Merge bef0ad40c8 into c1cf16a705

fixup! mention ubuntu mantic support drop
Prepare the CHANGELOG for 0.8.0
2025-05-02 19:51:49 +02:00 · 2024-10-30 00:51:10 +00:00 · 2024-10-30 01:50:58 +01:00 · 2024-10-29 22:13:22 +01:00
10 changed files with 37 additions and 33 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -33,6 +33,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
          - distro: ubuntu
            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
--- a/.github/workflows/check_repos.yml
+++ b/.github/workflows/check_repos.yml
@ -23,6 +23,8 @@ jobs:
            version: "24.10"  # oracular
          - distro: ubuntu
            version: "24.04"  # noble
          - distro: ubuntu
            version: "23.10"  # mantic
          - distro: ubuntu
            version: "22.04"  # jammy
          - distro: ubuntu
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -159,6 +159,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
          - distro: ubuntu
            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
@ -227,6 +229,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
          - distro: ubuntu
            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
@ -346,6 +350,8 @@ jobs:
            version: "20.04"
          - distro: ubuntu
            version: "22.04"
          - distro: ubuntu
            version: "23.10"
          - distro: ubuntu
            version: "24.04"
          - distro: ubuntu
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,47 +5,32 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...HEAD)
 ## [0.8.0](https://github.com/freedomofpress/dangerzone/compare/v0.8.0...0.7.1)
 ### Added
 - Point to the installation instructions that the Tails team maintains for Dangerzone ([announcement](https://tails.net/news/dangerzone/index.en.html))
- Installation and execution errors are now catched and displayed in the interface ([#193](https://github.com/freedomofpress/dangerzone/issues/193))
+- Installation and execution errors are now catched and displayed in the interface ([#952](https://github.com/freedomofpress/dangerzone/pull/952))
- Prevent users from using illegal characters in output filename ([#362](https://github.com/freedomofpress/dangerzone/issues/362)). Thanks @bnewc for the contribution!
+- Prevent users from using illegal characters in output filename ([#942](https://github.com/freedomofpress/dangerzone/pull/942)). Thanks @bnewc for the contribution!
- Add support for Fedora 41 ([#947](https://github.com/freedomofpress/dangerzone/issues/947))
+- Add support for Fedora 41 ([#953](https://github.com/freedomofpress/dangerzone/pull/953))
 - Add support for Ubuntu 24.10 ([#954](https://github.com/freedomofpress/dangerzone/pull/954))
 ### Fixed
- Update our macOS entitlements, removing now unneeded privileges ([#638](https://github.com/freedomofpress/dangerzone/issues/638))
+- Do not close stderr to read the debug logs on Qubes ([#967](https://github.com/freedomofpress/dangerzone/pull/967))
- Make Dangerzone work on Linux systems with SELinux in enforcing mode ([#880](https://github.com/freedomofpress/dangerzone/issues/880))
+- Update our macOS entitlements, removing now unneeded privileges ([#639](https://github.com/freedomofpress/dangerzone/pull/639))
 - Process documents with embedded multimedia files without crashing ([#877](https://github.com/freedomofpress/dangerzone/issues/877))
 - Search for applications that can read PDF files in a more reliable way on Linux ([#899](https://github.com/freedomofpress/dangerzone/issues/899))
 - Handle and report some stray conversion errors ([#776](https://github.com/freedomofpress/dangerzone/issues/776)). Thanks @amnak613 for the contribution!
 - Replace occurences of the word "Docker" in Podman-related error messages in Linux ([#212](https://github.com/freedomofpress/dangerzone/issues/212))
 ### Changed
- The second phase of the conversion (pixels to PDF) now happens on the host. Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF **on the host**, while the doc to pixels conversion is still running on the first container. The sanitzation is no less safe, since the boundaries between the sandbox and the host are still respected ([#625](https://github.com/freedomofpress/dangerzone/issues/625))
+- The second phase of the conversion (pixels to PDF) now happens on the host. Instead of first grabbing all of the pixel data from the first container, storing them on disk, and then reconstructing the PDF on a second container, Dangerzone now immediately reconstructs the PDF **on the host**, while the doc to pixels conversion is still running on the first container. The sanitzation is no less safe, since the boundaries between the sandbox and the host are still respected ([#748](https://github.com/freedomofpress/dangerzone/pull/748))
- PyMuPDF is now vendorized for Debian packages. This is done because the PyMuPDF package from the Debian repos lacks OCR support. ([#940](https://github.com/freedomofpress/dangerzone/pull/940))
+- Sign Windows executables and installer with SHA256 rather than SHA1 ([#931](https://github.com/freedomofpress/dangerzone/pull/931)). Thanks @jkarasti for the contribution!
- Always use our own seccomp policy as a default ([#908](https://github.com/freedomofpress/dangerzone/issues/908))
+- PyMuPDF is now vendorized for Debian packages ([#940](https://github.com/freedomofpress/dangerzone/pull/940))
- Disable the DirectFS feature of gVisor ([#226](https://github.com/freedomofpress/dangerzone/issues/226)). This makes gVisor work without the `openat()` system call, which enhances the security at the cost of a small performance penalty. Thanks @EtiennePerot for the contribution!
+- Always use our own seccomp policy as a default ([#926](https://github.com/freedomofpress/dangerzone/pull/926))
- Debian packages are now amd64 only, which removes some warnings in Linux distros with 32-bit repos enabled ([#394](https://github.com/freedomofpress/dangerzone/issues/394))
+- Switch from CircleCI runners to Github actions ([#907](https://github.com/freedomofpress/dangerzone/pull/907))
 - Allow choosing installation directory on Windows platforms ([#148](https://github.com/freedomofpress/dangerzone/issues/148)). Thanks @jkarasti for the contribution!
