summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Honor toogleWipState permission for %ready %wip push optionsSven Selberg2020-12-033-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When toogleWipState permission was implemented these push options were forgotten: * 6def400 Add new change permission: Toggle Work In Progress state Bug: Issue 13775 Change-Id: I98fc845b6f93b4a6eeff9eba86c3f246b724400d
* | | | Merge branch 'stable-3.0' into stable-3.1Marco Miller2020-12-030-0/+0
|\ \ \ \ | |/ / / |/| / / | |/ / | | | | | | | | | | | | | | | * stable-3.0: Update JGit to 5.3.9.202012012026-r Update JGit to 5.1.15.202012011955-r Upgrade JGit to 5.1.14.202011251942-r Change-Id: Ic72797b920cf6d838e22f5422cd814239d32ebd2
| * | Merge branch 'stable-2.16' into stable-3.0Marco Miller2020-12-030-0/+0
| |\| | | | | | | | | | | | | | | | | | | * stable-2.16: Update JGit to 5.1.15.202012011955-r Change-Id: I9f1dba85ca7860082254ba2437dec3bc7b170e16
| | * Update JGit to 5.1.15.202012011955-rMatthias Sohn2020-12-021-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | This version fixes a bug occurring when processing a fetch request and running gc concurrently. Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349 Change-Id: I605749727d39822683371b98d996f5afdf1604e9
| * | Update JGit to 5.3.9.202012012026-rMatthias Sohn2020-12-021-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | This version fixes a bug occurring when processing a fetch request and running gc concurrently. Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349 Change-Id: I6aa23a9ac75a059156ee26b5a4e72bab676b7655
| * | Merge branch 'stable-2.16' into stable-3.0Marco Miller2020-12-010-0/+0
| |\| | | | | | | | | | | | | | | | | | | * stable-2.16: Upgrade JGit to 5.1.14.202011251942-r Change-Id: I3e6c74fa97044e3c16a7c74b01b05d4e7eac1dc7
| | * Upgrade JGit to 5.1.14.202011251942-rMatthias Sohn2020-11-261-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version contains the following fix: Ensure that GC#deleteOrphans respects pack lock If pack or index files are guarded by a pack lock (.keep file) deleteOrphans() should not touch the respective files protected by the lock file. Otherwise it may interfere with PackInserter concurrently inserting a new pack file and its index. Release Notes: https://projects.eclipse.org/projects/technology.jgit/releases/5.1.14 Bug: Issue 13544 Change-Id: Ieeb5a883bcb487a4d45f299aec5b31475002cdd3
* | | Update JGit to c9d871f15Matthias Sohn2020-12-021-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | This version fixes a bug occurring when processing a fetch request and running gc concurrently. Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349 Change-Id: If9262d80bb50e107d6ba478b781160adc51cacdc
* | | Merge branch 'stable-3.0' into stable-3.1Marco Miller2020-11-305-16/+51
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-3.0: Bump up jetty version to 9.4.33.v20201020 Upgrade JGit to 5.3.8.202011260953-r Fix bazel run_shell usage for newer versions Use strict equality Add a warning if submitting a change with an open change edit Change-Id: I96701e61e1e2b5daed0be9cc106ba858419f3926
| * | Merge branch 'stable-2.16' into stable-3.0Marco Miller2020-11-301-6/+6
| |\| | | | | | | | | | | | | | | | | | | * stable-2.16: Fix bazel run_shell usage for newer versions Change-Id: I8abcf83cb4886f18a340eda46e560a10e0060ebd
| | * Fix bazel run_shell usage for newer versionsKeith Smiley2020-11-241-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Bazel option `--incompatible_run_shell_command_string` is going to be flipped to true in upcoming Bazel 4.0 release per default, see: [1] for more details. Test Plan: bazel build :release [1] https://github.com/bazelbuild/bazel/issues/5903 Bug: Issue 13612 Change-Id: Icc9589906198386b1e4805ceeabbb420a7ea1afb (cherry picked from commit c1f4e91406b9da411dd2f5eab4ee92bfc761e1f4)
| * | Bump up jetty version to 9.4.33.v20201020Antonio Barone2020-11-271-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version, in particular, fixes the bug: "Request without Host header fails with NullPointerException in ForwardedRequestCustomizer" [1] This bug caused Gerrit to throw a NullPointerException when serving forwarded http/1.0 requests having no `Host` header set. [1] https://github.com/eclipse/jetty.project/issues/5443 Bug: Issue 13752 Change-Id: I9f9f7df74f6d6c3996e044ba9883b2aa8951c209
