security-misc/changelog.upstream
2019-07-15 13:26:47 +00:00

2002 lines
58 KiB
Plaintext

commit f21fa8d95d19665e1cb1320062007472284bd9b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 15 13:03:30 2019 +0000
readme
commit 5c741d2149f12554e63d0fcb0d129cbbdad66569
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 15 13:02:30 2019 +0000
shuffle
commit d247b7534b9e3a161fdba296c32dd85b7e91a665
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 15 13:01:46 2019 +0000
sort description by categories
commit 168ea5a660561fdaa438fdf88f6cecf1f2677324
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 15 08:48:17 2019 -0400
shuffle
commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 15 08:44:28 2019 -0400
set back to default group "root" rather than group "sudo" membership required to use su
since root login will be locked by default anyhow
Thanks to @madaidan for providing the rationale!
https://forums.whonix.org/t/restrict-root-access/7658/42
commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 14 11:16:49 2019 +0000
description
commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 14 11:11:59 2019 +0000
fix, add 'group=sudo' and 'debug' for debugging
https://forums.whonix.org/t/restrict-root-access/7658
commit 1731196c9fda93233917bcf6dba48834be03a448
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 18:51:32 2019 +0000
bumped changelog version
commit 6af2d7facb391724d48dece28c1a34f4aaaf3929
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 18:12:25 2019 +0000
copyright
commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 18:12:04 2019 +0000
set -e
commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 17:59:49 2019 +0000
use pre.bsh
commit 7afddb028f423254adcd6026aaf12627cebbee17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:30:39 2019 +0000
bumped changelog version
commit c13485f532203dbb3675d367be3bc16811719442
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:29:10 2019 +0000
readme
commit ea90f95f1c7b8200db222e42a5f72221212a71e1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:26:40 2019 +0000
cleanup
commit ea8b22ee78439a3cd5f7305f9588940320740ab9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:26:14 2019 +0000
shuffle
commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:25:08 2019 +0000
description
commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:23:39 2019 +0000
formatting
commit 41675ddcff4d561282db9b43d2d9f993a39600c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:21:34 2019 +0000
removed: The amount of hashing rounds used by shadow is bumped to 65536.
This increases the security of hashed passwords.
Since we do not do that currently.
https://forums.whonix.org/t/restrict-root-access/7658/37
commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:20:14 2019 +0000
Removes read, write and execute access for others for all users who have home
folders under folder /home by running for example "chmod o-rwx /home/user"
during package installation or upgrade. This will be done only once per folder
in folder /home so users who wish to relax file permissions are free to do so.
This is to protect previously created files in user home folder which were
previously created with lax file permissions prior installation of this
package.
commit 4740e8b3357914aee16079b980b8861376cd222c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 16:13:55 2019 +0000
cleanup
commit 834fcc4671a50f10426a62cb5986d79f991903b8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 15:17:16 2019 +0000
bumped changelog version
commit e9eb38b5dbbddffb12103c14edc3745e239365a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 15:04:09 2019 +0000
formatting
commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 14:58:47 2019 +0000
bumped changelog version
commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 14:57:51 2019 +0000
remove no longer shipped files in etc/pam.d/*
commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 14:55:31 2019 +0000
bumped changelog version
commit cb668459e81d74baf28ac43173bb50c7210e37a4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 10:35:10 2019 -0400
port umask from /etc/pam.d to /usr/share/pam-configs implementation
https://forums.whonix.org/t/change-default-umask/7416
commit ac25733de871b0da5ef42e2e0283a44d94ac3112
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 14:01:53 2019 +0000
remove etc/pam.d/common-password.security-misc rounds=65536
due to unclean implementation, see:
https://forums.whonix.org/t/restrict-root-access/7658/37
commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 12:33:51 2019 +0000
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
https://forums.whonix.org/t/restrict-root-access/7658/32
commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 13 11:41:37 2019 +0000
remove modifying to /etc/pam.d directly (unrelased)
config-package-dev displace /etc/securetty
remove trailing spaces
https://forums.whonix.org/t/restrict-root-access/7658/31
commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 18:28:04 2019 +0000
bumped changelog version
commit aee6b346359db4973fdc80d565f7a6972bb884a0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 18:26:17 2019 +0000
fix lintian warning
commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888
Merge: f5356ce 93190eb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 14:08:30 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1
Merge: f5356ce 1aee08f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 18:08:01 2019 +0000
Merge pull request #25 from madaidan/patch-20
Improve documentation of blacklisting uncommon network protocols
commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 11 15:30:09 2019 +0000
Update control
commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 11 15:28:56 2019 +0000
Update uncommon-network-protocols.conf
commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 11 15:26:14 2019 +0000
Update control
commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 07:16:38 2019 +0000
bumped changelog version
commit bea98474ba8a189b4c174ce6613547b8f377de68
