diff --git a/Makefile b/Makefile index 8be175cd4c..e4e5fd0aef 100644 --- a/Makefile +++ b/Makefile @@ -39,6 +39,7 @@ update-python3-requirements: ## Update Python 3 requirements with pip-compile. --output-file requirements/python3/test-requirements.txt \ requirements/python3/test-requirements.in @$(DEVSHELL) pip-compile --generate-hashes \ + --allow-unsafe \ --output-file requirements/python3/securedrop-app-code-requirements.txt \ requirements/python3/securedrop-app-code-requirements.in diff --git a/admin/Makefile b/admin/Makefile index 9543b0921d..a5015f2a13 100644 --- a/admin/Makefile +++ b/admin/Makefile @@ -7,8 +7,8 @@ test: ## Run tox .PHONY: update-pip-requirements update-pip-requirements: ## Updates all Python requirements files via pip-compile. @echo "███ Updating admin pip requirements..." - @bin/dev-shell pip-compile --generate-hashes --output-file requirements.txt requirements.in requirements-ansible.in - @bin/dev-shell pip-compile --generate-hashes --output-file requirements-dev.txt requirements-dev.in + @bin/dev-shell pip-compile --allow-unsafe --generate-hashes --output-file requirements.txt requirements.in requirements-ansible.in + @bin/dev-shell pip-compile --allow-unsafe --generate-hashes --output-file requirements-dev.txt requirements-dev.in # Explaination of the below shell command should it ever break. # 1. Set the field separator to ": ##" and any make targets that might appear between : and ## diff --git a/admin/requirements-dev.txt b/admin/requirements-dev.txt index 389d4892d3..d4ff028529 100644 --- a/admin/requirements-dev.txt +++ b/admin/requirements-dev.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file=requirements-dev.txt requirements-dev.in +# pip-compile --allow-unsafe --generate-hashes --output-file=requirements-dev.txt requirements-dev.in # astroid==1.6.0 \ --hash=sha256:71dadba2110008e2c03f9fde662ddd2053db3c0489d0e03c94e828a0399edd4f \ @@ -168,6 +168,8 @@ wrapt==1.10.11 \ --hash=sha256:d4d560d479f2c21e1b5443bbd15fe7ec4b37fe7e53d335d3b9b0a7b1226fe3c6 \ # via astroid -# WARNING: The following packages were not pinned, but pip requires them to be -# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. -# setuptools==41.2.0 # via d2to1, pytest +# The following packages are considered to be unsafe in a requirements file: +setuptools==46.0.0 \ + --hash=sha256:2f00f25b780fbfd0787e46891dcccd805b08d007621f24629025f48afef444b5 \ + --hash=sha256:693e0504490ed8420522bf6bc3aa4b0da6a9f1c80c68acfb4e959275fd04cd82 \ + # via d2to1, pytest diff --git a/admin/requirements.in b/admin/requirements.in index 42baccaeed..bdd5c6ace2 100644 --- a/admin/requirements.in +++ b/admin/requirements.in @@ -1,2 +1,4 @@ +markupsafe>=1.1 prompt_toolkit==2.0.9 pyyaml>=5.1.2 +setuptools>=46.0.0 diff --git a/admin/requirements.txt b/admin/requirements.txt index 3b1f9ee837..363e583cae 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file=requirements.txt requirements-ansible.in requirements.in +# pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt requirements-ansible.in requirements.in # ansible==2.7.13 \ --hash=sha256:339c87a1bf9e8555ce1e1c1a9452d8ed1df240944ec1a3fc2e813e6c7d70aeae @@ -91,9 +91,40 @@ jinja2==2.10.1 \ --hash=sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013 \ --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b \ # via ansible -markupsafe==1.0 \ - --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ - # via jinja2 +markupsafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be netaddr==0.7.19 \ --hash=sha256:38aeec7cdd035081d3a4c306394b19d677623bf76fa0913f6695127c7753aefd \ --hash=sha256:56b3558bd71f3f6999e4c52e349f38660e54a7a8a9943335f73dfc96883e08ca @@ -160,6 +191,7 @@ wcwidth==0.1.7 \ --hash=sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c \ # via prompt-toolkit -# WARNING: The following packages were not pinned, but pip requires them to be -# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. -# setuptools==41.2.0 # via ansible +# The following packages are considered to be unsafe in a requirements file: +setuptools==46.0.0 \ + --hash=sha256:2f00f25b780fbfd0787e46891dcccd805b08d007621f24629025f48afef444b5 \ + --hash=sha256:693e0504490ed8420522bf6bc3aa4b0da6a9f1c80c68acfb4e959275fd04cd82 diff --git a/changelog.md b/changelog.md index 0c093543eb..a04239c3e5 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,15 @@ # Changelog +## 1.2.2~rc1 + +### Web Applications + +* Update psutil to 5.7.0 + +### Admin Tails workstation + +* Pin setuptools to requirements file (#5159) + ## 1.2.1 ### Web Applications diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 0ea9f84a12..e500ee1ba7 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,8 +2,8 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_app_code_version: "1.2.1" -securedrop_app_code_sdist_version: "securedrop-app-code-1.2.1" +securedrop_app_code_version: "1.2.2~rc1" +securedrop_app_code_sdist_version: "securedrop-app-code-1.2.2-rc1" securedrop_app_code_sdist_name: "{{ securedrop_app_code_sdist_version }}.tar.gz" grsecurity: true diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index 5b9ab5e057..717709c45a 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,3 +1,9 @@ +securedrop-app-code (1.2.2~rc1+xenial) xenial; urgency=medium + + * See changelog.md + + -- SecureDrop Team Fri, 13 Mar 2020 19:43:29 +0000 + securedrop-app-code (1.2.1+xenial) xenial; urgency=medium * See changelog.md diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control index 1b4f87eb28..15f3abb15a 100644 --- a/install_files/securedrop-config/DEBIAN/control +++ b/install_files/securedrop-config/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-config -Version: 0.1.3+1.2.1 +Version: 0.1.3+1.2.2~rc1 Architecture: all Description: Establishes baseline system state for running SecureDrop. Configures apt repositories. diff --git a/install_files/securedrop-keyring/DEBIAN/control b/install_files/securedrop-keyring/DEBIAN/control index 115ff2479b..ea164d09bc 100644 --- a/install_files/securedrop-keyring/DEBIAN/control +++ b/install_files/securedrop-keyring/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-keyring -Version: 0.1.3+1.2.1 +Version: 0.1.3+1.2.2~rc1 Architecture: amd64 Depends: gnupg Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/install_files/securedrop-ossec-agent/DEBIAN/control b/install_files/securedrop-ossec-agent/DEBIAN/control index 64666a082f..06b9ddac21 100644 --- a/install_files/securedrop-ossec-agent/DEBIAN/control +++ b/install_files/securedrop-ossec-agent/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-agent -Version: 3.0.0+1.2.1 +Version: 3.0.0+1.2.2~rc1 Architecture: amd64 Depends: ossec-agent,securedrop-keyring,securedrop-config Replaces: ossec-agent diff --git a/install_files/securedrop-ossec-server/DEBIAN/control b/install_files/securedrop-ossec-server/DEBIAN/control index bb6ec120b7..765e1134b1 100644 --- a/install_files/securedrop-ossec-server/DEBIAN/control +++ b/install_files/securedrop-ossec-server/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-server -Version: 3.0.0+1.2.1 +Version: 3.0.0+1.2.2~rc1 Architecture: amd64 Depends: ossec-server,securedrop-keyring,securedrop-config Replaces: ossec-server