]>
WPIA git - gigi.git/log
Benny Baumann [Fri, 24 Mar 2017 10:10:30 +0000 (11:10 +0100)]
Merge "fix: avoid blanks after displayed names"
Lucas Werkmeister [Thu, 23 Mar 2017 20:12:28 +0000 (21:12 +0100)]
fix: typo in gigi.properties(5) manpage
Change-Id: I268b81b1ef1a69ab9be9b87c7180f4e8a33abcff
Felix Dörre [Wed, 22 Mar 2017 10:55:07 +0000 (11:55 +0100)]
fix: avoid blanks after displayed names
Change-Id: Id0dfe59eb37fd9253ddfda1064d0fc16139faaaa
Benny Baumann [Sun, 19 Mar 2017 23:19:20 +0000 (00:19 +0100)]
chg: Explicitly bail on invalid lines in imported lists
Change-Id: I71afe609e7f736d2e6b7a032a7e971b3b770395a
Lucas Werkmeister [Wed, 22 Mar 2017 21:42:43 +0000 (22:42 +0100)]
Merge "add: gigi.properties(5) manpage"
Lucas Werkmeister [Wed, 22 Mar 2017 21:38:50 +0000 (22:38 +0100)]
Merge changes Ie9951caa,I9a57ce72
* changes:
fix: Typo pointed out while reviewing change 492
chg: Make synchronization on the Database layer explicit
Lucas Werkmeister [Wed, 22 Mar 2017 21:37:48 +0000 (22:37 +0100)]
Merge "fix: Avoid leaking the SSL sockets"
Benny Baumann [Wed, 22 Mar 2017 21:05:36 +0000 (22:05 +0100)]
Merge "upd: don’t initialize name.suffix from name.www"
Benny Baumann [Sun, 19 Mar 2017 22:48:40 +0000 (23:48 +0100)]
fix: Typo pointed out while reviewing change 492
Change-Id: Ie9951caa590a00059901d5e09d3fc6efd6449a45
Benny Baumann [Sun, 19 Mar 2017 18:01:48 +0000 (19:01 +0100)]
fix: Avoid leaking the SSL sockets
Change-Id: I0e7b8bbbc868fd1abc7e3c6561ac3f21b46dcb2d
Benny Baumann [Sun, 19 Mar 2017 18:18:47 +0000 (19:18 +0100)]
chg: Make synchronization on the Database layer explicit
This avoids a synchronization issue when closing the connection - even though that code is single-threaded ATM.
Change-Id: I9a57ce72664ffce42239f6d1199195bfe72b216b
Felix Dörre [Wed, 22 Mar 2017 19:05:59 +0000 (20:05 +0100)]
Merge "add: natives/README.md"
Lucas Werkmeister [Wed, 22 Mar 2017 18:30:59 +0000 (19:30 +0100)]
upd: don’t initialize name.suffix from name.www
This feature was somewhat backward (normally, name.www defaults to
www.name.suffix), and would have broken on www subdomains not exactly
three letters wrong. Let’s remove it.
Change-Id: Iddf29a2c3fd1f5e92df7bba31d3c44131d74b84c
Benny Baumann [Sun, 19 Mar 2017 17:38:33 +0000 (18:38 +0100)]
fix: Close resources we no longer need
Change-Id: Ie07f3b8e98331f7c64b4fcd35a17af8d8ccf748e
Benny Baumann [Sun, 19 Mar 2017 17:31:45 +0000 (18:31 +0100)]
fix: Close resources we no longer need
Change-Id: Ife98cacc393010c60689525a358cab5823cb8cf7
Benny Baumann [Sun, 19 Mar 2017 17:25:21 +0000 (18:25 +0100)]
fix: Remove deprecated cryptography no longer needed for backward compat
Change-Id: I313eb549647a374f1740d6b0bea1b6e818dd68ed
Lucas Werkmeister [Tue, 21 Mar 2017 22:01:30 +0000 (23:01 +0100)]
add: gigi.properties(5) manpage
See man:man(7) for some formatting instructions and man:man-pages(7) for
conventions. (Also, don’t bother looking for semantic meaning in the
macros: they describe formatting, not content.)
