Whonix 18.0.7.5 - Major Release Upgrade - Testers Wanted!

News
1

Download

Testers wanted!

(What is a release upgrade?)

Upgrade

Alternatively, an in-place release upgrade is possible using the instructions: Release Upgrade Whonix 17 to Whonix 18

This release would not have been possible without the numerous supporters of Whonix!

Please Donate!

Please Contribute!

Major Changes

Changelog

  • anon-gw-anonymizer-config:

    • anon-gw-anonymizer-config.service: start After qubes-whonix-network.service
    • Move to helper-scripts repair-torrc
    • Use systemd-tmpfiles for better performance
    • Use systemd-networkd-wait-online instead of tor-wait-for-network
    • In /usr/libexec/anon-gw-anonymizer-config/tor-wait-for-network: wait until all IPv6 addresses on an interface are bindable
    • In /usr/libexec/anon-gw-anonymizer-config/tor-wait-for-network: verify that the network interface is actually bindable
    • Conditionally disable IPv6 only after waiting for IPv6 to become available
    • Run tor-wait-for-network also in non-Qubes environments
    • Fix Privleap configuration
    • Add explanation of the IPv6 wait mechanism to tor-wait-for-network
    • Rewrite tor-wait-for-network to include IPv6 checks
    • Merge tor-whonix-gw-setup.service into anon-gw-anonymizer-config.service
    • Prevent Tor from listening on IPv6 addresses if IPv6 is unavailable
    • Allow the network enough time to initialize before starting Tor
    • Switch to using deb822 sources
    • Add IPv6 ports to 65_gateway.conf
    • Add VirtualAddrNetworkIPv6
    • Update comments to reflect config changes
    • Enable IPv6

  • anon-gw-base-files:

    • Tell user how to exit a GRUB submenu
    • Remove the network icon from desktop
    • Use lock-screen from helper-scripts for screen locking
    • add lock-screen background
    • remove redundant Waybar battery widget
    • Move Waybar configuration for sysmaint sessions into *-base-files packages
    • Remove /xdg/autostart/sysmaint-panel.desktop and related conffiles
    • Disable thumbnails in PCManFM-Qt and fix PCManFM-Qt config in sysmaint sessions
    • Add Swaylock configuration for Whonix-Gateway
    • Remove volume controls from Whonix-Gateway
    • Enable sdwdate_gui_server in Whonix-Gateway qubes

  • anon-meta-packages:

    • Switch the default image viewer from lximage-qt to loupe
    • Adjust dependencies for the security-misc split
    • Merge qubes-whonix metapackages into main metapackages
    • Fix spacing and add Breaks/Replaces against Xfce metapackages
    • Correct incorrect package dependencies
    • Restructure metapackages for better clarity
    • Switch desktop environment to LXQt
    • Do not install USBGuard by default in Whonix.

  • anon-ws-base-files:

    • Tell user how to exit a GRUB submenu
    • Remove the network icon from desktop
    • Use lock-screen from helper-scripts for screen locking, add lock-screen background, remove redundant Waybar battery widget
    • Move Waybar configuration for sysmaint sessions into *-base-files packages
    • Disable thumbnails in PCManFM-Qt and fix PCManFM-Qt config in sysmaint sessions
    • Add Swaylock configuration for Whonix-Workstation sessions

  • anon-ws-disable-stacked-tor:

    • Performance: Remove qubes-whonix-sysinit.service. Replaced using systemd conditions.
    • Ensure /etc/apparmor.d/abstractions/tor always exists
    • Add abstractions/tor file from Tor to fix apparmor.service startup
    • Make Tor Browser use IPv6 if available
    • Create IPv6 IPC UNIX sockets
    • Use light_sleep instead of sleep
    • Get systemd-socket-proxyd working with IPv6 proxy support
    • Add separate GATEWAY_IP6 variable
    • Add IPv6 listening sockets

  • kloak:

    • Make the cursor color completely transparent by default
    • Disable cursor drawing if the cursor color is fully transparent
    • Remove unsafe sanitizer compiler flags; add back -ftrapv to prevent undefined behavior on signed overflow
    • Add natural scrolling support
    • Try to fix AppArmor installation issues
    • Change default escape key combination to KEY_RIGHTSHIFT,KEY_ESCAPE
    • Fix syntax issues, improve startup timing, and avoid spamming logs when no compositor is found
    • Improve error reporting in find_wl_compositor
    • Add missing CLOEXEC flag, make shared-memory file creation safer
    • Add CLOEXEC hardening to file descriptors
    • Reduce CPU usage during idle by avoiding constant rapid polling
    • Add compositor feature checks
    • Sandbox find_wl_compositor script
    • Split Wayland compositor autodetection into a Python script, tighten sandbox on core kloak binary, and update related documentation
    • Remove dependency on libudev; use inotify for input device hotplug instead

  • qubes-whonix:

    • Remove no longer required Before= dependencies from qubes-whonix-postinit.service
    • Remove qubes-whonix-sysinit.service and slightly optimize qubes-whonix-postinit.service startup for Whonix-Gateway
    • Clean up systemd After= settings; qubes-whonix-postinit.service no longer runs on Whonix-Gateway
    • Remove mentions of no longer used rinetd service
    • Delete /usr/lib/systemd/system/whonix-initializer.service.d/40_qubes.conf (as whonix-initializer.service no longer exists)
    • Clean up file layout and tailor replaced files between gateway, workstation, and template
    • Replace-ips script: skip execution inside Template qube (not needed), and report mode detection failures (Gateway, Workstation or Template)
    • Use try-wait-for-tor-service-running in UpdatesProxy.anondist
    • Override UpdatesProxy configuration to remove exit-on-service-eof=true
    • Add socat as a dependency
    • Ensure updates to sys-whonix wait until Tor is running before proceeding
    • Avoid duplicate replace-ips script runs during boot on Whonix-Gateway
    • Fix shellcheck warnings and cleanup regex in replace-ips script (avoid replacing IPs in comments)
    • Update package rename: thunderbird-qubes to qubes-thunderbird
    • Add IPv6 addresses replacement logic and mention IPv6 in comments

  • uwt:

    • Do not warn about disabled stream isolation in dnf-3 wrapper
    • Attempt to wait for Tor startup in dnf-3 wrapper via Privleap
    • Fix curl wrapper: add proxy argument injection for dnf-3 wrapper
    • In curl.anondist: respect UWT_DEV_PASSTHROUGH=1 environment variable
    • Drop missing dependency on pwgen
    • Add missing redirect to stderr when needed
    • Disable curl stream isolation if Tor proxy is unreachable
    • Fix handling of loopback addresses in curl
    • Use stricter shell options in time_privacy
    • Reinstate curl wrapper integration with uwtwrapper
    • Rework curl wrapper for improved reliability

  • whonix-firewall:

    • Fix IPv6 autoconfiguration and add support for Qubes IPv6 addresses
    • Adjust LOCAL_NET_IP6 and include Qubes IPs in firewall rules
    • Switch loopback network definition from 127.0.0.0/24 to 127.0.0.0/8
    • Add support for Non-Qubes-Whonix-Gateway IP to destination list

  • whonix-gw-network-conf:

    • Enable IPv6 autoconfiguration (where supported)
    • Temporarily comment out inet6 auto where current configuration does not support it
    • Add IPv6 address assignment logic

  • whonix-ws-network-conf:

    • Add IPv6 address assignment logic

  • qubes-template-whonix:

    • Enable user-sysmaint-split on Whonix-Gateway
    • Fix metapackage naming and switch to trixie-developers repository to avoid clobbering Kicksecure package lists
    • Use pcmanfm-qt instead of Thunar as default file manager
    • Remove deprecated call to apt-key, as it is no longer available in Debian 13
    • Port desktop environment to LXQt
    • Switch to deb822 sources for package lists

  • Whonix-Installer:

    • Add Hyper-V disable and “undo-disable” scripts for Windows environments (This is not yet executed by Whonix-Windows-Installer. Will be in the next version.)
    • Improve Hyper-V disable helper scripts with warnings and detailed logs
    • Restructure EnsureExePath, add try...finally logic for robustness
    • Remove deprecated code paths
    • Add constant BYTE_COUNT definition for 1024 * 1024 for readability
    • Inform user about availability of debug mode during installation

Full difference of all changes

https://github.com/Whonix/derivative-maker/compare/17.4.4.6-developers-only…18.0.7.5-developers-only