svn commit: r567475 - in head: devel/gitaly www/gitlab-ce www/gitlab-ce/files www/gitlab-workhorse
Matthias Fechner
mfechner at FreeBSD.org
Sat Mar 6 10:08:32 UTC 2021
Author: mfechner
Date: Sat Mar 6 10:08:29 2021
New Revision: 567475
URL: https://svnweb.freebsd.org/changeset/ports/567475
Log:
Security update to gitlab-ce 13.9.2.
Changelog:
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
This commit also enforces an older version of devel/rubygem-google-protobuf of version 3.14.0.
This also linked PR.
This ensures that users to not upgrade by accident to a version that is core dumping.
So it is wanted that this port is currently not buildable to protect users from an update.
If you want to this upgrade, wait till devel/rubygem-google-protobuf is fixed or downgrade it to 3.14.0.
PR: 254014 254010
Security: 8bf856ea-7df7-11eb-9aad-001b217b3468
Modified:
head/devel/gitaly/Makefile
head/devel/gitaly/distinfo
head/www/gitlab-ce/Makefile
head/www/gitlab-ce/distinfo
head/www/gitlab-ce/files/patch-Gemfile
head/www/gitlab-ce/pkg-plist
head/www/gitlab-workhorse/Makefile
head/www/gitlab-workhorse/distinfo
Modified: head/devel/gitaly/Makefile
==============================================================================
--- head/devel/gitaly/Makefile Sat Mar 6 10:01:09 2021 (r567474)
+++ head/devel/gitaly/Makefile Sat Mar 6 10:08:29 2021 (r567475)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= gitaly
-DISTVERSION= 13.9.1
+DISTVERSION= 13.9.2
PORTREVISION= 0
CATEGORIES= devel
@@ -43,7 +43,7 @@ MAKE_ENV= GOFLAGS="${GO_BUILDFLAGS}"
USE_GITLAB= yes
GL_ACCOUNT= gitlab-org
# Find this here: https://gitlab.com/gitlab-org/gitaly/-/tags
-GL_COMMIT= 4f85f046841f2fbfcf8db5d54f7957aa60977b62
+GL_COMMIT= 4b02bd68a03cbad166b6965be61cf8ffc5b5a6be
# for go dependencies
USE_GITHUB= nodefault
Modified: head/devel/gitaly/distinfo
==============================================================================
--- head/devel/gitaly/distinfo Sat Mar 6 10:01:09 2021 (r567474)
+++ head/devel/gitaly/distinfo Sat Mar 6 10:08:29 2021 (r567475)
@@ -1,4 +1,4 @@
-TIMESTAMP = 1614351635
+TIMESTAMP = 1614980687
SHA256 (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = d81bd47683ef9cbd228691b077373d3e15ca5fa5b9e7919099c4e87779040e84
SIZE (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = 3321111
SHA256 (alexbrainman-sspi-4729b3d4d858_GH0.tar.gz) = 757930d82a7fca04d46d1c69ac27361ef2dadcb9fabbb3bf3a5ed785ebfc4e27
@@ -157,8 +157,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b
SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460
SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3
SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655
-SHA256 (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = c773ea0c94c888cd94878a014b41da521a4126edc4a498aa214e9277e7466e1e
-SIZE (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = 3353539
+SHA256 (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 462ab9677692a744efcad9ed0ff31ed1bd7889bde79aac8c4519e72f4ab2ef5b
+SIZE (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 3353602
SHA256 (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = f2fdaf95afc348cbfe1b4445b5031bc67d2e808e4525db3dfb3a9e27c9adddf3
SIZE (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = 89583
SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd
Modified: head/www/gitlab-ce/Makefile
==============================================================================
--- head/www/gitlab-ce/Makefile Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-ce/Makefile Sat Mar 6 10:08:29 2021 (r567475)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME?= gitlab-ce
-PORTVERSION?= 13.9.1
+PORTVERSION?= 13.9.2
PORTREVISION?= 0
CATEGORIES= www devel
@@ -20,7 +20,7 @@ MY_DEPENDS= git>=2.29:devel/git \
gitlab-agent>=13.9.1:net/gitlab-agent \
gitlab-pages>=1.35.0:www/gitlab-pages \
gitlab-shell>=13.16.1:devel/gitlab-shell \
- gitlab-workhorse>=8.63.0:www/gitlab-workhorse \
+ gitlab-workhorse>=8.63.2:www/gitlab-workhorse \
