From d62e2c7491518818dc042b67d44abaca5b7e09e8 Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Thu, 30 Sep 2021 11:59:56 -0400 Subject: [PATCH 1/4] SecureDrop 2.1.0-rc1 (cherry picked from commit 6a3feaa964039dfd664138a44f0c1b871a2f1fd6) --- changelog.md | 33 +++++++++++++++++++ .../files/changelog-focal | 4 +-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/changelog.md b/changelog.md index cf87909822..7ab1517804 100644 --- a/changelog.md +++ b/changelog.md @@ -2,7 +2,40 @@ ## 2.1.0~rc1 +### Web applications + +* Updated HTML time tags to use valid datetime formatting (#6075) +* Refactor web applications to consolidate source user creation and session management, and remove dependendencies on the system scrypt module in favour of equivalent functionality from the cryptography package (#5692, #5694, #5695) +* Updated confirmation message for successful replies in the Journalist Interface (#6102) +* Refactored Source Interface to improve accessibility, using semantic HTML and ARIA annotations (#5996, #6021, #6041, #6056, #6096) +* Increased default length of 2FA secrets from 80 to 160 bits (#5958) +* (Bugfix) Restricted length of source codenames stored in session to fit within standard session cookie (#6066) +* (Bugfix) Added a uniqueness condition for the web applications’ InstanceConfig (#5974) +* Removed the Javascript dependency for the user deletion confirmation modal dialog on the Journalist Interface (#5696) +* Updated Source Interface to use TLSv1.3 only when HTTPS is enabled (#5988) +* (Bugfix) Removed duplicate CSS class attribute from Source Interface index page (#6049) + +### Operations + +* Added script to repair Tails updater for Tails versions below 4.19 (#6110) +* Silenced low-priority fwupd-related OSSEC alerts (#6107) +* Removed superfluous Tails configuration chance to enforce preservation of filenames on decompression in Nautilus (#6079) +* Removed expired signing key from Securedrop keyring (#5979) +* Added option to restore from backup file manually transferred to server (#5909) +* Dependency updates: requests 2.22.0 to 2.26.0; urllib3 1.25.10 to 1.26.6; Ansible 2.9.21 to 2.9.26 (#6046, #6109) + +### Development +* (CI) Updated CircleCI configuration to use built-in branch filtering (#6086) +* Updated packaging logic to no longer treat default logo image as a conffile (#6101) +* (CI) Refactored test suite for increased parallelization (#6065, #6100, #6077) +* (CI) Added job to validate the web applications’ HTML (#6072, #6105) +* Improved the reliability of the staging provisioning playbook (#6088) +* (CI) Restricted long running staging-test-with-rebase job to run on nightlies and release candidate builds only (#6063) +* (CI) Updated updater-gui-tests job to use Python 3.7 (#6069) +* (CI) Updated CircleCI configuration to skip translation tests when not required (#6029) +* (CI) Updated CircleCI configuration to improve shellcheck filtering (#6028) +* Development dependency updates: pynacl 1.1.2 to 1.4.0; pillow 8.3.1 to 8.3.2; coverage 4.4.2 to 5.5; cryptography 3.2.1 to 3.4.7 (#6027, #6094, #6092, #5975) ## 2.0.2 diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index ab0e243a51..3b16ab5e32 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,8 +1,8 @@ securedrop-app-code (2.1.0~rc1+focal) focal; urgency=medium - * + * see changelog.md - -- SecureDrop Team Fri, 13 Aug 2021 10:55:14 -0400 + -- SecureDrop Team Thu, 30 Sep 2021 11:59:18 -0400 securedrop-app-code (2.0.2+focal) focal; urgency=medium From 6f60cef9f43f2b0dbd774db5c2648ea2ef465f2a Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Thu, 14 Oct 2021 08:29:18 -0700 Subject: [PATCH 2/4] SecureDrop 2.1.0-rc2 (cherry picked from commit f6945d5e3784a458ba5f01721077ee150447fe3b) --- changelog.md | 11 ++++++++++- install_files/ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-focal | 6 ++++++ molecule/builder-focal/tests/vars.yml | 2 +- securedrop/version.py | 2 +- setup.py | 2 +- 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/changelog.md b/changelog.md index 7ab1517804..7879c8e7ab 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,14 @@ # Changelog +## 2.1.0~rc2 + +### Development + +* Added upgrade of all packages early in install, for newest ca-certificates (#6120) +* Updated package build to use latest pip (21.3) rather than system pip for virtualenvs (#6141) +* Removed version check for "verify" command for securedrop-admin (#6134) +* Updated QA playbook for Focal apt sources (#6123) + ## 2.1.0~rc1 ### Web applications @@ -20,7 +29,7 @@ * Added script to repair Tails updater for Tails versions below 4.19 (#6110) * Silenced low-priority fwupd-related OSSEC alerts (#6107) * Removed superfluous Tails configuration chance to enforce preservation of filenames on decompression in Nautilus (#6079) -* Removed expired signing key from Securedrop keyring (#5979) +* Removed expired signing key from Securedrop keyring (#5979, #6138) * Added option to restore from backup file manually transferred to server (#5909) * Dependency updates: requests 2.22.0 to 2.26.0; urllib3 1.25.10 to 1.26.6; Ansible 2.9.21 to 2.9.26 (#6046, #6109) diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 9c201d73dd..e854ca5e40 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_version: "2.1.0~rc1" +securedrop_version: "2.1.0~rc2" securedrop_app_code_sdist_name: "securedrop-app-code-{{ securedrop_version | replace('~', '-') }}.tar.gz" grsecurity: true diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index 3b16ab5e32..06149a4373 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,3 +1,9 @@ +securedrop-app-code (2.1.0~rc2+focal) focal; urgency=medium + + * see changelog.md + + -- SecureDrop Team Thu, 14 Oct 2021 08:43:18 -0700 + securedrop-app-code (2.1.0~rc1+focal) focal; urgency=medium * see changelog.md diff --git a/molecule/builder-focal/tests/vars.yml b/molecule/builder-focal/tests/vars.yml index ce778f97b2..401582fceb 100644 --- a/molecule/builder-focal/tests/vars.yml +++ b/molecule/builder-focal/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "2.1.0~rc1" +securedrop_version: "2.1.0~rc2" ossec_version: "3.6.0" keyring_version: "0.1.5" config_version: "0.1.4" diff --git a/securedrop/version.py b/securedrop/version.py index 7c1530a7ef..3d613f84a3 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '2.1.0~rc1' +__version__ = '2.1.0~rc2' diff --git a/setup.py b/setup.py index 228e63e5d7..8caaade5be 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setuptools.setup( name="securedrop-app-code", - version="2.1.0~rc1", + version="2.1.0~rc2", author="Freedom of the Press Foundation", author_email="securedrop@freedom.press", description="SecureDrop Server", From fd4da61dcc90e92cadf805b59db7cd70574abd62 Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Tue, 19 Oct 2021 18:20:38 -0400 Subject: [PATCH 3/4] SecureDrop 2.1.0 (cherry picked from commit 7a229440423136526f48e49955590b70cbf36575) --- changelog.md | 15 +++++---------- .../ansible-base/group_vars/all/securedrop | 2 +- .../files/changelog-focal | 12 +++--------- molecule/builder-focal/tests/vars.yml | 2 +- molecule/shared/stable.ver | 2 +- securedrop/version.py | 2 +- setup.py | 2 +- 7 files changed, 13 insertions(+), 24 deletions(-) diff --git a/changelog.md b/changelog.md index 7879c8e7ab..465b396bac 100644 --- a/changelog.md +++ b/changelog.md @@ -1,15 +1,6 @@ # Changelog -## 2.1.0~rc2 - -### Development - -* Added upgrade of all packages early in install, for newest ca-certificates (#6120) -* Updated package build to use latest pip (21.3) rather than system pip for virtualenvs (#6141) -* Removed version check for "verify" command for securedrop-admin (#6134) -* Updated QA playbook for Focal apt sources (#6123) - -## 2.1.0~rc1 +## 2.1.0 ### Web applications @@ -31,6 +22,8 @@ * Removed superfluous Tails configuration chance to enforce preservation of filenames on decompression in Nautilus (#6079) * Removed expired signing key from Securedrop keyring (#5979, #6138) * Added option to restore from backup file manually transferred to server (#5909) +* Added upgrade of all packages early in install, for newest ca-certificates (#6120) +* Removed version check for "verify" command for securedrop-admin (#6134) * Dependency updates: requests 2.22.0 to 2.26.0; urllib3 1.25.10 to 1.26.6; Ansible 2.9.21 to 2.9.26 (#6046, #6109) ### Development @@ -45,6 +38,8 @@ * (CI) Updated CircleCI configuration to skip translation tests when not required (#6029) * (CI) Updated CircleCI configuration to improve shellcheck filtering (#6028) * Development dependency updates: pynacl 1.1.2 to 1.4.0; pillow 8.3.1 to 8.3.2; coverage 4.4.2 to 5.5; cryptography 3.2.1 to 3.4.7 (#6027, #6094, #6092, #5975) +* Updated