0.7.4 Oct 28, 2015: Client: o Do not signal sync completion if sync failed. Closes: #7503 o Handle missing design doc at GET (get_sync_info). Soledad server can handle this during sync. o Increase http request timeout time to 90s. Related: #7382. o Handle DatabaseDoesNotExist during sync. o Handle MissingDesignDocError after get_sync_info. 0.7.3 Sep 22, 2015: Client: o Bugfix: refactor code loss. Closes #7412. o Bugfix: Set active secret before saving local file. o Split http_target into 4 modules, separating those responsibilities. o Refactor details of making an HTTP request body and headers out of the send/fetch logic. This also makes it easier to enable batching. Server: o Fix a bug where BadRequest could be raised after everything was persisted. Common: o Refactor couch.py to separate persistence from logic while saving uploaded documents. Also simplify logic while checking for conflicts. 0.7.2 Aug 26, 2015: Client: o Remove MAC from secrets file. Closes #6980. o refactor SoledadCrypto to remove circular dependency with SoledadSecrets. Closes #7338. o Improve how we send information on SOLEDAD_SYNC_SEND_STATUS and in SOLEDAD_SYNC_RECEIVE_STATUS. Related to Feature #7353. o Fix hanging sync by properly waiting db initialization on sync decrypter pool. Closes #7386. o Avoid double decryption of documents. o Fix the order of the events emited for incoming documents. o bugfix: move sync db and encpool creation to api. o Bugfix: wrong sqlcipher passphrase now raises correctly. o Refactor decription pool and http target to use a deferred instead of a waiting loop. o Improve helper scripts and dependencies listing. o Refactor enc/dec pool to standardize start/stop of the pools. o Add tests for enc/dec pool. Client, Server, Common: o Lots of code restyling to pass CI tests. o Lots of work done to get tests passing. o Remove dependency on simplejson. 0.7.1 Jul 10, 2015: Client: o Fix sync encrypter pool close queue error. Closes #7088. o Expose post-sync hooks via plugin system. Related: #6996. 0.7.0 Jun 01 2015: Client: o Do not depend on pysqlite2 (#2945). o Reset syncer connection when getting HTTP error during sync (#5855). o Wait for last post request to finish before starting a new one (#5975). o Use TLS v1 in soledad client. Fixes partially #6437 o Retry on sqlcipher thread timeouts (#6625). o Fix the order of insertion of documents when using workers for decrypting incoming documents during a sync. Closes #6757. o Add dependency on Twisted. Closes #6797. o Fix the log message when a local secret is not found so it's less confusing. Closes #6892. o Always initialize the sync db to allow for both asynchronous encryption and asynchronous decryption when syncing. o Fallback to utf-8 if confidence on chardet guessing is too low. o Refactor asynchronous encryption/decryption code to its own file. o Fix logging and graceful failing when exceptions are raised during sync. o Improve log messages when concurrently fetching documents from the server. o Store all incoming documents in the sync db (#5895). o Include the IV in the encrypted document MAC (#6400). o Adapt soledad to the new events api on leap.common. Related to #6359. o Add a pool of HTTP/HTTPS connections that is able to verify the server certificate against a given CA certificate. o Use twisted.enterprise.adbapi for access to the sync database. o Use twisted.web.client for client sync. Common: o Include couch design docs source files in source distribution and only compile ddocs.py when building the package (#5896). o Bail out if cdocs/ dir does not exist. Closes: #6671 o Remove unneeded parameters from CouchServerState initialization. Closes #6833. o Adapt soledad to the new events api on leap.common. Related to #6359. Server: o Run daemon as user soledad (#6436). o Avoid use of SSLv3 (#6437). o Fix server initscript location (#6557). o Add dependency on Twisted. Closes #6797. o Remove unneeded parameters from CouchServerState initialization. Closes #6833. o Fix server daemon uid and gid by passing them to twistd on the initscript. o Use monthly token databases. Closes #6785. 0.6.5 Apr 09 2015: Server: o Remove unneeded parameters from CouchServerState initialization. Closes #6833. 0.6.4 Jan 23 2015: Common: o Bail out if cdocs/ dir does not exist. Closes: #6671 0.6.3 Dec 16 2014: Client: o Fix deferred encryption/decryption parameters (#6500). 0.6.2 Dec 11 2014: Client: o Fix incorrect ssl context setup. 0.6.1 Dec 08 2014: Client: o Use TLS v1 in soledad client. Fixes partially #6437 Server: o Run daemon as user soledad (#6436). o Avoid use of SSLv3 (#6437). 