| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Github 'checkout' action was updated from v1 to v3. But the behaviour
changed between the two which broke this workflow.
The old action would clone other repositories not into the workspace
but parallel to the workspace. The new version does every clone/checkout
relative to the workspace. That means that where previously the
gitblit-docker repository would be cloned in parallel to the workspace
which is gitblit/gitblit, it is now cloned into the gitblit/gitblit
directory path.
So remove all the references to `../gitblit-docker`. The files are in
the current directory now.
|
|\
| |
| | |
Fix crash in Gitblit Authority for deleted users
|
|/
|
|
|
|
|
|
|
|
|
|
| |
When a user had a certificate, i.e. an entry in the Gitblit Authority
database, but the user was deleted from the Gitblit database, then the
Authority application crashes upon loading. This patch prevents the
crash. The deleted user is no longer shown in the Authority. But the
database entry still is kept. This should be improved to show deleted
users and give the possibility to delete them from the Authority's
database.
This fixes #1359
|
|\
| |
| | |
Update Guice version to 5.1.0
|
|/
|
|
|
|
|
|
| |
Update Guice to 5.1.0. This version is compatible with Java 17.
The gitblit patch of the servlet extension was ported to Guice 5.1.0,
too.
The update of Guice requires an update of the Guava version, too.
Thus Guava is updated to 27.0.1-jar.
|
|\
| |
| | |
Fix null pointer exception in FileSettings
|
|/
|
|
|
| |
Fix a null pointer access in the `toString` method for a freshly created
`FileSettings`.
|
|\
| |
| | |
Update workflows due to deprecations in actions
|
| |
| |
| |
| |
| | |
The `set-output` command was deprecated. The new way to set an output
parameter for a step is to echo to the file stored in `$GITHUB_OUTPUT`
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Versions are updated for various actions that have a new version which
uses NodeJS 16.
One action has no updated version available yet:
`e1himself/goss-installation-action`
But an issue exists mentioning that it needs an update.
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
The workflow runs started issuing warnings because NodeJS 12 was
deprecated. Actions need to get updated to newer versions that use
NodeJS 16. This commit updates the `actions/checkout` and the
`actions/setup-java` actions to the latest version in the workflow that
builds on every push.
The new setup-java action requires the distribution to be specified,
since multiple JDK distributions are supported now. We chose Eclipse's
Temurin here which is the successor to AdoptOpenJDK, which we use for
development.
|
|
|
|
| |
Build pull requests, just like we build on every push.
|
|\
| |
| | |
Add new SSH host key types
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.
No DSA key is generated anymore, but we still support existing ones.
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
| |
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
|
|\
| |
| | |
Correct is/is not usage in pt.py to not be used with the value is a literal
|
| |
| |
| |
| | |
- new python 3 versions warn/errors about this usage
|
|\ \
| |/
|/| |
Update SSHD to version 1.7.0 and add support for EdDSA user keys
|
| | |
|
|/
|
|
|
|
|
|
|
| |
(cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master)
# Conflicts:
# .classpath
# build.moxie
# src/test/java/com/gitblit/tests/SshUnitTest.java
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of adding another setting and having to explain how the new one
and the existing `requireClientCertificates` setting are interdependent,
let's use the existing setting and add new values.
It is changed from a boolean to a string, with the values `required`,
`optional` and `disabled`. To keep backward compatibility with the old
values, the `true` value is mapped to `required` and the `false` value
is mapped to `optional`.
|
|/|
| |
| |
| | |
oddeirik-disable-client-certs
|
| | |
|
|\ \
| | |
| | |
| | | |
This pulls in the rebased branch from PR #1100.
|
| | |
| | |
| | |
| | |
| | |
| | | |
This also removes the additional Set. What changes is that the order of
the repositories is kept, but the resulting list will have user and team
permissions intertwined.
|
| | | |
|
|/ /
| |
| |
| | |
different permissions
|
|\ \
| | |
| | |
| | |
| | | |
The contribution branch was rebased to current master.
This should close #1065 as merged.
|
| | |
| | |
| | |
| | | |
These show more clearly what the code is supposed to do.
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| | |
Tabs are not always 4 spaces large. It completes the line to the 4th
character.
|
| |
| |
| | |
This closes #1418
|
| | |
|
| |
| |
| |
| |
| | |
For some reason the secret gate doesn't work and the main Gitblit
repo also attempts to deploy the nightly to Docker which must fail.
|
| | |
|
| |
| |
| |
| |
| |
| | |
It was still pointing to Google Code.
This closes #1408
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Merge fix branch from 1.9 mainenance line into
master branch.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `StoredUserConfig` only escaped the escape character, i.e. backslash.
But it does not escape control characters like tab or newline. This
introduces a vulnerability where an attacker can create new entries
in their user account and create new accounts.
In addition, other characters are also not properly handled. Field values
with a comment character need to be quoted. This only happens for the
`#` character and only when the value starts with it. Also the quote
is note escaped in values.
This change completely rewrites the `escape` method of `StoredUserConfig`.
It takes care of properly escaping characters that need escaping for the
git configuration file format.
This fixes #1410
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Te `StoredUserConfig` did not handle sections without a subsection.
When the subsection did not exist, i.e. was `null`, then the subsection
name would be set to the string "null". This is not how the config file
format works. It should create a `[SECTIONNAME]` entry instead.
This fix handles a `null` subsection correctly, by handling it as a
section without a subsection.
|
| | |
| | |
| | |
| | |
| | | |
Add unit tests for exploiting the email address or display name
in the config user service by using newlines in the values.
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | | |
This merges rebased and enhanced pull request #1219
|
| | | | |
|