redis>=4.0.0:databases/redis \
yarn>=1.10.0:www/yarn \
gtar>0:archivers/gtar \
@@ -188,6 +188,7 @@ MY_DEPENDS= git>=2.29:devel/git \
rubygem-pg_query>=1.3.0<1.4:databases/rubygem-pg_query \
rubygem-premailer-rails-rails60>=1.10.3<1.11.0:mail/rubygem-premailer-rails-rails60 \
rubygem-gitlab-labkit>=0.14.0<0.16:devel/rubygem-gitlab-labkit \
+ rubygem-thrift>=0.14.0:devel/rubygem-thrift \
rubygem-ruby_parser>=3.15<4.0:devel/rubygem-ruby_parser \
rubygem-rails-i18n-rails60>=6.0<7.0:devel/rubygem-rails-i18n-rails60 \
rubygem-gettext_i18n_rails>=1.8.0<1.9.0:devel/rubygem-gettext_i18n_rails \
@@ -221,7 +222,7 @@ MY_DEPENDS= git>=2.29:devel/git \
rubygem-bcrypt_pbkdf>=1.0<2.0:security/rubygem-bcrypt_pbkdf \
rubygem-gitaly>=13.9.0.pre.rc1<13.10.0:net/rubygem-gitaly \
rubygem-grpc130>=1.30.2<1.31:net/rubygem-grpc130 \
- rubygem-google-protobuf>=3.12<4:devel/rubygem-google-protobuf \
+ rubygem-google-protobuf>=3.12<3.15:devel/rubygem-google-protobuf \
rubygem-toml-rb10>=1.0.0<1.1.0:www/rubygem-toml-rb10 \
rubygem-flipper017>=0.17.1<0.18.0:devel/rubygem-flipper017 \
rubygem-flipper-active_record017>=0.17.1<0.18.0:databases/rubygem-flipper-active_record017 \
@@ -267,7 +268,7 @@ USE_GITLAB= yes
GL_ACCOUNT?= gitlab-org
GL_PROJECT?= gitlab-foss
# Find the here: https://gitlab.com/gitlab-org/gitlab-foss/-/tags
-GL_COMMIT?= 03979b4aaf060cae40934b2aade0bbe8a210e311
+GL_COMMIT?= 189a15a911843a9059d1f8bfd31008557bea520b
USERS= git
GROUPS= git
Modified: head/www/gitlab-ce/distinfo
==============================================================================
--- head/www/gitlab-ce/distinfo Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-ce/distinfo Sat Mar 6 10:08:29 2021 (r567475)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1614351499
-SHA256 (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 8e224795f0735dc10918ac1b11ff3ee76c5ba1eb76d537166292a08f00dbc914
-SIZE (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 98349077
+TIMESTAMP = 1614980151
+SHA256 (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 9a2ddc533fdd80b05e966c6a048bc1b6242a2f1e1bbe405221c8d61bdfdfbf36
+SIZE (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 98347897
Modified: head/www/gitlab-ce/files/patch-Gemfile
==============================================================================
--- head/www/gitlab-ce/files/patch-Gemfile Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-ce/files/patch-Gemfile Sat Mar 6 10:08:29 2021 (r567475)
@@ -1,4 +1,4 @@
---- Gemfile.orig 2021-02-19 09:35:35 UTC
+--- Gemfile.orig 2021-03-04 13:43:08 UTC
+++ Gemfile
@@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.10.0'
# Authentication libraries
@@ -50,10 +50,10 @@
# LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '0.14.0'
+gem 'gitlab-labkit', '0.15.0'
-
- # I18n
- gem 'ruby_parser', '~> 3.15', require: false
-@@ -329,102 +328,11 @@ gem 'snowplow-tracker', '~> 0.6.1'
+ # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
+ # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
+ gem 'thrift', '>= 0.14.0'
+@@ -332,102 +331,11 @@ gem 'snowplow-tracker', '~> 0.6.1'
# Metrics
group :metrics do
gem 'method_source', '~> 1.0', require: false
Modified: head/www/gitlab-ce/pkg-plist
==============================================================================
--- head/www/gitlab-ce/pkg-plist Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-ce/pkg-plist Sat Mar 6 10:08:29 2021 (r567475)
@@ -6488,6 +6488,7 @@
%%WWWDIR%%/app/helpers/webpack_helper.rb
%%WWWDIR%%/app/helpers/whats_new_helper.rb
%%WWWDIR%%/app/helpers/wiki_helper.rb
+%%WWWDIR%%/app/helpers/wiki_page_version_helper.rb
%%WWWDIR%%/app/helpers/workhorse_helper.rb
%%WWWDIR%%/app/helpers/x509_helper.rb
%%WWWDIR%%/app/mailers/abuse_report_mailer.rb
@@ -27387,6 +27388,7 @@
%%WWWDIR%%/spec/helpers/visibility_level_helper_spec.rb
%%WWWDIR%%/spec/helpers/whats_new_helper_spec.rb
%%WWWDIR%%/spec/helpers/wiki_helper_spec.rb
+%%WWWDIR%%/spec/helpers/wiki_page_version_helper_spec.rb
