From 240c38feb16e02d005035214af7011b963ca74c5 Mon Sep 17 00:00:00 2001 From: heartsucker Date: Wed, 13 Feb 2019 17:58:29 +0100 Subject: [PATCH 1/5] SecureDrop 0.12.0~rc1 (cherry picked from commit a4f68d231e327ce808a9a97e73a1e01407614b29) --- changelog.md | 58 +++++++++++++++++++ .../files/changelog-trusty | 6 ++ .../files/changelog-xenial | 6 ++ 3 files changed, 70 insertions(+) diff --git a/changelog.md b/changelog.md index 0c3e7b6d51..239b89956f 100644 --- a/changelog.md +++ b/changelog.md @@ -2,6 +2,64 @@ ## 0.12.0~rc1 +### Web Application + +* Added toggle to show password for journalists on login (#3713) +* Prevented setting session cookies on API endpoints (#3876) +* Updated API to allow clients to set a reply's UUID (#3957) +* Changed GPG key generation to avoid leaking key creation date (#3912) +* Fixed race condition that caused all public keys to be exported by API (#4005) +* Added `filename` to payload when creating a reply via the API (#4047) +* Fix bug that caused internal server errors on malformed auth tokens (#4053) +* Added alert on journalist interface to alert when the operating system is out of date (#4027) +* Added journalist UUID to payload when creating an auth token via the API (#4081) +* Added GPG 2.1+ compatibility (#3622, #4013, #4038, #4035) +* Added OS information to metadata endpoint (#4059) + +### Operations + +* Removed hardcoded Ansible plugin `profile_tasks` (#2943) +* Removed `iptables` UID restrictions to allow `apt` to work correctly (#3952) +* Updated kernels to 4.4.167 and removed wireless support (#2726) +* Updated `cron-apt` remove action to occur after security (#4003) +* Updated AppArmor profile for Xenial (#3962) +* Removed common-auth PAM customizations (#3963) +* Updated `./securedrop-admin logs` command to log installed packages (#3967) and `cron-apt` logs (#4000) +* Explicitly declared onion services as v2 (#4092) +* Added ability to store both Trusty and Xenial Debian packages (#3961) +* Added ability to fetch upstream Tor Debian packages for inclusion in FPF repo (#4101) +* Run `haveged` confined on Xenial (#4098) +* Updated PaX flag management for on Apache on Xenial (#4110) + +### Developer Workflow + +* Fixed the QA data loader to prevent clobbering data (#3793) +* Added nested virtualized to CI (#3702) +* Moved to Vagrant 2.1.x (#3350) +* Fixed linting tasks on macOS (#3996) +* Added automatic re-running of flaky admin tests (#4004) +* Increased max line to 100 characters for Python files (#4006) +* Re-added static analysis and Python dependency checking to CI (#4033) +* Updated setuptools in CI (#4036) +* Added Trusty and Xenial test targets to CI (#3966) +* Moved CI nightly jobs to 4AM UTC (#4067) +* Fixed bug where failed CI runs were reported as successes (#4066) +* Fixed Xenial-specific errors in tests (#4037, #4039) +* Added 0.11.1 upgrade testing boxes (#4093) +* Ensured config test coverage on Xenial (#3964) + +### Documentation + +* Added documentation on how to test upgrades (#3832) +* Added documentation on how to set the locales (#3846) +* Added documentation for upgrading from 0.10.0 to 0.11.x (#3982) +* Added documentation on how to prepare the app and mon servers for upgrade to Xenial (#4044) +* Updated date where SecureDrop uses Ubuntu Trusty as default OS (#4062) +* Updated list of hardware recommendations to remove Gigabyte BRIX (#3197, #4075) and added updates to NUCs and Mac Minis (#3976) +* Added note about how dev can generate 2FA tokens (#4095) +* Removed old markdown redirect (#4097) +* Updated SecureDrop client references (#4102) + ## 0.11.1 ### Operations diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty index cce3ae4b44..b2128aad75 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty @@ -1,3 +1,9 @@ +securedrop-app-code (0.12.0~rc1-trusty) trusty; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 13 Feb 2019 16:55:27 +0000 + securedrop-app-code (0.12.0~rc1+trusty) trusty; urgency=medium * See changelog.md diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index f86444f29d..6f5ccf8a41 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,3 +1,9 @@ +securedrop-app-code (0.12.0~rc1-xenial) xenial; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 13 Feb 2019 16:55:40 +0000 + securedrop-app-code (0.12.0~rc1+xenial) xenial; urgency=medium * See changelog.md From adb4c46dba98f93090a46bdcc5a44f64db9a4372 Mon Sep 17 00:00:00 2001 From: heartsucker Date: Mon, 18 Feb 2019 09:16:32 +0000 Subject: [PATCH 2/5] SecureDrop 0.12.0~rc2 (cherry picked from commit 5db63ac7c7e59673060a16ab2f32b3b43e5330e8) --- changelog.md | 16 ++++++++++++++++ docs/conf.py | 4 ++-- docs/set_up_admin_tails.rst | 4 ++-- .../ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-trusty | 8 +++++++- .../files/changelog-xenial | 8 +++++++- install_files/securedrop-config/DEBIAN/control | 2 +- install_files/securedrop-keyring/DEBIAN/control | 2 +- .../securedrop-ossec-agent/DEBIAN/control | 2 +- .../securedrop-ossec-server/DEBIAN/control | 2 +- molecule/builder-trusty/tests/vars.yml | 2 +- securedrop/version.py | 2 +- 12 files changed, 41 insertions(+), 13 deletions(-) diff --git a/changelog.md b/changelog.md index 239b89956f..9d06f9b82f 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,21 @@ # Changelog +## 0.12.0~rc2 + +### Web Application + +* Updated language referenceing Tor button (#4131, #4141) + +### Developer Workflow + +* Fixed updated version script (#4146) + +### Operations + +* Fixed restore logic to ensure recreation of onion services (#3960, #4136) +* Added logic to conditionally update the `release-upgrades` prompt (#4104, #4142) +* Added logic to ensure packages required by Ansible are present on Xenial systems (#4109, #4143) + ## 0.12.0~rc1 ### Web Application diff --git a/docs/conf.py b/docs/conf.py index 63e933bc15..486439c28f 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '0.12.0~rc1' +version = '0.12.0~rc2' # The full version, including alpha/beta/rc tags. -release = '0.12.0~rc1' +release = '0.12.0~rc2' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/set_up_admin_tails.rst b/docs/set_up_admin_tails.rst index 182e1da408..7b0e9e3453 100644 --- a/docs/set_up_admin_tails.rst +++ b/docs/set_up_admin_tails.rst @@ -114,8 +114,8 @@ key: .. code:: sh cd ~/Persistent/securedrop/ - git checkout 0.12.0~rc1 - git tag -v 0.12.0~rc1 + git checkout 0.12.0~rc2 + git tag -v 0.12.0~rc2 You should see ``Good signature from "SecureDrop Release Signing Key"`` in the output of that last command along with the fingerprint above. diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index a9fd8d6802..37a469634e 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_app_code_version: "0.12.0~rc1" +securedrop_app_code_version: "0.12.0~rc2" grsecurity: true install_local_packages: false diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty index b2128aad75..7fb3895d79 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty @@ -1,4 +1,10 @@ -securedrop-app-code (0.12.0~rc1-trusty) trusty; urgency=medium +securedrop-app-code (0.12.0~rc2+trusty) trusty; urgency=medium + + * See changelog.md + + -- SecureDrop Team Mon, 18 Feb 2019 09:16:16 +0000 + +securedrop-app-code (0.12.0~rc1+trusty) trusty; urgency=medium * See changelog.md diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index 