summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Change bouncycastle urls" into stable-2.9upstream/stable-2.9Adithya Chakilam2021-11-201-2/+2
|\
| * Change bouncycastle urlsAdithya Chakilam2021-11-111-2/+2
| | | | | | | | | | | | | | The old urls redirect to these new urls and java code is failing on redirect. Change-Id: I734bb76e3fe621062c03d45edc577c0c4ac91e08
* | Update maven central urlAdithya Chakilam2021-11-191-1/+1
|/ | | | | | | | | The central repository no longer support insecure communication. see [1] for more details. [1]: https://support.sonatype.com/hc/en-us/articles/360041287334 Change-Id: I5386e400df48435bcc92a2c14a25032e4d77174f
* Consume JGit artifacts from Maven CentralDavid Pursehouse2019-01-181-1/+1
| | | | | | | | | The recent JGit releases were published to the Eclipse repository due to a security embargo. The embargo has since been lifted, and the releases are available on Maven Central, so switch back to consuming the artifacts from there. Change-Id: I054cc91f410451fe2f3da5b3c8274d8b5890a3bf
* Add release notes for Gerrit v2.9.5Luca Milanesio2019-01-112-0/+68
| | | | Change-Id: I4e16dfec89f25cd40e3ff1e684944c02bc8b574d
* Set version to 2.9.5v2.9.5Luca Milanesio2019-01-107-7/+7
| | | | Change-Id: I8bcda5f28cf9d5c6e01ecfbce1196553a8b46763
* Upgrade JGit to 4.5.5.201812240535-rDavid Ostrovsky2019-01-073-7/+13
| | | | | | | | | | | This release fixes an issue where AdvertiseRefsHook was not called for git-upload-pack in protocol v0 bidirectional transports, meaning that wants aren't validated and a user can fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they can guess the object name. Bug: Issue 10262 Change-Id: I5c1af5c7c549e1796fe6347c1ec08797471393a1
* Update JGit to latest 4.5.x releaseEdwin Kempin2018-12-2745-113/+112
| | | | | | | | | | | JGit releases older than 4.5 are known to be prone to issues with MissingObjectExceptions. Since this is a major JGit version upgrade some code needs to be adapted to changed JGit API. Change-Id: Ia9099a5ac8fcbaf873e3354b5a47d2178c97444a Signed-off-by: Edwin Kempin <ekempin@google.com>
* Resource exhausted because of unclosed LDAP connectionJiang Xin2016-06-102-2/+2
| | | | | | | | | | | | | | When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap connections. The 1st connection will bind LDAP to find the DN of the login user, and this connection will be closed in the try...finally block. But the 2nd LDAP connection used to validate user password is not closed at all. Too much unclosed TCP connections cause resource exhausted and latter LDAP authentication will fail. Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8 Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com> Signed-off-by: Jiang Xin <worldhello.net@gmail.com> (cherry picked from commit 7ac03844b38b7682b16d6b4ae701d410f84b18fe)
* Release notes for Gerrit 2.9.4v2.9.4David Pursehouse2014-12-272-0/+34
| | | | Change-Id: I936cd3f7f162b565badef49a8ec73109d04a9441
* Set version to 2.9.4David Pursehouse2014-12-278-8/+8
| | | | Change-Id: Ie80cfe765beb87e4a856bff21f98ba6cc3fa9bc8
* Update JGit to 3.4.2.201412180340-rMatthias Sohn2014-12-261-11/+6
| | | | | | | | | This JGit version mitigates CVE-2014-9390 [1]. [1] https://projects.eclipse.org/projects/technology.jgit/releases/3.4.2 Change-Id: I73503501ede0ac7be740ee4ea78787f60d0a5432 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Release notes for Gerrit 2.9.3v2.9.3David Pursehouse2014-12-092-0/+52
| | | | Change-Id: I26e586c0ba94a743ec02a6ac4a5ff1be9efb119b
* Set version to 2.9.3David Pursehouse2014-12-088-8/+8
| | | | Change-Id: I7e94c450e0bec68f4dff9c90321d007976faffab
* Update sha1 for sshd-core 0.9.0-4-g5967cfdHugo Arès2014-12-051-1/+1
| | | | | | | Build was failing with the following error message: expected 8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2 received 449ec11c4417b295dbf1661585a50c6ec7d9a452 Change-Id: I77f442694eb403aff50de00ec826724fdb570e70
