From d5974f61df6ca640dde69903976d4721b6d88007 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 18 Apr 2016 11:29:46 -0400 Subject: [pkg] Update changelog --- CHANGELOG | 378 --------------------- CHANGELOG.rst | 55 +++ HISTORY | 378 +++++++++++++++++++++ .../changes/bug_7503-do-not-signal-sync-complete | 1 - client/changes/bug_missing_design_doc_handler | 1 - client/changes/feat_send_batch | 1 - client/changes/feat_use_cryptography | 1 - client/changes/next-changelog.rst | 6 +- common/changes/create_db_cmd | 2 - common/changes/next-changelog.rst | 3 +- server/changes/change_soledad_configdir | 2 - server/changes/create_db_cmd | 4 - server/changes/feat_configurable_ensure | 5 - server/changes/feat_handle_send_batch_better | 1 - server/changes/next-changelog.rst | 28 ++ 15 files changed, 464 insertions(+), 402 deletions(-) delete mode 100644 CHANGELOG create mode 100644 CHANGELOG.rst create mode 100644 HISTORY delete mode 100644 client/changes/bug_7503-do-not-signal-sync-complete delete mode 100644 client/changes/bug_missing_design_doc_handler delete mode 100644 client/changes/feat_send_batch delete mode 100644 client/changes/feat_use_cryptography delete mode 100644 common/changes/create_db_cmd delete mode 100644 server/changes/change_soledad_configdir delete mode 100644 server/changes/create_db_cmd delete mode 100644 server/changes/feat_configurable_ensure delete mode 100644 server/changes/feat_handle_send_batch_better create mode 100644 server/changes/next-changelog.rst diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index b0530226..00000000 --- a/CHANGELOG +++ /dev/null @@ -1,378 +0,0 @@ -0.7.4 Oct 28, 2015: -Client: - o Do not signal sync completion if sync failed. Closes: #7503 - o Handle missing design doc at GET (get_sync_info). Soledad server can handle - this during sync. - o Increase http request timeout time to 90s. Related: #7382. - o Handle DatabaseDoesNotExist during sync. - o Handle MissingDesignDocError after get_sync_info. - -0.7.3 Sep 22, 2015: -Client: - o Bugfix: refactor code loss. Closes #7412. - o Bugfix: Set active secret before saving local file. - o Split http_target into 4 modules, separating those responsibilities. - o Refactor details of making an HTTP request body and headers out of the - send/fetch logic. This also makes it easier to enable batching. - -Server: - o Fix a bug where BadRequest could be raised after everything was persisted. - -Common: - o Refactor couch.py to separate persistence from logic while saving uploaded - documents. Also simplify logic while checking for conflicts. - - -0.7.2 Aug 26, 2015: -Client: - o Remove MAC from secrets file. Closes #6980. - o refactor SoledadCrypto to remove circular dependency with SoledadSecrets. - Closes #7338. - o Improve how we send information on SOLEDAD_SYNC_SEND_STATUS and in - SOLEDAD_SYNC_RECEIVE_STATUS. Related to Feature #7353. - o Fix hanging sync by properly waiting db initialization on sync decrypter - pool. Closes #7386. - o Avoid double decryption of documents. - o Fix the order of the events emited for incoming documents. - o bugfix: move sync db and encpool creation to api. - o Bugfix: wrong sqlcipher passphrase now raises correctly. - o Refactor decription pool and http target to use a deferred instead of a - waiting loop. - o Improve helper scripts and dependencies listing. - o Refactor enc/dec pool to standardize start/stop of the pools. - o Add tests for enc/dec pool. - -Client, Server, Common: - o Lots of code restyling to pass CI tests. - o Lots of work done to get tests passing. - o Remove dependency on simplejson. - -0.7.1 Jul 10, 2015: -Client: - o Fix sync encrypter pool close queue error. Closes #7088. - o Expose post-sync hooks via plugin system. Related: #6996. - -0.7.0 Jun 01 2015: -Client: - o Do not depend on pysqlite2 (#2945). - o Reset syncer connection when getting HTTP error during sync (#5855). - o Wait for last post request to finish before starting a new one (#5975). - o Use TLS v1 in soledad client. Fixes partially #6437 - o Retry on sqlcipher thread timeouts (#6625). - o Fix the order of insertion of documents when using workers for decrypting - incoming documents during a sync. Closes #6757. - o Add dependency on Twisted. Closes #6797. - o Fix the log message when a local secret is not found so it's less - confusing. Closes #6892. - o Always initialize the sync db to allow for both asynchronous encryption - and asynchronous decryption when syncing. - o Fallback to utf-8 if confidence on chardet guessing is too low. - o Refactor asynchronous encryption/decryption code to its own file. - o Fix logging and graceful failing when exceptions are raised during sync. - o Improve log messages when concurrently fetching documents from the server. - o Store all incoming documents in the sync db (#5895). - o Include the IV in the encrypted document MAC (#6400). - o Adapt soledad to the new events api on leap.common. Related to #6359. - o Add a pool of HTTP/HTTPS connections that is able to verify the server - certificate against a given CA certificate. - o Use twisted.enterprise.adbapi for access to the sync database. - o Use twisted.web.client for client sync. - -Common: - o Include couch design docs source files in source distribution and only - compile ddocs.py when building the package (#5896). - o Bail out if cdocs/ dir does not exist. Closes: #6671 - o Remove unneeded parameters from CouchServerState initialization. Closes - #6833. - o Adapt soledad to the new events api on leap.common. Related to #6359. - -Server: - o Run daemon as user soledad (#6436). - o Avoid use of SSLv3 (#6437). - o Fix server initscript location (#6557). - o Add dependency on Twisted. Closes #6797. - o Remove unneeded parameters from CouchServerState initialization. Closes - #6833. - o Fix server daemon uid and gid by passing them to twistd on the initscript. - o Use monthly token databases. Closes #6785. - -0.6.5 Apr 09 2015: -Server: - o Remove unneeded parameters from CouchServerState initialization. Closes - #6833. - -0.6.4 Jan 23 2015: -Common: - o Bail out if cdocs/ dir does not exist. Closes: #6671 - -0.6.3 Dec 16 2014: -Client: - o Fix deferred encryption/decryption parameters (#6500). - -0.6.2 Dec 11 2014: -Client: - o Fix incorrect ssl context setup. - -0.6.1 Dec 08 2014: -Client: - o Use TLS v1 in soledad client. Fixes partially #6437 - -Server: - o Run daemon as user soledad (#6436). - o Avoid use of SSLv3 (#6437). - -0.6.0 Jul 18, 2014: -Client: - o Close all connections after syncing. Fixes #5518. - o Reset synchronizer state in order to reuse the same synchronizer - object multiple times. - o Use temporal database for encryption/decryption during - sync. Closes #5326. - o Add sync status signals. Closes #5517. - o Allow for interrupting and recovering sync. Closes #5517. - o Parallelize sync requests and reuse HTTP connections. - o Split sync in multiple POST requests in client. Closes #5571. - -Common: - o Use a dedicated HTTP resource for couch multipart PUTs to avoid - bigcouch. Closes #5739. - -Server: - o Pin PyOpenSSL dependency version to <0.14 to avoid yet another - crypto dependency. - o Authenticate in time-insensitive manner. Closes #3399. - o Allow for interrupting and recovering sync. Closes #5517. - o Split sync in multiple POST requests in server. Closes #5571. - -0.5.2 Jun 6, 2014: -Client: - o Reset synchronizer state in order to reuse the same synchronizer - object multiple times. - o Add sync status signals. Closes #5517. - o Allow for interrupting and recovering sync. Closes #5517. - o Split sync in multiple POST requests in client. Closes #5571. - -Common: - o Use a dedicated HTTP resource for couch multipart PUTs to avoid bigcouch - bug. Fixes #5739. - -Server: - o Allow for interrupting and recovering sync. Closes #5517. - o Split sync in multiple POST requests in server. Closes #5571. - o Authenticate in time-insensitive manner. Closes #3399. - -0.5.1 May 16, 2014: -Client: - o Close connection with server after syncing to avoid client hanging - on exit. Fixes #5507. - -Common: - o Properly close connections on couch backend. Also prevent file - descriptor leaks on tests. Closes #5493. - o Prevent couch backend from always trying to create the - database. Fixes #5386. - o Prevent Couch Server State from making one uneeded GET request on - instantiation. Fixes #5386. - -0.5.0 Apr 4, 2014: -Client: - o Catch lock timeout exception. Fixes #4435. - o Add lock for create_doc and update_indexes call, prevents - concurrent access to the db. Closes #5139. - o Back-compatibility for socket.create_connection interface in - 2.6. Closes #5208. - o Always return unicode in helper method, even on - UnicodeError. Related to #4998. - o Fix a bug in soledad.client.sqlcipher by which we were creating a - new connection for each sync. - o Unlock shared_db if anything fails in the bootstrap - sequence. Fixes #4702. - o Avoid concurrent syncs for the same account, but allow for - distinct accounts. Fixes #4451. - o Adds a get_count_by_index to sqlcipher u1db backend. Related to: - #4616. - o Do not autocreate remote user database when syncing. Tapicero - should make sure that that db is created when the user is - created. Closes #5302. - o Add a read-write lock for all client operations. Addresses: #4972 - o Add sync=off and tem_store=mem to soledad client, for - optimization. - -Common: - o Add lock timeout HTTP error. Fixes #4435. - o Remodel couch backend to fix concurrency and scalability. Closes - #4475, #4682, #4683 and #4680. - o Remove check for design docs on couch server state initialization - Closes #5387. - o Renew HTTP session after multipart PUTs to avoid request hanging. - Fixes #5449. - o Preload time.strptime() to