svn commit: r485174 - head/devel/rubygem-warden
Po-Chuan Hsieh
sunpoet at freebsd.org
Thu Nov 22 20:31:29 UTC 2018
On Thu, Nov 22, 2018 at 4:25 PM Matthias Fechner <idefix at fechner.net> wrote:
> Am 18.11.2018 um 10:53 schrieb Matthias Fechner:
>
> Am 17.11.2018 um 18:34 schrieb Sunpoet Po-Chuan Hsieh:
>
> -PORTVERSION= 1.2.7
> +PORTVERSION= 1.2.8
> CATEGORIES= devel rubygems
> MASTER_SITES= RG
>
> @@ -12,10 +12,11 @@ COMMENT= Rack middleware that provides authentication
> LICENSE= MIT
> LICENSE_FILE= ${WRKSRC}/LICENSE
>
> -RUN_DEPENDS= rubygem-rack>=1.0:www/rubygem-rack
> +RUN_DEPENDS= rubygem-rack>=2.0.6:www/rubygem-rack
>
> could someone please help to understand why this upgrade has broken
> www/gitlab-ce?
> I do not really understand it, but I do not want to downgrade this port,
> as there a CVE is related to:https://github.com/wardencommunity/warden/releases/tag/v1.2.8
>
> I see the following error:https://pkg.fechner.net/data/112amd64-gitlab/2018-11-18_10h44m24s/logs/errors/gitlab-ce-11.4.5.log
>
> If I downgrade rubygem-warden again to 1.2.7 it solves the problem.
>
> as I do not get any feedback, what must I do, that this commit get
> reverted till the problem is solved?
>
> Or I'm allowed to revert this commit by myself?
>
Hi,
FYI, there are 2 workarounds.
1. Patch rubygem-warden to allow rack>=1.6 instead of rack>=2.0.6
Try the patch at
https://people.FreeBSD.org/~sunpoet/patch/devel-rubygem-warden.txt
It works for me (tested in poudriere).
Please do a runtime test.
2. Use rubygem-warden127 to avoid PORTEPOCH
- Add temporary rubygem-warden127 port
- Change devel/rubygem-devise and security/rubygem-devise-two-factor
from devel/rubygem-warden to devel/rubygem-warden127
Regards,
sunpoet
> Gruß
> Matthias
>
> --
>
> "Programming today is a race between software engineers striving to
> build bigger and better idiot-proof programs, and the universe trying to
> produce bigger and better idiots. So far, the universe is winning." --
> Rich Cook
>
>
More information about the svn-ports-all
mailing list