| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
The old urls redirect to these new urls and java code
is failing on redirect.
Change-Id: I734bb76e3fe621062c03d45edc577c0c4ac91e08
|
|/
|
|
|
|
|
|
|
| |
The central repository no longer support insecure communication.
see [1] for more details.
[1]: https://support.sonatype.com/hc/en-us/articles/360041287334
Change-Id: I5386e400df48435bcc92a2c14a25032e4d77174f
|
|
|
|
|
|
|
|
|
| |
The recent JGit releases were published to the Eclipse repository
due to a security embargo. The embargo has since been lifted, and
the releases are available on Maven Central, so switch back to
consuming the artifacts from there.
Change-Id: I054cc91f410451fe2f3da5b3c8274d8b5890a3bf
|
|
|
|
| |
Change-Id: I4e16dfec89f25cd40e3ff1e684944c02bc8b574d
|
|
|
|
| |
Change-Id: I8bcda5f28cf9d5c6e01ecfbce1196553a8b46763
|
|
|
|
|
|
|
|
|
|
|
| |
This release fixes an issue where AdvertiseRefsHook was not called for
git-upload-pack in protocol v0 bidirectional transports, meaning that
wants aren't validated and a user can fetch anything that is pointed
to by any ref (using fetch-by-sha1), as long as they can guess the
object name.
Bug: Issue 10262
Change-Id: I5c1af5c7c549e1796fe6347c1ec08797471393a1
|
|
|
|
|
|
|
|
|
|
|
| |
JGit releases older than 4.5 are known to be prone to issues
with MissingObjectExceptions.
Since this is a major JGit version upgrade some code needs to be adapted
to changed JGit API.
Change-Id: Ia9099a5ac8fcbaf873e3354b5a47d2178c97444a
Signed-off-by: Edwin Kempin <ekempin@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap
connections. The 1st connection will bind LDAP to find the DN of the
login user, and this connection will be closed in the try...finally
block. But the 2nd LDAP connection used to validate user password
is not closed at all. Too much unclosed TCP connections cause resource
exhausted and latter LDAP authentication will fail.
Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8
Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com>
Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
(cherry picked from commit 7ac03844b38b7682b16d6b4ae701d410f84b18fe)
|
|
|
|
| |
Change-Id: I936cd3f7f162b565badef49a8ec73109d04a9441
|
|
|
|
| |
Change-Id: Ie80cfe765beb87e4a856bff21f98ba6cc3fa9bc8
|
|
|
|
|
|
|
|
|
| |
This JGit version mitigates CVE-2014-9390 [1].
[1] https://projects.eclipse.org/projects/technology.jgit/releases/3.4.2
Change-Id: I73503501ede0ac7be740ee4ea78787f60d0a5432
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
|
|
|
| |
Change-Id: I26e586c0ba94a743ec02a6ac4a5ff1be9efb119b
|
|
|
|
| |
Change-Id: I7e94c450e0bec68f4dff9c90321d007976faffab
|
|
|
|
|
|
|
| |
Build was failing with the following error message:
expected 8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2
received 449ec11c4417b295dbf1661585a50c6ec7d9a452
Change-Id: I77f442694eb403aff50de00ec826724fdb570e70
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since there is no official 0.9.1 release of the SSHD yet, the
0.9.0-4-g5967cfd version was built from the 0.9.x branch and uploaded to
the Google cloud storage.
This change reverts the following Gerrit commits:
3d9c70c SSHD: Update to 0.13.0
52e4e0c Bump SSHD Mina version to 2.0.8
3921163 Don't use deprecated PGPPublicKeyRingCollection constructor
13452f4 Bump Bouncycastle version to 1.51
5f7d5a7 Update EncryptedContactStore to not use deprecated/removed methods
f69698c Update SSHD to 0.11.1-atlassian-1
67c38c8 Added global request handlers to SshDaemon
c31e17f Update sshd to 0.11.0
b9c66ea Bump SSHD version to 0.10.1 and enable nio2 backend
The reason for the downgrade (copied from the change 60161):
SSHD release 0.9 is known to be free from exhausting thread pool problem
[1]. Unfortunately 0.9 release suffers from sporadic handshake failures
[2]. The fix cannot be cleanly cherry-picked to 0.9 release. The back
port of this fix [3] is tracked under its own issue [4], was uploaded as
PR for SSHD Mina's GH repository [5] and merged recently [6].
