| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I77a8c73cfd0a27b1242eddf32da513ce0148260e
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* stable-5.5:
Prepare 5.4.4-SNAPSHOT builds
JGit v5.4.3.201909031940-r
Prepare 5.3.6-SNAPSHOT builds
JGit v5.3.5.201909031855-r
Prepare 5.1.12-SNAPSHOT builds
JGit v5.1.11.201909031202-r
Prepare 4.11.10-SNAPSHOT builds
JGit v4.11.9.201909030838-r
Bazel: Update bazlets to the latest master revision
Bazel: Remove FileTreeIteratorWithTimeControl from BUILD file
BatchRefUpdate: repro racy atomic update, and fix it
Delete unused FileTreeIteratorWithTimeControl
Fix RacyGitTests#testRacyGitDetection
Change RacyGitTests to create a racy git situation in a stable way
Silence API warnings
sshd: fix proxy connections with the DefaultProxyDataFactory
sshd: support the HashKnownHosts configuration
sshd: configurable server key verification
sshd: allow setting a null ssh config
sshd: simplify OpenSshServerKeyVerifier
sshd: simplify ServerKeyLookup interface
Use https in update site URLs
Change-Id: Icd21a8fcccffd56bfedbd037e48028308db6d13b
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The java.net.ProxySelector is quite a bit different from the one
in Eclipse. Eclipse (and the OS) uses "socks" as URI scheme to
look up a SOCKS proxy. java.net.ProxySelector needs "socket" as
scheme (and internally maps that to "socks" if and when it asks
the OS about the proxies).
Moreover, java.net.ProxySelector may return unresolved addresses,
whereas the Eclipse proxy selector always returns resolved addresses.
Fix both by explicitly resolving unresolved proxy addresses and using
scheme "socket" in the DefaultProxyDataFactory.
Tested manually with the jgit command-line tool using ssh -vvv -D7020
localhost and 3proxy as SOCKS5 proxies on localhost (3proxy with
user/password authentication). Start jgit with _JAVA_OPTIONS set to
"-DsocksProxyHost=<host> -DsocksProxyPort=<port>
-Djava.net.useSystemProxies=false" to test manually.
Bug: 548965
Change-Id: Ib81ae8255ac2f9c48268f172e7d8ebb4a792b66d
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the constant, and implement hashing of known host names in
OpenSshServerKeyDatabase. Add a test verifying that the hashing
works.
Bug: 548492
Change-Id: Iabe82b666da627bd7f4d82519a366d166aa9ddd4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Provide a wrapper interface and change the implementation such that
a client can substitute its own database of known hosts keys instead
of the default file-based mechanism.
Bug: 547619
Change-Id: Ifc25a4519fa5bcf7bb8541b9f3e2de15215e3d66
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The same effect could already be obtained if the ~/.ssh/config file
did not exist. But that is more difficult to control by clients,
since JGit would pick up the config if it was then created. Therefore
allow specifying a null config explicitly to permanently switch off
config file handling.
Change-Id: Iedf8a7f4d5c1ca08e0a513ed28301d8e5261b22a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Reduce the dependency on the ClientSession in preparation to
remove it altogether. Remove the internal helper, re-implement
the needed bits. We have not implemented any configuration
possibility in JGit for creating hashed host names in known hosts
files, so we don't need the sshd code that theoretically would
enable this.
Change-Id: I295f5106b60e1cc3a9d085b0cb7ff747daae88be
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We're actually interested only in the known public keys, we don't need
the corresponding host entry from the config.
Change-Id: Ibde6dffe9e3f87bfbb7c70d1f733b2b0e28cad71
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: Ib498303c8787a5fbee89377eaed332a5a6b4f3b0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I0920767979d7927bc18f3e395963aeebae5ea540
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | | |
Change-Id: I9eceb7b1272b27b979144041c75eb09ab4eeca6b
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The proxy handler may be re-set from an unspecified I/O thread.
Declare the shared variable as volatile.
Change-Id: I4e7ce393ae2cdc7f1cd4edf40c137da6d6c50ad5
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
RFC 4253 section 4.2 allows an ssh server to send additional lines
before its server identification string. Apache MINA sshd enforces
for these lines the constraints specified for the server identification
line, too: no NUL characters and not longer than 255 characters. That
is too strict. RFC 4253 doesn't mandate this, and it also doesn't
make sense given the rationale for these lines in RFC 4253: a TCP
wrapper may not be aware of SSH restrictions, and may not adhere to
these constraints.