* Downgrade SSHD to 0.9.0-4-g5967cfdSaša Živkov2014-12-046-63/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since there is no official 0.9.1 release of the SSHD yet, the 0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to the Google cloud storage. This change reverts the following Gerrit commits: 3d9c70c SSHD: Update to 0.13.0 52e4e0c Bump SSHD Mina version to 2.0.8 3921163 Don't use deprecated PGPPublicKeyRingCollection constructor 13452f4 Bump Bouncycastle version to 1.51 5f7d5a7 Update EncryptedContactStore to not use deprecated/removed methods f69698c Update SSHD to 0.11.1-atlassian-1 67c38c8 Added global request handlers to SshDaemon c31e17f Update sshd to 0.11.0 b9c66ea Bump SSHD version to 0.10.1 and enable nio2 backend The reason for the downgrade (copied from the change 60161): SSHD release 0.9 is known to be free from exhausting thread pool problem [1]. Unfortunately 0.9 release suffers from sporadic handshake failures [2]. The fix cannot be cleanly cherry-picked to 0.9 release. The back port of this fix [3] is tracked under its own issue [4], was uploaded as PR for SSHD Mina's GH repository [5] and merged recently [6]. Moreover, 0.9 suffers from "Authenticated with partial success" issue [7] that was fixed by [8], [9]; this patch must be applied as well. This reverts commit dc7318b8eeda15732d4d2865fc5a7a0a68b3be15. [1] https://issues.apache.org/jira/browse/SSHD-348 [2] https://issues.apache.org/jira/browse/SSHD-330 [3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=2aed686bdb21681a421033c6ee5997e5cd8a9a83 [4] https://issues.apache.org/jira/browse/SSHD-356 [5] https://github.com/apache/mina-sshd/pull/7 [6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=cc7162acf7ca89561ca57a9c68de735f17bf168b [7] https://issues.apache.org/jira/browse/SSHD-254 [8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\ h=28a8ae258b08c6b41ab64ac25f2331168dc0415a [9] https://gerrit-review.googlesource.com/51516 Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
* Use US spelling in 2.9.2 release notesDavid Pursehouse2014-11-281-3/+3
| | | | Change-Id: I967477d1b07be1f185c6b14fbd181df02431f084
* Release notes for Gerrit 2.9.2v2.9.2David Pursehouse2014-11-282-0/+157
| | | | Change-Id: I021de104c929d4c07188ac332016379cfca9696a
* postgres: fix PK drop, don't assume PK name as TABLE_pkeySaša Živkov2014-11-281-18/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When dropping a primary key, postgres requires the primary key name to be specified. In the UpdatePrimaryKeys init step it was assumed that the primary key name for a table X is always X_pkey. However, since the Schema_82 this pattern doesn't hold for those tables which were renamed in that migration, as the migration only renamed the tables. For example, before Schema_82 we had a table name: account_group_includes_by_uuid_audit and its primary key named: account_group_includes_by_uuid_audit_pkey This table was renamed to: account_group_by_id_aud but the primary key name didn't change. Therefore, the UpdatePrimaryKeys failed to drop the primary key using the TABLE_pkey pattern and couldn't then create the new primary key. Instead of assuming the TABLE_pkey pattern get the old primary key name from the DatabaseMetaData and use this name for dropping the existing primary key. Change-Id: I671b9912110fc22c842d2c15930a2c7b9906bd48
* Fix SubmoduleOp testsDavid Pursehouse2014-11-261-8/+0
| | | | | | | | | | | | | Patch set 31 of change I91bbdffa added an optimisation to prevent an unnecessary call to submoduleSubscriptions().delete(), but neglected to update the unit test mock expectations, thus causing them to fail. Remove unneeded expect() calls in the unit tests. Also, in future, remember to always run the unit tests again even if "only making a trivial change" :( Change-Id: I2d15c69028812a1a11382e854377605c404b3044
* Merge "Fix quoted-printable encoding of e-mail addresses" into stable-2.9David Pursehouse2014-11-262-8/+38