Change-Id: Ia8be31c835f7bb002c3c0e27b411d461673f07c2
Lucas Werkmeister [Tue, 21 Mar 2017 09:40:42 +0000 (10:40 +0100)]
add: natives/README.md
Change-Id: Ifaaca33c53c18886e39ea847d151d902709dc29a
Benny Baumann [Sun, 19 Mar 2017 17:12:44 +0000 (18:12 +0100)]
add: Validation checks for the format of prefix/suffix provided
Change-Id: I33a1e248c976254aa486dc7306092c1938a1a0a2
Benny Baumann [Sun, 19 Mar 2017 22:56:33 +0000 (23:56 +0100)]
Merge changes I34e6379b,I515bdbb5
* changes:
udp: keep coverity happy by explicitly preventing null-returns
upd: keep coverity happy by explicitly throwing
Felix Dörre [Sun, 19 Mar 2017 16:30:59 +0000 (17:30 +0100)]
udp: keep coverity happy by explicitly preventing null-returns
Change-Id: I34e6379b1b4c3d9c6bfa5d69dcd127b1886a15b4
Felix Dörre [Sun, 19 Mar 2017 16:26:12 +0000 (17:26 +0100)]
upd: keep coverity happy by explicitly throwing
Change-Id: I515bdbb52f4aa792f506d1dbbda4a9632f20e136
Benny Baumann [Sun, 19 Mar 2017 17:10:48 +0000 (18:10 +0100)]
add: Check the primary email address to be valid before creating an User
Change-Id: Icdf298892b7b64d72c310bdb633c8e05113d6eda
Benny Baumann [Mon, 13 Mar 2017 19:18:13 +0000 (20:18 +0100)]
Merge "fix: add .mailmap to fix commit information"
Lucas Werkmeister [Mon, 13 Mar 2017 18:41:27 +0000 (19:41 +0100)]
upd: old domain in FetchLocales
Pointed out by Benny.
Change-Id: I915a4ffb74406b1ab15cc0066972b6f2683d8075
Lucas Werkmeister [Mon, 13 Mar 2017 09:23:01 +0000 (10:23 +0100)]
fix: add .mailmap to fix commit information
See man:git-check-mailmap(1) or man:git-shortlog(1) for the format;
generally, the order is: proper info, commit info.
The easiest way to check this change is to run `git shortlog -se` with
and without it.
Change-Id: I76c6e0d1e9fd69bd5a4afbc04373b9b34aa18846
Felix Dörre [Fri, 3 Mar 2017 15:53:47 +0000 (16:53 +0100)]
fix: several smaller fixups on the TestManager
Change-Id: I18f20dc2c9dd25eea3bfbb40c81db9b361e004a9
Felix Dörre [Fri, 3 Mar 2017 10:01:47 +0000 (11:01 +0100)]
add: Org Agents may not make themselves administrators of organisations.
