From 5fff60a37742db5026b6eae9fe52b4c5dc5287ba Mon Sep 17 00:00:00 2001 From: Luca Milanesio Date: Sat, 12 Mar 2022 02:04:10 +0000 Subject: Restore Java 11 binary bytecode for releases to Maven The switch to Java 8 as the default java toolchain in Change-Id: Ieb0d627ce5f4 has missed that the Maven release script generation was relying on the default toolchain for publishing. Introduce the Java 11 toolchain as the target for publishing to Maven, so that the binary bytecode can be restored as it was expected for all current v3.3.x versions. Release-Notes: skip Bug: Issue 15759 Change-Id: Ia4c29d1db800220cdbc4f1c015fdec9bd552188b --- tools/maven/package.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/maven/package.bzl b/tools/maven/package.bzl index b25656da7f..eacb02b9f4 100644 --- a/tools/maven/package.bzl +++ b/tools/maven/package.bzl @@ -40,7 +40,7 @@ def maven_package( src = {}, doc = {}, war = {}): - build_cmd = ["bazel_cmd", "build"] + build_cmd = ["bazel_cmd", "build", "--java_toolchain=//tools:error_prone_warnings_toolchain_java11"] mvn_cmd = ["python", "tools/maven/mvn.py", "-v", version] api_cmd = mvn_cmd[:] api_targets = [] -- cgit v1.2.3 From 03ba8b11c9f0d5c4a87a8bf58fb30e4270e37a54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20=C3=85kerman?= Date: Mon, 17 Jan 2022 16:26:19 +0100 Subject: Separate reviewer-recipients from project-watch-recipients To ensure that project-watch emails are sent regardless of other notfication configurations. Without this fix you will not get any email notifications for watched projects when you have set "Only when I am in the Attention-Set" and you are outside of the attention-set. Release-Notes: Fixed lost watch notifications when attention-set-only is configured Bug: Issue 14912 Change-Id: I0707c588f23f13c617cdfb565171adff12833ea9 --- .../gerrit/server/mail/send/ChangeEmail.java | 26 +++++++++++------ .../server/mail/send/CreateChangeSender.java | 2 +- .../gerrit/server/mail/send/NotificationEmail.java | 4 ++- .../acceptance/rest/change/AttentionSetIT.java | 33 +++++++++++++++------- 4 files changed, 45 insertions(+), 20 deletions(-) diff --git a/java/com/google/gerrit/server/mail/send/ChangeEmail.java b/java/com/google/gerrit/server/mail/send/ChangeEmail.java index 8d76e23211..7890d35961 100644 --- a/java/com/google/gerrit/server/mail/send/ChangeEmail.java +++ b/java/com/google/gerrit/server/mail/send/ChangeEmail.java @@ -397,14 +397,24 @@ public abstract class ChangeEmail extends NotificationEmail { @Override protected void add(RecipientType rt, Account.Id to) { - Optional accountState = args.accountCache.get(to); - if (!accountState.isPresent()) { - return; - } - if (accountState.get().generalPreferences().getEmailStrategy() - == EmailStrategy.ATTENTION_SET_ONLY - && !currentAttentionSet.contains(to)) { - return; + addRecipient(rt, to, /* isWatcher= */ false); + } + + /** This bypasses the EmailStrategy.ATTENTION_SET_ONLY strategy when adding the recipient. */ + @Override + protected void addWatcher(RecipientType rt, Account.Id to) { + addRecipient(rt, to, /* isWatcher= */ true); + } + + private void addRecipient(RecipientType rt, Account.Id to, boolean isWatcher) { + if (!isWatcher) { + Optional accountState = args.accountCache.get(to); + if (accountState.isPresent() + && accountState.get().generalPreferences().getEmailStrategy() + == EmailStrategy.ATTENTION_SET_ONLY + && !currentAttentionSet.contains(to)) { + return; + } } if (emailOnlyAuthors && !authors.contains(to)) { return; diff --git a/java/com/google/gerrit/server/mail/send/CreateChangeSender.java b/java/com/google/gerrit/server/mail/send/CreateChangeSender.java index b78dc62ce7..2ab73a8484 100644 --- a/java/com/google/gerrit/server/mail/send/CreateChangeSender.java +++ b/java/com/google/gerrit/server/mail/send/CreateChangeSender.java @@ -60,7 +60,7 @@ public class CreateChangeSender extends NewChangeSender { // TODO(hiesel): Remove special handling for owners StreamSupport.stream(matching.all().accounts.spliterator(), false) .filter(this::isOwnerOfProjectOrBranch) - .forEach(acc -> add(RecipientType.TO, acc)); + .forEach(acc -> addWatcher(RecipientType.TO, acc)); // Add everyone else. Owners added above will not be duplicated. add(RecipientType.TO, matching.to); add(RecipientType.CC, matching.cc); diff --git a/java/com/google/gerrit/server/mail/send/NotificationEmail.java b/java/com/google/gerrit/server/mail/send/NotificationEmail.java index 5ffd9284b7..91310ce094 100644 --- a/java/com/google/gerrit/server/mail/send/NotificationEmail.java +++ b/java/com/google/gerrit/server/mail/send/NotificationEmail.java @@ -82,13 +82,15 @@ public abstract class NotificationEmail extends OutgoingEmail { /** Add users or email addresses to the TO, CC, or BCC list. */ protected void add(RecipientType type, Watchers.List list) { for (Account.Id user : list.accounts) { - add(type, user); + addWatcher(type, user); } for (Address addr : list.emails) { add(type, addr); } } + protected abstract void addWatcher(RecipientType type, Account.Id to); + public String getSshHost() { String host = Iterables.getFirst(args.sshAddresses, null); if (host == null) { diff --git a/javatests/com/google/gerrit/acceptance/rest/change/AttentionSetIT.java b/javatests/com/google/gerrit/acceptance/rest/change/AttentionSetIT.java index 61eef63b5f..5c5094908a 100644 --- a/javatests/com/google/gerrit/acceptance/rest/change/AttentionSetIT.java +++ b/javatests/com/google/gerrit/acceptance/rest/change/AttentionSetIT.java @@ -1438,11 +1438,7 @@ public class AttentionSetIT extends AbstractDaemonTest { // Add preference for the user such that they only receive an email on changes that require // their attention. - requestScopeOperations.setApiUser(user.id()); - GeneralPreferencesInfo prefs = gApi.accounts().self().getPreferences(); - prefs.emailStrategy = EmailStrategy.ATTENTION_SET_ONLY; - gApi.accounts().self().setPreferences(prefs); - requestScopeOperations.setApiUser(admin.id()); + setEmailStrategyForUser(EmailStrategy.ATTENTION_SET_ONLY); // Add user to attention set. They receive an email since they are in the attention set. change(r).addReviewer(user.id().toString()); @@ -1464,17 +1460,34 @@ public class AttentionSetIT extends AbstractDaemonTest { public void attentionSetWithEmailFilterImpactingOnlyChangeEmails() throws Exception { // Add preference for the user such that they only receive an email on changes that require // their attention. - requestScopeOperations.setApiUser(user.id()); - GeneralPreferencesInfo prefs = gApi.accounts().self().getPreferences(); - prefs.emailStrategy = EmailStrategy.ATTENTION_SET_ONLY; - gApi.accounts().self().setPreferences(prefs); - requestScopeOperations.setApiUser(admin.id()); + setEmailStrategyForUser(EmailStrategy.ATTENTION_SET_ONLY); // Ensure emails that don't relate to changes are still sent. gApi.accounts().id(user.id().get()).generateHttpPassword(); assertThat(sender.getMessages()).isNotEmpty(); } + @Test + public void outsideAttentionSet_watchProjectEmailReceived() throws Exception { + setEmailStrategyForUser(EmailStrategy.ATTENTION_SET_ONLY); + + requestScopeOperations.setApiUser(user.id()); + watch(project.get()); + + createChange(); + + assertThat(sender.getMessages()).isNotEmpty(); + sender.clear(); + } + + private void setEmailStrategyForUser(EmailStrategy es) throws Exception { + requestScopeOperations.setApiUser(user.id()); + GeneralPreferencesInfo prefs = gApi.accounts().self().getPreferences(); + prefs.emailStrategy = es; + gApi.accounts().self().setPreferences(prefs); + requestScopeOperations.setApiUser(admin.id()); + } + private