avoid multi-threaded problem on couch - backend get_docs() method. Fixes #5449. - o Improve error messages. Closes #5035. - o Add MissingTokenError and InvalidTokenError as sub exceptions - from Unauthorized. - o Allow sync of large files (~100MB). Closes #4836. - o Add exceptions to deal with missing design documents. Fixes #4994. - o Parallelize get_docs() on couch backend to accelerate sync. - Closes #5008. - o Use less memory when putting docs on couch. Fixes #5011. - o Prevent CouchServerState from creating or deleting databases. This - way, Soledad remote clients won't ever be able to do these - operations when syncing. Part of #5302. - o Avoid concurrent syncs problem by adding a lock for PUTting to the - sync log update handler. Fixes #5388. - o Remove check for couch permissions when CouchServerState is - instantiated. This is not necessary anymore because platform - takes care of giving the soledad user enough permissions and - tapicero takes care of uploading the needed design documents. - -Server: - o Send propper lock timeout response. Fixes #4435. - o Fix raising of auth token errors. Fixes #5191. - o Allow sync of large files (~100MB). Closes #4836. - o Use a temporary directory for server side locks. Fixes #4918. - o Catch couchdb.http.ResourceNotFound exceptions when accessing - design documents on couch backend, and raise appropriate missing - design documents exceptions. Fixes #4994. - o Do not try to create the shared database when running the Soledad - Server application. Fixes #5302. - o Enable Gzip compression on the soledad wsgi app. - -0.4.4 Dec 6, 2013: -Client: - o Add MAC verirication to the recovery document and - soledad.json. Closes #4348. -Common: - o Add unicode conversion to put_doc(). Closes #4095. - o Remove tests dependency on nose2. Closes #4258. - -0.4.3 Nov 15, 2013: -Client: - o Defaults detected encoding to utf-8 to avoid bug if detected - encoding is None. Closes: #4417 - o Open db in autocommit mode, to avoid nested transactions problems. - Closes: #4400 - -0.4.2 Nov 1, 2013: -Client: - o Support non-ascii passwords. Closes #4001. - o Change error severity for missing secrets path. - o Use chardet as fallback if cchardet not found. - o Improve bootstrap sequence and allow for locking the shared - database while creating/uploading the encryption secret. Closes - #4097. -Common: - o Move some common functions and global variables to - leap.soledad.common. -Server: - o Allow for locking the shared database. Closes #4097. - -0.4.1 Oct 4, 2013: -Client: - o Save only UTF8 strings. Related to #3660. - -0.4.0 Sep 20, 2013: -Client: - o Remove redundant logging when creating data dirs. -Server: - o Verify for couch permissions when starting server. Closes #3501. -Common: - o Improve u1db data storage in couch. Closes #3647. - o Turn couchdb dependency for common into optional. Closes #2167. - o Add verification for couch permissions. Closes #3501. - -0.3.2 Sep 6, 2013: -Client: - o Use dirspec instead of plain xdg. Closes #3574. -Server: - o Fix the init script for soledad server so that it uses the new - package namespace. - -0.3.1 Aug 23, 2013: -Client: - o Add libsqlite3-dev requirement for soledad. - o Check for None in private methods that depend on _db. Closes: - #3497 - o Add XSalsa20 symmetric encryption method. - o Use pycryptopp for symmetric encryption. - o Add public method to access the saved password. Closes #3118. - o Split soledad package into common, client and server. Closes - #3487. - o Add versioneer, parse_requirements -Server: - o Split soledad package into common, client and server. Closes - #3487. - o Add versioneer, parse_requirements -Common: - o Split soledad package into common, client and server. Closes - #3487. - o Add versioneer, parse_requirements - -0.3.0 Aug 9, 2013: -Client: - o Thread safe wrapper for pysqlcipher. - o Fix a couple of typos that prevented certain functionality to - work. Fixes #3306 -Server: - o A plaintext port is not opened by soledad server initscript call - to twistd web anymore. Closes #3254. - -0.2.3 Jul 26, 2013: -Client: - o Avoid possible timing attack in document's mac comparison by - comparing hashes instead of plain macs. Closes #3243. -Server: - o Refactor server side auth classes to make it possible for other - kinds of authentication to be easily implemented. Closes #2621. - o Fix double specified /etc/leap/soledad-server.pem in initscript by - pointing the PRIVKEY_PATH to /etc/leap/soledad-server.key. Fixes - #3174. - -0.2.2 Jul 12, 2013: -Client: - o Add method for password change. -Server: - o Use the right name as the WSGI server - -0.2.1 Jun 28, 2013: -Client: - o Do not list the backends in the __init__'s __all__ to allow not - supporting couch on the client side until the code is diveded into - client and server. o Fix bad dependencies in setup.py. - o Fix broken