Moreover, 0.9 suffers from "Authenticated with partial success" issue
[7]
that was fixed by [8], [9]; this patch must be applied as well.
This reverts commit dc7318b8eeda15732d4d2865fc5a7a0a68b3be15.
[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://issues.apache.org/jira/browse/SSHD-330
[3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=2aed686bdb21681a421033c6ee5997e5cd8a9a83
[4] https://issues.apache.org/jira/browse/SSHD-356
[5] https://github.com/apache/mina-sshd/pull/7
[6] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=cc7162acf7ca89561ca57a9c68de735f17bf168b
[7] https://issues.apache.org/jira/browse/SSHD-254
[8] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;\
h=28a8ae258b08c6b41ab64ac25f2331168dc0415a
[9] https://gerrit-review.googlesource.com/51516
Change-Id: I889fb02c2cb1aa5df2cf8dcabace086f5094a914
|
|
|
|
| |
Change-Id: I967477d1b07be1f185c6b14fbd181df02431f084
|
|
|
|
| |
Change-Id: I021de104c929d4c07188ac332016379cfca9696a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When dropping a primary key, postgres requires the primary key name to
be specified. In the UpdatePrimaryKeys init step it was assumed that
the primary key name for a table X is always X_pkey. However, since the
Schema_82 this pattern doesn't hold for those tables which were renamed
in that migration, as the migration only renamed the tables. For
example, before Schema_82 we had a table name:
account_group_includes_by_uuid_audit
and its primary key named:
account_group_includes_by_uuid_audit_pkey
This table was renamed to:
account_group_by_id_aud
but the primary key name didn't change. Therefore, the UpdatePrimaryKeys
failed to drop the primary key using the TABLE_pkey pattern and couldn't
then create the new primary key.
Instead of assuming the TABLE_pkey pattern get the old primary key
name from the DatabaseMetaData and use this name for dropping the
existing primary key.
Change-Id: I671b9912110fc22c842d2c15930a2c7b9906bd48
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch set 31 of change I91bbdffa added an optimisation to prevent an
unnecessary call to submoduleSubscriptions().delete(), but neglected
to update the unit test mock expectations, thus causing them to fail.
Remove unneeded expect() calls in the unit tests.
Also, in future, remember to always run the unit tests again even if
"only making a trivial change" :(
Change-Id: I2d15c69028812a1a11382e854377605c404b3044
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the RFC2047-style escapes are used for e-mail headers, only a
limited subset of characters is allowed to be passed unescaped. This is
governed by the "phrase" production in RFC 2047, section 5, case (3),
see [1].
In real world, this manifested as silently truncating the "(Code Review)"
part of the e-mail address when the author's name was not pure ASCII
(/me waves). Both of the two most popular open source IMAP servers,
Dovecot and Cyrus, interpret these Gerrit e-mails as having a
RFC5322-style comment, and therefore that part effectively gets lost.
GMail, on the other hand, shows this comment as a part of the From
address.
The change involved some refactoring of the way quoted-printable encoder
works. Working on Unicode code points one at a time is easier in this
context. It would be cool to delegate this altogether to some real
library, but org.apache.commons.codec.net.QuotedPrintableCodec doesn't
solve anything (it doesn't even bother to pretend that it talks
RFC2047), and I don't think I could get away with introducing JavaMail
as a dependency in a patch release.
