commit
1738afc6e3
|
@ -0,0 +1,59 @@
|
||||||
|
Creating a release
|
||||||
|
==================
|
||||||
|
|
||||||
|
This document is documentation intednded for maintainers of Barrier.
|
||||||
|
It documents the release process of Barrier.
|
||||||
|
|
||||||
|
Step 1: Setup environment variables
|
||||||
|
-----------------------------------
|
||||||
|
|
||||||
|
Setup the following environment variable that will be used throughout the rest of the steps.
|
||||||
|
|
||||||
|
export VERSION=X.Y.Z
|
||||||
|
|
||||||
|
Step 2: Release notes PR
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
Open a new branch (e.g. `release`) and run the following:
|
||||||
|
|
||||||
|
towncrier --version ${VERSION} --date `date -u +%F`
|
||||||
|
|
||||||
|
This collects the release notes using the `towncrier` tool. Please commit the collected release
|
||||||
|
notes afterwards.
|
||||||
|
|
||||||
|
Certain file names are not properly supported by the `towncrier` tool and it ignores them.
|
||||||
|
Check `newsfragments` directory for any forgotten release notes
|
||||||
|
|
||||||
|
Step 3: Merge the release notes PR
|
||||||
|
----------------------------------
|
||||||
|
|
||||||
|
Step 4: Push git tag
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
Pull the merge commit created on the `master` branch during the step 2.
|
||||||
|
|
||||||
|
Create a tag:
|
||||||
|
|
||||||
|
git tag -s v${VERSION} -m v${VERSION}
|
||||||
|
|
||||||
|
Push the tag:
|
||||||
|
|
||||||
|
git push origin master --tags
|
||||||
|
|
||||||
|
|
||||||
|
Step 5: Draft a new release on Github
|
||||||
|
-------------------------------------
|
||||||
|
|
||||||
|
Go to https://github.com/buildbot/buildbot/releases and draft a new release.
|
||||||
|
|
||||||
|
Use git tag as the title of the release: `vX.Y.Z`.
|
||||||
|
|
||||||
|
Use the release notes generated by the `towncrier` tool as the description of the releases.
|
||||||
|
|
||||||
|
Upload the artifacts created by Azure pipelines as the binaries of the release. The following
|
||||||
|
artifacts should be uploaded to Github:
|
||||||
|
|
||||||
|
- the Barrier-X.Y.Z-release.dmg created by the oldest Mac OS task (artifact name is
|
||||||
|
"Mac Release Disk Image and App XYZ").
|
||||||
|
|
||||||
|
- the BarrierSetup-X.Y.Z-release.exe (artifact name is Windows Release Installer).
|
|
@ -114,4 +114,4 @@ jobs:
|
||||||
condition: eq(variables['B_BUILD_TYPE'], 'Release')
|
condition: eq(variables['B_BUILD_TYPE'], 'Release')
|
||||||
inputs:
|
inputs:
|
||||||
pathtoPublish: build/bundle
|
pathtoPublish: build/bundle
|
||||||
artifactName: Mac Release Disk Image and App
|
artifactName: Mac Release Disk Image and App $(imageName)
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
This is the directory for news snippets used by towncrier: https://github.com/twisted/towncrier
|
This is the directory for release note fragments processed by
|
||||||
|
[towncrier](https://github.com/hawkowl/towncrier).
|
||||||
|
|
||||||
When changing code in a way that's visible to an end user please make a new file in this directory.
|
When making a user-visible change create a file in this directory and it will be automatically be
|
||||||
It will be removed and integrated into release notes document upon a release of a new version of
|
included into the release note document when the next release is published.
|
||||||
Barrier.
|
|
||||||
|
|
||||||
towncrier has a few standard types of news fragments, signified by the file extension. These are:
|
The file extension specifies the type of a change. The following are currently supported:
|
||||||
|
|
||||||
.feature: Signifying a new feature.
|
- .feature: a new feature.
|
||||||
.bugfix: Signifying a bug fix.
|
- .bugfix: a bug fix.
|
||||||
.doc: Signifying a documentation improvement.
|
- .security: a fix for security issue.
|
||||||
.removal: Signifying a deprecation or removal of public API.
|
- .doc: a documentation improvement.
|
||||||
|
- .removal: a deprecation or removal of functionality.
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Fix build failure on mips*el and riscv64 architecture.
|
|
|
@ -1,7 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
|
|
||||||
|
|
||||||
To support seamless upgrades from older versions of Barrier this is currently disabled by default.
|
|
||||||
The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
|
|
||||||
rejected.
|
|
|
@ -1 +0,0 @@
|
||||||
Barrier client now sends certificate that the server can verify.
|
|
|
@ -1,6 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
|
|
||||||
|
|
||||||
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
|
|
||||||
to receive new connections from clients.
|
|
|
@ -1 +0,0 @@
|
||||||
Fixed reading of configuration on Windows when the paths contain non-ASCII characters (https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974, https://github.com/debauchee/barrier/issues/444).
|
|
|
@ -1 +0,0 @@
|
||||||
Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
|
|
|
@ -1 +0,0 @@
|
||||||
Added `--drop-target` option that improves drag and drop support on Windows when Barrier is being run as a portable app.
