David Pursehouse
27f7a590d1
Merge branch 'stable-4.5' into stable-4.6
...
* stable-4.5:
Replace Findbugs with Spotbugs in org.eclipse.jgit/pom.xml
Replace FindBugs with SpotBugs
Change-Id: I1c077e8f3530ac717b1603d3307fd15d4335b8fe
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
2db49bc679
Replace Findbugs with Spotbugs in org.eclipse.jgit/pom.xml
...
Change-Id: If9cb0de7a0e7bd95eac7daeee140a18385192a48
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
7eb34c175c
Replace FindBugs with SpotBugs
...
SpotBugs [1] is the spiritual successor of FindBugs, carrying on from
the point where it left off with support of its community.
This is a backport of [1] which originally did the replacement on the
master branch. This change updates to the current latest version, so
that we can get the benefit of its checks when pushing changes to the
stable branches.
[1] https://spotbugs.github.io/
[2] https://git.eclipse.org/r/#/c/101312/
Change-Id: Ib73d56b5980b55f4d7e09d87abec3138cac3d3dc
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Jonathan Nieder
6dd50d2e1b
Merge branch 'stable-5.0' into stable-5.1
...
* stable-5.0:
SubmoduleValidator: Remove unused import of ConfigConstants
SubmoduleValidator: Permit missing path or url
Change-Id: Iaa3160a1307777cc4233d82e50a57c63d75d141c
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
e63ca8d094
Merge branch 'stable-4.11' into stable-5.0
...
* stable-4.11:
SubmoduleValidator: Remove unused import of ConfigConstants
SubmoduleValidator: Permit missing path or url
Change-Id: Iaf3b994e763bd02054b820cd87fe68ff83675001
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
eb41de5b25
Merge branch 'stable-4.10' into stable-4.11
...
* stable-4.10:
SubmoduleValidator: Remove unused import of ConfigConstants
SubmoduleValidator: Permit missing path or url
Change-Id: Id74c837d6cb728439ccbd6ade71936b493c09e08
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
8b239e5b75
Merge branch 'stable-4.9' into stable-4.10
...
* stable-4.9:
SubmoduleValidator: Remove unused import of ConfigConstants
SubmoduleValidator: Permit missing path or url
Change-Id: Ib3c311f1e8d2db95510292a72f2f49825ffce9d9
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
9d91bf189e
Merge branch 'stable-4.8' into stable-4.9
...
* stable-4.8:
SubmoduleValidator: Remove unused import of ConfigConstants
Change-Id: Id01fd9945e23a9343f96c42db89d5a1b302dad33
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
f282aaa137
Merge branch 'stable-4.7' into stable-4.8
...
* stable-4.7:
SubmoduleValidator: Remove unused import of ConfigConstants
Change-Id: I6a7d19602d6d9099928ee52de727743b9717f262
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
David Pursehouse
26e7a74601
SubmoduleValidator: Remove unused import of ConfigConstants
...
Change-Id: I6afe5690bf9d1f1f4d414aa618daefc8b48d217e
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Jonathan Nieder
8ef8b71db9
Merge branch 'stable-4.8' into stable-4.9
...
* stable-4.8:
SubmoduleValidator: Permit missing path or url
Change-Id: I989ac2c0c124c82385fc7cac7e0544ec225f7589
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
830e0d6b8c
Merge branch 'stable-4.7' into stable-4.8
...
* stable-4.7:
SubmoduleValidator: Permit missing path or url
Change-Id: I94fdaf45abbf7665f9eddc14b1a7f7144aafeadf
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
d3eaf1007b
SubmoduleValidator: Permit missing path or url
...
A .gitmodules file can include a submodule without a path to configure
the URL for a submodule that is only present on other branches.
A .gitmodules file can include a submodule with no URL and no path to
reserve the name for a submodule that existed in earlier history but
is not available from any URL any more.
"git fsck" permits both of these cases. Permit them in JGit as well
(instead of throwing NullPointerException).
Change-Id: I3b442639ad79ea7a59227f96406a12e62d3573ae
Reported-by: David Pursehouse <david.pursehouse@gmail.com>
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Matthias Sohn
1bec897ada
Update API warning filter to 5.1.3
...
We added API in 4.7.5 to fix CVE-2018-17456
Change-Id: I14698fb088de91b8ba8856e461f64138025a89fa
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Jonathan Nieder
c1ef0d2cfd
Merge branch 'stable-5.0' into stable-5.1
...
* stable-5.0:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: Ib32077c6640621670649fa4fbfcc8d0c9d8346f1
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
3e73672c06
Merge branch 'stable-4.11' into stable-5.0
...
