Merge Stable

.github/workflows/integration.yaml

@@ -66,10 +66,10 @@ jobs:
         with:
           toolchain: stable
           profile: minimal
-      - name: Install Node.js 10.x
+      - name: Install Node.js 16.x
         uses: actions/setup-node@v1
         with:
-          node-version: 10.x
+          node-version: 16.x
       - name: Install Emscripten
         run: |
           version=$(cat src/wrappers/themis/wasm/emscripten/VERSION)

.github/workflows/test-core.yaml

@@ -36,6 +36,7 @@ jobs:
     name: Unit tests
     runs-on: ${{ matrix.os }}
     env:
+      VERBOSE: 1
       SOTER_KDF_RUN_LONG_TESTS: yes
       MATRIX_OS: ${{ matrix.os }}
     strategy:
@@ -153,20 +154,20 @@ jobs:
         run: |
           sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment'
           sudo apt update
-          sudo apt install --yes gcc-8 clang-8 make libssl-dev
+          sudo apt install --yes gcc-10 libgcc-10-dev clang-8 make libssl-dev
       - name: Check out code
         uses: actions/checkout@v2
       # We test only OpenSSL flavor to not expand the testing matrix too much
       # (rebuilding BoringSSL is not fun and takes much time)
       - name: Check with GCC (ASan)
         if: always()
-        run: make clean test CC=gcc-8 WITH_ASAN=1
+        run: make clean test CC=gcc-10 WITH_ASAN=1
       - name: Check with GCC (TSan)
         if: always()
-        run: make clean test CC=gcc-8 WITH_TSAN=1
+        run: make clean test CC=gcc-10 WITH_TSAN=1
       - name: Check with GCC (UBSan)
         if: always()
-        run: make clean test CC=gcc-8 WITH_UBSAN=1
+        run: make clean test CC=gcc-10 WITH_UBSAN=1
       - name: Check with Clang (ASan)
         if: always()
         run: make clean test CC=clang-8 WITH_ASAN=1

.github/workflows/test-python.yaml

@@ -47,6 +47,69 @@ jobs:
       - name: Run test suite
         run: make test_python
 
+  unit-tests-venv:
+    name: Unit tests (virtualenv install)
+    # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm,
+    #       after issue with deprecates in C++ tests is fixed
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Install system dependencies
+        run: |
+          sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment'
+          sudo apt update
+          sudo apt install --yes gcc make libssl-dev \
+            python3 python3-setuptools python3-pip python3-venv
+      - name: Check out code
+        uses: actions/checkout@v2
+      - name: Prepare Themis Core
+        run: |
+          make
+          sudo make install
+          make prepare_tests_all
+      - name: Create virtualenv
+        run: mkdir /tmp/test_venv && python3 -m venv /tmp/test_venv
+      - name: Install PyThemis into virtualenv
+        run: |
+          make pythemis_make_wheel
+          source /tmp/test_venv/bin/activate && make pythemis_install_wheel
+      - name: Run test suite
+        run: source /tmp/test_venv/bin/activate && make test_python
+      - name: Uninstall PyThemis
+        run: source /tmp/test_venv/bin/activate && pip uninstall -y pythemis
+
+  unit-tests-deb-pkg:
+    name: Unit tests (deb package)
+    # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm,
+    #       after issue with deprecates in C++ tests is fixed
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Install system dependencies
+        run: |
+          sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment'
+          sudo apt update
+          sudo apt install --yes gcc make libssl-dev \
+            python3 python3-setuptools \
+            ruby
+          sudo gem install fpm
+      - name: Check out code
+        uses: actions/checkout@v2
+      - name: Prepare Themis Core
+        run: |
+          make
+          sudo make install
+          make prepare_tests_all
+      - name: Install libthemis deb
+        run: |
+          make deb WITHOUT_THEMISPP=1 WITHOUT_JAVA=1
+          sudo apt install ./build/deb/libthemis_*.deb
+      - name: Install PyThemis (deb package)
+        run: |
+          sudo make pythemis_install_deb
+      - name: Run test suite
+        run: make test_python
+      - name: Uninstall PyThemis
+        run: sudo apt remove -y python3-pythemis
+
   examples:
     name: Code examples
     runs-on: ubuntu-20.04

