Merge pull request #1360 from p12tic/release

Prepare for v2.4.0
This commit is contained in:
Povilas Kanapickas 2021-11-01 22:25:46 +02:00 committed by GitHub
commit 1738afc6e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 240 additions and 64 deletions

59
RELEASING.md Normal file
View File

@ -0,0 +1,59 @@
Creating a release
==================
This document is documentation intednded for maintainers of Barrier.
It documents the release process of Barrier.
Step 1: Setup environment variables
-----------------------------------
Setup the following environment variable that will be used throughout the rest of the steps.
export VERSION=X.Y.Z
Step 2: Release notes PR
------------------------
Open a new branch (e.g. `release`) and run the following:
towncrier --version ${VERSION} --date `date -u +%F`
This collects the release notes using the `towncrier` tool. Please commit the collected release
notes afterwards.
Certain file names are not properly supported by the `towncrier` tool and it ignores them.
Check `newsfragments` directory for any forgotten release notes
Step 3: Merge the release notes PR
----------------------------------
Step 4: Push git tag
--------------------
Pull the merge commit created on the `master` branch during the step 2.
Create a tag:
git tag -s v${VERSION} -m v${VERSION}
Push the tag:
git push origin master --tags
Step 5: Draft a new release on Github
-------------------------------------
Go to https://github.com/buildbot/buildbot/releases and draft a new release.
Use git tag as the title of the release: `vX.Y.Z`.
Use the release notes generated by the `towncrier` tool as the description of the releases.
Upload the artifacts created by Azure pipelines as the binaries of the release. The following
artifacts should be uploaded to Github:
- the Barrier-X.Y.Z-release.dmg created by the oldest Mac OS task (artifact name is
"Mac Release Disk Image and App XYZ").
- the BarrierSetup-X.Y.Z-release.exe (artifact name is Windows Release Installer).

View File

@ -114,4 +114,4 @@ jobs:
condition: eq(variables['B_BUILD_TYPE'], 'Release') condition: eq(variables['B_BUILD_TYPE'], 'Release')
inputs: inputs:
pathtoPublish: build/bundle pathtoPublish: build/bundle
artifactName: Mac Release Disk Image and App artifactName: Mac Release Disk Image and App $(imageName)

View File

@ -1,12 +1,13 @@
This is the directory for news snippets used by towncrier: https://github.com/twisted/towncrier This is the directory for release note fragments processed by
[towncrier](https://github.com/hawkowl/towncrier).
When changing code in a way that's visible to an end user please make a new file in this directory. When making a user-visible change create a file in this directory and it will be automatically be
It will be removed and integrated into release notes document upon a release of a new version of included into the release note document when the next release is published.
Barrier.
towncrier has a few standard types of news fragments, signified by the file extension. These are: The file extension specifies the type of a change. The following are currently supported:
.feature: Signifying a new feature. - .feature: a new feature.
.bugfix: Signifying a bug fix. - .bugfix: a bug fix.
.doc: Signifying a documentation improvement. - .security: a fix for security issue.
.removal: Signifying a deprecation or removal of public API. - .doc: a documentation improvement.
- .removal: a deprecation or removal of functionality.

View File

@ -1 +0,0 @@
Fix build failure on mips*el and riscv64 architecture.

View File

@ -1,7 +0,0 @@
SECURITY ISSUE
Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
To support seamless upgrades from older versions of Barrier this is currently disabled by default.
The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
rejected.

View File

@ -1 +0,0 @@
Barrier client now sends certificate that the server can verify.

View File

@ -1,6 +0,0 @@
SECURITY ISSUE
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.

View File

@ -1 +0,0 @@
Fixed reading of configuration on Windows when the paths contain non-ASCII characters (https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974, https://github.com/debauchee/barrier/issues/444).

View File

@ -1 +0,0 @@
Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.

View File

@ -1 +0,0 @@
Added `--drop-target` option that improves drag and drop support on Windows when Barrier is being run as a portable app.

View File

@ -1,2 +0,0 @@
The `--enable-crypto` command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line.
A new `--disable-crypto` command line option has been added to explicitly disable encryption.

View File

@ -1,6 +0,0 @@
SECURITY ISSUE
Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.

View File

@ -1,3 +0,0 @@
Added support for randomart images for easier comparison of SSL
certificate fingerprints. The algorithm is identical to what
OpenSSH uses.

View File

@ -1,4 +0,0 @@
SECURITY ISSUE
Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
This bug allowed an unauthenticated attacker to crash Barrier with only network access.

View File

@ -1 +0,0 @@
Map more X11 clipboard MIME types to corresponding converters (https://github.com/debauchee/barrier/issues/344).

View File

@ -1 +0,0 @@
Implemented a configuration option for Server GUI auto-start.

View File

@ -1 +0,0 @@
Fixed setup of multiple actions associated with a hotkey.

View File

@ -1 +0,0 @@
Fixed setup of hotkeys with special characters such as comma and semicolon (https://github.com/debauchee/barrier/issues/778).

View File

@ -1 +0,0 @@
Made it possible to use keyboard instead of mouse to modify screen layout.

View File

@ -1 +0,0 @@
Added support for keyboard backlight media keys

View File

@ -1 +0,0 @@
Added support for Eisu_toggle and Muhenkan keys

View File

@ -1 +0,0 @@
Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (https://github.com/debauchee/barrier/issues/527).

View File

@ -1 +0,0 @@
Added `--profile-dir` option that allows to select custom profile directory.

