commit 45ce0ff74d8f42d6a424e0742989008403891f8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:16:43 2023 -0400

    debugging

commit b81a991731e912fa0f7d4ca59b0531bafb02a25a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:15:11 2023 -0400

    fix

commit 292a5c3a8a37bc9dd807913bd76826e57e978b67
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:11:31 2023 -0400

    fix

commit bb57b1a289cc64cc5b2ab5518c151df5355a9f29
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:10:51 2023 -0400

    fix

commit 4f6f45fb3902f6c49d01b5ccb33a4e24804cd02a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:01:54 2023 -0400

    bumped changelog version

commit 181a6424796b1cafc87a8d74aad197135381a389
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 10:01:38 2023 -0400

    root check

commit 84fd41931ce3ba4d6e3785dc8052ee14ce62b80e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:44:17 2023 -0400

    /var/run -> /run

commit 33d97a2560fe4aaab24f90057e825802541a408b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:39:54 2023 -0400

    improve output of remount-secure dracut module

commit c409e3221e179437ed0b162dde1e72cd116ba795
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 09:36:03 2023 -0400

    implement remount-secure

commit f472ce690ae350085d40cfd5ec46084dc559a51d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:57:35 2023 -0400

    comments

commit 90f2b5e11c341c38bb0b11db603ceeba28e14b1c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:51:37 2023 -0400

    code simplification

commit 167683ce763e97838e62950f00313b63d7c968b0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:50:57 2023 -0400

    code simplification

commit 05e9accf64a3a6bfa24aac7aaa62620f814b05d1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:12:30 2023 -0400

    bumped changelog version

commit e065f85c8809d04a9a4c041dd8b9b81bacd04e24
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 08:10:48 2023 -0400

    add remount-secure dracut module

commit f0ee470ecd0fc37125165dd6a5cefb47339b14b4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:51:05 2023 -0400

    comment

commit e257f2a3806ba7013e8e47005fde1385044bc8d9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:50:14 2023 -0400

    remount-secure:
    no longer use /usr/libexec/helper-scripts/pre.bsh as not simple with dracut

commit 27b3ba8bdf2556066a4be02cd1be9a4451a591b2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 07:06:00 2023 -0400

    bumped changelog version

commit ed11c68ac64c1ec4eaa590dbb56734d450c89b04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:51:52 2023 -0400

    move remount-secure to /usr/bin/remount-secure to make it easier to manually run

commit 6f4bf57ff2bc878f03a50d91a5db0afaf897d70e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:48:56 2023 -0400

    `remount-secure`: add support for `--force`; output

commit 6dec5cb1d6b841bc6ea92986d6567902109f5ed0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:32:19 2023 -0400

    debugging

commit bc768aa196a08218aac0b6ef1c4ca013f2034122
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:31:57 2023 -0400

    output

commit c069c73109b45fbb8fa230ad4f90f4252db730f2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:29:38 2023 -0400

    refactoring

commit abc35927345e14bbe4b9f13d205a648ce7a8bd8d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 06:23:48 2023 -0400

    remount-secure: stricter error handling

commit 59a5fea25d0b0c39a6e7b3b11f9242ebe5eaa462
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 05:41:56 2023 -0400

    documentation

commit ac63b0eb3db3d168908459fecd6b3275cce015bc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Oct 22 05:41:11 2023 -0400

    remove duplicate

commit ef3f1575733c668f652326cdb4f4fba8c71bf0ed
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 14:19:24 2023 -0400

    bumped changelog version

commit ae2c1c5a7a02a5f3f6a8bcd4a90fdc9e3b512e62
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 14:18:50 2023 -0400

    fix xession environment variable

commit 43375fa1f4d32f04907edf1297fef737342b49ea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 12:34:59 2023 -0400

    bumped changelog version

commit d543825d85a5d84274c21cd85db6df777948606e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Oct 21 12:24:59 2023 -0400

    comments

commit dd43ab634d9ab0a59234798e1b14ba99099c65c9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Oct 13 15:22:58 2023 -0400

    bumped changelog version

commit 645ee814e4f3dc330dd6fb24ec4fac0e278c4f42
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Oct 13 15:22:48 2023 -0400

    fix

commit 13a4f37e50805a0e51b8f63808e166318e39a074
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 12:51:37 2023 -0400

    bumped changelog version

commit 2d4524108445829d7ac80e828e9a1442cf038a6b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 11:37:01 2023 -0400

    avoid duplicate environment variables

commit e96e6aa38e29888a64fa35f85becc1596118a812
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 10:43:40 2023 -0400

    bumped changelog version

commit fa820e897895eda93011a0f2bbd915ffffcb1459
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Oct 12 10:40:27 2023 -0400

    refactoring environment variables loading mechanism

commit 358e4226f1b3db32e560e4bbe1c663828eac7059
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:48:35 2023 -0400

    bumped changelog version

commit 81ad786dfcdd416056c6ae8a9d02231bda6fcbde
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:19:07 2023 -0400

    Kicksecure

commit ab56b7ca0cf1a2cb6bc19514750ca618f4ebb7fe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jul 17 11:10:05 2023 -0400

    Kicksecure

commit 29aaf13c13ec1023d33e84442db0f5afeaa4436d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 23 08:18:12 2023 +0000

    bumped changelog version

commit 8a6baea99017fd971ae4a5e89599b87bc945b276
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 22 16:16:15 2023 +0000

    comment

commit 609c8c0697ecf3414e38de9d32dc367a25172802
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 21 09:36:44 2023 +0000

    bumped changelog version

commit 94a326ec7ff8704be224e76b2f3f9c2a12cbd4a7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 21 09:11:31 2023 +0000

    bookworm

commit b610cdcbcd85ee4c433a3df0662e225b52b592cd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 16 11:09:02 2023 +0000

    bumped changelog version

commit 0c56d3d9d2dd1b40b07226b70d3d1b9343757d1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jun 16 10:49:05 2023 +0000

    readme

commit 63599a09d795d82b0f069f88d73fd607129af0ef
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 14 09:59:20 2023 +0000

    bumped changelog version

commit 25760f70246dd07376465d9a4222098fd24b8516
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 13 08:34:41 2023 +0000

    bookworm

commit be990188f56f059585cf70589de03afb992b9ea2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 12 18:01:55 2023 +0000

    bumped changelog version

commit 07b3ce0bcdb6ddb72c7064f527ff4d6250b54ad2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 12 16:22:32 2023 +0000

    Standards-Version: 4.6.1.0

commit 4e28ace103e11373d1b5cf5de8be6b1f94c567ce
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 17:31:59 2023 +0000

    bumped changelog version

commit b11a336b4ff6c748d20aade6e98b25c251bd8c8e
Merge: c921d4e b0b73db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 16:58:11 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit b0b73db3c84f8cc7594b6b181e0e495cd7e92571
Merge: c921d4e cf003df
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 12:57:46 2023 -0400

    Merge pull request #126 from raja-grewal/Comment
    
    Update comments

commit cf003dfad85434f5a52524fdd97a7f619ba82429
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue May 16 02:11:44 2023 +1000

    Update comments

commit c921d4e915af50dd1773016b0015be584e1e3f5f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 11:56:30 2023 +0000

    bumped changelog version

commit 39676395f814007f74ce1edb0aee0ada4d4fa478
Merge: 6511dac 1f38fcf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 11:34:57 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit 1f38fcfefa1ccd732e4500522cc0978bda69ab0b
Merge: d66a9ba 6ab400c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 07:34:16 2023 -0400

    Merge pull request #125 from JeremyRand/typo
    
    mmap-rnd-bits: Fix typo in error message

commit d66a9bac551e7544eed592a69f576d27880e2bf3
Merge: 6511dac 9d23717
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon May 15 07:34:00 2023 -0400

    Merge pull request #124 from JeremyRand/doc-aslr
    
    README: Document mmap-rnd-bits

commit 6ab400c9d982bde16271052f181c87255046037e
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Tue May 9 10:55:31 2023 +0000

    mmap-rnd-bits: Fix typo in error message

commit 9d23717b6d3f94d8fad5ab00628dcbf41fa2cab5
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Mon May 8 13:45:18 2023 +0000

    README: Document mmap-rnd-bits

commit 6511dac1d4aea1800ce8e51d1f6cdbae4d31e10c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 12:00:12 2023 +0000

    bumped changelog version

commit 0c10b3f0383d69c2d504b3e346da68b056d1dca8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:59:59 2023 +0000

    output

commit a815c9b9867b0ec56737e60eb1dfeec6a57af6f1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:54:31 2023 +0000

    bumped changelog version

commit 5d4d04a2ebeeea7e096c1680779f2897a03838c6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:54:00 2023 +0000

    output

commit 2d465c624975cc2ca308878e0ef1508316d3316e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat May 6 11:51:25 2023 +0000

    refactoring

commit b756314eb894dde4d017e0aec5876b56f0178de4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:09:32 2023 +0000

    bumped changelog version

commit 014a28ba07406e5d69f86e90ddb8a27b3778c3a8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:04:21 2023 +0000

    comment

commit ec01c1a99630f44a73763b019a1bad6dc52bbf4e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:02:31 2023 +0000

    minor mmap-rnd-bits improvements

commit 3dc406f138ee3dc81b54db2c8c4b795fc6b7c9d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 15:01:22 2023 +0000

    minor

commit 40e940ec58928049bb38b85d15beaead80740192
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:54:24 2023 +0000

    minor mmap-rnd-bits improvements

commit f4fd0f90120e8983b37bc5822cf98a215d25990e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:53:07 2023 +0000

    minor mmap-rnd-bits improvements

commit a8e4121befe19bb7d2f74582655a14bded23a37d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:52:07 2023 +0000

    minor mmap-rnd-bits improvements

commit 9184e6bb921a9c7356e8d2c7216a1da91f963304
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:51:19 2023 +0000

    fix

commit 89168ef40ce713b27974e4e38f6e3e63646d78bc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:49:56 2023 +0000

    minor mmap-rnd-bits improvements

commit d6d79e96c9a3f25b75d92a46dc97d6191d6ac691
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:44:29 2023 +0000

    minor mmap-rnd-bits improvements

commit 15d0ee100834e01e3f17ee179c3120f37eb3cae5
Merge: 1137e6c 2d40bbc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 14:37:34 2023 +0000

    Merge remote-tracking branch 'github-kicksecure/master'

commit 2d40bbc8fec7ceea47b64fdebc9e751b26e0cf27
Merge: 5c6db28 48a68ba
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 5 10:14:43 2023 -0400

    Merge pull request #120 from JeremyRand/aslr-ppc64le
    
    vm.mmap_rnd_bits: Fix ppc64le

commit 48a68ba237895c0c6c24ebd256ae6a9adec2628f
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:43:41 2023 +0000

    mmap-rnd-bits: Handle unwritable /etc/sysctl.d/

commit 434cfb427f739258bd3280ce148cdbe85c800f8a
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:36:05 2023 +0000

    mmap-rnd-bits: Check that configs are valid integers

commit 76ca8a27f94d89ed783b900257934c0749e631ce
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:29:14 2023 +0000

    mmap-rnd-bits: Handle missing kernel config file

commit 2cf105700a98297f65026e43b435fe017a04ba07
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Sat Apr 22 04:08:20 2023 +0000

    postinst: Don't fail if mmap-rnd-bits fails

commit 61f63255acdf942e52af35d7f6d1c271a671e6f7
Author: Jeremy Rand <jeremyrand@danwin1210.de>
Date:   Fri Mar 24 12:32:58 2023 +0000

    vm.mmap_rnd_bits: Fix ppc64le
    
    Probably fixes a bunch of other non-x86_64 arches too.

commit 5c6db28881463e8c764872a8cd268c23ac64b8f1
Merge: 8a34d6c ed5f8be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Mar 31 04:52:55 2023 -0400

    Merge pull request #122 from raja-grewal/tcp
    
    Remove outdated comment about SACK, DSACK, and FACK

commit 8a34d6c067bdebc513f34cd3c434b0675f118e10
Merge: 1137e6c 7a4212d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Mar 31 04:52:18 2023 -0400

    Merge pull request #121 from raja-grewal/copyright
    
    Update Copyright

commit ed5f8be9ebd4f34c8b8de78abe0a8df0775b80aa
Author: Raja Grewal <rg_public@proton.me>
Date:   Thu Mar 30 19:17:43 2023 +1100

    Remove outdated comment about SACK, DSACK, and FACK

commit 7a4212dd76c866e1db4dd4875e51c0d49bb3574d
Author: Raja Grewal <rg_public@proton.me>
Date:   Thu Mar 30 17:08:47 2023 +1100

    Update copyright

commit 1137e6c9104565b8f7546a9a5450ec2c2330efb7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 30 05:58:47 2023 -0500

    bumped changelog version

commit 8c3204a5e42b0c4dc6ff9c66568ac78abc4dbd47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 25 15:20:30 2023 -0500

    comment

commit 65c29f493b56798bc67de7ea451f8f65d99d3093
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jan 25 15:13:19 2023 -0500

    move kexec disabling to dedicated file `/etc/sysctl.d/30_security-misc_kexec-disable.conf`
    
    so ram-wipe can `config-package-dev` `hide` this config file

commit 56c7c57b3a3929f57c9173f9156b2b9f7f7f854e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:09:40 2023 -0500

    bumped changelog version

commit b87d9eb86544a7f06772a0db803711b49ec3f554
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:08:13 2023 -0500

    lintian

commit a4820086508a64156aa222d61d5f0f88bf56fb3e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 07:05:53 2023 -0500

    bumped changelog version

commit 7bda2ad3e8f30668428e054f57613d7c2ed2a4d6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jan 24 06:34:17 2023 -0500

    move ram-wipe scripts to dedicated ram-wipe package

commit 11d0bb2c006eb7add5f9b0e70a199098972af25e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:05:18 2023 -0500

    bumped changelog version

commit c50665218776733919845044b39466c57117542d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:05:06 2023 -0500

    fix

commit b3d85f115cf486f4a2805d954ba6dd741817dd71
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 07:02:01 2023 -0500

    bumped changelog version

commit 6faa050dd8d26bd6436688b32bbc7a6515f9cb14
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:54:04 2023 -0500

    migrate ram-wipe to dedicated package

commit ad5d0d4b12e73b74166aafb5c34252f1e1af1854
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:37:45 2023 -0500

    disable kexec (revert enabling kexec)
    
    remove kexec-utils for ram-wipe since moved to its own package

commit 87c4e77c017aba7d57ae1fc7cf41a1f3143f1a04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 06:23:00 2023 -0500

    migrate to ram-wipe package

commit 3867acf723f26416a047260010518829adcefc03
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 05:34:48 2023 -0500

    bumped changelog version

commit d769099db1dbf90350838430cda2de7196076c5d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jan 9 05:34:07 2023 -0500

    use warn instead of info for now
    
    because dracut does not show info messages when kernel parameter quiet is set

commit 7fa6946694a997e04b17ecb3a167d767543093a2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:17:02 2023 -0500

    bumped changelog version

commit f3b84e15be40ef64969b70bc62ab4bf8d40352b6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:16:18 2023 -0500

    refactoring

commit 96d6ca7ae01d537ab972798417b9453d57c03cd7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:09:09 2023 -0500

    improve kernel and initrd file detection

commit 8367b27a0df2e6ea5bc2d57d1520cfdd2f4d35e2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:08:18 2023 -0500

    output

commit da0fc9f5bd5d1551f46fb5625010b317d30274b3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 07:07:43 2023 -0500

    improve kernel and initrd file detection

commit 5b11eecaecdec7487224b90708da82c10ccc4d63
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jan 8 06:45:10 2023 -0500

    refactoring

commit e81dd6cd25f58871c1f6b4a082f81eec34a518b5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:13:57 2023 -0500

    bumped changelog version

commit 938b87d26c195b6804796d4fa6050a453278700c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:06:10 2023 -0500

    comment

commit 0b1310a21944939d94de18d8ac6d494446d23d0c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:05:47 2023 -0500

    output

commit 2fd302f580509842d290b2b0a27079dca445d5cd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 18:02:21 2023 -0500

    output

commit 921bc3e867411e5a96ca3e4641a7501038cf5139
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:49:24 2023 -0500

    bumped changelog version

commit 080abe574ba10b8365587a1c89085efe88f210ee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:48:21 2023 -0500

    output

commit 5689c07f97d2775b9445f75a10554e70875a5636
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:37:46 2023 -0500

    comment

commit 8e2db269b01e5d3c28346dd7713074a346fa3e72
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:36:51 2023 -0500

    cleanup

commit a07af631559e9c9312c263826969b5b028509a2e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:35:56 2023 -0500

    output

commit 1d22ebde08984968deb143dab244a2b6e30d45e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:23:35 2023 -0500

    bumped changelog version

commit 539156c0dad74c584adb02beacdcf7a3a9b8b982
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:23:25 2023 -0500

    drop_caches

commit 02f44459ad194444122e98a9f743c2725edb4e43
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:22:45 2023 -0500

    DRACUT_QUIET=no

commit abbaea582de898e48a852a0a153fe336341afe17
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 17:16:23 2023 -0500

    bumped changelog version

commit ab89d0e06e68fa47fa4058416a6c8700551f1b9a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:59:00 2023 -0500

    cleanup

commit 2e833b40a1af1f194ec392ff0c05b0060bb27fe8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:43:09 2023 -0500

    prevent "wait: pid 55 is not a child of this shell"

commit 3777ecba8568cf5458b05b3eeedf98f0ba51cd69
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:34:19 2023 -0500

    comment

commit e0ded5e69d38a02f9896277a67c0d209e4ee4ad4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:34:04 2023 -0500

    comment

commit 996c6af2d84cf23f323ca80c04fab26beea2aa1b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:31:23 2023 -0500

    lower debugging

commit 4fca8f4225f134316e734d5f85d12b9e39b99b0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:28:11 2023 -0500

    comment

commit fa579cad8980c8d9231a9e2682267910544be175
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:20:48 2023 -0500

    bumped changelog version

commit c9107bb044e3038d837e371aa7467edcedbbdb16
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:11:48 2023 -0500

    debugging

commit b7bb24f984cb5669d9cc9b3522ee57a05070cef9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:09:11 2023 -0500

    description

commit 2bd9cc5bc1ac94d039a7e515d3a839af820fb4be
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:08:12 2023 -0500

    output

commit 2456fed3614268abfb238f3a0783719adb45b711
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 16:00:42 2023 -0500

    output

commit c0b5fea6806ea07b667a341b2400aacb7191b27f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:59:52 2023 -0500

    protect against wipe RAM reboot loop

commit c1b87d250c4e5decd726e7fd67b482ff1eaecbf1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:37:47 2023 -0500

    bumped changelog version

commit 91aedb234aa7c516dca8016f6b82536cfe25f410
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:36:36 2023 -0500

    output

commit 368ad8e636ae30eb60c8f2c6ce7117970a77c021
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:36:05 2023 -0500

    cleanup

commit d8bf40f7a28f53f2f51c41b77663e5a40a5d8fb4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:35:45 2023 -0500

    refactoring

commit 166a6863a1c249e68e3f38109b115503bc5663ec
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:35:15 2023 -0500

    output

commit 20596488be39f92f069523a3d86c0e6b6ec15399
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:34:20 2023 -0500

    long options

commit 1e19c2cbad8cdf97f6bb460c90cfa330492b8019
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:32:25 2023 -0500

    Depends: kexec-tools
    
    required for cold boot attack defense second RAM wipe after reboot

commit b0630f58c136d6c7a964447806ec8ee603a73aa8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:24:05 2023 -0500

    debugging

commit dde01f36634337a24d0cd37cfe5a456ff77e8b0e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:23:23 2023 -0500

    long options

commit 6e0926eece54a55502fa67c2abedf5b718e306e6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:22:58 2023 -0500

    long options

commit 51a5f68c7654774d37986916029607da588189ab
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:22:25 2023 -0500

    refactoring

commit 83800fcb4fd365aab58a5f70f78f39af7d9371dc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:18:58 2023 -0500

    --no-legend

commit 822cf646182f8ff649ea08da2fd4365022871a61
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:13:36 2023 -0500

    output

commit bb2f0a3c4421e3686477a6dff81bb87d5dcd836f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:12:15 2023 -0500

    minor

commit c3a822af0e9c8bb6c9b34b732ba48710e3ee1974
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:09:25 2023 -0500

    test if readable

commit 227871c12c57ecc5ff6d4075ea59a7dc9eca3dd3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:07:34 2023 -0500

    output

commit c09f4da1922f40f666dae0570295b5ab5c02e8a9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:06:56 2023 -0500

    code simplification

commit 01fee8a7b4a12c8c2be4173337decc37ec3e6019
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:06:31 2023 -0500

    refactoring

commit f675f8da0d33ab18efa782ee155a8632e9a3dc0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:05:58 2023 -0500

    quotes

commit d0daf75db3529e206565604a63e11ee1268ed39b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:05:24 2023 -0500

    quotes

commit 8bcf7e3c235c1193f3a6d43a7c8b23b50e972de7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:57 2023 -0500

    minor

commit 2cc3c6c59ca88cf44751bc2e9bb7055b46102284
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:42 2023 -0500

    lower debugging

commit 10932bb5d83c469f556b46f42ee517e882d87a4f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:23 2023 -0500

    minor

commit c88e95ce33f30f67726ac086c1b8d020b1024ebc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:04:07 2023 -0500

    output

commit 06034d2e4f97712fc84ad75e3fa8ba6bf4fccfee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 15:03:06 2023 -0500

    fix

commit 059ebb212d03f5d01d46362530702dbeaefdce5e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:35:30 2023 -0500

    comment

commit c0304ec029198665aaf63c843f5b7d5567f95208
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:35:09 2023 -0500

    minor

commit d5271d6250f0f6ea5adf7bc71fc48fddab1a9af4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:31:40 2023 -0500

    bumped changelog version

commit d31c17ea047fbbd698ad9f074a00d6fba2aaf283
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:31:14 2023 -0500

    fix

commit 41d116aa2f6d5ab33a1d5889f6ae251e5b8b5538
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:30:12 2023 -0500

    lintian

commit e83ba18553832134b2f6da6ce98b0ee0c852961e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:29:12 2023 -0500

    minor

commit 53ab93d8f6553eab1682290d42faf0d466f06219
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:27:42 2023 -0500

    bumped changelog version

commit bb121e52bbab151b2104f1a333cabc3889ef47b0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 14:27:22 2023 -0500

    chmod +x

commit 42ab341a58de4c54b20b8f6dc4e048ce61068cf4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:57:36 2023 -0500

    bumped changelog version

commit d37b19fb6bb3cadbb74d011be026fd8d2653ac17
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:55:05 2023 -0500

    comment

commit 0367250dc74f9e6ec38f9da5809ff661493134a8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:54:35 2023 -0500

    comment

commit c1df2fd601f3445a0a811a679efa7d2176026558
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:52:14 2023 -0500

    comment

commit c2b20603fdd62a3f82c842c7ebeaad0f70e005d0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:49:18 2023 -0500

    output

commit 999a82ed946c8fd57654a0a90e2a2e53ef98a788
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:46:21 2023 -0500

    output

commit 2860560edb7951a8ac9de1c23c9655c655b40f23
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:43:07 2023 -0500

    minor

commit 450ff378b067070618e4a972f8131acac5b292e0
Merge: 929f49f b8e82ff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jan 7 12:38:14 2023 -0500

    Merge remote-tracking branch 'friedy10/master'

commit b8e82fffca0138afaf20e1b2faf755ce1533af45
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Sat Jan 7 11:31:02 2023 -0500

    Get rid of /dev/kmsg

commit 78a4fad6674bb11fa682b908e0d3bc63705e7d20
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Sat Jan 7 11:14:31 2023 -0500

    Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec

commit 8da3b9c40c6ee073addcc06d5227b3043438b768
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 21:40:17 2023 -0500

    fix last line

commit 7cf51a1b433bfb2ccf4fa14b7807184e9e3681c5
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 21:32:57 2023 -0500

    Checking job queue instead of dbus

commit 4b7053a6353cf0e092a6ef712e955b4318671bfc
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:28 2023 -0500

    Update wipe-ram.sh

commit 779ad24b573b83c08e89569e5213e018377d1535
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:18 2023 -0500

    Update wipe-ram-needshutdown.sh

commit d45ba826bca6f5efef846de01a34a0a8c7936442
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:53:10 2023 -0500

    Update module-setup.sh

commit b3d4314a069a608380ca9dd01d76c653bdb87078
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:51 2023 -0500

    Update wipe-ram.sh

commit 33877250172349cccb2c776c1fa7aed2e8ad716f
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:42 2023 -0500

    Update wipe-ram-needshutdown.sh

commit ec68ee6ded7294c161b3d0793bf8874b12262190
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:32 2023 -0500

    Update module-setup.sh

commit 014d10b9778907a9282ec337023f8c2b01b0ca6b
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:52:09 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare.service

commit 62dcdcf7649175e0587a84708e8f0aa318a45d30
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:51:45 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit f4637509205c11eddaa13151b93c961e9d345be6
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:48:22 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare.service

commit 14abfbfccdd3403d90a16dd5b2a1057ccf4da3d5
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:48:03 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit 37a5264696797c0807570606361e04cb8dcb2395
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:34 2023 -0500

    Update wipe-ram.sh

commit 7ac45acd0f3e3e0a68e3fc4036787e8e7d4ebe9f
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:23 2023 -0500

    Update wipe-ram-needshutdown.sh

commit 114a37fcd39ff20ddd9e8cca829763a9b96a8115
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:14 2023 -0500

    Update module-setup.sh

commit 1eeb32b7b96ab1df63d808b6715fef7a6e1a9482
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:47:01 2023 -0500

    Update wipe-ram.sh

commit c5accc5ad191fe54a96e12cd1f1286508da8243c
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:46:51 2023 -0500

    Update wipe-ram-needshutdown.sh

commit f9ebc3cfa86674025ccd65c22cde2427ea2f4ae3
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 13:46:40 2023 -0500

    Update module-setup.sh

commit 28687092ef4f57afab5e8d32f68492799694a379
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:52:36 2023 -0500

    Update cold-boot-attack-defense-kexec-prepare

commit d67d3c1d7d788fff589806457ff140e8f82089a0
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:51:18 2023 -0500

    Update wipe-ram.sh

commit 7fa64d68423d24668e44eb0d7e19ccf4845ee711
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:50:58 2023 -0500

    Update wipe-ram-needshutdown.sh

commit 14c7239681300edc4f715bc96c5235cddf677c60
Author: Friedrich Doku <frd20@pitt.edu>
Date:   Fri Jan 6 12:50:42 2023 -0500

    Update module-setup.sh

commit 73913ea5afef8354f433f7cf87c7cd64c16be0a0
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 12:49:34 2023 -0500

    Added checks

commit a7015f4ddff892cab17f96713ddb0a720ebb7901
Author: Friedrich Doku <friedrichdoku@gmail.com>
Date:   Fri Jan 6 10:50:34 2023 -0500

    added files

commit 929f49f333fc88d91ed4cef849921b0b4a69bfea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 14:37:51 2022 -0500

    bumped changelog version

commit 75beb52bd5b7cee4a48eead53dbbe7fac9f6cc9e
Merge: 98f753d 58b622f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 06:24:41 2022 -0500

    Merge remote-tracking branch 'github-kicksecure/master'

commit 58b622f0fe373b6e2fb30b9564b22f1064f690b0
Merge: 98f753d f81714b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Dec 18 06:23:26 2022 -0500

    Merge pull request #114 from raja-grewal/framebuffer
    
    Add some framebuffer drivers into blacklist

commit f81714be506d1b15c0e79cbe8378bf8a18a2256f
Merge: d67845f 98f753d
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Dec 13 05:14:56 2022 +0000

    Merge branch 'Kicksecure:master' into framebuffer

commit d67845fea89f4a74ed4b0a6eefbf2bf228b13a1b
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Dec 13 16:11:24 2022 +1100

    Typo

commit 98f753d8ffcf6673a3130d45c23b84a4c35917b1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:21:58 2022 -0500

    bumped changelog version

commit 6d7a78262464c054c46df155605a480f1b32f22c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:21:46 2022 -0500

    fix

commit 421f03ae9e648d366146415532d4dd9dda106980
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:20:56 2022 -0500

    fix

commit ad1e722879ef049ef421f0062ee383770d66bfee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:00:33 2022 -0500

    bumped changelog version

commit a806c782d78d691617dd650808a0403ce72d4a1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 07:00:23 2022 -0500

    fix

commit 4601e106c4823f2cb0dc7a8ba601670395c96326
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:49:26 2022 -0500

    bumped changelog version

commit 39b35ef9ac7489685df5486334a0acf5936e9b47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:49:15 2022 -0500

    fix

commit 73963a9e6847fd8099093da1253267d79db7d261
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:31:37 2022 -0500

    bumped changelog version

commit d05c10172178d04781976026243297fa153125a0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:31:24 2022 -0500

    debugging

commit 36454c2dbf43de4805f2f156b05d263c37b9615a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:25:47 2022 -0500

    debugging

commit e06b173a1be8c0e3e47a9c4bab2d94fe88d422e0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:24:14 2022 -0500

    debugging

commit 97722d1926bc106a0645783fcb55b7d5691c873b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:14:15 2022 -0500

    bumped changelog version

commit 497b5b45442b1293b130fef63de1b84d091d27eb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 24 06:14:04 2022 -0500

    fix

commit 6f695902fb70cbbc95b71f827216ab84edcfeb83
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Nov 23 23:53:40 2022 +1100