* stable-4.11:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: If82e40c5a39b84c6a63e8cc10d168696c4eb3e91
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
735f79c663
Merge branch 'stable-4.10' into stable-4.11
...
* stable-4.10:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: Id2c8d1d4ffdf7bf18ef64479cfa1e959d9b2c37e
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
112a19711d
Merge branch 'stable-4.9' into stable-4.10
...
* stable-4.9:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: I847bdb9ef2b9e733c79489577b8b6e852ce6abf3
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
Jonathan Nieder
acd35d5384
Merge branch 'stable-4.8' into stable-4.9
...
* stable-4.8:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: Ic73df5571e1ae86e5e026d0bf9d8e9e330cbfa97
Signed-off-by: Jonathan Nieder <jrn@google.com>
6 years ago
David Pursehouse
f6eb785551
Merge branch 'stable-4.7' into stable-4.8
...
* stable-4.7:
ObjectChecker#getGitsubmodules: Fix malformed javadoc
Change-Id: I51ddd8fa1c2fbcabfb010bc4662d2c925563b55a
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
df8bd762a1
ObjectChecker#getGitsubmodules: Fix malformed javadoc
...
The text "<tree, blob>" with angle brackets should not be used in javadoc
since it is interpreted as an HTML tag and then rejected since it's not a
valid HTML tag. Wrap the text in a @literal tag.
Also add a missing space.
Change-Id: Ide045e8c04a39a916f5b2e964e58c151e4555830
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Matthias Sohn
2078b23cee
Prepare 5.1.3-SNAPSHOT builds
...
Change-Id: I75c1a01885115fc709ab37f181234264c3f7423a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
b63870200b
JGit v5.1.2.201810061102-r
...
Change-Id: Id34e4ae12a796460862edc37c5eb072314199bf4
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
dff99a272a
Merge branch 'stable-5.0' into stable-5.1
...
* stable-5.0:
Prepare 4.11.5-SNAPSHOT builds
JGit v4.11.4.201810060650-r
Fix configuration of maven-javadoc-plugin
Prepare 4.9.7-SNAPSHOT builds
JGit v4.9.6.201810051924-r
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
* Fix todos in SubmoduleAddTest
Change-Id: I53272081094b8948a40a1ce409af08b6ef330c1e
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
23ebbe5662
Merge branch 'stable-4.11' into stable-5.0
...
* stable-4.11:
Prepare 4.11.5-SNAPSHOT builds
JGit v4.11.4.201810060650-r
Fix configuration of maven-javadoc-plugin
Prepare 4.9.7-SNAPSHOT builds
JGit v4.9.6.201810051924-r
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
* Fix configuration of maven-javadoc-plugin for site generation
Change-Id: Ic6ff8d324867ee41f15a5b890c7eee5092e8453e
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
620370ab6a
Prepare 4.11.5-SNAPSHOT builds
...
Change-Id: Ifbe76e14264e8b547930e2320e8e81d728bd6e38
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
c2a866b109
JGit v4.11.4.201810060650-r
...
Change-Id: I5700ebd341b6b997a7757b17e7d731c4ce608ec2
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
816bcd259e
Merge branch 'stable-4.10' into stable-4.11
...
* stable-4.10:
Fix configuration of maven-javadoc-plugin
Change-Id: I80db074c45e840f15e227a400ef637b85084e711
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
f07e48cc10
Fix configuration of maven-javadoc-plugin
...
Since maven-javadoc-plugin additionalJOption replaces additionalparam to
pass additional options to JavaDoc.
See https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#additionalJOption
Change-Id: Iddff5873520a181bcb9edf285b0c8db532e930ee
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
f016e32471
Merge branch 'stable-4.10' into stable-4.11
...
* stable-4.10:
Prepare 4.9.7-SNAPSHOT builds
JGit v4.9.6.201810051924-r
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
Change-Id: Ibd759f5d425f714e79b3137ff8e5b0f989933de0
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
c0a973657f
Merge branch 'stable-4.9' into stable-4.10
...
* stable-4.9:
Prepare 4.9.7-SNAPSHOT builds
JGit v4.9.6.201810051924-r
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
Change-Id: Ie59e34eb591a827d1ce8e483eec6d390a3c81702
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
bf7a611dac
Prepare 4.9.7-SNAPSHOT builds
...
Change-Id: I20e7bd6bdebcdb55a8c771314759bd8f98f04ef6
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
73e6a93ba2
JGit v4.9.6.201810051924-r
...
Change-Id: Ib39aaae26da17aa37d654b24c1defd45126f4ea2
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
7d94b446fe
Merge branch 'stable-4.8' into stable-4.9
...
* stable-4.8:
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
Change-Id: Ia7a826399d8d5b8a0eb7169b40e98a6f5c207a4c
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
a8bd7dcc58
Merge branch 'stable-4.7' into stable-4.8
...