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 07:07:21 2019 +0000
chmod +x usr/lib/security-misc/panic-on-oops
commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 07:07:01 2019 +0000
fix lintian warning
commit 2a893c0562438aaf0c34a25538a8e21bb11ba197
Merge: 3df6a44 a54500c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 06:50:35 2019 +0000
Merge remote-tracking branch 'origin/master'
commit a54500c6f18719520ae66c335870d3e8f03e9e14
Merge: 7d3a615 1e4d349
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 06:41:37 2019 +0000
Merge pull request #23 from madaidan/patch-18
Blacklist more uncommon network protocols
commit 7d3a61564dc01b899466defe957a7bc65d38dc89
Merge: 3df6a44 932524c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jul 11 06:41:08 2019 +0000
Merge pull request #24 from madaidan/patch-19
Move disable-coredumps.conf to correct position
commit 932524cbd1b15df06bd4e395dc391dd489ba100f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed Jul 10 15:28:48 2019 +0000
Move disable-coredumps.conf to correct position
commit 1e4d3495167c0305ec1fce8568658a06750df674
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed Jul 10 14:28:39 2019 +0000
Update control
commit 4058e283a542900e7c8bcc060012d7c33964e36a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed Jul 10 14:27:19 2019 +0000
Blacklist more uncommon network protocols
commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jul 9 21:57:37 2019 +0000
Remove duplicate
commit a8b44c75f9ca6df1460ce0feca647f2f370f8833
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jul 9 21:57:07 2019 +0000
Update control
commit 2d27bdd808374a71cd9d7187326be99420411583
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jul 9 21:55:37 2019 +0000
Blacklist more uncommon network protocols
commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 06:56:23 2019 -0400
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops
commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c
Merge: 8793708 e4bb770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 06:55:27 2019 -0400
Merge remote-tracking branch 'origin/master'
commit e4bb77037e9327eea7b8fd92961192613d6e0763
Merge: a9441e7 0f15303
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 10:54:48 2019 +0000
Merge pull request #21 from madaidan/patch-16
Make the kernel panic on oopses
commit 0f15303eb4dd5701cae5b3985be47918e2e4700a
Merge: 45f8102 a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 10:54:24 2019 +0000
Merge branch 'master' into patch-16
commit 8793708906d037746a2e946177d8a4d1884b391a
Merge: 50c00fc a9441e7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 03:23:26 2019 -0400
Merge remote-tracking branch 'origin/master'
commit a9441e7be4794e88f782f1ff5dd95f00e3928279
Merge: 50c00fc 24b326d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Jul 9 07:21:47 2019 +0000
Merge pull request #22 from madaidan/patch-17
Restrict access to the root account
commit 24b326d906375bb543b936936519231f51154dcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:24:41 2019 +0000
Update control
commit 24d9eadcb267b34ce31981d841e58d4e2c769793
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:19:59 2019 +0000
Use 65536 hashing rounds
commit 86117d957763a4dd07fb9a84c07a2934a02d32f8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:19:19 2019 +0000
Create common-password.security-misc
commit 8ad9a54b094a4a15ef726f513e38c953cc247b80
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:17:17 2019 +0000
Don't allow root login from a terminal
commit 890298a3c882000a8351186521e9c1852dec298a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:15:56 2019 +0000
Restrict su to users in the root group
commit 38099a2a5d830a522fd51b9d9953ae47a14c5289
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:11:17 2019 +0000
Create su.security-misc
commit 45f8102d565512938e5c533ffcd4cc06ea68b580
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:04:47 2019 +0000
Update control
commit 2a1742705563c264b3ea634345373cce2986d283
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 23:01:30 2019 +0000
Create security-misc
commit 4ac700ded0cca668f585ea466e167f055783e28d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 22:59:39 2019 +0000
Create 50panic_on_oops
commit 52c61011d4000b49edb0783fcca05952b0da7ee2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon Jul 8 22:58:56 2019 +0000
Create panic-on-oops
commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 8 00:23:52 2019 +0000
bumped changelog version
commit 223b6918339dc53b8ff8499d3d52210ee07e24a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 23:39:58 2019 +0000
add 'Depends: libpam-cgfs'
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 23:00:27 2019 +0000
bumped changelog version
commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 22:18:47 2019 +0000
shut up pam-auth-update
commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 21:31:56 2019 +0000
move to pam-auth-update --force
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
commit 8399a1136788dfbbfd5dfb5c11356776e90326cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 21:11:08 2019 +0000
bumped changelog version
commit d4c79cce69d454202304a7d8369fa7b0f1c50946
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 21:09:26 2019 +0000
add "Depends: libpam-runtime" so pam-auth-update is available
for Debian maintainer script
commit f68b96241c6afc7dffa8831f35d38bf1bf49508a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 21:08:28 2019 +0000
comment
commit 91fb21aafbab4811ac2055decae0fc58f624c259
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 16:51:40 2019 -0400
Due to error:
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
run:
pam-auth-update --package
from Debian maintainer scripts
commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 16:37:46 2019 -0400
apparmor fixes (this broke whonixcheck apparmor profile)
commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 09:39:12 2019 +0000
bumped changelog version
commit 3558a9949fe9924d027b267152125b33e25085c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jul 7 09:37:25 2019 +0000
Enable APT seccomp sandboxing.
