Date: Sat, 6 Mar 2021 10:08:30 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r567475 - in head: devel/gitaly www/gitlab-ce www/gitlab-ce/files www/gitlab-workhorse Message-ID: <202103061008.126A8Uul013731@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Sat Mar 6 10:08:29 2021 New Revision: 567475 URL: https://svnweb.freebsd.org/changeset/ports/567475 Log: Security update to gitlab-ce 13.9.2. Changelog: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ This commit also enforces an older version of devel/rubygem-google-protobuf of version 3.14.0. This also linked PR. This ensures that users to not upgrade by accident to a version that is core dumping. So it is wanted that this port is currently not buildable to protect users from an update. If you want to this upgrade, wait till devel/rubygem-google-protobuf is fixed or downgrade it to 3.14.0. PR: 254014 254010 Security: 8bf856ea-7df7-11eb-9aad-001b217b3468 Modified: head/devel/gitaly/Makefile head/devel/gitaly/distinfo head/www/gitlab-ce/Makefile head/www/gitlab-ce/distinfo head/www/gitlab-ce/files/patch-Gemfile head/www/gitlab-ce/pkg-plist head/www/gitlab-workhorse/Makefile head/www/gitlab-workhorse/distinfo Modified: head/devel/gitaly/Makefile ============================================================================== --- head/devel/gitaly/Makefile Sat Mar 6 10:01:09 2021 (r567474) +++ head/devel/gitaly/Makefile Sat Mar 6 10:08:29 2021 (r567475) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= gitaly -DISTVERSION= 13.9.1 +DISTVERSION= 13.9.2 PORTREVISION= 0 CATEGORIES= devel @@ -43,7 +43,7 @@ MAKE_ENV= GOFLAGS="${GO_BUILDFLAGS}" USE_GITLAB= yes GL_ACCOUNT= gitlab-org # Find this here: https://gitlab.com/gitlab-org/gitaly/-/tags -GL_COMMIT= 4f85f046841f2fbfcf8db5d54f7957aa60977b62 +GL_COMMIT= 4b02bd68a03cbad166b6965be61cf8ffc5b5a6be # for go dependencies USE_GITHUB= nodefault Modified: head/devel/gitaly/distinfo ============================================================================== --- head/devel/gitaly/distinfo Sat Mar 6 10:01:09 2021 (r567474) +++ head/devel/gitaly/distinfo Sat Mar 6 10:08:29 2021 (r567475) @@ -1,4 +1,4 @@ -TIMESTAMP = 1614351635 +TIMESTAMP = 1614980687 SHA256 (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = d81bd47683ef9cbd228691b077373d3e15ca5fa5b9e7919099c4e87779040e84 SIZE (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = 3321111 SHA256 (alexbrainman-sspi-4729b3d4d858_GH0.tar.gz) = 757930d82a7fca04d46d1c69ac27361ef2dadcb9fabbb3bf3a5ed785ebfc4e27 @@ -157,8 +157,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460 SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3 SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655 -SHA256 (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = c773ea0c94c888cd94878a014b41da521a4126edc4a498aa214e9277e7466e1e -SIZE (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = 3353539 +SHA256 (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 462ab9677692a744efcad9ed0ff31ed1bd7889bde79aac8c4519e72f4ab2ef5b +SIZE (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 3353602 SHA256 (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = f2fdaf95afc348cbfe1b4445b5031bc67d2e808e4525db3dfb3a9e27c9adddf3 SIZE (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = 89583 SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd Modified: head/www/gitlab-ce/Makefile ============================================================================== --- head/www/gitlab-ce/Makefile Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-ce/Makefile Sat Mar 6 10:08:29 2021 (r567475) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= gitlab-ce -PORTVERSION?= 13.9.1 +PORTVERSION?= 13.9.2 PORTREVISION?