| * | Upgrade JGit to 5.3.8.202011260953-rMatthias Sohn2020-11-261-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version contains the following fix: Ensure that GC#deleteOrphans respects pack lock If pack or index files are guarded by a pack lock (.keep file) deleteOrphans() should not touch the respective files protected by the lock file. Otherwise it may interfere with PackInserter concurrently inserting a new pack file and its index. Release Notes: https://projects.eclipse.org/projects/technology.jgit/releases/5.1.14 Bug: Issue 13544 Change-Id: I81272f4cac9923b63b0966bcf227325efbf7d0e9
| * | Merge changes from topic "warning-submitting" into stable-3.0David Ostrovsky2020-11-243-1/+36
| |\ \ | | | | | | | | | | | | | | | | | | | | * changes: Use strict equality Add a warning if submitting a change with an open change edit
| | * | Use strict equalityPaladox none2020-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was done in another commit [1]. [1] https://gerrit-review.googlesource.com/c/gerrit/+/281526/3/polygerrit-ui/app/elements/change/gr-confirm-submit-dialog/gr-confirm-submit-dialog.ts#71 Change-Id: I2ae7435922b55a4e5f5422b73a65bc83c44cdf94
| | * | Add a warning if submitting a change with an open change editHan-Wen Nienhuys2020-11-203-1/+36
| | | | | | | | | | | | | | | | | | | | | | | | Bug: Issue 12287 Change-Id: I25aa799a69d0fcce1db55d9d1ed87675a6d3f1fb (cherry picked from commit a36f08348aaab175cab001d6f50be1db903a6d7b)
* | | | Upgrade JGit to ad902087Matthias Sohn2020-11-271-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version contains the following fix: Ensure that GC#deleteOrphans respects pack lock If pack or index files are guarded by a pack lock (.keep file) deleteOrphans() should not touch the respective files protected by the lock file. Otherwise it may interfere with PackInserter concurrently inserting a new pack file and its index. Bug: Issue 13544 Change-Id: I7266f7b0c164826140726b939a647489902633b9
* | | | Merge branch 'stable-3.0' into stable-3.1David Ostrovsky2020-11-241-4/+4
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-3.0: Update bazel-toolchains to 3.1.0 Change-Id: Iea68c8df802120c2ba18e9fdb75c390660f13db4
| * | | Merge branch 'stable-2.16' into stable-3.0David Ostrovsky2020-11-241-4/+4
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | * stable-2.16: Update bazel-toolchains to 3.1.0 Change-Id: I77a62d8a61814b46a867fa2784679ed787934c6b
| | * | Update bazel-toolchains to 3.1.0Xudong Yang2020-11-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The version of bazel-toolchain in the current WORKSPACE file has some invalid escape sequences (https://buildkite.com/bazel/bazel-at-head-plus-downstream/builds/1756#951353b2-9c81-4819-b89e-e448b043f284). Bazel itself uses bazel-toolchains 3.1.0 right now, and those invalid escape sequences have been fixed some time before 3.1.0. Change-Id: I013dfb1202bb2cbecd0d479e0fcd9e59a80ce929 (cherry picked from commit f100cda91ea0278bf2d4b1e68f18d35779d3209e)
* | | | Merge branch 'stable-3.0' into stable-3.1Marco Miller2020-11-207-5/+65
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-3.0: Disk cache metrics require cache.enableDiskStatMetrics Set version to 2.14.22 ElasticContainer: Upgrade V6_8 to elasticsearch 6.8.13 Upgrade testcontainers to 1.15.0 Workaround Gitiles bug on All-Users visibility Validate Gerrit changes on stable-2.15 with Jenkins Set version to 2.15.22-SNAPSHOT Set version to 3.0.16-SNAPSHOT Set version to 2.15.21 Set version to 3.0.15 Set version to 2.16.26-SNAPSHOT Set version to 2.16.25 Workaround Gitiles bug on All-Users visibility Workaround Gitiles bug on All-Users visibility Workaround Gitiles bug on All-Users visibility Set version to 2.15.21-SNAPSHOT Set version to 2.15.20 Fetch JGit documentation from the archive site Remove generation for c.g.gwtexpui.* JavaDoc Set version to 3.0.15-SNAPSHOT Set version to 2.16.25-SNAPSHOT Set version to 3.0.14 Set version to 2.16.24 Make PermissionBackend#ForRef authoritative Validate Gerrit changes on stable-2.15 with Jenkins Fix tests for stable-2.15 branch Make PermissionBackend#ForRef authoritative Make PermissionBackend#ForRef authoritative Change-Id: I04b831523d35856d88718f31ccb9005911ec64bd
| * | | Merge branch 'stable-2.16' into stable-3.0Marco Miller2020-11-201-0/+5