diff --git a/molecule/builder-xenial/image_hash b/molecule/builder-xenial/image_hash index b00bd469f3..7391c0dffe 100644 --- a/molecule/builder-xenial/image_hash +++ b/molecule/builder-xenial/image_hash @@ -1,2 +1,2 @@ -# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2020_02_19 -e1a0d8ba0248997cb5b6dd22a703e4b2cb0e356dde7f31f31e33bbce3bb7ec1e +# sha256 digest quay.io/freedomofpress/sd-docker-builder-xenial:2020_03_13 +4aa995f81652461e8bbd1e937440c103476f872f018df8b3ba5c62b8f315b3e7 diff --git a/molecule/builder-xenial/tests/vars.yml b/molecule/builder-xenial/tests/vars.yml index ab4719072f..9270046c60 100644 --- a/molecule/builder-xenial/tests/vars.yml +++ b/molecule/builder-xenial/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "1.2.1" +securedrop_version: "1.2.2~rc1" ossec_version: "3.0.0" keyring_version: "0.1.3" config_version: "0.1.3" diff --git a/securedrop/dockerfiles/xenial/python3/Dockerfile b/securedrop/dockerfiles/xenial/python3/Dockerfile index a391881996..86fd89d451 100644 --- a/securedrop/dockerfiles/xenial/python3/Dockerfile +++ b/securedrop/dockerfiles/xenial/python3/Dockerfile @@ -29,7 +29,7 @@ RUN curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x8 COPY ./tor_project_public.pub /opt/ -ENV TBB_VERSION 9.0.4 +ENV TBB_VERSION 9.0.5 RUN gpg --import /opt/tor_project_public.pub && \ wget https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz && \ wget https://www.torproject.org/dist/torbrowser/${TBB_VERSION}/tor-browser-linux64-${TBB_VERSION}_en-US.tar.xz.asc && \ diff --git a/securedrop/requirements/python3/develop-requirements.in b/securedrop/requirements/python3/develop-requirements.in index c264a69e28..f5aee90369 100644 --- a/securedrop/requirements/python3/develop-requirements.in +++ b/securedrop/requirements/python3/develop-requirements.in @@ -7,6 +7,7 @@ docker-py dnspython flake8 html-linter +markupsafe>=1.1 molecule>=2.22 mypy # Needed for ansible network filter @@ -15,12 +16,13 @@ netaddr # Now also pin pip due to https://github.com/jazzband/pip-tools/issues/853 pip==19.1 pip-tools>=4.0.0 +psutil>=5.6.6 pyenchant pylint pytest-xdist python-vagrant safety>=1.8.4 -setuptools +setuptools>=46.0.0 sphinx sphinx-autobuild sphinx_rtd_theme diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt index 4085afcb61..395a1d4bc7 100644 --- a/securedrop/requirements/python3/develop-requirements.txt +++ b/securedrop/requirements/python3/develop-requirements.txt @@ -310,9 +310,40 @@ livereload==2.5.1 \ --hash=sha256:422de10d7ea9467a1ba27cbaffa84c74b809d96fb1598d9de4b9b676adf35e2c \ --hash=sha256:5ed6506f5d526ee712da9f3739c27714e6f3376f3e481728d298efceae0ec83a \ # via sphinx-autobuild -markupsafe==1.0 \ - --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ - # via jinja2 +markupsafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be mccabe==0.6.1 \ --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42 \ --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f \ @@ -390,19 +421,18 @@ prompt_toolkit==2.0.9 \ --hash=sha256:11adf3389a996a6d45cc277580d0d53e8a5afd281d0c9ec71b28e6f121463780 \ --hash=sha256:2519ad1d8038fd5fc8e770362237ad0364d16a7650fb5724af6997ed5515e3c1 \ --hash=sha256:977c6583ae813a37dc1c2e1b715892461fcbdaa57f6fc62f33a528c4886c8f55 -psutil==5.4.6 \ - --hash=sha256:0ff2b16e9045d01edb1dd10d7fbcc184012e37f6cd38029e959f2be9c6223f50 \ - --hash=sha256:254adb6a27c888f141d2a6032ae231d8ed4fc5f7583b4c825e5f7d7c78d26d2e \ - --hash=sha256:319e12f6bae4d4d988fbff3bed792953fa3b44c791f085b0a1a230f755671ef7 \ - --hash=sha256:529ae235896efb99a6f77653a7138273ab701ec9f0343a1f5030945108dee3c4 \ - --hash=sha256:686e5a35fe4c0acc25f3466c32e716f2d498aaae7b7edc03e2305b682226bcf6 \ - --hash=sha256:6d981b4d863b20c8ceed98b8ac3d1ca7f96d28707a80845d360fa69c8fc2c44b \ - --hash=sha256:7789885a72aa3075d28d028236eb3f2b84d908f81d38ad41769a6ddc2fd81b7c \ - --hash=sha256:7f4616bcb44a6afda930cfc40215e5e9fa7c6896e683b287c771c937712fbe2f \ - --hash=sha256:7fdb3d02bfd68f508e6745021311a4a4dbfec53fca03721474e985f310e249ba \ - --hash=sha256:a9b85b335b40a528a8e2a6b549592138de8429c6296e7361892958956e6a73cf \ - --hash=sha256:dc85fad15ef98103ecc047a0d81b55bbf5fe1b03313b96e883acc2e2fa87ed5c \ - # via molecule +psutil==5.7.0 \ + --hash=sha256:1413f4158eb50e110777c4f15d7c759521703bd6beb58926f1d562da40180058 \ + --hash=sha256:298af2f14b635c3c7118fd9183843f4e73e681bb6f01e12284d4d70d48a60953 \ + --hash=sha256:60b86f327c198561f101a92be1995f9ae0399736b6eced8f24af41ec64fb88d4 \ + --hash=sha256:685ec16ca14d079455892f25bd124df26ff9137664af445563c1bd36629b5e0e \ + --hash=sha256:73f35ab66c6c7a9ce82ba44b1e9b1050be2a80cd4dcc3352cc108656b115c74f \ + --hash=sha256:75e22717d4dbc7ca529ec5063000b2b294fc9a367f9c9ede1f65846c7955fd38 \ + --hash=sha256:a02f4ac50d4a23253b68233b07e7cdb567bd025b982d5cf0ee78296990c22d9e \ + --hash=sha256:d008ddc00c6906ec80040d26dc2d3e3962109e40ad07fd8a12d0284ce5e0e4f8 \ + --hash=sha256:d84029b190c8a66a946e28b4d3934d2ca1528ec94764b180f7d6ea57b0e75e26 \ + --hash=sha256:e2d0c5b07c6fe5a87fa27b7855017edb0d52ee73b71e6ee368fae268605cc3f5 \ + --hash=sha256:f344ca230dd8e8d5eee16827596f1c22ec0876127c28e800d7ae20ed44c4b310 ptyprocess==0.5.2 \ --hash=sha256:e64193f0047ad603b71f202332ab5527c5e52aa7c8b609704fc28c0dc20c4365 \ --hash=sha256:e8c43b5eee76b2083a9badde89fd1bbce6c8942d1045146e100b7b5e014f4f1a \ @@ -648,6 +678,6 @@ zipp==0.6.0 \ pip==19.1 \ --hash=sha256:8f59b6cf84584d7962d79fd1be7a8ec0eb198aa52ea864896551736b3614eee9 \ --hash=sha256:d9137cb543d8a4d73140a3282f6d777b2e786bb6abb8add3ac5b6539c82cd624 -setuptools==41.4.0 \ - --hash=sha256:7eae782ccf36b790c21bde7d86a4f303a441cd77036b25c559a602cf5186ce4d \ - --hash=sha256:8d01f7ee4191d9fdcd9cc5796f75199deccb25b154eba82d44d6a042cf873670 +setuptools==46.0.0 \ + --hash=sha256:2f00f25b780fbfd0787e46891dcccd805b08d007621f24629025f48afef444b5 \ + --hash=sha256:693e0504490ed8420522bf6bc3aa4b0da6a9f1c80c68acfb4e959275fd04cd82 diff --git a/securedrop/requirements/python3/securedrop-app-code-requirements.in b/securedrop/requirements/python3/securedrop-app-code-requirements.in index 5dc921735b..bab7421756 100644 --- a/securedrop/requirements/python3/securedrop-app-code-requirements.in +++ b/securedrop/requirements/python3/securedrop-app-code-requirements.in @@ -8,15 +8,17 @@ Flask-WTF Flask>0.12.2 Jinja2>=2.10.1 jsmin +markupsafe>=1.1 mod_wsgi passlib pretty-bad-protocol>=3.1.1 -psutil +psutil>=5.6.6 pyotp qrcode redis>=3.3.6 rq>=1.1.0 scrypt +setuptools>=46.0.0 sh SQLAlchemy>=1.3.0 typing diff --git a/securedrop/requirements/python3/securedrop-app-code-requirements.txt b/securedrop/requirements/python3/securedrop-app-code-requirements.txt index 18ec13d3cc..045db81a6d 100644 --- a/securedrop/requirements/python3/securedrop-app-code-requirements.txt +++ b/securedrop/requirements/python3/securedrop-app-code-requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile --generate-hashes --output-file=requirements/python3/securedrop-app-code-requirements.txt requirements/python3/securedrop-app-code-requirements.in +# pip-compile --allow-unsafe --generate-hashes --output-file=requirements/python3/securedrop-app-code-requirements.txt requirements/python3/securedrop-app-code-requirements.in # alembic==0.9.9 \ --hash=sha256:85bd3ea7633024e4930900bc64fb58f9742dedbc6ebb6ecf25be2ea9a3c1b32e @@ -121,9 +121,40 @@ jsmin==2.2.2 \ mako==1.0.7 \ --hash=sha256:4e02fde57bd4abb5ec400181e4c314f56ac3e49ba4fb8b0d50bba18cb27d25ae \ # via alembic -markupsafe==1.0 \ - --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ - # via jinja2, mako +markupsafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be mod-wsgi==4.6.7 \ --hash=sha256:b788abaf0b903a64a7bb8dae609f2e4790c87e6f3d716aa6bc97936410fcbfcc passlib==1.7.1 \ @@ -131,16 +162,18 @@ passlib==1.7.1 \ --hash=sha256:43526aea08fa32c6b6dbbbe9963c4c767285b78147b7437597f992812f69d280 pretty-bad-protocol==3.1.1 \ --hash=sha256:fb73797eb6344e3680c919e2af367f9a019ee7c189d3ed7f5d843edde911f73b -psutil==5.4.3 \ - --hash=sha256:230eeb3aeb077814f3a2cd036ddb6e0f571960d327298cc914c02385c3e02a63 \ - --hash=sha256:4152ae231709e3e8b80e26b6da20dc965a1a589959c48af1ed024eca6473f60d \ - --hash=sha256:779ec7e7621758ca11a8d99a1064996454b3570154277cc21342a01148a49c28 \ - --hash=sha256:82a06785db8eeb637b349006cc28a92e40cd190fefae9875246d18d0de7ccac8 \ - --hash=sha256:8a15d773203a1277e57b1d11a7ccdf70804744ef4a9518a87ab8436995c31a4b \ - --hash=sha256:94d4e63189f2593960e73acaaf96be235dd8a455fe2bcb37d8ad6f0e87f61556 \ - --hash=sha256:a3286556d4d2f341108db65d8e20d0cd3fcb9a91741cb5eb496832d7daf2a97c \ - --hash=sha256:c91eee73eea00df5e62c741b380b7e5b6fdd553891bee5669817a3a38d036f13 \ - --hash=sha256:e2467e9312c2fa191687b89ff4bc2ad8843be4af6fb4dc95a7cc5f7d7a327b18 +psutil==5.7.0 \ + --hash=sha256:1413f4158eb50e110777c4f15d7c759521703bd6beb58926f1d562da40180058 \ + --hash=sha256:298af2f14b635c3c7118fd9183843f4e73e681bb6f01e12284d4d70d48a60953 \ + --hash=sha256:60b86f327c198561f101a92be1995f9ae0399736b6eced8f24af41ec64fb88d4 \ + --hash=sha256:685ec16ca14d079455892f25bd124df26ff9137664af445563c1bd36629b5e0e \ + --hash=sha256:73f35ab66c6c7a9ce82ba44b1e9b1050be2a80cd4dcc3352cc108656b115c74f \ + --hash=sha256:75e22717d4dbc7ca529ec5063000b2b294fc9a367f9c9ede1f65846c7955fd38 \ + --hash=sha256:a02f4ac50d4a23253b68233b07e7cdb567bd025b982d5cf0ee78296990c22d9e \ + --hash=sha256:d008ddc00c6906ec80040d26dc2d3e3962109e40ad07fd8a12d0284ce5e0e4f8 \ + --hash=sha256:d84029b190c8a66a946e28b4d3934d2ca1528ec94764b180f7d6ea57b0e75e26 \ + --hash=sha256:e2d0c5b07c6fe5a87fa27b7855017edb0d52ee73b71e6ee368fae268605cc3f5 \ + --hash=sha256:f344ca230dd8e8d5eee16827596f1c22ec0876127c28e800d7ae20ed44c4b310 pycparser==2.18 \ --hash=sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226 \ # via cffi @@ -200,3 +233,8 @@ werkzeug==0.16.0 \ wtforms==2.1 \ --hash=sha256:ffdf10bd1fa565b8233380cb77a304cd36fd55c73023e91d4b803c96bc11d46f \ # via flask-wtf + +# The following packages are considered to be unsafe in a requirements file: +setuptools==46.0.0 \ + --hash=sha256:2f00f25b780fbfd0787e46891dcccd805b08d007621f24629025f48afef444b5 \ + --hash=sha256:693e0504490ed8420522bf6bc3aa4b0da6a9f1c80c68acfb4e959275fd04cd82 diff --git a/securedrop/requirements/python3/test-requirements.in b/securedrop/requirements/python3/test-requirements.in index 5bc9c1f886..c7df65cea8 100644 --- a/securedrop/requirements/python3/test-requirements.in +++ b/securedrop/requirements/python3/test-requirements.in @@ -2,6 +2,7 @@ beautifulsoup4 blinker Flask-Testing flaky +markupsafe>=1.1 mock pillow pip-tools>=4.0.0 @@ -11,6 +12,7 @@ pytest-cov pytest-mock hypothesis requests[socks]>2.21.0 +setuptools>=46.0.0 selenium>=3.141.0 tbselenium>=0.4.2 pyvirtualdisplay diff --git a/securedrop/requirements/python3/test-requirements.txt b/securedrop/requirements/python3/test-requirements.txt index 