    Add comment about legacy Apple fiesystems

commit d7222b5678aa182866c389d8a88f55b6488e74e0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 22 06:03:13 2022 -0500

    bumped changelog version

commit e5255a630ad3c9c99b6b7ffa4c7be43a44dffba9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 22 05:57:30 2022 -0500

    pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)

commit d419898ee494fb159ed6811a719dbb4a5ffb469a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Nov 17 10:15:36 2022 -0500

    bumped changelog version

commit 09e6af5c080f776d56d7e2390f88c4ae7e01bdb7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 02:01:23 2022 -0500

    pam-info refactoring

commit caf0099064747a2048363e3600a53af51df549ad
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 02:00:32 2022 -0500

    pam-info refactoring

commit 487f63bb01c6dfc71d0e4efef2c70dae94093dce
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:56:01 2022 -0500

    comment

commit f59f959a8d43ebd80a4037e65ec26df7143bcaf5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:55:14 2022 -0500

    pam-info fix

commit ae113442a162969561a24fcf17718ceb6a11d928
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:49:45 2022 -0500

    pam-info refactoring

commit bb6b509d06a1ae34ee407cb309c530e5dddfedfd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Nov 16 01:44:21 2022 -0500

    pam-info refactoring

commit e5d7ab7082908e64596ccd1da835a781cae22456
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:44:12 2022 -0500

    comment

commit 23b936b573c8989222a50d1ef8c35dc95589bb0e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:31:14 2022 -0500

    also support /usr/local/etc/pam-info-debug

commit 95487346dbb18c4ac9133fc21b4abed12dc346b3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:29:41 2022 -0500

    pam-info: create debug log file ~/pam-info-debug.txt
    
    when file /etc/pam-info-debug exists

commit 2872c2ab52ae9a1eaa25ea8b9852401e82d5616a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 12:00:59 2022 -0500

    comments

commit 6033de78152cb5d7a9659f58aa8035ae2a7d6532
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 15 11:58:50 2022 -0500

    debugging

commit daa30d4e7830ba38ed52f83e6ac93c3a4e03ee33
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Nov 9 20:43:59 2022 +1100

    Include several framebuffer drivers into blacklist
    
    These were previously commented out to test for compatibility issues.

commit 2319458e9f1a0ae2b60cf5786122c19459bbaea1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Aug 24 18:28:39 2022 -0400

    bumped changelog version

commit cdfc175953a8ab358bb8e6db2610df11733ba258
Merge: ff84514 ae4d498
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Aug 22 06:09:30 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit ae4d4989b0e8ea79b5661f098e9814379ff9401e
Merge: ff84514 d500205
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Aug 22 06:09:40 2022 -0400

    Merge pull request #113 from raja-grewal/master
    
    Comment out machine check exception

commit d500205f556ba896417eb0bae1df0144b00ef7b9
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Aug 21 23:03:13 2022 +1000

    Update README.md

commit 92669dba186c6ac40ff601fd39639945cd7633c6
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Aug 21 23:02:44 2022 +1000

    Comment out machine check exception

commit ff8451469ad3b9cbd101ca4b93d72a2ac6cebe37
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Aug 13 11:40:04 2022 -0400

    bumped changelog version

commit 272a33fe2c3c7666de96f9037094db8e9ab8e09e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Aug 13 11:35:25 2022 -0400

    addgroup -> adduser fix

commit 7d5246693c5c07f76e3f2e29c3ed39d4910673ff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Aug 12 07:52:26 2022 -0400

    bumped changelog version

commit 82da4ed18f5682c0cc76cd435b6de2459c7b5f83
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 28 09:56:24 2022 -0400

    comments

commit a6bee1493d4113ab63f8d0671f97989b00d23544
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 28 09:55:12 2022 -0400

    cold-boot-attack-defense wait longer to make messages readable by user

commit 109594952335f94c2a21f22d6a517ecc8b864d81
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 26 10:00:53 2022 -0400

    bumped changelog version

commit 053142cdb57f23172fd0155dde4ff4c0183c4f65
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 26 10:00:21 2022 -0400

    fix

commit 73f6523e09f12fc56da0ed3555d050686ff441f3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 08:07:37 2022 -0400

    bumped changelog version

commit 0c5b1e9f577d52e2c056e786e32c14ff37db344b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:49:56 2022 -0400

    undo `"force kernel to panic on "oopses"`
    
    because implemented differently already
    
    https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713

commit c1c04b4619eea4c79a0dbb5cced3ebb77482877c
Merge: 465775c bfe6b88
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:43:19 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit bfe6b888395abf554623a9e530fe7e6605047e12
Merge: 465775c ca764d8
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 23 07:27:24 2022 -0400

    Merge pull request #111 from raja-grewal/harden
    
    Increased kernel hardening at boot

commit ca764d8de0f17bb7e6d44e3d79ea1805276fc521
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 20 04:06:35 2022 +1000

    force kernel to panic on "oopses"

commit 1660aaa6dd1013ede105baebbb8ff3e1afc7b268
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 03:38:41 2022 +1000

    update details around disabling SMT

commit bfd78a2c06153ebadfee39190055edf0a13958f4
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 03:16:08 2022 +1000

    update SRBDS mitigation

commit c3ebb9160ffbbd2972cc898e3c1c0055d89beb5c
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:33:16 2022 +1000

    CPU mitigation - MMIO Stale Data

commit 59e90ff1226bd6330d85244cf7c73ecf7fd5fdf1
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:32:41 2022 +1000

    CPU mitigation - L1D FLushing

commit 8531fbf99dea1b4cd806babd6072a8a1f0506eb3
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:30:49 2022 +1000

    CPU mitigation - SRBDS

commit 73f1e233327cc0edec83eac322b7f03bcb7fba22
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 02:29:46 2022 +1000

    shuffle and rewording

commit 39314b291263a93fcb11756ce12bd8691a1fa0f6
Merge: bb831d5 c4a1094
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:49:08 2022 +1000

    Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden

commit bb831d57bcdcc8195a4b8169a4ddc25fb0c61173
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:38:32 2022 +1000

    delete repeated commands

commit c77a2a78bc48df2af7653a306bd1b046a8f99a6b
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 19 00:37:31 2022 +1000

    enforce default net.ipv6.icmp_ignore_bogus_error_responses

commit c4a10947608b0d5508ef5b18e0ab34a2ee4f35de
Merge: 2b23703 465775c
Author: Raja Grewal <rg_public@proton.me>
Date:   Mon Jul 18 13:36:23 2022 +0000

    Merge branch 'Kicksecure:master' into harden

commit 465775c9dc1b97c98a5470acaffabb103ea7239f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 16 08:00:16 2022 -0400

    bumped changelog version

commit 1fafb5f53bbec57812f535e79bfb475628cc58e3
Merge: 24d6a93 27aa523
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jul 15 08:09:16 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 27aa5231e2d1dafd89ba19c8d6becf461e781605
Merge: 24d6a93 a72bbb1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri Jul 15 08:06:08 2022 -0400

    Merge pull request #112 from raja-grewal/blacklist
    
    Corrected kernel module disabling

commit a72bbb1883613ee56be29949c153e0edb2d72a29
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 23:42:13 2022 +1000

    Corrected kerenl module disabling

commit 24d6a93eacf5b41cfb9133471049776a16a07b03
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 08:28:34 2022 -0400

    bumped changelog version

commit 2b237039cf1db66100f7f0bb4880981ee0489abf
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 22:25:53 2022 +1000

    Update README.md

commit 8f31e5d1d172eb117bde63702f63081da182d5c5
Merge: 6aa9a94 c410890
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 07:26:58 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit c410890a8ade6d4be13dc99a7003f03ebded8153
Merge: 6aa9a94 fe0cc10
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jul 13 07:24:12 2022 -0400

    Merge pull request #110 from raja-grewal/master
    
    Incorporated Ubuntu’s kernel module blacklists and more verbose errors

commit 4e93b4d37e4c6d23a0ac76ddb2144c6504a66ad1
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 21:10:39 2022 +1000

    Revert "enforce defualt net.ipv4.ip_forward"
    
    This reverts commit 57b5b2145c4e6779f0b879ee4199d46938f20965.

commit a47922ad28fc9ebba93615a6ffdaaeb4887cc140
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:47:07 2022 +1000

    enforce of IOMMU TLB invalidation

commit 33df16af805597057c7aad0d5a4fb135ed9e286b
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:37:03 2022 +1000

    disables random.trust_bootloader

commit d0779a96fc054df925523a76510c1aae5d672f96
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:36:34 2022 +1000

    add reference

commit 74858d257b8de40f082ce21241e680a5eeaf4053
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:34:35 2022 +1000

    enable randomize_kstack_offset

commit f572332108c06eb77d24e776910463e69d49acd3
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:32:03 2022 +1000

    disable slub_debug

commit 57b5b2145c4e6779f0b879ee4199d46938f20965
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:30:43 2022 +1000

    enforce defualt net.ipv4.ip_forward

commit 79156262c9e3fe92344847b627afc64b2c7f7717
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:29:42 2022 +1000

    enforce default net.ipv4.icmp_ignore_bogus_error_responses

commit dabcaf22e1006cc60297c55e3e254f080562d552
Author: Raja Grewal <rg_public@proton.me>
Date:   Wed Jul 13 04:28:03 2022 +1000

    enforce default kernel.randomize_va_space

commit fe0cc1089086273794bd6b54df3528ff78c10f6a
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 17:18:47 2022 +1000

    Updated README.md

commit 48089e5ba43b0b72449f888b98b63119ed57e2fd
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 17:02:12 2022 +1000

    More verbose kernel module blocking error logs

commit 40ec791774f2a6ae7d42ccf2bfbe4a98a9963f08
Author: Raja Grewal <rg_public@proton.me>
Date:   Tue Jul 12 16:58:16 2022 +1000

    Updated comments

commit ef1ef9917d896f1cd837f399def6a75704e9bfd2
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Jul 10 04:53:25 2022 +1000

    Blacklist automatic loading of CD-ROM modules

commit 61ef9bd59f9ff39c140f782ff5b41d0a3c6d97bc
Author: Raja Grewal <rg_public@proton.me>
Date:   Sun Jul 10 04:52:00 2022 +1000

    Incorporated Ubuntu’s kernel module blacklists

commit 6aa9a9472f10d4d6270dd59fbcd94d9001aca9e6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:42:24 2022 -0400

    bumped changelog version

commit 3b844eaab25fecf90292c88291be77abf0be694c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:42:11 2022 -0400

    output

commit 73d2c9d921c5c75ef3cca5461acc350c648f26d2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:40:15 2022 -0400

    output

commit adfdac6dea0e8f971c59557b383d116cd51619fd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:40:01 2022 -0400

    output

commit 1df2cfd1add8b2277cb37499ced4fbb713c17668
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:38:37 2022 -0400

    comment

commit fede41e6e03c33f2f6569f03593f76edb9969e6a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:38:04 2022 -0400

    fix

commit 52c46e4706d5799d452f260616a3909c9a3bc78f
Merge: 1b8500c dc41a58
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:37:41 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit dc41a58102a114e21209aabeef9ad6b851365898
Merge: 1b8500c e5f8004
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 9 11:37:57 2022 -0400

    Merge pull request #108 from Krish-sysadmin/master
    
    Continue for loop if unable to change one directory's permission

commit 1b8500cc22fdd6a51ec66ae1b04abccb9a529150
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 17:41:13 2022 -0400

    bumped changelog version

commit 277749f27b2da8d33b70fb6f88c6757fab77e636
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:49:08 2022 -0400

    genmkfile debinstfile

commit eb8535fe870e79a5c818a38c414147819d32346d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:48:39 2022 -0400

    renamed:    usr/bin/disabled-by-security-misc -> bin/disabled-by-security-misc

commit 26b2c9727f5ba6f78f5cd10c28c3561a97c81be9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:39:40 2022 -0400

    not blacklist CD-ROM / DVD yet
    
    https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31

commit d5c16503411bee4199c35a51226fc59924d6e142
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:28:09 2022 -0400

    shuffle

commit ca19d78d48ca88f5b00dcceb18ac4803c7893ca4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:27:15 2022 -0400

    shuffle

commit d018bdaf73e109a61c0687a171af843c890729e0
Merge: 1b287a6 780dc8e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jul 7 15:26:08 2022 -0400

    Merge remote-tracking branch 'raja-gerwal/master'

commit 780dc8eec99915a7466249e219ad59c5db5f0364
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 04:11:25 2022 +1000

    replace /bin/false -> /bin/disabled-by-security-misc

commit fa2e30f5125e438250acfdc52107a936ecb7b1b4
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 03:04:37 2022 +1000

    Updated descriptions of disabled modules

commit da389d6682f6eb1d0c0172c50a4b529152384415
Author: Raja Grewal <rg_public@proton.me>
Date:   Fri Jul 8 02:12:04 2022 +1000

    Revert "replace /bin/false ->  /bin/true"
    
    This reverts commit f0511635a9725f79863c41a7b8d9f8a077ba8788.

commit 28381e81d4a57c59929a37745fa8ba5f3e0b25cb
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:28:30 2022 +0000

    Update README.md

commit f0511635a9725f79863c41a7b8d9f8a077ba8788
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:27:53 2022 +0000

    replace /bin/false ->  /bin/true

commit 18d67dbc5309a2403bece92881e671f46dc27f86
Author: raja-grewal <rg_public@proton.me>
Date:   Thu Jul 7 09:26:55 2022 +0000

    Blacklist more modules

commit 1b287a6430527c762f9bf909bcda58ab52041668
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 11:16:33 2022 -0400

    bumped changelog version

commit 92ff868ecefed4377c5f1e99eb5e5eecbb021564
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 11:05:36 2022 -0400

    readme

commit b8ba6085357631fb1f346a613d7e354aaf780560
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:57:28 2022 -0400

    readme

commit 949edf3e1753fcd403015c2d0dc8f3503a7f62d2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:48:58 2022 -0400

    readme

commit 1c0e0719483c68ce04b5c14159ad09a87c386deb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:45:55 2022 -0400

    comments

commit 5d47f5f74cc9f5e186de8db5305a44029ebbb362
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:45:09 2022 -0400

    comments

commit 435c689cf9ee9e94dec42ab3c45bc02beb8f9c40
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:44:28 2022 -0400

    comments

commit c20d588d7871bce1b8a02d46e6f658844a014572
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:42:37 2022 -0400

    comments

commit 8f03ce049a1f48bb088cf92f4f39cceb2e3a5ae6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:41:55 2022 -0400

    readme

commit b342ce930ea14a365ba23f37642cc9c098470362
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jul 5 10:28:22 2022 -0400

    add `/etc/default/grub.d/40_cold_boot_attack_defense.cfg`

commit e5f8004a9401727f1be2db492ea756bc19090866
Author: Krish-sysadmin <kjain@fedoraproject.org>
Date:   Tue Jul 5 03:37:40 2022 +0200

    Update hide-hardware-info

commit 69af8be7b80dcc30e3a5d1b0a1d1aa198528b876
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 19:10:55 2022 -0400

    drop_caches before and after sdmem

commit 67bdd58bf2a8090a29e35b85fb4a25d42a8f8a1a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 19:07:06 2022 -0400

    sync

commit 01b82bf0f0b96b3e08e272b8b2e69c1b3f0dcc16
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 18:30:06 2022 -0400

    bumped changelog version

commit 973f117aa6a7418ea29125753f6c6b6f7e7986a4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 18:12:36 2022 -0400

    wipe RAM at shutdown: Ensure any remaining disk cache is erased by Linux' memory poisoning
    
    by running:
    `echo 3 > /proc/sys/vm/drop_caches`
    
    Inspired by Tails:
    https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/lib/initramfs-pre-shutdown-hook

commit e783ddc71e5e528051e1bd0fda3f60decc0af9bf
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 17:37:16 2022 -0400

    bumped changelog version

commit 95187bd357e6f2f855afbf546da42c6229a8394e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 17:21:33 2022 -0400

    fix

commit 3bd87d019fb08644578d2ee73d2ac7185687f115
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:03:52 2022 -0400

    bumped changelog version

commit 148a050468658c254b67de2de61cad3e147e2178
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:03:45 2022 -0400

    fix

commit 82e7863d5b1efff2c558204bfdf04812af10660b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 16:02:28 2022 -0400

    improvement

commit aebca1b3dce026bbccefa38381e62f30904e5a6d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:52:08 2022 -0400

    bumped changelog version

commit 1144b39e5efcb318ad92413f623b6f039fd7a5fa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:50:59 2022 -0400

    debugging

commit c29b21c08a839d8dafe2c9654a58f2b178055935
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:45:19 2022 -0400

    output

commit ed8ce9a7d0869d62eecea7ffc59c176bec061d08
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:32:51 2022 -0400

    bumped changelog version

commit d34fe21963442c6025b56209d0ba10479cde09a6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 15:32:42 2022 -0400

    fix

commit 7a448e01a1f2be432c763678742301b64739b920
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 2 14:27:04 2022 -0400

    bumped changelog version

commit 32fdcf522be994e693f39c347ab1063ccd94255b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 14:47:45 2022 -0400

    - introduce `wiperam=skip` kernel parameter to skip wipe ram
    - introduce `wiperam=force` kernel parameter to force wipe ram inside VMs

commit 036f518ddc067461979f5b61a576b7f74b7c6e65
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 13:56:29 2022 -0400

    improvement

commit 0e2fae2b693d6c45344cfdf592bac0adf3338d58
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Jun 30 13:50:18 2022 -0400

    skip ram wipe inside VMs
    
    https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596/40

commit e06405c7be683450e6c6f737171b4f10513254e7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:56:16 2022 -0400

    undo

commit 1b97d9cb766b00914769e5add699a8bdbcf1e7aa
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:30:31 2022 -0400

    fix

commit 26be74bfe5c51a8ae41bb736847d3e93e7ae27d7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:25:07 2022 -0400

    bumped changelog version

commit 92c543e71ff5386f4458102e1795132399292328
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:24:52 2022 -0400

    output

commit d4161b2748665ca3b67e5ced5ae576acb93cda46
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:23:42 2022 -0400

    output

commit 1ce7b27297bce446fb5726eba1cbb0cd3746fa85
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:23:12 2022 -0400

    improvement

commit aae4fdcffd0e3ed168975bc84db149843ffdfe47
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:06:33 2022 -0400

    bumped changelog version

commit 8b584c570af5d9ada8083af9bd80f3f992e3dceb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:06:22 2022 -0400

    lintian

commit a1f752ad00563b61a62a2dd33058365f1b6027de
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:03:58 2022 -0400

    bumped changelog version

commit f5e0c1742abc009b1af95f0d106a5e1cd90d1ef4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 16:02:05 2022 -0400

    credits

commit 42e24f3c241471d91af6f16b74b5bf85dfad85d7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:54:49 2022 -0400

    update file names

commit 52aaac9b6d3a9611317e919d78840554bfce9778
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:53:52 2022 -0400

    rename

commit 619bb3cf4d347c1575c58c74adbbede94d60f79b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:53:24 2022 -0400

    rename

commit 2a8504cf1bd2a4d7e373bde3f34f6f22e3d5ebc4
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:51:14 2022 -0400

    move

commit af8b211c238f6fe83db5990dc0984d1c532456ae
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:50:20 2022 -0400

    improvements

commit 0b0cda8f8f2ff1da256473115df37456273cdcdd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:24:40 2022 -0400

    bumped changelog version

commit e9cd5d934b04f7d06a14616ef52a914198f03b97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:24:27 2022 -0400

    copyright

commit 1c51d156494e743c7ad89f76510209a97eef5e45
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:23:53 2022 -0400

    lintian

commit 4b0cd53fee691f68dd6292869b6f6870bc0b6cbe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:22:41 2022 -0400

    bumped changelog version

commit 9ab81d45810b71374520603c32812e22685f59cb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:22:00 2022 -0400

    do not power off too fast so wipe ram messages can be read

commit 19439033de840ed39039f04db7b13f6e168a627e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:19:56 2022 -0400

    copyright

commit fc202ede16ee41aceeec356ba35ba71cc7fc821d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:18:28 2022 -0400

    delete no longer required `usr/lib/dracut/modules.d/40sdmem-security-misc/README.md`

commit 6d3a08a9365207923edd2f0b6f8aebdc635d3b33
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 15:17:40 2022 -0400

    improvements

commit 87e5f49f8dc72f14e96cc06b924566668991037f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:18:02 2022 -0400

    bumped changelog version

commit 6eba53767f3af2436fd00b807e71a94dff813dfc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:17:52 2022 -0400

    lintian

commit 81c15e88afd11d3359ae748d5c43e7bcc8b9a855
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:15:48 2022 -0400

    bumped changelog version

commit 8a072437cc6478757a8f21f3a6a0ea51a97b978b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 14:13:30 2022 -0400

    ram wipe on shutdown: fix, added `need_shutdown` hook
    
    Otherwise dracut does not run on shutdown.
    
    Without `need_shutdown` file `/run/initramfs/.need_shutdown` does not get created.
    And without that file `/usr/lib/dracut/dracut-initramfs-restore`,
    which itself is started by `/lib/systemd/system/dracut-shutdown.service` does nothing.

commit 4d937f551f6cccf40f933576a7fa210066f1fc8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:03:35 2022 -0400

    bumped changelog version

commit 924077e04cd0d5b06a410b2a9289047286500e8a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:53 2022 -0400

    verbose

commit db301dfd7feb07799a00871f0e1f8fdccef0b777
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:39 2022 -0400

    comment

commit 73d2ada0deb98064979ea1feedb01c6312c4b4d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 13:02:01 2022 -0400

    comment

commit 67eaf8c9167da545189390b6f0f58b0b5b20976c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:40:38 2022 -0400

    comments

commit 72908d6b0dd65d6c9691977047b2bfdaa16ba147
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:34:55 2022 -0400

    comments

commit 43ea4dbb8363c511270fd704b138633da9ad088a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:18:59 2022 -0400

    bumped changelog version

commit 295811a88f9505687447ebf605fa108bc795da46
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 11:14:52 2022 -0400

    improvements

commit e5d85d69efefdfcee63c8c7d4ced1ed1bf1aeee7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 10:02:18 2022 -0400

    bumped changelog version

commit af8ff65f8404ac1d423ad3c28342d8fe7bc3a018
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 10:01:51 2022 -0400

    comment

commit cfae7de6a842b77e50f9e6f5cb1eed0eac63ff2f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:58:37 2022 -0400

    lintian

commit 83519a58c7c1eccee7544fbc3ec0cf67bda976a7
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:54:27 2022 -0400

    bumped changelog version

commit 024d52a67ebb6028d5df890e469fec5dc42be00a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:52:53 2022 -0400

    improve usr/lib/dracut/modules.d/40sdmem-security-misc/module-setup.sh

commit 29253004b6be7c7d2b3fce6cceff2df3e845f15a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:38:18 2022 -0400

    minor

commit 6f19af1542d3b6d2d6af89136ce909f7f7335ff1
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:35:08 2022 -0400

    add shebang /bin/sh
    
    to fix lintian warning
    security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh

commit 38cdf2722bc0aa224e1ec253e77728d4e00b9be0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 29 09:32:55 2022 -0400

    - Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
    - Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
    
    Thanks to @friedy10!
    
    https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
    
    https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596

commit adca1ebdf6c83c5c1c846cdb29f3e16ea9cdf32f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 11:05:07 2022 -0400

    bumped changelog version

commit d7dd188651a5227be6b1d95e7ae9a97e0cbb34f0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 09:27:02 2022 -0400

    remove unicode

commit 55d16e1602c0221dbe00996a206d0691ef93ae71
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 09:04:03 2022 -0400

    remove unicode

commit fcaec49675ce7e240bdd049aab184fbee0945c7d
Merge: 5c43197 995e4ba
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:20:24 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 995e4ba7fafc1bf4f691b83dde415c57cebed63d
Merge: 616fe85 6e8f584
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:19:03 2022 -0400

    Merge pull request #104 from ntninja/patch-1
    
    Fix issues found with permission-hardening on my system

commit 5c43197f10df3a49704a66ef3e3d56f122be4775
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 8 08:11:28 2022 -0400

    minor

commit 6e8f584d88333d3a6fec1318ba92f76e328bf7ce
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Wed Jun 8 05:29:42 2022 +0000

    permission-hardening: Keep `pam_unix.so` password checking helper SetGID shadow

commit 2bdda9d0a0a289dafb260c926d29df274c9a67da
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:18:05 2022 +0000

    permssion-hardening: Do not skip config file lines without trailing newline (ancient bash bug)

commit 3910e4ee159d8b5f80c5086915583e4e20ecd6fe
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:11:51 2022 +0000

    permission-hardening: Keep `passwd` executable but non-SetUID

commit 9fd8e1c9b0250c9e00b555838bd381f162dfd8c4
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
Date:   Tue Jun 7 08:03:56 2022 +0000

    permission-hardening: Fix issue with pipelining failures causing incorrect user/group lookup results

commit 616fe857f7a5cde1f4ad0d31e03876dcd2ab7f0f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed May 25 06:07:17 2022 -0400

    bumped changelog version

commit 7e2efe0155b97955428e64181c9a6b32402ee9db
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 20 15:27:10 2022 -0400

    readme

commit 2d37e3a1af3739eedd9191a0f0c78a2762c5fa38
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Fri May 20 14:46:38 2022 -0400

    copyright

commit 78a9956b73498bad471ee1cb0fa0993f2e5ce3c0
Merge: 4a3ed17 7651308
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 19:41:33 2022 -0400

    Merge remote-tracking branch 'github-kicksecure/master'

commit 76513087872943442df32451de5af158c2bbe944
Merge: 4a3ed17 93efa50
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 19:39:42 2022 -0400

    Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions
    
    hide-hardware-info: re-enable restrictions on sysfs when using SELinux

commit 4a3ed17160c14ba7122d770665b53bde96038307
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu May 19 17:25:58 2022 -0400

    readme

commit bb0307290b59d0273f9ad585e881c91071e3edea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Apr 16 14:18:35 2022 -0400

    update link

commit 2677db34baeb120a402b684d4a62ccf616b5528c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Apr 10 12:40:16 2022 -0400

    readme

commit 93efa506dac6135f1a5c260ec95d985e7fedc53d
Author: 0xC0ncord <me@concord.sh>
Date:   Thu Mar 17 11:41:57 2022 -0400

    hide-hardware-info: disable selinux whitelist by default

commit 0051a6935acd2f452a9189d1581ccac7377dd23d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 14:06:54 2022 -0500

    bumped changelog version

commit b0a0004a85387a4f7520a688f6d2a9826d8e68fb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 13:47:10 2022 -0500

    output

commit 4f6f588fb53d2756d867ac7e29fb42f4f8fdb335
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Feb 10 13:44:55 2022 -0500

    fix, skip deletion of system.map files on read-only filesystems
    
    This is required for Qubes /lib/modules read-only implementation at time of writing.
    
