Skip to content

Commit

Permalink
Merge pull request #7391 from freedomofpress/bump-release-2_11_0-ver
Browse files Browse the repository at this point in the history
Update version to 2.11.0
  • Loading branch information
legoktm authored Dec 17, 2024
2 parents bb5ae24 + c6fbdca commit 9645e52
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 42 deletions.
6 changes: 5 additions & 1 deletion builder/tests/test_securedrop_deb_package.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,11 @@
SECUREDROP_ROOT = Path(
subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode().strip()
)
DEB_PATHS = list((SECUREDROP_ROOT / f"build/{UBUNTU_VERSION}").glob("*.deb"))
DEB_PATHS = [
pkg
for pkg in (SECUREDROP_ROOT / f"build/{UBUNTU_VERSION}").glob("*.deb")
if "dbgsym" not in pkg.name
]
PYTHON_VERSION = {"focal": "8", "noble": "12"}[UBUNTU_VERSION]
SITE_PACKAGES = f"/opt/venvs/securedrop-app-code/lib/python3.{PYTHON_VERSION}/site-packages"

Expand Down
50 changes: 22 additions & 28 deletions changelog.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,33 @@
# Changelog

## 2.11.0~rc2

* Address translators' feedback on UI strings (#7370)
* Improve output of Ubuntu Noble pre-migration check script (#7369)
* Run `securedrop-remove-packages` hourly instead of daily (#7377)
* Allow `apache2` to read `/etc/securedrop-noble-migration.json` under AppArmor (#7378)
* Remove stray Ubuntu file `/etc/apt/apt.conf.d/zzzz-temp-installer-unattended-upgrade` if it exists (#7380)

## 2.11.0~rc1
## 2.11.0

The main focus for this release was to prepare SecureDrop servers for upgrading
to Ubuntu 24.04 (Noble) next year. Other maintenance changes are also included.

### Ubuntu 24.04 (Noble) upgrade

* Support building packages on noble (#7273, #7247, #7319)
* Add a noble migration check script (#7334, #7363)
* Use Type=exec instead of Type=oneshot for systemd units (#7350)
* Add a noble migration check script (#7334, #7363, #7369, #7378)
* Use `Type=exec` instead of `Type=oneshot` for systemd units (#7350)
* Make Ansible variables distro-agnostic (#7356)
* Apply grsec_lock once only (#7353)
* Stop setting vm.heap_stack_gap and net.ipv4 sysctl flags via Ansible (#7324)
* Use "sdssh" group instead of internal-only "ssh" group for access control (#7317, #7355)
* Apply `grsec_lock` once only (#7353)
* Stop setting `vm.heap_stack_gap` and `net.ipv4 sysctl` flags via Ansible (#7324)
* Use `sdssh` group instead of internal-only `ssh` group for access control (#7317, #7355)
* Add timed job to clean out old OSSEC diff and state files (#7327)
* Remove ufw from new and existing installs (#7315)
* Remove ufw from new and existing installs (#7315, #7377)
* Update apache config templates to be distro-agnostic (#7301)
* Install backup script on app server via Debian package (#7331)
* Ensure sources.list is absent on noble (#7342)
* Overwrite sources.list.d/ubuntu.sources on noble (#7307)
* Ensure `sources.list` is absent on noble (#7342)
* Overwrite `sources.list.d/ubuntu.sources` on noble (#7307)

### Web applications

* Add a banner in the Journalist Interface, in preparation for the noble migration (#7348)
* Use sqlalchemy.LargeBinary instead of deprecated Binary (#7264)
* Use `sqlalchemy.LargeBinary` instead of deprecated `Binary` (#7264)
* Upgrade sequoia-openpgp from 1.21.1 to 1.21.2 (#7248)
* Import escape from markupsafe, not flask (#7252)
* Update UI strings based on translator feedback (#7370)
* Ignore safety alerts:
* ignore Safety 73711 in cryptography (#7339)
* ignore Safety 73889, 73969 in werkzeug (#7361)
Expand All @@ -45,27 +38,28 @@ to Ubuntu 24.04 (Noble) next year. Other maintenance changes are also included.
* Replace reboot-flag cron job with a systemd timer (#7337)
* Remove haveged package, if installed (#7335, 7341)
* Don't install apt-transport-https transitional package (#7303)
* Remove unused Ansible restrict_direct_access_{app,mon} roles (#7302)
* Remove unused Ansible sysctl_flags_ipv6 variables (#7300)
* Prompt "sdadmin" for the default SSH username (#7309)
* Remove unused load_iptables script (#7282)
* Remove unused Ansible `restrict_direct_access_{app,mon}` roles (#7302)
* Remove unused Ansible `sysctl_flags_ipv6 variables` (#7300)
* Prompt `sdadmin` for the default SSH username (#7309)
* Remove unused `load_iptables` script (#7282)
* Remove unused SSHd config from cloud-init (#7318)
* Remove stray Ubuntu file `/etc/apt/apt.conf.d/zzzz-temp-installer-unattended-upgrade` if it exists (#7380)

