From 8a3cfe4cbd628c53356d49b8f1efca6eac960afa Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Wed, 7 Dec 2022 13:36:36 -0500 Subject: [PATCH] SecureDrop 2.5.1 --- changelog.md | 5 +++++ install_files/ansible-base/group_vars/all/securedrop | 2 +- .../build-securedrop-app-code-deb-pkg/files/changelog-focal | 6 ++++++ molecule/builder-focal/tests/vars.yml | 2 +- molecule/shared/stable.ver | 2 +- securedrop/version.py | 2 +- setup.py | 2 +- 7 files changed, 16 insertions(+), 5 deletions(-) diff --git a/changelog.md b/changelog.md index e33f67e2c4..dadc4d4164 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,10 @@ # Changelog +## 2.5.1 + +### Security +* Users and permissions: /var/www/securedrop is now root-owned, but world-readable. Python code, including manage.py, is all executed as the www-data user. + ## 2.5.0 ### Web Applications diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop index 5b210e36f4..0f17826f9a 100644 --- a/install_files/ansible-base/group_vars/all/securedrop +++ b/install_files/ansible-base/group_vars/all/securedrop @@ -2,7 +2,7 @@ # Variables that apply to both the app and monitor server go in this file # If the monitor or app server need different values define the variable in # hosts_vars/app.yml or host_vars/mon.yml -securedrop_version: "2.5.0" +securedrop_version: "2.5.1" securedrop_app_code_sdist_name: "securedrop-app-code-{{ securedrop_version | replace('~', '-') }}.tar.gz" grsecurity: true diff --git a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal index 089bd8f8b5..ea0af12b17 100644 --- a/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal +++ b/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/files/changelog-focal @@ -1,3 +1,9 @@ +securedrop-app-code (2.5.1+focal) focal; urgency=medium + + * see changelog.md + + -- SecureDrop Team Wed, 07 Dec 2022 13:36:13 -0500 + securedrop-app-code (2.5.0+focal) focal; urgency=medium * see changelog.md diff --git a/molecule/builder-focal/tests/vars.yml b/molecule/builder-focal/tests/vars.yml index 3aa90c8746..7472e0387d 100644 --- a/molecule/builder-focal/tests/vars.yml +++ b/molecule/builder-focal/tests/vars.yml @@ -1,5 +1,5 @@ --- -securedrop_version: "2.5.0" +securedrop_version: "2.5.1" ossec_version: "3.6.0" keyring_version: "0.1.6" config_version: "0.1.4" diff --git a/molecule/shared/stable.ver b/molecule/shared/stable.ver index 437459cd94..73462a5a13 100644 --- a/molecule/shared/stable.ver +++ b/molecule/shared/stable.ver @@ -1 +1 @@ -2.5.0 +2.5.1 diff --git a/securedrop/version.py b/securedrop/version.py index 50062f87c0..7a2056f568 100644 --- a/securedrop/version.py +++ b/securedrop/version.py @@ -1 +1 @@ -__version__ = "2.5.0" +__version__ = "2.5.1" diff --git a/setup.py b/setup.py index de9371d996..873bbd8f01 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setuptools.setup( name="securedrop-app-code", - version="2.5.0", + version="2.5.1", author="Freedom of the Press Foundation", author_email="securedrop@freedom.press", description="SecureDrop Server",