The version number for this testers-only release is 126.96.36.199, which will become Whonix 9 the moment it’s blessed stable.
Download link for Virtual Box images (.ova), experimental kvm/qemu images and OpenPGP signatures (.asc):
Upgrading Whonix 8 to Whonix 9
– You cannot upgrade using apt-get dist-upgrade or you will break the packaging system!
– You can upgrade using these instructions: https://www.whonix.org/wiki/Upgrading_Whonix_8_to_Whonix_9
If you want to build from source code, see:
Thanks to everyone who made this test release possible!
Changlog between 188.8.131.52 and 184.108.40.206:
– added empty Whonix-Custom-Workstation
– sdwdate: fix terminating sclockadj
– Added extra log file /var/run/tor/log that won’t survive reboot. (Existing log file /var/log/tor/log that survives reboot will continue to exist.) And added necessary AppArmor rules. Thanks to @troubadoour who figured out the AppArmor rules (Whonix Forum). This is useful, so whonixcheck can in future grep the log for clock specific warnings (https://github.com/Whonix/Whonix/issues/244).
– sdwdate: log time/date before and after running sclockadj
– open-link-confirmation: prettier default output “Tor Browser” rather than “x-www-browser (/usr/bin/torbrowser)”
– tb-starter: fix opening links in conjunction with tb-default-browser when open-link-confirmation is not installed
– swap-file-creator: timeout when reading from /dev/random
– when whonixsetup is automatically started, support automatically maximizing window in other terminals than konsole
– disable TCP-Timestamps (implemented #247)
– Added deletion of /boot/grub/device.map for VM builds during build process to prevent hard drive serial of build machine leaking into image. System also boots without /boot/grub/device.map. https://github.com/Whonix/Whonix/issues/249
– New alternative option name –install-to-root. This is an alternative to –bare-metal. Since some users liked to use “–bare-metal in a VM”, which sounds like an oxymoron. Now we can talk about “using –install-to-root in a VM”.
– Drop all incoming ICMP traffic by default. All incoming connections are dropped by default anyway, but should a user allow incoming ports (such as for incoming SSH or FlashProxy), ICMP should still be dropped to filter for example ICMP time stamp requests.
– build script: implemented –testing-frozen-sources, installs from Debian testing frozen (snapshot.debian.org) sources. This is useful for compatibility test of Whonix’s Debian packages with Debian testing. There is no official support for Debian testing.
– whonixcheck: fixed apt-get –simulate parsing code, whonixcheck can now also report how many packages could be upgraded when using non-English languages
– tb-updater: code cleanup zenity leftovers
– swap-file-creator: fix creation when less then 512 MB RAM is available at swap file creation time; check size of swapfile to handle cases in which dd was interrupted
– Removed geoclue-ubuntu-geoip and geoclue from anon-banned-packages because those are not evil by definition, those are only providing an API. Not allowing them to be installed would not allow users installing gnome-desktop-environment.
– Removed resolvconf and openresolv from anon-banned-packages conflicts. Was added to anon-[gw/ws]-dns-conf conflicts.
– Removed ufw from anon-banned-packages conflicts. Was added to anon-[gw/ws]-firewall conflicts.
– whonixcheck: There is no general “Whonix Debian Version” anymore, because Whonix has been split into multiple packages that now all have their own version number. What whonixcheck can figure out is if the whonixcheck version is up to date and if there is a Whonix news file for that whonixcheck version. There is currently no notification for packages by the Whonix team in whonixcheck for packages other than whonixcheck for users who do not use Whonix’s APT repository.
– vbox-disable-timesync: added compatibility with Debian jessie
– control-port-filter: replaced netcat-traditional dependency with netcat-openbsd as per Whonix Forum
– whonix-gw-firewall: Added 10.0.2.2/24 to NON_TOR_GATEWAY and LOCAL_NET to prevent spamming syslog with: host dhclient: DHCPREQUEST on eth0 to 10.0.2.2 port 67 | host dhclient: send_packet: Operation not permitted