%%WWWDIR%%/spec/helpers/x509_helper_spec.rb
%%WWWDIR%%/spec/initializers/100_patch_omniauth_saml_spec.rb
%%WWWDIR%%/spec/initializers/6_validations_spec.rb
@@ -32879,6 +32881,8 @@
%%WWWDIR%%/workhorse/internal/staticpages/servefile.go
%%WWWDIR%%/workhorse/internal/staticpages/servefile_test.go
%%WWWDIR%%/workhorse/internal/staticpages/static.go
+%%WWWDIR%%/workhorse/internal/staticpages/testdata/file1
+%%WWWDIR%%/workhorse/internal/staticpages/testdata/uploads/file2
%%WWWDIR%%/workhorse/internal/testhelper/gitaly.go
%%WWWDIR%%/workhorse/internal/testhelper/testhelper.go
%%WWWDIR%%/workhorse/internal/upload/accelerate.go
@@ -32905,6 +32909,7 @@
%%WWWDIR%%/workhorse/internal/upstream/roundtripper/transport.go
%%WWWDIR%%/workhorse/internal/upstream/routes.go
%%WWWDIR%%/workhorse/internal/upstream/upstream.go
+%%WWWDIR%%/workhorse/internal/upstream/upstream_test.go
%%WWWDIR%%/workhorse/internal/urlprefix/urlprefix.go
%%WWWDIR%%/workhorse/internal/utils/svg/LICENSE
%%WWWDIR%%/workhorse/internal/utils/svg/README.md
Modified: head/www/gitlab-workhorse/Makefile
==============================================================================
--- head/www/gitlab-workhorse/Makefile Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-workhorse/Makefile Sat Mar 6 10:08:29 2021 (r567475)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME?= gitlab-workhorse
-PORTVERSION?= 8.63.0
+PORTVERSION?= 8.63.2
PORTREVISION?= 0
CATEGORIES= www
@@ -21,12 +21,12 @@ MAKE_ENV= GOFLAGS="${GO_BUILDFLAGS}"
USE_GITLAB= yes
GL_ACCOUNT?= gitlab-org
# Find the commit hash here: https://gitlab.com/gitlab-org/gitlab-workhorse/tags
-GL_COMMIT?= 290e36b39ca85d3be0d1b64504d8ebce424e09d3
+GL_COMMIT?= d6a98839b0a1c98eea332e203a1632f8302b21e9
# for go dependencies
USE_GITHUB= nodefault
# generated with: make gomod-vendor
-# 94dd
+# 93dd
GH_TUPLE= \
Azure:azure-pipeline-go:v0.2.3:azure_azure_pipeline_go/vendor/github.com/Azure/azure-pipeline-go \
Azure:azure-storage-blob-go:6df5d9af221d:azure_azure_storage_blob_go/vendor/github.com/Azure/azure-storage-blob-go \
@@ -120,7 +120,6 @@ GH_TUPLE= \
GL_TUPLE= gitlab-org:gitaly:3f5e218def93024f3aafe590c22cd1b29f744105:gitlab_org_gitaly/vendor/gitlab.com/gitlab-org/gitaly \
gitlab-org:labkit:f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811:gitlab_org_labkit/vendor/gitlab.com/gitlab-org/labkit
-
PLIST_FILES= bin/gitlab-resize-image \
bin/gitlab-workhorse \
Modified: head/www/gitlab-workhorse/distinfo
==============================================================================
--- head/www/gitlab-workhorse/distinfo Sat Mar 6 10:01:09 2021 (r567474)
+++ head/www/gitlab-workhorse/distinfo Sat Mar 6 10:08:29 2021 (r567475)
@@ -1,4 +1,4 @@
-TIMESTAMP = 1614013716
+TIMESTAMP = 1614980366
SHA256 (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 99bd58f4a07dd02d9615e3638b3bb6dbfad80ef678ccdb8e17e3fa2b0fef343e
SIZE (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 17102
SHA256 (Azure-azure-storage-blob-go-6df5d9af221d_GH0.tar.gz) = 31047920e4c507f913b9922ad920a2e9f6d48e6056bdc6869b6c257e3ab095a7
@@ -177,8 +177,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b
SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460
SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3
SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655
-SHA256 (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 96a32f2d0656ba92f46ca26bcfd1b06ffc319ac1fdb4387f5b7f6775f26b9287
-SIZE (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 2486883
+SHA256 (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 50d50a465475e2814676f71f8732e0906b47573f078ca3277b4ad4754de7f8a7
+SIZE (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 2487786
SHA256 (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 98d3cd87fb3feb8a14b5ac9e4a968e7a841cc3b309f997a2ba78aa8fd0b58c2d
SIZE (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 3143193
SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd
More information about the svn-ports-head
mailing list