git: eca633b7381c - main - www/gitlab-ce: security upgrade to 14.4.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 13 Nov 2021 14:45:59 UTC
The branch main has been updated by mfechner:
URL: https://cgit.FreeBSD.org/ports/commit/?id=eca633b7381c632c8829d69f4ee83649c55c4b33
commit eca633b7381c632c8829d69f4ee83649c55c4b33
Author: Matthias Fechner <mfechner@FreeBSD.org>
AuthorDate: 2021-11-03 23:04:29 +0000
Commit: Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2021-11-13 14:44:44 +0000
www/gitlab-ce: security upgrade to 14.4.1
This version has a problem showing files like .md files (e.g. README.md on the start page of a project).
But as this bug is already present on version 14.4.0
I will deploy this now, to fix the security problems.
We need to find the source why this happens and fix it later.
Changelog:
https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/
Security: 33557582-3958-11ec-90ba-001b217b3468
---
devel/gitaly/Makefile | 4 ++--
devel/gitaly/distinfo | 6 +++---
www/gitlab-ce/Makefile | 7 ++++---
www/gitlab-ce/distinfo | 6 +++---
www/gitlab-ce/files/patch-Gemfile | 16 ++++++++--------
www/gitlab-ce/files/patch-config_gitlab.yml.example | 12 ++++++------
www/gitlab-workhorse/Makefile | 8 ++++----
www/gitlab-workhorse/distinfo | 8 +++++---
8 files changed, 35 insertions(+), 32 deletions(-)
diff --git a/devel/gitaly/Makefile b/devel/gitaly/Makefile
index 2a1d8fe5e8ea..13d9bad28724 100644
--- a/devel/gitaly/Makefile
+++ b/devel/gitaly/Makefile
@@ -1,5 +1,5 @@
PORTNAME= gitaly
-DISTVERSION= 14.4.0
+DISTVERSION= 14.4.1
PORTREVISION= 0
CATEGORIES= devel
@@ -45,7 +45,7 @@ MAKE_ENV+= ${GO_ENV}
USE_GITLAB= yes
GL_ACCOUNT= gitlab-org
# Find this here: https://gitlab.com/gitlab-org/gitaly/-/tags
-GL_COMMIT= 7abdbce59731637552b86002fcbe8754b3d98623
+GL_COMMIT= 735a55dc3d633b50c81fc1b69947a9774c40a658
# for go dependencies
USE_GITHUB= nodefault
diff --git a/devel/gitaly/distinfo b/devel/gitaly/distinfo
index 98200b8edf7c..c8e4938f6764 100644
--- a/devel/gitaly/distinfo
+++ b/devel/gitaly/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1634895409
+TIMESTAMP = 1635579522
SHA256 (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 99bd58f4a07dd02d9615e3638b3bb6dbfad80ef678ccdb8e17e3fa2b0fef343e
SIZE (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 17102
SHA256 (Azure-azure-storage-blob-go-v0.13.0_GH0.tar.gz) = 6bf7145210331efa3f0417f6684cf764c22743cf23122048ec136600daebf443
@@ -267,8 +267,8 @@ SHA256 (xanzy-ssh-agent-v0.3.0_GH0.tar.gz) = 7ce80a93d0fdbeb6760f97d6d166d11c215
SIZE (xanzy-ssh-agent-v0.3.0_GH0.tar.gz) = 8421
SHA256 (gonum-gonum-v0.8.2_GH0.tar.gz) = a2aad1ac038d36d568939910f39eb0c58cae3c6f0b18df3ca74a8daa954d1663
SIZE (gonum-gonum-v0.8.2_GH0.tar.gz) = 3226037
-SHA256 (gitlab-org-gitaly-7abdbce59731637552b86002fcbe8754b3d98623_GL0.tar.gz) = 2ea3095292b34a592d3b9df2f1d2edff12fed1a158b83769319d678d60776103
-SIZE (gitlab-org-gitaly-7abdbce59731637552b86002fcbe8754b3d98623_GL0.tar.gz) = 3704742
+SHA256 (gitlab-org-gitaly-735a55dc3d633b50c81fc1b69947a9774c40a658_GL0.tar.gz) = 13d9d89eacb259fd1535631c9952c2cf129814d4977a34eb5576e2e84a17090f
+SIZE (gitlab-org-gitaly-735a55dc3d633b50c81fc1b69947a9774c40a658_GL0.tar.gz) = 3704820
SHA256 (gitlab-org-gitlab-shell-50da611814d256c77e689977265ec7e07633a4dc_GL0.tar.gz) = a00e10d3dbe50e7c70b75c5fcf7d42a039a24c13b0b751a0339bb18261ac50af
SIZE (gitlab-org-gitlab-shell-50da611814d256c77e689977265ec7e07633a4dc_GL0.tar.gz) = 124516
SHA256 (gitlab-org-labkit-397363e2404ac0276b1959373a1c1c2bc1610d67_GL0.tar.gz) = e48dae8ea183f946189a9ac7e4cbe4bc0fa583e6baafb0074a3463a879565ecb
diff --git a/www/gitlab-ce/Makefile b/www/gitlab-ce/Makefile
index b0ff3f2691ec..ba2ba36b3755 100644
--- a/www/gitlab-ce/Makefile
+++ b/www/gitlab-ce/Makefile
@@ -1,8 +1,8 @@
# Created by: Torsten Zuehlsdorff <tz@FreeBSD.org>
PORTNAME= gitlab-ce
-PORTVERSION= 14.4.0
-PORTREVISION= 1
+PORTVERSION= 14.4.1
