From 5f7d5a7dc4cddbe3b04bb91746fd9661a35a48fe Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@sonymobile.com>
Date: Mon, 9 Dec 2013 14:01:43 +0900
Subject: [PATCH 1/4] Update EncryptedContactStore to not use
 deprecated/removed methods

The PGPEncryptedDataGenerator constructor and addMethod calls used in
EncryptedContactStore were deprecated in version 1.49 and removed in
version 1.51 of Bouncycastle.

Update the calls to use the recommended non-deprecated versions.

Change-Id: I134fd8c0b4538ae23a2c17dd0a632ddaff28aa3d
---
 .../gerrit/server/contact/EncryptedContactStore.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
index 8c1fdb6b79..f200879963 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
@@ -38,6 +38,8 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -167,12 +169,16 @@ class EncryptedContactStore implements ContactStore {
     }
   }
 
-  @SuppressWarnings("deprecation")
   private final PGPEncryptedDataGenerator cpk()
       throws NoSuchProviderException, PGPException {
+    final BcPGPDataEncryptorBuilder builder =
+        new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
+            .setSecureRandom(prng);
     PGPEncryptedDataGenerator cpk =
-        new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
-    cpk.addMethod(dest);
+        new PGPEncryptedDataGenerator(builder, true);
+    final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
+        new BcPublicKeyKeyEncryptionMethodGenerator(dest);
+    cpk.addMethod(methodGenerator);
     return cpk;
   }
 

From 13452f46ec340e26b04851ef208d386494326970 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Sun, 26 Oct 2014 07:13:27 +0100
Subject: [PATCH 2/4] Bump Bouncycastle version to 1.51

This version fixed some bugs [1] and latest SSHD release that we need
has upgraded to this version as well: [2].

[1] https://www.bouncycastle.org/releasenotes.html
[2] https://issues.apache.org/jira/browse/SSHD-362

Change-Id: I84aee1e620091bcd49a1f0be47f4da011a8ff3ee
---
 .../resources/com/google/gerrit/pgm/libraries.config | 12 ++++++------
 lib/bouncycastle/BUCK                                |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
index b5e702f3d4..16bceeeb51 100644
--- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
+++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
@@ -15,16 +15,16 @@
 
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleProvider"]
-  name = Bouncy Castle Crypto Provider v149
-  url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
-  sha1 = f5155f04330459104b79923274db5060c1057b99
+  name = Bouncy Castle Crypto Provider v151
+  url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
+  sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
   remove = bcprov-.*[.]jar
 
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleSSL"]
-  name = Bouncy Castle Crypto SSL v149
-  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
-  sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
+  name = Bouncy Castle Crypto SSL v151
+  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
+  sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
   needs = bouncyCastleProvider
   remove = bcpkix-.*[.]jar
 
diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK
index 99f960e81c..d1ec48de1b 100644
--- a/lib/bouncycastle/BUCK
+++ b/lib/bouncycastle/BUCK
@@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')
 
 # This version must match the version that also appears in
 # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
-VERSION = '1.49'
+VERSION = '1.51'
 
 maven_jar(
   name = 'bcprov',
   id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
-  sha1 = 'f5155f04330459104b79923274db5060c1057b99',
+  sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
 )
 
 maven_jar(
   name = 'bcpg',
   id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
-  sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
+  sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
   deps = [':bcprov'],
 )
@@ -22,7 +22,7 @@ maven_jar(
 maven_jar(
   name = 'bcpkix',
   id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
-  sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
+  sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
   deps = [':bcprov'],
 )

From 52e4e0c82c8ad6dc4a5852fa726987e55e9ea5b5 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Sun, 26 Oct 2014 07:27:48 +0100
Subject: [PATCH 3/4] Bump SSHD Mina version to 2.0.8

SSHD version 0.13.0 uses this Mina version.

Change-Id: I7e27dce435764a19aa27b58ea619d063f640a8fb
---
 lib/mina/BUCK | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/mina/BUCK b/lib/mina/BUCK
index fac2ba46d4..7e23f2779b 100644
--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@@ -18,8 +18,8 @@ maven_jar(
 
 maven_jar(
   name = 'core',
-  id = 'org.apache.mina:mina-core:2.0.7',
-  sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
+  id = 'org.apache.mina:mina-core:2.0.8',
+  sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
   license = 'Apache2.0',
   exclude = EXCLUDE,
 )

From 3d9c70c14ecf3be2d3ec7791f06a59208dd69095 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Fri, 17 Oct 2014 10:04:24 +0200
Subject: [PATCH 4/4] SSHD: Update to 0.13.0

Long standing exhausting thread pool SSHD bug was apparently fixed
upstream [1].

All Gerrit releases since 2.8.5 are known to suffer from this problem
with the consequence that Gerrit must be restarted overnight.

[1] https://issues.apache.org/jira/browse/SSHD-348

Change-Id: Ic52277050aa0cd19b19531ee997d312fd7273ebc
---
 lib/mina/BUCK | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/mina/BUCK b/lib/mina/BUCK
index 7e23f2779b..5c51d3a22c 100644
--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@@ -8,12 +8,11 @@ EXCLUDE = [
 
 maven_jar(
   name = 'sshd',
-  id = 'org.apache.sshd:sshd-core:0.11.1-atlassian-1',
-  sha1 = '0de20bfa03ddeedc8eb54ab6e85e90e776ea18f8',
+  id = 'org.apache.sshd:sshd-core:0.13.0',
+  sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
   license = 'Apache2.0',
   deps = [':core'],
   exclude = EXCLUDE,
-  repository = ATLASSIAN,
 )
 
 maven_jar(