= 0 CATEGORIES= www devel @@ -20,7 +20,7 @@ MY_DEPENDS= git>=2.29:devel/git \ gitlab-agent>=13.9.1:net/gitlab-agent \ gitlab-pages>=1.35.0:www/gitlab-pages \ gitlab-shell>=13.16.1:devel/gitlab-shell \ - gitlab-workhorse>=8.63.0:www/gitlab-workhorse \ + gitlab-workhorse>=8.63.2:www/gitlab-workhorse \ redis>=4.0.0:databases/redis \ yarn>=1.10.0:www/yarn \ gtar>0:archivers/gtar \ @@ -188,6 +188,7 @@ MY_DEPENDS= git>=2.29:devel/git \ rubygem-pg_query>=1.3.0<1.4:databases/rubygem-pg_query \ rubygem-premailer-rails-rails60>=1.10.3<1.11.0:mail/rubygem-premailer-rails-rails60 \ rubygem-gitlab-labkit>=0.14.0<0.16:devel/rubygem-gitlab-labkit \ + rubygem-thrift>=0.14.0:devel/rubygem-thrift \ rubygem-ruby_parser>=3.15<4.0:devel/rubygem-ruby_parser \ rubygem-rails-i18n-rails60>=6.0<7.0:devel/rubygem-rails-i18n-rails60 \ rubygem-gettext_i18n_rails>=1.8.0<1.9.0:devel/rubygem-gettext_i18n_rails \ @@ -221,7 +222,7 @@ MY_DEPENDS= git>=2.29:devel/git \ rubygem-bcrypt_pbkdf>=1.0<2.0:security/rubygem-bcrypt_pbkdf \ rubygem-gitaly>=13.9.0.pre.rc1<13.10.0:net/rubygem-gitaly \ rubygem-grpc130>=1.30.2<1.31:net/rubygem-grpc130 \ - rubygem-google-protobuf>=3.12<4:devel/rubygem-google-protobuf \ + rubygem-google-protobuf>=3.12<3.15:devel/rubygem-google-protobuf \ rubygem-toml-rb10>=1.0.0<1.1.0:www/rubygem-toml-rb10 \ rubygem-flipper017>=0.17.1<0.18.0:devel/rubygem-flipper017 \ rubygem-flipper-active_record017>=0.17.1<0.18.0:databases/rubygem-flipper-active_record017 \ @@ -267,7 +268,7 @@ USE_GITLAB= yes GL_ACCOUNT?= gitlab-org GL_PROJECT?= gitlab-foss # Find the here: https://gitlab.com/gitlab-org/gitlab-foss/-/tags -GL_COMMIT?= 03979b4aaf060cae40934b2aade0bbe8a210e311 +GL_COMMIT?= 189a15a911843a9059d1f8bfd31008557bea520b USERS= git GROUPS= git Modified: head/www/gitlab-ce/distinfo ============================================================================== --- head/www/gitlab-ce/distinfo Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-ce/distinfo Sat Mar 6 10:08:29 2021 (r567475) @@ -1,3 +1,3 @@ -TIMESTAMP = 1614351499 -SHA256 (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 8e224795f0735dc10918ac1b11ff3ee76c5ba1eb76d537166292a08f00dbc914 -SIZE (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 98349077 +TIMESTAMP = 1614980151 +SHA256 (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 9a2ddc533fdd80b05e966c6a048bc1b6242a2f1e1bbe405221c8d61bdfdfbf36 +SIZE (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 98347897 Modified: head/www/gitlab-ce/files/patch-Gemfile ============================================================================== --- head/www/gitlab-ce/files/patch-Gemfile Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-ce/files/patch-Gemfile Sat Mar 6 10:08:29 2021 (r567475) @@ -1,4 +1,4 @@ ---- Gemfile.orig 2021-02-19 09:35:35 UTC +--- Gemfile.orig 2021-03-04 13:43:08 UTC +++ Gemfile @@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.10.0' # Authentication libraries @@ -50,10 +50,10 @@ # LabKit: Tracing and Correlation -gem 'gitlab-labkit', '0.14.0' +gem 'gitlab-labkit', '0.15.0' - - # I18n - gem 'ruby_parser', '~> 3.15', require: false -@@ -329,102 +328,11 @@ gem 'snowplow-tracker', '~> 0.6.1' + # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0 + # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900 + gem 'thrift', '>= 0.14.0' +@@ -332,102 +331,11 @@ gem 'snowplow-tracker', '~> 0.6.1' # Metrics group :metrics do gem 'method_source', '~> 1.0', require: false Modified: head/www/gitlab-ce/pkg-plist ============================================================================== --- head/www/gitlab-ce/pkg-plist Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-ce/pkg-plist Sat Mar 6 10:08:29 2021 (r567475) @@ -6488,6 +6488,7 @@ %%WWWDIR%%/app/helpers/webpack_helper.rb %%WWWDIR%%/app/helpers/whats_new_helper.rb %%WWWDIR%%/app/helpers/wiki_helper.rb +%%WWWDIR%%/app/helpers/wiki_page_version_helper.rb %%WWWDIR%%/app/helpers/workhorse_helper.rb %%WWWDIR%%/app/helpers/x509_helper.rb %%WWWDIR%%/app/mailers/abuse_report_mailer.rb @@ -27387,6 +27388,7 @@ %%WWWDIR%%/spec/helpers/visibility_level_helper_spec.rb %%WWWDIR%%/spec/helpers/whats_new_helper_spec.rb %%WWWDIR%%/spec/helpers/wiki_helper_spec.rb +%%WWWDIR%%/spec/helpers/wiki_page_version_helper_spec.rb %%WWWDIR%%/spec/helpers/x509_helper_spec.rb %%WWWDIR%%/spec/initializers/100_patch_omniauth_saml_spec.rb %%WWWDIR%%/spec/initializers/6_validations_spec.rb @@ -32879,6 +32881,8 @@ %%WWWDIR%%/workhorse/internal/staticpages/servefile.go %%WWWDIR%%/workhorse/internal/staticpages/servefile_test.go %%WWWDIR%%/workhorse/internal/staticpages/static.go +%%WWWDIR%%/workhorse/internal/staticpages/testdata/file1 +%%WWWDIR%%/workhorse/internal/staticpages/testdata/uploads/file2 %%WWWDIR%%/workhorse/internal/testhelper/gitaly.go %%WWWDIR%%/workhorse/internal/testhelper/testhelper.go %%WWWDIR%%/workhorse/internal/upload/accelerate.go @@ -32905,6 +32909,7 @@ %%WWWDIR%%/workhorse/internal/upstream/roundtripper/transport.go %%WWWDIR%%/workhorse/internal/upstream/routes.go %%WWWDIR%%/workhorse/internal/upstream/upstream.go +%%WWWDIR%%/workhorse/internal/upstream/upstream_test.go %%WWWDIR%%/workhorse/internal/urlprefix/urlprefix.go %%WWWDIR%%/workhorse/internal/utils/svg/LICENSE %%WWWDIR%%/workhorse/internal/utils/svg/README.md Modified: head/www/gitlab-workhorse/Makefile ============================================================================== --- head/www/gitlab-workhorse/Makefile Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-workhorse/Makefile Sat Mar 6 10:08:29 2021 (r567475) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= gitlab-workhorse -PORTVERSION?= 8.63.0 +PORTVERSION?= 8.63.2 PORTREVISION?= 0 CATEGORIES= www @@ -21,12 +21,12 @@ MAKE_ENV= GOFLAGS="${GO_BUILDFLAGS}" USE_GITLAB= yes GL_ACCOUNT?= gitlab-org # Find the commit hash here: https://gitlab.com/gitlab-org/gitlab-workhorse/tags -GL_COMMIT?= 290e36b39ca85d3be0d1b64504d8ebce424e09d3 +GL_COMMIT?= d6a98839b0a1c98eea332e203a1632f8302b21e9 # for go dependencies USE_GITHUB= nodefault # generated with: make gomod-vendor -# 94dd +# 93dd GH_TUPLE= \ Azure:azure-pipeline-go:v0.2.3:azure_azure_pipeline_go/vendor/github.com/Azure/azure-pipeline-go \ Azure:azure-storage-blob-go:6df5d9af221d:azure_azure_storage_blob_go/vendor/github.com/Azure/azure-storage-blob-go \ @@ -120,7 +120,6 @@ GH_TUPLE= \ GL_TUPLE= gitlab-org:gitaly:3f5e218def93024f3aafe590c22cd1b29f744105:gitlab_org_gitaly/vendor/gitlab.com/gitlab-org/gitaly \ gitlab-org:labkit:f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811:gitlab_org_labkit/vendor/gitlab.com/gitlab-org/labkit - PLIST_FILES= bin/gitlab-resize-image \ bin/gitlab-workhorse \ Modified: head/www/gitlab-workhorse/distinfo ============================================================================== --- head/www/gitlab-workhorse/distinfo Sat Mar 6 10:01:09 2021 (r567474) +++ head/www/gitlab-workhorse/distinfo Sat Mar 6 10:08:29 2021 (r567475) @@ -1,4 +1,4 @@ -TIMESTAMP = 1614013716 +TIMESTAMP = 1614980366 SHA256 (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 99bd58f4a07dd02d9615e3638b3bb6dbfad80ef678ccdb8e17e3fa2b0fef343e SIZE (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 17102 SHA256 (Azure-azure-storage-blob-go-6df5d9af221d_GH0.tar.gz) = 31047920e4c507f913b9922ad920a2e9f6d48e6056bdc6869b6c257e3ab095a7 @@ -177,8 +177,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460 SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3 SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655 -SHA256 (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 96a32f2d0656ba92f46ca26bcfd1b06ffc319ac1fdb4387f5b7f6775f26b9287 -SIZE (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 2486883 +SHA256 (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 50d50a465475e2814676f71f8732e0906b47573f078ca3277b4ad4754de7f8a7 +SIZE (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 2487786 SHA256 (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 98d3cd87fb3feb8a14b5ac9e4a968e7a841cc3b309f997a2ba78aa8fd0b58c2d SIZE (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 3143193 SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103061008.126A8Uul013731>