Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "JGit/New and Noteworthy/3.6"
(→Bug Fixes) |
(→Fix for CVE-2014-9390) |
||
(8 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
* GarbageCollectCommand now supports DfsRepository | * GarbageCollectCommand now supports DfsRepository | ||
* Support for Submodule configuration submodule.<name>.ignore | * Support for Submodule configuration submodule.<name>.ignore | ||
+ | * Support for new submodule repository layout (.git/modules of the super project contains the submodule repositories) | ||
+ | * InitCommand support for option "--separate-git-dir" to store .git meta data directory in a separate directory | ||
+ | * CloneCommand support to store .git meta data directory in a separate directory | ||
* Permission bits for "executable" attribute are now set according to the umask on Posix/Java7 | * Permission bits for "executable" attribute are now set according to the umask on Posix/Java7 | ||
* BundleWriter now supports including HEAD in bundle | * BundleWriter now supports including HEAD in bundle | ||
* New config parameter core.trustfolderstat | * New config parameter core.trustfolderstat | ||
+ | |||
+ | ==JGit Command Line== | ||
+ | * Add option --bare to clone command | ||
+ | * Add options --heads and --tags to ls-remote command | ||
==Performance Improvements== | ==Performance Improvements== | ||
Line 19: | Line 26: | ||
= Bug Fixes = | = Bug Fixes = | ||
[https://bugs.eclipse.org/bugs/buglist.cgi?classification=Technology&list_id=10006180&order=Importance&product=JGit&query_format=advanced&resolution=FIXED&resolution=DUPLICATE&target_milestone=3.6 11 Bugs and 0 enhancement requests] were closed | [https://bugs.eclipse.org/bugs/buglist.cgi?classification=Technology&list_id=10006180&order=Importance&product=JGit&query_format=advanced&resolution=FIXED&resolution=DUPLICATE&target_milestone=3.6 11 Bugs and 0 enhancement requests] were closed | ||
+ | |||
+ | === Fix for CVE-2014-9390 === | ||
+ | The patches fixing [http://article.gmane.org/gmane.linux.kernel/1853266 CVE-2014-9390] released in [https://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html JGit 3.4.2 and 3.5.3] are also included in 3.6.0. | ||
+ | |||
+ | As described in [https://developer.atlassian.com/blog/2014/12/securing-your-git-server/ Securing your Git server] native git has been enhanced by configuration parameters allowing to configure a git server to check all objects it receives against problematic pathes. A server running e.g. on Linux can be configured to check also for pathes problematic on HFS+ or NTFS. This is also possible for JGit based Git servers. JGit understands the boolean config parameters '''receive.fsckobjects''', '''fsck.safeForWindows''' and '''fsck.safeForMacOS'''. They match native git's '''receive.fsckobjects''', '''core.protectNTFS''', '''core.protectHFS'''. | ||
+ | |||
+ | {| cellpadding="3" cellspacing="0" border="1" | ||
+ | !git-core | ||
+ | !JGit | ||
+ | !Description | ||
+ | |- | ||
+ | |'''receive.fsckobjects''' | ||
+ | |'''receive.fsckobjects''' | ||
+ | |enable checks when receiving objects | ||
+ | |- | ||
+ | |'''core.protectNTFS''' | ||
+ | |'''fsck.safeForWindows''' | ||
+ | |check pathes problematic on NTFS | ||
+ | |- | ||
+ | |'''core.protectHFS''' | ||
+ | |'''fsck.safeForMacOS''' | ||
+ | |check pathes problematic on HFS+ | ||
+ | |} | ||
+ | |||
+ | |||
+ | Enabling '''receive.fsckObjects''' makes JGit check the integrity of objects before a push is accepted, which is a pre-requisite for the other flags. The '''fsck.safeForMacOS''' and '''fsck.safeForWindows''' flags prevent the OS X and Windows vulnerabilities described above, respectively. Both default to true on their respective systems but will need to be enabled specifically on other platforms. Since clients could be using a different operating system to your server you should enable both on JGit based servers. | ||
= Contributors = | = Contributors = | ||
− | The following | + | The following 11 developers worked on this release of JGit: |
+ | |||
+ | Andrey Loskutov, | ||
+ | Axel Richard, | ||
+ | Christian Halstrick, | ||
+ | Dani Megert, | ||
+ | Marc Strapetz, | ||
+ | Matthias Sohn, | ||
+ | Michael Keppler, | ||
+ | Robin Stocker, | ||
+ | Shawn Pearce, | ||
+ | Stefan Beller, | ||
+ | Yuxuan 'fishy' Wang |
Revision as of 09:44, 23 December 2014
Contents
JGit
Features
- Ignore rule parser was reimplemented to support ** wildcard patterns, negation rules and improve performance
- Add "aggressive" option to GC
- GarbageCollectCommand now supports DfsRepository
- Support for Submodule configuration submodule.<name>.ignore
- Support for new submodule repository layout (.git/modules of the super project contains the submodule repositories)
- InitCommand support for option "--separate-git-dir" to store .git meta data directory in a separate directory
- CloneCommand support to store .git meta data directory in a separate directory
- Permission bits for "executable" attribute are now set according to the umask on Posix/Java7
- BundleWriter now supports including HEAD in bundle
- New config parameter core.trustfolderstat
JGit Command Line
- Add option --bare to clone command
- Add options --heads and --tags to ls-remote command
Performance Improvements
- Reimplemented ignore rule parser to improve performance of ignore rule evaluation
- Enhance SubmoduleWalk with a fast check whether a repo contains submodules
Build and Release Engineering
- The java7 feature is now included in org.eclipse.jgit.feature
- Maven site generation for jgit
Bug Fixes
11 Bugs and 0 enhancement requests were closed
Fix for CVE-2014-9390
The patches fixing CVE-2014-9390 released in JGit 3.4.2 and 3.5.3 are also included in 3.6.0.
As described in Securing your Git server native git has been enhanced by configuration parameters allowing to configure a git server to check all objects it receives against problematic pathes. A server running e.g. on Linux can be configured to check also for pathes problematic on HFS+ or NTFS. This is also possible for JGit based Git servers. JGit understands the boolean config parameters receive.fsckobjects, fsck.safeForWindows and fsck.safeForMacOS. They match native git's receive.fsckobjects, core.protectNTFS, core.protectHFS.
git-core | JGit | Description |
---|---|---|
receive.fsckobjects | receive.fsckobjects | enable checks when receiving objects |
core.protectNTFS | fsck.safeForWindows | check pathes problematic on NTFS |
core.protectHFS | fsck.safeForMacOS | check pathes problematic on HFS+ |
Enabling receive.fsckObjects makes JGit check the integrity of objects before a push is accepted, which is a pre-requisite for the other flags. The fsck.safeForMacOS and fsck.safeForWindows flags prevent the OS X and Windows vulnerabilities described above, respectively. Both default to true on their respective systems but will need to be enabled specifically on other platforms. Since clients could be using a different operating system to your server you should enable both on JGit based servers.
Contributors
The following 11 developers worked on this release of JGit:
Andrey Loskutov, Axel Richard, Christian Halstrick, Dani Megert, Marc Strapetz, Matthias Sohn, Michael Keppler, Robin Stocker, Shawn Pearce, Stefan Beller, Yuxuan 'fishy' Wang