6f5ccf8a41..9b127424f5 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,4 +1,10 @@ -securedrop-app-code (0.12.0~rc1-xenial) xenial; urgency=medium +securedrop-app-code (0.12.0~rc2+xenial) xenial; urgency=medium + + * See changelog.md + + -- SecureDrop Team Mon, 18 Feb 2019 09:16:25 +0000 + +securedrop-app-code (0.12.0~rc1+xenial) xenial; urgency=medium * See changelog.md diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control index 71096bad8a..739db4154e 100644 --- a/install_files/securedrop-config/DEBIAN/control +++ b/install_files/securedrop-config/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-config -Version: 0.1.2+0.12.0~rc1 +Version: 0.1.2+0.12.0~rc2 Architecture: all Description: Establishes baseline system state for running SecureDrop. Configures apt repositories. diff --git a/install_files/securedrop-keyring/DEBIAN/control b/install_files/securedrop-keyring/DEBIAN/control index 5fa5553cac..729d0a5932 100644 --- a/install_files/securedrop-keyring/DEBIAN/control +++ b/install_files/securedrop-keyring/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-keyring -Version: 0.1.2+0.12.0~rc1 +Version: 0.1.2+0.12.0~rc2 Architecture: amd64 Depends: gnupg Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/install_files/securedrop-ossec-agent/DEBIAN/control b/install_files/securedrop-ossec-agent/DEBIAN/control index fcc76a2790..a98e0b9715 100644 --- a/install_files/securedrop-ossec-agent/DEBIAN/control +++ b/install_files/securedrop-ossec-agent/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-agent -Version: 3.0.0+0.12.0~rc1 +Version: 3.0.0+0.12.0~rc2 Architecture: amd64 Depends: ossec-agent,securedrop-keyring,securedrop-config Replaces: ossec-agent diff --git a/install_files/securedrop-ossec-server/DEBIAN/control b/install_files/securedrop-ossec-server/DEBIAN/control index 72115a6a50..b75913c3ec 100644 --- a/install_files/securedrop-ossec-server/DEBIAN/control +++ b/install_files/securedrop-ossec-server/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-server -Version: 3.0.0+0.12.0~rc1 +Version: 3.0.0+0.12.0~rc2 Architecture: amd64 Depends: ossec-server,securedrop-keyring,securedrop-config Replaces: ossec-server diff --git a/molecule/builder-trusty/tests/vars.yml b/molecule/builder-trusty/tests/vars.yml index 3cbe1c512a..5f50677072 100644 --- a/molecule/builder-trusty/tests/vars.yml +++ b/molecule/builder-trusty/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "0.12.0~rc1" +securedrop_version: "0.12.0~rc2" ossec_version: "3.0.0" keyring_version: "0.1.2" config_version: "0.1.2" diff --git a/securedrop/version.py b/securedrop/version.py index 0e2de20665..0b47ec3136 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '0.12.0~rc1' +__version__ = '0.12.0~rc2' From b188d8bcc024af565668697087f7821fbeaca55a Mon Sep 17 00:00:00 2001 From: heartsucker Date: Fri, 22 Feb 2019 18:36:36 +0000 Subject: [PATCH 3/5] SecureDrop 0.12.0~rc3 (cherry picked from commit 87838db74e270e62df368b941957800a488a8fa3) --- changelog.md | 11 +++++++++++ docs/conf.py | 4 ++-- docs/set_up_admin_tails.rst | 4 ++-- install_files/ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-trusty | 6 ++++++ .../files/changelog-xenial | 6 ++++++ install_files/securedrop-config/DEBIAN/control | 2 +- install_files/securedrop-keyring/DEBIAN/control | 2 +- install_files/securedrop-ossec-agent/DEBIAN/control | 2 +- install_files/securedrop-ossec-server/DEBIAN/control | 2 +- molecule/builder-trusty/tests/vars.yml | 2 +- securedrop/version.py | 2 +- 12 files changed, 34 insertions(+), 11 deletions(-) diff --git a/changelog.md b/changelog.md index 9d06f9b82f..9a3038d152 