Thanks to @torjunkie for the suggestion!
https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
commit 93e81b433036ef2f226d0a2b1422034aba54ea3a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 6 13:56:28 2019 +0000
bumped changelog version
commit 3cd1a5ec094cff0151c888418b7b14d5413eb353
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 6 13:56:00 2019 +0000
fix lintian warning
commit b73cdfd7cc3918633459315f5d9867f6a8798208
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 6 13:53:10 2019 +0000
bumped changelog version
commit 7b0b9da32c660e527741a56543c78ee3ac93d541
Merge: 6df7b3c 649878f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 6 07:06:54 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0
Merge: 6df7b3c 8888147
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jul 6 11:06:25 2019 +0000
Merge pull request #20 from madaidan/patch-15
Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 4 14:26:31 2019 +0000
Update control
commit 46409be8b664db730113b4495ef69bee0f41c53a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 4 14:25:28 2019 +0000
Use install instead of blacklist
commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jul 4 14:24:44 2019 +0000
Blacklist n-hdlc
commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 15:23:49 2019 +0000
bumped changelog version
commit f82731698c20028531de673903faca10aa136416
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 14:53:01 2019 +0000
re-enable PrivateNetwork=true
commit 81b38529d92e9bea79db8694200d70b08d3b42a6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:58:20 2019 +0000
add copyright for files in etc/pam.d/*
commit 552b6edbedfbb346c1738ea3edbad16368780c7b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:51:00 2019 +0000
fix machine readable copyright format
commit a05264934b1160f44966e3e0b32e54841b15dd06
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:46:01 2019 +0000
add copyright for etc/login.defs.security-misc
commit 48e511347c7d85478b8593e55f061a53aefbafaa
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:37:55 2019 +0000
fix lintian warning
commit 93c08210545dd77b608515351154bcc16c8464b4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:35:45 2019 +0000
config-package-dev displace files for change umask
https://forums.whonix.org/t/change-default-umask/7416
commit a73f0566e978afb6d5b9693bf432a2496bedd61f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:25:23 2019 +0000
change default umask to 006
session optional pam_umask.so usergroups
https://forums.whonix.org/t/change-default-umask/7416/17
commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:24:29 2019 +0000
revert to Debian buster original
commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae
Merge: 24cc8e3 8c60e7c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 09:21:05 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75
Merge: 24cc8e3 cfaafe4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 13:20:21 2019 +0000
Merge pull request #18 from madaidan/patch-14
Change the default umask to 006
commit 24cc8e380df8706cd8e9765d89bd44ac78c58936
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 03:43:02 2019 -0400
comment out proc-hidepid.service hardening for now
since broken in Qubes Debian AppVMs
https://forums.whonix.org/t/kernel-hardening/7296/104
commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8
Merge: 3c176ce 344d009
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 03:08:26 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 03:07:14 2019 -0400
allow permissions openat mkdir
since required in Qubes Debian templates
commit 344d00903250d699fc64d7fa9fad80475ade92e5
Merge: f26ad14 b8f2aee
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jul 1 06:39:28 2019 +0000
Merge pull request #19 from madaidan/patch-15
Add licensing to proc-hidepid.service
commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:22:43 2019 +0000
Add licensing
commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:16:12 2019 +0000
Update control
commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:12:59 2019 +0000
Update common-session-noninteractive
commit a9af85f58529e0dcb154b669bd53aba8333d5634
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:12:16 2019 +0000
Update common-session
commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:11:31 2019 +0000
Create common-session-noninteractive
commit 501901f7c04514c66a4f97f5eb0e523aa55a1094
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:10:54 2019 +0000
Change default umask to 006
commit 09a5c27f475ea6947180088b4efb615101fdbf9c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:10:29 2019 +0000
Create common-session
commit a319333493ad1839ff7fb1d4b6f43dc719b57844
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 13:09:51 2019 +0000
Create login.defs
commit f26ad14d4cab627c04dfa375ac831a3a09c9a165
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 07:21:58 2019 -0400
bumped changelog version
commit b8ace6e3f6a94268e0f63907e62bf968445ae548
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 07:21:31 2019 -0400
bump
commit f3a48009878e0edb033633d609f82a167cd8e616
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:23:51 2019 +0000
bumped changelog version
commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 04:11:38 2019 -0400
fix package description
commit e47339706170c92b8db44f014942ea7d94d1ff9e
Merge: 24b19c5 ec78a3e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 04:11:12 2019 -0400
Merge remote-tracking branch 'origin/master'
commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec
Merge: 9525ff8 67de524
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:10:28 2019 +0000
Merge pull request #17 from madaidan/patch-13
Disable coredumps
commit 67de5247c8e7cd68c851a3d62168e9de69000afe
Merge: dbfb9e1 9525ff8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:10:04 2019 +0000
Merge branch 'master' into patch-13
commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32
Merge: 24b19c5 22267c8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:09:23 2019 +0000
Merge pull request #16 from madaidan/patch-12
Mount /proc with hidepid=2
commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:21:46 2019 +0000
Update control
commit 024a698249392bdc6ebd362a2c978bc0e02bd55f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:20:38 2019 +0000
Update control
commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:19:04 2019 +0000
Create disable-coredumps.conf
commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:16:50 2019 +0000
Create coredumps.conf
commit f040081a5998fddd1ea4bc30140e41c405842371
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:13:52 2019 +0000
Prevent setuid processes from creating coredumps.
