1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
0.5.2 Jun 6, 2014:
Client:
o Reset synchronizer state in order to reuse the same synchronizer
object multiple times.
o Add sync status signals. Closes #5517.
o Allow for interrupting and recovering sync. Closes #5517.
o Split sync in multiple POST requests in client. Closes #5571.
Common:
o Use a dedicated HTTP resource for couch multipart PUTs to avoid bigcouch
bug. Fixes #5739.
Server:
o Allow for interrupting and recovering sync. Closes #5517.
o Split sync in multiple POST requests in server. Closes #5571.
o Authenticate in time-insensitive manner. Closes #3399.
0.5.1 May 16, 2014:
Client:
o Close connection with server after syncing to avoid client hanging
on exit. Fixes #5507.
Common:
o Properly close connections on couch backend. Also prevent file
descriptor leaks on tests. Closes #5493.
o Prevent couch backend from always trying to create the
database. Fixes #5386.
o Prevent Couch Server State from making one uneeded GET request on
instantiation. Fixes #5386.
0.5.0 Apr 4, 2014:
Client:
o Catch lock timeout exception. Fixes #4435.
o Add lock for create_doc and update_indexes call, prevents
concurrent access to the db. Closes #5139.
o Back-compatibility for socket.create_connection interface in
2.6. Closes #5208.
o Always return unicode in helper method, even on
UnicodeError. Related to #4998.
o Fix a bug in soledad.client.sqlcipher by which we were creating a
new connection for each sync.
o Unlock shared_db if anything fails in the bootstrap
sequence. Fixes #4702.
o Avoid concurrent syncs for the same account, but allow for
distinct accounts. Fixes #4451.
o Adds a get_count_by_index to sqlcipher u1db backend. Related to:
#4616.
o Do not autocreate remote user database when syncing. Tapicero
should make sure that that db is created when the user is
created. Closes #5302.
o Add a read-write lock for all client operations. Addresses: #4972
o Add sync=off and tem_store=mem to soledad client, for
optimization.
Common:
o Add lock timeout HTTP error. Fixes #4435.
o Remodel couch backend to fix concurrency and scalability. Closes
#4475, #4682, #4683 and #4680.
o Remove check for design docs on couch server state initialization
Closes #5387.
o Renew HTTP session after multipart PUTs to avoid request hanging.
Fixes #5449.
o Preload time.strptime() to avoid multi-threaded problem on couch
backend get_docs() method. Fixes #5449.
o Improve error messages. Closes #5035.
o Add MissingTokenError and InvalidTokenError as sub exceptions
from Unauthorized.
o Allow sync of large files (~100MB). Closes #4836.
o Add exceptions to deal with missing design documents. Fixes #4994.
o Parallelize get_docs() on couch backend to accelerate sync.
Closes #5008.
o Use less memory when putting docs on couch. Fixes #5011.
o Prevent CouchServerState from creating or deleting databases. This
way, Soledad remote clients won't ever be able to do these
operations when syncing. Part of #5302.
o Avoid concurrent syncs problem by adding a lock for PUTting to the
sync log update handler. Fixes #5388.
o Remove check for couch permissions when CouchServerState is
instantiated. This is not necessary anymore because platform
takes care of giving the soledad user enough permissions and
tapicero takes care of uploading the needed design documents.
Server:
o Send propper lock timeout response. Fixes #4435.
o Fix raising of auth token errors. Fixes #5191.
o Allow sync of large files (~100MB). Closes #4836.
o Use a temporary directory for server side locks. Fixes #4918.
o Catch couchdb.http.ResourceNotFound exceptions when accessing
design documents on couch backend, and raise appropriate missing
design documents exceptions. Fixes #4994.
o Do not try to create the shared database when running the Soledad
Server application. Fixes #5302.
o Enable Gzip compression on the soledad wsgi app.
0.4.4 Dec 6, 2013:
Client:
o Add MAC verirication to the recovery document and
soledad.json. Closes #4348.
Common:
o Add unicode conversion to put_doc(). Closes #4095.
o Remove tests dependency on nose2. Closes #4258.
0.4.3 Nov 15, 2013:
Client:
o Defaults detected encoding to utf-8 to avoid bug if detected
encoding is None. Closes: #4417
o Open db in autocommit mode, to avoid nested transactions problems.