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,16 @@ # Changelog +## 0.12.0~rc3 + +### Web Application + +* Added instructions for disabling NoScript XSS because upload problem (#4078, #4159) + +### Operations + +* Ensured Tor is installed from FPF repo (#4175, #4169) +* Set Debian packages to only use explicitly declared conffiles (#4176, #4161) + ## 0.12.0~rc2 ### Web Application diff --git a/docs/conf.py b/docs/conf.py index 486439c28f..05d959c6ae 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '0.12.0~rc2' +version = '0.12.0~rc3' # The full version, including alpha/beta/rc tags. -release = '0.12.0~rc2' +release = '0.12.0~rc3' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/set_up_admin_tails.rst b/docs/set_up_admin_tails.rst index 7b0e9e3453..b0ba021215 100644 --- a/docs/set_up_admin_tails.rst +++ b/docs/set_up_admin_tails.rst @@ -114,8 +114,8 @@ key: .. code:: sh cd ~/Persistent/securedrop/ - git checkout 0.12.0~rc2 - git tag -v 0.12.0~rc2 + git checkout 0.12.0~rc3 + git tag -v 0.12.0~rc3 You should see ``Good signature from "SecureDrop Release Signing Key"`` in the output of that last command along with the fingerprint above. diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 37a469634e..3bd3c11435 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_app_code_version: "0.12.0~rc2" +securedrop_app_code_version: "0.12.0~rc3" grsecurity: true install_local_packages: false diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty index 7fb3895d79..2700e15ecc 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty @@ -1,3 +1,9 @@ +securedrop-app-code (0.12.0~rc3+trusty) trusty; urgency=medium + + * See changelog.md + + -- SecureDrop Team Fri, 22 Feb 2019 18:36:18 +0000 + securedrop-app-code (0.12.0~rc2+trusty) trusty; urgency=medium * See changelog.md diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index 9b127424f5..18afde794d 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,3 +1,9 @@ +securedrop-app-code (0.12.0~rc3+xenial) xenial; urgency=medium + + * See changelog.md + + -- SecureDrop Team Fri, 22 Feb 2019 18:36:27 +0000 + securedrop-app-code (0.12.0~rc2+xenial) xenial; urgency=medium * See changelog.md diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control index 739db4154e..9f39647d75 100644 --- a/install_files/securedrop-config/DEBIAN/control +++ b/install_files/securedrop-config/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-config -Version: 0.1.2+0.12.0~rc2 +Version: 0.1.2+0.12.0~rc3 Architecture: all Description: Establishes baseline system state for running SecureDrop. Configures apt repositories. diff --git a/install_files/securedrop-keyring/DEBIAN/control b/install_files/securedrop-keyring/DEBIAN/control index 729d0a5932..2422580faa 100644 --- a/install_files/securedrop-keyring/DEBIAN/control +++ b/install_files/securedrop-keyring/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-keyring -Version: 0.1.2+0.12.0~rc2 +Version: 0.1.2+0.12.0~rc3 Architecture: amd64 Depends: gnupg Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/install_files/securedrop-ossec-agent/DEBIAN/control b/install_files/securedrop-ossec-agent/DEBIAN/control index a98e0b9715..98ca02d716 100644 --- a/install_files/securedrop-ossec-agent/DEBIAN/control +++ b/install_files/securedrop-ossec-agent/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-agent -Version: 3.0.0+0.12.0~rc2 +Version: 3.0.0+0.12.0~rc3 Architecture: amd64 Depends: ossec-agent,securedrop-keyring,securedrop-config Replaces: ossec-agent diff --git a/install_files/securedrop-ossec-server/DEBIAN/control b/install_files/securedrop-ossec-server/DEBIAN/control index