723a7ddb3c51cd6394795daba108e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:08:13 2019 +0000

    bumped changelog version

commit c9425a1404af73bf5d92fd7d1665130335d9e789
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:07:50 2019 +0000

    readme

commit 619550da2393dfe683be827a51d4390b6280ace1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:00:24 2019 +0000

    description

commit b95b66e42986a359835127d6c56aabb1e9d9008f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:56:37 2019 +0000

    description

commit ae804a15e73a4a8b9ef3b605e3fca7ba24e135a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:21:02 2019 +0000

    description

commit 3d187dab99cd6d0a2906e73c86e0dd8c94cbc648
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 12 12:50:42 2019 +0000

    bumped changelog version

commit f13a73e569e6adacd38aaa59f4484919a3896359
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:35:42 2019 -0400

    undo SysRq restrictions
    
    https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079

commit fbd1a5bde922be9c571d54567c977618e2c4bfc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:23:00 2019 -0400

    hidepid before sysinit.target

commit 1f75a1065049a1c75e0cb597f2bcc1a8e0eca93b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 12:10:24 2019 +0000

    bumped changelog version

commit 1b4391417619a51cfe22d9eee21d9fa644d145b6
Merge: 9d875d7 d0b3bc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:36 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit d0b3bc7d3da6a4e3a04adb85cc5c7aa6c22bb466
Merge: 9d875d7 60db7e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:19 2019 +0000

    Merge pull request #30 from madaidan/patch-23
    
    fix typo

commit 60db7e6294ab405a862c1cbc62140c9e89208b25
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Sep 7 20:08:56 2019 +0000

    fix typo

commit 9d875d7c31b4cd15873709c57ebb338d89477ab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:11:32 2019 +0000

    bumped changelog version

commit b3103b1ba8a1b8d7718ee167230dc938bc8b64b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:10:35 2019 +0000

    readme

commit 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:47:34 2019 +0000

    blacklist modules with /bin/false rather than /bin/true to fail with error
    
    message rather than failing without notification

commit 8132052ce01215a98cb4464e5f78d75349e77b10
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:44:23 2019 +0000

    run update-grub from postinst so /etc/default/grub.d changes take effect

commit 661bcd8603425934188cf139f33e20675ff4b765
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:39:56 2019 +0000

    allow loading unsigned modules due to issues
    
    https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23

commit 9ee9309f542472a8c8045df44573a5ec38e32a90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:04:57 2019 +0000

    bumped changelog version

commit ea0779e42aa8416c142eb3d37f8cede42794e0f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:00:20 2019 +0000

    rm_conffile /etc/sudoers.d/umask-security-misc

commit 3a9939dccbea16408e8ba1c739748234bde68d89
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:40 2019 +0000

    bumped changelog version

commit 51705c201bd9959a77a53201e492100b751d0508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:17 2019 +0000

    readme

commit 5960c1682a5177355147fce67c383ce6f861d60c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:46:22 2019 +0000

    description

commit fccfacfdafd197951e5a9598b9fb47309021ec84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:45:54 2019 +0000

    description

commit cb8170fd800816c2f6123cd67819340da8f51551
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:44:56 2019 +0000

    comment

commit ccdbc52b82993f0078c16ba99248eb4569539344
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:43:55 2019 +0000

    comment

commit 051856bc8e587250d9b6936661d8f05d965c3e59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:42:38 2019 +0000

    remove trailing space

commit 610d3488e9d4372c442eeb33c57a4a791c48267b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:33:06 2019 +0000

    bumped changelog version

commit b15becd48d3437b8a3965b84d5cdb80012fe32e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:32:42 2019 +0000

    readme

commit 0e20e33d1629e532e77e1f3e21b546ea125f28b0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:31:57 2019 -0400

    description

commit 0b3dcef13d6462d9586908a91ff4d976070b26a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:30:40 2019 -0400

    description

commit f2e5883b4c72118d00f77e4dfc3187e5d9bf6391
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:29:48 2019 -0400

    description

commit a4913ae092e26af4368e0f493b8b79d11329eb18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:28:43 2019 -0400

    description

commit a2aeb401a25f3576b8ed95b62fd47edad8e61e2c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 13:44:37 2019 +0000

    bumped changelog version

commit 3a5bdddf5c790829252ff7d5443a3d4d3b9218d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 08:43:46 2019 -0400

    depend on adduser

commit 8bbebf64cff87ce37a100a1da74cfd0e811ed571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:41:27 2019 +0000

    bumped changelog version

commit 07cba361ed663672de3d0263e8262c61b4d43b4e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:39:56 2019 +0000

    readme

commit 0ae5c5ff14c308ff5307926fbe6d93f44e1c7615
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 12:14:22 2019 -0400

    remove umask changes since these are causing issues are are not needed anymore
    
    thanks to home folder permission lockdown
    
    https://forums.whonix.org/t/change-default-umask/7416/45

commit 41c4682280b7bc8e700d9ed41b55e464c0511b69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:57:12 2019 +0000

    bumped changelog version

commit e77260fd9cab49f85d5790188485dce7f9eeee23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:53:55 2019 +0000

    readme

commit 793c9b6801ffda5d75d389b8e7a2a6d140d8d382
Merge: a74b983 44d62e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:48:23 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a74b983283e9aa1662cd6be87148184f380fa297
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:46:59 2019 +0000

    remove LLC - IEEE 802.2 from blacklist
    
    since required by KVM
    
    https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
    
    https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22
    
    https://github.com/Whonix/security-misc/pull/29

commit 44d62e05b5a60a3d45afd829fb67970afa7678b7
Merge: 0140df8 a8b6281
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:45:52 2019 +0000

    Merge pull request #29 from onions-knight/patch-1
    
    Update uncommon-network-protocols.conf

commit a8b62811199b6c4e5d86439cd0fc9e9c18dc027b
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
Date:   Mon Aug 19 11:30:57 2019 +0000

    Update uncommon-network-protocols.conf
    
    Removing llc from blacklisted network protocols as it is needed by KVM for networking.
    See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107

commit 0140df866839d4f02ba5988eec8c72a71136482a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:43:28 2019 +0000

    virusforget

commit 113ab4256861edc068ea09b2d8fb96355cb71867
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:31:23 2019 +0000

    virusforget

commit 416906d4f9ad522a65d8847c9d03f4497bbd898f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:19:35 2019 +0000

    virusforget

commit 2d867d9fee691ba088cf42badc4def562d82bd0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:10:18 2019 +0000

    virusforget

commit 8e76e6b8b3129bcda1c82322cc56e31edac43e3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:48:12 2019 +0000

    fix

commit 3f068f77febebbe425f9d6cd1ef2d620fb6ec379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:47:20 2019 +0000

    keep cache folder outside of reach of user since even user can remove files
    
    owned by root in its home folder

commit 1fa1efa58e6f719766394bc8b94d4aa4076bdc0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:22:09 2019 +0000

    credits

commit 1e026a3ebbacb1011edbbf5b0fbcfe7b5e6338c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 18 22:50:44 2019 +0000

    initial development version of VirusForget

commit e15b5603057fd9c67ac1ab34493e8b9f05fbac9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:54:08 2019 +0000

    bumped changelog version

commit c897682794639fa7848acf5ba4b33aabbbcd0644
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:53:45 2019 +0000

    readme

commit e535232728ec7ff6846a3102b73707c549ea64c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:49 2019 +0000

    description

commit 7ffdd7c240b55c1d5fae9279b42319a5e8be74ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:42 2019 +0000

    description

commit 207399439f29b4b421a8e91fc1b965d9e82ba35c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:36 2019 +0000

    description

commit d4fb485e7090a7424f3f80b18b010fbc9859283c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:35:31 2019 +0000

    description

commit 41b2819ec88364290c5d91daa2236919ea589c1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:33:47 2019 +0000