    Thanks to @marmarek for the bug report!
    
    https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324

commit 356232677a036cd1a673d805caa4d74a327ea096
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Nov 9 14:32:33 2021 -0500

    readme

commit 4172232eb75aaca301e51529e49df76ca86b93b3
Author: 0xC0ncord <me@concord.sh>
Date:   Fri Oct 8 22:17:12 2021 -0400

    hide-hardware-info: make indentation consistent

commit 060d7d890a0292addaa1e85bb1b2ff7eece23378
Author: 0xC0ncord <me@concord.sh>
Date:   Fri Oct 8 22:11:58 2021 -0400

    hide-hardware-info: re-enable restrictions on sysfs when using SELinux
    
    When using SELinux, restrict the parts of sysfs explicitly to ensure
    restrictions are working as expected.

commit 96026a5e90a56cade2dff5f3dfc3687687e92c56
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Sep 14 14:18:52 2021 -0400

    bumped changelog version

commit c72567dbd215fcd60c4719fe1ebc9a0f350a2b97
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Sep 14 14:18:44 2021 -0400

    fix

commit 03276fbec502df9e9fc228a0c05f3c85fd1483af
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 12 11:57:20 2021 -0400

    bumped changelog version

commit d62bbaab82a33a485a82d42d8db5674d200a1c3d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 12 11:40:58 2021 -0400

    fix, unduplicate kernel command line

commit fb0540650c26689165b2fd0558b87ef7c3154a6e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 11 16:33:14 2021 -0400

    readme

commit 64e9f0016aa5804740a099890a5ef648dde07883
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 9 12:35:37 2021 -0400

    bumped changelog version

commit bd31b4085c853d8b182e3a13534827a695f5493a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 9 12:16:18 2021 -0400

    remove Debian buster support in /etc/default/grub.d

commit d16d9a545502af1ec25a165a27bdbc1033b97d59
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 09:46:20 2021 -0400

    bumped changelog version

commit ac0c492663b9d90f99e5969193b35b53d4175d1d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 08:22:55 2021 -0400

    do not set kernel parameter `quiet loglevel=0` for recovery boot option
    
    for easier debugging

commit 49902b8c56512c3ee8b3d16b0ca513e44349c66d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 08:19:41 2021 -0400

    move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg

commit bb3a3178f17d1b882f38ba18db7835833f758805
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 04:55:23 2021 -0400

    bumped changelog version

commit f5b0e4b5b856ba6fa0dea7fa18c38221d972e8a3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Sep 6 04:55:16 2021 -0400

    debugging

commit a67d1754d459a221930cb92754b51bec348f8035
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 5 16:04:28 2021 -0400

    bumped changelog version

commit 6257bfa926f960b3b772dd528fe6004f81d990ea
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Sep 5 15:54:20 2021 -0400

    debugging

commit 1b09d5671829c51bd17f44410d4122b6de7aa6e9
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 18:29:00 2021 -0400

    bumped changelog version

commit a4e18a2ae8c19a664bb1be5bc4ec43f10a876969
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 18:28:37 2021 -0400

    `dracut` `reproducible=yes`

commit 1a10293b0408a4197620ce78cffb62cb8c00908c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 12:00:55 2021 -0400

    bumped changelog version

commit e2810f348b413bb307449a911c12a46924686a9f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Sep 4 11:50:31 2021 -0400

    Depends: libpam-modules-bin

commit 3c64ec8f917ed1237454d1526647a84bf00c9e83
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Sep 2 14:36:53 2021 -0400

    bumped changelog version

commit be8c10496f26d33378deb2427e56892771456ee5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Sep 1 15:55:53 2021 -0400

    fix faillock implementation
    
    dovecot / ssh are exempted

commit 8b104f544a9e4e8da1691659fefa4999a4f6f085
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Sep 1 15:45:36 2021 -0400

    fix, add sshd to pam_service_exclusion_list
    
    to avoid faillock

commit 224ae730c13f4add672fffaf58206eeb7ae24090
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 22 05:32:18 2021 -0400

    bumped changelog version

commit db43cedcfdf918556ae3989209a4d984527a6416
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 22 05:23:24 2021 -0400

    LANG=C str_replace

commit ef2b067c0385dbae7b16bc79a10582995d8ba5fe
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:24:12 2021 -0400

    bumped changelog version

commit 08adf4a07d97940ef924f53863ec4aa62f88fb04
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:23:49 2021 -0400

    readme

commit 7d73b3ffa0bf13ba78debfb7f099758b0d0fbef3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 17 15:21:26 2021 -0400

    add hardened malloc compatibility for haveged workaround
    
    `/lib/systemd/system/haveged.service.d/30_security-misc.conf`
    
    `SystemCallFilter=getrandom`
    
    Otherwise haveged will exit with a core dump.

commit 8676beef90040bdf0782e0a9c683c6463ddb48b5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 18:26:32 2021 -0400

    bumped changelog version

commit 582492d6d8c5f756be4d809898707cb196c5c765
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 17:13:00 2021 -0400

    port from pam_tally2 to pam_faillock
    
    since pam_tally2 was deprecated upstream

commit 2bf0e7471cbd3b813ce385d994e43e48636f7a0b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 15:11:01 2021 -0400

    port from pam_tally2 to pam_faillock
    
    since pam_tally2 was deprecated upstream

commit 2aea74bd715d865f44f91aaab6ca1bf0a00a2b0b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 10 15:06:04 2021 -0400

    renamed:    usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info
    renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
    renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc

commit 6376bbff801f79dbb154611c3ad330b4cd863f69
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Aug 5 17:03:43 2021 -0400

    bumped changelog version

commit 3756016f42d97c6bf32c9bf5fed02904a63f4a5c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 13:04:34 2021 -0400

    `lintian --suppress-tags obsolete-command-in-modprobe.d-file`
    
    https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24

commit 50bdd097df4c87cd4507311df9c0b14d237c534b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:56:31 2021 -0400

    move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS

commit 4fadaad8c0a79df5996372c05db635d500e41fee
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:52:10 2021 -0400

    lintian FHS

commit 6607c1e4bd085ee952952e6db17714326df4b7f6
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:48:57 2021 -0400

    move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS

commit 0492f28aa10dc93063ff3b46107fa705c5ee0d7e
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:37:39 2021 -0400

    enable "`apt-get --error-on=any`" by default
    
    makes apt exit non-zero for transient failures
    
    `/etc/apt/apt.conf.d/40error-on-any`
    
    https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068

commit 240ec7672a4d513e7e6cca280aca3d67c265d1cc
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 12:19:26 2021 -0400

    replace no longer required `/usr/lib/security-misc/apt-get-wrapper` with `apt-get --error-on=any`

commit 8eae6356684052415f8bc494db077e033653d971
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 11:51:31 2021 -0400

    update lintian tag name

commit 5e3338f8d3ff799a2da4257e24b57bd55541187f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 05:48:25 2021 -0400

    bullseye

commit bb3e65f7a80770238bda3733bed89c15a9c76852
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Aug 3 03:25:35 2021 -0400

    bullseye

commit c94281121e20289b718f24c13e399e5e8cac0ebd
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 16:37:02 2021 -0400

    comment

commit 3599e8e2dabf13ad76901a9c282469f23d4d1308
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 16:24:41 2021 -0400

    readme

commit 82f3961a7165cc1e778be785950f1a255af43b4f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 13:12:08 2021 -0400

    bumped changelog version

commit 5a65c35479f267b026c03e195658ef9d98ee519c
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Aug 1 13:11:18 2021 -0400

    port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger

commit f03c7978c7c12eb0efed1d9298f52149a8149cb3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:31:45 2021 -0400

    bumped changelog version

commit b3e34f7f43346c123d20e9a1606b1023b535f669
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:27:07 2021 -0400

    comment

commit 7e128636b3a4ea7fe5dfa12018685ab7b5dda706
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jul 25 11:26:20 2021 -0400

    improve LKRG VirtualBox host configuration
    
    as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999

commit 3ebe9e7c530b39f1b0429a97eab2627f2bbd1635
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 24 18:10:06 2021 -0400

    bumped changelog version

commit 257cef24baa038b21ef511e9d95c4229a5e16f68
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jul 24 18:03:40 2021 -0400

    add LKRG compatibility settings automation for VirtualBox hosts
    
    https://github.com/openwall/lkrg/issues/82

commit 0f86ffef04e533be1c88584b6419c276d176fc05
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Jun 23 11:20:39 2021 -0400

    bumped changelog version

commit 74e39cbf690dae2bf72bd9f152ea91c364f5feff
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 11:18:56 2021 -0400

    pam-abort-on-locked-password: more descriptive error handling
    
    https://forums.whonix.org/t/restrict-root-access/7658/1

commit 0f3dbfc4a1fb08b5542e265dfbeab4e7f401549d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 10:16:57 2021 -0400

    bumped changelog version

commit eff5af03184f52181894884b90a8d867a1f10956
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sun Jun 20 10:16:33 2021 -0400

    https://forums.whonix.org/t/restrict-root-access/7658/116

commit 419f1d89c25ca833ac63f2e174beeb9afb0cce00
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 7 12:13:37 2021 -0400

    bumped changelog version

commit 30d1ce36af7835d47e0b53af475f3a7e99617b77
Merge: 0305baf 70a1eb2
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Jun 7 12:11:58 2021 -0400

    Merge remote-tracking branch 'github-whonix/master'

commit 70a1eb25a5976e0461056ff2c56bd82ab5df6c2c
Merge: 0305baf 97d8db3
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Jun 5 15:55:41 2021 -0400

    Merge pull request #101 from madaidan/sudo
    
    Restrict sudo's file permissions

commit 97d8db3f74b9fc00c8f4416cb72966e62c7de88e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 5 19:16:42 2021 +0000

    Restrict sudo's file permissions

commit 0305baf21173f0ee292986200f1242ca0395c74d
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 07:36:59 2021 -0400

    bumped changelog version

commit d87bee37f788fb7605626cd4a8d61ed9e6fee252
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 07:21:18 2021 -0400

    comment

commit 809930c0212aa41d60b1a498bd4ce85f06668bae
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Tue Jun 1 05:36:01 2021 -0400

    comment

commit 5bd59991cbf72ba9ebd8feadd4da397bbcd9d469
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed May 5 08:37:56 2021 -0400

    bumped changelog version

commit 6e759f9196412b1742db1e4c68a70867e1ad8629
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:17:30 2021 -0400

    config-package-dev displace /etc/dkms/framework.conf
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit e2afd00627b097f75467cd0e2fe7e15977141026
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:14:30 2021 -0400

    modify DKMS configuration file `/etc/dkms/framework.conf`
    
    Lower parallel compilation jobs to 1 if less than 2 GB RAM to avoid freezing of virtual machines.
    
    `parallel_jobs=1`
    
    This does not necessarily belong into security-misc, however likely
    security-misc will need to modify `/etc/dkms/framework.conf` in the future to
    enable kernel module signing.
    
    https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit 3ba3b371873d221db6845fb0fe52191b8b349b0a
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Apr 29 11:08:30 2021 -0400

    add `/etc/dkms/framework.conf.security-misc`
    
    original, from
    - https://github.com/dell/dkms/blob/master/dkms_framework.conf
    - https://raw.githubusercontent.com/dell/dkms/master/dkms_framework.conf
    
    https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58

commit 1d35bdf2912d1dfd0b49ce727338f86d17decd72
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Apr 5 11:58:47 2021 -0400

    bumped changelog version

commit 41734ec523eb3cd233fe4651b9807222c8ccb1d5
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Apr 3 11:44:13 2021 -0400

    systemd RemainAfterExit=yes
    
    for better usability
    
    https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33

commit e8ea94325b1df7bc0c47eabdfbd7c24b2fe51539
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Mar 17 12:31:34 2021 -0400

    bumped changelog version

commit a67007f4b7b7763a0b131acb246cfe84ac65540f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Wed Mar 17 09:45:21 2021 -0400

    copyright

commit 0c4a7207e46933a504badfb9c1ce26a9ef82d370
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Thu Mar 4 07:09:01 2021 -0500

    bumped changelog version

commit a1819e8cabc45ea197da7e3a4a94ffbab1376423
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 09:15:44 2021 -0500

    comment

commit 3382192b89de3891d45261f138652bdb48c5674b
Merge: 7f30d70 2e8e3c0
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 09:12:18 2021 -0500

    Merge remote-tracking branch 'github/master'

commit 2e8e3c07c4dda7f8500237dfa7a1d2bc7aecef5d
Merge: 7f30d70 4db7d6b
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Mon Mar 1 14:11:28 2021 +0000

    Merge pull request #100 from 0xC0ncord/bugfix/selinuxfs_restrictions
    
    hide-hardware-info: allow unrestricting selinuxfs

commit 7f30d702953b2e46255e3e8e71ee47af3f5a5725
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 6 06:31:45 2021 -0500

    bumped changelog version

commit 83c0be5177929b67e3c9eba18c02904498d378cb
Author: Patrick Schleizer <adrelanos@whonix.org>
Date:   Sat Feb 6 06:27:54 2021 -0500

    readme

commit 4db7d6be643f9e7c9c3b81d3945b8d2c3e4c5269
Author: Kenton Groombridge <me@concord.sh>
Date:   Sat Feb 6 03:02:08 2021 -0500

    hide-hardware-info: allow unrestricting selinuxfs
    
    On SELinux systems, the /sys/fs/selinux directory must be visible to
    userspace utilities in order to function properly.

commit 3120ff3ec98edecdc2855261d3ba26cad8803c74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 29 23:37:03 2021 -0500

    bumped changelog version

commit af3244741dba7425148378aacf853e82deddee1f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 29 23:15:52 2021 -0500

    comment

commit d9aaf5910553b04b965ea729476b586d72043aea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 28 02:15:46 2021 -0500

    bumped changelog version

commit b0b7f569ee7da1101c9100c1b053b910f8660436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 28 02:11:54 2021 -0500

    comment

commit f2595cc2542b326a74d4c651897160c04bd1e162
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 27 05:50:16 2021 -0500

    bumped changelog version

commit 9622f28e255a101ee7239e3ffd42d8d80637654a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 27 05:49:34 2021 -0500

    skip counting failed login attempts from dovecot
    
    Failed dovecot logins should not result in account getting locked.
    
    revert "use pam_tally2 only for login"

commit 480f74cab6d79886fe29eeecc5b7ebc1f138f8dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 24 05:10:36 2021 -0500

    bumped changelog version

commit 6757104aa4d1e661b046e71f7bda511d73e83d61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 24 05:04:48 2021 -0500

    use pam_tally2 only for login
    
    to skip counting failed login attempts over ssh and mail login

commit 126c31c37d17a55b0980dcae8c546aeed4282a99
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 19 19:41:43 2021 -0500

    bumped changelog version

commit 14d13fb03ed627cfb378873ad46f4d3ac795a9f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 19 19:41:42 2021 -0500

    readme

commit 611fbe2c619d9b5fab748faf2b0f59274a914187
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 18 05:39:34 2021 -0500

    description

commit 0e8ea5eb727d609d70e8f639dde62583a3ff47f3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 14 02:36:49 2021 -0500

    bumped changelog version

commit ddd62c1eef031c2befc626acbe4d48d8cdbea1d0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:24:11 2021 -0500

    readme

commit 468d8b600dda7cce87bbdf972244ef2f610935d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:20:58 2021 -0500

    readme

commit b5cee63999a7277b32f3850a5d8821c73ed05933
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:19:31 2021 -0500

    new file:   README_generic.md

commit 94627f0875e69c9314faab8b0dc2dbe22af5c88f
Merge: 353e74f 79876f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 03:18:41 2021 -0500

    Merge remote-tracking branch 'github/master'

commit 79876f7b1261006885a713dbfda97609c8e81f3f
Merge: 353e74f 3066b5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 12 08:17:04 2021 +0000

    Merge pull request #99 from madaidan/docs
    
    Overhaul documentation

commit 3066b5ad972f16069361999afbca0978986db862
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jan 12 02:17:13 2021 +0000

    Overhaul documentation

commit 353e74fb5f0c150b9de3554b88619480c338ef59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 5 08:30:37 2021 -0500

    bumped changelog version

commit a258f35f385aff7b6fef71e23b94c4681e52bed2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 5 02:11:08 2021 -0500

    comment

commit a4d7e4614174e6f0357a068af0b7fd46e963a89f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 10 05:20:57 2020 -0500

    bumped changelog version

commit c5097ed599078091aef1fcb63b237d9835040c34
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:23:09 2020 -0500

    comment

commit b2b614ed2a1a62ff4c917aba80eeef505810dbf8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:15:52 2020 -0500

    cover more folders in /usr/local

commit 5bd267d7747521fa5bb053da19dc79991e2c4bb5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:10:50 2020 -0500

    refactoring

commit 11cdce02a048b323c6f56cb15f98e6060aab8346
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:10:10 2020 -0500

    refactoring

commit f73c55f16c10ee2cd0532f4032cec56c484bd4d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 6 04:08:58 2020 -0500

    /opt
    
    https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68

commit 261ef85c14ff9c13d3d7734d8c9eba5a54497187
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:53:06 2020 -0500

    bumped changelog version

commit c031f22995a1e073bd81189ee97a3de32a2b278f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:14:48 2020 -0500

    SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
    
    `whitelists_disable_all=true`

commit b09cc0de6af2d7e12110a0f3030234539288abad
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:10:26 2020 -0500

    Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
    
    This reverts commit 36a471ebce883f7a1660977f486b21ece320d0c2.

commit 704f0500ba4e23a1e5b33688db02e03b1169046d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:03:16 2020 -0500

    fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf
    
    since whitelist needs to be defined before SUID removal commands

commit 36a471ebce883f7a1660977f486b21ece320d0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 05:02:34 2020 -0500

    SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
    
    `whitelists_disable_all=true`

commit 318ab570aacd48b7f163331dc2ba8b012e0d2336
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 1 04:28:15 2020 -0500

    simplify disabling of SUID Disabler and Permission Hardener whitelist
    
    split `/etc/permission-hardening.d/30_default.conf` into multiple files
    
    `/etc/permission-hardening.d/40_default_whitelist_[...].conf`
    
    therefore make it easier to delete any whitelisted SUID binaries

commit cf07e977bd6697af7a4326d7705447d500d35593
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 29 09:09:42 2020 -0500

    add `/bin/pkexec exactwhitelist` for consistency
    
    since there is already `/usr/bin/pkexec exactwhitelist`

commit fe274838861ada125eccdca11ba044123fdae663
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 28 06:08:10 2020 -0500

    bumped changelog version

commit 28a326a8a14f56d588ed6f2b4d7d748d53120109
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 28 05:31:12 2020 -0500

    add feature `/usr/lib/security-misc/permission-hardening-undo /path/to/filename`
    
    to allow removing 1 SUID
    
    fix, show INFO message if file does not exist during removal rather than ERROR

commit 0ef35f877066ddac21737e707829c4571bb76abd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 6 10:18:09 2020 -0500

    bumped changelog version

commit abae787186d48b2cccf220cbf7b553f8478e60be
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:47:16 2020 -0500

    usability: pam abort when attempting to login to root when root password is locked

commit 581e31af81015fb85ee1bdd81586dbea13804955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:46:57 2020 -0500

    comment

commit dfe9b0f6c7364e4d3cc3bf13ad7c0fccc2cb7e10
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:42:47 2020 -0500

    fix, no longer unconditionally abort pam for user accounts with locked passwords
    
    as locked user accounts might have valid sudoers exceptions
    
    Thanks to @mimp for the bug report!
    
    https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521

commit 211769dc65a5c98cbdb55ce62e83c9e2a9fa1540
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:41:51 2020 -0500

    comment

commit 79521397310f5e4e200291b2e2380e8e58953f18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:39:32 2020 -0500

    comment

commit bb72c1278dd02a48a631d8e798cd78100576a1a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 5 06:36:39 2020 -0500

    copyright

commit f4843b1deb95948f9fe2a2870ecbe61c1cab798a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:29:25 2020 -0400

    bumped changelog version

commit c1e0bb831025854afbd88e5c353a000c4dadaede
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:11:49 2020 -0400

    shebang

commit b06d4ca29983938fa81acfc379366e6c1516c69a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 06:09:22 2020 -0400

    bumped changelog version

commit 3f656be5746ec4d219371fb0d67c222df7fe52d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 31 05:48:10 2020 -0400

    chmod +x /etc/X11/Xsession.d/50panic_on_oops
    chmod +x /etc/X11/Xsession.d/50security-misc

commit 881d695bff7d65c66bbf8e0973f883c75a3d1ebb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 5 07:03:37 2020 -0400

    bumped changelog version

commit 3adb2c92d9551f649b177753fede18da3cc4b0eb
Merge: feb7cea 5856013
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 3 14:10:32 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 58560138cdc36fa5f6142f75f0fed53bcad96363
Merge: feb7cea 06ffd5d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 3 18:09:07 2020 +0000

    Merge pull request #77 from madaidan/debugfs
    
    Restrict access to debugfs

commit 06ffd5d2201152c60eb4309860b8c42be386dccb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Sep 28 19:21:20 2020 +0000

    Restrict access to debugfs

commit feb7cea4c508a94d1140bc08856d0fe586da694e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:30:42 2020 -0400

    bumped changelog version

commit da1ac48cde8ea5057d1606a2fba42ea179677378
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:29:50 2020 -0400

    unblacklist squashfs as this would likely break Whonix-Host ISO
    
    https://github.com/Whonix/security-misc/pull/75#issuecomment-700044182

commit 4070133ed65af409adeb6f8c7970d3bc7074b02b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:25:57 2020 -0400

    unblacklist vfat
    
    https://github.com/Whonix/security-misc/pull/75#issuecomment-695201068

commit 77d461ec08ffdf0eb6a5d124927d9f9748c0dd3c
Merge: 5fc7b79 3684ab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 10:24:59 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 3684ab585eeab46ff17a1d410ce1bcff1a63968c
Merge: ae90107 a813e7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 14:24:15 2020 +0000

    Merge pull request #75 from flawedworld/patch-1
    
    Blacklist more modules (based on OpenSCAP for RHEL 8)

commit ae90107e6df4d312a6734985df38b8533d1283c8
Merge: 5fc7b79 8f7727e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 28 14:23:42 2020 +0000

    Merge pull request #76 from flawedworld/patch-2
    
    Add IPv6 sysctl options and enforce kernel.perf_event_paranoid=3

commit a813e7da07a39e96e0cd7937aee7568307a00287
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Sat Sep 19 20:46:19 2020 +0100

    Blacklist more modules

commit 5fc7b791db473c22ea43ff899e2dbe232c42a2b7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 09:28:27 2020 -0400

    bumped changelog version

commit bff6ce7abb920d55edc49b19340a1e9251a4cd8c
Merge: 98c0dec 9239c8b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 06:54:50 2020 -0400

    Merge remote-tracking branch 'github/master'

commit 9239c8b8074018090d4fa1381aa06e66a99359cc
Merge: 98c0dec 8dfdec1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 19 10:54:21 2020 +0000

    Merge pull request #71 from onions-knight/patch-1
    
    Update thunar.xml

commit 8f7727e823a86a1826686d5c95d0070721c7acba
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Fri Sep 18 23:36:30 2020 +0100

    Add some IPv6 options

commit 944fed3c459dd55820cb1eca68f86816bdf8469f
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
Date:   Fri Sep 18 23:29:04 2020 +0100

    Disallow kernel profiling by users without CAP_SYS_ADMIN
    
    It's the default on a lot of stuff, but still nice to have.

commit 98c0decaa46c6fb839062ff9af0556d821c254e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 3 09:43:43 2020 -0400

    bumped changelog version

commit 7e267ab49850362c02374a15fdba2409a5487a0f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 3 08:12:19 2020 -0400

    fix, allow group `sudo` and `console` to use consoles
    
    fix /etc/security/access-security-misc.conf syntax error
    
    Thanks to @81a989 for the bug report!
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/31

commit b09f5ddc154d6561fd97b436feeb6a6225f89206
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 29 08:33:07 2020 -0400

    bumped changelog version

commit ac8bc4f006dbc1583e35ba033e38dac8392127e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 29 06:30:07 2020 -0400

    readme

commit 861f9d1022e61766c7474d9eb79489ba64ac2055
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 14 13:57:32 2020 -0400

    bumped changelog version

commit 3cd7b144bba1a92ca771b16fc5215073c7561a1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 14 13:47:58 2020 -0400

    move "kernel.printk = 3 3 3 3" to separate file /etc/sysctl.d/30_silent-kernel-printk.conf
    
    so package debug-misc can easily disable it
    
    https://phabricator.whonix.org/T950

commit 81cb6ad2462a900f9c5193278de70ada62a5585b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 23 12:27:25 2020 -0400

    bumped changelog version

commit 6485df8126b52a2072824fa442e8d1dd5cb18981
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 23 12:26:31 2020 -0400

    Prevent kernel info leaks in console during boot.
    
    add kernel parameter `quiet loglevel=0`
    
    https://phabricator.whonix.org/T950

commit aa5631b02b0127b4681ae08c973b08b23befd701
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 08:43:40 2020 -0400

    bumped changelog version

commit 8d2e4b68dcae87b27f519196488e0ed7e8b95ef2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 08:00:31 2020 -0400

    Prevent kernel info leaks in console during boot.
    
    By setting `kernel.printk = 3 3 3 3`.
    
    https://phabricator.whonix.org/T950
    
    Thanks to @madaidan for the suggestion!

commit 4898a9e753e9399e83e4a39d8fa340e1ad9d4f6d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 07:54:33 2020 -0400

    fix, sysctl-initramfs: switch log to /run/initramfs/sysctl-initramfs-error.log
    
    since ephemeral, in RAM, not written to disk, no conflict with grub-live
    
    https://forums.whonix.org/t/kernel-hardening/7296/435

commit 701da5f6cc911e3946904c152078dc6c637e5070
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 16 07:24:44 2020 -0400

    formatting

commit cb51847085c1b62c99ab160373c52a388bdfe300
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 15 14:05:37 2020 -0400

    readme

commit df218ad6582ab88be16e66cf13951d0a5271411b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Apr 14 12:40:31 2020 -0400

    bumped changelog version

commit 8851c9ed29e79d2ef5df9c7b7086878e69b90bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Apr 14 12:39:34 2020 -0400

    fix: disable proc-hidepid.service

commit b6dde34bfb696218cc14ac89d169ec0e37814bff
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:56:34 2020 -0400

    bumped changelog version

commit e0b8640fb9d03feb6b01fed4469d901e3f9a5dc0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:56:34 2020 -0400

    readme

commit 253578afdf9a4aeb8c5495ca815d0326086dc986
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 13 06:50:32 2020 -0400

    /etc/security/access-security-misc.conf white list ttyS0 etc.
    
    ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9
    
    Thanks to @subpar_marlin for the bug report and helping to fix this!
    
    https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43
    
    https://forums.whonix.org/t/etc-security-hardening/8592

commit b3ce18f0f9f1da0552a4a1bd882a5b5dda13626e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:54:10 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 442931529121e9e402e7ac56e27df3dcec43167b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:52:55 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 72be31e870057b035651c1b5a7e9a9db149e9d25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:48:13 2020 -0400

    disable proc-hidepid by default because incompatible with pkexec
    
    and undo pkexec wrapper

commit 938e929f39ff68296ab01a4b619f963ad3bdf535
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Apr 12 16:37:51 2020 -0400

    add pkexec to suid default whitelist
    
    /usr/bin/pkexec exactwhitelist
    /usr/bin/pkexec.security-misc-orig exactwhitelist

commit 695ad5b83d0e89b1c3b8a5f09f2d7d0a17d8e72f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 9 09:45:30 2020 +0000

    bumped changelog version

commit 67b9d06b25a651b89e35abdd227a1740871395cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 9 09:45:29 2020 +0000

    readme

commit 565ff136e5f1e714b4094fcd9cfdf99a0fb99850
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 21:04:02 2020 +0000

    vm.swappiness=1
    
    import from swappiness-lowest
    
    https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278

commit 642d4d8d939f33c19564dcc5a0ed46d85feb80aa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 17:13:21 2020 +0000

    bumped changelog version

commit a9d0baffe600b9ac5bb7d6ee4e7c5c5830bc60ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:57:32 2020 +0000

    python -> python3

commit 4153d8d08874256647d3200333d6754baac2ea63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:51:22 2020 +0000

    apparmor-profile-anondist -> apparmor-profile-dist

commit 72228946dca93b5c8257ac5a6ad59e54b7b14d11
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 16:46:11 2020 +0000

    fix etc/default/grub.d/40_kernel_hardening.cfg
    
    in Qubes if no kernel package is installed

commit bfd6018d8d108ee8691556529121fe2a679de1d2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:51:11 2020 +0000

    bumped changelog version

commit 0441f2ed7ad01585c11c9fb6a05cd3884408c9d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:30:05 2020 +0000

    readme

commit 663811a8192d7d08769eaf5e9c057b9dcca34562
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 8 12:04:13 2020 +0000

    anon-base-files -> dist-base-files

commit cc8489df2ff655276be31073ec2fff57a9e8b448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 13:29:23 2020 -0400

    bumped changelog version

commit 350a15dfbf9186c4bd81159b7656b5707a95c5db
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 13:22:32 2020 -0400

    readme

commit 5c81e1f23fa07a0e3c96d15dc3cc24d41332fe3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 6 09:25:45 2020 -0400

    import from anon-gpg-conf

commit 1b2a34ea80fa9efeb02acaa8595e3c38fd9d06ca
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 4 16:51:42 2020 -0400

    bumped changelog version

commit 1188a44f47602248911d81f4dc3af08b830b65b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 4 16:49:30 2020 -0400

    port to python 3.7

commit a2c932aa5a354798ce1383e988519f9a2cb69374
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 07:58:51 2020 -0400

    bumped changelog version

commit ae8c5fff3c70c00931b95cd04b8729d2c1bd2a60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 07:22:47 2020 -0400

    readme

commit a7f2a2a3b6b408a0545f55b8fed9cc17fbd8f843
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 06:04:45 2020 -0400

    console lockdown: allow members of group `sudo` to use console
    
    https://forums.whonix.org/t/etc-security-hardening/8592
    
    https://github.com/Whonix/security-misc/pull/74#issuecomment-607748407
    
    https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown

commit 7764ee0d202193dc67f5805fc23be2b804962186
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 2 05:58:16 2020 -0400

    comments

commit d9f2a0e4a1837ef1604e4cd17ce8ae60996c9782
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 17:34:59 2020 -0400

    remove 'Build-Depends: ronn' since no longer required

commit eda9c57a628ebf1083f87789842d5403c6e05122
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 16:57:33 2020 -0400

    remove genmkfile

commit 2609fe9c3efff611dc5bce20d62580dace02757b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 16:33:29 2020 -0400

    add debian install file

commit d4b2baa9b66d480d5e45c628f8bc4ff11fab765f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 10:58:16 2020 -0400

    bumped changelog version

commit 2ceea8d1fe9f2425488c6696f75f2ecfd9ff2235
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:49:59 2020 -0400

    update copyright year

commit b6de867dec85efb03cf38aa85494607edb4500f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:26:44 2020 -0400

    bumped changelog version

commit ad022fc0b703f28f24665d28b072f1a993978370
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 1 08:21:06 2020 -0400

    fix

commit 354af7085be7e266913c3ae79701cd1abc729d06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 31 07:41:45 2020 -0400

    bumped changelog version

commit 814f613a2fac12b892dfb6dcf53ee628e340c7b2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 31 07:08:25 2020 -0400

    When using systemd-nspawn (chroot) then `login` requires console 'console' to be permitted.

commit a369a0a94dca7fff68234e4f75d74a4e9d63df5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 18:42:02 2020 -0400

    bumped changelog version

commit c22adbd92fcab45fb3b1d3e98528c4790bb20a6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 18:39:23 2020 -0400

    notify if security-misc installation is forced

commit 7ee5fc1b760dff0f86d8cf07a77cbd42d40f7a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:16:46 2020 -0400

    bumped changelog version

commit f663b5eff8a6f2fa406039ced4441c5a4a9c1477
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:15:02 2020 -0400

    skip check if any non-root user is a member of group sudo and console if
    environment variable `SECURITY_MISC_INSTALL` is set to `force`

commit bc22fc9fdba834d0a2d8fdc75b86934e56b317c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 30 17:12:43 2020 -0400

    skip check if any non-root user is a member of group sudo and console if file
    /var/lib/security-misc/skip_install_check exists

commit d7a69628b1def631b04219da7aee764eebea37df
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:56:48 2020 -0400

    bumped changelog version

commit 5f0dd8270ba6311018e654cca3b8b86818af5a82
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:14:35 2020 -0400

    consistent use of quotes

commit 66ea1a3a127642c5515ac6fd80952a56568620bc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:14:15 2020 -0400

    minor

commit 23bd7ead59c0bdd793a955aaa613552b37a38dab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:12:42 2020 -0400

    remove trailing space

commit 7c25fc517e6f42d4364a55407f6bf0c84d130c8e
Merge: 20f0c57 1cbc7f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 14:12:25 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 1cbc7f6bed8acc112b610e05f527cffc6e9e1e87
Merge: 20f0c57 89ada11
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 18:11:57 2020 +0000

    Merge pull request #73 from madaidan/sysctl-initramfs
    
    Only remount in sysctl-initramfs if already mounted read-only

commit 89ada11cf9a76cf02b3d5f92fd5c66194fe40ff0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Mar 21 17:49:07 2020 +0000

    Only remount if already mounted read-only

commit 20f0c574d5424c78ab6b4d3829a6662615967ba5
Merge: e4118cb 2938182
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 13:28:43 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 2938182ce6303e6e55086e2e9e82f8263a3c8e76
Merge: e4118cb c8826d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 21 17:26:37 2020 +0000

    Merge pull request #72 from madaidan/master
    
    Fix sysctl-initramfs logs

commit c8826d6702ebaf280994effb22aea39b4cfd2dac
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Mar 21 17:15:25 2020 +0000

