Whonix for VirtualBox

Download Whonix for VirtualBox:

This is a point release.

Upgrade

Alternatively, in-place release upgrade is possible upgrade using Whonix repository.

This release would not have been possible without the numerous supporters of Whonix!

Please Donate!

Please Contribute!

Most Notable Changes

Whonix VirtualBox:

• VirtualBox: fix VirtualBox version 6.1.20 compatibility fix for Whonix VirtualBox - failed to start - NS_ERROR_FAILURE (0x80004005) - The VM session was aborted. (wiki: Failed to open a session for the virtual machine)
  • switch to SATA AHCI virtual storage controller hardware
    • (This setting might lead the to issue High Disk Usage Causing Filesystem Corruption on some (slower) hardware configurations due to VirtualBox host software bug, High I/O causing filesystem corruption [archive]. It’s speculation and unavoidable. There is no other solution at the moment. Wiki chapter High Disk Usage Causing Filesystem Corruption already contains approaches which might fix this issue in case it manifests.)
• Recommended VirtualBox version: 6.1.20
  • At time of writing.
  • Above link takes precedence.

Notable Changes

• anon-connection-wizard
  • update usr/share/anon-connection-wizard/bridges_default from ~/tor-browser/Browser/TorBrowser/Data/Tor/torrc
  • fix error handling Thanks to Bl3ckJ4ck for the bug report! https://forums.whonix.org/t/anon-connection-wizard-py-possible-error-in-the-code/11427
  • minor non-Whonix reliability fix
  • wording similar to newer tor-launcher
  • part of fixing meek lite in Whonix https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/9 https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-meek-azure-bridge-tls-error/11383 Thanks to @Bl3ckJ4ck for the bug report!
  • part of fixing meek lite in Whonix add /usr/lib/anon-gw-anonymizer-config/edit-etc-resolv-conf https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/9 https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-meek-azure-bridge-tls-error/11383 Thanks to @Bl3ckJ4ck for the bug report!
• anon-gw-anonymizer-config
  • reload apparmor profiles after installation to make package work after installation no longer requiring reboot
  • part of fixing meek lite in Whonix add /usr/lib/anon-gw-anonymizer-config/edit-etc-resolv-conf https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/9 https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-meek-azure-bridge-tls-error/11383 Thanks to @Bl3ckJ4ck for the bug report!
• anon-meta-packages
  • fix ristretto missing thumbnails and popup by installing tumbler by default add “Depends: tumbler” to whonix-workstation-packages-recommended-gui (tumbler is a “Recommends:” of ristretto) Thanks to @nurmagoz for the bug report! https://forums.whonix.org/t/which-image-viewer-to-install-by-default/9268/3
  • No longer install OnionShare by default. Debian buster (which Whonix 15 is based on) ships only onionshare 1.3.2 which only supports legacy onion v2 which are being phased out and deprecated on July 15th, 2021. https://blog.torproject.org/v2-deprecation-timeline https://lists.torproject.org/pipermail/tor-dev/2020-May/014322.html https://forums.whonix.org/t/onionshare-whonix-integration-development-discussion/300 Flatpak installation method recommended, see: https://www.whonix.org/wiki/OnionShare
  • Bump python-msgpack to python3 ZeroNet now uses python3, and python2 is removed from Debian as of bullseye. (Thanks to Jeremy Rand!)
• apparmor-profile-everything
  • proper whitespace handling https://www.whonix.org/wiki/Dev/bash
• binaries-freedom
  • electrum-4.1.2-x86_64.AppImage
• genmkfile
  • change output of genmkfile deb-chl-bumpup-manual
• helper-scripts
  • apt-key-install: utility to install APT signing key to system Input file can be either, gpg keys in either ASCII-armored or binary format. due to apt-key deprecation by Debian https://forums.whonix.org/t/apt-key-deprecation-apt-2-2-changes/11240/1
  • gpg-dearmor: wrapper to convert gpg ASCII-armored format binary format due to apt-key deprecation by Debian since only gpg binary format is understood by Debian’s APT https://forums.whonix.org/t/apt-key-deprecation-apt-2-2-changes/11240
• kicksecure-meta-packages
  • fix ristretto missing thumbnails and popup by installing tumbler by default add “Depends: tumbler” to whonix-workstation-packages-recommended-gui (tumbler is a “Recommends:” of ristretto) Thanks to @nurmagoz for the bug report! https://forums.whonix.org/t/which-image-viewer-to-install-by-default/9268/3
• monero-gui
  • update to v0.17.2.1
• repository-dist
  • same gpg signing key with new e-mail addresses
• sandbox-app-launcher
  • wait (blocking) for processes inside the sandbox to be killed
  • replace dynamic wrapper script creation with static script for code simplification https://forums.whonix.org/t/system-wide-sandboxing-framework-sandbox-app-launcher/9008/352
  • fix wrapper script creation and access rights
  • improve command to create wrapper script for more self-explanatory bash xtrace
  • unduplicate/remove permission check code in function run_program since already done exactly the same in function setup_or_check which runs anyhow
  • minor usability improvements * Downgraded messages if removal previously completed to INFO:. Not an issue to worry the user with. * Show INFO: after setup was successfully completed. * ShowINFO: after remove was successfully completed.
  • run all checks before start https://forums.whonix.org/t/system-wide-sandboxing-framework-sandbox-app-launcher/9008/325
  • Indentation (Thanks to madaidan!)
  • Use sal_is_run_with_root instead of extra id calls (Thanks to madaidan!)
  • Reordering (Thanks to madaidan!)
  • More robust checks (Thanks to madaidan!)
• security-misc
  • systemd RemainAfterExit=yes for better usability https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33
• systemcheck
  • Depends: replace bsdtar with libarchive-tools Thanks to @JeremyRand! https://github.com/Whonix/whonixcheck/pull/15
• tb-updater
  • alpha tbb_hardcoded_version=“10.5a14”
  • tbb_hardcoded_version=“10.0.16”
  • Depends: replace bsdtar with libarchive-tools Thanks to @JeremyRand! https://github.com/Whonix/whonixcheck/pull/15
• usability-misc
  • update signing key
• uwt
  • guess, tell user which package needs to be installed https://forums.whonix.org/t/whonix-workstation-xfce-15-0-1-5-4-sudo-git-uwtwrapper-uwt-wrapper-error-usr-bin-git-anondist-orig-does-not-exist/11399
  • improve output https://forums.whonix.org/t/whonix-workstation-xfce-15-0-1-5-4-sudo-git-uwtwrapper-uwt-wrapper-error-usr-bin-git-anondist-orig-does-not-exist/11399
• whonix-firewall
  • remove deprecated variable SOCKS_PORT_TBB_GPG
  • Whonix-Gateway firewall: implement INTERNAL_OPEN_PORTS Deprecate support for SOCKS_PORT_CUSTOM=" 9230 " syntax, use INTERNAL_OPEN_PORTS+=" 9230 " instead. refactoring / code simplification https://forums.whonix.org/t/internal-open-ports-setting/11404

Full difference of all changes

https://github.com/Whonix/Whonix/compare/15.0.1.7.2-developers-only...15.0.1.7.3-developers-only

(This forum post was previously a call for testers. No release critical bugs where found during the testing period. This forum post was therefore transformed into a stable release announcement. See edit history.)