    PAM: abort on locked password
    
    to avoid needlessly bumping pam_tally2 counter
    
    https://forums.whonix.org/t/restrict-root-access/7658/1

commit e0e25364e2d14459b918eea2cb63cbe10b8371f3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:57:48 2019 +0000

    bumped changelog version

commit cfd18d4486c763a79bc174bded7d8cf0b3dd567f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:56:29 2019 +0000

    readme

commit ed90d8b025c1f852856fea0e620c240f35e78a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:55:20 2019 +0000

    change default umask to 027
    
    as per:
    
    https://forums.whonix.org/t/change-default-umask/7416/47

commit b9127faac300024f7d8851d41037bebd5d3fe05c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:51 2019 +0000

    bumped changelog version

commit e004a5e0cf22c5add683ed8c1ff6f88bdc4053ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:25 2019 +0000

    readme

commit f9e3825e9166b9814beb5e0a8e30caa540e66a27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:09 2019 +0000

    fix lintian warning

commit ec99720811c53bf0ad3a1f36e0d34371ebc6d283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:59:14 2019 +0000

    bumped changelog version

commit 6a68c3bd9cd47a8542460a95d90bcf7e34d9f768
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:57:30 2019 +0000

    readme

commit 224f95799c36f56c2165fe9284abaceaa84f1d3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 11:15:25 2019 -0400

    sudo default umask 006
    
    https://forums.whonix.org/t/change-default-umask/7416/43

commit 17cfcb63b6358f51a65df9623bc23ddf869b06cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:50:56 2019 -0400

    code simplification; report locked account earlier

commit 5754671c460c67bd7d8e064841383ea7b7f90824
Merge: 34672b8 9781598
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:36:43 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 97815986321b6daf9c1f0c6f33a4b282ca05438c
Merge: 34672b8 85502ad
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:36:00 2019 +0000

    Merge pull request #27 from madaidan/patch-21
    
    Blacklist bluetooth

commit 85502ad430f560070806c8b95b7fed3fe7028587
Merge: 4a6f87f 34672b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:35:51 2019 +0000

    Merge branch 'master' into patch-21

commit 34672b88a86285e1d3eaf35f0a2b3c2e974ffd26
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:18:02 2019 +0000

    bumped changelog version

commit a11e3cea9eb160ba84dbc273ea4cb48bc687158f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:08:48 2019 +0000

    readme

commit ff9bc1d7ea81a8507f44d9bb1301b9665614ebdd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 13:37:28 2019 +0000

    informational output during PAM:
    
    * Show failed and remaining password attempts.
    * Document unlock procedure if Linux user account got locked.
    * Point out, that there is no password feedback for `su`.
    * Explain locked (root) account if locked.
    * /usr/share/pam-configs/tally2-security-misc
    * /usr/lib/security-misc/pam_tally2-info

commit 454e1358220abf75def0d88a22426086a55c0802
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:33:41 2019 +0000

    pam_tally2.so even_deny_root

commit 63b476221c7b9ece6b99f9e194fab80e300275d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:30:56 2019 +0000

    use requisite rather than required to avoid asking for password needlessly
    
    if login will fail anyhow

commit ce4a30d3cecb7e9bddb96c79aab871804cb90bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:52:26 2019 +0000

    bumped changelog version

commit a7c25a451c78f7b9a5720e1b6fc7d168eb0afa4f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:50:53 2019 +0000

    remove unneeded dependency on libpam-cgfs

commit 633854c6bec439af9718439c8207012322800166
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:13:25 2019 +0000

    bumped changelog version

commit 0feb54b28e90b5c4cfcd529914a3892362c34966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:10:18 2019 +0000

    add Depends: apparmor-profile-anondist to fix apparmor issue
    
    sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
    kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

commit 8fdc77fed553d7ba6123d738b9cb3efe98f3f08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:33:23 2019 +0000

    output to stdout

commit 5213cfbcdcb41a5aa714d1031b36436adeb0359c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:08:18 2019 +0000

    bumped changelog version

commit 2875adb7221769dcd23ef701dae8b9ad24708590
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:07:55 2019 +0000

    readme

commit 01b3a0bfaeda0dad87644ad8d54c61e07dd501f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:52:53 2019 +0000

    description

commit 547ba91d799780487782cdd8088c556d978494e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:45:30 2019 +0000

    sanity test

commit dee195d89e94ff343cec60308cbbb5464d2a7b18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:40:41 2019 +0000

    description

commit 799acad724977dea220c2228f9da0db3d6b5170e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:39:43 2019 +0000

    skip, if not a folder

commit 6321ff5ad5938a929d4a997b4f1b03db2ac4b5fd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:38:44 2019 +0000

    refactoring

commit 15094cab4fbbb1fd0c20bd8241ea20bd6c0bd331
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:36:30 2019 +0000

    avoid ' character in usr/share/pam-configs; in description

commit 97d1945e61053efd3b73fb9f761b3ea1c9271cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:32:58 2019 +0000

    no log needed, informative output to stdout instead

commit a085d46c567b0b5dbbaddd8f3e5873d87d904c4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:31:58 2019 +0000

    change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown

commit f8c828b69a8f52108d19af4076e718930b5dcd07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:19:02 2019 -0400

    output

commit e5da6d9699de1d3c4aaefee7d301a4c47f33e4bd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:54 2019 -0400

    copyright

commit 1595789d7c310c80196345e06b6bacc8fb7c0baf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:16 2019 -0400

    comment

commit ce06fdf91103afbaf84523ce998570af733b5bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:15:53 2019 -0400

    formatting

commit 21489111d107023f150988137180154ba62e1ff2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 08:34:03 2019 +0000

    run permission lockdown during pam
    
    https://forums.whonix.org/t/change-default-umask/7416

commit 42f2d5f6664f15baebdaf200a5690cf32cdbe284
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:39:28 2019 +0000

    description

commit 52df8dc0149d597c3106daa7112a01db444e34f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:37:21 2019 +0000

    optional        pam_umask.so    usergroups umask=006

commit f210294f4091b6a09c902a446b125c26022c5d2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:24:24 2019 +0000

    description

commit dbea7d1511d8e1b2604960d37146ec931d9dfe15
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:22:14 2019 +0000

    add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
    
    on kernel package upgrade;
    
    self-document this package: during upgrade the following will be written
    to stdout:
    
    Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
    /etc/kernel/postinst.d/30_remove-system-map:
    removed '/boot/System.map-4.19.0-5-amd64

commit f1d8cbc9fb2b800205923cce77a8e242dddd133c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:02:09 2019 +0000

    bumped changelog version

commit 41f4441d9dc5777d4ea7424f8422164c548da091
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:47 2019 +0000

    readme

commit a82448d46af4fb9dce2de84025b8b820a11fae01
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:25 2019 +0000

    description

commit ff8c0979435b491cf462c5ef6e8e02f6d85f1d81
Merge: 6f8acf0 a8ea379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a8ea37952669b3f40a452cb580442126ec44233a
Merge: 6f8acf0 9a49b8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:34 2019 +0000

