Merge branch 'stable-2.14' into stable-2.15

* stable-2.14: Consume JGit artifacts from Maven Central Consume JGit artifacts from Maven Central Update git submodules Add release notes for Gerrit v2.10.8 Add release notes for Gerrit v2.9.5 Set version to 2.13.12 Set version to 2.12.9 Set version to 2.11.12 Set version to 2.10.8 Set version to 2.9.5 Change-Id: I925b58960c482bbc0e7e5f8a57182d787cbad4fe
2019-01-18 21:00:25 +09:00 · 2019-01-18 21:00:25 +09:00 · c32151c5ea
parent 851315476a 45739e3cea
commit c32151c5ea
4 changed files with 110 additions and 2 deletions
--- a/ReleaseNotes/ReleaseNotes-2.10.8.txt
+++ b/ReleaseNotes/ReleaseNotes-2.10.8.txt
@ -0,0 +1,39 @@
+Release notes for Gerrit 2.10.8
+===============================
+
+There are no schema changes from link:ReleaseNotes-2.10.7.html[2.10.7].
+
+Download:
+link:https://gerrit-releases.storage.googleapis.com/gerrit-2.10.8.war[
+https://gerrit-releases.storage.googleapis.com/gerrit-2.10.8.war]
+
+Bug Fixes
+---------
+
+* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=10262[Issue 10262]: Fix validation of wants in git-upload-pack for protocol v0 stateless transports.
+
+See the following section for details.
+
+* Upgrade JGit to 4.5.5.201812240535-r.
+
+This upgrade includes several major versions since 4.0.0 used in Gerrit version 2.10.7.
+Important fixes are summarized below. Please refer to the corresponding JGit release notes for full details.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5[JGit 4.5.5]: link:https://bugs.chromium.org/p/gerrit/issues/detail?id=10262[Issue 10262]: Fix validation of wants in git-upload-pack for protocol v0 stateless transports.
+
+AdvertiseRefsHook was not called for git-upload-pack in protocol v0 stateless transports, meaning that wants were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4[JGit 4.5.4]: Fix LockFile semantics when running on NFS.
+
+Honor trustFolderStats also when reading packed-refs.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3[JGit 4.5.3]: Fix exception handling for opening bitmap index files.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2[JGit 4.5.2]: Fix pack marked as corrupted even if it isn’t.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.1[JGit 4.5.1]: Don’t remove Pack when FileNotFoundException is transient.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.1.0[JGit 4.1.0]: Handle stale NFS file handles on packed-refs file.
+
+Use java.io.File instead of NIO to check existence of loose objects in ObjectDirectory to speed up inserting of loose objects.
+Reduce memory consumption when creating bitmaps during writing pack files.
--- a/ReleaseNotes/ReleaseNotes-2.9.5.txt
+++ b/ReleaseNotes/ReleaseNotes-2.9.5.txt
@ -0,0 +1,67 @@
+Release notes for Gerrit 2.9.5
+==============================
+
+Download:
+link:https://gerrit-releases.storage.googleapis.com/gerrit-2.9.5.war[
+https://gerrit-releases.storage.googleapis.com/gerrit-2.9.5.war]
+
+Important Notes
+---------------
+
+*WARNING:* There are no schema changes from
+link:ReleaseNotes-2.9.4.html[2.9.4], but when upgrading from an existing site
+that was initialized with Gerrit version 2.6 to version 2.9.1 the primary key
+column order will be updated for some tables. It is therefore important to
+upgrade the site with the `init` program, rather than only copying the .war file
+over the existing one.
+
+It is recommended to run the `init` program in interactive mode. Warnings will
+be suppressed in batch mode.
+
+----
+  java -jar gerrit.war init -d site_path
+----
+
+Bug Fixes
+---------
+
+* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=10262[Issue 10262]: Fix validation of wants in git-upload-pack for protocol v0 stateless transports.
+
+See the following section for details.
+
+* Upgrade JGit to 4.5.5.201812240535-r.
+
+This upgrade includes several major versions since 3.4.2 used in Gerrit version 2.9.4. Important fixes are summarized below. Please refer to the corresponding JGit release notes for full details.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5[JGit 4.5.5]: link:https://bugs.chromium.org/p/gerrit/issues/detail?id=10262[Issue 10262]: Fix validation of wants in git-upload-pack for protocol v0 stateless transports.
+
+AdvertiseRefsHook was not called for git-upload-pack in protocol v0 stateless transports, meaning that wants were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4[JGit 4.5.4]: Fix LockFile semantics when running on NFS.
+
+Honor trustFolderStats also when reading packed-refs.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3[JGit 4.5.3]: Fix exception handling for opening bitmap index files.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2[JGit 4.5.2]: Fix pack marked as corrupted even if it isn’t.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.5.1[JGit 4.5.1]: Don’t remove Pack when FileNotFoundException is transient.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/4.1.0[JGit 4.1.0]: Handle stale NFS file handles on packed-refs file.
+
+Use java.io.File instead of NIO to check existence of loose objects in ObjectDirectory to speed up inserting of loose objects.
+Reduce memory consumption when creating bitmaps during writing pack files.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/3.7.1[JGit 3.7.1]: Fix massive performance problem in Gerrit caused by ObjectWalk.markUninteresting marking the root tree as uninteresting.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/3.7.0[JGit 3.7.0]: Provide more details in exceptions thrown when packfile is invalid.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/3.6.2[JGit 3.6.2]: link:[Issue 3094]: Don’t remove pack from pack list for problems which could be transient.
+
+Log reason for ignoring pack when IOException occurred.
+
+** link:https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3[JGit 3.5.3]: Fix for vulnerability CVE-2014-9390.
+
+* Fix resource exhaustion due to unclosed LDAP connection.
+
+When auth.type is set to LDAP (not LDAP_BIND), two LDAP connections are made, but one was not being closed. This eventually caused resource exhaustion and LDAP authentications failed.
--- a/ReleaseNotes/index.txt
+++ b/ReleaseNotes/index.txt
@ -31,6 +31,7 @@