package build to use latest pip (21.3) rather than system pip for virtualenvs (#6141) +* Updated QA playbook for Focal apt sources (#6123) ## 2.0.2 diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index e854ca5e40..662396667d 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_version: "2.1.0~rc2" +securedrop_version: "2.1.0" securedrop_app_code_sdist_name: "securedrop-app-code-{{ securedrop_version | replace('~', '-') }}.tar.gz" grsecurity: true diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index 06149a4373..8b261cd0b3 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,14 +1,8 @@ -securedrop-app-code (2.1.0~rc2+focal) focal; urgency=medium +securedrop-app-code (2.1.0+focal) focal; urgency=medium - * see changelog.md - - -- SecureDrop Team Thu, 14 Oct 2021 08:43:18 -0700 - -securedrop-app-code (2.1.0~rc1+focal) focal; urgency=medium - - * see changelog.md + * see changelog.md - -- SecureDrop Team Thu, 30 Sep 2021 11:59:18 -0400 + -- SecureDrop Team Tue, 19 Oct 2021 18:20:13 -0400 securedrop-app-code (2.0.2+focal) focal; urgency=medium diff --git a/molecule/builder-focal/tests/vars.yml b/molecule/builder-focal/tests/vars.yml index 401582fceb..666a9d944f 100644 --- a/molecule/builder-focal/tests/vars.yml +++ b/molecule/builder-focal/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "2.1.0~rc2" +securedrop_version: "2.1.0" ossec_version: "3.6.0" keyring_version: "0.1.5" config_version: "0.1.4" diff --git a/molecule/shared/stable.ver b/molecule/shared/stable.ver index e9307ca575..7ec1d6db40 100644 --- a/molecule/shared/stable.ver +++ b/molecule/shared/stable.ver @@ -1 +1 @@ -2.0.2 +2.1.0 diff --git a/securedrop/version.py b/securedrop/version.py index 3d613f84a3..a33997dd10 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '2.1.0~rc2' +__version__ = '2.1.0' diff --git a/setup.py b/setup.py index 8caaade5be..79428fd8ef 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setuptools.setup( name="securedrop-app-code", - version="2.1.0~rc2", + version="2.1.0", author="Freedom of the Press Foundation", author_email="securedrop@freedom.press", description="SecureDrop Server", From c6a9636d0c00ffdc78fd711948e18997b81b5a5e Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Wed, 20 Oct 2021 10:32:10 -0400 Subject: [PATCH 4/4] Updating version after 2.1.0 release --- changelog.md | 3 +++ install_files/ansible-base/group_vars/all/securedrop | 2 +- .../build-securedrop-app-code-deb-pkg/files/changelog-focal | 6 ++++++ molecule/builder-focal/tests/vars.yml | 2 +- securedrop/version.py | 2 +- setup.py | 2 +- 6 files changed, 13 insertions(+), 4 deletions(-) diff --git a/changelog.md b/changelog.md index 465b396bac..85a98de9d0 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,8 @@ # Changelog +## 2.2.0~rc1 + + ## 2.1.0 ### Web applications diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 662396667d..348044051d 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_version: "2.1.0" +securedrop_version: "2.2.0~rc1" securedrop_app_code_sdist_name: "securedrop-app-code-{{ securedrop_version | replace('~', '-') }}.tar.gz" grsecurity: true diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index 8b261cd0b3..ae5f758c26 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,3 +1,9 @@ +securedrop-app-code (2.2.0~rc1+focal) focal; urgency=medium + + * see changelog.md + + -- SecureDrop Team Wed, 20 Oct 2021 10:31:48 -0400 + securedrop-app-code (2.1.0+focal) focal; urgency=medium * see changelog.md diff --git a/molecule/builder-focal/tests/vars.yml b/molecule/builder-focal/tests/vars.yml index 666a9d944f..963834b55b 100644 --- a/molecule/builder-focal/tests/vars.yml +++ b/molecule/builder-focal/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "2.1.0" +securedrop_version: "2.2.0~rc1" ossec_version: "3.6.0" keyring_version: "0.1.5" config_version: "0.1.4" diff --git a/securedrop/version.py b/securedrop/version.py index a33997dd10..6d63946b71 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = '2.1.0' +__version__ = '2.2.0~rc1' diff --git a/setup.py b/setup.py index 79428fd8ef..e5e6ebb833 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setuptools.setup( name="securedrop-app-code", - version="2.1.0", + version="2.2.0~rc1", author="Freedom of the Press Foundation", author_email="securedrop@freedom.press", description="SecureDrop Server",