b75913c3ec..5a5719851b 100644 --- a/install_files/securedrop-ossec-server/DEBIAN/control +++ b/install_files/securedrop-ossec-server/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-server -Version: 3.0.0+0.12.0~rc2 +Version: 3.0.0+0.12.0~rc3 Architecture: amd64 Depends: ossec-server,securedrop-keyring,securedrop-config Replaces: ossec-server diff --git a/molecule/builder-trusty/tests/vars.yml b/molecule/builder-trusty/tests/vars.yml index 5f50677072..7ebe8c4ab9 100644 --- a/molecule/builder-trusty/tests/vars.yml +++ b/molecule/builder-trusty/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "0.12.0~rc2" +securedrop_version: "0.12.0~rc3" ossec_version: "3.0.0" keyring_version: "0.1.2" config_version: "0.1.2" diff --git a/securedrop/version.py b/securedrop/version.py index 0b47ec3136..79d509b814 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '0.12.0~rc2' +__version__ = '0.12.0~rc3' From 6d17f70684f37823f77e2eff54ec1ef81b3947da Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 27 Feb 2019 00:37:17 +0000 Subject: [PATCH 4/5] SecureDrop 0.12.0 (cherry picked from commit 1d92816adbcd82da5e7da571b4baa3a3affb8db8) --- changelog.md | 38 +++++-------------- docs/conf.py | 4 +- docs/set_up_admin_tails.rst | 4 +- .../ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-trusty | 22 +---------- .../files/changelog-xenial | 21 +--------- .../securedrop-config/DEBIAN/control | 2 +- .../securedrop-keyring/DEBIAN/control | 2 +- .../securedrop-ossec-agent/DEBIAN/control | 2 +- .../securedrop-ossec-server/DEBIAN/control | 2 +- molecule/builder-trusty/tests/vars.yml | 2 +- molecule/shared/stable.ver | 2 +- securedrop/version.py | 2 +- 13 files changed, 26 insertions(+), 79 deletions(-) diff --git a/changelog.md b/changelog.md index 9a3038d152..0f35117101 100644 --- a/changelog.md +++ b/changelog.md @@ -1,37 +1,13 @@ # Changelog -## 0.12.0~rc3 - -### Web Application - -* Added instructions for disabling NoScript XSS because upload problem (#4078, #4159) - -### Operations - -* Ensured Tor is installed from FPF repo (#4175, #4169) -* Set Debian packages to only use explicitly declared conffiles (#4176, #4161) - -## 0.12.0~rc2 - -### Web Application - -* Updated language referenceing Tor button (#4131, #4141) - -### Developer Workflow - -* Fixed updated version script (#4146) - -### Operations - -* Fixed restore logic to ensure recreation of onion services (#3960, #4136) -* Added logic to conditionally update the `release-upgrades` prompt (#4104, #4142) -* Added logic to ensure packages required by Ansible are present on Xenial systems (#4109, #4143) - -## 0.12.0~rc1 +## 0.12.0 ### Web Application +* Add Romanian and Icelandic as supported languages (#4187) * Added toggle to show password for journalists on login (#3713) +* Updated language referencing Tor button (#4131, #4141) +* Added instructions for disabling NoScript XSS because of upload problem (#4078, #4159) * Prevented setting session cookies on API endpoints (#3876) * Updated API to allow clients to set a reply's UUID (#3957) * Changed GPG key generation to avoid leaking key creation date (#3912) @@ -46,6 +22,11 @@ ### Operations * Removed hardcoded Ansible plugin `profile_tasks` (#2943) +* Fixed restore logic to ensure recreation of onion services (#3960, #4136) +* Added logic to conditionally update the `release-upgrades` prompt (#4104, #4142) +* Added logic to ensure packages required by Ansible are present on Xenial systems (#4109, #4143) +* Ensured Tor is installed from FPF repo (#4175, #4169) +* Set Debian packages to only use explicitly declared conffiles (#4176, #4161) * Removed `iptables` UID restrictions