From owner-svn-ports-all@freebsd.org Thu Nov 22 20:31:29 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54C071106B54 for ; Thu, 22 Nov 2018 20:31:29 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E918A85B5C for ; Thu, 22 Nov 2018 20:31:28 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from mail-it1-f169.google.com (mail-it1-f169.google.com [209.85.166.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) (Authenticated sender: sunpoet) by smtp.freebsd.org (Postfix) with ESMTPSA id B0981EB58 for ; Thu, 22 Nov 2018 20:31:28 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: by mail-it1-f169.google.com with SMTP id v11so15389353itj.0 for ; Thu, 22 Nov 2018 12:31:28 -0800 (PST) X-Gm-Message-State: AGRZ1gIbuprZQ11hu/UhHdQbgx8F81qWL+qE83MN6Hwx2NKz3E2qyiSa 0DHH+R4bDS2z4Zo9aKOGb5rcn0I5SFCoHjPKe5ioTQ== X-Google-Smtp-Source: AJdET5dwPdpjy/JYZK0nSKT23npSz0Mzt5PIZh5smmsyA3arFxGuHilMqefZ3aCBIogJCrBKogHNnNkiqg6dZjK1xb4= X-Received: by 2002:a02:94d:: with SMTP id f74-v6mr11049099jad.85.1542918688142; Thu, 22 Nov 2018 12:31:28 -0800 (PST) MIME-Version: 1.0 References: <201811171734.wAHHYZSG071135@repo.freebsd.org> <24d170e0-1174-5a43-66a7-2821f19b54fc@fechner.net> In-Reply-To: <24d170e0-1174-5a43-66a7-2821f19b54fc@fechner.net> From: Po-Chuan Hsieh Date: Fri, 23 Nov 2018 04:30:51 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r485174 - head/devel/rubygem-warden To: Matthias Fechner Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-Rspamd-Queue-Id: E918A85B5C X-Spamd-Result: default: False [0.71 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_SPAM_LONG(0.11)[0.111,0]; NEURAL_SPAM_MEDIUM(0.58)[0.580,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_SPAM_SHORT(0.02)[0.023,0] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 20:31:29 -0000 On Thu, Nov 22, 2018 at 4:25 PM Matthias Fechner wrote= : > Am 18.11.2018 um 10:53 schrieb Matthias Fechner: > > Am 17.11.2018 um 18:34 schrieb Sunpoet Po-Chuan Hsieh: > > -PORTVERSION=3D 1.2.7 > +PORTVERSION=3D 1.2.8 > CATEGORIES=3D devel rubygems > MASTER_SITES=3D RG > > @@ -12,10 +12,11 @@ COMMENT=3D Rack middleware that provides authenticati= on > LICENSE=3D MIT > LICENSE_FILE=3D ${WRKSRC}/LICENSE > > -RUN_DEPENDS=3D rubygem-rack>=3D1.0:www/rubygem-rack > +RUN_DEPENDS=3D rubygem-rack>=3D2.0.6:www/rubygem-rack > > could someone please help to understand why this upgrade has broken > www/gitlab-ce? > I do not really understand it, but I do not want to downgrade this port, > as there a CVE is related to:https://github.com/wardencommunity/warden/re= leases/tag/v1.2.8 > > I see the following error:https://pkg.fechner.net/data/112amd64-gitlab/20= 18-11-18_10h44m24s/logs/errors/gitlab-ce-11.4.5.log > > If I downgrade rubygem-warden again to 1.2.7 it solves the problem. > > as I do not get any feedback, what must I do, that this commit get > reverted till the problem is solved? > > Or I'm allowed to revert this commit by myself? > Hi, FYI, there are 2 workarounds. 1. Patch rubygem-warden to allow rack>=3D1.6 instead of rack>=3D2.0.6 Try the patch at https://people.FreeBSD.org/~sunpoet/patch/devel-rubygem-warden.txt It works for me (tested in poudriere). Please do a runtime test. 2. Use rubygem-warden127 to avoid PORTEPOCH - Add temporary rubygem-warden127 port - Change devel/rubygem-devise and security/rubygem-devise-two-factor from devel/rubygem-warden to devel/rubygem-warden127 Regards, sunpoet > Gru=C3=9F > Matthias > > -- > > "Programming today is a race between software engineers striving to > build bigger and better idiot-proof programs, and the universe trying to > produce bigger and better idiots. So far, the universe is winning." -- > Rich Cook > >