    Fix sysctl-initramfs logs

commit 8dfdec1d3b0fde7b2836b38e5aefab1b6b6df9f2
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
Date:   Tue Mar 17 16:38:53 2020 +0000

    Update thunar.xml
    
    Adding Delete option for thunar on right mouse click (removed in Debian 10). See https://forums.whonix.org/t/whonix-host-calamares-branding-suggestion/7772/26

commit e4118cb21eb8765bc8f4e7b5e05d464d72575824
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 12 04:43:08 2020 -0400

    bumped changelog version

commit e6e7886a6e3dca1a75943c5a04c4d29ab8682cec
Merge: 04a87f7 711e786
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Mar 11 09:08:41 2020 -0400

    Merge remote-tracking branch 'origin/master'

commit 711e786be504179c832172acb39d567b323520e6
Merge: 04a87f7 4d0de87
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Mar 11 13:06:23 2020 +0000

    Merge pull request #70 from madaidan/userfaultfd
    
    Fix unprivileged_userfaultfd

commit 4d0de87f799d8032731140e9a5815d4773d91baa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Mar 8 17:49:49 2020 +0000

    Disable unprivileged userfaultfd use again

commit efb2683cfc168c3b110c6664ee61eabcf85f3f30
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Mar 8 17:49:12 2020 +0000

    Hide unprivileged_userfaultfd error

commit 04a87f7029736e5ce66f18bb6c42cadf3500b26b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Mar 8 09:43:24 2020 -0400

    bumped changelog version

commit 284a49110030b21aa3136447217273337a12acaf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Mar 8 08:07:10 2020 -0400

    disable `vm.unprivileged_userfaultfd=0` for now
    
    because broken
    
    https://forums.whonix.org/t/kernel-hardening/7296/406
    
    reverts "Restrict the userfaultfd() syscall to root as it can make heap sprays easier."
    
    https://duasynt.com/blog/linux-kernel-heap-spray

commit 44351ec9b78d59aeeef44675e8e203c7ace243f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Mar 7 21:44:19 2020 -0500

    remove no longer needed code for installation of apparmor profiles

commit 71ae6239168d829e25670ffa856ee0f011a168a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 5 08:36:27 2020 -0500

    bumped changelog version

commit 76eb9579a3038982301fc622c84cd48fa3d88ffd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 5 08:33:00 2020 -0500

    readme

commit 15dde15a36c3cac0088773670b84f7e1e2b1423f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:42:24 2020 -0500

    typo

commit 8887af26d6a82613ee1f9c3a10ba42fdd2444d1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:19:49 2020 -0500

    bumped changelog version

commit 1dea4dbcf6fa3299e513d01005b514e42bf51538
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:18:38 2020 -0500

    readme

commit cd19c2da006d38cd0cd3653b31e398d16396d825
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:18:24 2020 -0500

    fix lintian warning

commit 7e3fedefb234e584d900c036c424ac083a9efa3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:12:50 2020 -0500

    bumped changelog version

commit 201d6b5efc355b08b5f94f9284d2242dec9c56b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 3 09:07:42 2020 -0500

    readme

commit 63c6405ab74f0dd5f3ec3838135b29304a3d1fc8
Merge: e3e39f2 453aa8a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 07:34:46 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 453aa8a4eb76fe56ad67f1aea8abfeb122e68a9c
Merge: e3e39f2 60fbf8b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 12:28:32 2020 +0000

    Merge pull request #65 from madaidan/userfaultfd
    
    Restrict the userfaultfd() syscall to root

commit e3e39f22354595c9f21c243d7bdadc1487374db8
Merge: 649ec5d bd7678c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 05:01:41 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 649ec5dfa1d2c0e324d8054b4c7402ab2b462d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:56 2020 -0500

    pkexec wrapper: fix gdebi / synaptic
    
    but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d
    exceptions.
    
    http://forums.whonix.org/t/cannot-use-pkexec/8129/53

commit 32269d32b63e549f76b4090b675dd53256fbc42d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:15 2020 -0500

    description

commit b31caefdeb8b76537982e359e708b57081d7b381
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 29 04:59:02 2020 -0500

    description

commit bd7678c574819298b364185fe7e3362c7e8d4930
Merge: d04d4bf 42d3b98
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 28 12:04:05 2020 +0000

    Merge pull request #66 from madaidan/mce
    
    Fix docs

commit 42d3b986c41854fc2990557d2333874e9379793b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Feb 27 17:41:14 2020 +0000

    Update control

commit d04d4bf0950b60b8e5bf51b2303bbecdbc5fe326
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:08:10 2020 -0500

    description

commit 4043d2af3f8239a2056610363fc9d53770ebc336
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:06:48 2020 -0500

    description

commit 0e5187ff249c686908506896e01125e37d194543
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 25 02:00:27 2020 -0500

    description

commit 60fbf8b0de8a631d8a63c64f7e8181fee501c237
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Feb 24 18:24:07 2020 +0000

    Update control

commit 6b64b36b0190198f5edfda6c704a9efe3ea5b9a6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Feb 24 18:23:15 2020 +0000

    Restrict the userfaultfd() syscall to root

commit 221000db5b184664c09dfe9cb7055de45331a7e1
Merge: 01eaee9 c7f2537
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 17 03:17:11 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit c7f2537930925e3ec250db81791a107af003079b
Merge: 01eaee9 8ea4e50
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 17 08:16:34 2020 +0000

    Merge pull request #64 from madaidan/extra_latent_entropy
    
    Gather more entropy during boot

commit 8ea4e50c8e9c3c9ee650b665a32b78f67aedc1aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Feb 16 19:52:40 2020 +0000

    Update control

commit f6b6ab374ea2b24dfd4ac49bc1a595b50ab3d952
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Feb 16 19:51:32 2020 +0000

    Gather more entropy during boot

commit 01eaee997e34aa73a11dffe032ace5ef23c37e28
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:35:44 2020 -0500

    bumped changelog version

commit 412a83923dd09f36a25ebf9ce1991369d09c5e34
Merge: dce54d5 4399a51
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:30:32 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit dce54d5d0f7c6017037b5fb6a5851dd90ce5d762
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:29:38 2020 -0500

    bumped changelog version

commit 3df008f0b9aa08c8b92c89439abeb029f5d1f316
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 15:28:30 2020 -0500

    readme

commit 4399a512bef77ddec428bd4150cacebb77fc22da
Merge: 757df8f a79ce7f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 19:43:05 2020 +0000

    Merge pull request #63 from madaidan/ldisc_autoload
    
    Document ldisc_autoload better

commit a79ce7fa68c22048d3e10789fe209b14b818d0fb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Feb 15 17:30:21 2020 +0000

    Document ldisc_autoload better

commit 757df8fceb29d9b6143cf26e73cb31dde69d0a71
Merge: 9bbae90 a9a1581
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:43:43 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit a9a1581720739966e94f18be556552e9d75d63b1
Merge: 9bbae90 1e5946c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:42:20 2020 +0000

    Merge pull request #60 from madaidan/sysrq
    
    Restrict the SysRq key

commit 1e5946c795e3962fdc2229146b9331d36a1d6c41
Merge: 0f49736 9bbae90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:41:52 2020 +0000

    Merge branch 'master' into sysrq

commit 9bbae903fe5ee58d4a22dfeab51cbb179b8cfb14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:29:48 2020 -0500

    remove-system.map: lower verbosity output

commit cce35e5109489df44916a08722d9016bb1e578ec
Merge: 14140ad e403517
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 05:27:52 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit e40351796e297673e1ec45dee7483079e96d9639
Merge: 5124f8c 31009f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:25:15 2020 +0000

    Merge pull request #62 from madaidan/shred
    
    Shred System.map files

commit 5124f8cebcf6113547d11fc5193f83af1a2b6f84
Merge: ac8757a 9b76713
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:18:56 2020 +0000

    Merge pull request #61 from madaidan/disable_early_pci_dma
    
    Avoid holes in IOMMU

commit ac8757a031a02c6cbad564e6a857954c0cf01a54
Merge: ad6b766 ace6211
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Feb 15 10:09:46 2020 +0000

    Merge pull request #59 from madaidan/ldisc
    
    Restrict loading line disciplines to CAP_SYS_MODULE

commit 31009f0bfa10e7b67f5823a5be92273e5414fff3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 23:46:19 2020 +0000

    Shred System.map files

commit 9b767139ef82279e00d86f7f1e1e8bf73d795651
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:52:01 2020 +0000

    Avoid holes in IOMMU

commit 0f497369574811b0e7fb832636a5618e62618619
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:18:18 2020 +0000

    Update control

commit d251c43344a04e1dd8afbf12352432810874e021
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 18:17:20 2020 +0000

    Restrict the SysRq key

commit ace62111761451a13c446767dfd3c32b9b70a7f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 17:51:17 2020 +0000

    Update control

commit 0ea7dd161b3e643c23624e6dcb450116824b6301
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Feb 14 17:50:19 2020 +0000

    Restrict loading line disciplines to CAP_SYS_MODULE

commit ad6b76688677cd4f9f0b2f2524c0f6b0a381bf29
Merge: 14140ad 14f8458
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 18:40:58 2020 +0000

    Merge pull request #57 from madaidan/sysctl
    
    Prevent symlink/hardlink TOCTOU races

commit 14140ad41ba45b2457570a7df28b42cfd3bf3155
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:39:45 2020 -0500

    bumped changelog version

commit d1fa191bc0ad58ea4fbb5b4db383311f87319dfe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:38:21 2020 -0500

    readme

commit 76a51a3b45113b4f771397bf32daae3fb38af6a6
Merge: 163e20b 5ebab39
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 13:37:34 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 5ebab397b201f431e3d0ca3bebfb71fa61a7ed2b
Merge: 163e20b 2796c2d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 13 18:36:41 2020 +0000

    Merge pull request #58 from madaidan/mitigations
    
    Improve CPU mitigations documentation

commit 2796c2dd00fca0bb458bdb4ea5c2cdbd35854bef
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:43:19 2020 +0000

    Update control

commit 700c7ed9085f2c9f0f271ddf8781f119e8ac5714
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:42:13 2020 +0000

    Create 40_cpu_mitigations.cfg

commit ba0043b8a7249e55e0a0d3b87f6c54de5283f057
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:36:05 2020 +0000

    Update 40_kernel_hardening.cfg

commit 14f845837476810f1eb3038d9d41f9ad8088b916
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:05:32 2020 +0000

    Update control

commit 5cb21d0d4d36fd516f17a9b5378443859f497027
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Feb 12 18:03:23 2020 +0000

    Prevent symlink/hardlink TOCTOU races

commit 163e20b886f298cb9d3aca54c14f66991001b396
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 5 06:31:48 2020 -0500

    bumped changelog version

commit 3024006f63be34f0c9d2968b1839a855419792dd
Merge: 8c5cd86 024576e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 4 00:24:50 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 024576e3307e45c90b97ed8658ee82ceb1ed00aa
Merge: 8c5cd86 e4c6e89
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 4 05:24:05 2020 +0000

    Merge pull request #56 from HulaHoop0/patch-1
    
    kvm.nx_huge_pages=force

commit e4c6e897cf37cbf5de6d90888a0ddbe56db11c2f
Author: HulaHoop0 <55955185+HulaHoop0@users.noreply.github.com>
Date:   Mon Feb 3 16:06:46 2020 +0000

    kvm.nx_huge_pages=force

commit 8c5cd865f49cea986cdfc00a4cb4f0f913d4d3e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 09:23:13 2020 -0500

    bumped changelog version

commit 1f6ed2cc7047e1144e811d94dddc7306ee93b61e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:55:20 2020 -0500

    add support for passing parameters to usr/lib/security-misc/apt-get-update

commit 2291b7f787bcec5f64f632c6f3e8dfb12c67b4ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 3 08:43:31 2020 -0500

    bumped changelog version

commit 8627c9f76d1bdf26a423a92506d3d8c0eb1afc2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:18:02 2020 -0500

    /usr/lib/security-misc/apt-get-update increase default timeout_after="600"

commit 829e28aa90ff5cb38edcc3cfab8ec91939ae5844
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 31 12:17:07 2020 -0500

    /usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support

commit 0bd0a4a647aef9899e1cbb5671ccfa3ca36efe18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:14:34 2020 -0500

    bumped changelog version

commit 85d2aa1365ae5dfc43944a938794954452c26fe0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:13:42 2020 -0500

    hide stdout (but not stderr) by sysctl during initramfs

commit d69c1839cd30145c30247e0962a97cfd38f79d60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 06:02:26 2020 -0500

    bumped changelog version

commit b9d65338bcc76552e4d2169106cd04e6276eb320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 05:55:13 2020 -0500

    unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...)
    
    this might reduce performance
    
    * `spectre_v2=on`
    * `spec_store_bypass_disable=on`
    * `tsx=off`
    * `tsx_async_abort=full,nosmt`
    
    Thanks to @madaidan for the suggestion!
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647

commit 2711d0f7f08362f97383fbae81ce9d520b19dcbc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:32 2020 -0500

    bumped changelog version

commit 4df0d6c01cc91139dc9eef1dc4265e8cacde8cdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 01:22:06 2020 -0500

    readme

commit c1a0da60beacd027c1c7c94ae44a9d7b1ab708b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 30 00:46:48 2020 -0500

    set kernel boot parameter `l1tf=full,force` and `nosmt=force`
    
    https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17

commit efc40da4fb1fffcc760685cda0e49dc04da4c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 12:02:27 2020 -0500

    bumped changelog version

commit 07dcb32fc28abf33eaf0425c67cc5cf9ee1f5a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 11:55:38 2020 -0500

    readme

commit f4c54881ac21ed095f54a59f9c0baf582ef76d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:49:19 2020 -0500

    description

commit 25317f23e3a80fdd9f6965990cd397ddcab11a4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:41:16 2020 -0500

    bumped changelog version

commit be79f0688a47dca129ac61dd78b18a2638e8650c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:20 2020 -0500

    readme

commit c0d3726b002d136e602c6bdaf07c5d94c5591ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:40:03 2020 -0500

    comment

commit a37da1c96880b14a8271712801e6da3d3ea766eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:39:06 2020 -0500

    add digits to drop-in file names

commit 2ab940c60311ae38079d2ceb09e04eedac2aad90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:34:18 2020 -0500

    bumped changelog version

commit bac6cd601baaca7453c55719e9dfa84d5109135d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:54 2020 -0500

    readme

commit 3a4d283169b381bdc93c4ff5ce7b08c11a0830b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:33:30 2020 -0500

    description

commit e0aa67677d3561cae6544c24e12021dd04f26133
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:30:36 2020 -0500

    merge the many modprobe.d config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit 6a4c493213929b354a3c8d2acf2325473ae63cfd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 04:26:36 2020 -0500

    merge the many sysctl config files into 1
    
    and use a name starting with double digits
    
    to make it easier to disable settings using a lexically higher config file

commit f653b94e7747436323e2083d416ab86560e3cd71
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:49:02 2020 -0500

    bumped changelog version

commit ca057713e2e1f3c4a47216aadb51ba0ca012e39e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:39:04 2020 -0500

    readme

commit 8616728ce0a6e5eaa799949abb5bfccd0a7effa7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:35:15 2020 -0500

    remove duplicate

commit d4a37b6df2a2de4822e3e4bac93ca3e10712af7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 24 03:18:17 2020 -0500

    remove-system.map: source /usr/lib/helper-scripts/pre.bsh

commit 3b283ec00f03b580d2f8b76f95449240a163dd48
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:10:47 2020 -0500

    bumped changelog version

commit 531f17cb68b331beb19a6e6c8b76575ebe38f95e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 22 07:08:08 2020 -0500

    add update initramfs trigger
    
    https://github.com/Whonix/security-misc/pull/53

commit df0b2afda1e1d5a3fddfd8c48b62a5de8295d687
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:12:32 2020 -0500

    bumped changelog version

commit 18041efa2f704d2a177b033ff8008aacdb7dde3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 21 10:01:17 2020 -0500

    fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live

commit 627b95e0b363e2e46a5de8a7aa5065bc66242293
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:51:25 2020 -0500

    bumped changelog version

commit fbe9b60d95d43452bf661461197efced431806a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 20 08:49:02 2020 -0500

    fix Whonix / Kicksecure
    
    /var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
    /var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
    
    sudo adduser user console

commit 960e1ff6e82f8593c2d242a6a0f1e1cf5805c85b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:32:57 2020 -0500

    bumped changelog version

commit 130434186811930d40407115af99116d4982da49
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jan 17 03:10:56 2020 -0500

    readme

commit 6f8d89c6c5609ed83d9dcd174375cb1ccfca91d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:54:06 2020 -0500

    error handling

commit 7211f6e0199d2ccb50437c7a5b0842050590b5dc
Merge: e110ea0 f6cc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 15:53:36 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit f6cc76acd729428f83d3497a2e83bfc4b14f1ff8
Merge: e110ea0 1df48a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 20:52:33 2020 +0000

    Merge pull request #55 from madaidan/sysctl.conf
    
    Process sysctl.conf in initramfs

commit 1df48a226d83b98dadc8bfb8dbc479dd656e2313
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:30:17 2020 +0000

    Update control

commit f7fde60b67a7ef44658cde3b835565407aafd133
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jan 15 20:28:32 2020 +0000

    Process sysctl.conf too

commit e110ea0b84329dfbe0175298b21e7732f7105436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:37:52 2020 -0500

    bumped changelog version

commit 0f17596aacb86afb7abcdd4781a9995dde23d3bb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:41 2020 -0500

    readme

commit 0618b5346493723865cc6f2a632822c8b6fa690a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:35:07 2020 -0500

    fix lintian warning

commit 47ce3bec75f9aeb808993a70579ba93d2527a371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:05:54 2020 -0500

    bumped changelog version

commit 73e830d0ac1ece338b0e80ca1a020d84a15d1774
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 10:08:57 2020 -0500

    readme

commit 8ab4623f8e81ad1b67858b458f2ae4085e7c8e65
Merge: 8015954 087465a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 06:06:39 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 087465a0cdecc4765f7b659256cdd5e8cdef73ab
Merge: 8015954 528c5fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:30 2020 +0000

    Merge pull request #53 from madaidan/sysctl-initramfs
    
    Set sysctl values in initramfs

commit 528c5fc4c41026396a63ac91af7c156dd0d4f191
Merge: 9dc43ea 8015954
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 11:02:03 2020 +0000

    Merge branch 'master' into sysctl-initramfs

commit 80159545a580830565ec01a507915add9c44838a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 15 02:42:10 2020 -0500

    fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup
    
    https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764
    
    do show lxqt-sudo password prompt if there is a sudoers exceptoin
    
    improved pkexec wrapper logging

commit d90ca4b1ad18289d6bcfcef51cfb032a0b4423eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:12:13 2020 -0500

    refactoring

commit 082f04f2d4101828455a4a9b2852376a72ced6ce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 15:04:58 2020 -0500

    add logging to pkexec wrapper

commit 1059ccf2254d0aac40d2c14680fea2a4012a2d66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:28:28 2020 -0500

    bumped changelog version

commit 660837dc380440f6b00d3baf9395222376163b3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:25:32 2020 -0500

    fix case when user "user" does not exists

commit 18c726c3eebc93f69062f1e4c1d3c7ab394985c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:23:02 2020 -0500

    comment

commit b8652681e741236af2e20876d7103b2dfb0ae9bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:21:47 2020 -0500

    fix legacy

commit cc21f912a372faef8322801e9a48882f29159c2d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:20:36 2020 -0500

    bumped changelog version

commit 2078cd237f2aaad8d68c1c5eab3f9942460ecd3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:18:30 2020 -0500

    readme

commit c377c5ff83437a5447ecc9c873150421f4f1e691
Merge: 8341242 539f24b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 09:01:38 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit 539f24b65ee7739487d8038fcb1fdfb1ed62ab22
Merge: 8341242 0953bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jan 14 14:01:17 2020 +0000

    Merge pull request #54 from madaidan/panic_on_oops
    
    Document panic_on_oops

commit 0953bbe1d7f3e789aef2218a65c14c586dab4bcb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jan 13 21:05:35 2020 +0000

    Update control

commit 9dc43eae38b55951cae2a9bf93114bcf742f8c8b
Author: madaidan <>
Date:   Sun Jan 12 21:42:07 2020 +0000

    Description

commit 8c4e0ff1c4d6191dbb40b28cfc23a8185cc0cbdb
Author: madaidan <jeremy_stevens12@protonmail.ch>
Date:   Sun Jan 12 21:37:37 2020 +0000

    Set sysctl values in initramfs

commit 8341242abc342d9cbd82afe12f512daf73a9e59a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:19:29 2020 -0500

    bumped changelog version

commit 130a4cf6d433f4d862e10e31abbc2b1f3b1614d2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:17:06 2020 -0500

    readme

commit 61a2d390a7d6195d556898db8afa57822a9bc76a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:15:12 2020 -0500

    lintian

commit 3fae8e771ffbdd3023921b296e46cf982034d2ac
Merge: 13a1e13 e9f4dbd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 15:14:43 2020 -0500

    Merge remote-tracking branch 'origin/master'

commit e9f4dbdda579db83f330054253100bc7c5d1e2be
Merge: 13a1e13 6088444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jan 11 20:14:10 2020 +0000

    Merge pull request #52 from madaidan/vivid
    
    Blacklist the vivid kernel module

commit 6088444c371f021ca23daa3a0ab1ee431d429a61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:38:17 2020 +0000

    Update control

commit a662a76a52970530a4a3c3d6a284ce9400dc74c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jan 11 18:37:00 2020 +0000

    Blacklist vivid

commit 13a1e1321e05965ad9449fafa4406c4d3b781dcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jan 1 05:59:59 2020 -0500

    bumped changelog version

commit 5031e7cc4b8bfc4037ba6ea029e20637090ccacb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 08:18:38 2019 -0500

    better output if trying to login with non-existing user

commit b2bdeb90957da4ebe38e7f12fba0330b89e0983d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:08:32 2019 -0500

    bumped changelog version

commit 2a3aae62b1cf97313b925fac94261e28af7ea3d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:06:52 2019 -0500

    fix

commit 427deec3f50664f2fbb244b6cf060bb5b9e821b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 06:03:48 2019 -0500

    bumped changelog version

commit e89552c9846f85b4bbf73595080d71dcd873fe29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 05:55:44 2019 -0500

    add user "user" to group "console" in Whonix and Kicksecure
    
    enable Console Lockdown in Whonix and Kicksecure

commit b5a2d1dc581b53974aaa148f6d8f3054c9d1c5fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:54:58 2019 -0500

    bumped changelog version

commit 20697db3ee5d227176c4d31e6c96454a64f47797
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:53:02 2019 -0500

    improve console lockdown info output

commit 788914de95ee9299d685e8b65466feee1085cf18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 31 02:46:32 2019 -0500

    group ssh check was removed
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27

commit 06ed728d791abe0ad3c93091fd8ebc088f73c4ef
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:42:14 2019 -0500

    bumped changelog version

commit f3ff32ddbb8a7cf7555b9f1b2154e83154532a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 06:39:24 2019 -0500

    Protect /bin/mount from 'chmod -x'.
    
    /bin/mount exactwhitelist
    /usr/bin/mount exactwhitelist
    
    Remove SUID from 'mount' but keep executable.
    
    /bin/mount 745 root root
    /usr/bin/mount 745 root root
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/61

commit e4e9c4e3b09138af25e94a6db81b0f759ddb4d1b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 30 05:59:43 2019 -0500

    bumped changelog version

commit 9c0d6b605707dbcb7db9cd227257a5dcd612f784
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:09:07 2019 -0500

    copyright

commit edc08988f26532daf90bc4a4f007aef53e62eeaf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 05:08:53 2019 -0500

    copyright

commit 9156d3584cd7ba9064d5af54afd95b6d8e73907b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:59:05 2019 -0500

    Description

commit 3ea946b365d8b05cabce63f4d26b3153559aa465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:51 2019 -0500

    RemainAfterExit=yes

commit 2787ae976580d20ea4da5213c7f624f984510934
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:35 2019 -0500

    copyright

commit 6d56eb9ef0e2cfbba46df2294deb9c8e6b9aa2b7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:56:18 2019 -0500

    minor

commit 0e14706f32728123f1d345b73266934fe454a989
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:45:26 2019 -0500

    copyright

commit 1a0f7a77335940a11e33ca519d8f64429b8ee966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:43:32 2019 -0500

    debugging

commit 5271892cb1e4646b79388d064227d4662b682583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:42:54 2019 -0500

    debugging

commit 683028049c46516ba105b1b73364960b3b87efd6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:41:23 2019 -0500

    debugging

commit e3e1ff2a310c46fab67309edd88e73096843edcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:35:46 2019 -0500

    exit with error if a config line cannot be processed rather than skipping
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/59

commit d5c99f3a60372a00ded4b1b4340775aab1421d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:27:21 2019 -0500

    output

commit e5623fcd2b32b58e72c2ef80955072f013672e0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 29 04:21:52 2019 -0500

    comment

commit d7f58db52c926c11157671c4555ca97f02929a76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 27 05:30:12 2019 -0500

    bumped changelog version

commit 674840e6f9fb362dc713da3edde07132b5ae17d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 26 05:44:35 2019 -0500

    /fusermount matchwhitelist
    
    unbreak AppImages such as electrum Bitcoin wallet
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/57

commit 507a30d6e39f17fcb09b92033fe1d831e7d4baf4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:35:49 2019 -0500

    bumped changelog version

commit 04f438f75d4566822026373e78988e9d4e42b8b5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 18:09:37 2019 -0500

    comment

commit 9da0e428ed4635fb5ca98b2d72b56b553404a742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:31 2019 -0500

    debugging

commit e18ec533c3ebb382f974d30db3cd1f5eace648c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 17:54:02 2019 -0500

    comment

commit 0326cd5ee9371213420d2afdcbfb0a05d9a808e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 08:07:55 2019 -0500

    bumped changelog version

commit ede536913daa0c7ddfe55e20c93d7b752daa5de3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 06:00:41 2019 -0500

    no longer hardcode amd64

commit d03a3d9ac03bc29ba349107855936dd194e12271
Merge: 9d77d88 27a42a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 05:57:24 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 27a42a9da82bc1f22135ffa509925f63177f25d9
Merge: ac49c55 79241c5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:11 2019 +0000

    Merge pull request #50 from madaidan/modules
    
    Make /lib/modules unreadable

commit ac49c55d1fafff5f36bd7c595f50db295ff616a2
Merge: 0c3d4ad 98e88d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:55:03 2019 +0000

    Merge pull request #49 from madaidan/kver
    
    Detect kernel upgrades

commit 0c3d4ad255de75b57a2e316bf8a7fd77a2fc0d4d
Merge: 9d77d88 d1a0650
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 24 10:54:23 2019 +0000

    Merge pull request #48 from madaidan/kernel-hardening
    
    Use only one slub_debug parameter

commit 79241c5d09c4a7123cf90b45289b53d893135efb
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 20:28:29 2019 +0000

    Make /lib/modules unreadable

commit 98e88d1456ca0e8fa23809115c51c380a4bb2d3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:57:43 2019 +0000

    Detect kernel upgrades

commit d1a0650fd944973ab614c1da06f8e555b31b73ae
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 23 19:44:52 2019 +0000

    Use only one slub_debug parameter

commit 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 09:39:50 2019 -0500

    comments

commit 7a80837b4f0a7201f3e092ad9b99b4cddb6043b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 08:48:04 2019 -0500

    bumped changelog version

commit 617c0a0e15f1c113b6e7fd748bb75978e4f23fcd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 07:21:26 2019 -0500

    disable remount-secure.service - Disable for now until development finished / tested.

commit 3e131174d5919303462295cb0852a9254885ae7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 05:00:35 2019 -0500

    comments

commit bef41a38c26548d50101f7ea636316e1e2107a55
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:58:00 2019 -0500

    bumped changelog version

commit 046ceeae4df3b45916f35b0789af341c4f3d911a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:57:36 2019 -0500

    readme

commit 9f072ce4f99467f82986be348c9cedc2eb7f017d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:46:02 2019 -0500

    comment

commit 26fe9394fff2eb5be2f19272ea76ed187a8237e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:41:54 2019 -0500

    disable lockdown for now due to module loading

commit 9ec5b0ee82263e1afb38c44348e69437ddc5c9c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:49 2019 -0500

    description: lockdown not enabled yet

commit b05669accfe6fac8070003bbd57939ca2c621445
Merge: 11b4192 1ff51ee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:38:04 2019 -0500

    Merge branch 'madaidan-kernel-hardening'

commit 1ff51ee061dcdb1a898ebb68c0267ce926e0fca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:37:28 2019 -0500

    merge

commit 535c258b834028e5638fd2b37b1a6f352e2b4558
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Dec 18 20:43:01 2019 +0000

    More kernel hardening

commit 11b4192fbdbc02af97e7dc32677bdb3a549b0000
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 03:28:42 2019 -0500

    comments

commit 42ff53e9ad26190dcbff154f6cfd039e3f6bdf83
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:42:07 2019 -0500

    bumped changelog version

commit 2152fa2d61fa72935b70e60b98ccbe2e1b31db43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:38:53 2019 -0500

    comment

commit f8f2e6c7041d98572452be2e53094d0c539b1616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:35:13 2019 -0500

    fix disablewhitelist feature

commit 47ddcad0c0af27093f61cf77008224bf66572532
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:29:47 2019 -0500

    rename keyword whitelist to exactwhitelist
    
    add new keyword disablewhitelist
    
    refactoring

commit 175d1c284552a08881286e8c3ca5d8eb9b97a144
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:13:13 2019 -0500

    bumped changelog version

commit 0409aac3aeb7acc273e19b16e78409994c731f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 02:09:04 2019 -0500

    readme

commit 1ff56625a170c392f6099b41f371c56032362ea0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:42:03 2019 -0500

    polkit-agent-helper-1 matchwhitelist to match both
    
    - /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
    - /lib/policykit-1/polkit-agent-helper-1

commit d484b299ea1a93a401d00a212d675b5837b8aaa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:38:31 2019 -0500

    matchwhitelist /qubes/qfile-unpacker to match both
    
    - /usr/lib/qubes/qfile-unpacker whitelist
    - /lib/qubes/qfile-unpacker

commit 34bf2457136db227cc27a5d0fe9282f09780a310
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:35:45 2019 -0500

    output

commit ba30e45d15ec53b2d0a67ce96f5132d3f59bf870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:32:42 2019 -0500

    output

commit ee9c5742da99673785068b0393e3587a77c99a31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:29:48 2019 -0500

    output

commit 6d05359abcf460cbec266401530a9ab1aaaaf47f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:21:52 2019 -0500

    output

commit a1e78e8515a87ebc8fc2211b3e1e91824fd3865a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:20:56 2019 -0500

    fix needlessly re-adding entries

commit 906b3d32e769bbd30ed5698268899a7d2ec71d95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:09:57 2019 -0500

    output

commit 4f76867da6ce5710cf486175cd84adcd72640049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:08:02 2019 -0500

    lower debugging

commit dc6e5d8508a09bd7f2b9bfed02bc502797c11361
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 01:06:38 2019 -0500

    fix

commit 87b999f92aab4f4176f366308c27c4fe5471580c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:43 2019 -0500

    refactoring

commit 065ff4bd058ab26df3d3af1022da9d6a7405ab61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:59:24 2019 -0500

    sanity_tests

commit fef1469fe62bf923ba89077934c8b0e5d8cd0258
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:51:14 2019 -0500

    exit non-zero if capability removal failed

commit 3670fcf48baecffe098c96eb67cbd601bc3e0069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:49:33 2019 -0500

    depend on libcap2-bin for setcap / getcap / capsh

commit 17a8c294702acb30c397abc984d69c356cec2cd7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:47:49 2019 -0500

    fix capability removal error handling
    
    https://forums.whonix.org/t/disable-suid-binaries/7706/45

commit b631e2ecd8ae0e08850edd81bf64b02666fb6234
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:36:41 2019 -0500

    refactoring

commit 7aea304549cea2c885c2d813c7a15f617f4ebf2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 23 00:26:15 2019 -0500

    comment

commit f4b1df02ee66309d12724cf7124b14180c855f14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:42:40 2019 -0500

    Remove suid / gid and execute permission for 'group' and 'others'.
    