Change-Id: If0a3747e0e3a67dbada58aca3299663282899db4
INOPIAE [Fri, 3 Mar 2017 14:35:18 +0000 (15:35 +0100)]
fix: small changes for better translation
Change-Id: I2c8232b40125c6c17adccf73bac341112251f2af
Benny Baumann [Wed, 1 Mar 2017 07:40:24 +0000 (08:40 +0100)]
Merge changes I23396e9a,I6e5f6bef,I29ea805e,Ia02c4f96
* changes:
fix: remove blank from translation string
upd: display "none" when there are no groups to be displayed
fix: quick development-restart
upd: replace old main page with dashboard
INOPIAE [Tue, 28 Feb 2017 06:34:33 +0000 (07:34 +0100)]
fix: remove blank from translation string
Change-Id: I23396e9a4cec00aa46ff5ec58ed14f7c86eafefc
Felix Dörre [Tue, 28 Feb 2017 09:43:04 +0000 (10:43 +0100)]
upd: display "none" when there are no groups to be displayed
Change-Id: I6e5f6bef4f23faa5acb6db66a3ea6f6b4bdc73a6
Lucas Werkmeister [Tue, 28 Feb 2017 09:34:17 +0000 (10:34 +0100)]
upd: remove references to ET
Change-Id: I5a693b58e443b4eb4a003f9e911c8ebf53c807bc
Felix Dörre [Mon, 27 Feb 2017 23:02:59 +0000 (00:02 +0100)]
fix: quick development-restart
Change-Id: I29ea805efbf4abb74564bea1b819b5a8b8e9f4de
INOPIAE [Wed, 22 Feb 2017 07:19:06 +0000 (08:19 +0100)]
upd: replace old main page with dashboard
fixes issue #121
Change-Id: Ia02c4f96b52471b8ea40210095eb2e9fece2a6d2
Felix Dörre [Mon, 27 Feb 2017 20:36:36 +0000 (21:36 +0100)]
upd: newer jenkins-config
it still uses a fixed version of nre, to have it
generate TLS-keys and certs for gigi.
Content-wise changes include:
- test coverage report
- junit archiving
- comply with the new build procedure
Change-Id: I792157b66499d82263376c73ead4b90f60bf9391
Felix Dörre [Mon, 27 Feb 2017 20:23:00 +0000 (21:23 +0100)]
upd: licence consistent and AGPLv3
Change-Id: I41cde9ce915a1500a1f4f92706ed196e9443bc2f
Felix Dörre [Mon, 27 Feb 2017 20:03:12 +0000 (21:03 +0100)]
fix: CAA records on non-existing domains
Change-Id: Iad8984a5249595272203dbdf85590359683f1267
Felix Dörre [Mon, 27 Feb 2017 19:56:33 +0000 (20:56 +0100)]
upd: make system-keywords configurable
Change-Id: I95ac359fac48fbe8685606d5a1bd2895bdb0a4fc
Benny Baumann [Mon, 27 Feb 2017 19:31:01 +0000 (20:31 +0100)]
Merge "upd: terminology in API"
Lucas Werkmeister [Sat, 25 Feb 2017 12:31:24 +0000 (13:31 +0100)]
upd: terminology in database
The userGroup enum is updated to remove all assurance terms, and also
remove the (unused) arbitrator role entirely.
Since PostgreSQL offers no way to rename or drop enum values, we create
a new enum, migrate the table to it and then drop the old enum.
Change-Id: I200c2b0463ded9d75b2e963d5a02bfc25326b357
Lucas Werkmeister [Mon, 27 Feb 2017 16:59:11 +0000 (17:59 +0100)]
upd: terminology in API
Change-Id: I6890eaf6fbbe3317a198ca5334afa92d8afa47e6
Lucas Werkmeister [Mon, 27 Feb 2017 19:16:07 +0000 (20:16 +0100)]
Merge "fix: Somewhat sensibly split the wishlist document"
Benny Baumann [Wed, 22 Feb 2017 20:44:38 +0000 (21:44 +0100)]
fix: Somewhat sensibly split the wishlist document
This is initial work for cleaning up this document to become the spec Gigi is based on
Change-Id: Ie73b567ad9df0de3bf89eeaebec5b229feb2cd4b
INOPIAE [Tue, 21 Feb 2017 21:27:28 +0000 (22:27 +0100)]
upd: added links to imprint and data privacy in footer line
fixes issue #120
Change-Id: I3d35c68ec3e4c714a492d3ad77382b5bf1919c3f
Lucas Werkmeister [Sat, 25 Feb 2017 12:38:03 +0000 (13:38 +0100)]
upd: stray old terminology
Looks like I missed this in
08c94162 .
