Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Sep 2017 10:35:30 +0000 (UTC)
From:      Torsten Zuehlsdorff <tz@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r449828 - in head/www/gitlab: . files
Message-ID:  <201709141035.v8EAZUrl051392@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tz
Date: Thu Sep 14 10:35:29 2017
New Revision: 449828
URL: https://svnweb.freebsd.org/changeset/ports/449828

Log:
  www/gitlab: Update from 9.3.10 to 9.3.11
  
  Changelog: https://github.com/gitlabhq/gitlabhq/blob/v9.3.11/CHANGELOG.md
  
  This fixes an XSS security issue. The mentioned security issues in
  the gems are already fixed by updates of them gems itself.
  
  Security: CVE-2017-5029
  Security: CVE-2016-4738
  Security: https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html

Modified:
  head/www/gitlab/Makefile
  head/www/gitlab/distinfo
  head/www/gitlab/files/patch-Gemfile

Modified: head/www/gitlab/Makefile
==============================================================================
--- head/www/gitlab/Makefile	Thu Sep 14 10:12:20 2017	(r449827)
+++ head/www/gitlab/Makefile	Thu Sep 14 10:35:29 2017	(r449828)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	gitlab
-PORTVERSION=	9.3.10
+PORTVERSION=	9.3.11
 DISTVERSIONPREFIX=	v
 CATEGORIES=	www devel
 
@@ -43,7 +43,7 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-omniauth>=1.4.2:security/rubygem-omniauth \
 	rubygem-omniauth-auth0>=1.4.1:net/rubygem-omniauth-auth0 \
 	rubygem-omniauth-azure-oauth2>=0.0.6:net/rubygem-omniauth-azure-oauth2 \
-	rubygem-omniauth-cas3>=1.1.2:security/rubygem-omniauth-cas3 \
+	rubygem-omniauth-cas3>=1.1.4:security/rubygem-omniauth-cas3 \
 	rubygem-omniauth-facebook>=4.0.0:net/rubygem-omniauth-facebook \
 	rubygem-omniauth-github11>=1.1.1:net/rubygem-omniauth-github11 \
 	rubygem-omniauth-gitlab>=1.0.2:security/rubygem-omniauth-gitlab \
@@ -98,8 +98,8 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-asciidoctor>=1.5.2:textproc/rubygem-asciidoctor \
 	rubygem-asciidoctor-plantuml>=0.0.7:textproc/rubygem-asciidoctor-plantuml \
 	rubygem-rouge>=2.0:textproc/rubygem-rouge \
-	rubygem-truncato>=0.7.8:textproc/rubygem-truncato \
-	rubygem-nokogiri>=1.6.7.2:textproc/rubygem-nokogiri  \
+	rubygem-truncato>=0.7.9:textproc/rubygem-truncato \
+	rubygem-nokogiri>=1.8.0:textproc/rubygem-nokogiri  \
 	rubygem-diffy>=3.1.0:textproc/rubygem-diffy \
 	rubygem-unicorn>=5.1.0:www/rubygem-unicorn \
 	rubygem-unicorn-worker-killer>=0.4.4:www/rubygem-unicorn-worker-killer \
@@ -148,7 +148,7 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-addressable>=2.3.8:www/rubygem-addressable \
 	rubygem-bootstrap-sass>=3.3.0:www/rubygem-bootstrap-sass \
 	rubygem-font-awesome-rails-rails4>=4.7:devel/rubygem-font-awesome-rails-rails4 \
-	rubygem-gemojione>=3:graphics/rubygem-gemojione \
+	rubygem-gemojione>=3.3:graphics/rubygem-gemojione \
 	rubygem-gon>=6.1.0:www/rubygem-gon \
 	rubygem-jquery-atwho-rails>=1.3.2:www/rubygem-jquery-atwho-rails \
 	rubygem-jquery-rails>=4.1.0:www/rubygem-jquery-rails \

Modified: head/www/gitlab/distinfo
==============================================================================
--- head/www/gitlab/distinfo	Thu Sep 14 10:12:20 2017	(r449827)
+++ head/www/gitlab/distinfo	Thu Sep 14 10:35:29 2017	(r449828)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1502787428
-SHA256 (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 28d12ef9bdba2359f17b38b9c058b049b13f8a66173ad005ec08480be8cbebe3
-SIZE (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 31758906
+TIMESTAMP = 1505384599
+SHA256 (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 3a3f0ec77f209e8f3296d55e960388b08cb69c762668c40aea92f6f6511e0677
+SIZE (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 31763943

Modified: head/www/gitlab/files/patch-Gemfile
==============================================================================
--- head/www/gitlab/files/patch-Gemfile	Thu Sep 14 10:12:20 2017	(r449827)
+++ head/www/gitlab/files/patch-Gemfile	Thu Sep 14 10:35:29 2017	(r449828)
@@ -1,10 +1,10 @@
---- Gemfile.orig	2017-08-09 13:53:30 UTC
+--- Gemfile.orig	2017-09-06 21:34:31 UTC
 +++ Gemfile
 @@ -1,48 +1,43 @@
  source 'https://rubygems.org'
  
 -gem 'rails', '4.2.8'
-+gem 'rails', '>=4.2.8'
++gem 'rails', '>= 4.2.8'
  gem 'rails-deprecated_sanitizer', '~> 1.0.3'
  