| |\| | | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.16: Disk cache metrics require cache.enableDiskStatMetrics Set version to 2.14.22 Workaround Gitiles bug on All-Users visibility Validate Gerrit changes on stable-2.15 with Jenkins Set version to 2.15.22-SNAPSHOT Set version to 2.15.21 Set version to 2.16.26-SNAPSHOT Set version to 2.16.25 Workaround Gitiles bug on All-Users visibility Workaround Gitiles bug on All-Users visibility Set version to 2.15.21-SNAPSHOT Set version to 2.15.20 Fetch JGit documentation from the archive site Remove generation for c.g.gwtexpui.* JavaDoc Set version to 2.16.25-SNAPSHOT Set version to 2.16.24 Make PermissionBackend#ForRef authoritative Validate Gerrit changes on stable-2.15 with Jenkins Fix tests for stable-2.15 branch Make PermissionBackend#ForRef authoritative Change-Id: I43524c086a41461138d29dcea1aaf2edefce42c5
| | * Merge branch 'stable-2.15' into stable-2.16Marco Miller2020-11-200-0/+0
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.15: Set version to 2.14.22 Workaround Gitiles bug on All-Users visibility Validate Gerrit changes on stable-2.15 with Jenkins Set version to 2.15.22-SNAPSHOT Set version to 2.15.21 Workaround Gitiles bug on All-Users visibility Set version to 2.15.21-SNAPSHOT Set version to 2.15.20 Fetch JGit documentation from the archive site Remove generation for c.g.gwtexpui.* JavaDoc Make PermissionBackend#ForRef authoritative Validate Gerrit changes on stable-2.15 with Jenkins Fix tests for stable-2.15 branch Change-Id: I8cf90d6a78c946f12140462f97e81cca3f3c18e3
| | | * Merge branch 'stable-2.14' into stable-2.15Marco Miller2020-11-200-0/+0
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.14: Set version to 2.14.22 Workaround Gitiles bug on All-Users visibility Validate Gerrit changes on stable-2.15 with Jenkins Change-Id: I1839c9aebbbe14544464e07025fbd96d576dd5bf
| | | | * Merge branch 'stable-2.14-2020-11.notedb-refs-tags' into stable-2.14Luca Milanesio2020-11-199-8/+48
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.14-2020-11.notedb-refs-tags: Set version to 2.14.22 Workaround Gitiles bug on All-Users visibility Validate Gerrit changes on stable-2.15 with Jenkins Also, set target version to 2.14.23-SNAPSHOT. Change-Id: I400d374a5950c95d9abfedc8a6ff07a6b4864b66
| | | | | * Set version to 2.14.22v2.14.22upstream/stable-2.14-2020-11.notedb-refs-tagsLuca Milanesio2020-11-186-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Id3c767d04411ac7551e7016a37136a77e4ae8118
| | | | | * Workaround Gitiles bug on All-Users visibilityLuca Milanesio2020-11-172-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gitiles has special FilteredRepository wrapper that allows to carefully hide refs based on the project's ACLs. There is however an optimisation that skips the filtering in case a user has READ permissions on every ACLs patterns. When the target repository is All-Users, the optimisation turns into a security issue because it allows seeing everything that belongs to everyone: - draft comments - PII of all users - external ids - draft edits Block Gitiles or any other part of Gerrit to abuse of this power when the target repository is All-Users, where nobody can be authorised to skip the ACLs evaluation. Cover the additional special case of the All-Users project access with two explicit positive and negative tests, so that the security check is covered. Bug: Issue 13621 Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7 (cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33) (cherry picked from commit 1be1d6ff45f18c978fd21e5c7d437d0a1351d7d8)
| | | | | * Validate Gerrit changes on stable-2.15 with JenkinsLuca Milanesio2020-11-171-0/+1
| | | | |/ | | | | | | | | | | | | | | | | | | | | Change-Id: I35c47ba60c08e8d5d1f767672b5e83b7d29fea1b (cherry picked from commit 1346eab23259f8dc4adec9cb098e2f818c9cf79d)
| | | * | Merge branch 'stable-2.15-2020-11.notedb-refs-tags' into stable-2.15Luca Milanesio2020-11-1920-96/+871
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.15-2020-11.notedb-refs-tags: Set version to 2.15.22-SNAPSHOT Set version to 2.15.21 Workaround Gitiles bug on All-Users visibility Set version to 2.15.21-SNAPSHOT Set version to 2.15.20 Fetch JGit documentation from the archive site Remove generation for c.g.gwtexpui.* JavaDoc Make PermissionBackend#ForRef authoritative Validate Gerrit changes on stable-2.15 with Jenkins Fix tests for stable-2.15 branch Change-Id: I91db12c2c627550b2e897ccb4d7e27ee760cd32d
| | | | * | Set version to 2.15.22-SNAPSHOTupstream/stable-2.15-2020-11.notedb-refs-tagsLuca Milanesio2020-11-166-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I1ed863213d9946b77ae558d52094731db10ff721