Change-Id: I8a4f73dd71c17dcf3e64d9f706487d6ad2986849
INOPIAE [Tue, 21 Feb 2017 19:45:18 +0000 (20:45 +0100)]
upd: replace SomeCA by variable
fixes issue #105
Change-Id: I979c5cb7f5b998694fa13b56420e4504bfd4020f
Felix Dörre [Fri, 24 Feb 2017 20:22:59 +0000 (21:22 +0100)]
upd: make Menu names more flexible
Change-Id: Iaf7301a0d4547891a61e9f02d8cf34fb1a4bdbd1
INOPIAE [Tue, 21 Feb 2017 17:07:33 +0000 (18:07 +0100)]
upd: reword of rules.template and "Web of Trust"
Change-Id: I4c49316f99946e95915cc4ba27df16bdfea0b52d
INOPIAE [Tue, 21 Feb 2017 16:15:57 +0000 (17:15 +0100)]
upd: replace MainPageNotLogin text to meet new criteria
Change-Id: Icda90ca33f3896adbe4bbd9bd2830f45042aa222
Lucas Werkmeister [Wed, 22 Feb 2017 20:37:38 +0000 (21:37 +0100)]
upd: terminology in code
Renames Java types and members and form fields. Anything facing the
database is not touched by this change.
Also fixes a handful of typos.
Change-Id: Id19c3af4627b56ee90a85fe887bd5bcdb6c9f385
Benny Baumann [Tue, 21 Feb 2017 23:15:52 +0000 (00:15 +0100)]
fix: XSS via Test Server Management interface
Change-Id: Ie69eecb2f3a9a56c71ff979348cd1ae6e26c5c36
Benny Baumann [Tue, 21 Feb 2017 22:46:13 +0000 (23:46 +0100)]
fix: Typo in field to exempt domains from pinging
Change-Id: Ia7c77aa1750324170dac71c17a888016ecfdceb9
Benny Baumann [Tue, 21 Feb 2017 22:45:22 +0000 (23:45 +0100)]
chg: Reuse code in template merging/append
Change-Id: Ibcddd77c8915a9797431adf8ecd2bf94202c46b0
Felix Dörre [Tue, 21 Feb 2017 00:10:10 +0000 (01:10 +0100)]
fix: typo in challenge
Change-Id: I758d9d610b05a111381121e0bf46bd14febf5e4e
Felix Dörre [Tue, 21 Feb 2017 00:07:38 +0000 (01:07 +0100)]
upd: cleanup more references
Change-Id: I132ad32bfe54e6714128ffea9cf2619a09c85885
Felix Dörre [Mon, 20 Feb 2017 23:58:32 +0000 (00:58 +0100)]
upd: remove old policies
Change-Id: I68df9fa720bf654d04308a76fb9652405ecc7ace
Felix Dörre [Sun, 19 Feb 2017 13:22:28 +0000 (14:22 +0100)]
upd: keep host names scalable and configurable
Change-Id: Ib942444b0fb525d94011dcf20ac656665f23a2bd
Felix Dörre [Sat, 18 Feb 2017 00:39:57 +0000 (01:39 +0100)]
upd: document variables in SprintfCommand more clearly
Change-Id: I4227c3f38cf811c5efddf0e5ff31775df16fe861
Felix Dörre [Fri, 17 Feb 2017 20:14:44 +0000 (21:14 +0100)]
upd: use a link-redirector for all external links.