    Similar to: chmod og-ugx /path/to/filename
    
    Removing execution permission is useful to make binaries such as 'su' fail closed rather
    than fail open if suid was removed from these.
    
    Do not remove read access since no security benefit and easier to manually undo for users.
    
    chmod 744

commit 58a4e0bc7d1b87d4d169f31dc5935c75e929c0b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 19:12:10 2019 -0500

    dbus-daemon-launch-helper matchwhitelist

commit 15e3a2832da603f5caa9aadc6d68aaf503f013c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:57:23 2019 -0500

    comment

commit 6eb8fd257aecd84686b4d7a9824a98bace9a705e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 18:56:36 2019 -0500

    suid utempter/utempter matchwhitelist
    
    to cover both:
    
    /usr/lib/x86_64-linux-gnu/utempter/utempter
    /lib/x86_64-linux-gnu/utempter/utempter

commit 9409209b48fb8f803b88d72c0e7febaa74f5bd2c
Merge: 008ce48 bce02ff
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 10:29:08 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit bce02ffdc01c22c8d5528eb5eaa7729a6b3137dd
Merge: 008ce48 8f11a52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 22 15:26:07 2019 +0000

    Merge pull request #47 from madaidan/msr
    
    Blacklist CPU MSRs

commit 8f11a520f4c406fa3187ad530f945a564b78a28c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:54:16 2019 +0000

    Update control

commit dd93b11321e171c56affcd660c0830d6a91ad87e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 22 13:52:43 2019 +0000

    Blacklist CPU MSRs

commit 008ce4817c6ad2218af05d14626b0f2c70a6e90d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:55:03 2019 -0500

    bumped changelog version

commit d300db3cde0f7ee8e3884a1225ec1d196a318728
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:45:11 2019 -0500

    output

commit 3921846df6e21a80d87f451e89f96f5b3092dd53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:36:42 2019 -0500

    comment

commit 1213415ce649e7305af0b6c6ef2f8435caab5cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:23:35 2019 -0500

    bumped changelog version

commit 2ddf7b5db5d335d4f64d0df2c0caab0c80a2a046
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:51 2019 -0500

    /lib/ nosuid

commit 1e8457ea476a693dd1e455e4c455bf2e763cec23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 14:06:10 2019 -0500

    no longer remount /lib
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25

commit 10c19d6a8fc6b6bc03067dc3be88f486aa78d438
Merge: b2260f4 fffdf50
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 13:00:41 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit fffdf5090c707c698de4adacfd5837809b33aa99
Merge: 1c99b56 f5a52ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 17:59:56 2019 +0000

    Merge pull request #46 from madaidan/remount-secure
    
    Don't remount /sys/kernel/security

commit f5a52aeddc4742b4dbd8a0075d759b2ceaaae691
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 21 14:55:28 2019 +0000

    Don't remount /sys/kernel/security

commit b2260f48f4ab978b531d8ca9df2dc1a787b6666f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 08:03:33 2019 -0500

    add support for /etc/exec / /usr/local/etc/exec
    
    to allow enabling exec on a per VM basis

commit 1c99b56c9b99cceab6fe38580d06197dd4bcfb77
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:55 2019 -0500

    bumped changelog version

commit 161b6f6b885586cd65b8ac13b0bd113691465522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:49:29 2019 -0500

    readme

commit b74e5ca97244209e041f55483027365eacdf44c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:47:00 2019 -0500

    comment

commit 8fb17624bc3471a3676e76b3695179cde1ec21da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:51 2019 -0500

    comment

commit aef796a524f9156b584a7d8d203decc446c5d3b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:44:23 2019 -0500

    disable debugging

commit 1fe83d683f97af6730948aecce3216a51979c695
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:43:55 2019 -0500

    comment

commit 7c3da38bd53427501bcb0ac0d56bd626ce9e6adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:25 2019 -0500

    comment

commit 9050058bc2427a701095901a5bd275767437391b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:42:01 2019 -0500

    fix

commit 0c4db8c2b054a10554f163c31e3e626a80981c52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:38:25 2019 -0500

    bumped changelog version

commit 6b13a644df279ec3ccf3814e86233baafc0cf437
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 07:37:41 2019 -0500

    add /usr/lib/security-misc/permission-hardening-undo

commit af8b04b73d6d64792fc1ffb7f6b04b273c0ca7ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:58:01 2019 -0500

    rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
    rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
    
    https://github.com/Whonix/security-misc/pull/45

commit 2350e0f5d06d9625835ba1547aab0054b795c0c5
Merge: 3ea5871 efd65a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:57:10 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit efd65a3f15fc9380e2019c9d7ad0bf82adcc230d
Merge: c336bc4 c28ddf5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 11:56:31 2019 +0000

    Merge pull request #45 from madaidan/apparmor
    
    Delete apparmor profiles

commit 3ea587187e9d0a927799a66d15d163ee56a41978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:53:07 2019 -0500

    no need to exclude xorg nosuid on Debian
    
    http://forums.whonix.org/t/permission-hardening/8655/25

commit c336bc4fd229d9a6370df5520aaa4e872465de5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:39:13 2019 -0500

    comment

commit fac17a963d3dec1b399fd9b41ebebcedb7e90f43
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:28:19 2019 -0500

    bumped changelog version

commit b5f88efe2072eca99c245fc60442c82a270fab8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:27:01 2019 -0500

    fix

commit 2088628c8d44306e51c8a1407caee99e5eb4ce5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:24:08 2019 -0500

    debugging

commit 2dca031527fa38a932619ed2336a5aa472a85205
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:22:46 2019 -0500

    debugging

commit 195e00cc8796d532a68f90b7c1f8f30d17f24246
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:16:38 2019 -0500

    output

commit 78d33d8b57fdef3b16e8ab5b4f6b0487d51b9657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:12:20 2019 -0500

    bumped changelog version

commit 4b21b6df4167a2a95392a39182c636bdc097bc7e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:11:44 2019 -0500

    fix

commit ff48b672a8537e65c3d0b3ccfb65fb29c2d3766c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 06:00:17 2019 -0500

    bumped changelog version

commit 8436da2b7b0b9d309b57ed6ab36f2042fd82f4ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:58:50 2019 -0500

    output

commit da15265e1c311be16c1dd0a8681e630548fac0e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:55:23 2019 -0500

    fix

commit 2a248fe0de1b86b416c705ecce81dcb549581d9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:39 2019 -0500

    fix

commit 4f12664362fb4304ed43185ed5805f686bdeb0af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:54:07 2019 -0500

    output

commit e3355843c835c650d4701a2b94b93cc0040ca419
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:51:22 2019 -0500

    fix

commit 234ec5fe93c9b03c02e076621ac919f12062c4e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:47:35 2019 -0500

    fix

commit 65b5adb2d731f52533bda24eb6868d9e2968e2ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:38:39 2019 -0500

    bumped changelog version

commit 7ff900c20457ee42d415c4eddf3b08f1ac5e4461
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:37:43 2019 -0500

    fix

commit 2b5a49a61b221161f3b42d3a692d2e22df2afec2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:31:55 2019 -0500

    bumped changelog version

commit e1a5ee4bcf5ecb447ae7da0b137f81d520673cde
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:26:55 2019 -0500

    output

commit 66aaf3e22cda9bb58ab72e750a5711556cf1de25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:25:54 2019 -0500

    output

commit 7aa7d0b5a0e3b602b527131581f350b9b32fb0d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:22:27 2019 -0500

    improve error handling

commit 8919d38de9206b4802b471c2f40787a2f9d70269
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:21:46 2019 -0500

    disable debugging

commit cf5dee64fd4e1c44a8726db49b8328841ee6327f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:18:34 2019 -0500

    refactoring

commit 29cd9a0c38924fc2eb7520db886efc19541476cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:17:35 2019 -0500

    fix

commit 486027a4d75917fe2741370aa1e707b8ca14f693
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:15:38 2019 -0500

    fix

commit 1fd26be864ebd0dab8419e0b2b321522166d6271
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:51 2019 -0500

    fix

commit 0fc97c37beae5d48fed9ec714f19007f402952c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:14:39 2019 -0500

    fix

commit 1018d5b3b0b58a641aaca0419a06c246091932d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:51 2019 -0500

    output

commit 4388fc4d5ace9046c9eacb8354d9960599735ee4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:11:19 2019 -0500

    refactoring

commit ed20980f4c6c3fb304d8436399f5e14ead7b3ae3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 05:07:10 2019 -0500

    refactoring

commit 315ce86b9a66d15aea2d50f5271c228ee8bd3909
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:33:03 2019 -0500

    refactoring

commit 0c5848494b147b067afa2b70451fc7e5087823f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:21:26 2019 -0500

    do not remount if already has intended mount options

commit 203f4ad46e6a6950edd4b2a83f47ac71428928e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:17:10 2019 -0500

    refactoring

commit e7fd0dadb03e7f90adfa9ebdaf07530f02a846e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:09:35 2019 -0500

    output

commit e6ea21c7757ad732bd9bcce2c6a7a364780e1b14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 04:08:35 2019 -0500

    record existing modes in separate dpkg-statoverwrite databases
    
    to have a history of what was modified and to allow to undo changes

commit 89be5f2ecb998c46ff4864996cd86b97fa56d176
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 21 02:05:39 2019 -0500

    bumped changelog version

commit c28ddf5c4dbfd92aba9a59874f529a4afe69c497
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:31 2019 +0000

    Delete usr.lib.security-misc.pam_tally2-info

commit cfe69dd66900f7aad5311c02d2b4ee7b400fb90b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Dec 20 22:44:27 2019 +0000

    Delete usr.lib.security-misc.permission-lockdown

commit d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:07:01 2019 -0500

    suid /usr/lib/chromium/chrome-sandbox whitelist

commit 77b3dd5d6b5de0070da7e71154ecbe2e099e3b7f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 13:02:33 2019 -0500

    comments

commit d7bd477e7379cd5d74d81e81080d375041cc3b29
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:59:27 2019 -0500

    add "/usr/lib/xorg/Xorg.wrap whitelist"
    
    until this is researched
    
    https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
    https://lwn.net/Articles/590315/

commit 17e8605119fc671c4cbe4343851cf3c46b830508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:57:24 2019 -0500

    add matchwhitelist feature
    
    add "/usr/lib/virtualbox/ matchwhitelist"

commit 3fab3876693f20303c95f03c45af9adb9ae680e2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:50:35 2019 -0500

    suid /usr/bin/firejail whitelist
    
    There is a controversy about firejail but those who choose to install it
    should be able to use it.
    https://www.whonix.org/wiki/Dev/Firejail#Security

commit d3f16a5bf46a7d10316259788f3d97364fe2e545
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:47:10 2019 -0500

    sgid /usr/lib/qubes/qfile-unpacker whitelist

commit 508ec0c6fa44d9185aa22f5fa81ae9dbbefdb19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:34:07 2019 -0500

    comment

commit 1b569ea7908dcba409c94dacd477d2fbfeafe522
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 12:32:36 2019 -0500

    comment

commit f88ca2588920ac16a6b41e8c48021bf85801c2a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:58:07 2019 -0500

    fix terminology, sguid -> sgid
    
    Thanks to @madaidan for the bug report!
    
    https://forums.whonix.org/t/permission-hardening/8655/21

commit 1cd5fb6a0020504c7897acf169772d39b67f4bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:50:25 2019 -0500

    bumped changelog version

commit ff0a26fb5d65450c0a2b5fb86758d3d823a717e9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:49:19 2019 -0500

    comment

commit 71496a33ab27455d2856284d21f261dd20780dc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:47:53 2019 -0500

    skip folders are these are not suid / guid

commit 9321ecff4139f0776f93a9bd8c9606bcaf94f568
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:43:53 2019 -0500

    no more need to add/remove /

commit b95225b6a6b45b84778ba2427ae4628f102e6d05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:37:05 2019 -0500

    pipefail

commit cad6f328f40bb8b3c414e2bd6c7cb86e625f6d64
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:34:44 2019 -0500

    minor

commit 3265f9894d1c677419718de52570d304a4e69279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:27:43 2019 -0500

    output

commit 28d12c3966e3ddfadbf7d44e7c7bcdc37e1a7d25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:09:22 2019 -0500

    bumped changelog version

commit 1615ebec58b563224c7c02cd2b1f83b0954c48ca
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:07:44 2019 -0500

    output

commit 1e11b775cf1d2994f2e0da8d0191ef38eebe21a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:05:05 2019 -0500

    output

commit 731f80289566e118ba6c121c406775abc4c03bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:04:12 2019 -0500

    output

commit cd8efe58008c7b0e90ac88ac098b3fd08e75d716
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 11:03:22 2019 -0500

    output

commit c0ddb76d7463753e3250fc7da466fa763ef08dd5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:50:51 2019 -0500

    bumped changelog version

commit b31abea0af60874d4a48fd0da56978b0081eaef8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:49:31 2019 -0500

    improve error handling

commit 79cd3b86b6e5e186da66fd329b04fb3b42c0276e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:47:23 2019 -0500

    comment

commit b3458cc6ee368968de1510e9d05ddd3791fe5f6d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:45:59 2019 -0500

    fix checking existing entries to avoid needless calls to dpkg-statoverride

commit 370f3c5e541612021fa181e39507aa4ba8131731
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:35:05 2019 -0500

    comment

commit 133d09f2984506e0b0fd2e17a893b8d3e37b8431
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:33:16 2019 -0500

    output

commit 1ffa8e197e9ba9722d5fb2695de343df9d9db597
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:31:26 2019 -0500

    speed up setuid removal by using find with '-perm /u=s,g=s'
    
    https://forums.whonix.org/t/permission-hardening/8655/19

commit 4cfdf2c65b57f410163653304871ee3eb1d3f6ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:21:27 2019 -0500

    fix, re-enforce nosuid even if changed on the disk

commit e36868e675cbd80a36053956dbef71992cceca24
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 10:02:46 2019 -0500

    output

commit 50b8f65490555d9d12fd28991040c00a358b3b84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:59:28 2019 -0500

    add sanity test: count if we really processed all files

commit e28da89253f646969cdc2b0b46617bd603f917a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:48:06 2019 -0500

    /bin/sudo whitelist / /bin/bwrap whitelist

commit 55faa7b9978df52bcb98a562554473f80db1f171
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 09:43:23 2019 -0500

    fix missing processing files bug
    
    https://forums.whonix.org/t/permission-hardening/8655/16

commit fbe2479f486add30cd29f5c4063a140c42c502fe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:54:56 2019 -0500

    count processed file system objects
    
    to be able to verify if any were "forgotten"

commit 195ea522f5a8582851792b53047185717a6f679e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:52:14 2019 -0500

    fix

commit 6f8231be70940e2afb0ec8e4a0d60bb4f166f5b9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:51:55 2019 -0500

    debugging

commit ed50f98010c8b7878d518273703e00fa561e980b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:47:22 2019 -0500

    output

commit 089c40135f2a7f0da128808a27b696e36aff6821
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:15:00 2019 -0500

    bumped changelog version

commit 6d30e3b4a2c0e5cf53d88b4a033511aa49b8f227
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:13:23 2019 -0500

    do not remove suid from whitelisted binaries ever
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit d5f1bd8dd29a4f9e1ccb6fed82a255f7b7abfe6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 08:02:30 2019 -0500

    fix mode sanity check
    
    no longer use seq due to issue
    
    https://forums.whonix.org/t/permission-hardening/8655/13

commit ddc0eec63d744e4600f3b1b8cdf60fef6d647cbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:12:36 2019 -0500

    bumped changelog version

commit 65248a94efa4646127d8e11447e49a37f3ff986e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 07:06:50 2019 -0500

    readme

commit 8e112c34232b8ef88fb0c0fb19f2983de4e5a0a1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:24 2019 -0500

    description

commit 24ea70384bb6c34f283ff1e71e4f7ed34133db5f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:53:03 2019 -0500

    description

commit 0ae3e689b5f12101156b4be84631679c622f2e98
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:35:02 2019 -0500

    comment

commit 050f4d8b9482e1513ceccfb39394606b173fd8a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:34:37 2019 -0500

    comment

commit 36043fe5ccdbd798483096a104a40b9cc013a487
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:33:41 2019 -0500

    comment

commit fb4254547b39160c410b1f83ed56aa7653291df1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:32:04 2019 -0500

    comment

commit cca0908d9a73430fb97577fb6ae42b7416e72e6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:11:38 2019 -0500

    fix

commit e254b8b52d61432084273a3ec91bb5f4b377163f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:09:17 2019 -0500

    fix

commit 7f8b3c76de6e140b676d960004e779f9846c8cb8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:02:17 2019 -0500

    output

commit 071c64dc413c8a868866ddf699f653b371ac3b19
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:01:49 2019 -0500

    enable 'set -e'

commit b97c66707c3d3e8bb9164a35fe83974642f9652c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:59:05 2019 -0500

    minor

commit 17b4f12276349f28d9fc37944ece87fb6f7827a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:58:42 2019 -0500

    output

commit 48fe7312bf6b87a94678ed8a2eb0a01f2a88e371
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:57:41 2019 -0500

    update config

commit 87d820d84cd44e427c8990cf295da7ab6890040e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:54:16 2019 -0500

    comment

commit 918cbb4e257bab0ee4bb6eb303df5e65e34b9963
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:51:25 2019 -0500

    output

commit c8cf09a4cbe7721e3d97c62785a5d25fe3f61115
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:50:16 2019 -0500

    output

commit 46466c12ad9dcc62d52dd3e887665ced6bdedf3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:49:11 2019 -0500

    parse drop-in config folder rather than only one config file

commit 66fd31189dd1c2ccc5e6fb51278b0646c5188320
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:37:33 2019 -0500

    improve output if set-user-id / set-group-id is set

commit 6dd6530fa539a55feecc28cecdc812b787b555a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:32:26 2019 -0500

    remove hardening-enable
    
    please invent package security-paranoid instead
    
    https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609

commit 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:29:37 2019 -0500

    remove "/lib/ nosuid" from permission hardening
    
    Takes 1 minute to parse. No SUID binaries there by default.
    remount-secure mounts it with nosuid anyhow.
    Therefore no processing it here.

commit af0f074987b21ba4ad3f331ddaa622082d76fceb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:27:11 2019 -0500

    remount /lib with nosuid,nodev
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22

commit 7f201604779e442660c4c13798b2b48d706576ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:24:00 2019 -0500

    comment

commit a135ae94009c4f6492ed8c779ceaefcfaf19e123
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:22:59 2019 -0500

    use must manually enable permission-hardening.service
    
    until development finished

commit fa6f1e156898572513cacb1d65b042482896011a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 05:19:39 2019 -0500

    output

commit a26cb94bfd252f939f02ee50c76efb67dcb0235c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:49:21 2019 -0500

    globstar no longer required

commit c66e9abe18f0809df4f6b84772774431afcadd6f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:57 2019 -0500

    comment

commit d1d0afff34a562d29726fbb3382ebe932e04a267
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:48:02 2019 -0500

    fix
    
    fso: /lib/
    usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
    
    https://forums.whonix.org/t/kernel-hardening/7296/326

commit e74d2e4f94f4cdb2f3a83f27e17e19e9e4078961
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:23:14 2019 -0500

    output

commit eb8635903379d1245c2c1c35eaf33c1a45ef514a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:20:05 2019 -0500

    refactoring

commit bb84fca184ee32f227fb5b210f9eea7afbdf75c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:08:46 2019 -0500

    refactoring

commit f92b41419558f01e7ec0ec3edba3af6a550c5911
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:06:28 2019 -0500

    refactoring

commit 4c44871e9d3070d73f298eca051ee303b01ea56c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:02:05 2019 -0500

    comment

commit 6876a2eaa87e3eead822e5f4f7d1fc53d0853ebd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 04:01:40 2019 -0500

    comment

commit 35c4fce61b784a4093339b64e5564d93c1f91870
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:54:46 2019 -0500

    fix "dpkg-statoverride: warning: stripping trailing /"

commit 9bd9012ab17f2c3422cdab20f57e3852ae1f14de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:46:50 2019 -0500

    refactoring

commit 788a2c1ba3d35eb26440386e2c3269fb8cf4992d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:45:01 2019 -0500

    comment

commit 55933f88766f9b2fa2f284c5d0ff098e1e11b657
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:43:36 2019 -0500

    refactoring

commit 9e493a9f481e03d8bd41794eee4e4efd0e39a593
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:42:09 2019 -0500

    refactoring

commit b92a690c166cf3bc97d34ae977cc0c6d2342cb86
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:40:47 2019 -0500

    refactoring

commit 98535e3a2bc5d0d54694a1ea71f3afef3f468943
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:39:25 2019 -0500

    refactoring

commit ecbba2fd61f6d182dcd51f42b579ecb50ffdbedd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:38:39 2019 -0500

    refactoring

commit 20b8a407ac5984ba621ebb0150b47067c32ddc76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:25:17 2019 -0500

    refactoring

commit 6cd9eb44fbc451a08908a9899ca114843c32edf3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:24:07 2019 -0500

    refactoring

commit 706dba104d201de4eed6886bf9570bf6851c2c3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:19:12 2019 -0500

    code simplification

commit 01dd567f8b3764ae241a4df39d54617089532b9d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:16:43 2019 -0500

    fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it

commit 4f65b0fc1e33037e86289627e1c9bcf040af86c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:13:27 2019 -0500

    refactoring

commit bfee6b60cbd799e31b75e20bc5820f65f9993899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:11:11 2019 -0500

    comment

commit d64cdc124793bda57916b2c4d73465b17ae44af6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:41 2019 -0500

    refactoring

commit 7c5c65a6c13ddf23d7324283815d653974802fd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:04:13 2019 -0500

    comment

commit b31d8cd3fc905b61707f77e08cff72e74f18c46b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:03:40 2019 -0500

    fix

commit c626290673d44b2a6485aeb24888f35c3782c151
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:02:26 2019 -0500

    refactoring

commit d5ff1d6f28a62f858fd0a9edf905d6727413a3c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 03:00:39 2019 -0500

    refactoring

commit 640ca1d24dad657f0590c98a353dc21ed18b4395
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:57:57 2019 -0500

    skip symlinks
    
    https://forums.whonix.org/t/kernel-hardening/7296/323?

commit cc8f795799e76d61b60f31e718effb88478b0fea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:47:04 2019 -0500

    comment

commit 4e5b222a081a5e8463ebe6832e7fbe68a1fb7978
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:43:33 2019 -0500

    comment

commit fa895ee11ec5897eb73ce066dfe5bde337cb297c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:40:42 2019 -0500

    refactoring

commit 2c163bf4398d67730efb23d70e2f9fc41ebb0459
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:39:53 2019 -0500

    check string length of permission variable
    
    https://forums.whonix.org/t/kernel-hardening/7296/322

commit a89befd902f6976ebef303b22ee9f9cbc3a1cc23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:20:54 2019 -0500

    code simplification

commit 72812da63f60bd1955e52ac52ce583c9d9a18c95
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:16:32 2019 -0500

    comment

commit 39a41cc27ba93ede21e69270b3b113a037f77064
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:14:45 2019 -0500

    refactoring

commit 2ed6452590c443d88862f12ef25dcd5acbe98de9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:12:43 2019 -0500

    downgrade to info

commit a5e55dfcfca5b15bbbdc22788e6615d080c44819
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:11:39 2019 -0500

    quotes

commit 3187cee4fba89d72f8d0c26a9987b33adc0d8faa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:10:13 2019 -0500

    output

commit 5160b4c7816ce449e0dd9cbfaae28050ef2af676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:08:05 2019 -0500

    disable xtrace

commit 27bfe95d253178790ee10f591af0d586907463d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:07:49 2019 -0500

    add echo wrapper

commit a6988f3fb8034c2f5be6d3ee6300f9e756e0dfce
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:06:31 2019 -0500

    output

commit 1819577b88ae795c1a6107cf76e084859c9f6d2e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:04:34 2019 -0500

    fix

commit 278c60c5a01c8dcb8a035950bd9e56ed7d1d431d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 02:01:36 2019 -0500

    exit non-zero if some line cannot be parsed
    
    therefore make systemd notice this
    
    therefore allow the sysadmin to notice this

commit 66bcba831317cf4810e9123b305597ee85fc94bf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:58:35 2019 -0500

    improve character whitelisting

commit 8f14e808a9b27f980299ed493f1ecb85acbe1c70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:49 2019 -0500

    send error messages to stderr

commit d8c9fac2e5c8bc511f593d9a477307f8a15cf2e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:32:08 2019 -0500

    output

commit f19abaf6271fcd87226b9ef5ae3f1b567d96cd90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:31:37 2019 -0500

    refactoring

commit c5d1e9dda7059d18fad303128f6f09c98fe955b7
Merge: 62eb462 a20b300
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 01:30:31 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a20b30013f9ae229d1fe86cc5992aac474a9d8e6
Merge: 62eb462 9df7407
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 20 06:29:58 2019 +0000

    Merge pull request #44 from madaidan/permission-hardening
    
    Remove SUID bits

commit 9df74072862b31871d0aad7bed8333fc8344ffec
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:33 2019 +0000

    Remove SUID bits

commit 3c2ca0257f08f2c7fa0d0adb74345110801f9fc0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 19 17:01:08 2019 +0000

    Support for removing SUID bits

commit 62eb462920e8614ea904a8d3517f7592e67ecab8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:46:48 2019 -0500

    skip console_users_check for Qubes users

commit ab68182e118b8e76e2ce2a749b956cf96e3d02b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:27:51 2019 -0500

    bumped changelog version

commit 2cab38a8b3f7423f8956c72f1bf6c399ea70c495
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 06:24:14 2019 -0500

    readme

commit 4ca9fc592029cbd28969f1e7fe56907bc7c261cb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:53:10 2019 -0500

    fix

commit f68efd53cf000b92818e6c97b4c590a2c4b73a5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 16 03:52:09 2019 -0500

    remount /sys/kernel/security with nodev,nosuid[,noexec]
    
    as suggested by @madaidan
    
    http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238

commit 2c4170e6f3366709c391db396a74547d4fed9589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:47:58 2019 -0500

    description

commit 2d5ef378f36af5d2d94c342c284be4395352bc34
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:39:39 2019 -0500

    description

commit 300f010fc24846b6416501929ca24c4d80eca8d5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:29:00 2019 -0500

    increase priority of pam-abort-on-locked-password-security-misc
    
    since it has its own user help output
    
    so it shows before pam tally2 info
    
    to avoid duplicate non-applicable help text

commit a10597de92c316cc32ab552865a6658b38b19f5e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:04:15 2019 -0500

    bumped changelog version

commit 729fa26eca292d60bcbeaba05d8878ff6112876e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 12 09:00:08 2019 -0500

    use pam_acccess only for /etc/pam.d/login
    remove "Allow members of group 'ssh' to login."
    remove "+:ssh:ALL EXCEPT LOCAL"

commit 22b6480bc4691e76ef155452d2b9df05c5265f68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 11:44:02 2019 -0500

    bumped changelog version

commit 88bea2a6efa8823739ba65b2f5b67cb90071ca3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:53:10 2019 -0500

    comment

commit 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:51:39 2019 -0500

    refactoring

commit d2f6ac0491f179382f4b68455d19956049e6cd23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 10 03:50:23 2019 -0500

    fix, do user/group modifications in preinst rather than postinst

commit 64ae53edb90929492e11ac81e3e18bcc8164b428
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 08:25:30 2019 -0500

    bumped changelog version

commit d80bf036f3b6b70df9208d1ca603c5602298bbf8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 03:50:43 2019 -0500

    Disable permission hardening now until development finished / tested.

commit b72eb30056e186ce13b03907fc37e8d5ebb5df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:32:05 2019 -0500

    quotes

commit c258376b7ed565d0e23963ddab56ce35892ff23f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:31:10 2019 -0500

    use read (built-in) rather than awk (external)

commit 02165201ab850e32c9f9ad5c4f46cb26dd71dddb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:23:43 2019 -0500

    read -r; refactoring
    
    as per https://mywiki.wooledge.org/BashFAQ/001

commit 7467252122cb2e7600ce5ab3dce9dac2aa7a0676
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:22:16 2019 -0500

    quotes

commit 9bea9960173cf06dcbc0aefa2fb3b10df1f84c69
Merge: 6f94423 af62da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Dec 9 02:21:47 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit af62da34457a56fee43a6003036a3bb387b23b32
Merge: 6f94423 d7e2dea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 20:45:16 2019 +0000

    Merge pull request #42 from madaidan/permission-hardening
    
    File permission hardening

commit d7e2deae9250abd79ab83c2025b98476dde710d3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:54 2019 +0000

    Create permission-hardening.service

commit 6c564f6e9549462412299fd5b2f7e303409c5dad
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:50:11 2019 +0000

    Create permission-hardening.conf

commit 61e19fa5f1343554e9a213a1a9762cef4707ab3d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Dec 8 16:49:28 2019 +0000

    Create permission-hardening

commit 6f944234a988b226942832473a5a6825006dcac9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:26:29 2019 -0500

    bumped changelog version

commit e64741c01e94849f7ad57231a106e45c4fe3dc65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:25:19 2019 -0500

    readme

commit c192644ee328ff8d5d244d10c082b3a871b151b1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 05:21:35 2019 -0500

    security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed.
    