pip install - o Database request have default timeout too high, a - soledad.SOLEDAD_TIMEOUT variable has been added in order to have - more control over this. Fixes #2713 - o Add validation and authorization of actions upon interaction with - server. - o Add MAC authentication to encrypted representation of documents. - o Add SQLCipher API to SQLCipher backend (allow for use of raw keys, - add better encrypted db assertion, add cipher, kdf_iter, - cipher_page_size and rekey PRAGMAS). - o Change symmetric encryption method to AES-256 CTR mode. - o Change the local storage of the storage secret: - * Use scrypt to derive a key for the encryption of the storage - secret. - * Store secret in a file called 'soledad.json' by default. - * Also store the salt and encryption details, as defined in the - spec. - * This change is not backwards compatible (i.e. all previously - stored secrets are incompatible with this new encryption and - storage scheme). - o Improve tests coverage. - o Split soledad client and server into two different packages. - o Use scrypt to derive the key for local encryption. - -Server: - o Add a `status` option to Soledad init script. - o Allow to initialize soledad with a blank server - o b64 encode all U1DB data in couch backend to avoid utf8 encoding - problems. - * init.d script improvements: - * Add LSB (Linux Standards Base) 3.1 compliant header - * Remove unnecessary backslashes in variable definitions - * Replace environment variables with more standard upper-cased names - * Make a TWISTD_PATH environment variable to replace hard-coded - /usr/local/bin/twistd - * Pull environment variables together into one block o Remove strict - dependency on leap.common. diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 00000000..ed60b5ec --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,55 @@ +0.8.0 - 18 Apr, 2016 +++++++++++++++++++++ + +Client +====== + +Features +~~~~~~~~ +- `#7656 `_: Emit multi-user aware events. +- Client will now send documents at a limited size batch due to changes on SyncTarget. The default limit is 500kB. Disabled by default. + +Bugfixes +~~~~~~~~ +- `#7503 `_: Do not signal sync completion if sync failed. +- Handle missing design doc at GET (get_sync_info). Soledad server can handle this during sync. + +Misc +~~~~ +- `#7195 `_: Use cryptography instead of pycryptopp. + +Known Issues +~~~~~~~~~~~~ +- Upload phase of client syncs is still quite slow. Enabling size limited batching + can help, but you have to make sure that your server is compatible. + +Server +====== + +Features +~~~~~~~~ +- General performance improvements. +- `#7509 `_: Moves config directory from /etc/leap to /etc/soledad. +- Adds a new config parameter 'create_cmd', which allows sysadmin to specify + which command will create a database. That command was added in + pkg/create-user-db and debian package automates steps needed for sudo access. +- Read netrc path from configuration file for create-user-db command. +- 'create-user-db' script now can be configured from soledad-server.conf when + generating the user's security document. +- Migrating a user's database to newest design documents is now possible by + using a parameter '--migrate-all' on 'create-user-db' script. +- Remove tsafe monkeypatch from SSL lib, as it was needed for Twisted <12 +- Added two methods to start and finish a batch on backend. They can be used to + change database behaviour, allowing batch operations to be optimized. + +Common +====== + +Features +~~~~~~~~ +- Add a sanitized command executor for database creation and re-enable user + database creation on CouchServerState via command line. + +Bugfixes +~~~~~~~~ +- `#7626 `_: Subclass a leaky leap.common.couch exception to avoid depending on couch. diff --git a/HISTORY b/HISTORY new file mode 100644 index 00000000..b0530226 --- /dev/null +++ b/HISTORY @@ -0,0 +1,378 @@ +0.7.4 Oct 28, 2015: +Client: + o Do not signal sync completion if sync failed. Closes: #7503 + o Handle missing design doc at GET (get_sync_info). Soledad server can handle + this during sync. + o Increase http request timeout time to 90s. Related: #7382. + o Handle DatabaseDoesNotExist during sync. + o Handle MissingDesignDocError after get_sync_info. + +0.7.3 Sep 22, 2015: +Client: + o Bugfix: refactor code loss. Closes #7412. + o Bugfix: Set active secret before saving local file. + o Split http_target into 4 modules, separating those responsibilities. + o Refactor details of making an HTTP request body and headers out of the + send/fetch logic. This also makes it easier to enable batching. + +Server: + o Fix a bug where BadRequest could be raised after everything was persisted. + +Common: + o Refactor couch.py to separate persistence from logic while saving uploaded + documents. Also simplify logic while checking for conflicts. + + +0.7.2 Aug 26, 2015: +Client: + o Remove MAC from secrets file. Closes #6980. + o refactor SoledadCrypto to remove circular dependency with SoledadSecrets. + Closes #7338. + o Improve how we send information on SOLEDAD_SYNC_SEND_STATUS and in + SOLEDAD_SYNC_RECEIVE_STATUS. Related to Feature #7353. + o Fix hanging sync by properly waiting db initialization on sync decrypter + pool. Closes #7386. + o Avoid double decryption of documents. + o Fix the order of the events emited for incoming documents. + o bugfix: move sync db and encpool creation to api. + o Bugfix: wrong sqlcipher passphrase now raises correctly. + o Refactor decription pool and http target to use a deferred instead of a + waiting loop. + o Improve helper scripts and dependencies listing. + o Refactor enc/dec pool to standardize start/stop of the pools. + o Add tests for enc/dec pool. + +Client, Server, Common: + o Lots of code restyling to pass CI tests. + o Lots of work done to get tests passing. + o Remove dependency on simplejson. + +0.7.1 Jul 10, 2015: +Client: + o Fix sync encrypter pool close queue error. Closes #7088. + o Expose post-sync hooks via plugin system. Related: #6996. + +0.7.0 Jun 01 2015: +Client: + o Do not depend on pysqlite2 (#2945). + o Reset syncer connection when getting HTTP error during sync (#5855). + o Wait for last post request to finish before starting a new one (#5975). + o Use TLS v1 in soledad client. Fixes partially #6437 + o Retry on sqlcipher thread timeouts (#6625). + o Fix the order of insertion of documents when using workers for decrypting + incoming documents during a sync. Closes #6757. + o Add dependency on Twisted. Closes #6797. + o Fix the log message when a local secret is not found so it's less + confusing. Closes #6892. + o Always initialize the sync db to allow for both asynchronous encryption + and asynchronous decryption when syncing. + o Fallback to utf-8 if confidence on chardet guessing is too low. + o Refactor asynchronous encryption/decryption code to its own file. + o Fix logging and graceful failing when exceptions are raised during sync. + o Improve log messages when concurrently fetching documents from the server. + o Store all incoming documents in the sync db (#5895). + o Include the IV in the encrypted document MAC (#6400). + o Adapt soledad to the new events api on leap.common. Related to #6359. + o Add a pool of HTTP/HTTPS connections that is able to verify the server + certificate against a given CA certificate. + o Use twisted.enterprise.adbapi for access to the sync database. + o Use twisted.web.client for client sync. + +Common: + o Include couch design docs source files in source distribution and only + compile ddocs.py when building the package (#5896). + o Bail out if cdocs/ dir does not exist. Closes: #6671 + o Remove unneeded parameters from CouchServerState initialization. Closes + #6833. + o Adapt soledad to the new events api on leap.common. Related to #6359. + +Server: + o Run daemon as user soledad (#6436). + o Avoid use of SSLv3 (#6437). + o Fix server initscript location (#6557). + o Add dependency on Twisted. Closes #6797. + o Remove unneeded parameters from CouchServerState initialization. Closes + #6833. + o Fix server daemon uid and gid by passing them to twistd on the initscript. + o Use monthly token databases. Closes #6785. + +0.6.5 Apr 09 2015: +Server: + o Remove unneeded parameters from CouchServerState initialization. Closes + #6833. + +0.6.4 Jan 23 2015: +Common: + o Bail out if cdocs/ dir does not exist. Closes: #6671 + +0.6.3 Dec 16 2014: +Client: + o Fix deferred encryption/decryption parameters (#6500). + +0.6.2 Dec 11 2014: +Client: + o Fix incorrect ssl context setup. + +0.6.1 Dec 08 2014: +Client: + o Use TLS v1 in soledad client. Fixes partially #6437 + +Server: + o Run daemon as user soledad (#6436). + o Avoid use of SSLv3 (#6437). + +0.6.0 Jul 18, 2014: +Client: + o Close all connections after syncing. Fixes #5518. + o Reset synchronizer state in order to reuse the same synchronizer + object multiple times. + o Use temporal database for encryption/decryption during + sync. Closes #5326. + o Add sync status signals. Closes #5517. + o Allow for interrupting and recovering sync. Closes #5517. + o Parallelize sync requests and reuse HTTP connections. + o Split sync in multiple POST requests in client. Closes #5571. + +Common: + o Use a dedicated HTTP resource for couch multipart PUTs to avoid + bigcouch. Closes #5739. + +Server: + o Pin PyOpenSSL dependency version to <0.14 to avoid yet another + crypto dependency. + o Authenticate in time-insensitive manner. Closes #3399. + o Allow for interrupting and recovering sync. Closes #5517. + o Split sync in multiple POST requests in server. Closes #5571. + +0.5.2 Jun 6, 2014: +Client: + o Reset synchronizer state in order to reuse the same synchronizer + object multiple times. + o Add sync status