commit c6b669f1a53bfef08a82994422f9e1b627a937d5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 30 00:11:13 2019 +0000
Create disable-coredumps.conf
commit 22267c895b15e10c98bae365ef2bef12f95454aa
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat Jun 29 22:30:41 2019 +0000
Update control
commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat Jun 29 22:28:41 2019 +0000
Update proc-hidepid.service
commit dcf57bebf0d28089045a29477f26ad35d1041392
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat Jun 29 22:27:24 2019 +0000
Create proc-hidepid.service
commit 24b19c597685233e3ebc7a5200bf929319f8a63f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 29 10:35:13 2019 +0000
bumped changelog version
commit befa03fea80c53bac3c4b1bb530be2f965ce6157
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 29 10:34:48 2019 +0000
fix lintian warning
commit 250919b821a00c93ee4fe7d92f6f3ed812110aac
Merge: ecf5d80 60e6dfc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 29 06:06:02 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e
Merge: ecf5d80 9e9c854
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 29 10:05:34 2019 +0000
Merge pull request #15 from madaidan/patch-11
Update control
commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Fri Jun 28 11:34:35 2019 +0000
Update control
commit b26d861dffdbca124322cbfbda99ab71a3142e06
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Fri Jun 28 11:33:48 2019 +0000
Update control
commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 07:20:53 2019 +0000
bumped changelog version
commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 07:18:30 2019 +0000
fix lintian warning
commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 07:17:35 2019 +0000
chmod +x usr/lib/security-misc/remove-system.map
commit fe69dc6173e8a3e45ff7996597e9e50f09033279
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 07:09:35 2019 +0000
bumped changelog version
commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 03:02:49 2019 -0400
update files list
commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd
Merge: 0a0be1a ab31223
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 03:00:21 2019 -0400
Merge remote-tracking branch 'origin/master'
commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b
Merge: 5e02100 3801a53
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:59:16 2019 +0000
Merge pull request #14 from madaidan/patch-10
Add some hardening for other distributions
commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
Merge: 7e12e16 b809185
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:58:32 2019 +0000
Merge pull request #13 from madaidan/patch-9
Remove System.map and restrict the SysRq key.
commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
Merge: 0a0be1a 641407c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:57:42 2019 +0000
Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks
commit 3801a53a9e01aafa3783276059a7907f5b20b96e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jun 27 18:17:58 2019 +0000
Update tcp_hardening.conf
commit c54125270b44140b9ecfe0420205ac685b2a3505
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jun 27 18:15:57 2019 +0000
Create dmesg_restrict.conf
commit b8091850082fe1b956d6cff11fc7aa17786e693e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu Jun 27 16:09:52 2019 +0000
Update remove-system-map.service
commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed Jun 26 15:03:54 2019 +0000
Update remove-system.map
commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Wed Jun 26 12:59:45 2019 +0000
Use a for loop to detect if System.map exists
commit 3116a56f1353681fbb97d4e7f92ee069f2577b33
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jun 25 19:25:32 2019 +0000
Create remove-system-map.service
commit 382e336f69097f3baa7693da6aaf8833b05cf322
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jun 25 19:20:27 2019 +0000
Create remove-system.map
commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue Jun 25 19:16:43 2019 +0000
Restrict what the SysRq key can do
commit 0a0be1ad2889182b15d5851740ff43fb75773571
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:57:42 2019 +0000
bumped changelog version
commit 7806af14193f195e825678471ba65c64e07d7d0a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:51:53 2019 +0000
readme
commit 4e32438d75726014573b35c9b101abf59dfc3ba4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:47:05 2019 +0000
debian/control syntax fix
commit a098b18560e30ef238f693bf8f05933489027dd4
Merge: 2a62899 90d676e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:46:30 2019 +0000
Merge remote-tracking branch 'origin/master'
commit 90d676ec1864bd915310673d134d62d10a17a42f
Merge: 2a62899 1a07d90
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:45:31 2019 +0000
Merge pull request #12 from madaidan/patch-8
Update control
commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 23 19:26:03 2019 +0000
Update control
commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 18:46:52 2019 +0000
syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
https://forums.whonix.org/t/kernel-hardening/7296/70
commit f1147318c04642f355eae96786c26ec1cb53977c
Merge: cd73466 aec6da2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 18:45:41 2019 +0000
Merge remote-tracking branch 'origin/master'
commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74
Merge: cd73466 2178fb3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 18:45:24 2019 +0000
Merge pull request #10 from madaidan/patch-6
Enable more kernel hardening parameters
commit 641407c8e9c728429ec86e7c89e431896d88e116
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 23 18:38:50 2019 +0000
Enable IOMMU
commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 23 18:34:45 2019 +0000
Blacklist thunderbolt and firewire