[1] https://tools.ietf.org/html/rfc2047#section-5
Change-Id: I77452728f9b55a16bc9bd65208c187c44ce43153
|
|\ \
| | |
| | |
| | | |
stable-2.9
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When replying to a change the 'send email' checkbox allowed to control
if the change update should trigger email notifications for other
users. This behaviour is bad for people who want to rely on email
notifications since it depends on the replying users whether they get
an email notification or not. By removing the 'send email' checkbox
people are again in control about their own email notifications, e.g.
by the watch settings they can configure which emails they want to
receive. Still suppressing email notifications via the REST API is
possible (and wanted, e.g. for CI jobs).
Change-Id: If11863da6020a1d5b7edc1ae1a1a60399b197267
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
(cherry picked from commit 00aa3bfb977faf6e70f58a99bbba5ba4d77ab8c3)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The gitlinks update fails after deleting a branch in a super project
which has other branches subscribed to the same submodule branch.
How to reproduce:
1. subscribe two branches in a super project to the same submodule
branch
2. delete one of the branches in the super project
3. push a change to the subscribed submodule branch
Proposed fixes:
Delete submodule subscriptions when deleting a branch via UI or Git wire
protocol.
Delete incorrect subscriptions when the gitlinks update fails in
SubmoduleOp.
Bug: Issue 2989
Change-Id: I91bbdffa0770eb1754efc6cb7f1549e7dab5c3ce
|
|\ \
| |/
|/|
| |
| |
| | |
* changes:
Increase the size of HTTP passwords
Do not throw away random bytes from the CSPRNG
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These passwords are generated on the server side, and a regular user
has no way of increasing their length unless they ask an admin which
is actually capable of setting them as an arbitrary string. The
default length of just 12 characters might not be that much by today's
standards. Password storage is cheap, and 31 random bytes mean 42
characters as a result, which is of course THE number to use.
Change-Id: If70bf233aeb34bce46aa5a7d56f3bd64e0d108f3
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The older code generated LEN bytes of cryptography-safe random data
and applied the base64 encoding on top of that. The base64
transformation, however, inflates the size of the data by 33%, and
this means that only 9 bytes of randomness were actually used.
Unless the goal was to discard some of the CSPRNG output to make sure
that we do not leak too much stuff to a possible attacker, of course
("attacker" == "user generating passwords"). If that is the case, let
me know and I'll send a patch clarifying that this is by design.
Change-Id: Ie90ccc8012b3f6b9f80b74b879b713bc6959a874
|
| |
| |
| |
| |
| |
| |
| | |
Administrators and batch users are not system groups any more, and
the identity of system groups cannot be set in `system_config`.
Change-Id: I1ec4d3e316115a669362d670f6e1eb7107aa2848
|
|\ \
| | |
| | |
| | | |
stable-2.9
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously rule action was not considered during computation of local
owners list in ProjectState. This means that members of group that was
added to OWNER permission with BLOCK or DENY action were considered as
project owners.
This patch fixes this security breach. Now groups assigned to OWNER
permission with BLOCK or DENY action will not be recognized as owners
Change-Id: I048f52d7b23b55c9e8843c5b2c9907b3326c8d40
Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For 2.9 and 2.10 we cannot perform this fix as a database
migration as we cannot increase the schema version. Therefore, do the
primary key fix in an InitStep for 2.9 and 2.10. In the master the
primary key fix will be done as a normal schema migration and the
InitStep introduced here will be deleted.
Change-Id: I4478aabcd63f907a1acfc8e23982bcc6f1c4346f
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Having style names on the elements makes it easy to apply custom
themes.
The DIV element containing the review comment was the only one
that did not have a name.
Bug: Issue 2998
Change-Id: I028c3bf4c4067ef31b10b364f85a456750876d56
|
| |/
|/|
| |
| | |
Change-Id: Idaf47978ddd09c9f7a5708efb7d70afcfb8899f8
|
|/
|
|
|
|
|
|
|
|
| |
The PGPPublicKeyRingCollection constructor was deprecated in
Bouncycastle v1.51.
