svn commit: r449828 - in head/www/gitlab: . files
Torsten Zuehlsdorff
tz at FreeBSD.org
Thu Sep 14 10:35:31 UTC 2017
Author: tz
Date: Thu Sep 14 10:35:29 2017
New Revision: 449828
URL: https://svnweb.freebsd.org/changeset/ports/449828
Log:
www/gitlab: Update from 9.3.10 to 9.3.11
Changelog: https://github.com/gitlabhq/gitlabhq/blob/v9.3.11/CHANGELOG.md
This fixes an XSS security issue. The mentioned security issues in
the gems are already fixed by updates of them gems itself.
Security: CVE-2017-5029
Security: CVE-2016-4738
Security: https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html
Modified:
head/www/gitlab/Makefile
head/www/gitlab/distinfo
head/www/gitlab/files/patch-Gemfile
Modified: head/www/gitlab/Makefile
==============================================================================
--- head/www/gitlab/Makefile Thu Sep 14 10:12:20 2017 (r449827)
+++ head/www/gitlab/Makefile Thu Sep 14 10:35:29 2017 (r449828)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= gitlab
-PORTVERSION= 9.3.10
+PORTVERSION= 9.3.11
DISTVERSIONPREFIX= v
CATEGORIES= www devel
@@ -43,7 +43,7 @@ RUN_DEPENDS= git>=2.14.1:devel/git \
rubygem-omniauth>=1.4.2:security/rubygem-omniauth \
rubygem-omniauth-auth0>=1.4.1:net/rubygem-omniauth-auth0 \
rubygem-omniauth-azure-oauth2>=0.0.6:net/rubygem-omniauth-azure-oauth2 \
- rubygem-omniauth-cas3>=1.1.2:security/rubygem-omniauth-cas3 \
+ rubygem-omniauth-cas3>=1.1.4:security/rubygem-omniauth-cas3 \
rubygem-omniauth-facebook>=4.0.0:net/rubygem-omniauth-facebook \
rubygem-omniauth-github11>=1.1.1:net/rubygem-omniauth-github11 \
rubygem-omniauth-gitlab>=1.0.2:security/rubygem-omniauth-gitlab \
@@ -98,8 +98,8 @@ RUN_DEPENDS= git>=2.14.1:devel/git \
rubygem-asciidoctor>=1.5.2:textproc/rubygem-asciidoctor \
rubygem-asciidoctor-plantuml>=0.0.7:textproc/rubygem-asciidoctor-plantuml \
rubygem-rouge>=2.0:textproc/rubygem-rouge \
- rubygem-truncato>=0.7.8:textproc/rubygem-truncato \
- rubygem-nokogiri>=1.6.7.2:textproc/rubygem-nokogiri \
+ rubygem-truncato>=0.7.9:textproc/rubygem-truncato \
+ rubygem-nokogiri>=1.8.0:textproc/rubygem-nokogiri \
rubygem-diffy>=3.1.0:textproc/rubygem-diffy \
rubygem-unicorn>=5.1.0:www/rubygem-unicorn \
rubygem-unicorn-worker-killer>=0.4.4:www/rubygem-unicorn-worker-killer \
@@ -148,7 +148,7 @@ RUN_DEPENDS= git>=2.14.1:devel/git \
rubygem-addressable>=2.3.8:www/rubygem-addressable \
rubygem-bootstrap-sass>=3.3.0:www/rubygem-bootstrap-sass \
rubygem-font-awesome-rails-rails4>=4.7:devel/rubygem-font-awesome-rails-rails4 \
- rubygem-gemojione>=3:graphics/rubygem-gemojione \
+ rubygem-gemojione>=3.3:graphics/rubygem-gemojione \
rubygem-gon>=6.1.0:www/rubygem-gon \
rubygem-jquery-atwho-rails>=1.3.2:www/rubygem-jquery-atwho-rails \
rubygem-jquery-rails>=4.1.0:www/rubygem-jquery-rails \
Modified: head/www/gitlab/distinfo
==============================================================================
--- head/www/gitlab/distinfo Thu Sep 14 10:12:20 2017 (r449827)
+++ head/www/gitlab/distinfo Thu Sep 14 10:35:29 2017 (r449828)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1502787428
-SHA256 (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 28d12ef9bdba2359f17b38b9c058b049b13f8a66173ad005ec08480be8cbebe3
-SIZE (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 31758906
+TIMESTAMP = 1505384599
+SHA256 (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 3a3f0ec77f209e8f3296d55e960388b08cb69c762668c40aea92f6f6511e0677
+SIZE (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 31763943
Modified: head/www/gitlab/files/patch-Gemfile
==============================================================================