commit 2178fb37a85808df0c455f7dd76fc72516d6ff28
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun Jun 23 17:54:34 2019 +0000
Add more kernel hardening parameters
commit cd7346699c10e258d5af5f51ad56493e98e4eb1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 12:22:13 2019 +0000
bumped changelog version
commit 60334797d003f63606645220fbc66393eb30cde0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 09:00:12 2019 +0000
/etc/sysctl.d/tcp_sack.conf
commit d404624bacf220e5545c8e5ffbace937924c77cd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 08:38:01 2019 +0000
bumped changelog version
commit ae50d8134294d3746235d383c18fc187c18717d7
Merge: 5269cfe cd7172c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 03:59:58 2019 -0400
Merge remote-tracking branch 'origin/master'
commit cd7172c00cbf0cb69e159b6159ef0bfff663a507
Merge: 5269cfe 807ac7d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 07:59:35 2019 +0000
Merge pull request #9 from madaidan/patch-5
Disables SACK.
commit 807ac7d65916071e4294f42d62b8b2353255c4bc
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat Jun 22 16:08:30 2019 +0000
Create tcp_sack.conf
commit 5269cfeef99b500e4aa7c883434f3d5554559d16
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 21 05:40:04 2019 +0000
bumped changelog version
commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810
Merge: ca1aa1e f9dc1b6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 21 04:05:50 2019 +0000
Merge remote-tracking branch 'origin/master'
commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea
Merge: ca1aa1e 2e81885
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jun 20 23:54:58 2019 -0400
Merge pull request #8 from marmarek/packaging
qubes-builder integration
commit 2e81885f691201e2229dadfd5ec7b554980ac689
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Fri Jun 21 04:52:01 2019 +0200
Add rpm packaging
QubesOS/qubes-issues#1885
commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Fri Jun 21 04:51:33 2019 +0200
Add Makefile.builder for qubes-builder (Debian)
QubesOS/qubes-issues#1885
commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jun 10 15:42:58 2019 +0000
bumped changelog version
commit 8b5e84d76a762b6c8cac8626245d5311afbea221
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 9 10:24:53 2019 +0000
cleanup, delete debian/security-misc.maintscript to fix lintian warning
commit f9acd890a703ce375ed07ad9e1be2bed019e49a3
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 9 10:24:24 2019 +0000
lintian
commit 49873e8e0286f7604399c7e857c7714271991956
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 9 10:06:58 2019 +0000
solve package file conflict
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
commit d5127e716632af2f494e9b41571c44a56a887667
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 8 11:32:12 2019 +0000
bumped changelog version
commit 9fe58728102f92d0584ef128c53f5e99d3956d92
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 8 00:05:35 2019 -0400
fix debian/watch lintian warning debian-watch-contains-dh_make-template
commit e7edbe5fb446f869e7b64802038f410c74ce538c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri May 24 20:48:59 2019 +0000
bumped changelog version
commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri May 24 12:29:08 2019 -0400
readme
commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 23 22:38:13 2019 +0000
bumped changelog version
commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9
Merge: 65d7eb8 244234c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 23 18:25:47 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5
Merge: 65d7eb8 7177c60
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 23 22:25:13 2019 +0000
Merge pull request #7 from madaidan/patch-3
Disable uncommon network protocols
commit 7177c6041a9b086a4cb90504a492136b4da732a2
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu May 16 20:30:49 2019 +0000
Create uncommon-network-protocols.conf
commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 16 20:25:46 2019 +0000
bumped changelog version
commit a2b184e5bb9942aa63a36fb918b203053a53f1e4
Merge: 71bf635 7d7b899
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 16 19:53:27 2019 +0000
Merge remote-tracking branch 'origin/master'
commit 7d7b899dd13f7123822bf269a639c68ff5cb737e
Merge: 71bf635 b814f33
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 16 19:52:52 2019 +0000
Merge pull request #6 from madaidan/patch-2
Even more kernel hardening
commit b814f338b803ae33380551919b00144bb63a53b8
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu May 16 16:33:03 2019 +0000
Update tcp_hardening.conf
commit e6794721bd181f8884cd3817b5ae3c6c58747ae7
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu May 16 16:29:20 2019 +0000
Update ptrace_scope.conf
commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun May 12 11:08:32 2019 +0000
bumped changelog version
commit c040117fe47acad2e5c76baa55d42a6ec9223955
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun May 12 10:50:34 2019 +0000
lintian
commit 26fe4305a1fd072a8608f62a30129ad249203684
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun May 12 10:48:27 2019 +0000
bumped changelog version
commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun May 12 02:58:45 2019 -0400
update path to pre.bsh
commit 137bc073c5d65988cce832336ebee5c47071e732
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed May 8 21:38:25 2019 -0400
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
commit 3bd4da6794067708f517b099548c0aa2a2b65146
Merge: c80b746 b00a264
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed May 8 21:32:29 2019 -0400
Merge remote-tracking branch 'origin/master'
commit b00a264ce27c48584879d85275a3fa3f19030906
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed May 8 21:29:36 2019 -0400
Disable thunar-volman by default.
commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon May 6 20:37:53 2019 +0000
Create fs_protected.conf
commit 0296e51e06d94cea598fcad3bdbfa165e519a47b
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon May 6 15:46:37 2019 +0000
Create ptrace_scope.conf
commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon May 6 15:45:53 2019 +0000
Create tcp_hardening.conf
commit 4216299ee847da0bdf4c714451a70b69f5881d8c
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon May 6 15:42:55 2019 +0000
Create kexec.conf
commit c80b7465bfb9164fb300dea71c38f58672199b17
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon May 6 09:58:44 2019 +0000
bumped changelog version
commit f917c27a197d49b7bcdbfe065fe0696792d05350
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon May 6 05:51:14 2019 -0400
remove trailing spaces
commit 83e12f8e89cf0269daeca36946cdef07e23075b3
Merge: 74cdecf 5177444
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon May 6 05:50:35 2019 -0400
Merge remote-tracking branch 'origin/master'
commit 5177444d624a8a935c461ebe1065d451d2f8da0f
Merge: 74cdecf 02e8888
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon May 6 05:46:03 2019 -0400
Merge pull request #5 from madaidan/patch-1
More kernel hardening
commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun May 5 20:17:33 2019 +0000
Update 40_kernel_hardening.cfg
commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun May 5 14:42:03 2019 +0000
Create 40_kernel_hardening.cfg
commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun May 5 14:36:30 2019 +0000
Create mmap_aslr.conf
commit 197c1120a9f9f9a38548e4341d12b404fe72fde9
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun May 5 14:35:42 2019 +0000
Create harden_bpf.conf
commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e
Author: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sun May 5 14:34:41 2019 +0000
Create kptr_restrict.conf
commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri May 3 11:34:25 2019 +0000
bumped changelog version
commit 09c35d5da251c190febaeb3437e151612597375d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri May 3 10:56:56 2019 +0000
update
commit db9e60c894c06d316f124659571c4b360e3fc08b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Apr 6 12:13:43 2019 +0000
bumped changelog version
commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Apr 5 14:06:00 2019 -0400
port to debian buster
commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Apr 5 09:26:18 2019 -0400
fix lintian warning
commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Apr 4 05:51:06 2019 -0400
port to debian buster
commit db5c3ccde6edcafc5467674176c94008765c0ecc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Apr 3 18:05:56 2019 -0400
readme
commit 2913acda63b8d2309392ef7af6833a407d7cfa3c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Mar 29 10:02:51 2019 +0000
bumped changelog version
commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Mar 29 09:03:18 2019 +0000
https://www.whonix.org/wiki/Dev/Licensing
commit c5768683f402289456375bb64a40250474005c25
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Mar 12 11:36:25 2019 +0000
bumped changelog version
commit 811852656e5fdeae19c2a942207e4318c2f9b14d
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Mar 1 14:32:41 2019 +0000
add improved legal protections clauses
The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
* Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
* Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
[1] https://www.debian.org/social_contract#guidelines
[2] https://www.fsf.org/news/canonical-updated-licensing-terms
[3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
For more considerations, see also:
https://www.whonix.org/wiki/Dev/Licensing
commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Nov 28 06:33:14 2018 +0000
bumped changelog version
commit 63b080f40bab38bdb1c91519b90c3988640970d9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Nov 19 06:27:52 2018 -0500
fix hiding network bookmark in thunar by default
Thanks to @Algernon for suggesting the fix!
commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Nov 19 03:08:20 2018 -0500
Disables network bookmark by default.