to allow `apt` to work correctly (#3952) * Updated kernels to 4.4.167 and removed wireless support (#2726) * Updated `cron-apt` remove action to occur after security (#4003) @@ -61,6 +42,7 @@ ### Developer Workflow * Fixed the QA data loader to prevent clobbering data (#3793) +* Fixed updated version script (#4146) * Added nested virtualized to CI (#3702) * Moved to Vagrant 2.1.x (#3350) * Fixed linting tasks on macOS (#3996) diff --git a/docs/conf.py b/docs/conf.py index 05d959c6ae..894b01bd4a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '0.12.0~rc3' +version = '0.12.0' # The full version, including alpha/beta/rc tags. -release = '0.12.0~rc3' +release = '0.12.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/set_up_admin_tails.rst b/docs/set_up_admin_tails.rst index b0ba021215..d5f8caea0b 100644 --- a/docs/set_up_admin_tails.rst +++ b/docs/set_up_admin_tails.rst @@ -114,8 +114,8 @@ key: .. code:: sh cd ~/Persistent/securedrop/ - git checkout 0.12.0~rc3 - git tag -v 0.12.0~rc3 + git checkout 0.12.0 + git tag -v 0.12.0 You should see ``Good signature from "SecureDrop Release Signing Key"`` in the output of that last command along with the fingerprint above. diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 3bd3c11435..6135890f86 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_app_code_version: "0.12.0~rc3" +securedrop_app_code_version: "0.12.0" grsecurity: true install_local_packages: false diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty index 2700e15ecc..679e157265 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty @@ -1,26 +1,8 @@ -securedrop-app-code (0.12.0~rc3+trusty) trusty; urgency=medium +securedrop-app-code (0.12.0+trusty) trusty; urgency=medium * See changelog.md - -- SecureDrop Team Fri, 22 Feb 2019 18:36:18 +0000 - -securedrop-app-code (0.12.0~rc2+trusty) trusty; urgency=medium - - * See changelog.md - - -- SecureDrop Team Mon, 18 Feb 2019 09:16:16 +0000 - -securedrop-app-code (0.12.0~rc1+trusty) trusty; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 13 Feb 2019 16:55:27 +0000 - -securedrop-app-code (0.12.0~rc1+trusty) trusty; urgency=medium - - * See changelog.md - - -- SecureDrop Team Thu, 13 Dec 2018 02:02:05 +0000 + -- SecureDrop Team Wed, 27 Feb 2019 00:36:47 +0000 securedrop-app-code (0.11.1) trusty; urgency=medium diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index 18afde794d..ac670d3ed6 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,23 +1,6 @@ -securedrop-app-code (0.12.0~rc3+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Fri, 22 Feb 2019 18:36:27 +0000 - -securedrop-app-code (0.12.0~rc2+xenial) xenial; urgency=medium +securedrop-app-code (0.12.0+xenial) xenial; urgency=medium * See changelog.md - -- SecureDrop Team Mon, 18 Feb 2019 09:16:25 +0000 - -securedrop-app-code (0.12.0~rc1+xenial) xenial; urgency=medium - - * See changelog.md - - -- SecureDrop Team Wed, 13 Feb 2019 16:55:40 +0000 - -securedrop-app-code (0.12.0~rc1+xenial) xenial; urgency=medium - - * See changelog.md + -- SecureDrop Team Wed, 27 Feb 2019 00:37:02 +0000 - -- SecureDrop Team Thu, 13 Dec 2018 02:02:05 +0000 diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control index 9f39647d75..82b1947d97 100644 --- a/install_files/securedrop-config/DEBIAN/control +++ b/install_files/securedrop-config/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-config -Version: 0.1.2+0.12.0~rc3 +Version: 0.1.2+0.12.0 Architecture: all Description: Establishes baseline system state for running SecureDrop. Configures apt repositories. diff --git a/install_files/securedrop-keyring/DEBIAN/control b/install_files/securedrop-keyring/DEBIAN/control