Merge branch 'stable-2.10'

* stable-2.10:
  Remove now unused project parameter
  Detecting Trivial Rebases fails unnecessarily early
  Show link on hover for headings and anchors in documentation
  Release notes for Gerrit 2.9.3
  Set version to 2.9.3
  Don't duplicate commandName in SSH log
  Update sha1 for sshd-core 0.9.0-4-g5967cfd
  Set version to 2.10-SNAPSHOT
  Update version to 2.10-rc1
  Revert "SSHD: Prevent double authentication for the same public key"
  Disable Git over http when Gerrit is not configured to support http
  Update 2.10 release notes
  Downgrade SSHD to 0.9.0-4-g5967cfd

Conflicts:
	gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
	gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java

Change-Id: If8f7ec295a17a38789959743d094407b8e46a60d

Documentation/config-gerrit.txt

@@ -2980,14 +2980,6 @@ namespace. To alias `replication start` to `gerrit replicate`:
 [[sshd]]
 === Section sshd
 
-[[sshd.backend]]sshd.backend::
-+
-Starting from version 0.9.0 Apache SSHD project added support for NIO2
-IoSession. To use the new NIO2 session the `backend` option must be set
-to `NIO2`.
-+
-By default, `MINA`.
-
 [[sshd.listenAddress]]sshd.listenAddress::
 +
 Specifies the local addresses the internal SSHD should listen

ReleaseNotes/ReleaseNotes-2.10.txt

@@ -79,20 +79,17 @@ Change Screen
 ^^^^^^^^^^^^^
 
 
-* Do not linkify trailing dot or comma in messages.
-+
-As linkifying trailing dots and trailing commas does more harm than
-good, we only treat dots and commas as being part of urls, if they are
-neither followed by whitespace nor occur at the end of a string.
-
-* Improve message when removing a reviewer.
-
 * Display avatar for author, committer, and change owner.
 
 * Remove message box when editing topic of change.
 
 * link:https://code.google.com/p/gerrit/issues/detail?id=2573[Issue 2573]:
 Add option to quickly add current user as reviewer of a change.
++
+An 'Add Me' button is displayed next to the 'Add' button when searching for
+reviewers to add to a change. This allows users to quickly add themselves as a
+reviewer on the change without having to type their name in the search
+box.
 
 * Link project name to dashboard.
 
@@ -452,8 +449,22 @@ Re-arrange info at footer of Gerrit web UI pages.
 +
 Move the Gerrit info link so that there are no links close to the next page link.
 
-Changes
-^^^^^^^
+* Only create All-Projects ACL once.
++
+If `refs/meta/config` already existed it was overwritten with default configuration
+if a site administrator ran `java -war gerrit.war init -d /some/existing/site --batch`.
+
+
+Change Screen
+^^^^^^^^^^^^^
+
+* Do not linkify trailing dot or comma in messages.
++
+As linkifying trailing dots and trailing commas does more harm than
+good, we only treat dots and commas as being part of urls, if they are
+neither followed by whitespace nor occur at the end of a string.
+
+* Improve message when removing a reviewer.
 
 * link:http://code.google.com/p/gerrit/issues/detail?id=527[Issue 527]:
 Preserve line breaks in inline and review comments.
@@ -466,6 +477,17 @@ Preserve line breaks in inline and review comments.
 
 * List reviewers with dummy approvals on closed changes.
 
+* link:http://code.google.com/p/gerrit/issues/detail?id=2890[Issue 2890]:
+Enable scrollbars for "Edit Commit Message" TextArea.
+
+* Use current time instead of submitter time for cherry-picked commits.
++
+Cherry picking with the submitter time could cause massive clock skew
+in the Git commit graph if the server was shutdown before the submit could
+finish, and restarted hours later.
+
+* Fix exception when clicking on a binary file without being signed in.
+
 
 Side-By-Side Diff
 ^^^^^^^^^^^^^^^^^
@@ -519,6 +541,16 @@ General
 
 * Fix REST API responses for 3xx and 4xx classes.
 
+Changes
+^^^^^^^
+
+* Fix inconsistent behaviour in the
+link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.10/rest-api-changes.html#add-reviewer[
+add reviewer endpoint]
++
+When adding a single reviewer to a change, it was possible to use the endpoint
+to add a user who had no visibility to the change or whose account was invalid.
+
 
 Changes
 ^^^^^^^
@@ -566,6 +598,12 @@ SSHD-300].
 link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.10/cmd-show-caches.html[
 `show-caches`] command.
 