0.6.0 Jul 18, 2014: Client: o Close all connections after syncing. Fixes #5518. o Reset synchronizer state in order to reuse the same synchronizer object multiple times. o Use temporal database for encryption/decryption during sync. Closes #5326. o Add sync status signals. Closes #5517. o Allow for interrupting and recovering sync. Closes #5517. o Parallelize sync requests and reuse HTTP connections. o Split sync in multiple POST requests in client. Closes #5571. Common: o Use a dedicated HTTP resource for couch multipart PUTs to avoid bigcouch. Closes #5739. Server: o Pin PyOpenSSL dependency version to <0.14 to avoid yet another crypto dependency. o Authenticate in time-insensitive manner. Closes #3399. o Allow for interrupting and recovering sync. Closes #5517. o Split sync in multiple POST requests in server. Closes #5571. 0.5.2 Jun 6, 2014: Client: o Reset synchronizer state in order to reuse the same synchronizer object multiple times. o Add sync status signals. Closes #5517. o Allow for interrupting and recovering sync. Closes #5517. o Split sync in multiple POST requests in client. Closes #5571. Common: o Use a dedicated HTTP resource for couch multipart PUTs to avoid bigcouch bug. Fixes #5739. Server: o Allow for interrupting and recovering sync. Closes #5517. o Split sync in multiple POST requests in server. Closes #5571. o Authenticate in time-insensitive manner. Closes #3399. 0.5.1 May 16, 2014: Client: o Close connection with server after syncing to avoid client hanging on exit. Fixes #5507. Common: o Properly close connections on couch backend. Also prevent file descriptor leaks on tests. Closes #5493. o Prevent couch backend from always trying to create the database. Fixes #5386. o Prevent Couch Server State from making one uneeded GET request on instantiation. Fixes #5386. 0.5.0 Apr 4, 2014: Client: o Catch lock timeout exception. Fixes #4435. o Add lock for create_doc and update_indexes call, prevents concurrent access to the db. Closes #5139. o Back-compatibility for socket.create_connection interface in 2.6. Closes #5208. o Always return unicode in helper method, even on UnicodeError. Related to #4998. o Fix a bug in soledad.client.sqlcipher by which we were creating a new connection for each sync. o Unlock shared_db if anything fails in the bootstrap sequence. Fixes #4702. o Avoid concurrent syncs for the same account, but allow for distinct accounts. Fixes #4451. o Adds a get_count_by_index to sqlcipher u1db backend. Related to: #4616. o Do not autocreate remote user database when syncing. Tapicero should make sure that that db is created when the user is created. Closes #5302. o Add a read-write lock for all client operations. Addresses: #4972 o Add sync=off and tem_store=mem to soledad client, for optimization. Common: o Add lock timeout HTTP error. Fixes #4435. o Remodel couch backend to fix concurrency and scalability. Closes #4475, #4682, #4683 and #4680. o Remove check for design docs on couch server state initialization Closes #5387. o Renew HTTP session after multipart PUTs to avoid request hanging. Fixes #5449. o Preload time.strptime() to avoid multi-threaded problem on couch backend get_docs() method. Fixes #5449. o Improve error messages. Closes #5035. o Add MissingTokenError and InvalidTokenError as sub exceptions from Unauthorized. o Allow sync of large files (~100MB). Closes #4836. o Add exceptions to deal with missing design documents. Fixes #4994. o Parallelize get_docs() on couch backend to accelerate sync. Closes #5008. o Use less memory when putting docs on couch. Fixes #5011. o Prevent CouchServerState from creating or deleting databases. This way, Soledad remote clients won't ever be able to do these operations when syncing. Part of #5302. o Avoid concurrent syncs problem by adding a lock for PUTting to the sync log update handler. Fixes #5388. o Remove check for couch permissions when CouchServerState is instantiated. This is not necessary anymore because platform takes care of giving the soledad user enough permissions and tapicero takes care of uploading the needed design documents. Server: o Send propper lock timeout response. Fixes #4435. o Fix raising of auth token errors. Fixes #5191. o Allow sync of large files (~100MB). Closes #4836. o Use a temporary directory for server side locks. Fixes #4918. o Catch couchdb.http.ResourceNotFound exceptions when accessing design documents on couch backend, and raise appropriate missing design documents exceptions. Fixes #4994. o Do not try to create the shared database when running the Soledad Server application. Fixes #5302. o Enable Gzip compression on the soledad wsgi app. 0.4.4 Dec 6, 2013: Client: o Add MAC verirication to the recovery document and soledad.json. Closes #4348. Common: o Add unicode conversion to put_doc(). Closes #4095. o Remove tests dependency on nose2. Closes #4258. 