index 2422580faa..84770dfcda 100644 --- a/install_files/securedrop-keyring/DEBIAN/control +++ b/install_files/securedrop-keyring/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-keyring -Version: 0.1.2+0.12.0~rc3 +Version: 0.1.2+0.12.0 Architecture: amd64 Depends: gnupg Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/install_files/securedrop-ossec-agent/DEBIAN/control b/install_files/securedrop-ossec-agent/DEBIAN/control index 98ca02d716..acc6e3bb99 100644 --- a/install_files/securedrop-ossec-agent/DEBIAN/control +++ b/install_files/securedrop-ossec-agent/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-agent -Version: 3.0.0+0.12.0~rc3 +Version: 3.0.0+0.12.0 Architecture: amd64 Depends: ossec-agent,securedrop-keyring,securedrop-config Replaces: ossec-agent diff --git a/install_files/securedrop-ossec-server/DEBIAN/control b/install_files/securedrop-ossec-server/DEBIAN/control index 5a5719851b..f914b28b6a 100644 --- a/install_files/securedrop-ossec-server/DEBIAN/control +++ b/install_files/securedrop-ossec-server/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-server -Version: 3.0.0+0.12.0~rc3 +Version: 3.0.0+0.12.0 Architecture: amd64 Depends: ossec-server,securedrop-keyring,securedrop-config Replaces: ossec-server diff --git a/molecule/builder-trusty/tests/vars.yml b/molecule/builder-trusty/tests/vars.yml index 7ebe8c4ab9..8b6bcb1fa8 100644 --- a/molecule/builder-trusty/tests/vars.yml +++ b/molecule/builder-trusty/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "0.12.0~rc3" +securedrop_version: "0.12.0" ossec_version: "3.0.0" keyring_version: "0.1.2" config_version: "0.1.2" diff --git a/molecule/shared/stable.ver b/molecule/shared/stable.ver index af88ba8248..ac454c6a1f 100644 --- a/molecule/shared/stable.ver +++ b/molecule/shared/stable.ver @@ -1 +1 @@ -0.11.1 +0.12.0 diff --git a/securedrop/version.py b/securedrop/version.py index 79d509b814..2c7bffbf86 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '0.12.0~rc3' +__version__ = '0.12.0' From fa24797550fbdea64cd6d0cef656234cea475b9d Mon Sep 17 00:00:00 2001 From: heartsucker Date: Wed, 27 Feb 2019 12:03:07 +0100 Subject: [PATCH 5/5] SecureDrop 0.13.0~rc1 --- changelog.md | 2 ++ docs/conf.py | 4 ++-- docs/set_up_admin_tails.rst | 4 ++-- install_files/ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-trusty | 6 ++++++ .../files/changelog-xenial | 6 ++++++ install_files/securedrop-config/DEBIAN/control | 2 +- install_files/securedrop-keyring/DEBIAN/control | 2 +- install_files/securedrop-ossec-agent/DEBIAN/control | 2 +- install_files/securedrop-ossec-server/DEBIAN/control | 2 +- molecule/builder-trusty/tests/vars.yml | 2 +- securedrop/version.py | 2 +- 12 files changed, 25 insertions(+), 11 deletions(-) diff --git a/changelog.md b/changelog.md index 0f35117101..e11d44d511 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ # Changelog +## 0.13.0~rc1 + ## 0.12.0 ### Web Application diff --git a/docs/conf.py b/docs/conf.py index 894b01bd4a..b34c0ce7de 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '0.12.0' +version = '0.13.0~rc1' # The full version, including alpha/beta/rc tags. -release = '0.12.0' +release = '0.13.0~rc1' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/set_up_admin_tails.rst b/docs/set_up_admin_tails.rst index d5f8caea0b..c925756d2b 100644 --- a/docs/set_up_admin_tails.rst +++ b/docs/set_up_admin_tails.rst @@ -114,8 +114,8 @@ key: .. code:: sh cd ~/Persistent/securedrop/ - git checkout 0.12.0 - git tag -v 0.12.0 + git checkout 0.13.0~rc1 + git tag -v 0.13.0~rc1 You should see ``Good signature from "SecureDrop Release Signing Key"`` in the output