Change-Id: I4403040fb94e7b6779c14c64bc9398c8f81546b6
Felix Dörre [Wed, 15 Feb 2017 20:49:02 +0000 (21:49 +0100)]
upd: rename package name and all references to it
Change-Id: Ie1e938a864ad93732201643f42a83148dd2f137d
Felix Dörre [Wed, 8 Feb 2017 19:50:28 +0000 (20:50 +0100)]
fix: ResultSet.getDate is often wrong as it fetches day-precision times
Change-Id: Id9394b12663e78de96a3610590587d3f15096e15
INOPIAE [Wed, 8 Feb 2017 08:27:58 +0000 (09:27 +0100)]
Add a hint what the "Request reping" is used for on the email page
fixes issue #56
Change-Id: I518082eb4c95beed01b846690264d174757790dd
INOPIAE [Wed, 8 Feb 2017 15:18:54 +0000 (16:18 +0100)]
Highlight expired nucleus bonus verifications in points overview
fixes issue #123
Change-Id: I796e0e2f81897c35307fcdc64255127f058696a2
Benny Baumann [Wed, 8 Feb 2017 09:20:17 +0000 (10:20 +0100)]
Merge "Temporarily disable SystemCallFilter"
Felix Dörre [Wed, 8 Feb 2017 08:02:48 +0000 (09:02 +0100)]
fix: empty-variable "version" in development runs.
Change-Id: Ia0cdebab2e2b8f7733c59280086db8a72ab73941
Lucas Werkmeister [Tue, 7 Feb 2017 23:36:51 +0000 (00:36 +0100)]
Temporarily disable SystemCallFilter
systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.
Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b
Felix Dörre [Tue, 7 Feb 2017 09:17:38 +0000 (10:17 +0100)]
upd: enhance "CSRF-missing" test case exception for better debuging
Change-Id: I3dce9fb7da31987044b23dcf8310af44f64855fb
Felix Dörre [Mon, 6 Feb 2017 22:46:29 +0000 (23:46 +0100)]
upd: move external keywords to own class
Change-Id: Iad887cf134103ed6d26aa32d1358c23de0eeebae
Felix Dörre [Mon, 6 Feb 2017 22:45:13 +0000 (23:45 +0100)]
fix: display verify information only when verification token is known.
Change-Id: I12ea06f13fddc3ad931751e9751f7d87fefd6c60
Felix Dörre [Thu, 19 Jan 2017 11:30:34 +0000 (12:30 +0100)]
fix: make the pinger daemon keep cool when missing database connection
Change-Id: Ic207edc3ab008ac765787146e9752bcd0f867f9b
Lucas Werkmeister [Fri, 27 Jan 2017 11:35:10 +0000 (12:35 +0100)]
fix: add ioctl to SystemCallFilter
Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).
Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4
Lucas Werkmeister [Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)]
upd: add more sandboxing directives to gigi-proxy.service
Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.
Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
Felix Dörre [Tue, 10 Jan 2017 21:44:36 +0000 (22:44 +0100)]
add: fix own host name on certificate issue page
Change-Id: I7fa0e2df8afbe78017067ef8e80c9ecf3a07ca68
Felix Dörre [Tue, 3 Jan 2017 10:35:19 +0000 (11:35 +0100)]
add: detect a quiz-admin directly in gigi
Change-Id: I21854cbafae2a676db624b46975624f31a49d549
Felix Dörre [Fri, 30 Dec 2016 12:01:43 +0000 (13:01 +0100)]
fix: restrict access to CATS-API even more
Change-Id: Idb32bf7e12e0f2704541108afb9a5fcc3e0762a7
Felix Dörre [Fri, 23 Dec 2016 10:45:21 +0000 (11:45 +0100)]
fix: greatly improve performance of often-executed ping-fetch-query
Change-Id: Ic574b193f65f1fd362bf7451fe343e0caa788910
Felix Dörre [Fri, 30 Dec 2016 10:13:37 +0000 (11:13 +0100)]
add: yet another nucleus test
Change-Id: I83cb4a944f8d9e26447535b0672f87a4344458e5
Felix Dörre [Fri, 30 Dec 2016 09:44:06 +0000 (10:44 +0100)]