List getAttentionSetUpdatesForUser( PushOneCommit.Result r, TestAccount account) { return getAttentionSetUpdates(r.getChange().getId()).stream() -- cgit v1.2.3 From 00fe2a4019864cd27c6cf2946b982f45313651e0 Mon Sep 17 00:00:00 2001 From: Edwin Kempin Date: Wed, 16 Mar 2022 10:58:48 +0100 Subject: Move SLF4J to nongoogle.bzl Gerrit core and all plugins used by Google migrated to Flogger so that Gerrit at Google no longer depends on SLF4J. Hence the SLF4J version doesn't need to match the SLF4J version that is used at Google. Signed-off-by: Edwin Kempin Change-Id: I40ff875a33aa628eef5f387e22768665188b434f Release-Notes: skip --- WORKSPACE | 26 -------------------------- lib/nongoogle_test.sh | 4 ++++ tools/nongoogle.bzl | 26 ++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 26 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 3b8b768d36..7eeb645437 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -228,32 +228,6 @@ maven_jar( sha1 = "28c59f58f5adcc307604602e2aa89e2aca14c554", ) -SLF4J_VERS = "1.7.33" - -maven_jar( - name = "log-api", - artifact = "org.slf4j:slf4j-api:" + SLF4J_VERS, - sha1 = "d375aa1b98d34d5ddf73a3f19eaad66e98975b12", -) - -maven_jar( - name = "log-ext", - artifact = "org.slf4j:slf4j-ext:" + SLF4J_VERS, - sha1 = "00da03640ae1ad57f964dcaa542fb5d804dce8a6", -) - -maven_jar( - name = "impl-log4j", - artifact = "org.slf4j:slf4j-reload4j:" + SLF4J_VERS, - sha1 = "ddc89144bfb56781936120b2334a70869b68db6d", -) - -maven_jar( - name = "jcl-over-slf4j", - artifact = "org.slf4j:jcl-over-slf4j:" + SLF4J_VERS, - sha1 = "28c441128bc81b6d95cc2857ae5bb46ae5bf658b", -) - maven_jar( name = "json-smart", artifact = "net.minidev:json-smart:1.1.1", diff --git a/lib/nongoogle_test.sh b/lib/nongoogle_test.sh index dc980c23d8..13e81f749d 100755 --- a/lib/nongoogle_test.sh +++ b/lib/nongoogle_test.sh @@ -27,11 +27,15 @@ guice-library-no-aop guice-servlet httpasyncclient httpcore-nio +impl-log4j j2objc jackson-annotations jackson-core +jcl-over-slf4j jna jruby +log-api +log-ext log4j mina-core nekohtml diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl index 5ae1f4cec0..c68536e177 100644 --- a/tools/nongoogle.bzl +++ b/tools/nongoogle.bzl @@ -15,6 +15,32 @@ def declare_nongoogle_deps(): sha1 = "7075022a11e18c1ad230de5be074e0c691fed17b", ) + SLF4J_VERS = "1.7.33" + + maven_jar( + name = "log-api", + artifact = "org.slf4j:slf4j-api:" + SLF4J_VERS, + sha1 = "d375aa1b98d34d5ddf73a3f19eaad66e98975b12", + ) + + maven_jar( + name = "log-ext", + artifact = "org.slf4j:slf4j-ext:" + SLF4J_VERS, + sha1 = "00da03640ae1ad57f964dcaa542fb5d804dce8a6", + ) + + maven_jar( + name = "impl-log4j", + artifact = "org.slf4j:slf4j-reload4j:" + SLF4J_VERS, + sha1 = "ddc89144bfb56781936120b2334a70869b68db6d", + ) + + maven_jar( + name = "jcl-over-slf4j", + artifact = "org.slf4j:jcl-over-slf4j:" + SLF4J_VERS, + sha1 = "28c441128bc81b6d95cc2857ae5bb46ae5bf658b", + ) + maven_jar( name = "j2objc", artifact = "com.google.j2objc:j2objc-annotations:1.1", -- cgit v1.2.3 From 0cc4c7515281d71074b65def36c461a712b25d19 Mon Sep 17 00:00:00 2001 From: Matthias Sohn Date: Tue, 15 Mar 2022 10:18:40 +0100 Subject: Update reload4j to 1.2.19 and slf4j to 1.7.36 reload4j 1.2.19 fixes - CVE-2022-23305 - CVE-2020-9488 slf4j 1.7.36 updates its reload4j integration to reload4j 1.2.19 Release-Notes: Update reload4j to 1.2.19 and slf4j to 1.7.36 Change-Id: I6b00f94b644cacc777d7b92f85e26bec44b9e40d --- tools/nongoogle.bzl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl index c68536e177..3c4044bf76 100644 --- a/tools/nongoogle.bzl +++ b/tools/nongoogle.bzl @@ -11,34 +11,34 @@ def declare_nongoogle_deps(): maven_jar( name = "log4j", - artifact = "ch.qos.reload4j:reload4j:1.2.18.1", - sha1 = "7075022a11e18c1ad230de5be074e0c691fed17b", + artifact = "ch.qos.reload4j:reload4j:1.2.19", + sha1 = "4eae9978468c5e885a6fb44df7e2bbc07a20e6ce", ) - SLF4J_VERS = "1.7.33" + SLF4J_VERS = "1.7.36" maven_jar( name = "log-api", artifact = "org.slf4j:slf4j-api:" + SLF4J_VERS, - sha1 = "d375aa1b98d34d5ddf73a3f19eaad66e98975b12", + sha1 = "6c62681a2f655b49963a5983b8b0950a6120ae14", ) maven_jar( name = "log-ext", artifact = "org.slf4j:slf4j-ext:" + SLF4J_VERS, - sha1 = "00da03640ae1ad57f964dcaa542fb5d804dce8a6", + sha1 = "99f282aea4b6dbca04d00f0ade6e5ed61ee7091a", ) maven_jar( name = "impl-log4j", artifact = "org.slf4j:slf4j-reload4j:" + SLF4J_VERS, - sha1 = "ddc89144bfb56781936120b2334a70869b68db6d", + sha1 = "db708f7d959dee1857ac524636e85ecf2e1781c1", ) maven_jar( name = "jcl-over-slf4j", artifact = "org.slf4j:jcl-over-slf4j:" + SLF4J_VERS, - sha1 = "28c441128bc81b6d95cc2857ae5bb46ae5bf658b", + sha1 = "d877e195a05aca4a2f1ad2ff14bfec1393af4b5e", ) maven_jar( -- cgit v1.2.3 From 49129230a142a876689a0a98c8a78dfba03d18c1 Mon Sep 17 00:00:00 2001 From: Wendy Wang Date: Fri, 11 Mar 2022 12:45:06 +0100 Subject: Show HTTP(S) message in Missing Change ID Error message The assumption that the existence of the SSH host key means that all users use SSH protocol is incorrect, since some might use HTTP protocol. Since a CommitValidationListener doesn't know which protocol was used, provide both SSH and HTTP variant of the command to install the commit message hook. Release-Notes: skip Change-Id: I10ae721315de8afb964e720033e2d6498bce3e55 --- .../server/git/validators/CommitValidators.java | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/java/com/google/gerrit/server/git/validators/CommitValidators.java b/java/com/google/gerrit/server/git/validators/CommitValidators.java index c67df8be90..f84b696d04 100644 --- a/java/com/google/gerrit/server/git/validators/CommitValidators.java +++ b/java/com/google/gerrit/server/git/validators/CommitValidators.java @@ -266,6 +266,12 @@ public class CommitValidators { "multiple Change-Id lines in message footer"; private static final String INVALID_CHANGE_ID_MSG = "invalid Change-Id line format in message footer"; + private static final String HTTP_INSTALL_HOOK = + "f=\"$(git rev-parse --git-dir)/hooks/commit-msg\"; curl -o \"$f\"" + + " %stools/hooks/commit-msg ; chmod +x \"$f\""; + private static final String SSH_INSTALL_HOOK = + "gitdir=$(git rev-parse --git-dir); scp -p -P %d %s@%s:hooks/commit-msg ${gitdir}/hooks/"; + private static final String CHANGE_ID_MISSING_INSTALL_HOOKS = " %s\nor, for http(s):\n %s"; @VisibleForTesting public static final String CHANGE_ID_MISMATCH_MSG = @@ -372,14 +378,15 @@ public class CommitValidators { // If there are no SSH keys, the commit-msg hook must be installed via // HTTP(S) Optional webUrl = urlFormatter.getWebUrl(); + + String httpHook = String.format(HTTP_INSTALL_HOOK, webUrl.get()); + if (hostKeys.isEmpty()) { checkState(webUrl.isPresent()); - return String.format( - " f=\"$(git rev-parse --git-dir)/hooks/commit-msg\"; curl -o \"$f\" %stools/hooks/commit-msg ; chmod +x \"$f\"", - webUrl.get()); + return httpHook; } - // SSH keys exist, so the hook can be installed with scp. + // SSH keys exist, so the hook might be able to be installed with scp. String sshHost; int sshPort; String host = hostKeys.get(0).getHost(); @@ -397,9 +404,10 @@ public class CommitValidators { sshPort = 22; } - return String.format( - " gitdir=$(git rev-parse --git-dir); scp -p -P %d %s@%s:hooks/commit-msg ${gitdir}/hooks/", - sshPort, user.getUserName().orElse(""), sshHost); + String sshHook = + String.format( + SSH_INSTALL_HOOK, sshPort, user.getUserName().orElse(""), sshHost); + return String.format(CHANGE_ID_MISSING_INSTALL_HOOKS, sshHook, httpHook); } } -- cgit v1.2.3