    Merge pull request #28 from madaidan/patch-22
    
    Require all loaded kernel modules to be signed with a valid key.

commit 9a49b8ecbb863a995862a4d380c6a03f6c0991ac
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Aug 13 13:33:07 2019 +0000

    Create 40_only_allow_signed_modules.cfg
    
    Require all loaded kernel modules to be signed with a valid key.

commit 6f8acf06d79c77e3bee15cc8696a433271e2b7c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 12:07:07 2019 +0000

    bumped changelog version

commit 52cee9128316d649ba7ffa9600d0fdc33c99a9a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 11:39:32 2019 +0000

    readme

commit aacd9c7679b05b7ee59df484f21a24fe7aa5901d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:34:38 2019 +0000

    description

commit c0b5c70de498d891e4edd5b9af2292909be36776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:33:22 2019 +0000

    description

commit 2f37a66fd009c9cba423c0f95833a71c8669af46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:31:29 2019 +0000

    description

commit e83ec79a25d09b2467e2389959d87267bab7f1f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:30:51 2019 +0000

    enable usr/share/pam-configs/mkhomedir-security-misc by default

commit 1eb806a03ef25bb387fa80f45dd6509925437048
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:29:49 2019 +0000

    pam_mkhomedir.so umask=006

commit c50eb3c9b07b9e54951eb08206db6d28383f6cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:28:55 2019 +0000

    add usr/share/pam-configs/mkhomedir-security-misc based on
    /usr/share/pam-configs/mkhomedir

commit 75769151cd7980042357f18c5567adab2a031049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 11:37:02 2019 +0000

    bumped changelog version

commit a2fa18c38159161418edcdaacb1baad215f5d31d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 07:07:28 2019 -0400

    pam_tally2.so deny=100
    
    during testing, due to issues
    
    https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12

commit d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:06:39 2019 -0400

    effectively (not directly) add "required        pam_tally2.so debug" to /etc/pam.d/common-account
    
    This is required because otherwise something like "sudo bash" would count as a
    failed login for pam_tally2 even though it was successful.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=707660
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 0f896a9d8d6f7c125311a0e226755f8a00214f3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:05:37 2019 -0400

    add onerr=fail audit to pam_tally2

commit a703865dcf736996a58e6f684fc02f0e9dfa8cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 12:02:41 2019 +0000

    bumped changelog version

commit 1fe3036a4903588b89edd82e7097a665271fd27f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:13:43 2019 +0000

    readme

commit e076470f68dc18908c5ab1889232aaaa0fcb9f3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:58 2019 +0000

    renamed:    usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc

commit 830111e99aa6f45688c4ba00a7f41ea323f15f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:22 2019 +0000

    split usr/share/pam-configs/security-misc
    into
    usr/share/pam-configs/tally2-security-misc
    usr/share/pam-configs/wheel-security-misc

commit 5d0aec1321b4f46f1834ba9ad166d2445a995fbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 19:12:27 2019 +0000

    bumped changelog version

commit 89d32402b2dd2182dc6e7788d41708eaaeeb02c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 14:52:29 2019 -0400

    fix, do not use "," inside /usr/share/pam-configs files

commit 4a6f87f3fa104f0e0a62809fe08f7d07d15dd9f7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:33:28 2019 +0000

    Update control

commit 5a4ea39566621431e931d5bc09957e04f18bbeee
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:30:57 2019 +0000

    Create blacklist-bluetooth.conf

commit 864de10659d0145ae8883b98b1746a7debc9492a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:17:51 2019 +0000

    bumped changelog version

commit 47368ae4fccc85ab3197f07316b03c123187f9a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:15:30 2019 +0000

    readme

commit c09fb208d163be4ff7ace9f41cfee03147018cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:44:50 2019 +0000

    bumped changelog version

commit ac1220e14bd9428420cf01ef68e5acb690b6afa4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:59 2019 +0000

    depend on sudo so group sudo exists during postinst

commit 09f75fb1ff03d7a95951a0f6bcb9d84f1744b583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:36 2019 +0000

    description

commit 2ad087dcd9e4fd3e747a47577b9d4ba1088d6a33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:30:40 2019 +0000

    description

commit 404f597c0aaddeef3c8c555d2d7f5a9993f9e512
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:29:42 2019 +0000

    description

commit c921872016672073927fce34ed764263c8d6db5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:27:13 2019 +0000

    description

commit 39e1b1c5f0622c062f12c532400ca170d3eb789f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:26:25 2019 +0000

    update file path

commit cf906687561acee7f61fdf100b801d670a74a94f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:25:02 2019 -0400

    lock user accounts after 5 failed authentication attempts using pam_tally2

commit 3e29761560085f9e3d84250e29a2ea5e34766432
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:17:06 2019 -0400

    debug at the end

commit 5cdb3edb321046bf9dc09e91665e63faf16e9786
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:16:41 2019 -0400

    usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc

commit 031a1c8751504b00f131fd8d518f59b975353369
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 22 01:16:18 2019 +0000

    bumped changelog version

commit f38f307b37d2efb036c5b4e85f48921b0acfadeb
Merge: 8c538ba b2582fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 09:12:33 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b2582fbd4c2364c7bca95b4038eec2ef2a2fae41
Merge: 8c538ba 077899c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 12:40:37 2019 +0000

    Merge pull request #26 from fepitre/fix-files
    
    Fix files

commit 077899c23d518416cd9ee801a3607585d3a51aab
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:23:06 2019 +0200

    Add .gitignore

commit 5fbe7537613a2034d80983e095cdd8d2971b1bcc
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:19:35 2019 +0200

    spec: update %files section
    
    QubesOS/qubes-issues#1885

commit 8c538ba318e5524d07034f2f718e4b5ae483176d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:38:26 2019 +0000

    bumped changelog version

commit 1c7441ddf194fd54f40f1b0d16c408fd29d49b9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:16:14 2019 +0000

    alias /etc/securetty -> /etc/securetty.security-misc,

commit 940054d53ff9b7027f414268370245627675a60a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:08:23 2019 +0000

    bumped changelog version

commit 08d37471d486f13aebeb2c355280f3b207eb044b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:06:17 2019 +0000

    readme

commit c0a4a10d6b89000735227f51464cc1ce76f8419b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:05:11 2019 +0000

    description

commit 7352b2ac31d7fde7e15da044c7f7279d7eddc8ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:03:54 2019 +0000

    description

commit b153e8f7df1f2a8e815b910aa6962ae3abe80755
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:48 2019 +0000

    fix path

commit 4bf2360b9579b12775487e4215af5afa1c180f04
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:27 2019 +0000

    description

commit 9f2e300e72263380a0a99e59efe636652f4a8ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:48:33 2019 +0000

    description

commit d044780c04e0bcfc9d91a0cf6fc26d9f778bb50d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:42:14 2019 +0000

    description

commit 75e5714d183b8ad08bc7a96643b2a38727620530
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:40:01 2019 +0000

    description

commit 8c2f983578a0af63258bfe7e2b95f230e43df860
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:39:42 2019 +0000

    description

commit 2299ed041f101f1fa9711d83a31ad6e8d07d3023
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:36:51 2019 +0000

    passwordless recovery / emergency console
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
    https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d
    
    https://forums.whonix.org/t/restrict-root-access/7658/46

commit 50036b2934410b57936a4909d022d436cd27cdfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 19:13:57 2019 +0000

    bumped changelog version

commit 3f9437f1ecfd292f06ce021f12cb5430da280f84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 14:25:19 2019 -0400