 [[s2_10]]
 == Version 2.10.x
+* link:ReleaseNotes-2.10.8.html[2.10.8]
 * link:ReleaseNotes-2.10.7.html[2.10.7]
 * link:ReleaseNotes-2.10.6.html[2.10.6]
 * link:ReleaseNotes-2.10.5.html[2.10.5]
@ -43,6 +44,7 @@

 [[s2_9]]
 == Version 2.9.x
+* link:ReleaseNotes-2.9.5.html[2.9.5]
 * link:ReleaseNotes-2.9.4.html[2.9.4]
 * link:ReleaseNotes-2.9.3.html[2.9.3]
 * link:ReleaseNotes-2.9.2.html[2.9.2]
--- a/lib/jgit/jgit.bzl
+++ b/lib/jgit/jgit.bzl
@ -1,4 +1,4 @@
-load("//tools/bzl:maven_jar.bzl", "ECLIPSE", "maven_jar")
+load("//tools/bzl:maven_jar.bzl", "MAVEN_CENTRAL", "maven_jar")

 _JGIT_VERS = "4.9.8.201812241815-r"

@ -6,7 +6,7 @@ _DOC_VERS = _JGIT_VERS  # Set to _JGIT_VERS unless using a snapshot

 JGIT_DOC_URL = "http://download.eclipse.org/jgit/site/" + _DOC_VERS + "/apidocs"

-_JGIT_REPO = ECLIPSE  # Leave here even if set to MAVEN_CENTRAL.
+_JGIT_REPO = MAVEN_CENTRAL  # Leave here even if set to MAVEN_CENTRAL.

 # set this to use a local version.
 # "/home/<user>/projects/jgit"