Be more lenient when parsing the server's protocol version. Allow
NULs and longer lines in the preamble, and also handle line endings
more leniently. Only enforce the restrictions for the actual server
identification line.
Bug: 545939
Change-Id: I75955e9d8a8daef7c04fc0f39539c2ee93514e1c
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The placeholders in manifest and plugin.properties did not match. To
avoid similar issues, all placeholders have been changed to
Bundle-Vendor and Bundle-Name now.
Bug:548503
Change-Id: Ibd4b9bc237b323e614506b97e5fbc99416365040
Signed-off-by: Michael Keppler <Michael.Keppler@gmx.de>
|
| |/ / /
| | |
| | |
| | |
| | | |
Change-Id: I177d637e552a79014816dc5d2ef5ccda506adb39
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I8620d03c1cd5c1d0ad04e7607553e9aa18def9bb
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Ie68828af68d07cf8e3fe778d39436f539f1c73d0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Iea17cba848d4e53d69d34e952a2476c375721aa4
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I9df6fccee253d4087f9afab4cb46e0a40b8a5699
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I8a7e687acfcf8c341abd726ae60b5ee173422215
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Convert anonymous inner classes to lambda expressions or member
references
Bug: 545856
CQ: 19537
Change-Id: I621431c178e8b99316314602f7c66c9a36f9ae98
Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add encrypted ed25519 keys in the tests; sshd 2.2.0 can finally
decrypt encrypted new-style OpenSSH key files. (Needs the "unlimited
strength" JCE, which is the default since Java 8u161. On older JREs,
users should install the policy files available from Oracle.)
The "expensive" key added has been generated with OpenSSH's
ssh-keygen -t ed25519 -a 256, i.e., with 256 bcrypt KDF rounds
instead of the default 16. On my machine it takes about 2sec to
decrypt.
Bug: 541703
Change-Id: Id3872ca2fd75d8f009cbc932eeb6357d3d1f267c
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update target platforms, maven and bazel builds to use sshd 2.2.0.
Adapt internal classes to changed sshd interfaces and remove previous
work-arounds for asking repeatedly for key passwords and for loading
keys lazily; both are now done by sshd.
CQ: 19034
CQ: 19035
Bug: 541425
Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-5.3:
Prepare 5.3.2-SNAPSHOT builds
JGit v5.3.1.201904271842-r
Prepare 5.2.3-SNAPSHOT builds
JGit v5.2.2.201904231744-r
Revert 4678f4b and provide another solution for bug 467631
Apache MINA sshd: make sendKexInit() work also for re-keying
Prepare 5.1.8-SNAPSHOT builds
JGit v5.1.7.201904200442-r
ObjectUploadListener: Add callback interface
Prepare 4.11.9-SNAPSHOT builds
JGit v4.11.8.201904181247-r
Prepare 4.9.11-SNAPSHOT builds
JGit v4.9.10.201904181027-r
Prepare 4.7.10-SNAPSHOT builds
JGit v4.7.9.201904161809-r
Prepare 4.5.8-SNAPSHOT builds
JGit v4.5.7.201904151645-r
Remember the cause for invalidating a packfile
Fix API problem filters
Fix pack files scan when filesnapshot isn't modified
Change-Id: I8a8671f7767444a77b809bd66a27d776c8332736
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Iedd56602acc89783387098c7f92ce0e5bad091e0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: If3c323acfd2b6933f7d4fbec480cd4e82224f701
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-5.2:
Prepare 5.2.3-SNAPSHOT builds
JGit v5.2.2.201904231744-r
Revert 4678f4b and provide another solution for bug 467631
Apache MINA sshd: make sendKexInit() work also for re-keying
Prepare 5.1.8-SNAPSHOT builds
JGit v5.1.7.201904200442-r
ObjectUploadListener: Add callback interface
Prepare 4.11.9-SNAPSHOT builds
JGit v4.11.8.201904181247-r
Prepare 4.9.11-SNAPSHOT builds
JGit v4.9.10.201904181027-r
Prepare 4.7.10-SNAPSHOT builds
JGit v4.7.9.201904161809-r
Prepare 4.5.8-SNAPSHOT builds
JGit v4.5.7.201904151645-r
Remember the cause for invalidating a packfile
Fix API problem filters
Fix pack files scan when filesnapshot isn't modified
Change-Id: Ie7e572ac7e346f21fe0c387d7448be168a9c127a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I6ae3db901d986467128326073d4ba70406ae8385
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I4ed2aff28bff702a8c1b42814acb04c7ef9025a7
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The message delaying for the initial SSH messages (client
identification followed by the initial key exchange request)
was broken. sendKexInit() is _also_ called when a new key exchange
is requested. We inadvertently also re-sent the client identification
at that point, which is wrong and makes the server terminate the
connection.