0.4.3 Nov 15, 2013: Client: o Defaults detected encoding to utf-8 to avoid bug if detected encoding is None. Closes: #4417 o Open db in autocommit mode, to avoid nested transactions problems. Closes: #4400 0.4.2 Nov 1, 2013: Client: o Support non-ascii passwords. Closes #4001. o Change error severity for missing secrets path. o Use chardet as fallback if cchardet not found. o Improve bootstrap sequence and allow for locking the shared database while creating/uploading the encryption secret. Closes #4097. Common: o Move some common functions and global variables to leap.soledad.common. Server: o Allow for locking the shared database. Closes #4097. 0.4.1 Oct 4, 2013: Client: o Save only UTF8 strings. Related to #3660. 0.4.0 Sep 20, 2013: Client: o Remove redundant logging when creating data dirs. Server: o Verify for couch permissions when starting server. Closes #3501. Common: o Improve u1db data storage in couch. Closes #3647. o Turn couchdb dependency for common into optional. Closes #2167. o Add verification for couch permissions. Closes #3501. 0.3.2 Sep 6, 2013: Client: o Use dirspec instead of plain xdg. Closes #3574. Server: o Fix the init script for soledad server so that it uses the new package namespace. 0.3.1 Aug 23, 2013: Client: o Add libsqlite3-dev requirement for soledad. o Check for None in private methods that depend on _db. Closes: #3497 o Add XSalsa20 symmetric encryption method. o Use pycryptopp for symmetric encryption. o Add public method to access the saved password. Closes #3118. o Split soledad package into common, client and server. Closes #3487. o Add versioneer, parse_requirements Server: o Split soledad package into common, client and server. Closes #3487. o Add versioneer, parse_requirements Common: o Split soledad package into common, client and server. Closes #3487. o Add versioneer, parse_requirements 0.3.0 Aug 9, 2013: Client: o Thread safe wrapper for pysqlcipher. o Fix a couple of typos that prevented certain functionality to work. Fixes #3306 Server: o A plaintext port is not opened by soledad server initscript call to twistd web anymore. Closes #3254. 0.2.3 Jul 26, 2013: Client: o Avoid possible timing attack in document's mac comparison by comparing hashes instead of plain macs. Closes #3243. Server: o Refactor server side auth classes to make it possible for other kinds of authentication to be easily implemented. Closes #2621. o Fix double specified /etc/leap/soledad-server.pem in initscript by pointing the PRIVKEY_PATH to /etc/leap/soledad-server.key. Fixes #3174. 0.2.2 Jul 12, 2013: Client: o Add method for password change. Server: o Use the right name as the WSGI server 0.2.1 Jun 28, 2013: Client: o Do not list the backends in the __init__'s __all__ to allow not supporting couch on the client side until the code is diveded into client and server. o Fix bad dependencies in setup.py. o Fix broken pip install o Database request have default timeout too high, a soledad.SOLEDAD_TIMEOUT variable has been added in order to have more control over this. Fixes #2713 o Add validation and authorization of actions upon interaction with server. o Add MAC authentication to encrypted representation of documents. o Add SQLCipher API to SQLCipher backend (allow for use of raw keys, add better encrypted db assertion, add cipher, kdf_iter, cipher_page_size and rekey PRAGMAS). o Change symmetric encryption method to AES-256 CTR mode. o Change the local storage of the storage secret: * Use scrypt to derive a key for the encryption of the storage secret. * Store secret in a file called 'soledad.json' by default. * Also store the salt and encryption details, as defined in the spec. * This change is not backwards compatible (i.e. all previously stored secrets are incompatible with this new encryption and storage scheme). o Improve tests coverage. o Split soledad client and server into two different packages. o Use scrypt to derive the key for local encryption. Server: o Add a `status` option to Soledad init script. o Allow to initialize soledad with a blank server o b64 encode all U1DB data in couch backend to avoid utf8 encoding problems. * init.d script improvements: * Add LSB (Linux Standards Base) 3.1 compliant header * Remove unnecessary backslashes in variable definitions * Replace environment variables with more standard upper-cased names * Make a TWISTD_PATH environment variable to replace hard-coded /usr/local/bin/twistd * Pull environment variables together into one block o Remove strict dependency on leap.common.