    Revert "set back to default group "root" rather than group "sudo" membership required to use su"
    
    This reverts commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c.

commit 1b772c6a9aac9e6c203c0c89b49e589a2b6e83d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 19:45:52 2019 +0000

    bumped changelog version

commit 2499ae0890bb524d3756e6135d5d6986e74210ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:28:50 2019 -0400

    description

commit d0124b24d19e0c34c23931bd252ccffe2f786b3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:27:56 2019 -0400

    description

commit 4b604bbb240d5fb32428ef0aafde3d6646752d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:26:47 2019 +0000

    bumped changelog version

commit f21fa8d95d19665e1cb1320062007472284bd9b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:03:30 2019 +0000

    readme

commit 5c741d2149f12554e63d0fcb0d129cbbdad66569
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:02:30 2019 +0000

    shuffle

commit d247b7534b9e3a161fdba296c32dd85b7e91a665
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:01:46 2019 +0000

    sort description by categories

commit 168ea5a660561fdaa438fdf88f6cecf1f2677324
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:48:17 2019 -0400

    shuffle

commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:44:28 2019 -0400

    set back to default group "root" rather than group "sudo" membership required to use su
    
    since root login will be locked by default anyhow
    
    Thanks to @madaidan for providing the rationale!
    
    https://forums.whonix.org/t/restrict-root-access/7658/42

commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:16:49 2019 +0000

    description

commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:11:59 2019 +0000

    fix, add 'group=sudo' and 'debug' for debugging
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 1731196c9fda93233917bcf6dba48834be03a448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:51:32 2019 +0000

    bumped changelog version

commit 6af2d7facb391724d48dece28c1a34f4aaaf3929
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:25 2019 +0000

    copyright

commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:04 2019 +0000

    set -e

commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 17:59:49 2019 +0000

    use pre.bsh

commit 7afddb028f423254adcd6026aaf12627cebbee17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:30:39 2019 +0000

    bumped changelog version

commit c13485f532203dbb3675d367be3bc16811719442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:29:10 2019 +0000

    readme

commit ea90f95f1c7b8200db222e42a5f72221212a71e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:40 2019 +0000

    cleanup

commit ea8b22ee78439a3cd5f7305f9588940320740ab9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:14 2019 +0000

    shuffle

commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:25:08 2019 +0000

    description

commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:23:39 2019 +0000

    formatting

commit 41675ddcff4d561282db9b43d2d9f993a39600c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:21:34 2019 +0000

    removed: The amount of hashing rounds used by shadow is bumped to 65536.
    This increases the security of hashed passwords.
    
    Since we do not do that currently.
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:20:14 2019 +0000

     Removes read, write and execute access for others for all users who have home
     folders under folder /home by running for example "chmod o-rwx /home/user"
     during package installation or upgrade. This will be done only once per folder
     in folder /home so users who wish to relax file permissions are free to do so.
     This is to protect previously created files in user home folder which were
     previously created with lax file permissions prior installation of this
     package.

commit 4740e8b3357914aee16079b980b8861376cd222c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:13:55 2019 +0000

    cleanup

commit 834fcc4671a50f10426a62cb5986d79f991903b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:17:16 2019 +0000

    bumped changelog version

commit e9eb38b5dbbddffb12103c14edc3745e239365a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:04:09 2019 +0000

    formatting

commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:58:47 2019 +0000

    bumped changelog version

commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:57:51 2019 +0000

    remove no longer shipped files in etc/pam.d/*

commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:55:31 2019 +0000

    bumped changelog version

commit cb668459e81d74baf28ac43173bb50c7210e37a4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 10:35:10 2019 -0400

    port umask from /etc/pam.d to /usr/share/pam-configs implementation
    
    https://forums.whonix.org/t/change-default-umask/7416

commit ac25733de871b0da5ef42e2e0283a44d94ac3112
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:01:53 2019 +0000

    remove etc/pam.d/common-password.security-misc rounds=65536
    
    due to unclean implementation, see:
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 12:33:51 2019 +0000

    convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
    
    https://forums.whonix.org/t/restrict-root-access/7658/32

commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 11:41:37 2019 +0000

    remove modifying to /etc/pam.d directly (unrelased)
    config-package-dev displace /etc/securetty
    remove trailing spaces
    
    https://forums.whonix.org/t/restrict-root-access/7658/31

commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:28:04 2019 +0000

    bumped changelog version

commit aee6b346359db4973fdc80d565f7a6972bb884a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:26:17 2019 +0000

    fix lintian warning

commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888
Merge: f5356ce 93190eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 14:08:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1
Merge: f5356ce 1aee08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:08:01 2019 +0000

    Merge pull request #25 from madaidan/patch-20
    
    Improve documentation of blacklisting uncommon network protocols

commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:30:09 2019 +0000

    Update control

commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:28:56 2019 +0000

    Update uncommon-network-protocols.conf

commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:26:14 2019 +0000

    Update control

commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:16:38 2019 +0000

    bumped changelog version

commit bea98474ba8a189b4c174ce6613547b8f377de68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:21 2019 +0000

    chmod +x usr/lib/security-misc/panic-on-oops

commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:01 2019 +0000

    fix lintian warning

commit 2a893c0562438aaf0c34a25538a8e21bb11ba197
Merge: 3df6a44 a54500c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:50:35 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a54500c6f18719520ae66c335870d3e8f03e9e14
Merge: 7d3a615 1e4d349
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:37 2019 +0000

    Merge pull request #23 from madaidan/patch-18
    
    Blacklist more uncommon network protocols

commit 7d3a61564dc01b899466defe957a7bc65d38dc89
Merge: 3df6a44 932524c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:08 2019 +0000

    Merge pull request #24 from madaidan/patch-19
    
    Move disable-coredumps.conf to correct position

commit 932524cbd1b15df06bd4e395dc391dd489ba100f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 15:28:48 2019 +0000

    Move disable-coredumps.conf to correct position

commit 1e4d3495167c0305ec1fce8568658a06750df674
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:28:39 2019 +0000

    Update control

commit 4058e283a542900e7c8bcc060012d7c33964e36a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:27:19 2019 +0000

    Blacklist more uncommon network protocols

commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:37 2019 +0000

    Remove duplicate

commit a8b44c75f9ca6df1460ce0feca647f2f370f8833
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:07 2019 +0000

    Update control

commit 2d27bdd808374a71cd9d7187326be99420411583
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:55:37 2019 +0000

    Blacklist more uncommon network protocols

commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:56:23 2019 -0400

    also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops

commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c
Merge: 8793708 e4bb770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:55:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit e4bb77037e9327eea7b8fd92961192613d6e0763
Merge: a9441e7 0f15303
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:48 2019 +0000

    Merge pull request #21 from madaidan/patch-16
    
    Make the kernel panic on oopses

commit 0f15303eb4dd5701cae5b3985be47918e2e4700a
Merge: 45f8102 a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:24 2019 +0000