Use BcPGPPublicKeyRingCollection instead.
Change-Id: I5bc4fb4927ba37ecbf7d3763809acc2f53d7fd4e
(cherry picked from commit d26e43f22f2336efd18213ac88c285f8b95827cd)
|
|
|
|
|
|
|
|
| |
On some browsers, accented characters are not displayed correctly
because the line is not high enough.
Bug: Issue 2970
Change-Id: I7a4e64f69f7d3c96a58d1bd1930d9f6c23896d14
|
|
|
|
| |
Change-Id: Ia2449cf4a04d4e0472d092431c5abbf7d6295ab2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the old side by side diff screen, the name of the file being diffed
was shown in the window title. For some reason the code that set the
window title wasn't adopted from PatchScreen into SideBySide2.
Put the setting of the window title back in. Put it into onInitUI(),
since this was the place where it had first stood in PatchScreen.
SideBySide2 already displays the path on the page, so leave out the
setPageTitle() from PatchScreen, because this would display that path
again.
Also don't obtain the file name by finding the last slash with
lastIndexOf() and then taking the substring from there, but use
FileInfo.getFileName() instead. Searching for "lastIndexOf('/')" in the
whole project gives quite some occurences. I thought reusing something
might be a good idea.
Bug: Issue 2960
Change-Id: I12a280b8a437b60e4e2f779b81072117d45a1505
|
|\
| |
| |
| | |
into stable-2.9
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since commit bfe9eec1 the default value for core.streamFileThreshold
is 25% of the available JVM heap, limited to 2048m.
Change-Id: I9308875e30470dc33bf9b437909842e87f974141
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
|
|\ \ |
|
| |/
| |
| |
| | |
Change-Id: I017362b20aa53684fc46acdfed6d3162405dbbc2
|
| |
| |
| |
| |
| |
| |
| | |
Change I1db5373e31585e99c5f45e05274d86d69b4f24e6 added an unneeded
dependency in ChangesCollection.
Change-Id: I2f8609416518495624eda9e08309a6e14863fbe8
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If for some reason the secondary index is out of date, i.e. the change
was deleted from the database but wasn't deleted from the secondary
index, it was impossible to re-index (remove) that change.
Add logic to automatically remove the change from the secondary index
if this change is requested through the Change REST API endpoint and
doesn't exist in the database.
If a user click on search result from a stale change, he will a get a
404 page and the change will be removed from the index.
To fix the problem without opening the change page, run a command like:
curl --user <user name> -X POST http://<host>:<port>/a/changes/<change id>/index
Issue: 2996
Change-Id: I1db5373e31585e99c5f45e05274d86d69b4f24e6
|
|\
| |
| |
| |
| |
| |
| |
| | |
* changes:
SSHD: Update to 0.13.0
Bump SSHD Mina version to 2.0.8
Bump Bouncycastle version to 1.51
Update EncryptedContactStore to not use deprecated/removed methods
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Long standing exhausting thread pool SSHD bug was apparently fixed
upstream [1].
All Gerrit releases since 2.8.5 are known to suffer from this problem
with the consequence that Gerrit must be restarted overnight.
[1] https://issues.apache.org/jira/browse/SSHD-348
Change-Id: Ic52277050aa0cd19b19531ee997d312fd7273ebc
|
| |
| |
| |
| |
| |
| | |
SSHD version 0.13.0 uses this Mina version.
Change-Id: I7e27dce435764a19aa27b58ea619d063f640a8fb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This version fixed some bugs [1] and latest SSHD release that we need
has upgraded to this version as well: [2].
[1] https://www.bouncycastle.org/releasenotes.html
[2] https://issues.apache.org/jira/browse/SSHD-362
Change-Id: I84aee1e620091bcd49a1f0be47f4da011a8ff3ee
|