4bcd735a4b..ff8a7a60b6 100644 --- a/securedrop/requirements/python3/test-requirements.txt +++ b/securedrop/requirements/python3/test-requirements.txt @@ -95,9 +95,40 @@ jinja2==2.10.1 \ --hash=sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013 \ --hash=sha256:14dd6caf1527abb21f08f86c784eac40853ba93edb79552aa1e4b8aef1b61c7b \ # via flask -markupsafe==1.0 \ - --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665 \ - # via jinja2 +markupsafe==1.1.1 \ + --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \ + --hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \ + --hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \ + --hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \ + --hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \ + --hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \ + --hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \ + --hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \ + --hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \ + --hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \ + --hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \ + --hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \ + --hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \ + --hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \ + --hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \ + --hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \ + --hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \ + --hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \ + --hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \ + --hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \ + --hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \ + --hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \ + --hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \ + --hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \ + --hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \ + --hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \ + --hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \ + --hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \ + --hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \ + --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \ + --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \ + --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \ + --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be mock==2.0.0 \ --hash=sha256:5ce3c71c5545b472da17b72268978914d0252980348636840bd34a00b5cc96c1 \ --hash=sha256:b158b6df76edd239b8208d481dc46b6afd45a846b7812ff0ce58971cf5bc8bba @@ -194,7 +225,6 @@ zipp==0.5.1 \ # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: -setuptools==41.4.0 \ - --hash=sha256:7eae782ccf36b790c21bde7d86a4f303a441cd77036b25c559a602cf5186ce4d \ - --hash=sha256:8d01f7ee4191d9fdcd9cc5796f75199deccb25b154eba82d44d6a042cf873670 \ - # via pytest +setuptools==46.0.0 \ + --hash=sha256:2f00f25b780fbfd0787e46891dcccd805b08d007621f24629025f48afef444b5 \ + --hash=sha256:693e0504490ed8420522bf6bc3aa4b0da6a9f1c80c68acfb4e959275fd04cd82 diff --git a/securedrop/version.py b/securedrop/version.py index 3f262a6347..1b4167bc8c 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '1.2.1' +__version__ = '1.2.2~rc1' diff --git a/setup.py b/setup.py index 7429b61440..916bfda23f 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setuptools.setup( name="securedrop-app-code", - version="1.2.1", + version="1.2.2~rc1", author="Freedom of the Press Foundation", author_email="securedrop@freedom.press", description="SecureDrop Server",