|\
| * Fix quoted-printable encoding of e-mail addressesJan Kundrát2014-11-252-8/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the RFC2047-style escapes are used for e-mail headers, only a limited subset of characters is allowed to be passed unescaped. This is governed by the "phrase" production in RFC 2047, section 5, case (3), see [1]. In real world, this manifested as silently truncating the "(Code Review)" part of the e-mail address when the author's name was not pure ASCII (/me waves). Both of the two most popular open source IMAP servers, Dovecot and Cyrus, interpret these Gerrit e-mails as having a RFC5322-style comment, and therefore that part effectively gets lost. GMail, on the other hand, shows this comment as a part of the From address. The change involved some refactoring of the way quoted-printable encoder works. Working on Unicode code points one at a time is easier in this context. It would be cool to delegate this altogether to some real library, but org.apache.commons.codec.net.QuotedPrintableCodec doesn't solve anything (it doesn't even bother to pretend that it talks RFC2047), and I don't think I could get away with introducing JavaMail as a dependency in a patch release. [1] https://tools.ietf.org/html/rfc2047#section-5 Change-Id: I77452728f9b55a16bc9bd65208c187c44ce43153
* | Merge "Remove 'send email' checkbox from reply box on change screen" into ↵David Pursehouse2014-11-264-16/+1
|\ \ | | | | | | | | | stable-2.9
| * | Remove 'send email' checkbox from reply box on change screenEdwin Kempin2014-11-244-16/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When replying to a change the 'send email' checkbox allowed to control if the change update should trigger email notifications for other users. This behaviour is bad for people who want to rely on email notifications since it depends on the replying users whether they get an email notification or not. By removing the 'send email' checkbox people are again in control about their own email notifications, e.g. by the watch settings they can configure which emails they want to receive. Still suppressing email notifications via the REST API is possible (and wanted, e.g. for CI jobs). Change-Id: If11863da6020a1d5b7edc1ae1a1a60399b197267 Signed-off-by: Edwin Kempin <edwin.kempin@sap.com> (cherry picked from commit 00aa3bfb977faf6e70f58a99bbba5ba4d77ab8c3)
* | Merge "Fix incorrect submodule subscriptions" into stable-2.9David Pursehouse2014-11-264-34/+76
|\ \
| * | Fix incorrect submodule subscriptionsGabor Somossy2014-11-254-34/+76
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gitlinks update fails after deleting a branch in a super project which has other branches subscribed to the same submodule branch. How to reproduce: 1. subscribe two branches in a super project to the same submodule branch 2. delete one of the branches in the super project 3. push a change to the subscribed submodule branch Proposed fixes: Delete submodule subscriptions when deleting a branch via UI or Git wire protocol. Delete incorrect subscriptions when the gitlinks update fails in SubmoduleOp. Bug: Issue 2989 Change-Id: I91bbdffa0770eb1754efc6cb7f1549e7dab5c3ce
* | Merge changes If70bf233,Ie90ccc80 into stable-2.9David Pursehouse2014-11-262-4/+4
|\ \ | |/ |/| | | | | | | * changes: Increase the size of HTTP passwords Do not throw away random bytes from the CSPRNG
| * Increase the size of HTTP passwordsJan Kundrát2014-11-202-2/+2
| | | | | | | | | | | | | | | | | | | | | | These passwords are generated on the server side, and a regular user has no way of increasing their length unless they ask an admin which is actually capable of setting them as an arbitrary string. The default length of just 12 characters might not be that much by today's standards. Password storage is cheap, and 31 random bytes mean 42 characters as a result, which is of course THE number to use. Change-Id: If70bf233aeb34bce46aa5a7d56f3bd64e0d108f3