commit 2bd6dabc7c523d7680917753e61130cf78d7067e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Nov 8 09:55:41 2018 +0000
bumped changelog version
commit 0c020af885b3dfb2924102e6cf41a5af114cc140
Merge: f9e1877 6f240c0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Nov 8 09:53:47 2018 +0000
Merge remote-tracking branch 'origin/master'
commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb
Merge: f9e1877 f84f988
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Nov 8 04:53:25 2018 -0500
Merge pull request #4 from Algernon-01/master
Enable hidden files and volume management again.
commit f84f988118e30a2a3d4d74ed008c1a626c35c365
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date: Thu Nov 8 07:22:35 2018 +0000
Enabled hidden files and volume management.
commit 5aebf292149cca72cba3416c0de0f927d76d3281
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
Date: Fri Nov 2 10:16:09 2018 +0000
Security and general settings for Thunar.
commit f9e18772d72abeb1d14e3dc2740950f91900ee69
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Nov 1 07:42:29 2018 +0000
bumped changelog version
commit 4ecd32ef9996442532b78ae1d46694d0e452cec0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Oct 31 02:26:13 2018 -0400
description
commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Oct 31 02:22:43 2018 -0400
disable previews in thunar
commit 256e4bac52d6c93a957ef47d07be2b7a0add8435
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Sep 14 13:20:11 2018 +0000
bumped changelog version
commit 73e5319711b897beb8fecae57f7552d764e438e5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Sep 14 10:46:00 2018 +0000
'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)
commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Aug 27 16:49:44 2018 +0000
bumped changelog version
commit 1211aee0206b0d829b1101348b2a9836996ceef9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Aug 21 05:18:37 2018 +0800
readme
commit c296cba838f64ad4bf96b281c2e2de410a3db589
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Feb 1 15:18:55 2018 +0000
bumped changelog version
commit edbf198a930de31a1423b962979583a1d9775e70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jan 29 15:50:36 2018 +0000
readme
commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jan 29 15:38:57 2018 +0000
update copyright
commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jan 29 15:22:05 2018 +0000
update copyright
commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jan 29 15:15:17 2018 +0000
update copyright
commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Jan 29 15:09:42 2018 +0000
update copyright
commit 674d2d8abf38842d43a1ea10668d860b258c7f70
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Dec 21 20:35:29 2017 +0000
bumped changelog version
commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Dec 21 20:26:29 2017 +0000
readme
commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Jul 26 14:37:34 2017 +0000
bumped changelog version
commit dc2c9a9992551f5967e09b31a90721a9aadaf962
Merge: 61bd4d0 91ff0c2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Mar 14 13:43:18 2017 +0000
Merge remote-tracking branch 'origin/master'
commit 91ff0c2571b41710440006e770b8295c03b3a295
Merge: 61bd4d0 6e5e5d6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Mar 14 13:42:37 2017 +0000
Merge pull request #2 from HulaHoopWhonix/patch-2
Update README.md
commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Tue Mar 14 13:11:44 2017 +0000
Update README.md
commit 61bd4d05b76088657e392cb311983617b8a68750
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Mar 6 16:16:32 2017 +0000
bumped changelog version
commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Mar 6 15:00:33 2017 +0000
"$@"
commit f6bc1884855d84599ee731f694e0073f1df73ce1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 28 15:22:54 2017 +0100
comment
commit 18e23af784e69e1bd40725a23acac9aaa3b167ab
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:59:37 2017 +0000
cleanup
commit 6195450eb2721d987f185f127a5435e8c7f798cc
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:57:04 2017 +0000
No longer ignore duplicate apt sources in apt-get-wrapper.
No longer acceptable because these generate lots of noise in the terminal.
