Log Message:
Pullup ticket #5769 - requested by leot
devel/git: security fix

This was submitted as a manual patch.

---
   git: Update devel/git to 2.16.4

   Changes:
   Git v2.16.4 Release Notes
   =========================
   This release is to forward-port the fixes made in the v2.13.7 version
   of Git.  See its release notes for details.

   [...2.13.7 release notes...:]

    * Submodule "names" come from the untrusted .gitmodules file, but we
      blindly append them to $GIT_DIR/modules to create our on-disk repo
      paths. This means you can do bad things by putting "../" into the
      name. We now enforce some rules for submodule names which will cause
      Git to ignore these malicious names (CVE-2018-11235).

      Credit for finding this vulnerability and the proof of concept from
      which the test script was adapted goes to Etienne Stalmans.

    * It was possible to trick the code that sanity-checks paths on NTFS
      into reading random piece of memory (CVE-2018-11233).

   Credit for fixing for these bugs goes to Jeff King, Johannes
   Schindelin and others.