    Thereby fix apparmor issue.
    
    > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
    > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    
    It is no longer required, because...
    
    existing linux user accounts:
    
    * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`.
    
    new linux user accounts (created at first boot):
    
    * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.

commit edcc2de71dea9cf2f94ec008d2817a0cdfdf5b7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:38:33 2019 -0500

    bumped changelog version

commit 1227ccd1f7aa8d96f70d6c5fa20aa985435ca89c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:37:53 2019 -0500

    After=qubes-sysinit.service

commit 17d81d0083b05316515461154473c8a5d769b776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:27:01 2019 -0500

    bumped changelog version

commit ebae9eef38035a75c8aa3281735eab79ed6f4c46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:25:19 2019 -0500

    skip sudo_users_check in Qubes
    
    Qubes users can use dom0 to get a root terminal emulator.
    
    For example:
    qvm-run -u root debian-10 xterm

commit 53e4717c629039104f45a1da8251e3dd1b5e3baa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:05:29 2019 -0500

    bumped changelog version

commit bc45ed385e5a2b1b53f81915698e1176359dedf7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:03:02 2019 -0500

    readme

commit ac96708b243a766d65e39a037bcf142e526a2382
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 04:01:11 2019 -0500

    improve usr/bin/hardening-enable

commit a345a0fb64f7b8421356b913730284b0e6e3e953
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:27:12 2019 -0500

    abort installation if ssh.service is enabled but no user is member of group ssh

commit 50ac03363f6074cc88b6a7c965a822335624924c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:18:32 2019 -0500

    output

commit c7c65fe4e7a1fb73921a1b8de25662ff2a21e2a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:15:53 2019 -0500

    higher priority usr/share/pam-configs/tally2-security-misc
    
    so it can give info before pam stack gets aborted by other pam modules

commit 3bd0b3f837d5ad8c87e59b99c6baef1e2c74507b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 03:10:41 2019 -0500

    notify when attempting to use ssh but user is member of group ssh

commit cea598dc1a96245c4ccd00646e9790f3c9635ffe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:43:05 2019 -0500

    refactoring

commit 54f5e02c2192a1cd6a30bc04abd77b177b1953c3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:42:30 2019 -0500

    comment

commit b4265195f4823618c60274458f885ef61c2452e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:41:36 2019 -0500

    refactoring

commit 0f65b2e85c74a379d8ec5321b13e7e332d8eaaa3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:38:19 2019 -0500

    abort installation if no user is a member of group "console"; output
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7

commit 1dbca1ea2d80ff7f60a0f426b444994d6bd97d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:27:09 2019 -0500

    add usr/bin/hardening-enable

commit 19cc6d7555364c5d2ee548899679c153e1555a20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:10:43 2019 -0500

    pam description

commit 24423b42f0dc23704bddbb0f205ad3115e77d90f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:03:05 2019 -0500

    description

commit 6b01e5be149f9126308404e6a32931efb3bac277
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:01:22 2019 -0500

    comment

commit 66bebefc9fa26341c41847f35f26e16df3ce0a37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 02:00:23 2019 -0500

    description

commit 52e0f104cc6edf1fe0953ca815445c351f813812
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:59:55 2019 -0500

    comment

commit 731d486fa061756b129188959230cb8bf1d78fae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:58 2019 -0500

    refactoring

commit 221a2df2a2621b1d3f391ee3265af7d4f35e1b2b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:58:37 2019 -0500

    refactoring

commit b871421a542af37771dbe56f09cc16472aa691c7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:57:43 2019 -0500

    usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc

commit d36669596f4c71ce885e46fce66fffc7a7443d27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:56:30 2019 -0500

    comment

commit 1a0f353708832217b9bc5e3ecd044605de6adca0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:47:40 2019 -0500

    comment

commit eed1f0a4620d7db5933fb29189328c934db50d9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:46:32 2019 -0500

    comment

commit 2491b6239319c52221f6c58fcfa1c3a247a9ee30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:43:45 2019 -0500

    refactoring, add all groups first before adding any users to any groups

commit 1464f01d191ee4e01ed2ec94f4faf8d17ec62b03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:30:42 2019 -0500

    description

commit 491dd4d93d133ca23eaf5c501b7ab3d3bbf52a27
Merge: 9432d16 a78a7e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 01:22:16 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit a78a7e5571b178cbf4cddd065306d130431bc185
Merge: 373e873 6846a94
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 8 06:21:44 2019 +0000

    Merge pull request #41 from madaidan/system.map
    
    Check for more locations of System.map

commit 6846a943277c5ad9049cbf3e21fcd739c316cf44
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 19:38:12 2019 +0000

    Check for more locations of System.map

commit 9432d1637866087bcc2f1bf0837535a10f96faeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 12:13:42 2019 -0500

    /usr/bin/cat mrix,

commit 373e8733d37cb795c7c48642346b0b6dc6dce30c
Merge: c1800b1 447eb14
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:34:42 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 447eb144325a532b0aaf7ce772d5a04005b2af1f
Merge: c1800b1 668b642
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 16:34:21 2019 +0000

    Merge pull request #40 from madaidan/system.map
    
    Remove hyphen from remove-system.map

commit c1800b13fe33a1c129dcb30c51dbead7f894b818
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 11:26:39 2019 -0500

    separate group "ssh" for incoming ssh console permission
    
    Thanks to @madaidan
    
    https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16

commit 668b6420de8024fdeaf948f1750beb8b62d9ffb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Dec 7 14:15:02 2019 +0000

    Remove hyphen

commit 55225aa30e78e9a988527ed2da2019dc0a0b2631
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:16:07 2019 -0500

    description

commit 34a2bc16c85b06e1eccb2f72da89e198184ba72c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:15:58 2019 -0500

    description

commit d823f06c7858c1380325e3dbbbcfb1854fa64309
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 07:13:42 2019 -0500

    description

commit 9ba84f34c68263e5151d5b54264c1edb90603424
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:59 2019 -0500

    comment

commit dc1dfc8c20218a5ca986f49dc96cbfc71d50533e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:16 2019 -0500

    output

commit 8636d2f62995947620fbbd76fc653aab89dda7eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:51:10 2019 -0500

    add securetty

commit 532a1525c2350a634b14a84d94997b8db81243a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:55 2019 -0500

    comment

commit 14aa6c50774786890686fee2a6d6eed49dadcac1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:26:23 2019 -0500

    comment

commit 8b3f5a555ba04bb1d2e6bafb8345782aae875a51
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:25:45 2019 -0500

    add console lockdown to pam info output

commit 021b06dac95dd742952446e9ff455305c7d2b09b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:04:45 2019 -0500

    add hvc0 to hvc9

commit 8a59662a44ea46c5ba86be82ec2bc43e912c79be
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:02:45 2019 -0500

    comment

commit 090ddbe96a48424e0e3f187b917e023f9b710798
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 06:00:41 2019 -0500

    description

commit cda67247557ce2028017ba4e6e8824c2ae2f5118
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:56:57 2019 -0500

    add pts/0 to pts/9

commit 218cbddba9b053eac4ecb486ea7fbc9e160f18c6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:52:06 2019 -0500

    comment

commit 6479c883bf04464b299ce42185df2429f7b5cab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 05:40:20 2019 -0500

    Console Lockdown.
    
    Allow members of group 'console' to use tty1 to tty7. Everyone else except
    members of group 'console-unrestricted' are restricted from using console
    using ancient, unpopular login methods such as using /bin/login over networks,
    which might be exploitable. (CVE-2001-0797)
    
    Not enabled by default in this package since this package does not know which
    users shall be added to group 'console'.
    
    In new Whonix builds, user 'user" will be added to group 'console' and
    pam console-lockdown enabled by package anon-base-files.
    
    /usr/share/pam-configs/console-lockdown
    
    /etc/security/access-security-misc.conf
    
    https://forums.whonix.org/t/etc-security-hardening/8592

commit 52934c9288a596b233c1ce3b5f68a29248602c96
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:32 2019 -0500

    bumped changelog version

commit 6faa977cd73efd90809c7034d15102095adcfe63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 02:02:06 2019 -0500

    readme

commit 6d92d03b31c8251d3df72aab5e9dfa3327feed1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:54:50 2019 -0500

    description

commit 5a4eda0d05bc57680e3f3df2b84471f5f16b8356
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 7 01:53:33 2019 -0500

    also support /usr/local/etc/remount-disable and /usr/local/etc/noexec

commit 0afcc5e798823f4ed3eff2d5f94b3d3fe8ad5069
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:43:21 2019 -0500

    bumped changelog version

commit 2954dcbccfb2990e95056d20fc9b279569dcacee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:24:55 2019 -0500

    minor

commit f3647e74787483f0d8076de742cc6f36645f1396
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 12:18:18 2019 -0500

    RemainAfterExit=yes

commit af0cf058e7ad5b26c708b1013d8ca8dc172a15e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:18:20 2019 -0500

    bumped changelog version

commit 9b14f24d5e24ac4a6facb20d4fd436f35bed305f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:17:32 2019 -0500

    refactoring

commit a6133f59125db7482c3f56110ce6ba1a17d15e09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:16:43 2019 -0500

    output

commit c1ea35e2ef54119d940b225da41c87e6db32981e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:54 2019 -0500

    output

commit 4bec41379d2baaa81930395ff2329ff42f10ff13
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 11:15:13 2019 -0500

    fix remount with noexec if /etc/noexec exists

commit bff425fec2adc3c80fee50466ef81bec19c237cf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:32:18 2019 -0500

    bumped changelog version

commit b22289f2a8e77ccd9a693871612b61842b1f48c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 09:30:05 2019 -0500

    readme

commit 470cad6e9176f57d33b038640b20443c3fa971fc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Dec 6 05:14:02 2019 -0500

    remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
    
    https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707

commit 8cf5ed990a3940c108d661c6c169b5720b1459d1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:52:24 2019 -0500

    comment

commit 19add3299c9215d05208e3c2e748527bf87e66b5
Merge: 0c25a96 9679292
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 15:46:19 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 96792928787c1c129a964bd81e97450d2edb29a6
Merge: 0c25a96 af9e19c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 5 20:33:47 2019 +0000

    Merge pull request #39 from madaidan/rp_filter
    
    Enable reverse path filtering

commit af9e19c51f256504c5c2206e31da1911872b6ef8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:14:55 2019 +0000

    Update control

commit 30289c68c24a8aa2ce5f336b79f92cffb7aa98c7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Dec 5 20:13:10 2019 +0000

    Enable reverse path filtering

commit 0c25a96b59b5bb55c04c88015eb8b50d79815a23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 02:18:32 2019 -0500

    description / comments

commit d26ba05c4776cdff0750b872f3da70fd25fca1f4
Merge: 6ca48ff 73c6410
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 01:52:04 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 73c6410a0e1e6e56529ba8ea98681867bd8acb37
Merge: 6ca48ff 8d63da3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 3 06:51:31 2019 +0000

    Merge pull request #38 from madaidan/distrust-cpu
    
    Distrust the CPU for initial entropy

commit 8d63da3cef6e114deaa6943ea9a633d6620a974b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:46:12 2019 +0000

    Update control

commit 5da2a27bf064d6efefd0d0ba8041e85c4941d3a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Dec 2 16:43:00 2019 +0000

    Distrust the CPU for initial entropy

commit 6ca48fffdcab8665d75584435dd6a24d6b881347
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:22:41 2019 -0500

    bumped changelog version

commit ab696f557140fca19c09ac08ba61e9ce55947ed8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 10:05:39 2019 -0500

    readme

commit 25aed91eb167a092ece06a9aa4ab56fea165073e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:20:46 2019 -0500

    description

commit 0c4e5df3e0214c10390b672645d9f80ef4457392
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:18:05 2019 -0500

    description

commit 5ac2a6f9ac53f75256c655d329149bccd2d9aa37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 28 09:17:32 2019 -0500

    description

commit ff3412fbe06476cb295dfd9d61b26694f289d389
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 27 10:22:31 2019 -0500

    fix, make sure to undo pam changes on package removal
    
    Thanks to minimal for the bug report!
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11

commit 62b924eea7d50f58649e089ff9cf8d73075cac63
Merge: 9091f69 ba02dcb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 13:00:36 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit ba02dcb267a95d332bd01bb3fc725e051ccb3246
Merge: 9091f69 d9d6d07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 26 18:00:11 2019 +0000

    Merge pull request #37 from madaidan/apparmor-fixes
    
    Fix permission-lockdown

commit d9d6d0771433700f49c4ddf156a0b5bc7098d94b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Nov 26 17:12:12 2019 +0000

    /dev/pts/[0-9]* rw,

commit 9091f69eddb76059995e2f44734437746a3fd108
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:51:36 2019 +0000

    bumped changelog version

commit 57ce06c0ebaa1e451c39b85c8db27babed4b149e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 08:41:45 2019 +0000

    readme

commit aa5451c8cda02e6df3dc089bf813e6acd9878a59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 25 01:39:53 2019 -0500

    Lock user accounts after 50 rather than 100 failed login attempts.
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19

commit 6277db1383451822769948bbebac31f719e98e74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:07:45 2019 +0000

    bumped changelog version

commit 6a6a638ef01d337da137dc04bcff984f7a36f425
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 14:06:28 2019 +0000

    readme

commit fe1f1b73a77d11c136cedcdb3efcb57f4c68c6af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 11:20:32 2019 +0000

    load jitterentropy_rng kernel module for better entropy collection
    
    https://www.whonix.org/wiki/Dev/Entropy
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
    
    https://forums.whonix.org/t/jitterentropy-rngd/7204

commit d32024a3da3cdfbb07f61dd3e9a52535e747de6b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 23 05:53:19 2019 -0500

    /usr/sbin/pam_tally2 mrix,
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152

commit 03e80238477bef26cf14a86a136d2ab688c87d08
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 14:11:30 2019 -0500

    output

commit e76e1475b0009451b930061bff553684b6490d33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Nov 22 12:24:35 2019 -0500

    comment

commit a99dfd067ac8a43bdcd779cf57b3533bdaa404fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:31:55 2019 +0000

    bumped changelog version

commit 81e4f580af1ea12e79e387d4977771f37c50e7c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 19 15:29:02 2019 +0000

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix,

commit 8ad8dbea5a5c0bacd03cefb66ad8a1989e1cb0fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 18 19:16:16 2019 +0000

    bumped changelog version

commit 9a20b85fe16584dda909fd5f1aa6bbb62d06bcf0
Merge: 477d476 2b17c0f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 11:20:17 2019 -0500

    Merge remote-tracking branch 'origin/master'

commit 2b17c0f3e4dcd7cb9f2239da649b4a885c27e7cf
Merge: 477d476 e92022a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 17 16:19:55 2019 +0000

    Merge pull request #36 from madaidan/hidepid-fix
    
    Remove proc-hidepid systemd sandboxing

commit e92022a21cbe2df76026b36482f5c71e3471b344
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Nov 16 14:56:28 2019 +0000

    Remove systemd sandboxing

commit 477d476bb1a7507951c2c04622056de5a8d41a56
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:29:44 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include <abstractions/base>'

commit 11dc23bf082cb0579b5a4a1bc5788ec0b5140973
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 10 08:28:32 2019 -0500

    etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include <abstractions/base>'

commit d1d61b106b54a360ca71bb506e2410ac70ea07ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 18:44:50 2019 +0000

    bumped changelog version

commit 9f2932faab4be91528f3404fcbace7012040dac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 13:32:21 2019 -0500

    /usr/bin/id rix,

commit 6b7df973f621dc9cbe107ee5d709600005f49e65
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:57:45 2019 +0000

    bumped changelog version

commit 2e73c053b561eb2ffcd815cba8006da810b02184
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:55:00 2019 +0000

    fix lintian warning

commit 6e28774f95414c5660b76fca3696710beb2affa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Nov 9 12:23:15 2019 +0000

    bumped changelog version

commit 94d40c68d4292c0c399c3b12e1af76cb89e7f436
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 10:02:55 2019 -0500

    do not set kernel boot parameter page_poison=1 in Qubes since does not work
    
    https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012

commit f57702c1589047f5d0eff7a7bdffb928117532f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 09:55:43 2019 -0500

    comments; copyright

commit 74293bcd2f2670abf3e62ac8dad54d9f4e545bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:25 2019 -0500

    output

commit 2b5b06b602f9537c9a5473651cd1a16a4e16e5ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:59:19 2019 -0500

    output

commit d6977becbaf644cdc98c081b3c3e3fd366c4072d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:51:14 2019 -0500

    refactoring

commit daf00067953a61d749a07a0e0b4ec7cd397e4c39
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Nov 5 01:50:27 2019 -0500

    comment

commit 78defc4d0bedf4a727d617f3de0294d9f59e3aa9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:34:31 2019 -0500

    add /var/cache/security-misc/state-files/placeholder file
    
    to make sure folder already exists to avoid AppArmor issue
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76

commit 7c0ec7e50797c0da719f389e61445ff7d8e252b3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 04:23:40 2019 -0500

    readme

commit b55c2fd62e200f96bd552445ad4c517d6a0aee92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Nov 3 02:50:51 2019 -0500

    Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird
    to make phising attacks more difficult. Fixing URL not showing real Domain
    Name (Homograph attack).
    
    https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415

commit bf62306d4fc3b3168204254ca354028a1fe857a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:34:35 2019 +0000

    bumped changelog version

commit e1375802eb1521eb0bc9089f2ab12056fa326f17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:32:28 2019 +0000

    apparmor fix
    
    https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67

commit 6e5d8b357d977991953e153d618dbdda2b05c0e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 16:06:51 2019 +0000

    bumped changelog version

commit 203d5cfa6845e23d73ff3790019bac9579f3524b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 31 11:19:44 2019 -0400

    copyright

commit f001250ae61789bef7b2b19d5c40831273b0acca
Merge: d832ab9 5a3cbe8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 10:31:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5a3cbe81000c3a9bbc69ba03c944c6c5ae9115bf
Merge: d832ab9 0e49bdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 28 14:30:45 2019 +0000

    Merge pull request #35 from madaidan/apparmor
    
    Apparmor profiles

commit 0e49bdc45f6c94b3f6c2874fd48a6b1c75519790
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:14 2019 +0000

    Licensing

commit 5d5ad92638ea0ca079bbf8bb03201e8d5c030b1c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:26:05 2019 +0000

    Licensing

commit 0699747fcb6d79ba6abeccdba99c3bc032c615c6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:24:37 2019 +0000

    Debian packaging

commit fe4e29d392ed8db5571d69b10ef0f8a24eec1829
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:22:47 2019 +0000

    Depend on dh-apparmor

commit 1b8b3610b17ae31bc81c3827cea24bd09822a0e3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:59 2019 +0000

    Create usr.lib.security-misc.pam_tally2-info

commit 29b05546e4248bdf95b62ea356bd98767e3a59b0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Oct 28 14:20:08 2019 +0000

    Create usr.lib.security-misc.permission-lockdown

commit d832ab91bdd9cdbf2a9c3bbee39351082a59f759
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 23 10:22:03 2019 +0000

    bumped changelog version

commit bce5274a15e4d34907c2f65b9811dd44705c120e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:22:29 2019 -0400

    quotes fix

commit e20b9e21334ef9e16e1fd147fec4ff33f0721d4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:08:18 2019 -0400

    better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo

commit d4e02de43a068a22a9fd1b15c4d2b314baf97283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 09:04:44 2019 -0400

    set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass

commit 1a65a91039276f73c68feb5c19b1a3dd86b07cbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:56:05 2019 -0400

    long rather than short option

commit b55913637bb66b3c1e9fcab3d1576cb1325419ea
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:48 2019 -0400

    silence output by mount/grep

commit a1154170c9f65011ae1a9da51ea1d797381853a7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Oct 22 08:54:17 2019 -0400

    Call original pkexec in case there are no arguments.

commit 9c8f678cb935d5d63b238d4641bde84c5495127b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:41 2019 +0000

    bumped changelog version

commit 1e4d0ea1d072c193281ac176592108c88e80bad0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:55:05 2019 +0000

    fix lintian warning

commit 343d9cc9169dd3e0b4afebaeaa43d0051cbb5e37
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:53:55 2019 +0000

    fix

commit 2d436f36021d1148862ff5e2db62577580761bf6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:36 2019 +0000

    bumped changelog version

commit af3f42dabf708b6f6e2c4e2595d6af496b520372
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 09:51:12 2019 +0000

    readme

commit 40707e70dbbf74e5ee3cd25bd2737f880d4bca5c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 21 05:46:49 2019 -0400

    Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
    
    https://forums.whonix.org/t/cannot-use-pkexec/8129
    
    Thanks to AnonymousUser for the bug report!

commit 31b771ac2e1cd692851f0d58191c3147d4a09335
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:43 2019 +0000

    bumped changelog version

commit 2613525b945c98c676a919cb4a9d54b90e51cbbf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:39:19 2019 +0000

    readme

commit 957deac5cb1e3fdf54990bad21c502388af2407e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:38:25 2019 +0000

    fix lintian warning
    
    W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19

commit d301e7f3653bdb4b56c42deab9d0566ff1b27380
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 10:36:44 2019 +0000

    description, fix lintian warning

commit ce6b64a9baba3763f2137c81c1e022c4e6344d3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:55:07 2019 +0000

    bumped changelog version

commit 20b7faa61fb7c425f15492fd8aaa67e4fe06a6d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Oct 18 08:54:43 2019 +0000

    readme

commit c9d75ef9ea76fee0cff882143f289d9662826330
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:46:47 2019 -0400

    abort installation if no user is part of group sudo
    
    https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
    
    Thanks to minimal for the bug report!

commit a5045dc26e3b7d6acd6ae2c5727920824f992cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:18:32 2019 -0400

    set -e

commit 0b8725306f2c603c28ab78be7000df25ca2ea430
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:13:44 2019 -0400

    renamed:    etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf

commit 4aba02756680eb5e0dac9d84ba434edd735c68c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:12:36 2019 -0400

    syntax check

commit 8b9aa8841a67adb9b3b64a1d43022e950768bc42
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:11:01 2019 -0400

    fix

commit cfbd77040a51b68dc6e3c1f8f82861cfc4b6e761
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:10:29 2019 -0400

    set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
    does not exist or is empty

commit b05663c5f65f59ce652995c403feb9b4e088b4ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:55 2019 -0400

    shuffle
    
    https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80

commit 28a440091dd98fd4f3284cce01d692c08aa96bf1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:08:16 2019 -0400

    code simplification

commit 3c4e261c20ce7cab51ad9b6596db09e009efbdeb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:05:23 2019 -0400

    remove trailing spaces

commit c8e0303d6d59e3303c0582ff8ab2664762199c81
Merge: 4b1b3b7 8a42c5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:04:34 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8a42c5b02387da454ff5661057be88a7c6fe9d9c
Merge: 994ca02 61f7423
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 09:59:12 2019 +0000

    Merge pull request #34 from madaidan/whitelist
    
    Add a whitelist for /sys and /proc/cpuinfo

commit 994ca024c24cf80075b2f03bc65475a5d9980d94
Merge: 4b1b3b7 259b1f2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Oct 17 06:19:46 2019 +0000

    Merge pull request #33 from madaidan/documentation
    
    Improve documentation

commit 61f742304d26e73df8433bd6fa03d33d39e39625
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:46:59 2019 +0000

    return 0

commit 259b1f2c71ec4566011a148e5bc703a41f0ebd90
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:21:24 2019 +0000

    Update control

commit ffba0e017940d2be08c1e37514d396ac39f55e35
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:04:15 2019 +0000

    Elaborate

commit 4f5b7816ecda6375b051c75a3b0aff93519b4a66
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 19:01:49 2019 +0000

    Elaborate

commit 99a762d3dc6ecbdb160b7840081848444b56c3fa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:53:04 2019 +0000

    KASLR is different from ASLR

commit a14a2854c6e72f2b4b3e5c8d02b63a46c3179a00
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 18:52:14 2019 +0000

    Elaborate

commit f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Oct 16 15:39:23 2019 +0000

    Restrict sysfs/cpuinfo if the whitelist is disabled

commit af607d5eb233d85d493d796afde76728f0e0e3cd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:02:03 2019 +0000

    Create sysfs and cpuinfo groups

commit 42c1701d5ca446da37a493b27c125b78bd8d183d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 21:00:03 2019 +0000

    Whitelist user@.service

commit a47a2fca8bcdf8ff480cea879720b9599c491358
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:58:58 2019 +0000

    Create 30_whitelist.conf

commit 6b78dbcd07a9d2361c5ab41f5151e24a80309e13
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Oct 15 20:57:02 2019 +0000

    Add way to whitelist things

commit 4b1b3b7d6675adbde57d9cf5cbcc880f95199ef1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:23:01 2019 +0000

    bumped changelog version

commit c19964360a6d42e73e5d2f3b90afd5f676933d30
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 14 10:10:08 2019 +0000

    readme

commit c22738be027f69391a4ac40ce85bfacf35ff1742
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:45 2019 +0000

    comments

commit 75f36bc2c9bf5c50061f05198c504d84b128e5da
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:25:07 2019 +0000

    comments

commit e92a8a69665f982e8b5a37f7081fa75197cde828
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 08:24:02 2019 +0000

    comments

commit 60c044a9d669dd816ff473f19e19b87f87cc9008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 7 05:30:56 2019 +0000

    copyright / comments

commit cd2135ff82de82278eaa680d30bea2fe68f94f52
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Oct 6 10:18:24 2019 +0000

    comments

commit 8b4f2befd46d4db4d2a83d9e79ebcf9abf98fd02
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:15:34 2019 +0000

    comment out sack by default
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick

commit 02096f8d7c7ee1f61285cf96564616f2828aa6c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 13:13:46 2019 +0000

    Revert "undo Disabling TCP SACK, DSACK, FACK"
    
    This reverts commit 5fb4eb8e561e7c37cea977072944501fc32ee883.

commit 62a0239207ee355e3d07e0097c963a0ded496e76
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 11:33:15 2019 +0000

    bumped changelog version

commit 54b83ae44dbda76b9b2696488194b53612bfc377
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:20:18 2019 -0400

    readme

commit 5fb4eb8e561e7c37cea977072944501fc32ee883
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 07:00:47 2019 -0400

    undo Disabling TCP SACK, DSACK, FACK
    
    https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5

commit c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991
Merge: 213aef6 a33851a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 06:58:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a33851a3c99a5eb9021d2d28b3164ed10025fbd9
Merge: 213aef6 d0c6bb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 10:58:08 2019 +0000

    Merge pull request #32 from madaidan/disable-dsack-fack
    
    Disable TCP DSACK and FACK

commit 213aef6eb9288efffe9fb0458f0aa8a44a6dafa6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:40:26 2019 +0000

    bumped changelog version

commit aaebb32b668f4447c011f4e150f959c8d0e1ce09
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:39:05 2019 +0000

    readme

commit c87fc75f2a7d6ed38362729d27030f83b08292d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:36:21 2019 +0000

    fix, run remove-system-map.service during sysinit.target

commit 25b674678472623c06d948f4cbb967f360ba15f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:54 2019 +0000

    fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target

commit d2bc3a2a08a00c68f05ed99caf16aad0b1e11ea4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 09:14:41 2019 +0000

    chmod +x usr/lib/security-misc/hide-hardware-info

commit ffe0d62c8148ec60f7528002e988b969ebb868ca
Merge: ddc778b 7bcf73d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 04:49:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 7bcf73deaa1c77f9c650d8844ad94d24e38746fd
Merge: ddc778b 7345287
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Oct 5 08:46:21 2019 +0000

    Merge pull request #31 from madaidan/hide-hardware-info
    
    Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root

commit d0c6bb1e9064ffdf45f7ac606f708c3f5e7dc247
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:35:54 2019 +0000

    Disable TCP DSACK and FACK

commit 7345287560bc701f8b4aead985238d66104b228c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Oct 4 17:32:52 2019 +0000

    Use sysinit.target instead

commit e06eeec6788a46a28682b2c83f1de9f83eacf3bd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:42:06 2019 +0000

    Disable hide-hardware-info.service by default

commit 87917d2f03d5e510f4e2cbdbea2a7692146e820b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:38:07 2019 +0000

    Add licensing

commit b06ab912c04d3d8746afa7492d0c3bb17bf71932
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 21:37:29 2019 +0000

    Add licensing

commit ec5fcf813b80347e5d8aa55dbd5d77860e62ccc6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:50:48 2019 +0000

    Update control

commit ce97e5ed8203809619d8fdf630242712c188cede
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:29 2019 +0000

    Create hide-hardware-info.service

commit 9449f5017a6feff7e70d625d54d75d514ed2e596
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Oct 3 20:45:14 2019 +0000

    Create hide-hardware-info

commit ddc778b45281b9f7f42496ffbd4f2137d6fa9d5a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:34:11 2019 +0000

    bumped changelog version

commit 75258843e9d4da9b0be7aec42528e093e0861992
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:43 2019 +0000

    copyright

commit 8e39cea876a8ff9ca496b9230dd13e4201f1e2f6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:25 2019 +0000

    comment

commit bac462f2112d0290cad82717e1efed19c8fafac5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 13:03:02 2019 +0000

    comment

commit bec680d4f3ccc406c5d8c5a67d7957be04f6a0de
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 16 12:30:23 2019 +0000

    pam_tally2-info: fix, do nothing when started as user "user"
    
    xscreensaver runs as user "user", therefore pam_tally2 cannot function.
    xscreensaver has its own failed login counter.
    
