Ivan Frade db9f7b028d SubmoduleAddCommand: Reject submodule URIs that look like cli options ... In C git versions before 2.19.1, the submodule is fetched by running "git clone <uri> <path>". A URI starting with "-" would be interpreted as an option, causing security problems. See CVE-2018-17456. Refuse to add submodules with URIs, names or paths starting with "-", that could be confused with command line arguments. [jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify the submodule name, 2018-07-12) along for the ride] Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017 Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>		2018-10-05 21:38:22 +02:00
..
.settings	SubmoduleAddCommand: Reject submodule URIs that look like cli options	2018-10-05 21:38:22 +02:00
META-INF	Prepare 4.7.5-SNAPSHOT builds	2018-09-18 15:16:36 +02:00
findBugs	[findBugs] Silence warning about Transport initialization	2012-09-14 00:01:47 +02:00
resources/org/eclipse/jgit	SubmoduleAddCommand: Reject submodule URIs that look like cli options	2018-10-05 21:38:22 +02:00
src/org/eclipse/jgit	SubmoduleAddCommand: Reject submodule URIs that look like cli options	2018-10-05 21:38:22 +02:00
.classpath	Change JGit minimum execution environment to JavaSE-1.8	2016-09-20 11:32:36 +02:00
.fbprefs	Initial JGit contribution to eclipse.org	2009-09-29 16:47:03 -07:00
.gitignore	Finish removing Apache Felix maven-bundle-plugin	2010-01-12 11:46:55 -08:00
.project	Revert "Hide Maven target directories from Eclipse"	2010-08-28 09:50:50 +02:00
BUILD	bazel: Add explicit targets for library dependencies	2017-03-19 18:51:03 -07:00
about.html	SHA-1: collision detection support	2017-02-28 16:38:43 -08:00
build.properties	Add "resources/" as a source folder	2010-06-05 14:39:27 +02:00
plugin.properties	Remove incubation marker	2011-05-31 22:53:53 +02:00
pom.xml	Prepare 4.7.5-SNAPSHOT builds	2018-09-18 15:16:36 +02:00