CHANGELOG


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

0.3.0 Aug 9:
Client:
  o Thread safe wrapper for pysqlcipher.
  o Fix a couple of typos that prevented certain functionality to
    work. Fixes #3306
Server:
  o A plaintext port is not opened by soledad server initscript call
    to twistd web anymore. Closes #3254.

0.2.3 Jul 26:
Client:
  o Avoid possible timing attack in document's mac comparison by
    comparing hashes instead of plain macs. Closes #3243.
Server:
  o Refactor server side auth classes to make it possible for other
    kinds of authentication to be easily implemented. Closes #2621.
  o Fix double specified /etc/leap/soledad-server.pem in initscript by
    pointing the PRIVKEY_PATH to /etc/leap/soledad-server.key. Fixes
    #3174.

0.2.2 Jul 12:
Client:
  o Add method for password change.
Server:
  o Use the right name as the WSGI server

0.2.1 Jun 28:
Client:
  o Do not list the backends in the __init__'s __all__ to allow not
    supporting couch on the client side until the code is diveded into
    client and server.  o Fix bad dependencies in setup.py.
  o Fix broken pip install
  o Database request have default timeout too high, a
    soledad.SOLEDAD_TIMEOUT variable has been added in order to have
    more control over this. Fixes #2713
  o Add validation and authorization of actions upon interaction with
    server.
  o Add MAC authentication to encrypted representation of documents.
  o Add SQLCipher API to SQLCipher backend (allow for use of raw keys,
    add better encrypted db assertion, add cipher, kdf_iter,
    cipher_page_size and rekey PRAGMAS).
  o Change symmetric encryption method to AES-256 CTR mode.
  o Change the local storage of the storage secret:
      * Use scrypt to derive a key for the encryption of the storage
        secret.
      * Store secret in a file called 'soledad.json' by default.
      * Also store the salt and encryption details, as defined in the
        spec.
      * This change is not backwards compatible (i.e. all previously
        stored secrets are incompatible with this new encryption and
        storage scheme).
  o Improve tests coverage.
  o Split soledad client and server into two different packages.
  o Use scrypt to derive the key for local encryption.

Server:
  o Add a `status` option to Soledad init script.
  o Allow to initialize soledad with a blank server
  o b64 encode all U1DB data in couch backend to avoid utf8 encoding
    problems.
    * init.d script improvements:
    * Add LSB (Linux Standards Base) 3.1 compliant header
    * Remove unnecessary backslashes in variable definitions
    * Replace environment variables with more standard upper-cased names
    * Make a TWISTD_PATH environment variable to replace hard-coded
      /usr/local/bin/twistd
    * Pull environment variables together into one block o Remove strict
      dependency on leap.common.