.github/workflows/test-ruby.yaml

@@ -59,6 +59,8 @@ jobs:
         run: |
           rvm use system
           make test_ruby
+      - name: Uninstall RubyThemis
+        run: sudo make rbthemis_uninstall
 
   examples:
     name: Code examples

.github/workflows/test-rust.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        rust: [stable, '1.58']
+        rust: [stable, '1.60']
       fail-fast: false
     steps:
       - name: Install system dependencies
@@ -81,7 +81,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        rust: [stable, '1.58']
+        rust: [stable, '1.60']
       fail-fast: false
     steps:
       - name: Install system dependencies
@@ -215,7 +215,7 @@ jobs:
             ${{ runner.os }}-cargo-build-target-unit-tests-
             ${{ runner.os }}-cargo-build-target-
       - name: Install Bindgen
-        run: cargo install bindgen-cli
+        run: cargo install bindgen-cli --version 0.66.1 --force
       - name: Check out code
         uses: actions/checkout@v2
       - name: Check bindgen.sh output

.github/workflows/test-wasm.yaml

@@ -78,10 +78,11 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 10.x  # legacy
-          - 12.x  # old LTS
-          - 14.x  # current LTS
-          - 16.x  # current stable
+          - 12.x  # legacy
+          - 14.x  # legacy
+          - 16.x  # legacy
+          - 18.x  # current LTS
+          - 20.x  # current active
       fail-fast: false
     steps:
       - name: Install Node.js ${{ matrix.node-version }}
@@ -110,9 +111,11 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 12.x  # old LTS
-          - 14.x  # current LTS
-          - 16.x  # current stable
+          - 12.x  # legacy
+          - 14.x  # legacy
+          - 16.x  # legacy
+          - 18.x  # current LTS
+          - 20.x  # current active
       fail-fast: false
     env:
       # WasmThemis uses promises to handle asynchronous WebAssmebly compilation.

CHANGELOG.md

@@ -4,13 +4,31 @@
 
 Changes that are currently in development and have not been released yet.
 
+## [0.15.0](https://github.com/cossacklabs/themis/releases/tag/0.15.0), June 21st 2023
+
+**TL;DR:**
+
+- Uncompressed EC public keys are now supported.
+- Increased PBKDF2 iteration count from 200000 to 314110 for Secure Cell passphrase mode.
+- OpenSSL 3.0 is now supported.
+- Pythemis now uses `pyproject.toml`.
+- And as usual: enhanced security measures and fixed bugs.
+
+**Breaking changes and deprecations:**
+- AndroidThemis build requires Gradle 7.3, Android SDK 11, Android NDK 25.
+- Some Soter functions are deprecated.
+- Node.js 8 is no longer supported.
+- Rust `SecureSessionTransport` implementations are now `Send`.
+- Rust 1.58 is now the minimum supported version.
+
 _Code:_
 
 - **Core**
 
   - Uncompressed EC public keys are now supported ([#959](https://github.com/cossacklabs/themis/pull/959), [#954](https://github.com/cossacklabs/themis/pull/954))
   - Themis will generate uncompressed EC public keys when `THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1` environment variable is set ([#959](https://github.com/cossacklabs/themis/pull/959))
   - Increased PBKDF2 iteration count to maintain security of Secure Cell passphrase mode ([#976](https://github.com/cossacklabs/themis/pull/976)).
+  - Bumped embedded BoringSSL to the latest version ([#1004](https://github.com/cossacklabs/themis/pull/1004)).
 
   - **Soter** (low-level security core used by Themis)
 
@@ -30,6 +48,11 @@ _Code:_
 - **Python**
 
   - `pythemis.scomparator` and `pythemis.skeygen` are now imported with `from pythemis import *` ([#914](https://github.com/cossacklabs/themis/pull/914)).
+  - Pythemis supports `pyproject.toml` as a main way of building packages. The old `setup.py` is preserved for backwards compatibility ([#1006](https://github.com/cossacklabs/themis/pull/1006)).
+
+  - New installation methods, accessible with make ([#1023](https://github.com/cossacklabs/themis/pull/1023)).
+    - create/install `.whl` package for virtualenv
+    - create/install `.deb` or `.rpm` package for system-wide installation
 
 - **Ruby**
 
@@ -41,7 +64,13 @@ _Code:_
 
     This is technically a breaking change, but most reasonble implementations should be `Send` already. Please raise an issue if your code fails to build.
 
-  - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)).
+  - Minimum supported Rust version is now 1.60 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984), [#1039](https://github.com/cossacklabs/themis/pull/1039)).
+  - Bindgen is pinned to 0.66.1 on CI ([#1008](https://github.com/cossacklabs/themis/pull/1008)).
+
+- **WasmThemis**
+
+  - Updated required `emsdk` version to 3.1.47 ([#1036](https://github.com/cossacklabs/themis/pull/1036)).
+  - WasmThemis now works with Node v18 and v20 ([#1036](https://github.com/cossacklabs/themis/pull/1036)).
 
 - **WebAssembly**