+* Include all command arguments in SSH log entry.
++
+The SSH log only included the first argument. This prevented the repository name
+from being logged when `git receive-pack` was executed instead of `git-receive-pack`.
+
+
 Daemon
 ~~~~~~
 

ReleaseNotes/ReleaseNotes-2.9.3.txt

@@ -0,0 +1,51 @@
+Release notes for Gerrit 2.9.3
+==============================
+
+Download:
+link:https://gerrit-releases.storage.googleapis.com/gerrit-2.9.3.war[
+https://gerrit-releases.storage.googleapis.com/gerrit-2.9.3.war]
+
+Important Notes
+---------------
+
+*WARNING:* There are no schema changes from
+link:ReleaseNotes-2.9.2.html[2.9.2], but when upgrading from an existing site
+that was initialized with Gerrit version 2.6 to version 2.9.1 the primary key
+column order will be updated for some tables. It is therefore important to
+upgrade the site with the `init` program, rather than only copying the .war file
+over the existing one.
+
+It is recommended to run the `init` program in interactive mode. Warnings will
+be suppressed in batch mode.
+
+----
+  java -jar gerrit.war init -d site_path
+----
+
+Bug Fixes
+---------
+
+*Downgrade SSHD to 0.9.0-4-g5967cfd*
+
+In Gerrit version 2.9.2 SSHD was upgraded to 0.13.0 which included a fix for
+link:https://issues.apache.org/jira/browse/SSHD-348[SSHD-348 (SSH thread pool
+exhaustion)].
+
+It turned out that SSHD 0.13.0 still suffers from this issue, which causes
+problems for users of the stream-events in Gerrit 2.9.2.
+
+SSHD 0.9.0 is known to be free from this particular issue, but we cannot
+downgrade to that version because it includes some other known issues:
+
+* link:https://issues.apache.org/jira/browse/SSHD-254[SSHD-254 ('authenticated
+with partial success' error)]
+* link:https://issues.apache.org/jira/browse/SSHD-330[SSHD-330 (sporadic
+handshake failures)].
+
+SSHD version 0.9.0-4-g5967cfd is based on 0.9.0 and includes fixes for SSHD-254
+and SSHD-330.
+
+Due to the downgrade of SSHD, the following libraries are also downgraded:
+
+* Bouncycastle from 1.51 to 1.49
+* Mina Core from 2.0.8 to 2.0.7

ReleaseNotes/index.txt

@@ -14,6 +14,7 @@ Version 2.10.x
 [[2_9]]
 Version 2.9.x
 -------------
+* link:ReleaseNotes-2.9.3.html[2.9.3]
 * link:ReleaseNotes-2.9.2.html[2.9.2]
 * link:ReleaseNotes-2.9.1.html[2.9.1]
 * link:ReleaseNotes-2.9.html[2.9]

gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java

@@ -14,7 +14,9 @@
 
 package com.google.gerrit.httpd;
 
+import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
 import com.google.gerrit.server.config.AuthConfig;
+import com.google.gerrit.server.config.DownloadConfig;
 import com.google.inject.Inject;
 import com.google.inject.servlet.ServletModule;
 
@@ -23,10 +25,13 @@ import javax.servlet.Filter;
 /** Configures Git access over HTTP with authentication. */
 public class GitOverHttpModule extends ServletModule {
   private final AuthConfig authConfig;
+  private final DownloadConfig downloadConfig;
 
   @Inject
-  GitOverHttpModule(AuthConfig authConfig) {
+  GitOverHttpModule(AuthConfig authConfig,
+      DownloadConfig downloadConfig) {
     this.authConfig = authConfig;
+    this.downloadConfig = downloadConfig;
   }
 
   @Override
@@ -40,10 +45,18 @@ public class GitOverHttpModule extends ServletModule {
       authFilter = ProjectDigestFilter.class;
     }
 
-    String git = GitOverHttpServlet.URL_REGEX;
-    filterRegex(git).through(authFilter);
-    serveRegex(git).with(GitOverHttpServlet.class);
+    if (isHttpEnabled()) {
+      String git = GitOverHttpServlet.URL_REGEX;
+      filterRegex(git).through(authFilter);
+      serveRegex(git).with(GitOverHttpServlet.class);
+    }
 
     filter("/a/*").through(authFilter);
   }
+
+  private boolean isHttpEnabled(){
+    return downloadConfig.getDownloadSchemes().contains(DownloadScheme.DEFAULT_DOWNLOADS)
+        || downloadConfig.getDownloadSchemes().contains(DownloadScheme.ANON_HTTP)
+        || downloadConfig.getDownloadSchemes().contains(DownloadScheme.HTTP);
+  }
 }

gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config

@@ -15,16 +15,16 @@
 
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleProvider"]
-  name = Bouncy Castle Crypto Provider v151
-  url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
-  sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
+  name = Bouncy Castle Crypto Provider v149
+  url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
+  sha1 = f5155f04330459104b79923274db5060c1057b99
   remove = bcprov-.*[.]jar
 
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleSSL"]
-  name = Bouncy Castle Crypto SSL v151
-  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
-  sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
