From owner-svn-ports-all@freebsd.org Thu Sep 14 10:35:31 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CD17E0E40D; Thu, 14 Sep 2017 10:35:31 +0000 (UTC) (envelope-from tz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 385026E4DA; Thu, 14 Sep 2017 10:35:31 +0000 (UTC) (envelope-from tz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8EAZUsO051395; Thu, 14 Sep 2017 10:35:30 GMT (envelope-from tz@FreeBSD.org) Received: (from tz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8EAZUrl051392; Thu, 14 Sep 2017 10:35:30 GMT (envelope-from tz@FreeBSD.org) Message-Id: <201709141035.v8EAZUrl051392@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tz set sender to tz@FreeBSD.org using -f From: Torsten Zuehlsdorff Date: Thu, 14 Sep 2017 10:35:30 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r449828 - in head/www/gitlab: . files X-SVN-Group: ports-head X-SVN-Commit-Author: tz X-SVN-Commit-Paths: in head/www/gitlab: . files X-SVN-Commit-Revision: 449828 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 10:35:31 -0000 Author: tz Date: Thu Sep 14 10:35:29 2017 New Revision: 449828 URL: https://svnweb.freebsd.org/changeset/ports/449828 Log: www/gitlab: Update from 9.3.10 to 9.3.11 Changelog: https://github.com/gitlabhq/gitlabhq/blob/v9.3.11/CHANGELOG.md This fixes an XSS security issue. The mentioned security issues in the gems are already fixed by updates of them gems itself. Security: CVE-2017-5029 Security: CVE-2016-4738 Security: https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html Modified: head/www/gitlab/Makefile head/www/gitlab/distinfo head/www/gitlab/files/patch-Gemfile Modified: head/www/gitlab/Makefile ============================================================================== --- head/www/gitlab/Makefile Thu Sep 14 10:12:20 2017 (r449827) +++ head/www/gitlab/Makefile Thu Sep 14 10:35:29 2017 (r449828) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= gitlab -PORTVERSION= 9.3.10 +PORTVERSION= 9.3.11 DISTVERSIONPREFIX= v CATEGORIES= www devel @@ -43,7 +43,7 @@ RUN_DEPENDS= git>=2.14.1:devel/git \ rubygem-omniauth>=1.4.2:security/rubygem-omniauth \ rubygem-omniauth-auth0>=1.4.1:net/rubygem-omniauth-auth0 \ rubygem-omniauth-azure-oauth2>=0.0.6:net/rubygem-omniauth-azure-oauth2 \ - rubygem-omniauth-cas3>=1.1.2:security/rubygem-omniauth-cas3 \ + rubygem-omniauth-cas3>=1.1.4:security/rubygem-omniauth-cas3 \ rubygem-omniauth-facebook>=4.0.0:net/rubygem-omniauth-facebook \ rubygem-omniauth-github11>=1.1.1:net/rubygem-omniauth-github11 \ rubygem-omniauth-gitlab>=1.0.2:security/rubygem-omniauth-gitlab \ @@ -98,8 +98,8 @@ RUN_DEPENDS= git>=2.14.1:devel/git \ rubygem-asciidoctor>=1.5.2:textproc/rubygem-asciidoctor \ rubygem-asciidoctor-plantuml>=0.0.7:textproc/rubygem-asciidoctor-plantuml \ rubygem-rouge>=2.0:textproc/rubygem-rouge \ - rubygem-truncato>=0.7.8:textproc/rubygem-truncato \ - rubygem-nokogiri>=1.6.7.2:textproc/rubygem-nokogiri \ + rubygem-truncato>=0.7.9:textproc/rubygem-truncato \ + rubygem-nokogiri>=1.8.0:textproc/rubygem-nokogiri \ rubygem-diffy>=3.1.0:textproc/rubygem-diffy \ rubygem-unicorn>=5.1.0:www/rubygem-unicorn \ rubygem-unicorn-worker-killer>=0.4.4:www/rubygem-unicorn-worker-killer \ @@ -148,7 +148,7 @@ RUN_DEPENDS= git>=2.14.1:devel/git \ rubygem-addressable>=2.3.8:www/rubygem-addressable \ rubygem-bootstrap-sass>=3.3.0:www/rubygem-bootstrap-sass \ rubygem-font-awesome-rails-rails4>=4.7:devel/rubygem-font-awesome-rails-rails4 \ - rubygem-gemojione>=3:graphics/rubygem-gemojione \ + rubygem-gemojione>=3.3:graphics/rubygem-gemojione \ rubygem-gon>=6.1.0:www/rubygem-gon \ rubygem-jquery-atwho-rails>=1.3.2:www/rubygem-jquery-atwho-rails \ rubygem-jquery-rails>=4.1.0:www/rubygem-jquery-rails \ Modified: head/www/gitlab/distinfo ============================================================================== --- head/www/gitlab/distinfo Thu Sep 14 10:12:20 2017 (r449827) +++ head/www/gitlab/distinfo Thu Sep 14 10:35:29 2017 (r449828) @@ -1,3 +1,3 @@ -TIMESTAMP = 1502787428 -SHA256 (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 