View File

@ -1 +0,0 @@
Barrier will now regenerate server certificate if it's invalid instead of failing to launch (https://github.com/debauchee/barrier/issues/802)

View File

@ -1,4 +0,0 @@
Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
After upgrading client to new version the existing server fingerprint will need to be approved again.
Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability
with older versions of Barrier.

View File

@ -1,2 +0,0 @@
Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
under heavy load.

View File

@ -1 +0,0 @@
Added support for additional keys on Sun Microsystems USB keyboards (https://github.com/debauchee/barrier/issues/784).

View File

@ -1 +0,0 @@
Updated Chinese translation.

View File

@ -1 +0,0 @@
Updated Slovak translation.

View File

@ -1 +0,0 @@
Theme icons are now preferred to icons distributed together with Barrier (https://github.com/debauchee/barrier/issues/471).

View File

@ -1 +0,0 @@
Fixed incorrect setup of Barrier service path on Windows.

View File

@ -0,0 +1,94 @@
Release notes
=============
[comment]: <> (towncrier release notes start)
Barrier `2.4.0` ( `2021-11-01` )
================================
Security fixes
--------------
- Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
Previously a malicious client could connect to Barrier server without any authentication and
send application-level messages. This made the attack surface of Barrier significantly larger.
Additionally, in case the malicious client got possession of a valid screen name by brute forcing
or other means it could modify the clipboard contents of the server.
To support seamless upgrades from older versions of Barrier this is currently disabled by default.
The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
rejected.
- Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
After upgrading client to new version the existing server fingerprint will need to be approved
again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
interoperability with older versions of Barrier.
Bug fixes
---------
- Fixed build failure on mips*el and riscv64 architecture.
- Fixed reading of configuration on Windows when the paths contain non-ASCII characters
(https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974,
https://github.com/debauchee/barrier/issues/444).
- Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
- More X11 clipboard MIME types have been mapped to corresponding converters (https://github.com/debauchee/barrier/issues/344).
- Fixed setup of multiple actions associated with a hotkey.
- Fixed setup of hotkeys with special characters such as comma and semicolon
(https://github.com/debauchee/barrier/issues/778).
- Fixed transfer of non-ASCII characters coming from a Windows server in certain cases
(https://github.com/debauchee/barrier/issues/527).
- Barrier will now regenerate server certificate if it's invalid instead of failing to launch
(https://github.com/debauchee/barrier/issues/802)
- Added support for additional keys on Sun Microsystems USB keyboards
(https://github.com/debauchee/barrier/issues/784).
- Updated Chinese translation.
- Updated Slovak translation.
- Theme icons are now preferred to icons distributed together with Barrier
(https://github.com/debauchee/barrier/issues/471).
- Fixed incorrect setup of Barrier service path on Windows.
Features
--------
- Added `--drop-target` option that improves drag and drop support on Windows when Barrier is
being run as a portable app.
- The `--enable-crypto` command line option has been made the default to reduce chances of
accidental security mishaps when configuring Barrier from command line.
A new `--disable-crypto` command line option has been added to explicitly disable encryption.
- Added support for randomart images for easier comparison of SSL certificate fingerprints.
The algorithm is identical to what OpenSSH uses.
- Implemented a configuration option for Server GUI auto-start.
- Made it possible to use keyboard instead of mouse to modify screen layout.
- Added support for keyboard backlight media keys
- Added support for Eisu_toggle and Muhenkan keys
- Added `--profile-dir` option that allows to select custom profile directory.
Barrier `2.3.4` ( `2021-11-01` )
================================
Security fixes
--------------
- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.
- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
All of the above security issues have been reported by Matthias Gerstner who was really helpful
resolving them.
Bug fixes
---------
- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
under heavy load.

View File

@ -0,0 +1,37 @@
{% for section, _ in sections|dictsort(by='key') %}
{% set underline = "-" %}
{% if section %}
{{section}}
{{ underline * section|length }}{% set underline = "-" %}
{% endif %}
{% if sections[section] %}
{% for category, val in definitions|dictsort if category in sections[section]%}
{{ definitions[category]['name'] }}
{{ underline * definitions[category]['name']|length }}
{% if definitions[category]['showcontent'] %}
{% for text, values in sections[section][category]|dictsort(by='value') %}
- {{ text }}
{% endfor %}
{% else %}
- {{ sections[section][category]['']|sort|join(', ') }}
{% endif %}
{% if sections[section][category]|length == 0 %}
No significant changes.
{% else %}
{% endif %}
{% endfor %}
{% else %}
No significant changes.
{% endif %}
{% endfor %}

39
towncrier.toml Normal file
View File

@ -0,0 +1,39 @@
[tool.towncrier]
package = ""
directory = "doc/newsfragments"
filename = "doc/release_notes/index.md"
template = "doc/release_notes/index.template.jinja"
title_format = "\nBarrier `{version}` ( `{project_date}` )\n================================\n"
start_string = "[comment]: <> (towncrier release notes start)"
[[tool.towncrier.section]]
path = ""
[[tool.towncrier.type]]
directory = "security"
name = "Security fixes"
showcontent = false
[[tool.towncrier.type]]
directory = "feature"
name = "Features"
showcontent = true
[[tool.towncrier.type]]
directory = "bugfix"
name = "Bug fixes"
showcontent = true
[[tool.towncrier.type]]
directory = "doc"
name = "Improved Documentation"
showcontent = true
[[tool.towncrier.type]]
directory = "removal"
name = "Deprecations and Removals"
showcontent = true
[[tool.towncrier.type]]
directory = "misc"
name = "Miscellaneous"
showcontent = false