Re-keying occurs from time to time during an SSH connection depending
on time, the number of messages (packets/blocks) exchanged, or the
amount of data exchanged. The net result was that for large
repositories data-intensive operations failed on the first re-keying.
Change the initial message delay such that the two messages for the
client identification and the initial key exchange can be buffered
individually while the proxy protocol is still in progress. The
AbstractClientProxyConnector can now buffer several commands, which
should also resolve bug 544715.
Bug: 545920
Change-Id: If09ee963a439b39098a0f52a1510237b428df8dd
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I9487f6a59ed684ad13bcfbff7d6c730ae4f37030
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Idfefc54e898f364407a931b787a26db2489b031c
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I68d9f5b1c8ca8e8eada9143093dc4fa82519edd8
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I8528c913ad1a820ee9a2fa6be1c9125b518caefe
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I8dc5e47bd19809d684579610edf922abca3cb3cc
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I52256a6d07011030698299d9a97dd01ea825fb7f
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I9b934bcfad3d2091f4da163170348b0c8ef5e732
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I85866af97fe1c0c0a0da83a7605484082fa56b52
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Ie44950f7d2f2f94a0412efb6c274f6e1e31efcd6
Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I1a9112e6a4f938638c599b489cb0858eca27ab91
Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |/ /
| |
| |
| |
| | |
Change-Id: I90a4791f63d0eba23da744c720e869f1830b86e7
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provide a mechanism for a subclass to provide its own set
of default identities from anywhere as an Iterable<KeyPair>.
The default implementation is functionally unchanged and uses
the known default identity files in the ~/.ssh directory. A subclass
can override the getDefaultKeys() function and return whatever keys
are appropriate.
Bug: 543152
Change-Id: I500d63146bc67e20e051f617790eb87c7cb500b6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | |
| |
| |
| |
| | |
Change-Id: I143c242c0e3299323ae166a59947b1195539e6bf
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't use the ~/.ssh directory as cache key for the key provider
but the configured paths of the default keys. Otherwise changes
in that list of paths are not picked up.
This is in particular a problem for EGit, where the user can modify
this list of keys interactively in the preferences. Without this
change, Eclipse needs to be restarted to pick up such changes.
Bug: 542845
Change-Id: I63432fb10729a90b3c5e14f13e39bf482aef811b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| | |
| |
| |
| |
| | |
Change-Id: I0fdf595cba93f5a5cdd0496cee07ac91db304532
Signed-off-by: Mincong Huang <mincong.h@gmail.com>
|
| | |
| |
| |
| |
| | |
Change-Id: I6bed174c062a0785641dc8ad69151bf7e843cdcf
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In the original contribution of this bundle, japicmp was disabled
as no previous version to compare against existed. Enable it now.
Update the version to compare against to 5.2.0.201812061821-r.
Change-Id: I42f812befde2d0d98db5f87e05230b51af244ae6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |/
|
|
|
| |
Change-Id: I8951c2cf650cc3e41d2baa0b330b94468cfed5c2
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include the net.i2p.crypto.eddsa bundle via a hard dependency.
Add tests for dealing with ed25519 host keys and user key files.
Manual tests: fetching from git.eclipse.org with an ed25519 user key,
and pushing this change itself using the same ed25519 key.
Note that sshd 2.0.0 does not yet support encrypted ed25519 private
keys.
Bug: 541272
Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
| |
Change-Id: I18646aaeee51047b234b758dcc1c2f89fd01b2f8
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
