Revert "Downgrade SSHD to 0.9.0-4-g5967cfd"

All versions of SSHD since release 0.10 were suffering from exhaustion of thread pool. Number of valuable features had to be reverted to downgrade the SSHD version to 0.9. This blocking bug [1] was fixed [2] and released in 0.14.0. Update to the new version of SSHD and revert the downgrade. This reverts commit bde8e9ac6f. [1] https://issues.apache.org/jira/browse/SSHD-348 [2] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commitdiff;h=964e76890cf56da4491199860d0ea8276fbd26a6 Change-Id: Ib5faf1df0cb6bde2e2cd554c9311cc5e55095b04
2015-03-04 22:36:10 +01:00
parent 329c323473
commit e2921b62f6
6 changed files with 59 additions and 22 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2863,6 +2863,14 @@ namespace. To alias `replication start` to `gerrit replicate`:
 [[sshd]]
 === Section sshd
 [[sshd.backend]]sshd.backend::
 +
 Starting from version 0.9.0 Apache SSHD project added support for NIO2
 IoSession. To use the new NIO2 session the `backend` option must be set
 to `NIO2`.
 +
 By default, `MINA`.
 [[sshd.listenAddress]]sshd.listenAddress::
 +
 Specifies the local addresses the internal SSHD should listen
--- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
+++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
@@ -15,16 +15,16 @@
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleProvider"]
-  name = Bouncy Castle Crypto Provider v149
+  name = Bouncy Castle Crypto Provider v151
-  url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
+  url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar
-  sha1 = f5155f04330459104b79923274db5060c1057b99
+  sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80
  remove = bcprov-.*[.]jar
 # Version should match lib/bouncycastle/BUCK
 [library "bouncyCastleSSL"]
-  name = Bouncy Castle Crypto SSL v149
+  name = Bouncy Castle Crypto SSL v151
-  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
+  url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar
-  sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
+  sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597
  needs = bouncyCastleProvider
  remove = bcpkix-.*[.]jar
--- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java
@@ -38,6 +38,9 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
 import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -167,12 +170,16 @@ class EncryptedContactStore implements ContactStore {
    }
  }
  @SuppressWarnings("deprecation")
  private final PGPEncryptedDataGenerator cpk()
      throws NoSuchProviderException, PGPException {
    final BcPGPDataEncryptorBuilder builder =
        new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5)
            .setSecureRandom(prng);
    PGPEncryptedDataGenerator cpk =
-        new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC");
+        new PGPEncryptedDataGenerator(builder, true);
-    cpk.addMethod(dest);
+    final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator =
        new BcPublicKeyKeyEncryptionMethodGenerator(dest);
    cpk.addMethod(methodGenerator);
    return cpk;
  }
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@@ -45,6 +45,7 @@ import org.apache.sshd.common.ForwardingFilter;
 import org.apache.sshd.common.KeyExchange;
 import org.apache.sshd.common.KeyPairProvider;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.RequestHandler;
 import org.apache.sshd.common.Session;
 import org.apache.sshd.common.Signature;
 import org.apache.sshd.common.SshdSocketAddress;
@@ -67,10 +68,11 @@ import org.apache.sshd.common.forward.TcpipServerChannel;
 import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.future.SshFutureListener;
 import org.apache.sshd.common.io.IoAcceptor;
-import org.apache.sshd.common.io.IoServiceFactory;
+import org.apache.sshd.common.io.IoServiceFactoryFactory;
 import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.common.io.mina.MinaServiceFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaSession;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.mac.HMACMD5;
 import org.apache.sshd.common.mac.HMACMD596;
 import org.apache.sshd.common.mac.HMACSHA1;
@@ -79,6 +81,7 @@ import org.apache.sshd.common.random.BouncyCastleRandom;
 import org.apache.sshd.common.random.JceRandom;
 import org.apache.sshd.common.random.SingletonRandomFactory;
 import org.apache.sshd.common.session.AbstractSession;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.signature.SignatureDSA;
 import org.apache.sshd.common.signature.SignatureRSA;
 import org.apache.sshd.common.util.Buffer;
@@ -91,6 +94,10 @@ import org.apache.sshd.server.auth.UserAuthPublicKey;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSS;
 import org.apache.sshd.server.channel.ChannelSession;
 import org.apache.sshd.server.global.CancelTcpipForwardHandler;
 import org.apache.sshd.server.global.KeepAliveHandler;
 import org.apache.sshd.server.global.NoMoreSessionsHandler;
 import org.apache.sshd.server.global.TcpipForwardHandler;
 import org.apache.sshd.server.kex.DHG1;
 import org.apache.sshd.server.kex.DHG14;
 import org.apache.sshd.server.session.SessionFactory;
@@ -193,8 +200,13 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
    final String kerberosPrincipal = cfg.getString(
        "sshd", null, "kerberosPrincipal");
-    System.setProperty(IoServiceFactory.class.getName(),
+    SshSessionBackend backend = cfg.getEnum(
-        MinaServiceFactory.class.getName());
+        "sshd", null, "backend", SshSessionBackend.MINA);
    System.setProperty(IoServiceFactoryFactory.class.getName(),
        backend == SshSessionBackend.MINA
            ? MinaServiceFactoryFactory.class.getName()
            : Nio2ServiceFactoryFactory.class.getName());
    if (SecurityUtils.isBouncyCastleRegistered()) {
      initProviderBouncyCastle();
@@ -251,6 +263,12 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
        return new GerritServerSession(server, ioSession);
      }
    });
    setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
          new KeepAliveHandler(),
          new NoMoreSessionsHandler(),
          new TcpipForwardHandler(),
          new CancelTcpipForwardHandler()
        ));
    hostKeys = computeHostKeys();
  }
@@ -587,6 +605,11 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
          @Override
          public SshFile getFile(String file) {
            return null;
          }
          @Override
          public FileSystemView getNormalizedView() {
            return this;
          }};
      }
    });
--- a/lib/bouncycastle/BUCK
+++ b/lib/bouncycastle/BUCK
@@ -2,19 +2,19 @@ include_defs('//lib/maven.defs')
 # This version must match the version that also appears in
 # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config
-VERSION = '1.49'
+VERSION = '1.51'
 maven_jar(
  name = 'bcprov',
  id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION,
-  sha1 = 'f5155f04330459104b79923274db5060c1057b99',
+  sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
 )
 maven_jar(
  name = 'bcpg',
  id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION,
-  sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c',
+  sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
  deps = [':bcprov'],
 )
@@ -22,7 +22,7 @@ maven_jar(
 maven_jar(
  name = 'bcpkix',
  id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
-  sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
+  sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597',
  license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
  deps = [':bcprov'],
 )
--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@@ -8,18 +8,17 @@ EXCLUDE = [
 maven_jar(
  name = 'sshd',
-  id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd',
+  id = 'org.apache.sshd:sshd-core:0.14.0',
-  sha1 = '449ec11c4417b295dbf1661585a50c6ec7d9a452',
+  sha1 = 'cb12fa1b1b07fb5ce3aa4f99b189743897bd4fca',
  license = 'Apache2.0',
  deps = [':core'],
  exclude = EXCLUDE,
  repository = GERRIT,
 )
 maven_jar(
  name = 'core',
-  id = 'org.apache.mina:mina-core:2.0.7',
+  id = 'org.apache.mina:mina-core:2.0.8',
-  sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec',
+  sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883',
  license = 'Apache2.0',
  exclude = EXCLUDE,
 )