  # Responders respond_to and respond_with
@@ -33,7 +33,7 @@
 +gem 'omniauth', '>= 1.4.2'
  gem 'omniauth-auth0', '~> 1.4.1'
  gem 'omniauth-azure-oauth2', '~> 0.0.6'
- gem 'omniauth-cas3', '~> 1.1.2'
+ gem 'omniauth-cas3', '~> 1.1.4'
  gem 'omniauth-facebook', '~> 4.0.0'
  gem 'omniauth-github', '~> 1.1.1'
  gem 'omniauth-gitlab', '~> 1.0.2'
@@ -96,7 +96,7 @@
  
  # for aws storage
  gem 'unf', '~> 0.1.4'
-@@ -110,34 +105,34 @@ gem 'seed-fu', '~> 2.3.5'
+@@ -110,31 +105,31 @@ gem 'seed-fu', '~> 2.3.5'
  
  # Markdown and HTML processing
  gem 'html-pipeline', '~> 1.11.0'
@@ -115,13 +115,9 @@
 -gem 'asciidoctor-plantuml', '0.0.7'
 +gem 'asciidoctor-plantuml', '>= 0.0.7'
  gem 'rouge', '~> 2.0'
- gem 'truncato', '~> 0.7.8'
+ gem 'truncato', '~> 0.7.9'
+ gem 'nokogiri', '~> 1.8.0'
  
- # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
- # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
--gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
-+gem 'nokogiri', '>= 1.6.7.2'
- 
  # Diffs
 -gem 'diffy', '~> 3.1.0'
 +gem 'diffy', '>= 3.1.0'
@@ -139,7 +135,7 @@
  # Run events after state machine commits
  gem 'after_commit_queue', '~> 1.3.0'
  
-@@ -154,10 +149,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
+@@ -151,10 +146,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
  gem 'rufus-scheduler', '~> 3.4'
  
  # HTTP requests
@@ -152,7 +148,7 @@
  
  # GitLab settings
  gem 'settingslogic', '~> 2.0.9'
-@@ -167,7 +162,7 @@ gem 're2', '~> 1.0.0'
+@@ -164,7 +159,7 @@ gem 're2', '~> 1.0.0'
  
  # Misc
  
@@ -161,7 +157,7 @@
  
  # Cache
  gem 'redis-rails', '~> 5.0.1'
-@@ -177,10 +172,10 @@ gem 'redis', '~> 3.2'
+@@ -174,10 +169,10 @@ gem 'redis', '~> 3.2'
  gem 'connection_pool', '~> 2.0'
  
  # HipChat integration
@@ -174,7 +170,7 @@
  
  # Flowdock integration
  gem 'gitlab-flowdock-git-hook', '~> 1.0.1'
-@@ -198,7 +193,7 @@ gem 'asana', '~> 0.6.0'
+@@ -195,7 +190,7 @@ gem 'asana', '~> 0.6.0'
  gem 'ruby-fogbugz', '~> 0.2.1'
  
  # Kubernetes integration
@@ -183,7 +179,7 @@
  
  # d3
  gem 'd3_rails', '~> 3.5.0'
-@@ -207,7 +202,7 @@ gem 'd3_rails', '~> 3.5.0'
+@@ -204,7 +199,7 @@ gem 'd3_rails', '~> 3.5.0'
  gem 'underscore-rails', '~> 1.8.0'
  
  # Sanitize user input
@@ -192,7 +188,7 @@
  gem 'babosa', '~> 1.0.2'
  
  # Sanitizes SVG input
-@@ -217,7 +212,7 @@ gem 'loofah', '~> 2.0.3'
+@@ -214,7 +209,7 @@ gem 'loofah', '~> 2.0.3'
  gem 'licensee', '~> 8.7.0'
  
  # Protect against bruteforcing
@@ -201,7 +197,7 @@
  
  # Ace editor
  gem 'ace-rails-ap', '~> 4.1.0'
-@@ -236,143 +231,63 @@ gem 'chronic', '~> 0.10.2'
+@@ -233,143 +228,62 @@ gem 'chronic', '~> 0.10.2'
  gem 'chronic_duration', '~> 0.10.6'
  
  gem 'webpack-rails', '~> 0.9.10'
@@ -217,7 +213,7 @@
 +gem 'addressable', '>= 2.3.8'
  gem 'bootstrap-sass', '~> 3.3.0'
  gem 'font-awesome-rails', '~> 4.7'
- gem 'gemojione', '~> 3.0'
+ gem 'gemojione', '~> 3.3'
  gem 'gon', '~> 6.1.0'
  gem 'jquery-atwho-rails', '~> 1.3.2'
 -gem 'jquery-rails', '~> 4.1.0'
@@ -339,7 +335,7 @@
 -  gem 'timecop', '~> 0.8.0'
 -  gem 'concurrent-ruby', '~> 1.0.5'
 -end
- 
+-
 -gem 'octokit', '~> 4.6.2'
 +gem 'octokit', '>= 4.6.2'
  
@@ -357,7 +353,7 @@
  
  # Soft deletion
  gem 'paranoia', '~> 2.2'
-@@ -387,8 +302,10 @@ gem 'sys-filesystem', '~> 1.1.6'
+@@ -384,8 +298,10 @@ gem 'sys-filesystem', '~> 1.1.6'
  # Gitaly GRPC client
  gem 'gitaly', '~> 0.8.0'
  



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709141035.v8EAZUrl051392>