Upgrade JGit to 4.5.5.201812240535-r

This release fixes an issue where AdvertiseRefsHook was not called for
git-upload-pack in protocol v0 bidirectional transports, meaning that
wants aren't validated and a user can fetch anything that is pointed
to by any ref (using fetch-by-sha1), as long as they can guess the
object name.

Bug: Issue 10262
Change-Id: I5c1af5c7c549e1796fe6347c1ec08797471393a1
diff --git a/lib/jgit/BUCK b/lib/jgit/BUCK
index b6dd17d..8c9e1c6 100644
--- a/lib/jgit/BUCK
+++ b/lib/jgit/BUCK
@@ -1,16 +1,17 @@
 include_defs('//lib/maven.defs')
 
-REPO = MAVEN_CENTRAL # Leave here even if set to MAVEN_CENTRAL.
-VERS = '4.5.4.201711221230-r'
+REPO = ECLIPSE # Leave here even if set to MAVEN_CENTRAL.
+VERS = '4.5.5.201812240535-r'
 
 maven_jar(
   name = 'jgit',
   id = 'org.eclipse.jgit:org.eclipse.jgit:' + VERS,
-  bin_sha1 = 'b30f322c7d441260f4fa454ce5de65cf7e961274',
-  src_sha1 = '459f648f8bbf10e1aa0b122d4f9919e1779922e9',
+  bin_sha1 = '1dac8dd7deb4ec72939fe30cd6fd57c22fd4a403',
+  src_sha1 = '6c5fe5a2bd6b12571d15984916463f2f28223a93',
   license = 'jgit',
   unsign = True,
   deps = [':ewah'],
+  repository = REPO,
   exclude = [
     'META-INF/eclipse.inf',
     'about.html',
@@ -21,9 +22,10 @@
 maven_jar(
   name = 'jgit-servlet',
   id = 'org.eclipse.jgit:org.eclipse.jgit.http.server:' + VERS,
-  sha1 = '264fac29b6007146127156113ed3d4e0aa922b39',
+  sha1 = '6498fa4f4bd5db11d3069952540b68a9aef024c2',
   license = 'jgit',
   deps = [':jgit'],
+  repository = REPO,
   unsign = True,
   exclude = [
     'about.html',
@@ -34,12 +36,13 @@
 maven_jar(
   name = 'jgit-archive',
   id = 'org.eclipse.jgit:org.eclipse.jgit.archive:' + VERS,
-  sha1 = '6b0b919ee42bf8276193c3c03581634bc3aa7e18',
+  sha1 = 'd64327d788ae43d79eb4e42d2432646c7b485789',
   license = 'jgit',
   deps = [':jgit',
     '//lib/commons:compress',
     '//lib:tukaani-xz',
   ],
+  repository = REPO,
   unsign = True,
   exclude = [
     'about.html',
@@ -50,10 +53,11 @@
 maven_jar(
   name = 'junit',
   id = 'org.eclipse.jgit:org.eclipse.jgit.junit:' + VERS,
-  sha1 = '58ca0a0fba72f2db6e6b27bd464dc44a946a617c',
+  sha1 = '50c36e367e7df961c1acc9308b7d52ea21a73d91',
   license = 'DO_NOT_DISTRIBUTE',
   unsign = True,
   deps = [':jgit'],
+  repository = REPO,
 )
 
 maven_jar(
diff --git a/lib/maven.defs b/lib/maven.defs
index 7f0bc1d..1b36fdb 100644
--- a/lib/maven.defs
+++ b/lib/maven.defs
@@ -13,6 +13,7 @@
 # limitations under the License.
 
 ATLASSIAN = 'ATLASSIAN:'
+ECLIPSE = 'ECLIPSE:'
 GERRIT = 'GERRIT:'
 GERRIT_API = 'GERRIT_API:'
 ECLIPSE = 'ECLIPSE:'
diff --git a/tools/util.py b/tools/util.py
index ceb89ad..fb49664 100644
--- a/tools/util.py
+++ b/tools/util.py
@@ -23,6 +23,7 @@
 
 REPO_ROOTS = {
   'ATLASSIAN': 'https://maven.atlassian.com/content/repositories/atlassian-3rdparty',
+  'ECLIPSE': 'https://repo.eclipse.org/content/groups/releases',
   'GERRIT': 'http://gerrit-maven.storage.googleapis.com',
   'GERRIT_API': 'https://gerrit-api.commondatastorage.googleapis.com/release',
   'ECLIPSE': 'https://repo.eclipse.org/content/groups/releases',