|
|
|
@ -1,2 +0,0 @@
|
||||||
The `--enable-crypto` command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line.
|
|
||||||
A new `--disable-crypto` command line option has been added to explicitly disable encryption.
|
|
|
@ -1,6 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
|
|
||||||
|
|
||||||
Previously it was possible for a malicious client or server to send excessive length messages
|
|
||||||
leading to denial of service by resource exhaustion.
|
|
|
@ -1,3 +0,0 @@
|
||||||
Added support for randomart images for easier comparison of SSL
|
|
||||||
certificate fingerprints. The algorithm is identical to what
|
|
||||||
OpenSSH uses.
|
|
|
@ -1,4 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
|
|
||||||
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
|
|
|
@ -1 +0,0 @@
|
||||||
Map more X11 clipboard MIME types to corresponding converters (https://github.com/debauchee/barrier/issues/344).
|
|
|
@ -1 +0,0 @@
|
||||||
Implemented a configuration option for Server GUI auto-start.
|
|
|
@ -1 +0,0 @@
|
||||||
Fixed setup of multiple actions associated with a hotkey.
|
|
|
@ -1 +0,0 @@
|
||||||
Fixed setup of hotkeys with special characters such as comma and semicolon (https://github.com/debauchee/barrier/issues/778).
|
|
|
@ -1 +0,0 @@
|
||||||
Made it possible to use keyboard instead of mouse to modify screen layout.
|
|
|
@ -1 +0,0 @@
|
||||||
Added support for keyboard backlight media keys
|
|
|
@ -1 +0,0 @@
|
||||||
Added support for Eisu_toggle and Muhenkan keys
|
|
|
@ -1 +0,0 @@
|
||||||
Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (https://github.com/debauchee/barrier/issues/527).
|
|
|
@ -1 +0,0 @@
|
||||||
Added `--profile-dir` option that allows to select custom profile directory.
|
|
|
@ -1 +0,0 @@
|
||||||
Barrier will now regenerate server certificate if it's invalid instead of failing to launch (https://github.com/debauchee/barrier/issues/802)
|
|
|
@ -1,4 +0,0 @@
|
||||||
Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
|
|
||||||
After upgrading client to new version the existing server fingerprint will need to be approved again.
|
|
||||||
Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability
|
|
||||||
with older versions of Barrier.
|
|
|
@ -1,2 +0,0 @@
|
||||||
Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
|
|
||||||
under heavy load.
|
|
|
@ -1 +0,0 @@
|
||||||
Added support for additional keys on Sun Microsystems USB keyboards (https://github.com/debauchee/barrier/issues/784).
|
|
|
@ -1 +0,0 @@
|
||||||
Updated Chinese translation.
|
|
|
@ -1 +0,0 @@
|
||||||
Updated Slovak translation.
|
|
|
@ -1 +0,0 @@
|
||||||
Theme icons are now preferred to icons distributed together with Barrier (https://github.com/debauchee/barrier/issues/471).
|
|
|
@ -1 +0,0 @@
|
||||||
Fixed incorrect setup of Barrier service path on Windows.
|
|
|
@ -0,0 +1,94 @@
|
||||||
|
Release notes
|
||||||
|
=============
|
||||||
|
|
||||||
|
[comment]: <> (towncrier release notes start)
|
||||||
|
|
||||||
|
Barrier `2.4.0` ( `2021-11-01` )
|
||||||
|
================================
|
||||||
|
|
||||||
|
Security fixes
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
|
||||||
|
|
||||||
|
Previously a malicious client could connect to Barrier server without any authentication and
|
||||||
|
send application-level messages. This made the attack surface of Barrier significantly larger.
|
||||||
|
Additionally, in case the malicious client got possession of a valid screen name by brute forcing
|
||||||
|
or other means it could modify the clipboard contents of the server.
|
||||||
|
|
||||||
|
To support seamless upgrades from older versions of Barrier this is currently disabled by default.
|
||||||
|
The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
|
||||||
|
rejected.
|
||||||
|
|
||||||
|
- Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
|
||||||
|
After upgrading client to new version the existing server fingerprint will need to be approved
|
||||||
|
again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
|
||||||
|
interoperability with older versions of Barrier.
|
||||||
|
|
||||||
|
Bug fixes
|
||||||
|
---------
|
||||||
|
|
||||||
|
- Fixed build failure on mips*el and riscv64 architecture.
|
||||||
|
- Fixed reading of configuration on Windows when the paths contain non-ASCII characters
|
||||||
|
(https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974,
|
||||||
|
https://github.com/debauchee/barrier/issues/444).
|
||||||
|
- Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
|
||||||
|
- More X11 clipboard MIME types have been mapped to corresponding converters (https://github.com/debauchee/barrier/issues/344).
|
||||||
|
- Fixed setup of multiple actions associated with a hotkey.
|
||||||
|
- Fixed setup of hotkeys with special characters such as comma and semicolon
|
||||||
|
(https://github.com/debauchee/barrier/issues/778).
