Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Nov 2018 04:30:51 +0800
From:      Po-Chuan Hsieh <sunpoet@freebsd.org>
To:        Matthias Fechner <idefix@fechner.net>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org,  svn-ports-head@freebsd.org
Subject:   Re: svn commit: r485174 - head/devel/rubygem-warden
Message-ID:  <CAMHz58R-jddCOsmBrOck4a_LbrGHvN7dOE33V1UFtxbWn6GBqQ@mail.gmail.com>
In-Reply-To: <24d170e0-1174-5a43-66a7-2821f19b54fc@fechner.net>
References:  <201811171734.wAHHYZSG071135@repo.freebsd.org> <b2ea11d9-18b9-30a6-b0c3-10944dd8afee@fechner.net> <24d170e0-1174-5a43-66a7-2821f19b54fc@fechner.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Nov 22, 2018 at 4:25 PM Matthias Fechner <idefix@fechner.net> wrote=
:

> Am 18.11.2018 um 10:53 schrieb Matthias Fechner:
>
> Am 17.11.2018 um 18:34 schrieb Sunpoet Po-Chuan Hsieh:
>
> -PORTVERSION=3D	1.2.7
> +PORTVERSION=3D	1.2.8
>  CATEGORIES=3D	devel rubygems
>  MASTER_SITES=3D	RG
>
> @@ -12,10 +12,11 @@ COMMENT=3D	Rack middleware that provides authenticati=
on
>  LICENSE=3D	MIT
>  LICENSE_FILE=3D	${WRKSRC}/LICENSE
>
> -RUN_DEPENDS=3D	rubygem-rack>=3D1.0:www/rubygem-rack
> +RUN_DEPENDS=3D	rubygem-rack>=3D2.0.6:www/rubygem-rack
>
> could someone please help to understand why this upgrade has broken
> www/gitlab-ce?
> I do not really understand it, but I do not want to downgrade this port,
> as there a CVE is related to:https://github.com/wardencommunity/warden/re=
leases/tag/v1.2.8
>
> I see the following error:https://pkg.fechner.net/data/112amd64-gitlab/20=
18-11-18_10h44m24s/logs/errors/gitlab-ce-11.4.5.log
>
> If I downgrade rubygem-warden again to 1.2.7 it solves the problem.
>
> as I do not get any feedback, what must I do, that this commit get
> reverted till the problem is solved?
>
> Or I'm allowed to revert this commit by myself?
>

Hi,

FYI, there are 2 workarounds.

1. Patch rubygem-warden to allow rack>=3D1.6 instead of rack>=3D2.0.6
Try the patch at
https://people.FreeBSD.org/~sunpoet/patch/devel-rubygem-warden.txt
It works for me (tested in poudriere).
Please do a runtime test.

2. Use rubygem-warden127 to avoid PORTEPOCH
- Add temporary rubygem-warden127 port
- Change devel/rubygem-devise and security/rubygem-devise-two-factor
from devel/rubygem-warden to devel/rubygem-warden127

Regards,
sunpoet

> Gru=C3=9F
> Matthias
>
> --
>
> "Programming today is a race between software engineers striving to
> build bigger and better idiot-proof programs, and the universe trying to
> produce bigger and better idiots. So far, the universe is winning." --
> Rich Cook
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58R-jddCOsmBrOck4a_LbrGHvN7dOE33V1UFtxbWn6GBqQ>