 - Bumped H2ORestart LibreOffice extension to version 0.6.6 ([#943](https://github.com/freedomofpress/dangerzone/issues/943))
 ### Removed
- Platform support: Drop Ubuntu Mantic (23.10), since it's end-of-life ([#977](https://github.com/freedomofpress/dangerzone/pull/977))
+- Platform support: Drop Ubuntu Mantic (23.10), since it's end-of-life ([#840](https://github.com/freedomofpress/dangerzone/pull/977))
 ### Development changes
 - Build Debian packages with pybuild ([#773](https://github.com/freedomofpress/dangerzone/issues/773))
 - Test Dangerzone on Intel macOS machines as well ([#932](https://github.com/freedomofpress/dangerzone/issues/932))
 - Switch from CircleCI runners to Github actions ([#674](https://github.com/freedomofpress/dangerzone/issues/674))
 - Sign Windows executables and installer with SHA256 rather than SHA1 ([#931](https://github.com/freedomofpress/dangerzone/pull/931)). Thanks @jkarasti for the contribution!
 ## [0.7.1](https://github.com/freedomofpress/dangerzone/compare/v0.7.1...v0.7.0)
--- a/INSTALL.md
+++ b/INSTALL.md
@ -11,6 +11,7 @@ an isolated environment. It will be installed automatically when installing Dang
 Dangerzone is available for:
 - Ubuntu 24.10 (oracular)
 - Ubuntu 24.04 (noble)
 - Ubuntu 23.10 (mantic)
 - Ubuntu 22.04 (jammy)
 - Ubuntu 20.04 (focal)
 - Debian 13 (trixie)
--- a/dangerzone/gvisor_wrapper/entrypoint.py
+++ b/dangerzone/gvisor_wrapper/entrypoint.py
@ -142,6 +142,9 @@ runsc_argv = [
    "--rootless=true",
    "--network=none",
    "--root=/home/dangerzone/.containers",
    # Disable DirectFS for to make the seccomp filter even stricter,
    # at some performance cost.
    "--directfs=false",
 ]
 if os.environ.get("RUNSC_DEBUG"):
    runsc_argv += ["--debug=true", "--alsologtostderr=true"]
--- a/dev_scripts/env.py
+++ b/dev_scripts/env.py
@ -696,6 +696,8 @@ class Env:
                    DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEV_DEBIAN_DEPS
                )
            elif self.distro == "ubuntu" and self.version in (
                "23.10",
                "mantic",
                "24.04",
                "noble",
                "24.10",
@ -782,6 +784,8 @@ class Env:
                # package (see https://github.com/freedomofpress/dangerzone/issues/685)
                install_deps = DOCKERFILE_CONMON_UPDATE + DOCKERFILE_BUILD_DEBIAN_DEPS
            elif self.distro == "ubuntu" and self.version in (
                "23.10",
                "mantic",
                "24.04",
                "noble",
                "24.10",
--- a/dev_scripts/qa.py
+++ b/dev_scripts/qa.py
@ -978,6 +978,11 @@ class QAUbuntu2204(QADebianBased):
    VERSION = "22.04"
 class QAUbuntu2310(QADebianBased):
    DISTRO = "ubuntu"
    VERSION = "23.10"
 class QAUbuntu2404(QADebianBased):
    DISTRO = "ubuntu"
    VERSION = "24.04"
--- a/setup-windows.py
+++ b/setup-windows.py
@ -4,6 +4,7 @@ from cx_Freeze import Executable, setup
 with open("share/version.txt") as f:
    version = f.read().strip()
 packages = ["dangerzone", "dangerzone.gui"]
 setup(
    name="dangerzone",
@ -11,13 +12,10 @@ setup(
    # On Windows description will show as the app's name in the "Open With" menu. See:
    # https://github.com/freedomofpress/dangerzone/issues/283#issuecomment-1365148805
    description="Dangerzone",
    packages=packages,
    options={
        "build_exe": {
-            # Explicitly specify pymupdf.util module to fix building the executables
+            "packages": packages,
            # with cx_freeze. See https://github.com/marcelotduarte/cx_Freeze/issues/2653
            # for more details.
            # TODO: Upgrade to cx_freeze 7.3.0 which should include a fix.
            "packages": ["dangerzone", "dangerzone.gui", "pymupdf.utils"],
            "excludes": ["test", "tkinter"],
            "include_files": [("share", "share"), ("LICENSE", "LICENSE")],
            "include_msvcr": True,
--- a/tests/isolation_provider/base.py
+++ b/tests/isolation_provider/base.py
@ -164,7 +164,6 @@ class IsolationProviderTermination:
        terminate_proc_mock = mocker.patch.object(
            provider, "terminate_doc_to_pixels_proc", return_value=None
        )
        kill_pg_orig = base.kill_process_group
        kill_pg_mock = mocker.patch(
            "dangerzone.isolation_provider.base.kill_process_group", return_value=None
        )
@ -179,7 +178,6 @@ class IsolationProviderTermination:
        # Reset the function to the original state.
        provider.terminate_doc_to_pixels_proc = terminate_proc_orig  # type: ignore [method-assign]
        base.kill_process_group = kill_pg_orig
        # Really kill the spawned process, so that it doesn't linger after the tests
        # complete.
Author	SHA1	Message	Date
Alexis Métaireau	bf9f023df8	Merge `bef0ad40c8` into `c1cf16a705`	2024-10-30 00:51:10 +00:00
Alexis Métaireau	bef0ad40c8	fixup! mention ubuntu mantic support drop	2024-10-30 01:50:58 +01:00
Alexis Métaireau	7070616184	Prepare the CHANGELOG for 0.8.0	2024-10-29 22:13:22 +01:00