fix: counting of nucleus verifications
Change-Id: I4a76e579049d822d3280ffc4570f5f2248cac9a4
Felix Dörre [Thu, 29 Dec 2016 16:50:51 +0000 (17:50 +0100)]
fix: send password reset emails to the correct user
Change-Id: I6e88d9fd742255a30a9572f446a3d2b35fb0fcf0
Felix Dörre [Fri, 23 Dec 2016 10:46:53 +0000 (11:46 +0100)]
add: Implement use of Cisco Umbrella 1 Million domain list
as source for high-financial-value-domains
Information about the list is available here:
http://s3-us-west-1.amazonaws.com/umbrella-static/index.html
Blogpost about it:
https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/
Change-Id: I5d8183f5dd09e3b033301cec59b3fa1e820f236c
Felix Dörre [Thu, 15 Dec 2016 09:20:39 +0000 (10:20 +0100)]
fix: Exception when using TestManager functionality
a constant date gets older than two years at some point in time
Change-Id: I804b06258d27f535a7e9af2dd75223f099170fd0
Felix Dörre [Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)]
fix: generate correct urls to static resources
Change-Id: Ibd337a102b6362fa601fc38aed68031677d3ad5d
Felix Dörre [Sun, 27 Nov 2016 15:10:34 +0000 (16:10 +0100)]
upd: enforce serverAuth EKU for SSL-pings
Change-Id: Ia98447b476eb1e6b60c7471208c7cf965e482aea
Felix Dörre [Sun, 27 Nov 2016 15:14:38 +0000 (16:14 +0100)]
upd: in SSLPinger move serverAuth EKU OID to a constant
Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05
Felix Dörre [Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)]
fix: allow SSLPinger to process certs without EKU
Change-Id: Ic4c8de9e4cf5ce617dcd5613296c473678596392
Felix Dörre [Tue, 22 Nov 2016 08:30:21 +0000 (09:30 +0100)]
fix: send unsigned mail correctly
Change-Id: I12c008ceab2e0bb7b97eb329141ef2ec82dc71f4
Felix Dörre [Mon, 31 Oct 2016 09:52:52 +0000 (10:52 +0100)]
upd: use try-with-resources to protect JDBC-Statement
Change-Id: I5084448dc134d47da6aaa0dd6ed53b4aacb1c994
Felix Dörre [Tue, 25 Oct 2016 10:26:12 +0000 (12:26 +0200)]
fix: correct SQL query for issuing repings.
Change-Id: Ibabc4851514b1ebe353c6feb1e369353728f6bae
Felix Dörre [Thu, 10 Nov 2016 11:36:36 +0000 (12:36 +0100)]
upd: use "PartOf" relation in gigi-proxy.service
This enables puppet to simply manage gigi-proxy.socket
by ensuring that a restart of gigi-proxy.socket will
also restart gigi-proxy.service.
Change-Id: I96a51f38cfb4c0f5d6b5efd7a8425d90a17534b6
Felix Dörre [Thu, 10 Nov 2016 17:59:15 +0000 (18:59 +0100)]
fix: fixed date in testcases
Change-Id: I29fbf97a27309a54ed4d36463799b92ccf8a6edd
Lucas Werkmeister [Sun, 16 Oct 2016 16:22:30 +0000 (18:22 +0200)]
Merge "fix: resource leak in template fast-debug code"
Benny Baumann [Sun, 16 Oct 2016 16:22:28 +0000 (18:22 +0200)]
Merge "add: email-management-api"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"
Felix Dörre [Fri, 7 Oct 2016 22:19:04 +0000 (00:19 +0200)]
fix: resource leak in template fast-debug code
Change-Id: I570f997bb3e61d916ccc2dfd0ad23c8225ee9020
Felix Dörre [Mon, 3 Oct 2016 12:03:38 +0000 (14:03 +0200)]
add: email-management-api
Change-Id: I4f7ca7b68e9222520738fb329ba390b07fd74b10
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API
Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default
See #119.
Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links
Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff