Merge pull request #1359 from p12tic/2.3-release

[2.3.x] Prepare for v2.3.4
This commit is contained in:
Povilas Kanapickas 2021-11-01 22:07:51 +02:00 committed by GitHub
commit b1ceff97af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 181 additions and 19 deletions

59
RELEASING.md Normal file
View File

@ -0,0 +1,59 @@
Creating a release
==================
This document is documentation intednded for maintainers of Barrier.
It documents the release process of Barrier.
Step 1: Setup environment variables
-----------------------------------
Setup the following environment variable that will be used throughout the rest of the steps.
export VERSION=X.Y.Z
Step 2: Release notes PR
------------------------
Open a new branch (e.g. `release`) and run the following:
towncrier --version ${VERSION} --date `date -u +%F`
This collects the release notes using the `towncrier` tool. Please commit the collected release
notes afterwards.
Certain file names are not properly supported by the `towncrier` tool and it ignores them.
Check `newsfragments` directory for any forgotten release notes
Step 3: Merge the release notes PR
----------------------------------
Step 4: Push git tag
--------------------
Pull the merge commit created on the `master` branch during the step 2.
Create a tag:
git tag -s v${VERSION} -m v${VERSION}
Push the tag:
git push origin master --tags
Step 5: Draft a new release on Github
-------------------------------------
Go to https://github.com/buildbot/buildbot/releases and draft a new release.
Use git tag as the title of the release: `vX.Y.Z`.
Use the release notes generated by the `towncrier` tool as the description of the releases.
Upload the artifacts created by Azure pipelines as the binaries of the release. The following
artifacts should be uploaded to Github:
- the Barrier-X.Y.Z-release.dmg created by the oldest Mac OS task (artifact name is
"Mac Release Disk Image and App XYZ").
- the BarrierSetup-X.Y.Z-release.exe (artifact name is Windows Release Installer).

View File

@ -114,4 +114,4 @@ jobs:
condition: eq(variables['B_BUILD_TYPE'], 'Release')
inputs:
pathtoPublish: build/bundle
artifactName: Mac Release Disk Image and App
artifactName: Mac Release Disk Image and App $(imageName)

View File

@ -0,0 +1,13 @@
This is the directory for release note fragments processed by
[towncrier](https://github.com/hawkowl/towncrier).
When making a user-visible change create a file in this directory and it will be automatically be
included into the release note document when the next release is published.
The file extension specifies the type of a change. The following are currently supported:
- .feature: a new feature.
- .bugfix: a bug fix.
- .security: a fix for security issue.
- .doc: a documentation improvement.
- .removal: a deprecation or removal of functionality.

View File

@ -1,6 +0,0 @@
SECURITY ISSUE
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.

View File

@ -1,6 +0,0 @@
SECURITY ISSUE
Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.

View File

@ -1,4 +0,0 @@
SECURITY ISSUE
Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
This bug allowed an unauthenticated attacker to crash Barrier with only network access.

View File

@ -1,2 +0,0 @@
Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
under heavy load.

View File

@ -0,0 +1,32 @@
Release notes
=============
[comment]: <> (towncrier release notes start)
Barrier `2.3.4` ( `2021-11-01` )
================================
Security fixes
--------------
- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.
- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
All of the above security issues have been reported by Matthias Gerstner who was really helpful
resolving them.
Bug fixes
---------
- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
under heavy load.

View File

@ -0,0 +1,37 @@
{% for section, _ in sections|dictsort(by='key') %}
{% set underline = "-" %}
{% if section %}
{{section}}
{{ underline * section|length }}{% set underline = "-" %}
{% endif %}
{% if sections[section] %}
{% for category, val in definitions|dictsort if category in sections[section]%}
{{ definitions[category]['name'] }}
{{ underline * definitions[category]['name']|length }}
{% if definitions[category]['showcontent'] %}
{% for text, values in sections[section][category]|dictsort(by='value') %}
- {{ text }}
{% endfor %}
{% else %}
- {{ sections[section][category]['']|sort|join(', ') }}
{% endif %}
{% if sections[section][category]|length == 0 %}
No significant changes.
{% else %}
{% endif %}
{% endfor %}
{% else %}
No significant changes.
{% endif %}
{% endfor %}

39
towncrier.toml Normal file
View File

@ -0,0 +1,39 @@
[tool.towncrier]
package = ""
directory = "doc/newsfragments"
filename = "doc/release_notes/index.md"
template = "doc/release_notes/index.template.jinja"
title_format = "\nBarrier `{version}` ( `{project_date}` )\n================================\n"
start_string = "[comment]: <> (towncrier release notes start)"
[[tool.towncrier.section]]
path = ""
[[tool.towncrier.type]]
directory = "security"
name = "Security fixes"
showcontent = false
[[tool.towncrier.type]]
directory = "feature"
name = "Features"
showcontent = true
[[tool.towncrier.type]]
directory = "bugfix"
name = "Bug fixes"
showcontent = true
[[tool.towncrier.type]]
directory = "doc"
name = "Improved Documentation"
showcontent = true
[[tool.towncrier.type]]
directory = "removal"
name = "Deprecations and Removals"
showcontent = true
[[tool.towncrier.type]]
directory = "misc"
name = "Miscellaneous"
showcontent = false