Closes: #4400
0.4.2 Nov 1, 2013:
Client:
o Support non-ascii passwords. Closes #4001.
o Change error severity for missing secrets path.
o Use chardet as fallback if cchardet not found.
o Improve bootstrap sequence and allow for locking the shared
database while creating/uploading the encryption secret. Closes
#4097.
Common:
o Move some common functions and global variables to
leap.soledad.common.
Server:
o Allow for locking the shared database. Closes #4097.
0.4.1 Oct 4, 2013:
Client:
o Save only UTF8 strings. Related to #3660.
0.4.0 Sep 20, 2013:
Client:
o Remove redundant logging when creating data dirs.
Server:
o Verify for couch permissions when starting server. Closes #3501.
Common:
o Improve u1db data storage in couch. Closes #3647.
o Turn couchdb dependency for common into optional. Closes #2167.
o Add verification for couch permissions. Closes #3501.
0.3.2 Sep 6, 2013:
Client:
o Use dirspec instead of plain xdg. Closes #3574.
Server:
o Fix the init script for soledad server so that it uses the new
package namespace.
0.3.1 Aug 23, 2013:
Client:
o Add libsqlite3-dev requirement for soledad.
o Check for None in private methods that depend on _db. Closes:
#3497
o Add XSalsa20 symmetric encryption method.
o Use pycryptopp for symmetric encryption.
o Add public method to access the saved password. Closes #3118.
o Split soledad package into common, client and server. Closes
#3487.
o Add versioneer, parse_requirements
Server:
o Split soledad package into common, client and server. Closes
#3487.
o Add versioneer, parse_requirements
Common:
o Split soledad package into common, client and server. Closes
#3487.
o Add versioneer, parse_requirements
0.3.0 Aug 9, 2013:
Client:
o Thread safe wrapper for pysqlcipher.
o Fix a couple of typos that prevented certain functionality to
work. Fixes #3306
Server:
o A plaintext port is not opened by soledad server initscript call
to twistd web anymore. Closes #3254.
0.2.3 Jul 26, 2013:
Client:
o Avoid possible timing attack in document's mac comparison by
comparing hashes instead of plain macs. Closes #3243.
Server:
o Refactor server side auth classes to make it possible for other
kinds of authentication to be easily implemented. Closes #2621.
o Fix double specified /etc/leap/soledad-server.pem in initscript by
pointing the PRIVKEY_PATH to /etc/leap/soledad-server.key. Fixes
#3174.
0.2.2 Jul 12, 2013:
Client:
o Add method for password change.
Server:
o Use the right name as the WSGI server
0.2.1 Jun 28, 2013:
Client:
o Do not list the backends in the __init__'s __all__ to allow not
supporting couch on the client side until the code is diveded into
client and server. o Fix bad dependencies in setup.py.
o Fix broken pip install
o Database request have default timeout too high, a
soledad.SOLEDAD_TIMEOUT variable has been added in order to have
more control over this. Fixes #2713
o Add validation and authorization of actions upon interaction with
server.
o Add MAC authentication to encrypted representation of documents.
o Add SQLCipher API to SQLCipher backend (allow for use of raw keys,
add better encrypted db assertion, add cipher, kdf_iter,
cipher_page_size and rekey PRAGMAS).
o Change symmetric encryption method to AES-256 CTR mode.
o Change the local storage of the storage secret:
* Use scrypt to derive a key for the encryption of the storage
secret.
* Store secret in a file called 'soledad.json' by default.
* Also store the salt and encryption details, as defined in the
spec.
* This change is not backwards compatible (i.e. all previously
stored secrets are incompatible with this new encryption and
storage scheme).
o Improve tests coverage.
o Split soledad client and server into two different packages.
o Use scrypt to derive the key for local encryption.
Server:
o Add a `status` option to Soledad init script.
o Allow to initialize soledad with a blank server
o b64 encode all U1DB data in couch backend to avoid utf8 encoding
problems.
* init.d script improvements:
* Add LSB (Linux Standards Base) 3.1 compliant header
* Remove unnecessary backslashes in variable definitions
* Replace environment variables with more standard upper-cased names
* Make a TWISTD_PATH environment variable to replace hard-coded
/usr/local/bin/twistd
* Pull environment variables together into one block o Remove strict
dependency on leap.common.
|