Merge branch 'stable-2.9' into stable-2.10

* stable-2.9: Downgrade SSHD to 0.9.0-4-g5967cfd Change-Id: I8648d2abb6eb70638deedca6e394d00394bdb9f0
2014-12-05 14:05:17 +01:00
parent c7dedf989c bde8e9ac6f
commit c2cab4283c
6 changed files with 24 additions and 63 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2792,14 +2792,6 @@ namespace. To alias `replication start` to `gerrit replicate`:
 [[sshd]]
 === Section sshd

-[[sshd.backend]]sshd.backend::
-+
-Starting from version 0.9.0 Apache SSHD project added support for NIO2
-IoSession. To use the new NIO2 session the `backend` option must be set
-to `NIO2`.
-+
-By default, `MINA`.
-
 [[sshd.listenAddress]]sshd.listenAddress::
 +
 Specifies the local addresses the internal SSHD should listen
--- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
+++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
@@ -15,16 +15,16 @@

 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleProvider"]
-  name = Bouncy Castle Crypto Provider v151
-  url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
-  sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
+  name = Bouncy Castle Crypto Provider v149
+  url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
+  sha1 = f5155f04330459104b79923274db5060c1057b99
  remove = bcprov-.*[.]jar

 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleSSL"]
-  name = Bouncy Castle Crypto SSL v151
-  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
-  sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
+  name = Bouncy Castle Crypto SSL v149
+  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
+  sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
  needs = bouncyCastleProvider
  remove = bcpkix-.*[.]jar

--- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
@@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.PGPUtil;
-import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
-import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
-import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -114,7 +111,7 @@ class EncryptedContactStore implements ContactStore {
  private static PGPPublicKeyRingCollection readPubRing(final File pub) {
    try (InputStream fin = new FileInputStream(pub);
        InputStream in = PGPUtil.getDecoderStream(fin)) {
-        return new BcPGPPublicKeyRingCollection(in);
+        return new PGPPublicKeyRingCollection(in);
    } catch (IOException e) {
      throw new ProvisionException("Cannot read " + pub, e);
    } catch (PGPException e) {
@@ -170,16 +167,12 @@ class EncryptedContactStore implements ContactStore {
    }
  }

+  @SuppressWarnings("deprecation")
  private final PGPEncryptedDataGenerator cpk()
      throws NoSuchProviderException, PGPException {
-    final BcPGPDataEncryptorBuilder builder =
-        new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
-            .setSecureRandom(prng);
    PGPEncryptedDataGenerator cpk =
-        new PGPEncryptedDataGenerator(builder, true);
-    final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
-        new BcPublicKeyKeyEncryptionMethodGenerator(dest);
-    cpk.addMethod(methodGenerator);
+        new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
+    cpk.addMethod(dest);
    return cpk;
  }

--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter;
 import org.apache.sshd.common.KeyExchange;
 import org.apache.sshd.common.KeyPairProvider;
 import org.apache.sshd.common.NamedFactory;
-import org.apache.sshd.common.RequestHandler;
 import org.apache.sshd.common.Session;
 import org.apache.sshd.common.Signature;
 import org.apache.sshd.common.SshdSocketAddress;
@@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel;
 import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.future.SshFutureListener;
 import org.apache.sshd.common.io.IoAcceptor;
-import org.apache.sshd.common.io.IoServiceFactoryFactory;
+import org.apache.sshd.common.io.IoServiceFactory;
 import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactory;
 import org.apache.sshd.common.io.mina.MinaSession;
-import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.mac.HMACMD5;
 import org.apache.sshd.common.mac.HMACMD596;
 import org.apache.sshd.common.mac.HMACSHA1;
@@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom;
 import org.apache.sshd.common.random.JceRandom;
 import org.apache.sshd.common.random.SingletonRandomFactory;
 import org.apache.sshd.common.session.AbstractSession;
-import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.signature.SignatureDSA;
 import org.apache.sshd.common.signature.SignatureRSA;
 import org.apache.sshd.common.util.Buffer;
@@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSS;
 import org.apache.sshd.server.channel.ChannelSession;
-import org.apache.sshd.server.global.CancelTcpipForwardHandler;
-import org.apache.sshd.server.global.KeepAliveHandler;
-import org.apache.sshd.server.global.NoMoreSessionsHandler;
-import org.apache.sshd.server.global.TcpipForwardHandler;
 import org.apache.sshd.server.kex.DHG1;
 import org.apache.sshd.server.kex.DHG14;
 import org.apache.sshd.server.session.SessionFactory;
@@ -200,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
    final String kerberosPrincipal = cfg.getString(
        "sshd", null, "kerberosPrincipal");

-    SshSessionBackend backend = cfg.getEnum(
-        "sshd", null, "backend", SshSessionBackend.MINA);
-
-    System.setProperty(IoServiceFactoryFactory.class.getName(),
-        backend == SshSessionBackend.MINA
-            ? MinaServiceFactoryFactory.class.getName()
-            : Nio2ServiceFactoryFactory.class.getName());
+    System.setProperty(IoServiceFactory.class.getName(),
+        MinaServiceFactory.class.getName());

    if (SecurityUtils.isBouncyCastleRegistered()) {
      initProviderBouncyCastle();
@@ -263,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
        return new GerritServerSession(server, ioSession);
      }
    });
-    setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
-          new KeepAliveHandler(),
-          new NoMoreSessionsHandler(),
-          new TcpipForwardHandler(),
-          new CancelTcpipForwardHandler()
-        ));

    hostKeys = computeHostKeys();
  }
@@ -318,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
  public synchronized void stop() {
    if (acceptor != null) {
      try {
-        acceptor.close(true).await();
+        acceptor.dispose();
        log.info("Stopped Gerrit SSHD");
-      } catch (InterruptedException e) {
-        log.warn("Exception caught while closing", e);
      } finally {
        acceptor = null;
      }
@@ -607,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
          @Override
          public SshFile getFile(String file) {
            return null;
-          }
-
-          @Override
-          public FileSystemView getNormalizedView() {
-            return null;
          }};
      }
    });
--- a/lib/bouncycastle/BUCK
+++ b/lib/bouncycastle/BUCK
@@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')

 # This version must match the version that also appears in
 # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
-VERSION = '1.51'
+VERSION = '1.49'

 maven_jar(
  name = 'bcprov',
  id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
-  sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
+  sha1 = 'f5155f04330459104b79923274db5060c1057b99',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
 )

 maven_jar(
  name = 'bcpg',
  id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
-  sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
+  sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
  deps = [':bcprov'],
 )
@@ -22,7 +22,7 @@ maven_jar(
 maven_jar(
  name = 'bcpkix',
  id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
-  sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
+  sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
  deps = [':bcprov'],
 )
--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@@ -8,17 +8,18 @@ EXCLUDE = [

 maven_jar(
  name = 'sshd',
-  id = 'org.apache.sshd:sshd-core:0.13.0',
-  sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172',
+  id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
+  sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2',
  license = 'Apache2.0',
  deps = [':core'],
  exclude = EXCLUDE,
+  repository = GERRIT,
 )

 maven_jar(
  name = 'core',
-  id = 'org.apache.mina:mina-core:2.0.8',
-  sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
+  id = 'org.apache.mina:mina-core:2.0.7',
+  sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
  license = 'Apache2.0',
  exclude = EXCLUDE,
 )