+  name = Bouncy Castle Crypto SSL v149
+  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
+  sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
   needs = bouncyCastleProvider
   remove = bcpkix-.*[.]jar
 

gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java

@@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.PGPUtil;
-import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
-import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
-import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -52,6 +49,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URL;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 import java.sql.Timestamp;
 import java.text.SimpleDateFormat;
@@ -96,7 +94,7 @@ class EncryptedContactStore implements ContactStore {
     //
     try {
       encrypt("test", new Date(0), "test".getBytes("UTF-8"));
-    } catch (PGPException | IOException e) {
+    } catch (NoSuchProviderException | PGPException | IOException e) {
       throw new ProvisionException("PGP encryption not available", e);
     }
   }
@@ -109,10 +107,8 @@ class EncryptedContactStore implements ContactStore {
   private static PGPPublicKeyRingCollection readPubRing(final File pub) {
     try (InputStream fin = new FileInputStream(pub);
         InputStream in = PGPUtil.getDecoderStream(fin)) {
-        return new BcPGPPublicKeyRingCollection(in);
-    } catch (IOException e) {
-      throw new ProvisionException("Cannot read " + pub, e);
-    } catch (PGPException e) {
+        return new PGPPublicKeyRingCollection(in);
+    } catch (IOException | PGPException e) {
       throw new ProvisionException("Cannot read " + pub, e);
     }
   }
@@ -154,26 +150,23 @@ class EncryptedContactStore implements ContactStore {
       u.put("account_id", String.valueOf(account.getId().get()));
       u.put("data", encStr);
       connFactory.open(storeUrl).store(u.toString().getBytes("UTF-8"));
-    } catch (IOException | PGPException e) {
+    } catch (IOException | PGPException | NoSuchProviderException e) {
       log.error("Cannot store encrypted contact information", e);
       throw new ContactInformationStoreException(e);
     }
   }
 
-  private final PGPEncryptedDataGenerator cpk() {
-    final BcPGPDataEncryptorBuilder builder =
-        new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
-            .setSecureRandom(prng);
+  @SuppressWarnings("deprecation")
+  private final PGPEncryptedDataGenerator cpk()
+      throws NoSuchProviderException, PGPException {
     PGPEncryptedDataGenerator cpk =
-        new PGPEncryptedDataGenerator(builder, true);
-    final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
-        new BcPublicKeyKeyEncryptionMethodGenerator(dest);
-    cpk.addMethod(methodGenerator);
+        new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
+    cpk.addMethod(dest);
     return cpk;
   }
 
   private byte[] encrypt(final String name, final Date date,
-      final byte[] rawText) throws PGPException,
+      final byte[] rawText) throws NoSuchProviderException, PGPException,
       IOException {
     final byte[] zText = compress(name, date, rawText);
 

gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java

@@ -1,72 +0,0 @@
-// Copyright (C) 2014 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package com.google.gerrit.sshd;
-
-import com.google.inject.Inject;
-import com.google.inject.Singleton;
-
-import org.apache.sshd.common.Session;
-import org.apache.sshd.common.SessionListener;
-import org.apache.sshd.server.PublickeyAuthenticator;
-import org.apache.sshd.server.session.ServerSession;
-
-import java.security.PublicKey;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-@Singleton
-public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator,
-    SessionListener {
-
-  private final PublickeyAuthenticator authenticator;
-  private final Map<ServerSession, Map<PublicKey, Boolean>> sessionCache;
-
-  @Inject
-  public CachingPublicKeyAuthenticator(DatabasePubKeyAuth authenticator) {
-    this.authenticator = authenticator;
-    this.sessionCache = new ConcurrentHashMap<>();
-  }
-
-  @Override
-  public boolean authenticate(String username, PublicKey key,
-      ServerSession session) {
-    Map<PublicKey, Boolean> m = sessionCache.get(session);
-    if (m == null) {
-      m = new HashMap<>();
-      sessionCache.put(session, m);
-      session.addListener(this);
-    }
-    if (m.containsKey(key)) {
-      return m.get(key);
-    }
-    boolean r = authenticator.authenticate(username, key, session);
-    m.put(key, r);
-    return r;
-  }
-
-  @Override
-  public void sessionCreated(Session session) {
-  }
-
-  @Override
-  public void sessionEvent(Session sesssion, Event event) {
-  }
-