signals. Closes #5517. + o Allow for interrupting and recovering sync. Closes #5517. + o Split sync in multiple POST requests in client. Closes #5571. + +Common: + o Use a dedicated HTTP resource for couch multipart PUTs to avoid bigcouch + bug. Fixes #5739. + +Server: + o Allow for interrupting and recovering sync. Closes #5517. + o Split sync in multiple POST requests in server. Closes #5571. + o Authenticate in time-insensitive manner. Closes #3399. + +0.5.1 May 16, 2014: +Client: + o Close connection with server after syncing to avoid client hanging + on exit. Fixes #5507. + +Common: + o Properly close connections on couch backend. Also prevent file + descriptor leaks on tests. Closes #5493. + o Prevent couch backend from always trying to create the + database. Fixes #5386. + o Prevent Couch Server State from making one uneeded GET request on + instantiation. Fixes #5386. + +0.5.0 Apr 4, 2014: +Client: + o Catch lock timeout exception. Fixes #4435. + o Add lock for create_doc and update_indexes call, prevents + concurrent access to the db. Closes #5139. + o Back-compatibility for socket.create_connection interface in + 2.6. Closes #5208. + o Always return unicode in helper method, even on + UnicodeError. Related to #4998. + o Fix a bug in soledad.client.sqlcipher by which we were creating a + new connection for each sync. + o Unlock shared_db if anything fails in the bootstrap + sequence. Fixes #4702. + o Avoid concurrent syncs for the same account, but allow for + distinct accounts. Fixes #4451. + o Adds a get_count_by_index to sqlcipher u1db backend. Related to: + #4616. + o Do not autocreate remote user database when syncing. Tapicero + should make sure that that db is created when the user is + created. Closes #5302. + o Add a read-write lock for all client operations. Addresses: #4972 + o Add sync=off and tem_store=mem to soledad client, for + optimization. + +Common: + o Add lock timeout HTTP error. Fixes #4435. + o Remodel couch backend to fix concurrency and scalability. Closes + #4475, #4682, #4683 and #4680. + o Remove check for design docs on couch server state initialization + Closes #5387. + o Renew HTTP session after multipart PUTs to avoid request hanging. + Fixes #5449. + o Preload time.strptime() to avoid multi-threaded problem on couch + backend get_docs() method. Fixes #5449. + o Improve error messages. Closes #5035. + o Add MissingTokenError and InvalidTokenError as sub exceptions + from Unauthorized. + o Allow sync of large files (~100MB). Closes #4836. + o Add exceptions to deal with missing design documents. Fixes #4994. + o Parallelize get_docs() on couch backend to accelerate sync. + Closes #5008. + o Use less memory when putting docs on couch. Fixes #5011. + o Prevent CouchServerState from creating or deleting databases. This + way, Soledad remote clients won't ever be able to do these + operations when syncing. Part of #5302. + o Avoid concurrent syncs problem by adding a lock for PUTting to the + sync log update handler. Fixes #5388. + o Remove check for couch permissions when CouchServerState is + instantiated. This is not necessary anymore because platform + takes care of giving the soledad user enough permissions and + tapicero takes care of uploading the needed design documents. + +Server: + o Send propper lock timeout response. Fixes #4435. + o Fix raising of auth token errors. Fixes #5191. + o Allow sync of large files (~100MB). Closes #4836. + o Use a temporary directory for server side locks. Fixes #4918. + o Catch couchdb.http.ResourceNotFound exceptions when accessing + design documents on couch backend, and raise appropriate missing + design documents exceptions. Fixes #4994. + o Do not try to create the shared database when running the Soledad + Server application. Fixes #5302. + o Enable Gzip compression on the soledad wsgi app. + +0.4.4 Dec 6, 2013: +Client: + o Add MAC verirication to the recovery document and + soledad.json. Closes #4348. +Common: + o Add unicode conversion to put_doc(). Closes #4095. + o Remove tests dependency on nose2. Closes #4258. + +0.4.3 Nov 15, 2013: +Client: + o Defaults detected encoding to utf-8 to avoid bug if detected + encoding is None. Closes: #4417 + o Open db in autocommit mode, to avoid nested transactions problems. + Closes: #4400 + +0.4.2 Nov 1, 2013: +Client: + o Support non-ascii passwords. Closes #4001. + o Change error severity for missing secrets path. + o Use chardet as fallback if cchardet not found. + o Improve bootstrap sequence and allow for locking the shared + database while creating/uploading the encryption secret. Closes + #4097. +Common: + o Move some common functions and global variables to + leap.soledad.common. +Server: + o Allow for locking the shared database. Closes #4097. + +0.4.1 Oct 4, 2013: +Client: + o Save only UTF8 strings. Related to #3660. + +0.4.0 Sep 20, 2013: +Client: + o Remove redundant logging when creating data dirs. +Server: + o Verify for couch permissions when starting server. Closes #3501. +Common: + o Improve u1db data storage in couch. Closes #3647. + o Turn couchdb dependency for common into optional. Closes #2167. + o Add verification for couch permissions. Closes #3501. + +0.3.2 Sep 6, 2013: +Client: + o Use dirspec instead of plain xdg. Closes #3574. +Server: + o Fix the init script for soledad server so that it uses the new + package namespace. + +0.3.1 Aug 23, 2013: +Client: + o Add libsqlite3-dev requirement for soledad. + o Check for None in private methods that depend on _db. Closes: + #3497 + o Add XSalsa20 symmetric encryption method. + o Use pycryptopp for symmetric encryption. + o Add public method to access the saved password. Closes #3118. + o Split soledad package into common, client and server. Closes + #3487. + o Add versioneer, parse_requirements +Server: + o Split soledad package into common, client and server. Closes + #3487. + o Add versioneer, parse_requirements +Common: + o Split soledad package into common, client and server. Closes + #3487. + o Add versioneer, parse_requirements + +0.3.0 Aug 9, 2013: +Client: + o Thread safe wrapper for pysqlcipher. + o Fix a couple of typos that prevented certain functionality to + work. Fixes #3306 +Server: + o A plaintext port is not opened by soledad server initscript call + to twistd web anymore. Closes #3254. + +0.2.3 Jul 26, 2013: +Client: + o Avoid possible timing attack in document's mac comparison by + comparing hashes instead of plain macs. Closes #3243. +Server: + o Refactor server side auth classes to make it possible for other + kinds of authentication to be easily implemented. Closes #2621. + o Fix double specified /etc/leap/soledad-server.pem in initscript by + pointing the PRIVKEY_PATH to /etc/leap/soledad-server.key. Fixes + #3174. + +0.2.2 Jul 12, 2013: +Client: + o Add method for password change. +Server: + o Use the right name as the WSGI server + +0.2.1 Jun 28, 2013: +Client: + o Do not list the backends in the __init__'s __all__ to allow not + supporting couch on the client side until the code is diveded into + client and server. o Fix bad dependencies in setup.py. + o Fix broken pip install + o Database request have default timeout too high, a + soledad.SOLEDAD_TIMEOUT variable has been added in order to have + more control over this. Fixes #2713 + o Add validation and authorization of actions upon interaction with + server. + o Add MAC authentication to encrypted representation of documents. + o Add SQLCipher API to SQLCipher backend (allow for use of raw keys, + add better encrypted db assertion, add cipher, kdf_iter, + cipher_page_size and rekey PRAGMAS). + o Change symmetric encryption method to AES-256 CTR mode. + o Change the local storage of the storage secret: + * Use scrypt to derive a key for the encryption of the storage + secret. + * Store secret in a file called 'soledad.json' by default. + * Also store the salt and encryption details, as defined in the + spec. + * This change is not backwards compatible (i.e. all previously + stored secrets are incompatible with this new encryption and + storage scheme). + o Improve tests coverage. + o Split soledad client and server into two different packages. + o Use scrypt to derive the key for local encryption. + +Server: + o Add a `status` option to Soledad init script. + o Allow to initialize soledad with a blank server + o b64 encode all U1DB data in couch backend to avoid utf8 encoding + problems. + * init.d script improvements: + * Add LSB (Linux Standards Base) 3.1 compliant header + * Remove unnecessary backslashes in variable definitions + * Replace environment variables with more standard upper-cased names + * Make a TWISTD_PATH environment variable to replace hard-coded + /usr/local/bin/twistd + * Pull environment variables together into one block o Remove strict + dependency on leap.common. diff --git a/client/changes/bug_7503-do-not-signal-sync-complete b/client/changes/bug_7503-do-not-signal-sync-complete deleted file mode 100644 index 4cc361e0..00000000 --- a/client/changes/bug_7503-do-not-signal-sync-complete +++ /dev/null @@ -1 +0,0 @@ -o Do not signal sync completion if sync failed. Closes: #7503 diff --git a/client/changes/bug_missing_design_doc_handler b/client/changes/bug_missing_design_doc_handler deleted file mode 100644 index 72e42b85..00000000 --- a/client/changes/bug_missing_design_doc_handler +++ /dev/null @@ -1 +0,0 @@ -o Handle missing design doc at GET (get_sync_info). Soledad server can handle this during sync. diff --git a/client/changes/feat_send_batch b/client/changes/feat_send_batch deleted file mode 100644 index fbfce519..00000000 --- a/client/changes/feat_send_batch +++ /dev/null @@ -1 +0,0 @@ -o Client will now send documents at a limited size batch