From b0b740c03e71e7b9e867dabc8a5925d2c474584c Mon Sep 17 00:00:00 2001
From: Euan Kemp <euan.kemp@coreos.com>
Date: Fri, 11 Aug 2017 11:45:27 -0700
Subject: [PATCH 1/3] profiles: bump git

To allow a version patched for CVE-2017-1000117
---
 .../profiles/coreos/base/package.accept_keywords               | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index e43804a28d..74a165d9db 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -75,3 +75,6 @@ dev-util/checkbashisms
 
 # Pick up fixes for bugs introduced in 4.0
 =sys-fs/dosfstools-4.1 **
+
+# CVE-2017-1000117
+=dev-vcs/git-2.13.5

From 051b442b71251e8ffa1d6ac5d111b3081ca5091e Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Fri, 11 Aug 2017 12:21:19 -0700
Subject: [PATCH 2/3] profiles: use the newest Git on master

---
 .../coreos-overlay/profiles/coreos/base/package.accept_keywords | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 74a165d9db..12d8a4d80a 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -77,4 +77,4 @@ dev-util/checkbashisms
 =sys-fs/dosfstools-4.1 **
 
 # CVE-2017-1000117
-=dev-vcs/git-2.13.5
+=dev-vcs/git-2.14.1

From 1cc91f3c705eb521077f07b1e7fd4cff8071600c Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Fri, 11 Aug 2017 12:55:27 -0700
Subject: [PATCH 3/3] profiles: disable Git's pcre-jit option

This requires additional dependencies.
---
 .../third_party/coreos-overlay/profiles/coreos/base/package.use | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index d385952153..3e59530234 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -39,7 +39,7 @@ sys-apps/gptfdisk -icu
 dev-libs/apr-util -gdbm
 sys-libs/gdbm berkdb
 
-dev-vcs/git -perl -iconv
+dev-vcs/git -pcre-jit -perl -iconv
 
 net-analyzer/nmap ncat -lua