### Development and CI

* Publish versions of packages with debug symbols (#7347, #7365)
* Preserve screenshots from translation test CI job (#7240)
* Make backport.py more flexible for complex pull requests (#7260)
* Make `backport.py` more flexible for complex pull requests (#7260)
* Install xz-utils in diffoscope CI job (#7344)
* Don't return True from test_swap_disabled for monitor server, skip test instead (#7320)
* Don't return `True` from `test_swap_disabled` for monitor server, skip test instead (#7320)
* Run admin CI tests on bookworm (#7212)
* Use a single pass in ansible to install local packages (#7261)
* Upgrade tbselenium from 0.8.1 to 0.9.0 (#7274, #7271)
* Update geckodriver from 0.33.0 to 0.35.0 (#7268)
* Standardize git message formats in version updater (#7263)
* Speed up update-python3-dependencies using uv (#7234)
* Speed up `update-python3-dependencies` Makefile target using uv (#7234)
* Upgrade ruff, remove black, add ruff formatting fixes (#7233, #7246)
* Remove unused devops/scripts/aws-jenkins-venv.sh (#7238)
* Remove unused `devops/scripts/aws-jenkins-venv.sh` (#7238)
* Ignore safety alerts:
* Ignore CVE-2024-8775 in ansible-core (#7269)
* Update dependencies:
Expand All @@ -77,8 +71,8 @@ to Ubuntu 24.04 (Noble) next year. Other maintenance changes are also included.
* Support noble dev environment (#7249)
* Run basic lint CI against Ubuntu noble and Python 3.12 (#7242)
* Remove tests checking that no apparmor profiles are complaining (#7308)
* Remove test_securedrop_application_apt_dependencies test (#7305)
* Inspect grsec_lock as root in testinfra (#7304)
* Remove `test_securedrop_application_apt_dependencies` test (#7305)
* Inspect `grsec_lock` as root in testinfra (#7304)
* Upgrade paramiko from 2.7.2 to 2.10.6 (#7280, #7321)

## 2.10.1
Expand Down
2 changes: 1 addition & 1 deletion install_files/ansible-base/group_vars/all/securedrop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Variables that apply to both the app and monitor server go in this file
# If the monitor or app server need different values define the variable in
# hosts_vars/app.yml or host_vars/mon.yml
securedrop_version: "2.11.0~rc2"
securedrop_version: "2.11.0"
securedrop_app_code_sdist_name: "securedrop-app-code-{{ securedrop_version | replace('~', '-') }}.tar.gz"

grsecurity: true
Expand Down
2 changes: 1 addition & 1 deletion molecule/shared/stable.ver
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.10.1
2.11.0
12 changes: 3 additions & 9 deletions securedrop/debian/changelog
Original file line number Diff line number Diff line change
@@ -1,14 +1,8 @@
securedrop (2.11.0~rc2) unstable; urgency=medium
securedrop (2.11.0) unstable; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Wed, 11 Dec 2024 14:27:30 -0800

securedrop (2.11.0~rc1) unstable; urgency=medium

* see changelog.md
* see changelog.md

-- SecureDrop Team <[email protected]> Mon, 09 Dec 2024 17:38:39 -0500
-- SecureDrop Team <[email protected]> Tue, 17 Dec 2024 15:35:07 -0500

securedrop (2.10.1+focal) focal; urgency=medium

Expand Down
2 changes: 1 addition & 1 deletion securedrop/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

setuptools.setup(
name="securedrop-app-code",
version="2.11.0~rc2",
version="2.11.0",
author="Freedom of the Press Foundation",
author_email="[email protected]",
description="SecureDrop Server",
Expand Down
2 changes: 1 addition & 1 deletion securedrop/version.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "2.11.0~rc2"
__version__ = "2.11.0"

0 comments on commit 9645e52

Please sign in to comment.