-  @Override
-  public void sessionClosed(Session session) {
-    sessionCache.remove(session);
-  }
-}

gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java

@@ -14,13 +14,13 @@
 
 package com.google.gerrit.sshd;
 
-import com.google.common.base.Preconditions;
 import com.google.gerrit.reviewdb.client.AccountSshKey;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.PeerDaemonUser;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.config.SitePaths;
 import com.google.inject.Inject;
+import com.google.inject.Singleton;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.sshd.common.KeyPairProvider;
@@ -48,6 +48,7 @@ import java.util.Set;
 /**
  * Authenticates by public key through {@link AccountSshKey} entities.
  */
+@Singleton
 class DatabasePubKeyAuth implements PublickeyAuthenticator {
   private static final Logger log =
       LoggerFactory.getLogger(DatabasePubKeyAuth.class);
@@ -92,10 +93,10 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
   }
 
   @Override
-  public boolean authenticate(String username, PublicKey suppliedKey,
-      ServerSession session) {
-    SshSession sd = session.getAttribute(SshSession.KEY);
-    Preconditions.checkState(sd.getCurrentUser() == null);
+  public boolean authenticate(String username,
+      final PublicKey suppliedKey, final ServerSession session) {
+    final SshSession sd = session.getAttribute(SshSession.KEY);
+
     if (PeerDaemonUser.USER_NAME.equals(username)) {
       if (myHostKeys.contains(suppliedKey)
           || getPeerKeys().contains(suppliedKey)) {
@@ -112,10 +113,10 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
       username = username.toLowerCase(Locale.US);
     }
 
-    Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username);
-    SshKeyCacheEntry key = find(keyList, suppliedKey);
+    final Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username);
+    final SshKeyCacheEntry key = find(keyList, suppliedKey);
     if (key == null) {
-      String err;
+      final String err;
       if (keyList == SshKeyCacheImpl.NO_SUCH_USER) {
         err = "user-not-found";
       } else if (keyList == SshKeyCacheImpl.NO_KEYS) {
@@ -133,7 +134,7 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
     // security check to ensure there aren't two users sharing the same
     // user name on the server.
     //
-    for (SshKeyCacheEntry otherKey : keyList) {
+    for (final SshKeyCacheEntry otherKey : keyList) {
       if (!key.getAccount().equals(otherKey.getAccount())) {
         sd.authenticationError(username, "keys-cross-accounts");
         return false;

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java

@@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter;
 import org.apache.sshd.common.KeyExchange;
 import org.apache.sshd.common.KeyPairProvider;
 import org.apache.sshd.common.NamedFactory;
-import org.apache.sshd.common.RequestHandler;
 import org.apache.sshd.common.Session;
 import org.apache.sshd.common.Signature;
 import org.apache.sshd.common.SshdSocketAddress;
@@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel;
 import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.future.SshFutureListener;
 import org.apache.sshd.common.io.IoAcceptor;
-import org.apache.sshd.common.io.IoServiceFactoryFactory;
+import org.apache.sshd.common.io.IoServiceFactory;
 import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactory;
 import org.apache.sshd.common.io.mina.MinaSession;
-import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.mac.HMACMD5;
 import org.apache.sshd.common.mac.HMACMD596;
 import org.apache.sshd.common.mac.HMACSHA1;
@@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom;
 import org.apache.sshd.common.random.JceRandom;
 import org.apache.sshd.common.random.SingletonRandomFactory;
 import org.apache.sshd.common.session.AbstractSession;
-import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.signature.SignatureDSA;
 import org.apache.sshd.common.signature.SignatureRSA;
 import org.apache.sshd.common.util.Buffer;
@@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSS;
 import org.apache.sshd.server.channel.ChannelSession;
-import org.apache.sshd.server.global.CancelTcpipForwardHandler;
-import org.apache.sshd.server.global.KeepAliveHandler;
-import org.apache.sshd.server.global.NoMoreSessionsHandler;
-import org.apache.sshd.server.global.TcpipForwardHandler;
 import org.apache.sshd.server.kex.DHG1;
 import org.apache.sshd.server.kex.DHG14;
 import org.apache.sshd.server.session.SessionFactory;
@@ -141,7 +134,6 @@ import java.util.List;
  */
 @Singleton
 public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
-  @SuppressWarnings("hiding") // Don't use AbstractCloseable's logger.
   private static final Logger log = LoggerFactory.getLogger(SshDaemon.class);
 
   public static enum SshSessionBackend {
@@ -201,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
     final String kerberosPrincipal = cfg.getString(
         "sshd", null, "kerberosPrincipal");
 
-    SshSessionBackend backend = cfg.getEnum(
-        "sshd", null, "backend", SshSessionBackend.MINA);
-
-    System.setProperty(IoServiceFactoryFactory.class.getName(),
-        backend == SshSessionBackend.MINA
-            ? MinaServiceFactoryFactory.class.getName()
-            : Nio2ServiceFactoryFactory.class.getName());
+    System.setProperty(IoServiceFactory.class.getName(),
+        MinaServiceFactory.class.getName());
 
     if (SecurityUtils.isBouncyCastleRegistered()) {
       initProviderBouncyCastle();
@@ -264,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
         return new GerritServerSession(server, ioSession);
       }
     });
-    setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
-          new KeepAliveHandler(),
-          new NoMoreSessionsHandler(),
-          new TcpipForwardHandler(),
-          new CancelTcpipForwardHandler()
-        ));
 
     hostKeys = computeHostKeys();
   }
@@ -319,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
   public synchronized void stop() {
     if (daemonAcceptor != null) {
       try {
-        daemonAcceptor.close(true).await();
+        daemonAcceptor.dispose();
         log.info("Stopped Gerrit SSHD");
-      } catch (InterruptedException e) {
-        log.warn("Exception caught while closing", e);
       } finally {
         daemonAcceptor = null;
       }
@@ -608,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
           @Override
           public SshFile getFile(String file) {
             return null;
-          }
-
-          @Override
-          public FileSystemView getNormalizedView() {
-            return null;
           }};
       }
     });

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshLog.java

@@ -269,8 +269,9 @@ class SshLog implements LifecycleListener {
 
   private String extractWhat(DispatchCommand dcmd) {
     String commandName = dcmd.getCommandName();
-    for (String arg : dcmd.getArguments()) {
-      commandName = commandName + "." + arg;
+    String[] args = dcmd.getArguments();
+    for (int i = 1; i < args.length; i++) {
+      commandName = commandName + "." + args[i];
     }
     return commandName;
   }

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java

@@ -81,7 +81,7 @@ public class SshModule extends LifecycleModule {
     bind(QueueProvider.class).to(CommandExecutorQueueProvider.class).in(SINGLETON);
 
     bind(GSSAuthenticator.class).to(GerritGSSAuthenticator.class);
-    bind(PublickeyAuthenticator.class).to(CachingPublicKeyAuthenticator.class);
+    bind(PublickeyAuthenticator.class).to(DatabasePubKeyAuth.class);
 
     bind(ModuleGenerator.class).to(SshAutoRegisterModuleGenerator.class);
     bind(SshPluginStarterCallback.class);

lib/bouncycastle/BUCK

@@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')
 
 # This version must match the version that also appears in
 # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
-VERSION = '1.51'
+VERSION = '1.49'
 
 maven_jar(
   name = 'bcprov',
   id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
-  sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
+  sha1 = 'f5155f04330459104b79923274db5060c1057b99',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
 )
 
 maven_jar(
   name = 'bcpg',
   id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
-  sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
+  sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
   deps = [':bcprov'],
 )
@@ -22,7 +22,7 @@ maven_jar(
 maven_jar(
   name = 'bcpkix',
   id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
-  sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
+  sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
   license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
   deps = [':bcprov'],
 )

lib/mina/BUCK

@@ -8,17 +8,18 @@ EXCLUDE = [
 
 maven_jar(
   name = 'sshd',
-  id = 'org.apache.sshd:sshd-core:0.13.0',
-  sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
+  id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
+  sha1 = '449ec11c4417b295dbf1661585a50c6ec7d9a452',
   license = 'Apache2.0',
   deps = [':core'],
   exclude = EXCLUDE,
+  repository = GERRIT,
 )
 
 maven_jar(
   name = 'core',
-  id = 'org.apache.mina:mina-core:2.0.8',
-  sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
+  id = 'org.apache.mina:mina-core:2.0.7',
+  sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
   license = 'Apache2.0',
   exclude = EXCLUDE,
 )