| | | | * | Set version to 2.15.21v2.15.21Luca Milanesio2020-11-166-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I3e3eb891d717169f912a20e7de948cea1f47fab3
| | | | * | Workaround Gitiles bug on All-Users visibilityLuca Milanesio2020-11-132-2/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gitiles has special FilteredRepository wrapper that allows to carefully hide refs based on the project's ACLs. There is however an optimisation that skips the filtering in case a user has READ permissions on every ACLs patterns. When the target repository is All-Users, the optimisation turns into a security issue because it allows seeing everything that belongs to everyone: - draft comments - PII of all users - external ids - draft edits Block Gitiles or any other part of Gerrit to abuse of this power when the target repository is All-Users, where nobody can be authorised to skip the ACLs evaluation. Cover the additional special case of the All-Users project access with two explicit positive and negative tests, so that the security check is covered. Bug: Issue 13621 Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7 (cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
| | | | * | Set version to 2.15.21-SNAPSHOTLuca Milanesio2020-11-126-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I3f5c762fda9d47da21685ca12b0f6c80032a3be2
| | | | * | Set version to 2.15.20Luca Milanesio2020-11-126-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I83a8ece5ace5da608b3377461c572399b70962d0
| | | | * | Fetch JGit documentation from the archive siteLuca Milanesio2020-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I8e78f5064fda7c2ff73134f6ac3d681c6be2e7d1
| | | | * | Remove generation for c.g.gwtexpui.* JavaDocLuca Milanesio2020-11-121-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The JavaDoc for com.google.gwtexpui.* cannot be generated because the source files are not accessible anymore. Failing to generate the JavaDocs caused the Gerrit build to fail with 'No source files for package com.google.gwtexpui...'. Change-Id: Ie36e650962636813d8f9f615e495a980b7280420
| | | | * | Make PermissionBackend#ForRef authoritativePatrick Hiesel2020-11-1110-83/+818
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change fixes a misconception that leads to data being accessible through Gerrit APIs that should be locked down. Gerrit had two components for determining if a Git ref is visible to a user: (Default)RefFilter and PermissionBackend#ForRef (ex RefControl). The former was always capable of providing correct results for all refs. The latter only had logic to decide if a Git ref is visible according to the Gerrit READ permissions. This includes all refs under refs/heads as well as any other ref that isn't a database ref or a Git tag. This component was unware of Git tags and database references. Hence, when asked for a database reference such as refs/changes/xx/yyyyxx/meta the logic would allow access if the user has READ permissions on any of the ref prefixes, such as the default "read refs/* Anonymous Users". That is problematic, because it bypasses documented behavior [1] where a user should only have access to a change if they can see the destination ref. The same goes for other database references. This change fixes the problem. It is intentionally kept to a minimally invasive code change so that it's easier to backport it. Add tests to assert the correct behavior. These tests would fail before this fix. We have included them in this change to be able to backport just a single commit. [1] https://gerrit-review.googlesource.com/Documentation/access-control.html Change-Id: Ice3a756cf573dd9b38e3f198ccc44899ccf65f75
| | | | * | Validate Gerrit changes on stable-2.15 with JenkinsLuca Milanesio2020-11-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I35c47ba60c08e8d5d1f767672b5e83b7d29fea1b
| | | | * | Fix tests for stable-2.15 branchLuca Milanesio2020-11-111-0/+1
| | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the 'manual' tag to wct test_suite templates, so it is excluded from bazel test //... (cherry picked from commit ae42cd00bdfa8a34e75c563b62f0151a561cc82b) Change-Id: Idc62df90e90e6000fa0792799a3997580fc6b011
| | * | | Merge "Upgrade testcontainers to 1.15.0" into stable-2.16Edwin Kempin2020-11-206-4/+59
| | |\ \ \
| | * \ \ \ Merge "Disk cache metrics require cache.enableDiskStatMetrics" into stable-2.16Antoine Musso2020-11-191-0/+5
| | |\ \ \ \