    Merge branch 'master' into patch-16

commit 8793708906d037746a2e946177d8a4d1884b391a
Merge: 50c00fc a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 03:23:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a9441e7be4794e88f782f1ff5dd95f00e3928279
Merge: 50c00fc 24b326d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 07:21:47 2019 +0000

    Merge pull request #22 from madaidan/patch-17
    
    Restrict access to the root account

commit 24b326d906375bb543b936936519231f51154dcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:24:41 2019 +0000

    Update control

commit 24d9eadcb267b34ce31981d841e58d4e2c769793
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:59 2019 +0000

    Use 65536 hashing rounds

commit 86117d957763a4dd07fb9a84c07a2934a02d32f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:19 2019 +0000

    Create common-password.security-misc

commit 8ad9a54b094a4a15ef726f513e38c953cc247b80
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:17:17 2019 +0000

    Don't allow root login from a terminal

commit 890298a3c882000a8351186521e9c1852dec298a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:15:56 2019 +0000

    Restrict su to users in the root group

commit 38099a2a5d830a522fd51b9d9953ae47a14c5289
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:11:17 2019 +0000

    Create su.security-misc

commit 45f8102d565512938e5c533ffcd4cc06ea68b580
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:04:47 2019 +0000

    Update control

commit 2a1742705563c264b3ea634345373cce2986d283
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:01:30 2019 +0000

    Create security-misc

commit 4ac700ded0cca668f585ea466e167f055783e28d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:59:39 2019 +0000

    Create 50panic_on_oops

commit 52c61011d4000b49edb0783fcca05952b0da7ee2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:58:56 2019 +0000

    Create panic-on-oops

commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 8 00:23:52 2019 +0000

    bumped changelog version

commit 223b6918339dc53b8ff8499d3d52210ee07e24a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:39:58 2019 +0000

    add 'Depends: libpam-cgfs'
    
    https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick

commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:00:27 2019 +0000

    bumped changelog version

commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 22:18:47 2019 +0000

    shut up pam-auth-update

commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:31:56 2019 +0000

    move to pam-auth-update --force
    
    --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.

commit 8399a1136788dfbbfd5dfb5c11356776e90326cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:11:08 2019 +0000

    bumped changelog version

commit d4c79cce69d454202304a7d8369fa7b0f1c50946
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:09:26 2019 +0000

    add "Depends: libpam-runtime" so pam-auth-update is available
    
    for Debian maintainer script

commit f68b96241c6afc7dffa8831f35d38bf1bf49508a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:08:28 2019 +0000

    comment

commit 91fb21aafbab4811ac2055decae0fc58f624c259
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:51:40 2019 -0400

    Due to error:
    Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
    Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
    
    run:
    pam-auth-update --package
    from Debian maintainer scripts

commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:37:46 2019 -0400

    apparmor fixes (this broke whonixcheck apparmor profile)

commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:39:12 2019 +0000

    bumped changelog version

commit 3558a9949fe9924d027b267152125b33e25085c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:37:25 2019 +0000

    Enable APT seccomp sandboxing.
    
    Thanks to @torjunkie for the suggestion!
    
    https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702

commit 93e81b433036ef2f226d0a2b1422034aba54ea3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:28 2019 +0000

    bumped changelog version

commit 3cd1a5ec094cff0151c888418b7b14d5413eb353
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:00 2019 +0000

    fix lintian warning

commit b73cdfd7cc3918633459315f5d9867f6a8798208
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:53:10 2019 +0000

    bumped changelog version

commit 7b0b9da32c660e527741a56543c78ee3ac93d541
Merge: 6df7b3c 649878f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 07:06:54 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0
Merge: 6df7b3c 8888147
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 11:06:25 2019 +0000

    Merge pull request #20 from madaidan/patch-15
    
    Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt

commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:26:31 2019 +0000

    Update control

commit 46409be8b664db730113b4495ef69bee0f41c53a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:25:28 2019 +0000

    Use install instead of blacklist

commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:24:44 2019 +0000

    Blacklist n-hdlc

commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 15:23:49 2019 +0000

    bumped changelog version

commit f82731698c20028531de673903faca10aa136416
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 14:53:01 2019 +0000

    re-enable PrivateNetwork=true

commit 81b38529d92e9bea79db8694200d70b08d3b42a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:58:20 2019 +0000

    add copyright for files in etc/pam.d/*

commit 552b6edbedfbb346c1738ea3edbad16368780c7b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:51:00 2019 +0000

    fix machine readable copyright format

commit a05264934b1160f44966e3e0b32e54841b15dd06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:46:01 2019 +0000

    add copyright for etc/login.defs.security-misc

commit 48e511347c7d85478b8593e55f061a53aefbafaa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:37:55 2019 +0000

    fix lintian warning

commit 93c08210545dd77b608515351154bcc16c8464b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:35:45 2019 +0000

    config-package-dev displace files for change umask
    
    https://forums.whonix.org/t/change-default-umask/7416

commit a73f0566e978afb6d5b9693bf432a2496bedd61f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:25:23 2019 +0000

    change default umask to 006
    
    session optional  pam_umask.so usergroups
    
    https://forums.whonix.org/t/change-default-umask/7416/17

commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:24:29 2019 +0000

    revert to Debian buster original

commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae
Merge: 24cc8e3 8c60e7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 09:21:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75
Merge: 24cc8e3 cfaafe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:20:21 2019 +0000

    Merge pull request #18 from madaidan/patch-14
    
    Change the default umask to 006

commit 24cc8e380df8706cd8e9765d89bd44ac78c58936
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:43:02 2019 -0400

    comment out proc-hidepid.service hardening for now
    
    since broken in Qubes Debian AppVMs
    
    https://forums.whonix.org/t/kernel-hardening/7296/104

commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8
Merge: 3c176ce 344d009
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:08:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:07:14 2019 -0400

    allow permissions openat mkdir
    
    since required in Qubes Debian templates

commit 344d00903250d699fc64d7fa9fad80475ade92e5
Merge: f26ad14 b8f2aee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 06:39:28 2019 +0000

    Merge pull request #19 from madaidan/patch-15
    
    Add licensing to proc-hidepid.service

commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:22:43 2019 +0000

    Add licensing

commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:16:12 2019 +0000

    Update control

commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:59 2019 +0000

    Update common-session-noninteractive

commit a9af85f58529e0dcb154b669bd53aba8333d5634
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:16 2019 +0000

    Update common-session

commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:11:31 2019 +0000

    Create common-session-noninteractive

commit 501901f7c04514c66a4f97f5eb0e523aa55a1094
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:54 2019 +0000

    Change default umask to 006

commit 09a5c27f475ea6947180088b4efb615101fdbf9c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:29 2019 +0000

    Create common-session

commit a319333493ad1839ff7fb1d4b6f43dc719b57844
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:09:51 2019 +0000

    Create login.defs

commit f26ad14d4cab627c04dfa375ac831a3a09c9a165
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:58 2019 -0400

    bumped changelog version

commit b8ace6e3f6a94268e0f63907e62bf968445ae548
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:31 2019 -0400

    bump

commit f3a48009878e0edb033633d609f82a167cd8e616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:23:51 2019 +0000

    bumped changelog version

commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:38 2019 -0400

    fix package description

commit e47339706170c92b8db44f014942ea7d94d1ff9e
Merge: 24b19c5 ec78a3e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:12 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec
Merge: 9525ff8 67de524
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:28 2019 +0000