due to changes on SyncTarget. The default limit is 500kB. diff --git a/client/changes/feat_use_cryptography b/client/changes/feat_use_cryptography deleted file mode 100644 index 6e8fe3bf..00000000 --- a/client/changes/feat_use_cryptography +++ /dev/null @@ -1 +0,0 @@ -o Use cryptography instead of pycryptopp. Stick with AES-CTR. diff --git a/client/changes/next-changelog.rst b/client/changes/next-changelog.rst index 89234cb2..bdc9f893 100644 --- a/client/changes/next-changelog.rst +++ b/client/changes/next-changelog.rst @@ -1,5 +1,5 @@ -0.8.0 - xxx -+++++++++++++++++++++++++++++++ +0.8.1 - ... +++++++++++++++++++++ Please add lines to this file, they will be moved to the CHANGELOG.rst during the next release. @@ -10,7 +10,6 @@ I've added a new category `Misc` so we can track doc/style/packaging stuff. Features ~~~~~~~~ -- `#7656 `_: Emit multi-user aware events. - `#1234 `_: Description of the new feature corresponding with issue #1234. - New feature without related issue number. @@ -21,7 +20,6 @@ Bugfixes Misc ~~~~ -- `#7195 `_: Use cryptography instead of pycryptopp. - `#1236 `_: Description of the new feature corresponding with issue #1236. - Some change without issue number. diff --git a/common/changes/create_db_cmd b/common/changes/create_db_cmd deleted file mode 100644 index 00bbdf71..00000000 --- a/common/changes/create_db_cmd +++ /dev/null @@ -1,2 +0,0 @@ - o Add a sanitized command executor for database creation and re-enable - user database creation on CouchServerState via command line. diff --git a/common/changes/next-changelog.rst b/common/changes/next-changelog.rst index e05f80ce..c0974384 100644 --- a/common/changes/next-changelog.rst +++ b/common/changes/next-changelog.rst @@ -1,4 +1,4 @@ -0.8.0 - xxx +0.8.0 - ... +++++++++++++++++++++++++++++++ Please add lines to this file, they will be moved to the CHANGELOG.rst during @@ -15,7 +15,6 @@ Features Bugfixes ~~~~~~~~ -- `#7626 `_: Subclass a leaky leap.common.couch exception to avoid depending on couch. - `#1235 `_: Description for the fixed stuff corresponding with issue #1235. - Bugfix without related issue number. diff --git a/server/changes/change_soledad_configdir b/server/changes/change_soledad_configdir deleted file mode 100644 index 710b9ac8..00000000 --- a/server/changes/change_soledad_configdir +++ /dev/null @@ -1,2 +0,0 @@ -o Moves config directory from /etc/leap to /etc/soledad - resolves #7509 diff --git a/server/changes/create_db_cmd b/server/changes/create_db_cmd deleted file mode 100644 index 964a7906..00000000 --- a/server/changes/create_db_cmd +++ /dev/null @@ -1,4 +0,0 @@ - o Adds a new config parameter 'create_cmd', which allows sysadmin to specify - which command will create a database. That command was added in - pkg/create-user-db and debian package automates steps needed for sudo access. - o Read netrc path from configuration file for create-user-db command. diff --git a/server/changes/feat_configurable_ensure b/server/changes/feat_configurable_ensure deleted file mode 100644 index 8abd2ac9..00000000 --- a/server/changes/feat_configurable_ensure +++ /dev/null @@ -1,5 +0,0 @@ -o 'create-user-db' script now can be configured from soledad-server.conf - when generating the user's security document. -o Migrating a user's database to newest design documents is now possible by - using a parameter '--migrate-all' on 'create-user-db' script. -o Remove tsafe monkeypatch from SSL lib, as it was needed for Twisted <12 diff --git a/server/changes/feat_handle_send_batch_better b/server/changes/feat_handle_send_batch_better deleted file mode 100644 index 6ee8688a..00000000 --- a/server/changes/feat_handle_send_batch_better +++ /dev/null @@ -1 +0,0 @@ -o Added two methods to start and finish a batch on backend. They can be used to change database behaviour, allowing batch operations to be optimized. diff --git a/server/changes/next-changelog.rst b/server/changes/next-changelog.rst new file mode 100644 index 00000000..bdc9f893 --- /dev/null +++ b/server/changes/next-changelog.rst @@ -0,0 +1,28 @@ +0.8.1 - ... +++++++++++++++++++++ + +Please add lines to this file, they will be moved to the CHANGELOG.rst during +the next release. + +There are two template lines for each category, use them as reference. + +I've added a new category `Misc` so we can track doc/style/packaging stuff. + +Features +~~~~~~~~ +- `#1234 `_: Description of the new feature corresponding with issue #1234. +- New feature without related issue number. + +Bugfixes +~~~~~~~~ +- `#1235 `_: Description for the fixed stuff corresponding with issue #1235. +- Bugfix without related issue number. + +Misc +~~~~ +- `#1236 `_: Description of the new feature corresponding with issue #1236. +- Some change without issue number. + +Known Issues +~~~~~~~~~~~~ +- `#1236 `_: Description of the known issue corresponding with issue #1236. -- cgit v1.2.3