--- head/www/gitlab/files/patch-Gemfile Thu Sep 14 10:12:20 2017 (r449827)
+++ head/www/gitlab/files/patch-Gemfile Thu Sep 14 10:35:29 2017 (r449828)
@@ -1,10 +1,10 @@
---- Gemfile.orig 2017-08-09 13:53:30 UTC
+--- Gemfile.orig 2017-09-06 21:34:31 UTC
+++ Gemfile
@@ -1,48 +1,43 @@
source 'https://rubygems.org'
-gem 'rails', '4.2.8'
-+gem 'rails', '>=4.2.8'
++gem 'rails', '>= 4.2.8'
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Responders respond_to and respond_with
@@ -33,7 +33,7 @@
+gem 'omniauth', '>= 1.4.2'
gem 'omniauth-auth0', '~> 1.4.1'
gem 'omniauth-azure-oauth2', '~> 0.0.6'
- gem 'omniauth-cas3', '~> 1.1.2'
+ gem 'omniauth-cas3', '~> 1.1.4'
gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-github', '~> 1.1.1'
gem 'omniauth-gitlab', '~> 1.0.2'
@@ -96,7 +96,7 @@
# for aws storage
gem 'unf', '~> 0.1.4'
-@@ -110,34 +105,34 @@ gem 'seed-fu', '~> 2.3.5'
+@@ -110,31 +105,31 @@ gem 'seed-fu', '~> 2.3.5'
# Markdown and HTML processing
gem 'html-pipeline', '~> 1.11.0'
@@ -115,13 +115,9 @@
-gem 'asciidoctor-plantuml', '0.0.7'
+gem 'asciidoctor-plantuml', '>= 0.0.7'
gem 'rouge', '~> 2.0'
- gem 'truncato', '~> 0.7.8'
+ gem 'truncato', '~> 0.7.9'
+ gem 'nokogiri', '~> 1.8.0'
- # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
- # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
--gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
-+gem 'nokogiri', '>= 1.6.7.2'
-
# Diffs
-gem 'diffy', '~> 3.1.0'
+gem 'diffy', '>= 3.1.0'
@@ -139,7 +135,7 @@
# Run events after state machine commits
gem 'after_commit_queue', '~> 1.3.0'
-@@ -154,10 +149,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
+@@ -151,10 +146,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
gem 'rufus-scheduler', '~> 3.4'
# HTTP requests
@@ -152,7 +148,7 @@
# GitLab settings
gem 'settingslogic', '~> 2.0.9'
-@@ -167,7 +162,7 @@ gem 're2', '~> 1.0.0'
+@@ -164,7 +159,7 @@ gem 're2', '~> 1.0.0'
# Misc
@@ -161,7 +157,7 @@
# Cache
gem 'redis-rails', '~> 5.0.1'
-@@ -177,10 +172,10 @@ gem 'redis', '~> 3.2'
+@@ -174,10 +169,10 @@ gem 'redis', '~> 3.2'
gem 'connection_pool', '~> 2.0'
# HipChat integration
@@ -174,7 +170,7 @@
# Flowdock integration
gem 'gitlab-flowdock-git-hook', '~> 1.0.1'
-@@ -198,7 +193,7 @@ gem 'asana', '~> 0.6.0'
+@@ -195,7 +190,7 @@ gem 'asana', '~> 0.6.0'
gem 'ruby-fogbugz', '~> 0.2.1'
# Kubernetes integration
@@ -183,7 +179,7 @@
# d3
gem 'd3_rails', '~> 3.5.0'
-@@ -207,7 +202,7 @@ gem 'd3_rails', '~> 3.5.0'
+@@ -204,7 +199,7 @@ gem 'd3_rails', '~> 3.5.0'
gem 'underscore-rails', '~> 1.8.0'
# Sanitize user input
@@ -192,7 +188,7 @@
gem 'babosa', '~> 1.0.2'
# Sanitizes SVG input
-@@ -217,7 +212,7 @@ gem 'loofah', '~> 2.0.3'
+@@ -214,7 +209,7 @@ gem 'loofah', '~> 2.0.3'
gem 'licensee', '~> 8.7.0'
# Protect against bruteforcing
@@ -201,7 +197,7 @@
# Ace editor
gem 'ace-rails-ap', '~> 4.1.0'
-@@ -236,143 +231,63 @@ gem 'chronic', '~> 0.10.2'
+@@ -233,143 +228,62 @@ gem 'chronic', '~> 0.10.2'
gem 'chronic_duration', '~> 0.10.6'
gem 'webpack-rails', '~> 0.9.10'
@@ -217,7 +213,7 @@
+gem 'addressable', '>= 2.3.8'
gem 'bootstrap-sass', '~> 3.3.0'
gem 'font-awesome-rails', '~> 4.7'
- gem 'gemojione', '~> 3.0'
+ gem 'gemojione', '~> 3.3'
gem 'gon', '~> 6.1.0'
gem 'jquery-atwho-rails', '~> 1.3.2'
-gem 'jquery-rails', '~> 4.1.0'
@@ -339,7 +335,7 @@
- gem 'timecop', '~> 0.8.0'
- gem 'concurrent-ruby', '~> 1.0.5'
-end
-
+-
-gem 'octokit', '~> 4.6.2'
+gem 'octokit', '>= 4.6.2'
@@ -357,7 +353,7 @@
# Soft deletion
gem 'paranoia', '~> 2.2'
-@@ -387,8 +302,10 @@ gem 'sys-filesystem', '~> 1.1.6'
+@@ -384,8 +298,10 @@ gem 'sys-filesystem', '~> 1.1.6'
# Gitaly GRPC client
gem 'gitaly', '~> 0.8.0'
More information about the svn-ports-all
mailing list