| | | * | | | Disk cache metrics require cache.enableDiskStatMetricsAntoine Musso2020-11-181-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After setting up the metrics-reporter-prometheus, I have missed entries for caches/disk_cached and caches/disk_hit_ratio. Turns out they are disabled by default via cache.enableDiskStatMetrics. The feature flag comes from I41ee2d9a368c312b7b2729d17d6c19bee0d90922 which has been backported to all stable branches. Add to the metrics documentation a reference to enableDiskStatMetrics setting. Change-Id: I3620e0cb68b992f094a1b8d7b0016fc834a8e7e6
| | * | | | | Merge branch 'stable-2.16-2020-11.notedb-refs-tags' into stable-2.16Luca Milanesio2020-11-1918-132/+1045
| | |\ \ \ \ \ | | | |/ / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-2.16-2020-11.notedb-refs-tags: Set version to 2.16.26-SNAPSHOT Set version to 2.16.25 Workaround Gitiles bug on All-Users visibility Set version to 2.16.25-SNAPSHOT Set version to 2.16.24 Make PermissionBackend#ForRef authoritative Change-Id: Idec7d52fa1ef663240b4e3ca3900427b87d8d003
| | | * | | | Set version to 2.16.26-SNAPSHOTupstream/stable-2.16-2020-11.notedb-refs-tagsLuca Milanesio2020-11-166-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Icc689699eff3eb06a6b10e8221feab87e38b11e0
| | | * | | | Set version to 2.16.25v2.16.25Luca Milanesio2020-11-166-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I67be710b6fda2069e798964ec81ad9add637bab5
| | | * | | | Workaround Gitiles bug on All-Users visibilityLuca Milanesio2020-11-132-4/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gitiles has special FilteredRepository wrapper that allows to carefully hide refs based on the project's ACLs. There is however an optimisation that skips the filtering in case a user has READ permissions on every ACLs patterns. When the target repository is All-Users, the optimisation turns into a security issue because it allows seeing everything that belongs to everyone: - draft comments - PII of all users - external ids - draft edits Block Gitiles or any other part of Gerrit to abuse of this power when the target repository is All-Users, where nobody can be authorised to skip the ACLs evaluation. Cover the additional special case of the All-Users project access with two explicit positive and negative tests, so that the security check is covered. Bug: Issue 13621 Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7 (cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
| | | * | | | Set version to 2.16.25-SNAPSHOTLuca Milanesio2020-11-126-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Icc90a7b68e2764cbdb677c7a7f2261c7cf015e7c
| | | * | | | Set version to 2.16.24Luca Milanesio2020-11-126-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: If3ea98f0db8ef6b102ce3775e19a64739b883f8e
| | | * | | | Make PermissionBackend#ForRef authoritativePatrick Hiesel2020-11-1112-122/+996
| | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change fixes a misconception that leads to data being accessible through Gerrit APIs that should be locked down. Gerrit had two components for determining if a Git ref is visible to a user: (Default)RefFilter and PermissionBackend#ForRef (ex RefControl). The former was always capable of providing correct results for all refs. The latter only had logic to decide if a Git ref is visible according to the Gerrit READ permissions. This includes all refs under refs/heads as well as any other ref that isn't a database ref or a Git tag. This component was unware of Git tags and database references. Hence, when asked for a database reference such as refs/changes/xx/yyyyxx/meta the logic would allow access if the user has READ permissions on any of the ref prefixes, such as the default "read refs/* Anonymous Users". That is problematic, because it bypasses documented behavior [1] where a user should only have access to a change if they can see the destination ref. The same goes for other database references. This change fixes the problem. It is intentionally kept to a minimally invasive code change so that it's easier to backport it. Add tests to assert the correct behavior. These tests would fail before this fix. We have included them in this change to be able to backport just a single commit. [1] https://gerrit-review.googlesource.com/Documentation/access-control.html Change-Id: Ice3a756cf573dd9b38e3f198ccc44899ccf65f75
| * | | | | Merge "ElasticContainer: Upgrade V6_8 to elasticsearch 6.8.13" into stable-3.0Edwin Kempin2020-11-201-1/+1
| |\ \ \ \ \
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 10:36:20 +0000