of that last command along with the fingerprint above. diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 6135890f86..83c07c7741 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_app_code_version: "0.12.0" +securedrop_app_code_version: "0.13.0~rc1" grsecurity: true install_local_packages: false diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty index 679e157265..134bf5096f 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-trusty @@ -1,3 +1,9 @@ +securedrop-app-code (0.13.0~rc1+trusty) trusty; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 27 Feb 2019 11:01:15 +0000 + securedrop-app-code (0.12.0+trusty) trusty; urgency=medium * See changelog.md diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial index ac670d3ed6..4b2acdf1c1 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-xenial @@ -1,3 +1,9 @@ +securedrop-app-code (0.13.0~rc1+xenial) xenial; urgency=medium + + * See changelog.md + + -- SecureDrop Team Wed, 27 Feb 2019 11:02:06 +0000 + securedrop-app-code (0.12.0+xenial) xenial; urgency=medium * See changelog.md diff --git a/install_files/securedrop-config/DEBIAN/control b/install_files/securedrop-config/DEBIAN/control index 82b1947d97..abee3880f1 100644 --- a/install_files/securedrop-config/DEBIAN/control +++ b/install_files/securedrop-config/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-config -Version: 0.1.2+0.12.0 +Version: 0.1.2+0.13.0~rc1 Architecture: all Description: Establishes baseline system state for running SecureDrop. Configures apt repositories. diff --git a/install_files/securedrop-keyring/DEBIAN/control b/install_files/securedrop-keyring/DEBIAN/control index 84770dfcda..e2d564da50 100644 --- a/install_files/securedrop-keyring/DEBIAN/control +++ b/install_files/securedrop-keyring/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-keyring -Version: 0.1.2+0.12.0 +Version: 0.1.2+0.13.0~rc1 Architecture: amd64 Depends: gnupg Description: Provides an apt keyring for SecureDrop-related packages, so the master signing key used for SecureDrop packages can be updated via apt. diff --git a/install_files/securedrop-ossec-agent/DEBIAN/control b/install_files/securedrop-ossec-agent/DEBIAN/control index acc6e3bb99..c9b0e3cad2 100644 --- a/install_files/securedrop-ossec-agent/DEBIAN/control +++ b/install_files/securedrop-ossec-agent/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-agent -Version: 3.0.0+0.12.0 +Version: 3.0.0+0.13.0~rc1 Architecture: amd64 Depends: ossec-agent,securedrop-keyring,securedrop-config Replaces: ossec-agent diff --git a/install_files/securedrop-ossec-server/DEBIAN/control b/install_files/securedrop-ossec-server/DEBIAN/control index f914b28b6a..92823f7f05 100644 --- a/install_files/securedrop-ossec-server/DEBIAN/control +++ b/install_files/securedrop-ossec-server/DEBIAN/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: SecureDrop Team Homepage: https://securedrop.org Package: securedrop-ossec-server -Version: 3.0.0+0.12.0 +Version: 3.0.0+0.13.0~rc1 Architecture: amd64 Depends: ossec-server,securedrop-keyring,securedrop-config Replaces: ossec-server diff --git a/molecule/builder-trusty/tests/vars.yml b/molecule/builder-trusty/tests/vars.yml index 8b6bcb1fa8..66c403a8d5 100644 --- a/molecule/builder-trusty/tests/vars.yml +++ b/molecule/builder-trusty/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "0.12.0" +securedrop_version: "0.13.0~rc1" ossec_version: "3.0.0" keyring_version: "0.1.2" config_version: "0.1.2" diff --git a/securedrop/version.py b/securedrop/version.py index 2c7bffbf86..f7c0bd53e3 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '0.12.0' +__version__ = '0.13.0~rc1'