|
||||||
|
- Fixed transfer of non-ASCII characters coming from a Windows server in certain cases
|
||||||
|
(https://github.com/debauchee/barrier/issues/527).
|
||||||
|
- Barrier will now regenerate server certificate if it's invalid instead of failing to launch
|
||||||
|
(https://github.com/debauchee/barrier/issues/802)
|
||||||
|
- Added support for additional keys on Sun Microsystems USB keyboards
|
||||||
|
(https://github.com/debauchee/barrier/issues/784).
|
||||||
|
- Updated Chinese translation.
|
||||||
|
- Updated Slovak translation.
|
||||||
|
- Theme icons are now preferred to icons distributed together with Barrier
|
||||||
|
(https://github.com/debauchee/barrier/issues/471).
|
||||||
|
- Fixed incorrect setup of Barrier service path on Windows.
|
||||||
|
|
||||||
|
Features
|
||||||
|
--------
|
||||||
|
|
||||||
|
- Added `--drop-target` option that improves drag and drop support on Windows when Barrier is
|
||||||
|
being run as a portable app.
|
||||||
|
- The `--enable-crypto` command line option has been made the default to reduce chances of
|
||||||
|
accidental security mishaps when configuring Barrier from command line.
|
||||||
|
A new `--disable-crypto` command line option has been added to explicitly disable encryption.
|
||||||
|
- Added support for randomart images for easier comparison of SSL certificate fingerprints.
|
||||||
|
The algorithm is identical to what OpenSSH uses.
|
||||||
|
- Implemented a configuration option for Server GUI auto-start.
|
||||||
|
- Made it possible to use keyboard instead of mouse to modify screen layout.
|
||||||
|
- Added support for keyboard backlight media keys
|
||||||
|
- Added support for Eisu_toggle and Muhenkan keys
|
||||||
|
- Added `--profile-dir` option that allows to select custom profile directory.
|
||||||
|
|
||||||
|
Barrier `2.3.4` ( `2021-11-01` )
|
||||||
|
================================
|
||||||
|
|
||||||
|
Security fixes
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
|
||||||
|
|
||||||
|
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
|
||||||
|
to receive new connections from clients.
|
||||||
|
|
||||||
|
- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
|
||||||
|
|
||||||
|
Previously it was possible for a malicious client or server to send excessive length messages
|
||||||
|
leading to denial of service by resource exhaustion.
|
||||||
|
|
||||||
|
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
|
||||||
|
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
|
||||||
|
|
||||||
|
All of the above security issues have been reported by Matthias Gerstner who was really helpful
|
||||||
|
resolving them.
|
||||||
|
|
||||||
|
Bug fixes
|
||||||
|
---------
|
||||||
|
|
||||||
|
- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
|
||||||
|
under heavy load.
|
|
@ -0,0 +1,37 @@
|
||||||
|
{% for section, _ in sections|dictsort(by='key') %}
|
||||||
|
{% set underline = "-" %}
|
||||||
|
{% if section %}
|
||||||
|
{{section}}
|
||||||
|
{{ underline * section|length }}{% set underline = "-" %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if sections[section] %}
|
||||||
|
{% for category, val in definitions|dictsort if category in sections[section]%}
|
||||||
|
|
||||||
|
{{ definitions[category]['name'] }}
|
||||||
|
{{ underline * definitions[category]['name']|length }}
|
||||||
|
|
||||||
|
{% if definitions[category]['showcontent'] %}
|
||||||
|
{% for text, values in sections[section][category]|dictsort(by='value') %}
|
||||||
|
- {{ text }}
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
- {{ sections[section][category]['']|sort|join(', ') }}
|
||||||
|
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if sections[section][category]|length == 0 %}
|
||||||
|
|
||||||
|
No significant changes.
|
||||||
|
|
||||||
|
|
||||||
|
{% else %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
|
||||||
|
No significant changes.
|
||||||
|
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,39 @@
|
||||||
|
[tool.towncrier]
|
||||||
|
package = ""
|
||||||
|
directory = "doc/newsfragments"
|
||||||
|
filename = "doc/release_notes/index.md"
|
||||||
|
template = "doc/release_notes/index.template.jinja"
|
||||||
|
title_format = "\nBarrier `{version}` ( `{project_date}` )\n================================\n"
|
||||||
|
start_string = "[comment]: <> (towncrier release notes start)"
|
||||||
|
[[tool.towncrier.section]]
|
||||||
|
path = ""
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "security"
|
||||||
|
name = "Security fixes"
|
||||||
|
showcontent = false
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "feature"
|
||||||
|
name = "Features"
|
||||||
|
showcontent = true
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "bugfix"
|
||||||
|
name = "Bug fixes"
|
||||||
|
showcontent = true
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "doc"
|
||||||
|
name = "Improved Documentation"
|
||||||
|
showcontent = true
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "removal"
|
||||||
|
name = "Deprecations and Removals"
|
||||||
|
showcontent = true
|
||||||
|
|
||||||
|
[[tool.towncrier.type]]
|
||||||
|
directory = "misc"
|
||||||
|
name = "Miscellaneous"
|
||||||
|
showcontent = false
|
Loading…
Reference in New Issue