    Merge pull request #17 from madaidan/patch-13
    
    Disable coredumps

commit 67de5247c8e7cd68c851a3d62168e9de69000afe
Merge: dbfb9e1 9525ff8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:04 2019 +0000

    Merge branch 'master' into patch-13

commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32
Merge: 24b19c5 22267c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:09:23 2019 +0000

    Merge pull request #16 from madaidan/patch-12
    
    Mount /proc with hidepid=2

commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:21:46 2019 +0000

    Update control

commit 024a698249392bdc6ebd362a2c978bc0e02bd55f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:20:38 2019 +0000

    Update control

commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:19:04 2019 +0000

    Create disable-coredumps.conf

commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:16:50 2019 +0000

    Create coredumps.conf

commit f040081a5998fddd1ea4bc30140e41c405842371
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:13:52 2019 +0000

    Prevent setuid processes from creating coredumps.

commit c6b669f1a53bfef08a82994422f9e1b627a937d5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:11:13 2019 +0000

    Create disable-coredumps.conf

commit 22267c895b15e10c98bae365ef2bef12f95454aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:30:41 2019 +0000

    Update control

commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:28:41 2019 +0000

    Update proc-hidepid.service

commit dcf57bebf0d28089045a29477f26ad35d1041392
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:27:24 2019 +0000

    Create proc-hidepid.service

commit 24b19c597685233e3ebc7a5200bf929319f8a63f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:35:13 2019 +0000

    bumped changelog version

commit befa03fea80c53bac3c4b1bb530be2f965ce6157
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:34:48 2019 +0000

    fix lintian warning

commit 250919b821a00c93ee4fe7d92f6f3ed812110aac
Merge: ecf5d80 60e6dfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 06:06:02 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e
Merge: ecf5d80 9e9c854
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:05:34 2019 +0000

    Merge pull request #15 from madaidan/patch-11
    
    Update control

commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:34:35 2019 +0000

    Update control

commit b26d861dffdbca124322cbfbda99ab71a3142e06
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:33:48 2019 +0000

    Update control

commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:20:53 2019 +0000

    bumped changelog version

commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:18:30 2019 +0000

    fix lintian warning

commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:17:35 2019 +0000

    chmod +x usr/lib/security-misc/remove-system.map

commit fe69dc6173e8a3e45ff7996597e9e50f09033279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:09:35 2019 +0000

    bumped changelog version

commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:02:49 2019 -0400

    update files list

commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd
Merge: 0a0be1a ab31223
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:00:21 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b
Merge: 5e02100 3801a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:59:16 2019 +0000

    Merge pull request #14 from madaidan/patch-10
    
    Add some hardening for other distributions

commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
Merge: 7e12e16 b809185
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:58:32 2019 +0000

    Merge pull request #13 from madaidan/patch-9
    
    Remove System.map and restrict the SysRq key.

commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
Merge: 0a0be1a 641407c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:57:42 2019 +0000

    Merge pull request #11 from madaidan/patch-7
    
    Protect against DMA attacks

commit 3801a53a9e01aafa3783276059a7907f5b20b96e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:17:58 2019 +0000

    Update tcp_hardening.conf

commit c54125270b44140b9ecfe0420205ac685b2a3505
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:15:57 2019 +0000

    Create dmesg_restrict.conf

commit b8091850082fe1b956d6cff11fc7aa17786e693e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 16:09:52 2019 +0000

    Update remove-system-map.service

commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 15:03:54 2019 +0000

    Update remove-system.map

commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 12:59:45 2019 +0000

    Use a for loop to detect if System.map exists

commit 3116a56f1353681fbb97d4e7f92ee069f2577b33
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:25:32 2019 +0000

    Create remove-system-map.service

commit 382e336f69097f3baa7693da6aaf8833b05cf322
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:20:27 2019 +0000

    Create remove-system.map

commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:16:43 2019 +0000

    Restrict what the SysRq key can do

commit 0a0be1ad2889182b15d5851740ff43fb75773571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:57:42 2019 +0000

    bumped changelog version

commit 7806af14193f195e825678471ba65c64e07d7d0a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:51:53 2019 +0000

    readme

commit 4e32438d75726014573b35c9b101abf59dfc3ba4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:47:05 2019 +0000

    debian/control syntax fix

commit a098b18560e30ef238f693bf8f05933489027dd4
Merge: 2a62899 90d676e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:46:30 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 90d676ec1864bd915310673d134d62d10a17a42f
Merge: 2a62899 1a07d90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:45:31 2019 +0000

    Merge pull request #12 from madaidan/patch-8
    
    Update control

commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 19:26:03 2019 +0000

    Update control

commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:46:52 2019 +0000

    syntax fix
    
    GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
    
    https://forums.whonix.org/t/kernel-hardening/7296/70

commit f1147318c04642f355eae96786c26ec1cb53977c
Merge: cd73466 aec6da2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:41 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74
Merge: cd73466 2178fb3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:24 2019 +0000

    Merge pull request #10 from madaidan/patch-6
    
    Enable more kernel hardening parameters

commit 641407c8e9c728429ec86e7c89e431896d88e116
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:38:50 2019 +0000

    Enable IOMMU

commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:34:45 2019 +0000

    Blacklist thunderbolt and firewire

commit 2178fb37a85808df0c455f7dd76fc72516d6ff28
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 17:54:34 2019 +0000

    Add more kernel hardening parameters

commit cd7346699c10e258d5af5f51ad56493e98e4eb1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 12:22:13 2019 +0000

    bumped changelog version

commit 60334797d003f63606645220fbc66393eb30cde0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 09:00:12 2019 +0000

    /etc/sysctl.d/tcp_sack.conf

commit d404624bacf220e5545c8e5ffbace937924c77cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 08:38:01 2019 +0000

    bumped changelog version

commit ae50d8134294d3746235d383c18fc187c18717d7
Merge: 5269cfe cd7172c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 03:59:58 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit cd7172c00cbf0cb69e159b6159ef0bfff663a507
Merge: 5269cfe 807ac7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 07:59:35 2019 +0000

    Merge pull request #9 from madaidan/patch-5
    
    Disables SACK.

commit 807ac7d65916071e4294f42d62b8b2353255c4bc
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 22 16:08:30 2019 +0000

    Create tcp_sack.conf

commit 5269cfeef99b500e4aa7c883434f3d5554559d16
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 05:40:04 2019 +0000

    bumped changelog version

commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810
Merge: ca1aa1e f9dc1b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 04:05:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea
Merge: ca1aa1e 2e81885
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jun 20 23:54:58 2019 -0400

    Merge pull request #8 from marmarek/packaging
    
    qubes-builder integration

commit 2e81885f691201e2229dadfd5ec7b554980ac689
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:52:01 2019 +0200

    Add rpm packaging
    
    QubesOS/qubes-issues#1885

commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:51:33 2019 +0200

    Add Makefile.builder for qubes-builder (Debian)
    