    as user "user"
    /sbin/pam_tally2 -u user
    pam_tally2: Error opening /var/log/tallylog for update: Permission denied
    /sbin/pam_tally2: Authentication error
    
    https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698

commit c2e444479cf723a7ddb3c51cd6394795daba108e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:08:13 2019 +0000

    bumped changelog version

commit c9425a1404af73bf5d92fd7d1665130335d9e789
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:07:50 2019 +0000

    readme

commit 619550da2393dfe683be827a51d4390b6280ace1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 14:00:24 2019 +0000

    description

commit b95b66e42986a359835127d6c56aabb1e9d9008f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:56:37 2019 +0000

    description

commit ae804a15e73a4a8b9ef3b605e3fca7ba24e135a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Sep 15 13:21:02 2019 +0000

    description

commit 3d187dab99cd6d0a2906e73c86e0dd8c94cbc648
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 12 12:50:42 2019 +0000

    bumped changelog version

commit f13a73e569e6adacd38aaa59f4484919a3896359
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:35:42 2019 -0400

    undo SysRq restrictions
    
    https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079

commit fbd1a5bde922be9c571d54567c977618e2c4bfc5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Sep 10 12:23:00 2019 -0400

    hidepid before sysinit.target

commit 1f75a1065049a1c75e0cb597f2bcc1a8e0eca93b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 12:10:24 2019 +0000

    bumped changelog version

commit 1b4391417619a51cfe22d9eee21d9fa644d145b6
Merge: 9d875d7 d0b3bc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:36 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit d0b3bc7d3da6a4e3a04adb85cc5c7aa6c22bb466
Merge: 9d875d7 60db7e6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Sep 9 11:45:19 2019 +0000

    Merge pull request #30 from madaidan/patch-23
    
    fix typo

commit 60db7e6294ab405a862c1cbc62140c9e89208b25
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Sep 7 20:08:56 2019 +0000

    fix typo

commit 9d875d7c31b4cd15873709c57ebb338d89477ab5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:11:32 2019 +0000

    bumped changelog version

commit b3103b1ba8a1b8d7718ee167230dc938bc8b64b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 06:10:35 2019 +0000

    readme

commit 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:47:34 2019 +0000

    blacklist modules with /bin/false rather than /bin/true to fail with error
    
    message rather than failing without notification

commit 8132052ce01215a98cb4464e5f78d75349e77b10
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:44:23 2019 +0000

    run update-grub from postinst so /etc/default/grub.d changes take effect

commit 661bcd8603425934188cf139f33e20675ff4b765
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Sep 7 05:39:56 2019 +0000

    allow loading unsigned modules due to issues
    
    https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23

commit 9ee9309f542472a8c8045df44573a5ec38e32a90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:04:57 2019 +0000

    bumped changelog version

commit ea0779e42aa8416c142eb3d37f8cede42794e0f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 13:00:20 2019 +0000

    rm_conffile /etc/sudoers.d/umask-security-misc

commit 3a9939dccbea16408e8ba1c739748234bde68d89
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:40 2019 +0000

    bumped changelog version

commit 51705c201bd9959a77a53201e492100b751d0508
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:47:17 2019 +0000

    readme

commit 5960c1682a5177355147fce67c383ce6f861d60c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:46:22 2019 +0000

    description

commit fccfacfdafd197951e5a9598b9fb47309021ec84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:45:54 2019 +0000

    description

commit cb8170fd800816c2f6123cd67819340da8f51551
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:44:56 2019 +0000

    comment

commit ccdbc52b82993f0078c16ba99248eb4569539344
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:43:55 2019 +0000

    comment

commit 051856bc8e587250d9b6936661d8f05d965c3e59
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 11:42:38 2019 +0000

    remove trailing space

commit 610d3488e9d4372c442eeb33c57a4a791c48267b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:33:06 2019 +0000

    bumped changelog version

commit b15becd48d3437b8a3965b84d5cdb80012fe32e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 6 09:32:42 2019 +0000

    readme

commit 0e20e33d1629e532e77e1f3e21b546ea125f28b0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:31:57 2019 -0400

    description

commit 0b3dcef13d6462d9586908a91ff4d976070b26a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:30:40 2019 -0400

    description

commit f2e5883b4c72118d00f77e4dfc3187e5d9bf6391
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:29:48 2019 -0400

    description

commit a4913ae092e26af4368e0f493b8b79d11329eb18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Sep 5 02:28:43 2019 -0400

    description

commit a2aeb401a25f3576b8ed95b62fd47edad8e61e2c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 13:44:37 2019 +0000

    bumped changelog version

commit 3a5bdddf5c790829252ff7d5443a3d4d3b9218d8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 31 08:43:46 2019 -0400

    depend on adduser

commit 8bbebf64cff87ce37a100a1da74cfd0e811ed571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:41:27 2019 +0000

    bumped changelog version

commit 07cba361ed663672de3d0263e8262c61b4d43b4e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 16:39:56 2019 +0000

    readme

commit 0ae5c5ff14c308ff5307926fbe6d93f44e1c7615
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 24 12:14:22 2019 -0400

    remove umask changes since these are causing issues are are not needed anymore
    
    thanks to home folder permission lockdown
    
    https://forums.whonix.org/t/change-default-umask/7416/45

commit 41c4682280b7bc8e700d9ed41b55e464c0511b69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:57:12 2019 +0000

    bumped changelog version

commit e77260fd9cab49f85d5790188485dce7f9eeee23
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 23 16:53:55 2019 +0000

    readme

commit 793c9b6801ffda5d75d389b8e7a2a6d140d8d382
Merge: a74b983 44d62e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:48:23 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a74b983283e9aa1662cd6be87148184f380fa297
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:46:59 2019 +0000

    remove LLC - IEEE 802.2 from blacklist
    
    since required by KVM
    
    https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
    
    https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22
    
    https://github.com/Whonix/security-misc/pull/29

commit 44d62e05b5a60a3d45afd829fb67970afa7678b7
Merge: 0140df8 a8b6281
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 12:45:52 2019 +0000

    Merge pull request #29 from onions-knight/patch-1
    
    Update uncommon-network-protocols.conf

commit a8b62811199b6c4e5d86439cd0fc9e9c18dc027b
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
Date:   Mon Aug 19 11:30:57 2019 +0000

    Update uncommon-network-protocols.conf
    
    Removing llc from blacklisted network protocols as it is needed by KVM for networking.
    See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107

commit 0140df866839d4f02ba5988eec8c72a71136482a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:43:28 2019 +0000

    virusforget

commit 113ab4256861edc068ea09b2d8fb96355cb71867
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:31:23 2019 +0000

    virusforget

commit 416906d4f9ad522a65d8847c9d03f4497bbd898f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:19:35 2019 +0000

    virusforget

commit 2d867d9fee691ba088cf42badc4def562d82bd0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 08:10:18 2019 +0000

    virusforget

commit 8e76e6b8b3129bcda1c82322cc56e31edac43e3f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:48:12 2019 +0000

    fix

commit 3f068f77febebbe425f9d6cd1ef2d620fb6ec379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:47:20 2019 +0000

    keep cache folder outside of reach of user since even user can remove files
    
    owned by root in its home folder

commit 1fa1efa58e6f719766394bc8b94d4aa4076bdc0d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 19 07:22:09 2019 +0000

    credits

commit 1e026a3ebbacb1011edbbf5b0fbcfe7b5e6338c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 18 22:50:44 2019 +0000

    initial development version of VirusForget

commit e15b5603057fd9c67ac1ab34493e8b9f05fbac9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:54:08 2019 +0000

    bumped changelog version

commit c897682794639fa7848acf5ba4b33aabbbcd0644
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:53:45 2019 +0000

    readme

commit e535232728ec7ff6846a3102b73707c549ea64c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:49 2019 +0000

    description

commit 7ffdd7c240b55c1d5fae9279b42319a5e8be74ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:42 2019 +0000

    description

commit 207399439f29b4b421a8e91fc1b965d9e82ba35c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:37:36 2019 +0000

    description

commit d4fb485e7090a7424f3f80b18b010fbc9859283c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:35:31 2019 +0000

    description

commit 41b2819ec88364290c5d91daa2236919ea589c1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 10:33:47 2019 +0000

    PAM: abort on locked password
    
    to avoid needlessly bumping pam_tally2 counter
    
    https://forums.whonix.org/t/restrict-root-access/7658/1

commit e0e25364e2d14459b918eea2cb63cbe10b8371f3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:57:48 2019 +0000

    bumped changelog version

commit cfd18d4486c763a79bc174bded7d8cf0b3dd567f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:56:29 2019 +0000

    readme

commit ed90d8b025c1f852856fea0e620c240f35e78a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 17 09:55:20 2019 +0000

    change default umask to 027
    
    as per:
    
    https://forums.whonix.org/t/change-default-umask/7416/47

commit b9127faac300024f7d8851d41037bebd5d3fe05c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:51 2019 +0000

    bumped changelog version

commit e004a5e0cf22c5add683ed8c1ff6f88bdc4053ba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:25 2019 +0000

    readme

commit f9e3825e9166b9814beb5e0a8e30caa540e66a27
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 16:05:09 2019 +0000

    fix lintian warning

commit ec99720811c53bf0ad3a1f36e0d34371ebc6d283
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:59:14 2019 +0000

    bumped changelog version

commit 6a68c3bd9cd47a8542460a95d90bcf7e34d9f768
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 15:57:30 2019 +0000

    readme

commit 224f95799c36f56c2165fe9284abaceaa84f1d3b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 11:15:25 2019 -0400

    sudo default umask 006
    
    https://forums.whonix.org/t/change-default-umask/7416/43

commit 17cfcb63b6358f51a65df9623bc23ddf869b06cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:50:56 2019 -0400

    code simplification; report locked account earlier

commit 5754671c460c67bd7d8e064841383ea7b7f90824
Merge: 34672b8 9781598
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 10:36:43 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 97815986321b6daf9c1f0c6f33a4b282ca05438c
Merge: 34672b8 85502ad
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:36:00 2019 +0000

    Merge pull request #27 from madaidan/patch-21
    
    Blacklist bluetooth

commit 85502ad430f560070806c8b95b7fed3fe7028587
Merge: 4a6f87f 34672b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Aug 16 14:35:51 2019 +0000

    Merge branch 'master' into patch-21

commit 34672b88a86285e1d3eaf35f0a2b3c2e974ffd26
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:18:02 2019 +0000

    bumped changelog version

commit a11e3cea9eb160ba84dbc273ea4cb48bc687158f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 15:08:48 2019 +0000

    readme

commit ff9bc1d7ea81a8507f44d9bb1301b9665614ebdd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 13:37:28 2019 +0000

    informational output during PAM:
    
    * Show failed and remaining password attempts.
    * Document unlock procedure if Linux user account got locked.
    * Point out, that there is no password feedback for `su`.
    * Explain locked (root) account if locked.
    * /usr/share/pam-configs/tally2-security-misc
    * /usr/lib/security-misc/pam_tally2-info

commit 454e1358220abf75def0d88a22426086a55c0802
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:33:41 2019 +0000

    pam_tally2.so even_deny_root

commit 63b476221c7b9ece6b99f9e194fab80e300275d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 15 07:30:56 2019 +0000

    use requisite rather than required to avoid asking for password needlessly
    
    if login will fail anyhow

commit ce4a30d3cecb7e9bddb96c79aab871804cb90bd4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:52:26 2019 +0000

    bumped changelog version

commit a7c25a451c78f7b9a5720e1b6fc7d168eb0afa4f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:50:53 2019 +0000

    remove unneeded dependency on libpam-cgfs

commit 633854c6bec439af9718439c8207012322800166
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:13:25 2019 +0000

    bumped changelog version

commit 0feb54b28e90b5c4cfcd529914a3892362c34966
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 11:10:18 2019 +0000

    add Depends: apparmor-profile-anondist to fix apparmor issue
    
    sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
    sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
    kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

commit 8fdc77fed553d7ba6123d738b9cb3efe98f3f08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:33:23 2019 +0000

    output to stdout

commit 5213cfbcdcb41a5aa714d1031b36436adeb0359c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:08:18 2019 +0000

    bumped changelog version

commit 2875adb7221769dcd23ef701dae8b9ad24708590
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 10:07:55 2019 +0000

    readme

commit 01b3a0bfaeda0dad87644ad8d54c61e07dd501f7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:52:53 2019 +0000

    description

commit 547ba91d799780487782cdd8088c556d978494e8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:45:30 2019 +0000

    sanity test

commit dee195d89e94ff343cec60308cbbb5464d2a7b18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:40:41 2019 +0000

    description

commit 799acad724977dea220c2228f9da0db3d6b5170e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:39:43 2019 +0000

    skip, if not a folder

commit 6321ff5ad5938a929d4a997b4f1b03db2ac4b5fd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:38:44 2019 +0000

    refactoring

commit 15094cab4fbbb1fd0c20bd8241ea20bd6c0bd331
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:36:30 2019 +0000

    avoid ' character in usr/share/pam-configs; in description

commit 97d1945e61053efd3b73fb9f761b3ea1c9271cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:32:58 2019 +0000

    no log needed, informative output to stdout instead

commit a085d46c567b0b5dbbaddd8f3e5873d87d904c4a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 09:31:58 2019 +0000

    change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown

commit f8c828b69a8f52108d19af4076e718930b5dcd07
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:19:02 2019 -0400

    output

commit e5da6d9699de1d3c4aaefee7d301a4c47f33e4bd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:54 2019 -0400

    copyright

commit 1595789d7c310c80196345e06b6bacc8fb7c0baf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:17:16 2019 -0400

    comment

commit ce06fdf91103afbaf84523ce998570af733b5bbe
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 05:15:53 2019 -0400

    formatting

commit 21489111d107023f150988137180154ba62e1ff2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 08:34:03 2019 +0000

    run permission lockdown during pam
    
    https://forums.whonix.org/t/change-default-umask/7416

commit 42f2d5f6664f15baebdaf200a5690cf32cdbe284
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:39:28 2019 +0000

    description

commit 52df8dc0149d597c3106daa7112a01db444e34f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:37:21 2019 +0000

    optional        pam_umask.so    usergroups umask=006

commit f210294f4091b6a09c902a446b125c26022c5d2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:24:24 2019 +0000

    description

commit dbea7d1511d8e1b2604960d37146ec931d9dfe15
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:22:14 2019 +0000

    add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
    
    on kernel package upgrade;
    
    self-document this package: during upgrade the following will be written
    to stdout:
    
    Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
    /etc/kernel/postinst.d/30_remove-system-map:
    removed '/boot/System.map-4.19.0-5-amd64

commit f1d8cbc9fb2b800205923cce77a8e242dddd133c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:02:09 2019 +0000

    bumped changelog version

commit 41f4441d9dc5777d4ea7424f8422164c548da091
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:47 2019 +0000

    readme

commit a82448d46af4fb9dce2de84025b8b820a11fae01
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 07:01:25 2019 +0000

    description

commit ff8c0979435b491cf462c5ef6e8e02f6d85f1d81
Merge: 6f8acf0 a8ea379
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a8ea37952669b3f40a452cb580442126ec44233a
Merge: 6f8acf0 9a49b8e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Aug 14 06:59:34 2019 +0000

    Merge pull request #28 from madaidan/patch-22
    
    Require all loaded kernel modules to be signed with a valid key.

commit 9a49b8ecbb863a995862a4d380c6a03f6c0991ac
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Aug 13 13:33:07 2019 +0000

    Create 40_only_allow_signed_modules.cfg
    
    Require all loaded kernel modules to be signed with a valid key.

commit 6f8acf06d79c77e3bee15cc8696a433271e2b7c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 12:07:07 2019 +0000

    bumped changelog version

commit 52cee9128316d649ba7ffa9600d0fdc33c99a9a9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 11:39:32 2019 +0000

    readme

commit aacd9c7679b05b7ee59df484f21a24fe7aa5901d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:34:38 2019 +0000

    description

commit c0b5c70de498d891e4edd5b9af2292909be36776
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:33:22 2019 +0000

    description

commit 2f37a66fd009c9cba423c0f95833a71c8669af46
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:31:29 2019 +0000

    description

commit e83ec79a25d09b2467e2389959d87267bab7f1f0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:30:51 2019 +0000

    enable usr/share/pam-configs/mkhomedir-security-misc by default

commit 1eb806a03ef25bb387fa80f45dd6509925437048
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:29:49 2019 +0000

    pam_mkhomedir.so umask=006

commit c50eb3c9b07b9e54951eb08206db6d28383f6cdc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Aug 11 10:28:55 2019 +0000

    add usr/share/pam-configs/mkhomedir-security-misc based on
    /usr/share/pam-configs/mkhomedir

commit 75769151cd7980042357f18c5567adab2a031049
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 11:37:02 2019 +0000

    bumped changelog version

commit a2fa18c38159161418edcdaacb1baad215f5d31d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 07:07:28 2019 -0400

    pam_tally2.so deny=100
    
    during testing, due to issues
    
    https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
    
    https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12

commit d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:06:39 2019 -0400

    effectively (not directly) add "required        pam_tally2.so debug" to /etc/pam.d/common-account
    
    This is required because otherwise something like "sudo bash" would count as a
    failed login for pam_tally2 even though it was successful.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=707660
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 0f896a9d8d6f7c125311a0e226755f8a00214f3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Aug 10 06:05:37 2019 -0400

    add onerr=fail audit to pam_tally2

commit a703865dcf736996a58e6f684fc02f0e9dfa8cc7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 12:02:41 2019 +0000

    bumped changelog version

commit 1fe3036a4903588b89edd82e7097a665271fd27f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:13:43 2019 +0000

    readme

commit e076470f68dc18908c5ab1889232aaaa0fcb9f3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:58 2019 +0000

    renamed:    usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc

commit 830111e99aa6f45688c4ba00a7f41ea323f15f2a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Aug 1 11:04:22 2019 +0000

    split usr/share/pam-configs/security-misc
    into
    usr/share/pam-configs/tally2-security-misc
    usr/share/pam-configs/wheel-security-misc

commit 5d0aec1321b4f46f1834ba9ad166d2445a995fbb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 19:12:27 2019 +0000

    bumped changelog version

commit 89d32402b2dd2182dc6e7788d41708eaaeeb02c1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 14:52:29 2019 -0400

    fix, do not use "," inside /usr/share/pam-configs files

commit 4a6f87f3fa104f0e0a62809fe08f7d07d15dd9f7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:33:28 2019 +0000

    Update control

commit 5a4ea39566621431e931d5bc09957e04f18bbeee
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 31 18:30:57 2019 +0000

    Create blacklist-bluetooth.conf

commit 864de10659d0145ae8883b98b1746a7debc9492a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:17:51 2019 +0000

    bumped changelog version

commit 47368ae4fccc85ab3197f07316b03c123187f9a2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 15:15:30 2019 +0000

    readme

commit c09fb208d163be4ff7ace9f41cfee03147018cd8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:44:50 2019 +0000

    bumped changelog version

commit ac1220e14bd9428420cf01ef68e5acb690b6afa4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:59 2019 +0000

    depend on sudo so group sudo exists during postinst

commit 09f75fb1ff03d7a95951a0f6bcb9d84f1744b583
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:32:36 2019 +0000

    description

commit 2ad087dcd9e4fd3e747a47577b9d4ba1088d6a33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:30:40 2019 +0000

    description

commit 404f597c0aaddeef3c8c555d2d7f5a9993f9e512
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:29:42 2019 +0000

    description

commit c921872016672073927fce34ed764263c8d6db5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:27:13 2019 +0000

    description

commit 39e1b1c5f0622c062f12c532400ca170d3eb789f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 07:26:25 2019 +0000

    update file path

commit cf906687561acee7f61fdf100b801d670a74a94f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:25:02 2019 -0400

    lock user accounts after 5 failed authentication attempts using pam_tally2

commit 3e29761560085f9e3d84250e29a2ea5e34766432
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:17:06 2019 -0400

    debug at the end

commit 5cdb3edb321046bf9dc09e91665e63faf16e9786
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 31 03:16:41 2019 -0400

    usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc

commit 031a1c8751504b00f131fd8d518f59b975353369
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 22 01:16:18 2019 +0000

    bumped changelog version

commit f38f307b37d2efb036c5b4e85f48921b0acfadeb
Merge: 8c538ba b2582fb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 09:12:33 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b2582fbd4c2364c7bca95b4038eec2ef2a2fae41
Merge: 8c538ba 077899c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 21 12:40:37 2019 +0000

    Merge pull request #26 from fepitre/fix-files
    
    Fix files

commit 077899c23d518416cd9ee801a3607585d3a51aab
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:23:06 2019 +0200

    Add .gitignore

commit 5fbe7537613a2034d80983e095cdd8d2971b1bcc
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Date:   Sun Jul 21 11:19:35 2019 +0200

    spec: update %files section
    
    QubesOS/qubes-issues#1885

commit 8c538ba318e5524d07034f2f718e4b5ae483176d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:38:26 2019 +0000

    bumped changelog version

commit 1c7441ddf194fd54f40f1b0d16c408fd29d49b9e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:16:14 2019 +0000

    alias /etc/securetty -> /etc/securetty.security-misc,

commit 940054d53ff9b7027f414268370245627675a60a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:08:23 2019 +0000

    bumped changelog version

commit 08d37471d486f13aebeb2c355280f3b207eb044b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:06:17 2019 +0000

    readme

commit c0a4a10d6b89000735227f51464cc1ce76f8419b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:05:11 2019 +0000

    description

commit 7352b2ac31d7fde7e15da044c7f7279d7eddc8ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:03:54 2019 +0000

    description

commit b153e8f7df1f2a8e815b910aa6962ae3abe80755
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:48 2019 +0000

    fix path

commit 4bf2360b9579b12775487e4215af5afa1c180f04
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 21:02:27 2019 +0000

    description

commit 9f2e300e72263380a0a99e59efe636652f4a8ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:48:33 2019 +0000

    description

commit d044780c04e0bcfc9d91a0cf6fc26d9f778bb50d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:42:14 2019 +0000

    description

commit 75e5714d183b8ad08bc7a96643b2a38727620530
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:40:01 2019 +0000

    description

commit 8c2f983578a0af63258bfe7e2b95f230e43df860
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:39:42 2019 +0000

    description

commit 2299ed041f101f1fa9711d83a31ad6e8d07d3023
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 20:36:51 2019 +0000

    passwordless recovery / emergency console
    
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
    https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d
    
    https://forums.whonix.org/t/restrict-root-access/7658/46

commit 50036b2934410b57936a4909d022d436cd27cdfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 19:13:57 2019 +0000

    bumped changelog version

commit 3f9437f1ecfd292f06ce021f12cb5430da280f84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 17 14:25:19 2019 -0400

    Revert "set back to default group "root" rather than group "sudo" membership required to use su"
    
    This reverts commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c.

commit 1b772c6a9aac9e6c203c0c89b49e589a2b6e83d3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 19:45:52 2019 +0000

    bumped changelog version

commit 2499ae0890bb524d3756e6135d5d6986e74210ed
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:28:50 2019 -0400

    description

commit d0124b24d19e0c34c23931bd252ccffe2f786b3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 16 07:27:56 2019 -0400

    description

commit 4b604bbb240d5fb32428ef0aafde3d6646752d31
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:26:47 2019 +0000

    bumped changelog version

commit f21fa8d95d19665e1cb1320062007472284bd9b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:03:30 2019 +0000

    readme

commit 5c741d2149f12554e63d0fcb0d129cbbdad66569
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:02:30 2019 +0000

    shuffle

commit d247b7534b9e3a161fdba296c32dd85b7e91a665
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 13:01:46 2019 +0000

    sort description by categories

commit 168ea5a660561fdaa438fdf88f6cecf1f2677324
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:48:17 2019 -0400

    shuffle

commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 15 08:44:28 2019 -0400

    set back to default group "root" rather than group "sudo" membership required to use su
    
    since root login will be locked by default anyhow
    
    Thanks to @madaidan for providing the rationale!
    
    https://forums.whonix.org/t/restrict-root-access/7658/42

commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:16:49 2019 +0000

    description

commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 14 11:11:59 2019 +0000

    fix, add 'group=sudo' and 'debug' for debugging
    
    https://forums.whonix.org/t/restrict-root-access/7658

commit 1731196c9fda93233917bcf6dba48834be03a448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:51:32 2019 +0000

    bumped changelog version

commit 6af2d7facb391724d48dece28c1a34f4aaaf3929
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:25 2019 +0000

    copyright

commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 18:12:04 2019 +0000

    set -e

commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 17:59:49 2019 +0000

    use pre.bsh

commit 7afddb028f423254adcd6026aaf12627cebbee17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:30:39 2019 +0000

    bumped changelog version

commit c13485f532203dbb3675d367be3bc16811719442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:29:10 2019 +0000

    readme

commit ea90f95f1c7b8200db222e42a5f72221212a71e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:40 2019 +0000

    cleanup

commit ea8b22ee78439a3cd5f7305f9588940320740ab9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:26:14 2019 +0000

    shuffle

commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:25:08 2019 +0000

    description

commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:23:39 2019 +0000

    formatting

commit 41675ddcff4d561282db9b43d2d9f993a39600c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:21:34 2019 +0000

    removed: The amount of hashing rounds used by shadow is bumped to 65536.
    This increases the security of hashed passwords.
    
    Since we do not do that currently.
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:20:14 2019 +0000

     Removes read, write and execute access for others for all users who have home
     folders under folder /home by running for example "chmod o-rwx /home/user"
     during package installation or upgrade. This will be done only once per folder
     in folder /home so users who wish to relax file permissions are free to do so.
     This is to protect previously created files in user home folder which were
     previously created with lax file permissions prior installation of this
     package.

commit 4740e8b3357914aee16079b980b8861376cd222c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 16:13:55 2019 +0000

    cleanup

commit 834fcc4671a50f10426a62cb5986d79f991903b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:17:16 2019 +0000

    bumped changelog version

commit e9eb38b5dbbddffb12103c14edc3745e239365a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 15:04:09 2019 +0000

    formatting

commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:58:47 2019 +0000

    bumped changelog version

commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:57:51 2019 +0000

    remove no longer shipped files in etc/pam.d/*

commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:55:31 2019 +0000

    bumped changelog version

commit cb668459e81d74baf28ac43173bb50c7210e37a4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 10:35:10 2019 -0400

    port umask from /etc/pam.d to /usr/share/pam-configs implementation
    
    https://forums.whonix.org/t/change-default-umask/7416

commit ac25733de871b0da5ef42e2e0283a44d94ac3112
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 14:01:53 2019 +0000

    remove etc/pam.d/common-password.security-misc rounds=65536
    
    due to unclean implementation, see:
    
    https://forums.whonix.org/t/restrict-root-access/7658/37

commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 12:33:51 2019 +0000

    convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
    
    https://forums.whonix.org/t/restrict-root-access/7658/32

commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 13 11:41:37 2019 +0000

    remove modifying to /etc/pam.d directly (unrelased)
    config-package-dev displace /etc/securetty
    remove trailing spaces
    
    https://forums.whonix.org/t/restrict-root-access/7658/31

commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:28:04 2019 +0000

    bumped changelog version

commit aee6b346359db4973fdc80d565f7a6972bb884a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:26:17 2019 +0000

    fix lintian warning

commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888
Merge: f5356ce 93190eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 14:08:30 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1
Merge: f5356ce 1aee08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 18:08:01 2019 +0000

    Merge pull request #25 from madaidan/patch-20
    
    Improve documentation of blacklisting uncommon network protocols

commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:30:09 2019 +0000

    Update control

commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:28:56 2019 +0000

    Update uncommon-network-protocols.conf

commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 11 15:26:14 2019 +0000

    Update control

commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:16:38 2019 +0000

    bumped changelog version

commit bea98474ba8a189b4c174ce6613547b8f377de68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:21 2019 +0000

    chmod +x usr/lib/security-misc/panic-on-oops

commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 07:07:01 2019 +0000

    fix lintian warning

commit 2a893c0562438aaf0c34a25538a8e21bb11ba197
Merge: 3df6a44 a54500c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:50:35 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit a54500c6f18719520ae66c335870d3e8f03e9e14
Merge: 7d3a615 1e4d349
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:37 2019 +0000

    Merge pull request #23 from madaidan/patch-18
    
    Blacklist more uncommon network protocols

commit 7d3a61564dc01b899466defe957a7bc65d38dc89
Merge: 3df6a44 932524c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jul 11 06:41:08 2019 +0000

    Merge pull request #24 from madaidan/patch-19
    
    Move disable-coredumps.conf to correct position

commit 932524cbd1b15df06bd4e395dc391dd489ba100f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 15:28:48 2019 +0000

    Move disable-coredumps.conf to correct position

commit 1e4d3495167c0305ec1fce8568658a06750df674
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:28:39 2019 +0000

    Update control

commit 4058e283a542900e7c8bcc060012d7c33964e36a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jul 10 14:27:19 2019 +0000

    Blacklist more uncommon network protocols

commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:37 2019 +0000

    Remove duplicate

commit a8b44c75f9ca6df1460ce0feca647f2f370f8833
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:57:07 2019 +0000

    Update control

commit 2d27bdd808374a71cd9d7187326be99420411583
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jul 9 21:55:37 2019 +0000

    Blacklist more uncommon network protocols

commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:56:23 2019 -0400

    also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops

commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c
Merge: 8793708 e4bb770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 06:55:27 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit e4bb77037e9327eea7b8fd92961192613d6e0763
Merge: a9441e7 0f15303
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:48 2019 +0000

    Merge pull request #21 from madaidan/patch-16
    
    Make the kernel panic on oopses

commit 0f15303eb4dd5701cae5b3985be47918e2e4700a
Merge: 45f8102 a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 10:54:24 2019 +0000

    Merge branch 'master' into patch-16

commit 8793708906d037746a2e946177d8a4d1884b391a
Merge: 50c00fc a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 03:23:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit a9441e7be4794e88f782f1ff5dd95f00e3928279
Merge: 50c00fc 24b326d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Jul 9 07:21:47 2019 +0000

    Merge pull request #22 from madaidan/patch-17
    
    Restrict access to the root account

commit 24b326d906375bb543b936936519231f51154dcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:24:41 2019 +0000

    Update control

commit 24d9eadcb267b34ce31981d841e58d4e2c769793
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:59 2019 +0000

    Use 65536 hashing rounds

commit 86117d957763a4dd07fb9a84c07a2934a02d32f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:19:19 2019 +0000

    Create common-password.security-misc

commit 8ad9a54b094a4a15ef726f513e38c953cc247b80
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:17:17 2019 +0000

    Don't allow root login from a terminal

commit 890298a3c882000a8351186521e9c1852dec298a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:15:56 2019 +0000

    Restrict su to users in the root group

commit 38099a2a5d830a522fd51b9d9953ae47a14c5289
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:11:17 2019 +0000

    Create su.security-misc

commit 45f8102d565512938e5c533ffcd4cc06ea68b580
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:04:47 2019 +0000

    Update control

commit 2a1742705563c264b3ea634345373cce2986d283
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 23:01:30 2019 +0000

    Create security-misc

commit 4ac700ded0cca668f585ea466e167f055783e28d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:59:39 2019 +0000

    Create 50panic_on_oops

commit 52c61011d4000b49edb0783fcca05952b0da7ee2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon Jul 8 22:58:56 2019 +0000

    Create panic-on-oops

commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 8 00:23:52 2019 +0000

    bumped changelog version

commit 223b6918339dc53b8ff8499d3d52210ee07e24a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:39:58 2019 +0000

    add 'Depends: libpam-cgfs'
    
    https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick

commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 23:00:27 2019 +0000

    bumped changelog version

commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 22:18:47 2019 +0000

    shut up pam-auth-update

commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:31:56 2019 +0000

    move to pam-auth-update --force
    
    --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.

commit 8399a1136788dfbbfd5dfb5c11356776e90326cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:11:08 2019 +0000

    bumped changelog version

commit d4c79cce69d454202304a7d8369fa7b0f1c50946
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:09:26 2019 +0000

    add "Depends: libpam-runtime" so pam-auth-update is available
    
    for Debian maintainer script

commit f68b96241c6afc7dffa8831f35d38bf1bf49508a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 21:08:28 2019 +0000

    comment

commit 91fb21aafbab4811ac2055decae0fc58f624c259
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:51:40 2019 -0400

    Due to error:
    Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
    Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
    
    run:
    pam-auth-update --package
    from Debian maintainer scripts

commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 16:37:46 2019 -0400

    apparmor fixes (this broke whonixcheck apparmor profile)

commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:39:12 2019 +0000

    bumped changelog version

commit 3558a9949fe9924d027b267152125b33e25085c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jul 7 09:37:25 2019 +0000

    Enable APT seccomp sandboxing.
    