28d12ef9bdba2359f17b38b9c058b049b13f8a66173ad005ec08480be8cbebe3 -SIZE (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 31758906 +TIMESTAMP = 1505384599 +SHA256 (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 3a3f0ec77f209e8f3296d55e960388b08cb69c762668c40aea92f6f6511e0677 +SIZE (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 31763943 Modified: head/www/gitlab/files/patch-Gemfile ============================================================================== --- head/www/gitlab/files/patch-Gemfile Thu Sep 14 10:12:20 2017 (r449827) +++ head/www/gitlab/files/patch-Gemfile Thu Sep 14 10:35:29 2017 (r449828) @@ -1,10 +1,10 @@ ---- Gemfile.orig 2017-08-09 13:53:30 UTC +--- Gemfile.orig 2017-09-06 21:34:31 UTC +++ Gemfile @@ -1,48 +1,43 @@ source 'https://rubygems.org' -gem 'rails', '4.2.8' -+gem 'rails', '>=4.2.8' ++gem 'rails', '>= 4.2.8' gem 'rails-deprecated_sanitizer', '~> 1.0.3' # Responders respond_to and respond_with @@ -33,7 +33,7 @@ +gem 'omniauth', '>= 1.4.2' gem 'omniauth-auth0', '~> 1.4.1' gem 'omniauth-azure-oauth2', '~> 0.0.6' - gem 'omniauth-cas3', '~> 1.1.2' + gem 'omniauth-cas3', '~> 1.1.4' gem 'omniauth-facebook', '~> 4.0.0' gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-gitlab', '~> 1.0.2' @@ -96,7 +96,7 @@ # for aws storage gem 'unf', '~> 0.1.4' -@@ -110,34 +105,34 @@ gem 'seed-fu', '~> 2.3.5' +@@ -110,31 +105,31 @@ gem 'seed-fu', '~> 2.3.5' # Markdown and HTML processing gem 'html-pipeline', '~> 1.11.0' @@ -115,13 +115,9 @@ -gem 'asciidoctor-plantuml', '0.0.7' +gem 'asciidoctor-plantuml', '>= 0.0.7' gem 'rouge', '~> 2.0' - gem 'truncato', '~> 0.7.8' + gem 'truncato', '~> 0.7.9' + gem 'nokogiri', '~> 1.8.0' - # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s - # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM --gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2' -+gem 'nokogiri', '>= 1.6.7.2' - # Diffs -gem 'diffy', '~> 3.1.0' +gem 'diffy', '>= 3.1.0' @@ -139,7 +135,7 @@ # Run events after state machine commits gem 'after_commit_queue', '~> 1.3.0' -@@ -154,10 +149,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4' +@@ -151,10 +146,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4' gem 'rufus-scheduler', '~> 3.4' # HTTP requests @@ -152,7 +148,7 @@ # GitLab settings gem 'settingslogic', '~> 2.0.9' -@@ -167,7 +162,7 @@ gem 're2', '~> 1.0.0' +@@ -164,7 +159,7 @@ gem 're2', '~> 1.0.0' # Misc @@ -161,7 +157,7 @@ # Cache gem 'redis-rails', '~> 5.0.1' -@@ -177,10 +172,10 @@ gem 'redis', '~> 3.2' +@@ -174,10 +169,10 @@ gem 'redis', '~> 3.2' gem 'connection_pool', '~> 2.0' # HipChat integration @@ -174,7 +170,7 @@ # Flowdock integration gem 'gitlab-flowdock-git-hook', '~> 1.0.1' -@@ -198,7 +193,7 @@ gem 'asana', '~> 0.6.0' +@@ -195,7 +190,7 @@ gem 'asana', '~> 0.6.0' gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration @@ -183,7 +179,7 @@ # d3 gem 'd3_rails', '~> 3.5.0' -@@ -207,7 +202,7 @@ gem 'd3_rails', '~> 3.5.0' +@@ -204,7 +199,7 @@ gem 'd3_rails', '~> 3.5.0' gem 'underscore-rails', '~> 1.8.0' # Sanitize user input @@ -192,7 +188,7 @@ gem 'babosa', '~> 1.0.2' # Sanitizes SVG input -@@ -217,7 +212,7 @@ gem 'loofah', '~> 2.0.3' +@@ -214,7 +209,7 @@ gem 'loofah', '~> 2.0.3' gem 'licensee', '~> 8.7.0' # Protect against bruteforcing @@ -201,7 +197,7 @@ # Ace editor gem 'ace-rails-ap', '~> 4.1.0' -@@ -236,143 +231,63 @@ gem 'chronic', '~> 0.10.2' +@@ -233,143 +228,62 @@ gem 'chronic', '~> 0.10.2' gem 'chronic_duration', '~> 0.10.6' gem 'webpack-rails', '~> 0.9.10' @@ -217,7 +213,7 @@ +gem 'addressable', '>= 2.3.8' gem 'bootstrap-sass', '~> 3.3.0' gem 'font-awesome-rails', '~> 4.7' - gem 'gemojione', '~> 3.0' + gem 'gemojione', '~> 3.3' gem 'gon', '~> 6.1.0' gem 'jquery-atwho-rails', '~> 1.3.2' -gem 'jquery-rails', '~> 4.1.0' @@ -339,7 +335,7 @@ - gem 'timecop', '~> 0.8.0' - gem 'concurrent-ruby', '~> 1.0.5' -end - +- -gem 'octokit', '~> 4.6.2' +gem 'octokit', '>= 4.6.2' @@ -357,7 +353,7 @@ # Soft deletion gem 'paranoia', '~> 2.2' -@@ -387,8 +302,10 @@ gem 'sys-filesystem', '~> 1.1.6' +@@ -384,8 +298,10 @@ gem 'sys-filesystem', '~> 1.1.6' # Gitaly GRPC client gem 'gitaly', '~> 0.8.0'