Upgrade Git to pull in security releases
Update Git versions to Git v2.45.1 and friends to fix the following CVEs:
-
CVE-2024-32002, which can lead to arbitrary code execution on case-insensitive filesystems when doing recursive clones.
-
CVE-2024-32004, which can lead to arbitrary code execution when doing a local partial clones via the filesystem.
-
CVE-2024-32021, which allows an adversary to rewrite files in a cloned repository when using local clones with hardlinks.
-
CVE-2024-32021, which can lead to linking to arbitrary files accessible to the user when doing local clones via a TOCTOU style race.
-
CVE-2024-32465, which can lead to executing arbitrary commands when cloning an untrusted local repository.
None of these issues were found to impact Gitaly, but upgrading is the right thing to do regardless.