* stable-4.7:
Prepare 4.7.6-SNAPSHOT builds
JGit v4.7.5.201810051826-r
BaseReceivePack: Validate incoming .gitmodules files
ObjectChecker: Report .gitmodules files found in the pack
SubmoduleAddCommand: Reject submodule URIs that look like cli options
Change-Id: Id6fabec4d0b682a7e20a46e88cbc05432efca062
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
4a68f1a3c7
Prepare 4.7.6-SNAPSHOT builds
...
Change-Id: I99b59116999742d8d6cdba26287ea7c6eba11a30
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
9c90816cd9
JGit v4.7.5.201810051826-r
...
Change-Id: I60c7a2eff3dab5083f71df0d9465a4e94b5e2513
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Ivan Frade
e4c28665b6
BaseReceivePack: Validate incoming .gitmodules files
...
The main concern are submodule urls starting with '-' that could pass as
options to an unguarded tool.
Pass through the parser the ids of blobs identified as .gitmodules
files in the ObjectChecker. Load the blobs and parse/validate them
in SubmoduleValidator.
Change-Id: Ia0cc32ce020d288f995bf7bc68041fda36be1963
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Ivan Frade
3ed3eafbd1
ObjectChecker: Report .gitmodules files found in the pack
...
In order to validate .gitmodules files, we first need to find them
in the incoming pack.
Do it in the ObjectChecker stage. Check in the tree objects if they
point to a .gitmodules file and report the tree id and the .gitmodules
blob id.
This can be used later to check if the file is in the root of the
project and if the contents are good.
While we're here, make isMacHFSGit more accurate by detecting variants
of filenames that vary in case.
[jn: tweaked NTFS and HFS+ checking; added more tests]
Change-Id: I70802e7d2c1374116149de4f89836b9498f39582
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Ivan Frade
db9f7b028d
SubmoduleAddCommand: Reject submodule URIs that look like cli options
...
In C git versions before 2.19.1, the submodule is fetched by running
"git clone <uri> <path>". A URI starting with "-" would be interpreted
as an option, causing security problems. See CVE-2018-17456.
Refuse to add submodules with URIs, names or paths starting with "-",
that could be confused with command line arguments.
[jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's
dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify
the submodule name, 2018-07-12) along for the ride]
Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
9dbb18291f
Revert "Configure WindowCache settings to use in JGit CLI"
...
This reverts commit e6375445d1
.
Hard coding WindowCache settings wasn't a good idea, this prevents that
custom settings can be configured. Also using virtual memory mapping has
issues on Windows.
Bug: 539789
Change-Id: I37434581f9e3db2f1d7442d893f0dda0c2488d93
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
David Pursehouse
41b1a71cf3
Merge branch 'stable-5.0' into stable-5.1
...
* stable-5.0:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: Ie7cb0c8a9775626cf2a2daae04b2d1f73a6c5af7
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
7893fcb0b4
Merge branch 'stable-4.11' into stable-5.0
...
* stable-4.11:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: Icacfa8dcd1ced32715fb772c336574318f28ddd1
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
6b82c9ff7f
Merge branch 'stable-4.10' into stable-4.11
...
* stable-4.10:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: I2ab21595531bcd487ce6a5cb0a3bc3c6f6f6e518
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
8ee64116b8
Merge branch 'stable-4.9' into stable-4.10
...
* stable-4.9:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: I3dff04d2ea99e5b6331e45e3ea2ccc78fb2d5a02
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
ffdaa0ff8f
Merge branch 'stable-4.8' into stable-4.9
...
* stable-4.8:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: Ie3de769209ec8477c97df5f90b8c63c03e023be0
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Pursehouse
33c9906886
Merge branch 'stable-4.7' into stable-4.8
...
* stable-4.7:
ObjectDownloadListener#onWritePossible: Add comment on return statement
Change-Id: Id0833112b0be4e78af375ee1fc78287743d7bc4c
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
David Ostrovsky
e5a4c0d17e
ObjectDownloadListener#onWritePossible: Add comment on return statement
...
It is not obvious why this return statement is needed. Clarify with a
comment that otherwise endless loop may show up when recent versions
of Jetty are used.
Change-Id: I8e5d4de51869fb1179bf599bfb81bcd7d745874b
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
6 years ago
Matthias Sohn
48e21dc10b
Prepare 5.1.2-SNAPSHOT builds
...
Change-Id: I095d246e27de747a234bc058725454c222be51ce
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago
Matthias Sohn
b06d2e6a31
JGit v5.1.1.201809181055-r
...
Change-Id: I2366444fca125139eadb6d513be721167a266d70
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 years ago