From 402d11ecd61cd821b0d6afe8f492253106747759 Mon Sep 17 00:00:00 2001 From: meejah Date: Sun, 5 Dec 2021 00:39:31 -0700 Subject: [PATCH] update NEWS.txt for release --- NEWS.rst | 75 ++++++++++++++++++++++++++++++++ newsfragments/3525.minor | 0 newsfragments/3527.minor | 0 newsfragments/3735.feature | 1 - newsfragments/3754.minor | 0 newsfragments/3758.minor | 0 newsfragments/3784.minor | 0 newsfragments/3786.feature | 1 - newsfragments/3792.minor | 0 newsfragments/3793.minor | 0 newsfragments/3795.minor | 0 newsfragments/3797.minor | 0 newsfragments/3798.minor | 0 newsfragments/3799.minor | 0 newsfragments/3800.minor | 0 newsfragments/3801.bugfix | 1 - newsfragments/3805.minor | 0 newsfragments/3806.minor | 0 newsfragments/3807.feature | 1 - newsfragments/3808.installation | 1 - newsfragments/3810.minor | 0 newsfragments/3812.minor | 0 newsfragments/3814.removed | 1 - newsfragments/3815.documentation | 1 - newsfragments/3819.security | 1 - newsfragments/3820.minor | 0 newsfragments/3821.security | 2 - newsfragments/3822.security | 2 - newsfragments/3823.security | 4 -- newsfragments/3824.security | 1 - newsfragments/3825.security | 8 ---- newsfragments/3827.security | 4 -- newsfragments/3829.minor | 0 newsfragments/3830.minor | 0 newsfragments/3831.minor | 0 newsfragments/3832.minor | 0 newsfragments/3833.minor | 0 newsfragments/3834.minor | 0 newsfragments/3835.minor | 0 newsfragments/3836.minor | 0 newsfragments/3837.other | 1 - newsfragments/3838.minor | 0 newsfragments/3839.security | 1 - newsfragments/3841.security | 1 - newsfragments/3842.minor | 0 newsfragments/3843.minor | 0 newsfragments/3847.minor | 0 47 files changed, 75 insertions(+), 32 deletions(-) delete mode 100644 newsfragments/3525.minor delete mode 100644 newsfragments/3527.minor delete mode 100644 newsfragments/3735.feature delete mode 100644 newsfragments/3754.minor delete mode 100644 newsfragments/3758.minor delete mode 100644 newsfragments/3784.minor delete mode 100644 newsfragments/3786.feature delete mode 100644 newsfragments/3792.minor delete mode 100644 newsfragments/3793.minor delete mode 100644 newsfragments/3795.minor delete mode 100644 newsfragments/3797.minor delete mode 100644 newsfragments/3798.minor delete mode 100644 newsfragments/3799.minor delete mode 100644 newsfragments/3800.minor delete mode 100644 newsfragments/3801.bugfix delete mode 100644 newsfragments/3805.minor delete mode 100644 newsfragments/3806.minor delete mode 100644 newsfragments/3807.feature delete mode 100644 newsfragments/3808.installation delete mode 100644 newsfragments/3810.minor delete mode 100644 newsfragments/3812.minor delete mode 100644 newsfragments/3814.removed delete mode 100644 newsfragments/3815.documentation delete mode 100644 newsfragments/3819.security delete mode 100644 newsfragments/3820.minor delete mode 100644 newsfragments/3821.security delete mode 100644 newsfragments/3822.security delete mode 100644 newsfragments/3823.security delete mode 100644 newsfragments/3824.security delete mode 100644 newsfragments/3825.security delete mode 100644 newsfragments/3827.security delete mode 100644 newsfragments/3829.minor delete mode 100644 newsfragments/3830.minor delete mode 100644 newsfragments/3831.minor delete mode 100644 newsfragments/3832.minor delete mode 100644 newsfragments/3833.minor delete mode 100644 newsfragments/3834.minor delete mode 100644 newsfragments/3835.minor delete mode 100644 newsfragments/3836.minor delete mode 100644 newsfragments/3837.other delete mode 100644 newsfragments/3838.minor delete mode 100644 newsfragments/3839.security delete mode 100644 newsfragments/3841.security delete mode 100644 newsfragments/3842.minor delete mode 100644 newsfragments/3843.minor delete mode 100644 newsfragments/3847.minor diff --git a/NEWS.rst b/NEWS.rst index e4fef833a..697c44c30 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -5,6 +5,81 @@ User-Visible Changes in Tahoe-LAFS ================================== .. towncrier start line +Release 1.16.0.post463 (2021-12-05)Release 1.16.0.post463 (2021-12-05) +''''''''''''''''''''''''''''''''''' + +Security-related Changes +------------------------ + +- The introducer server no longer writes the sensitive introducer fURL value to its log at startup time. Instead it writes the well-known path of the file from which this value can be read. (`#3819 `_) +- The storage protocol operation ``add_lease`` now safely rejects an attempt to add a 4,294,967,296th lease to an immutable share. + Previously this failed with an error after recording the new lease in the share file, resulting in the share file losing track of a one previous lease. (`#3821 `_) +- The storage protocol operation ``readv`` now safely rejects attempts to read negative lengths. + Previously these read requests were satisfied with the complete contents of the share file (including trailing metadata) starting from the specified offset. (`#3822 `_) +- The storage server implementation now respects the ``reserved_space`` configuration value when writing lease information and recording corruption advisories. + Previously, new leases could be created and written to disk even when the storage server had less remaining space than the configured reserve space value. + Now this operation will fail with an exception and the lease will not be created. + Similarly, if there is no space available, corruption advisories will be logged but not written to disk. (`#3823 `_) +- The storage server implementation no longer records corruption advisories about storage indexes for which it holds no shares. (`#3824 `_) +- The lease-checker now uses JSON instead of pickle to serialize its state. + + tahoe will now refuse to run until you either delete all pickle files or + migrate them using the new command:: + + tahoe admin migrate-crawler + + This will migrate all crawler-related pickle files. (`#3825 `_) +- The SFTP server no longer accepts password-based credentials for authentication. + Public/private key-based credentials are now the only supported authentication type. + This removes plaintext password storage from the SFTP credentials file. + It also removes a possible timing side-channel vulnerability which might have allowed attackers to discover an account's plaintext password. (`#3827 `_) +- The storage server now keeps hashes of lease renew and cancel secrets for immutable share files instead of keeping the original secrets. (`#3839 `_) +- The storage server now keeps hashes of lease renew and cancel secrets for mutable share files instead of keeping the original secrets. (`#3841 `_) + + +Features +-------- + +- Tahoe-LAFS releases now have just a .tar.gz source release and a (universal) wheel (`#3735 `_) +- tahoe-lafs now provides its statistics also in OpenMetrics format (for Prometheus et. al.) at `/statistics?t=openmetrics`. (`#3786 `_) +- If uploading an immutable hasn't had a write for 30 minutes, the storage server will abort the upload. (`#3807 `_) + + +Bug Fixes +--------- + +- When uploading an immutable, overlapping writes that include conflicting data are rejected. In practice, this likely didn't happen in real-world usage. (`#3801 `_) + + +Dependency/Installation Changes +------------------------------- + +- Tahoe-LAFS now supports running on NixOS 21.05 with Python 3. (`#3808 `_) + + +Documentation Changes +--------------------- + +- The news file for future releases will include a section for changes with a security impact. (`#3815 `_) + + +Removed Features +---------------- + +- The little-used "control port" has been removed from all node types. (`#3814 `_) + + +Other Changes +------------- + +- Tahoe-LAFS no longer runs its Tor integration test suite on Python 2 due to the increased complexity of obtaining compatible versions of necessary dependencies. (`#3837 `_) + + +Misc/Other +---------- + +- `#3525 `_, `#3527 `_, `#3754 `_, `#3758 `_, `#3784 `_, `#3792 `_, `#3793 `_, `#3795 `_, `#3797 `_, `#3798 `_, `#3799 `_, `#3800 `_, `#3805 `_, `#3806 `_, `#3810 `_, `#3812 `_, `#3820 `_, `#3829 `_, `#3830 `_, `#3831 `_, `#3832 `_, `#3833 `_, `#3834 `_, `#3835 `_, `#3836 `_, `#3838 `_, `#3842 `_, `#3843 `_, `#3847 `_ + Release 1.16.0 (2021-09-17) ''''''''''''''''''''''''''' diff --git a/newsfragments/3525.minor b/newsfragments/3525.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3527.minor b/newsfragments/3527.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3735.feature b/newsfragments/3735.feature deleted file mode 100644 index 5a86d5547..000000000 --- a/newsfragments/3735.feature +++ /dev/null @@ -1 +0,0 @@ -Tahoe-LAFS releases now have just a .tar.gz source release and a (universal) wheel diff --git a/newsfragments/3754.minor b/newsfragments/3754.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3758.minor b/newsfragments/3758.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3784.minor b/newsfragments/3784.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3786.feature b/newsfragments/3786.feature deleted file mode 100644 index ecbfc0372..000000000 --- a/newsfragments/3786.feature +++ /dev/null @@ -1 +0,0 @@ -tahoe-lafs now provides its statistics also in OpenMetrics format (for Prometheus et. al.) at `/statistics?t=openmetrics`. diff --git a/newsfragments/3792.minor b/newsfragments/3792.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3793.minor b/newsfragments/3793.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3795.minor b/newsfragments/3795.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3797.minor b/newsfragments/3797.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3798.minor b/newsfragments/3798.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3799.minor b/newsfragments/3799.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3800.minor b/newsfragments/3800.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3801.bugfix b/newsfragments/3801.bugfix deleted file mode 100644 index 504b3999d..000000000 --- a/newsfragments/3801.bugfix +++ /dev/null @@ -1 +0,0 @@ -When uploading an immutable, overlapping writes that include conflicting data are rejected. In practice, this likely didn't happen in real-world usage. \ No newline at end of file diff --git a/newsfragments/3805.minor b/newsfragments/3805.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3806.minor b/newsfragments/3806.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3807.feature b/newsfragments/3807.feature deleted file mode 100644 index f82363ffd..000000000 --- a/newsfragments/3807.feature +++ /dev/null @@ -1 +0,0 @@ -If uploading an immutable hasn't had a write for 30 minutes, the storage server will abort the upload. \ No newline at end of file diff --git a/newsfragments/3808.installation b/newsfragments/3808.installation deleted file mode 100644 index 157f08a0c..000000000 --- a/newsfragments/3808.installation +++ /dev/null @@ -1 +0,0 @@ -Tahoe-LAFS now supports running on NixOS 21.05 with Python 3. diff --git a/newsfragments/3810.minor b/newsfragments/3810.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3812.minor b/newsfragments/3812.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3814.removed b/newsfragments/3814.removed deleted file mode 100644 index 939d20ffc..000000000 --- a/newsfragments/3814.removed +++ /dev/null @@ -1 +0,0 @@ -The little-used "control port" has been removed from all node types. diff --git a/newsfragments/3815.documentation b/newsfragments/3815.documentation deleted file mode 100644 index 7abc70bd1..000000000 --- a/newsfragments/3815.documentation +++ /dev/null @@ -1 +0,0 @@ -The news file for future releases will include a section for changes with a security impact. \ No newline at end of file diff --git a/newsfragments/3819.security b/newsfragments/3819.security deleted file mode 100644 index 975fd0035..000000000 --- a/newsfragments/3819.security +++ /dev/null @@ -1 +0,0 @@ -The introducer server no longer writes the sensitive introducer fURL value to its log at startup time. Instead it writes the well-known path of the file from which this value can be read. diff --git a/newsfragments/3820.minor b/newsfragments/3820.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3821.security b/newsfragments/3821.security deleted file mode 100644 index 75d9904a2..000000000 --- a/newsfragments/3821.security +++ /dev/null @@ -1,2 +0,0 @@ -The storage protocol operation ``add_lease`` now safely rejects an attempt to add a 4,294,967,296th lease to an immutable share. -Previously this failed with an error after recording the new lease in the share file, resulting in the share file losing track of a one previous lease. diff --git a/newsfragments/3822.security b/newsfragments/3822.security deleted file mode 100644 index 5d6c07ab5..000000000 --- a/newsfragments/3822.security +++ /dev/null @@ -1,2 +0,0 @@ -The storage protocol operation ``readv`` now safely rejects attempts to read negative lengths. -Previously these read requests were satisfied with the complete contents of the share file (including trailing metadata) starting from the specified offset. diff --git a/newsfragments/3823.security b/newsfragments/3823.security deleted file mode 100644 index ba2bbd741..000000000 --- a/newsfragments/3823.security +++ /dev/null @@ -1,4 +0,0 @@ -The storage server implementation now respects the ``reserved_space`` configuration value when writing lease information and recording corruption advisories. -Previously, new leases could be created and written to disk even when the storage server had less remaining space than the configured reserve space value. -Now this operation will fail with an exception and the lease will not be created. -Similarly, if there is no space available, corruption advisories will be logged but not written to disk. diff --git a/newsfragments/3824.security b/newsfragments/3824.security deleted file mode 100644 index b29b2acc8..000000000 --- a/newsfragments/3824.security +++ /dev/null @@ -1 +0,0 @@ -The storage server implementation no longer records corruption advisories about storage indexes for which it holds no shares. diff --git a/newsfragments/3825.security b/newsfragments/3825.security deleted file mode 100644 index 3d112dd49..000000000 --- a/newsfragments/3825.security +++ /dev/null @@ -1,8 +0,0 @@ -The lease-checker now uses JSON instead of pickle to serialize its state. - -tahoe will now refuse to run until you either delete all pickle files or -migrate them using the new command:: - - tahoe admin migrate-crawler - -This will migrate all crawler-related pickle files. diff --git a/newsfragments/3827.security b/newsfragments/3827.security deleted file mode 100644 index 4fee19c76..000000000 --- a/newsfragments/3827.security +++ /dev/null @@ -1,4 +0,0 @@ -The SFTP server no longer accepts password-based credentials for authentication. -Public/private key-based credentials are now the only supported authentication type. -This removes plaintext password storage from the SFTP credentials file. -It also removes a possible timing side-channel vulnerability which might have allowed attackers to discover an account's plaintext password. diff --git a/newsfragments/3829.minor b/newsfragments/3829.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3830.minor b/newsfragments/3830.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3831.minor b/newsfragments/3831.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3832.minor b/newsfragments/3832.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3833.minor b/newsfragments/3833.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3834.minor b/newsfragments/3834.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3835.minor b/newsfragments/3835.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3836.minor b/newsfragments/3836.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3837.other b/newsfragments/3837.other deleted file mode 100644 index a9e4e6986..000000000 --- a/newsfragments/3837.other +++ /dev/null @@ -1 +0,0 @@ -Tahoe-LAFS no longer runs its Tor integration test suite on Python 2 due to the increased complexity of obtaining compatible versions of necessary dependencies. diff --git a/newsfragments/3838.minor b/newsfragments/3838.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3839.security b/newsfragments/3839.security deleted file mode 100644 index 1ae054542..000000000 --- a/newsfragments/3839.security +++ /dev/null @@ -1 +0,0 @@ -The storage server now keeps hashes of lease renew and cancel secrets for immutable share files instead of keeping the original secrets. diff --git a/newsfragments/3841.security b/newsfragments/3841.security deleted file mode 100644 index 867322e0a..000000000 --- a/newsfragments/3841.security +++ /dev/null @@ -1 +0,0 @@ -The storage server now keeps hashes of lease renew and cancel secrets for mutable share files instead of keeping the original secrets. \ No newline at end of file diff --git a/newsfragments/3842.minor b/newsfragments/3842.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3843.minor b/newsfragments/3843.minor deleted file mode 100644 index e69de29bb..000000000 diff --git a/newsfragments/3847.minor b/newsfragments/3847.minor deleted file mode 100644 index e69de29bb..000000000