    Thanks to @torjunkie for the suggestion!
    
    https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702

commit 93e81b433036ef2f226d0a2b1422034aba54ea3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:28 2019 +0000

    bumped changelog version

commit 3cd1a5ec094cff0151c888418b7b14d5413eb353
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:56:00 2019 +0000

    fix lintian warning

commit b73cdfd7cc3918633459315f5d9867f6a8798208
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 13:53:10 2019 +0000

    bumped changelog version

commit 7b0b9da32c660e527741a56543c78ee3ac93d541
Merge: 6df7b3c 649878f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 07:06:54 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0
Merge: 6df7b3c 8888147
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jul 6 11:06:25 2019 +0000

    Merge pull request #20 from madaidan/patch-15
    
    Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt

commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:26:31 2019 +0000

    Update control

commit 46409be8b664db730113b4495ef69bee0f41c53a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:25:28 2019 +0000

    Use install instead of blacklist

commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jul 4 14:24:44 2019 +0000

    Blacklist n-hdlc

commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 15:23:49 2019 +0000

    bumped changelog version

commit f82731698c20028531de673903faca10aa136416
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 14:53:01 2019 +0000

    re-enable PrivateNetwork=true

commit 81b38529d92e9bea79db8694200d70b08d3b42a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:58:20 2019 +0000

    add copyright for files in etc/pam.d/*

commit 552b6edbedfbb346c1738ea3edbad16368780c7b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:51:00 2019 +0000

    fix machine readable copyright format

commit a05264934b1160f44966e3e0b32e54841b15dd06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:46:01 2019 +0000

    add copyright for etc/login.defs.security-misc

commit 48e511347c7d85478b8593e55f061a53aefbafaa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:37:55 2019 +0000

    fix lintian warning

commit 93c08210545dd77b608515351154bcc16c8464b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:35:45 2019 +0000

    config-package-dev displace files for change umask
    
    https://forums.whonix.org/t/change-default-umask/7416

commit a73f0566e978afb6d5b9693bf432a2496bedd61f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:25:23 2019 +0000

    change default umask to 006
    
    session optional  pam_umask.so usergroups
    
    https://forums.whonix.org/t/change-default-umask/7416/17

commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:24:29 2019 +0000

    revert to Debian buster original

commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae
Merge: 24cc8e3 8c60e7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 09:21:05 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75
Merge: 24cc8e3 cfaafe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 13:20:21 2019 +0000

    Merge pull request #18 from madaidan/patch-14
    
    Change the default umask to 006

commit 24cc8e380df8706cd8e9765d89bd44ac78c58936
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:43:02 2019 -0400

    comment out proc-hidepid.service hardening for now
    
    since broken in Qubes Debian AppVMs
    
    https://forums.whonix.org/t/kernel-hardening/7296/104

commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8
Merge: 3c176ce 344d009
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:08:26 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 03:07:14 2019 -0400

    allow permissions openat mkdir
    
    since required in Qubes Debian templates

commit 344d00903250d699fc64d7fa9fad80475ade92e5
Merge: f26ad14 b8f2aee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jul 1 06:39:28 2019 +0000

    Merge pull request #19 from madaidan/patch-15
    
    Add licensing to proc-hidepid.service

commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:22:43 2019 +0000

    Add licensing

commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:16:12 2019 +0000

    Update control

commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:59 2019 +0000

    Update common-session-noninteractive

commit a9af85f58529e0dcb154b669bd53aba8333d5634
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:12:16 2019 +0000

    Update common-session

commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:11:31 2019 +0000

    Create common-session-noninteractive

commit 501901f7c04514c66a4f97f5eb0e523aa55a1094
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:54 2019 +0000

    Change default umask to 006

commit 09a5c27f475ea6947180088b4efb615101fdbf9c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:10:29 2019 +0000

    Create common-session

commit a319333493ad1839ff7fb1d4b6f43dc719b57844
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 13:09:51 2019 +0000

    Create login.defs

commit f26ad14d4cab627c04dfa375ac831a3a09c9a165
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:58 2019 -0400

    bumped changelog version

commit b8ace6e3f6a94268e0f63907e62bf968445ae548
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 07:21:31 2019 -0400

    bump

commit f3a48009878e0edb033633d609f82a167cd8e616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:23:51 2019 +0000

    bumped changelog version

commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:38 2019 -0400

    fix package description

commit e47339706170c92b8db44f014942ea7d94d1ff9e
Merge: 24b19c5 ec78a3e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 04:11:12 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec
Merge: 9525ff8 67de524
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:28 2019 +0000

    Merge pull request #17 from madaidan/patch-13
    
    Disable coredumps

commit 67de5247c8e7cd68c851a3d62168e9de69000afe
Merge: dbfb9e1 9525ff8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:10:04 2019 +0000

    Merge branch 'master' into patch-13

commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32
Merge: 24b19c5 22267c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 30 08:09:23 2019 +0000

    Merge pull request #16 from madaidan/patch-12
    
    Mount /proc with hidepid=2

commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:21:46 2019 +0000

    Update control

commit 024a698249392bdc6ebd362a2c978bc0e02bd55f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:20:38 2019 +0000

    Update control

commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:19:04 2019 +0000

    Create disable-coredumps.conf

commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:16:50 2019 +0000

    Create coredumps.conf

commit f040081a5998fddd1ea4bc30140e41c405842371
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:13:52 2019 +0000

    Prevent setuid processes from creating coredumps.

commit c6b669f1a53bfef08a82994422f9e1b627a937d5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 30 00:11:13 2019 +0000

    Create disable-coredumps.conf

commit 22267c895b15e10c98bae365ef2bef12f95454aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:30:41 2019 +0000

    Update control

commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:28:41 2019 +0000

    Update proc-hidepid.service

commit dcf57bebf0d28089045a29477f26ad35d1041392
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 29 22:27:24 2019 +0000

    Create proc-hidepid.service

commit 24b19c597685233e3ebc7a5200bf929319f8a63f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:35:13 2019 +0000

    bumped changelog version

commit befa03fea80c53bac3c4b1bb530be2f965ce6157
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:34:48 2019 +0000

    fix lintian warning

commit 250919b821a00c93ee4fe7d92f6f3ed812110aac
Merge: ecf5d80 60e6dfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 06:06:02 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e
Merge: ecf5d80 9e9c854
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 29 10:05:34 2019 +0000

    Merge pull request #15 from madaidan/patch-11
    
    Update control

commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:34:35 2019 +0000

    Update control

commit b26d861dffdbca124322cbfbda99ab71a3142e06
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Fri Jun 28 11:33:48 2019 +0000

    Update control

commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:20:53 2019 +0000

    bumped changelog version

commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:18:30 2019 +0000

    fix lintian warning

commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:17:35 2019 +0000

    chmod +x usr/lib/security-misc/remove-system.map

commit fe69dc6173e8a3e45ff7996597e9e50f09033279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 07:09:35 2019 +0000

    bumped changelog version

commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:02:49 2019 -0400

    update files list

commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd
Merge: 0a0be1a ab31223
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 03:00:21 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b
Merge: 5e02100 3801a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:59:16 2019 +0000

    Merge pull request #14 from madaidan/patch-10
    
    Add some hardening for other distributions

commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
Merge: 7e12e16 b809185
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:58:32 2019 +0000

    Merge pull request #13 from madaidan/patch-9
    
    Remove System.map and restrict the SysRq key.

commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
Merge: 0a0be1a 641407c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 28 06:57:42 2019 +0000

    Merge pull request #11 from madaidan/patch-7
    
    Protect against DMA attacks

commit 3801a53a9e01aafa3783276059a7907f5b20b96e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:17:58 2019 +0000

    Update tcp_hardening.conf

commit c54125270b44140b9ecfe0420205ac685b2a3505
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 18:15:57 2019 +0000

    Create dmesg_restrict.conf

commit b8091850082fe1b956d6cff11fc7aa17786e693e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu Jun 27 16:09:52 2019 +0000

    Update remove-system-map.service

commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 15:03:54 2019 +0000

    Update remove-system.map

commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Wed Jun 26 12:59:45 2019 +0000

    Use a for loop to detect if System.map exists

commit 3116a56f1353681fbb97d4e7f92ee069f2577b33
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:25:32 2019 +0000

    Create remove-system-map.service

commit 382e336f69097f3baa7693da6aaf8833b05cf322
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:20:27 2019 +0000

    Create remove-system.map

commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Tue Jun 25 19:16:43 2019 +0000

    Restrict what the SysRq key can do

commit 0a0be1ad2889182b15d5851740ff43fb75773571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:57:42 2019 +0000

    bumped changelog version

commit 7806af14193f195e825678471ba65c64e07d7d0a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:51:53 2019 +0000

    readme

commit 4e32438d75726014573b35c9b101abf59dfc3ba4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:47:05 2019 +0000

    debian/control syntax fix

commit a098b18560e30ef238f693bf8f05933489027dd4
Merge: 2a62899 90d676e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:46:30 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 90d676ec1864bd915310673d134d62d10a17a42f
Merge: 2a62899 1a07d90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 19:45:31 2019 +0000

    Merge pull request #12 from madaidan/patch-8
    
    Update control

commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 19:26:03 2019 +0000

    Update control

commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:46:52 2019 +0000

    syntax fix
    
    GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
    
    https://forums.whonix.org/t/kernel-hardening/7296/70

commit f1147318c04642f355eae96786c26ec1cb53977c
Merge: cd73466 aec6da2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:41 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74
Merge: cd73466 2178fb3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 18:45:24 2019 +0000

    Merge pull request #10 from madaidan/patch-6
    
    Enable more kernel hardening parameters

commit 641407c8e9c728429ec86e7c89e431896d88e116
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:38:50 2019 +0000

    Enable IOMMU

commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 18:34:45 2019 +0000

    Blacklist thunderbolt and firewire

commit 2178fb37a85808df0c455f7dd76fc72516d6ff28
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun Jun 23 17:54:34 2019 +0000

    Add more kernel hardening parameters

commit cd7346699c10e258d5af5f51ad56493e98e4eb1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 12:22:13 2019 +0000

    bumped changelog version

commit 60334797d003f63606645220fbc66393eb30cde0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 09:00:12 2019 +0000

    /etc/sysctl.d/tcp_sack.conf

commit d404624bacf220e5545c8e5ffbace937924c77cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 08:38:01 2019 +0000

    bumped changelog version

commit ae50d8134294d3746235d383c18fc187c18717d7
Merge: 5269cfe cd7172c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 03:59:58 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit cd7172c00cbf0cb69e159b6159ef0bfff663a507
Merge: 5269cfe 807ac7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 23 07:59:35 2019 +0000

    Merge pull request #9 from madaidan/patch-5
    
    Disables SACK.

commit 807ac7d65916071e4294f42d62b8b2353255c4bc
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sat Jun 22 16:08:30 2019 +0000

    Create tcp_sack.conf

commit 5269cfeef99b500e4aa7c883434f3d5554559d16
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 05:40:04 2019 +0000

    bumped changelog version

commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810
Merge: ca1aa1e f9dc1b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Jun 21 04:05:50 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea
Merge: ca1aa1e 2e81885
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jun 20 23:54:58 2019 -0400

    Merge pull request #8 from marmarek/packaging
    
    qubes-builder integration

commit 2e81885f691201e2229dadfd5ec7b554980ac689
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:52:01 2019 +0200

    Add rpm packaging
    
    QubesOS/qubes-issues#1885

commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Fri Jun 21 04:51:33 2019 +0200

    Add Makefile.builder for qubes-builder (Debian)
    
    QubesOS/qubes-issues#1885

commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jun 10 15:42:58 2019 +0000

    bumped changelog version

commit 8b5e84d76a762b6c8cac8626245d5311afbea221
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:53 2019 +0000

    cleanup, delete debian/security-misc.maintscript to fix lintian warning

commit f9acd890a703ce375ed07ad9e1be2bed019e49a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:24:24 2019 +0000

    lintian

commit 49873e8e0286f7604399c7e857c7714271991956
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jun 9 10:06:58 2019 +0000

    solve package file conflict
    
    https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375

commit d5127e716632af2f494e9b41571c44a56a887667
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 11:32:12 2019 +0000

    bumped changelog version

commit 9fe58728102f92d0584ef128c53f5e99d3956d92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Jun 8 00:05:35 2019 -0400

    fix debian/watch lintian warning debian-watch-contains-dh_make-template

commit e7edbe5fb446f869e7b64802038f410c74ce538c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 20:48:59 2019 +0000

    bumped changelog version

commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 24 12:29:08 2019 -0400

    readme

commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:38:13 2019 +0000

    bumped changelog version

commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9
Merge: 65d7eb8 244234c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 18:25:47 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5
Merge: 65d7eb8 7177c60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 23 22:25:13 2019 +0000

    Merge pull request #7 from madaidan/patch-3
    
    Disable uncommon network protocols

commit 7177c6041a9b086a4cb90504a492136b4da732a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 20:30:49 2019 +0000

    Create uncommon-network-protocols.conf

commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 20:25:46 2019 +0000

    bumped changelog version

commit a2b184e5bb9942aa63a36fb918b203053a53f1e4
Merge: 71bf635 7d7b899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:53:27 2019 +0000

    Merge remote-tracking branch 'origin/master'

commit 7d7b899dd13f7123822bf269a639c68ff5cb737e
Merge: 71bf635 b814f33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu May 16 19:52:52 2019 +0000

    Merge pull request #6 from madaidan/patch-2
    
    Even more kernel hardening

commit b814f338b803ae33380551919b00144bb63a53b8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:33:03 2019 +0000

    Update tcp_hardening.conf

commit e6794721bd181f8884cd3817b5ae3c6c58747ae7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Thu May 16 16:29:20 2019 +0000

    Update ptrace_scope.conf

commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 11:08:32 2019 +0000

    bumped changelog version

commit c040117fe47acad2e5c76baa55d42a6ec9223955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:50:34 2019 +0000

    lintian

commit 26fe4305a1fd072a8608f62a30129ad249203684
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 10:48:27 2019 +0000

    bumped changelog version

commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun May 12 02:58:45 2019 -0400

    update path to pre.bsh

commit 137bc073c5d65988cce832336ebee5c47071e732
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:38:25 2019 -0400

    port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
    
    https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick

commit 3bd4da6794067708f517b099548c0aa2a2b65146
Merge: c80b746 b00a264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:32:29 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit b00a264ce27c48584879d85275a3fa3f19030906
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed May 8 21:29:36 2019 -0400

    Disable thunar-volman by default.

commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 20:37:53 2019 +0000

    Create fs_protected.conf

commit 0296e51e06d94cea598fcad3bdbfa165e519a47b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:46:37 2019 +0000

    Create ptrace_scope.conf

commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:45:53 2019 +0000

    Create tcp_hardening.conf

commit 4216299ee847da0bdf4c714451a70b69f5881d8c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Mon May 6 15:42:55 2019 +0000

    Create kexec.conf

commit c80b7465bfb9164fb300dea71c38f58672199b17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 09:58:44 2019 +0000

    bumped changelog version

commit f917c27a197d49b7bcdbfe065fe0696792d05350
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:51:14 2019 -0400

    remove trailing spaces

commit 83e12f8e89cf0269daeca36946cdef07e23075b3
Merge: 74cdecf 5177444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:50:35 2019 -0400

    Merge remote-tracking branch 'origin/master'

commit 5177444d624a8a935c461ebe1065d451d2f8da0f
Merge: 74cdecf 02e8888
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon May 6 05:46:03 2019 -0400

    Merge pull request #5 from madaidan/patch-1
    
    More kernel hardening

commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 20:17:33 2019 +0000

    Update 40_kernel_hardening.cfg

commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:42:03 2019 +0000

    Create 40_kernel_hardening.cfg

commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:36:30 2019 +0000

    Create mmap_aslr.conf

commit 197c1120a9f9f9a38548e4341d12b404fe72fde9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:35:42 2019 +0000

    Create harden_bpf.conf

commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date:   Sun May 5 14:34:41 2019 +0000

    Create kptr_restrict.conf

commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 11:34:25 2019 +0000

    bumped changelog version

commit 09c35d5da251c190febaeb3437e151612597375d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri May 3 10:56:56 2019 +0000

    update

commit db9e60c894c06d316f124659571c4b360e3fc08b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Apr 6 12:13:43 2019 +0000

    bumped changelog version

commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 14:06:00 2019 -0400

    port to debian buster

commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Apr 5 09:26:18 2019 -0400

    fix lintian warning

commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 4 05:51:06 2019 -0400

    port to debian buster

commit db5c3ccde6edcafc5467674176c94008765c0ecc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Apr 3 18:05:56 2019 -0400

    readme

commit 2913acda63b8d2309392ef7af6833a407d7cfa3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 10:02:51 2019 +0000

    bumped changelog version

commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 29 09:03:18 2019 +0000

    https://www.whonix.org/wiki/Dev/Licensing

commit c5768683f402289456375bb64a40250474005c25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 12 11:36:25 2019 +0000

    bumped changelog version

commit 811852656e5fdeae19c2a942207e4318c2f9b14d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Mar 1 14:32:41 2019 +0000

    add improved legal protections clauses
    
    The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
    
    The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
    
    * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
    * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
    
    [1] https://www.debian.org/social_contract#guidelines
    [2] https://www.fsf.org/news/canonical-updated-licensing-terms
    [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
    
    For more considerations, see also:
    https://www.whonix.org/wiki/Dev/Licensing

commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Nov 28 06:33:14 2018 +0000

    bumped changelog version

commit 63b080f40bab38bdb1c91519b90c3988640970d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 06:27:52 2018 -0500

    fix hiding network bookmark in thunar by default
    
    Thanks to @Algernon for suggesting the fix!

commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 19 03:08:20 2018 -0500

    Disables network bookmark by default.

commit 2bd6dabc7c523d7680917753e61130cf78d7067e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:55:41 2018 +0000

    bumped changelog version

commit 0c020af885b3dfb2924102e6cf41a5af114cc140
Merge: f9e1877 6f240c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 09:53:47 2018 +0000

    Merge remote-tracking branch 'origin/master'

commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb
Merge: f9e1877 f84f988
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 8 04:53:25 2018 -0500

    Merge pull request #4 from Algernon-01/master
    
    Enable hidden files and volume management again.

commit f84f988118e30a2a3d4d74ed008c1a626c35c365
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Thu Nov 8 07:22:35 2018 +0000

    Enabled hidden files and volume management.

commit 5aebf292149cca72cba3416c0de0f927d76d3281
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date:   Fri Nov 2 10:16:09 2018 +0000

    Security and general settings for Thunar.

commit f9e18772d72abeb1d14e3dc2740950f91900ee69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Nov 1 07:42:29 2018 +0000

    bumped changelog version

commit 4ecd32ef9996442532b78ae1d46694d0e452cec0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:26:13 2018 -0400

    description

commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Oct 31 02:22:43 2018 -0400

    disable previews in thunar

commit 256e4bac52d6c93a957ef47d07be2b7a0add8435
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 13:20:11 2018 +0000

    bumped changelog version

commit 73e5319711b897beb8fecae57f7552d764e438e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Sep 14 10:46:00 2018 +0000

    'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)

commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Aug 27 16:49:44 2018 +0000

    bumped changelog version

commit 1211aee0206b0d829b1101348b2a9836996ceef9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Aug 21 05:18:37 2018 +0800

    readme

commit c296cba838f64ad4bf96b281c2e2de410a3db589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Feb 1 15:18:55 2018 +0000

    bumped changelog version

commit edbf198a930de31a1423b962979583a1d9775e70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:50:36 2018 +0000

    readme

commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:38:57 2018 +0000

    update copyright

commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:22:05 2018 +0000

    update copyright

commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:15:17 2018 +0000

    update copyright

commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Jan 29 15:09:42 2018 +0000

    update copyright

commit 674d2d8abf38842d43a1ea10668d860b258c7f70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:35:29 2017 +0000

    bumped changelog version

commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Dec 21 20:26:29 2017 +0000

    readme

commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Jul 26 14:37:34 2017 +0000

    bumped changelog version

commit dc2c9a9992551f5967e09b31a90721a9aadaf962
Merge: 61bd4d0 91ff0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:43:18 2017 +0000

    Merge remote-tracking branch 'origin/master'

commit 91ff0c2571b41710440006e770b8295c03b3a295
Merge: 61bd4d0 6e5e5d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Mar 14 13:42:37 2017 +0000

    Merge pull request #2 from HulaHoopWhonix/patch-2
    
    Update README.md

commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Tue Mar 14 13:11:44 2017 +0000

    Update README.md

commit 61bd4d05b76088657e392cb311983617b8a68750
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 16:16:32 2017 +0000

    bumped changelog version

commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Mar 6 15:00:33 2017 +0000

    "$@"

commit f6bc1884855d84599ee731f694e0073f1df73ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 28 15:22:54 2017 +0100

    comment

commit 18e23af784e69e1bd40725a23acac9aaa3b167ab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:59:37 2017 +0000

    cleanup

commit 6195450eb2721d987f185f127a5435e8c7f798cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:57:04 2017 +0000

    No longer ignore duplicate apt sources in apt-get-wrapper.
    
    No longer acceptable because these generate lots of noise in the terminal.

commit 191918027c1971bfb871abb438c4917e5b98bb74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:43:02 2017 +0000

    adjust apt-get-wrapper for Debian stretch's apt-get

commit 2130b4c654ae5e3f94e7febe00a47e3969858770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 23:16:32 2017 +0000

    use python rather than unbuffer
    
    because unbuffer eats exit code when process is killed

commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 19:36:38 2017 +0000

    apt-get-wrapper:
    - fix exit code handling
    - code simplification

commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 02:04:00 2017 +0000

    bumped changelog version

commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 27 00:17:36 2017 +0000

    add missing dependency tcl8.6 (which is required by unbuffer [package expect])

commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 26 23:57:17 2017 +0000

    fix, show progress during apt-get-wrapper
    
    fix, propagate signals to apt-get child process

commit 49cde21078ccc9f623add6f587ee719843647ee7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 21 19:54:41 2017 +0000

    Whonix 14 KDE plasma 5 fixes
    
    https://phabricator.whonix.org/T633

commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:37:10 2017 +0000

    minor

commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:32:04 2017 +0000

    override glib-compile-schemas with || true in postinst
    
    https://phabricator.whonix.org/T500

commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Feb 19 22:25:28 2017 +0000

    disable previews in nautilus by default for better security
    
    copied solution by @unman
    
    https://github.com/QubesOS/qubes-issues/issues/1108
    
    https://github.com/QubesOS/qubes-core-agent-linux/pull/39
    
    https://phabricator.whonix.org/T500

commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 17 14:08:56 2017 +0000

    bumped changelog version

commit c59d15d48f1950697d4e1da13282688f4f483ea5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 15 20:46:22 2017 +0000

    Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
    
    https://phabricator.whonix.org/T633

commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 17:30:31 2017 +0000

    "$@"

commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Feb 14 02:37:08 2017 +0000

    add usr/lib/security-misc/apt-get-update-sanity-test
    
    a CVE-2016-1252 sanity test script

commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Feb 13 17:26:59 2017 +0000

    readme

commit 0bb059093f7b4940836057b069bbec3a51ed91ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:47:52 2017 +0000

    remove faketime from Build-Depends:
    
    since no longer used for reproducible builds

commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Fri Feb 10 15:35:25 2017 +0000

    remove debian/gain-root-command workaround

commit 90f175e117d9ca2b84072bee129539569143e10c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Wed Feb 8 14:26:26 2017 +0000

    double apt-get-update wrapper timeout from 120 to 240 seconds
    
    since it takes a bit longer than 120 seconds for me on a fast connection

commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 15:35:31 2017 +0000

    bumped changelog version

commit d80d576953ccea7f183bfe4b1e13655ebc03e557
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 13:11:38 2017 +0000

    fix lintian warning

commit 59633fbc604207947427839004afcbc8c8d5e4d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Jan 15 08:35:40 2017 +0100

    packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support

commit 814d6c5f74dd4808f28a0650909672be62639cd1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Jan 12 02:56:55 2017 +0000

    bumped changelog version

commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 02:33:44 2016 +0000

    apt-get-update: implement SIGINIT trap; hide 'ps' output

commit c4089d8d4017f713631fbc5f09ccf7047dcb7008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:36:04 2016 +0000

    update path to /usr/lib/security-misc/apt-get-wrapper

commit 7b01fb934140afdcd8f7275c92cd557a1080d18e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:35:17 2016 +0000

    remove obsolete comments

commit 8160cfe1d720707895172a18608366ddd65f9ec6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sun Dec 25 01:29:31 2016 +0000

    moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc

commit 7b3ef3a00f28592852ee701d4ce3803348de6999
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Sat Dec 10 02:30:50 2016 +0000

    bumped changelog version

commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Nov 21 17:42:55 2016 +0000

    readme

commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Oct 10 16:10:30 2016 +0000

    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:27:58 2016 +0000

    bumped changelog version

commit 192d1e0cee505a59c5f62d01022562b12ca6646e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Mon Apr 25 23:19:54 2016 +0000

    /etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
    
    https://phabricator.whonix.org/T486

commit 492ce128909cfda8645738b092fd9e8722c64aa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Apr 7 22:54:45 2016 +0000

    bumped changelog version

commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:53:40 2016 +0000

    fixed package description and package description linitan warnings

commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:36:59 2016 +0000

    added 'Replaces: tcp-timestamps-disable'
    
    https://phabricator.whonix.org/T486

commit 7b54755841907c2b86b12eed5035860e17445193
Merge: 10c87b8 be086ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:35:07 2016 +0000

    merged tcp-timestamps-disable package into security-misc package
    
    disable conntrack helper for better security
    
    https://phabricator.whonix.org/T486

commit be086aea597ff5e4db29f56fa57399c67568d4b6
Merge: 10c87b8 d0eceae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Thu Mar 31 15:34:17 2016 +0000

    Merge pull request #1 from HulaHoopWhonix/patch-1
    
    Create tcp_timestamps.conf

commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:38 2016 +0000

    Update README.md

commit 989f2f54e22ff676df83463edaca439a4695af49
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:18:05 2016 +0000

    Update control

commit c7d88571e48fface5fc24d7d471724303e374f37
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 03:16:10 2016 +0000

    Update control

commit 27200cd98f6d2be7e55765a8d17a075299db7b2e
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:57:15 2016 +0000

    Update README.md

commit 92d738db56f048f2ee5de0239ddd6ba141373f99
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:53:12 2016 +0000

    Create nf_conntrack_helper.conf

commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date:   Thu Mar 31 02:48:06 2016 +0000

    Create tcp_timestamps.conf

commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 21:05:03 2015 +0000

    updated README.md

commit ba7b06ce302006a12fe7886c4338b5e44a571fa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:16:14 2015 +0000

    bumped changelog version

commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 04:14:00 2015 +0000

    deactivate preview in Nautilus

commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:39 2015 +0000

    bumped changelog version

commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date:   Tue Dec 15 02:00:24 2015 +0000

    initial commit