commit 191918027c1971bfb871abb438c4917e5b98bb74
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:43:02 2017 +0000
adjust apt-get-wrapper for Debian stretch's apt-get
commit 2130b4c654ae5e3f94e7febe00a47e3969858770
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:16:32 2017 +0000
use python rather than unbuffer
because unbuffer eats exit code when process is killed
commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 19:36:38 2017 +0000
apt-get-wrapper:
- fix exit code handling
- code simplification
commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 02:04:00 2017 +0000
bumped changelog version
commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 00:17:36 2017 +0000
add missing dependency tcl8.6 (which is required by unbuffer [package expect])
commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 26 23:57:17 2017 +0000
fix, show progress during apt-get-wrapper
fix, propagate signals to apt-get child process
commit 49cde21078ccc9f623add6f587ee719843647ee7
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 21 19:54:41 2017 +0000
Whonix 14 KDE plasma 5 fixes
https://phabricator.whonix.org/T633
commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 19 22:37:10 2017 +0000
minor
commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 19 22:32:04 2017 +0000
override glib-compile-schemas with || true in postinst
https://phabricator.whonix.org/T500
commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 19 22:25:28 2017 +0000
disable previews in nautilus by default for better security
copied solution by @unman
https://github.com/QubesOS/qubes-issues/issues/1108
https://github.com/QubesOS/qubes-core-agent-linux/pull/39
https://phabricator.whonix.org/T500
commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Feb 17 14:08:56 2017 +0000
bumped changelog version
commit c59d15d48f1950697d4e1da13282688f4f483ea5
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Feb 15 20:46:22 2017 +0000
Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
https://phabricator.whonix.org/T633
commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 14 17:30:31 2017 +0000
"$@"
commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 14 02:37:08 2017 +0000
add usr/lib/security-misc/apt-get-update-sanity-test
a CVE-2016-1252 sanity test script
commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 13 17:26:59 2017 +0000
readme
commit 0bb059093f7b4940836057b069bbec3a51ed91ac
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Feb 10 15:47:52 2017 +0000
remove faketime from Build-Depends:
since no longer used for reproducible builds
commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Feb 10 15:35:25 2017 +0000
remove debian/gain-root-command workaround
commit 90f175e117d9ca2b84072bee129539569143e10c
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Feb 8 14:26:26 2017 +0000
double apt-get-update wrapper timeout from 120 to 240 seconds
since it takes a bit longer than 120 seconds for me on a fast connection
commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jan 15 15:35:31 2017 +0000
bumped changelog version
commit d80d576953ccea7f183bfe4b1e13655ebc03e557
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jan 15 13:11:38 2017 +0000
fix lintian warning
commit 59633fbc604207947427839004afcbc8c8d5e4d4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jan 15 08:35:40 2017 +0100
packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support
commit 814d6c5f74dd4808f28a0650909672be62639cd1
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jan 12 02:56:55 2017 +0000
bumped changelog version
commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Dec 25 02:33:44 2016 +0000
apt-get-update: implement SIGINIT trap; hide 'ps' output
commit c4089d8d4017f713631fbc5f09ccf7047dcb7008
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Dec 25 01:36:04 2016 +0000
update path to /usr/lib/security-misc/apt-get-wrapper
commit 7b01fb934140afdcd8f7275c92cd557a1080d18e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Dec 25 01:35:17 2016 +0000
remove obsolete comments
commit 8160cfe1d720707895172a18608366ddd65f9ec6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Dec 25 01:29:31 2016 +0000
moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc
commit 7b3ef3a00f28592852ee701d4ce3803348de6999
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Dec 10 02:30:50 2016 +0000
bumped changelog version
commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Nov 21 17:42:55 2016 +0000
readme
commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Oct 10 16:10:30 2016 +0000
disable conntrack helper for better security
https://phabricator.whonix.org/T486
commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Apr 25 23:27:58 2016 +0000
bumped changelog version
commit 192d1e0cee505a59c5f62d01022562b12ca6646e
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Apr 25 23:19:54 2016 +0000
/etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
https://phabricator.whonix.org/T486
commit 492ce128909cfda8645738b092fd9e8722c64aa0
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Apr 7 22:54:45 2016 +0000
bumped changelog version
commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:53:40 2016 +0000
fixed package description and package description linitan warnings
commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:36:59 2016 +0000
added 'Replaces: tcp-timestamps-disable'
https://phabricator.whonix.org/T486
commit 7b54755841907c2b86b12eed5035860e17445193
Merge: 10c87b8 be086ae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:35:07 2016 +0000
merged tcp-timestamps-disable package into security-misc package
disable conntrack helper for better security
https://phabricator.whonix.org/T486
commit be086aea597ff5e4db29f56fa57399c67568d4b6
Merge: 10c87b8 d0eceae
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:34:17 2016 +0000
Merge pull request #1 from HulaHoopWhonix/patch-1
Create tcp_timestamps.conf
commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 03:18:38 2016 +0000
Update README.md
commit 989f2f54e22ff676df83463edaca439a4695af49
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 03:18:05 2016 +0000
Update control
commit c7d88571e48fface5fc24d7d471724303e374f37
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 03:16:10 2016 +0000
Update control
commit 27200cd98f6d2be7e55765a8d17a075299db7b2e
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 02:57:15 2016 +0000
Update README.md
commit 92d738db56f048f2ee5de0239ddd6ba141373f99
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 02:53:12 2016 +0000
Create nf_conntrack_helper.conf
commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2
Author: HulaHoopWhonix <bancfc@openmailbox.org>
Date: Thu Mar 31 02:48:06 2016 +0000
Create tcp_timestamps.conf
commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Dec 15 21:05:03 2015 +0000
updated README.md
commit ba7b06ce302006a12fe7886c4338b5e44a571fa2
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Dec 15 04:16:14 2015 +0000
bumped changelog version
commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Dec 15 04:14:00 2015 +0000
deactivate preview in Nautilus
commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Dec 15 02:00:39 2015 +0000
bumped changelog version
commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba
Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Dec 15 02:00:24 2015 +0000
initial commit