| * Do not throw away random bytes from the CSPRNGJan Kundrát2014-11-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The older code generated LEN bytes of cryptography-safe random data and applied the base64 encoding on top of that. The base64 transformation, however, inflates the size of the data by 33%, and this means that only 9 bytes of randomness were actually used. Unless the goal was to discard some of the CSPRNG output to make sure that we do not leak too much stuff to a possible attacker, of course ("attacker" == "user generating passwords"). If that is the case, let me know and I'll send a patch clarifying that this is by design. Change-Id: Ie90ccc8012b3f6b9f80b74b879b713bc6959a874
* | Update system group documentationJonathan Nieder2014-11-211-38/+54
| | | | | | | | | | | | | | Administrators and batch users are not system groups any more, and the identity of system groups cannot be set in `system_config`. Change-Id: I1ec4d3e316115a669362d670f6e1eb7107aa2848
* | Merge "Consider rule action while constructing local owners list" into ↵David Pursehouse2014-11-213-5/+48
|\ \ | | | | | | | | | stable-2.9
| * | Consider rule action while constructing local owners listDariusz Luksza2014-11-203-5/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously rule action was not considered during computation of local owners list in ProjectState. This means that members of group that was added to OWNER permission with BLOCK or DENY action were considered as project owners. This patch fixes this security breach. Now groups assigned to OWNER permission with BLOCK or DENY action will not be recognized as owners Change-Id: I048f52d7b23b55c9e8843c5b2c9907b3326c8d40 Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
* | | Merge "Add InitStep to fix wrong primary key column order" into stable-2.9David Pursehouse2014-11-212-0/+172
|\ \ \
| * | | Add InitStep to fix wrong primary key column orderSaša Živkov2014-11-192-0/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For 2.9 and 2.10 we cannot perform this fix as a database migration as we cannot increase the schema version. Therefore, do the primary key fix in an InitStep for 2.9 and 2.10. In the master the primary key fix will be done as a normal schema migration and the InitStep introduced here will be deleted. Change-Id: I4478aabcd63f907a1acfc8e23982bcc6f1c4346f
* | | | Add CSS style name on review comment divDavid Pursehouse2014-11-201-1/+4
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having style names on the elements makes it easy to apply custom themes. The DIV element containing the review comment was the only one that did not have a name. Bug: Issue 2998 Change-Id: I028c3bf4c4067ef31b10b364f85a456750876d56
* | | Fix incorrect formatting in json documentationSven Selberg2014-11-201-2/+1
| |/ |/| | | | | Change-Id: Idaf47978ddd09c9f7a5708efb7d70afcfb8899f8
* | Don't use deprecated PGPPublicKeyRingCollection constructorDavid Pursehouse2014-11-191-1/+2
|/ | | | | | | | | | The PGPPublicKeyRingCollection constructor was deprecated in Bouncycastle v1.51. Use BcPGPPublicKeyRingCollection instead. Change-Id: I5bc4fb4927ba37ecbf7d3763809acc2f53d7fd4e (cherry picked from commit d26e43f22f2336efd18213ac88c285f8b95827cd)
* Set 'line-height: normal' for lines in side-by-side diffDavid Pursehouse2014-11-191-0/+1
| | | | | | | | On some browsers, accented characters are not displayed correctly because the line is not high enough. Bug: Issue 2970 Change-Id: I7a4e64f69f7d3c96a58d1bd1930d9f6c23896d14
* Add missing documentation of the groups_members cacheBruce Zu2014-11-191-0/+5
| | | | Change-Id: Ia2449cf4a04d4e0472d092431c5abbf7d6295ab2
* SideBySide2: Show file name in window title againRichard Möhn2014-11-131-0/+1
