Upgrade to Git 2.8.0-rc2

This contains commit 9831e92bfa833ee9c0ce464bbc2f941ae6c2698d which removes the path_name() function. That fixes a remote-code execution security hole, described in CVE-2016-2315 and CVE-2016-2324. I have read in some places that 2.7.1 and later are not vulnerable, but I've not been able to prove that, nor find proof. At time of writing the Debian advisory doesn't show that 2.7.1 and later are safe, only 2.8.0-rc2: https://security-tracker.debian.org/tracker/CVE-2016-2324 See also: https://ma.ttias.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-cve-2016-2315/ Change-Id: I8948b295030f2f498780777aa62a54f2337518b5
author: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2016-03-16 11:32:54 +0000
committer: Sam Thursfield <sam.thursfield@codethink.co.uk> 2016-03-16 11:41:34 +0000
commit: 23f354034df7c6d2652bca285047d29f5abef560 (patch)
tree: 9688cf71a7a6214f5f1ebe039a0ef6fc83891273
parent: aa2fd0f9bf293b55f01168598d1b4ae98fe4cbb5 (diff)
download: definitions-23f354034df7c6d2652bca285047d29f5abef560.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/strata/core.morph b/strata/core.morph
index 1148ecfb..5304f50a 100644
--- a/strata/core.morph
+++ b/strata/core.morph
@@ -161,8 +161,8 @@ chunks:
 - name: git-minimal
   morph: strata/core/git-minimal.morph
   repo: upstream:git
-  ref: 9874fca7122563e28d699a911404fc49d2a24f1c
-  unpetrify-ref: v2.3.0
+  ref: ed9067f705aa51819c7dfff7e4190dd267beaf5d
+  unpetrify-ref: v2.8.0-rc2
   build-depends:
   - autoconf
   - python3
author	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2016-03-16 11:32:54 +0000
committer	Sam Thursfield <sam.thursfield@codethink.co.uk>	2016-03-16 11:41:34 +0000
commit	23f354034df7c6d2652bca285047d29f5abef560 (patch)
tree	9688cf71a7a6214f5f1ebe039a0ef6fc83891273
parent	aa2fd0f9bf293b55f01168598d1b4ae98fe4cbb5 (diff)
download	definitions-23f354034df7c6d2652bca285047d29f5abef560.tar.gz