    QubesOS/qubes-issues#1885

commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jun 10 15:42:58 2019 +0000

    bumped changelog version

commit 8b5e84d76a762b6c8cac8626245d5311afbea221
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:53 2019 +0000

    cleanup, delete debian/security-misc.maintscript to fix lintian warning

commit f9acd890a703ce375ed07ad9e1be2bed019e49a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:24 2019 +0000

    lintian

commit 49873e8e0286f7604399c7e857c7714271991956
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:06:58 2019 +0000

    solve package file conflict
    
    https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375

commit d5127e716632af2f494e9b41571c44a56a887667
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 11:32:12 2019 +0000

    bumped changelog version

commit 9fe58728102f92d0584ef128c53f5e99d3956d92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 00:05:35 2019 -0400

    fix debian/watch lintian warning debian-watch-contains-dh_make-template

commit e7edbe5fb446f869e7b64802038f410c74ce538c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 20:48:59 2019 +0000

    bumped changelog version

commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 12:29:08 2019 -0400

    readme

commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:38:13 2019 +0000

    bumped changelog version

commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9
Merge: 65d7eb8 244234c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 18:25:47 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5
Merge: 65d7eb8 7177c60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:25:13 2019 +0000

    Merge pull request #7 from madaidan/patch-3
    
    Disable uncommon network protocols

commit 7177c6041a9b086a4cb90504a492136b4da732a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 20:30:49 2019 +0000

    Create uncommon-network-protocols.conf

commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 20:25:46 2019 +0000

    bumped changelog version

commit a2b184e5bb9942aa63a36fb918b203053a53f1e4
Merge: 71bf635 7d7b899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:53:27 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 7d7b899dd13f7123822bf269a639c68ff5cb737e
Merge: 71bf635 b814f33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:52:52 2019 +0000

    Merge pull request #6 from madaidan/patch-2
    
    Even more kernel hardening

commit b814f338b803ae33380551919b00144bb63a53b8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:33:03 2019 +0000

    Update tcp_hardening.conf

commit e6794721bd181f8884cd3817b5ae3c6c58747ae7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:29:20 2019 +0000

    Update ptrace_scope.conf

commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 11:08:32 2019 +0000

    bumped changelog version

commit c040117fe47acad2e5c76baa55d42a6ec9223955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:50:34 2019 +0000

    lintian

commit 26fe4305a1fd072a8608f62a30129ad249203684
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:48:27 2019 +0000

    bumped changelog version

commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 02:58:45 2019 -0400

    update path to pre.bsh

commit 137bc073c5d65988cce832336ebee5c47071e732
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:38:25 2019 -0400

    port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
    
    https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick

commit 3bd4da6794067708f517b099548c0aa2a2b65146
Merge: c80b746 b00a264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:32:29 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b00a264ce27c48584879d85275a3fa3f19030906
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:29:36 2019 -0400

    Disable thunar-volman by default.

commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 20:37:53 2019 +0000

    Create fs_protected.conf

commit 0296e51e06d94cea598fcad3bdbfa165e519a47b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:46:37 2019 +0000

    Create ptrace_scope.conf

commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:45:53 2019 +0000

    Create tcp_hardening.conf

commit 4216299ee847da0bdf4c714451a70b69f5881d8c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:42:55 2019 +0000

    Create kexec.conf

commit c80b7465bfb9164fb300dea71c38f58672199b17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 09:58:44 2019 +0000

    bumped changelog version

commit f917c27a197d49b7bcdbfe065fe0696792d05350
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:51:14 2019 -0400

    remove trailing spaces

commit 83e12f8e89cf0269daeca36946cdef07e23075b3
Merge: 74cdecf 5177444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:50:35 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5177444d624a8a935c461ebe1065d451d2f8da0f
Merge: 74cdecf 02e8888
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:46:03 2019 -0400

    Merge pull request #5 from madaidan/patch-1
    
    More kernel hardening

commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 20:17:33 2019 +0000

    Update 40_kernel_hardening.cfg

commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:42:03 2019 +0000

    Create 40_kernel_hardening.cfg

commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:36:30 2019 +0000

    Create mmap_aslr.conf

commit 197c1120a9f9f9a38548e4341d12b404fe72fde9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:35:42 2019 +0000

    Create harden_bpf.conf

commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:34:41 2019 +0000

    Create kptr_restrict.conf

commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 11:34:25 2019 +0000

    bumped changelog version

commit 09c35d5da251c190febaeb3437e151612597375d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 10:56:56 2019 +0000

    update

commit db9e60c894c06d316f124659571c4b360e3fc08b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 6 12:13:43 2019 +0000

    bumped changelog version

commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 14:06:00 2019 -0400

    port to debian buster

commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 09:26:18 2019 -0400

    fix lintian warning

commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 4 05:51:06 2019 -0400

    port to debian buster

commit db5c3ccde6edcafc5467674176c94008765c0ecc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 3 18:05:56 2019 -0400

    readme

commit 2913acda63b8d2309392ef7af6833a407d7cfa3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 10:02:51 2019 +0000

    bumped changelog version

commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 09:03:18 2019 +0000

    https://www.whonix.org/wiki/Dev/Licensing

commit c5768683f402289456375bb64a40250474005c25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 12 11:36:25 2019 +0000

    bumped changelog version

commit 811852656e5fdeae19c2a942207e4318c2f9b14d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 1 14:32:41 2019 +0000

    add improved legal protections clauses
    
    The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
    
    The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
    
    * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
    * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
    
    [1] https://www.debian.org/social_contract#guidelines
    [2] https://www.fsf.org/news/canonical-updated-licensing-terms
    [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
    
    For more considerations, see also:
    https://www.whonix.org/wiki/Dev/Licensing

commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 28 06:33:14 2018 +0000

    bumped changelog version

commit 63b080f40bab38bdb1c91519b90c3988640970d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 06:27:52 2018 -0500

    fix hiding network bookmark in thunar by default
    
    Thanks to @Algernon for suggesting the fix!

commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 03:08:20 2018 -0500

    Disables network bookmark by default.

commit 2bd6dabc7c523d7680917753e61130cf78d7067e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:55:41 2018 +0000

    bumped changelog version

commit 0c020af885b3dfb2924102e6cf41a5af114cc140
Merge: f9e1877 6f240c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:53:47 2018 +0000

    Merge remote-tracking branch 'origin/master'

commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb
Merge: f9e1877 f84f988
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 04:53:25 2018 -0500

    Merge pull request #4 from Algernon-01/master
    
    Enable hidden files and volume management again.

commit f84f988118e30a2a3d4d74ed008c1a626c35c365
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Thu Nov 8 07:22:35 2018 +0000

    Enabled hidden files and volume management.

commit 5aebf292149cca72cba3416c0de0f927d76d3281
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Fri Nov 2 10:16:09 2018 +0000

    Security and general settings for Thunar.

commit f9e18772d72abeb1d14e3dc2740950f91900ee69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 1 07:42:29 2018 +0000

    bumped changelog version

commit 4ecd32ef9996442532b78ae1d46694d0e452cec0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:26:13 2018 -0400

    description

commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:22:43 2018 -0400

    disable previews in thunar

commit 256e4bac52d6c93a957ef47d07be2b7a0add8435
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 13:20:11 2018 +0000

    bumped changelog version

commit 73e5319711b897beb8fecae57f7552d764e438e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 10:46:00 2018 +0000

    'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)

commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 27 16:49:44 2018 +0000

    bumped changelog version

commit 1211aee0206b0d829b1101348b2a9836996ceef9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Aug 21 05:18:37 2018 +0800

    readme

commit c296cba838f64ad4bf96b281c2e2de410a3db589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 1 15:18:55 2018 +0000

    bumped changelog version

commit edbf198a930de31a1423b962979583a1d9775e70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:50:36 2018 +0000

    readme

commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:38:57 2018 +0000

    update copyright

commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:22:05 2018 +0000

    update copyright

commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:15:17 2018 +0000

    update copyright

commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:09:42 2018 +0000

    update copyright

commit 674d2d8abf38842d43a1ea10668d860b258c7f70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:35:29 2017 +0000

    bumped changelog version

commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:26:29 2017 +0000

    readme

commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 26 14:37:34 2017 +0000

    bumped changelog version

commit dc2c9a9992551f5967e09b31a90721a9aadaf962
Merge: 61bd4d0 91ff0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:43:18 2017 +0000

    Merge remote-tracking branch 'origin/master'

commit 91ff0c2571b41710440006e770b8295c03b3a295
Merge: 61bd4d0 6e5e5d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:42:37 2017 +0000

    Merge pull request #2 from HulaHoopWhonix/patch-2
    
    Update README.md

commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Tue Mar 14 13:11:44 2017 +0000

    Update README.md

commit 61bd4d05b76088657e392cb311983617b8a68750
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 16:16:32 2017 +0000

    bumped changelog version

commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 15:00:33 2017 +0000

    "$@"

commit f6bc1884855d84599ee731f694e0073f1df73ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 28 15:22:54 2017 +0100

    comment

commit 18e23af784e69e1bd40725a23acac9aaa3b167ab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:59:37 2017 +0000

    cleanup

commit 6195450eb2721d987f185f127a5435e8c7f798cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:57:04 2017 +0000

    No longer ignore duplicate apt sources in apt-get-wrapper.
    
    No longer acceptable because these generate lots of noise in the terminal.

commit 191918027c1971bfb871abb438c4917e5b98bb74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:43:02 2017 +0000

    adjust apt-get-wrapper for Debian stretch's apt-get

commit 2130b4c654ae5e3f94e7febe00a47e3969858770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:16:32 2017 +0000

    use python rather than unbuffer
    
    because unbuffer eats exit code when process is killed

commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 19:36:38 2017 +0000

    apt-get-wrapper:
    - fix exit code handling
    - code simplification

commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 02:04:00 2017 +0000

    bumped changelog version

commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 00:17:36 2017 +0000

    add missing dependency tcl8.6 (which is required by unbuffer [package expect])

commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 26 23:57:17 2017 +0000

    fix, show progress during apt-get-wrapper
    
    fix, propagate signals to apt-get child process

commit 49cde21078ccc9f623add6f587ee719843647ee7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 21 19:54:41 2017 +0000

    Whonix 14 KDE plasma 5 fixes
    
    https://phabricator.whonix.org/T633

commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:37:10 2017 +0000

    minor

commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:32:04 2017 +0000

    override glib-compile-schemas with || true in postinst
    
    https://phabricator.whonix.org/T500

commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:25:28 2017 +0000

    disable previews in nautilus by default for better security
    
    copied solution by @unman
    
    https://github.com/QubesOS/qubes-issues/issues/1108
    
    https://github.com/QubesOS/qubes-core-agent-linux/pull/39
    
    https://phabricator.whonix.org/T500

commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 17 14:08:56 2017 +0000

    bumped changelog version

commit c59d15d48f1950697d4e1da13282688f4f483ea5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 15 20:46:22 2017 +0000

    Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
    
    https://phabricator.whonix.org/T633

commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 17:30:31 2017 +0000

    "$@"

commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 02:37:08 2017 +0000

    add usr/lib/security-misc/apt-get-update-sanity-test
    
    a CVE-2016-1252 sanity test script

commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 13 17:26:59 2017 +0000

    readme

commit 0bb059093f7b4940836057b069bbec3a51ed91ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:47:52 2017 +0000

    remove faketime from Build-Depends:
    
    since no longer used for reproducible builds

commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:35:25 2017 +0000

    remove debian/gain-root-command workaround

commit 90f175e117d9ca2b84072bee129539569143e10c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 8 14:26:26 2017 +0000

    double apt-get-update wrapper timeout from 120 to 240 seconds
    
    since it takes a bit longer than 120 seconds for me on a fast connection

commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 15:35:31 2017 +0000

    bumped changelog version

commit d80d576953ccea7f183bfe4b1e13655ebc03e557
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 13:11:38 2017 +0000

    fix lintian warning

commit 59633fbc604207947427839004afcbc8c8d5e4d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 08:35:40 2017 +0100

    packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support

commit 814d6c5f74dd4808f28a0650909672be62639cd1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 12 02:56:55 2017 +0000

    bumped changelog version

commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 02:33:44 2016 +0000

    apt-get-update: implement SIGINIT trap; hide 'ps' output

commit c4089d8d4017f713631fbc5f09ccf7047dcb7008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:36:04 2016 +0000

    update path to /usr/lib/security-misc/apt-get-wrapper

commit 7b01fb934140afdcd8f7275c92cd557a1080d18e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:35:17 2016 +0000

    remove obsolete comments

commit 8160cfe1d720707895172a18608366ddd65f9ec6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:29:31 2016 +0000

    moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc

commit 7b3ef3a00f28592852ee701d4ce3803348de6999
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 10 02:30:50 2016 +0000

    bumped changelog version

commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 21 17:42:55 2016 +0000

    readme

commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 10 16:10:30 2016 +0000

    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:27:58 2016 +0000

    bumped changelog version

commit 192d1e0cee505a59c5f62d01022562b12ca6646e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:19:54 2016 +0000

    /etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
    
    https://phabricator.whonix.org/T486

commit 492ce128909cfda8645738b092fd9e8722c64aa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 7 22:54:45 2016 +0000

    bumped changelog version

commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:53:40 2016 +0000

    fixed package description and package description linitan warnings

commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:36:59 2016 +0000

    added 'Replaces: tcp-timestamps-disable'
    
    https://phabricator.whonix.org/T486

commit 7b54755841907c2b86b12eed5035860e17445193
Merge: 10c87b8 be086ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:35:07 2016 +0000

    merged tcp-timestamps-disable package into security-misc package
    
    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit be086aea597ff5e4db29f56fa57399c67568d4b6
Merge: 10c87b8 d0eceae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:34:17 2016 +0000

    Merge pull request #1 from HulaHoopWhonix/patch-1
    
    Create tcp_timestamps.conf

commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:38 2016 +0000

    Update README.md

commit 989f2f54e22ff676df83463edaca439a4695af49
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:05 2016 +0000

    Update control

commit c7d88571e48fface5fc24d7d471724303e374f37
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:16:10 2016 +0000

    Update control

commit 27200cd98f6d2be7e55765a8d17a075299db7b2e
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:57:15 2016 +0000

    Update README.md

commit 92d738db56f048f2ee5de0239ddd6ba141373f99
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:53:12 2016 +0000

    Create nf_conntrack_helper.conf

commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:48:06 2016 +0000

    Create tcp_timestamps.conf

commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 21:05:03 2015 +0000

    updated README.md

commit ba7b06ce302006a12fe7886c4338b5e44a571fa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:16:14 2015 +0000

    bumped changelog version

commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:14:00 2015 +0000

    deactivate preview in Nautilus

commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:39 2015 +0000

    bumped changelog version

commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:24 2015 +0000

    initial commit