| | | | | | | | | | | | | | | | | | | | | In the old side by side diff screen, the name of the file being diffed was shown in the window title. For some reason the code that set the window title wasn't adopted from PatchScreen into SideBySide2. Put the setting of the window title back in. Put it into onInitUI(), since this was the place where it had first stood in PatchScreen. SideBySide2 already displays the path on the page, so leave out the setPageTitle() from PatchScreen, because this would display that path again. Also don't obtain the file name by finding the last slash with lastIndexOf() and then taking the substring from there, but use FileInfo.getFileName() instead. Searching for "lastIndexOf('/')" in the whole project gives quite some occurences. I thought reusing something might be a good idea. Bug: Issue 2960 Change-Id: I12a280b8a437b60e4e2f779b81072117d45a1505
* Merge "Fix documentation of the default value for core.streamFileThreshold" ↵David Pursehouse2014-11-131-2/+1
|\ | | | | | | into stable-2.9
| * Fix documentation of the default value for core.streamFileThresholdEdwin Kempin2014-11-121-2/+1
| | | | | | | | | | | | | | | | Since commit bfe9eec1 the default value for core.streamFileThreshold is 25% of the available JVM heap, limited to 2048m. Change-Id: I9308875e30470dc33bf9b437909842e87f974141 Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
* | Merge "Bump version to 2.9.2" into stable-2.9David Pursehouse2014-11-138-8/+8
|\ \
| * | Bump version to 2.9.2David Pursehouse2014-11-128-8/+8
| |/ | | | | | | Change-Id: I017362b20aa53684fc46acdfed6d3162405dbbc2
* | Remove uneeded dependency in ChangesCollectionHugo Arès2014-11-121-2/+0
| | | | | | | | | | | | | | Change I1db5373e31585e99c5f45e05274d86d69b4f24e6 added an unneeded dependency in ChangesCollection. Change-Id: I2f8609416518495624eda9e08309a6e14863fbe8
* | Delete a change from the index when it is not in the DBOlga Grinberg2014-11-128-6/+85
|/ | | | | | | | | | | | | | | | | | | If for some reason the secondary index is out of date, i.e. the change was deleted from the database but wasn't deleted from the secondary index, it was impossible to re-index (remove) that change. Add logic to automatically remove the change from the secondary index if this change is requested through the Change REST API endpoint and doesn't exist in the database. If a user click on search result from a stale change, he will a get a 404 page and the change will be removed from the index. To fix the problem without opening the change page, run a command like: curl --user <user name> -X POST http://<host>:<port>/a/changes/<change id>/index Issue: 2996 Change-Id: I1db5373e31585e99c5f45e05274d86d69b4f24e6
* Merge changes from topic 'sshd-upgrade' into stable-2.9Shawn Pearce2014-11-114-18/+23
|\ | | | | | | | | | | | | | | * changes: SSHD: Update to 0.13.0 Bump SSHD Mina version to 2.0.8 Bump Bouncycastle version to 1.51 Update EncryptedContactStore to not use deprecated/removed methods
| * SSHD: Update to 0.13.0David Ostrovsky2014-11-061-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | Long standing exhausting thread pool SSHD bug was apparently fixed upstream [1]. All Gerrit releases since 2.8.5 are known to suffer from this problem with the consequence that Gerrit must be restarted overnight. [1] https://issues.apache.org/jira/browse/SSHD-348 Change-Id: Ic52277050aa0cd19b19531ee997d312fd7273ebc
| * Bump SSHD Mina version to 2.0.8David Ostrovsky2014-11-061-2/+2
| | | | | | | | | | | | SSHD version 0.13.0 uses this Mina version. Change-Id: I7e27dce435764a19aa27b58ea619d063f640a8fb
| * Bump Bouncycastle version to 1.51David Ostrovsky2014-11-062-10/+10
| | | | | | | | | | | | | | | | | | | | This version fixed some bugs [1] and latest SSHD release that we need has upgraded to this version as well: [2]. [1] https://www.bouncycastle.org/releasenotes.html [2] https://issues.apache.org/jira/browse/SSHD-362 Change-Id: I84aee1e620091bcd49a1f0be47f4da011a8ff3ee
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 08:22:30 +0000