+PORTREVISION= 0
CATEGORIES= www devel
MAINTAINER= mfechner@FreeBSD.org
@@ -202,6 +202,7 @@ MY_DEPENDS= git>=2.32.0:devel/git \
rubygem-webrick>=1.6.1:www/rubygem-webrick \
rubygem-prometheus-client-mmap>=0.15.0<0.16.0:devel/rubygem-prometheus-client-mmap \
rubygem-warning>=1.2.0<1.3:devel/rubygem-warning \
+ rubygem-license_finder>=6.0<7:devel/rubygem-license_finder \
rubygem-octokit>=4.20<5.0:net/rubygem-octokit \
rubygem-gitlab-mail_room>=0.0.9<0.1.0:mail/rubygem-gitlab-mail_room \
rubygem-email_reply_trimmer>=0.1<1.0:mail/rubygem-email_reply_trimmer \
@@ -270,7 +271,7 @@ USE_GITLAB= yes
GL_ACCOUNT= gitlab-org
GL_PROJECT= gitlab-foss
# Find the here: https://gitlab.com/gitlab-org/gitlab-foss/-/tags
-GL_COMMIT= 51b27ab58055b65e14e68b19604e4823389adb73
+GL_COMMIT= 1a23d731c9f1149b8be1f16a1d781490df288f18
USERS= git
GROUPS= git
diff --git a/www/gitlab-ce/distinfo b/www/gitlab-ce/distinfo
index 4da5eed1052b..cd3b2cfa683b 100644
--- a/www/gitlab-ce/distinfo
+++ b/www/gitlab-ce/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1634899418
-SHA256 (gitlab-org-gitlab-foss-51b27ab58055b65e14e68b19604e4823389adb73_GL0.tar.gz) = 6092274b8b3292f0c1956ee31591ece91c47ebf2c213ab793ea6fa4b5b7e35f7
-SIZE (gitlab-org-gitlab-foss-51b27ab58055b65e14e68b19604e4823389adb73_GL0.tar.gz) = 94863812
+TIMESTAMP = 1635579320
+SHA256 (gitlab-org-gitlab-foss-1a23d731c9f1149b8be1f16a1d781490df288f18_GL0.tar.gz) = 5f30bcbbc448b5cd08048131532e0aeff0428d03b7e25331913fa3614f2100d0
+SIZE (gitlab-org-gitlab-foss-1a23d731c9f1149b8be1f16a1d781490df288f18_GL0.tar.gz) = 94874743
diff --git a/www/gitlab-ce/files/patch-Gemfile b/www/gitlab-ce/files/patch-Gemfile
index 21aff8dff2a0..8dfc08fa2b50 100644
--- a/www/gitlab-ce/files/patch-Gemfile
+++ b/www/gitlab-ce/files/patch-Gemfile
@@ -1,4 +1,4 @@
---- Gemfile.orig 2021-10-21 22:00:37 UTC
+--- Gemfile.orig 2021-10-28 07:49:38 UTC
+++ Gemfile
@@ -88,7 +88,7 @@ gem 'gpgme', '~> 2.0.19'
# GitLab fork with several improvements to original library. For full list of changes
@@ -17,7 +17,7 @@
gem 'graphlient', '~> 0.4.0' # Used by BulkImport feature (group::import)
gem 'hashie'
-@@ -332,106 +331,10 @@ gem 'snowplow-tracker', '~> 0.6.1'
+@@ -332,106 +331,15 @@ gem 'snowplow-tracker', '~> 0.6.1'
# Metrics
gem 'method_source', '~> 1.0', require: false
@@ -93,11 +93,11 @@
- gem 'simplecov-cobertura', '~> 1.3.1', require: false
-end
-
--# Gems required in omnibus-gitlab pipeline
--group :development, :test, :omnibus do
-- gem 'license_finder', '~> 6.0', require: false
--end
--
+ # Gems required in omnibus-gitlab pipeline
+ group :development, :test, :omnibus do
+ gem 'license_finder', '~> 6.0', require: false
+ end
+
-group :test do
- gem 'fuubar', '~> 2.2.0'
- gem 'rspec-retry', '~> 0.6.1'
@@ -124,7 +124,7 @@
gem 'octokit', '~> 4.15'
# https://gitlab.com/gitlab-org/gitlab/issues/207207
-@@ -479,7 +382,7 @@ gem 'gitaly', '~> 14.3.0.pre.rc2'
+@@ -479,7 +387,7 @@ gem 'gitaly', '~> 14.3.0.pre.rc2'
# KAS GRPC protocol definitions
gem 'kas-grpc', '~> 0.0.2'
diff --git a/www/gitlab-ce/files/patch-config_gitlab.yml.example b/www/gitlab-ce/files/patch-config_gitlab.yml.example
index 943d15234fb2..367f017a1be4 100644
--- a/www/gitlab-ce/files/patch-config_gitlab.yml.example
+++ b/www/gitlab-ce/files/patch-config_gitlab.yml.example
@@ -1,6 +1,6 @@
---- config/gitlab.yml.example.orig 2021-10-21 22:00:37 UTC
+--- config/gitlab.yml.example.orig 2021-10-28 07:49:38 UTC
+++ config/gitlab.yml.example
-@@ -1128,14 +1128,14 @@ production: &base
+@@ -1130,14 +1130,14 @@ production: &base
# real path not the symlink.
storages: # You must have at least a `default` storage path.
default:
@@ -18,7 +18,7 @@
# archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
# keep_time: 604800 # default: 0 (forever) (in seconds)
# pg_schema: public # default: nil, it means that all schemas will be backed up
-@@ -1184,12 +1184,12 @@ production: &base
+@@ -1186,12 +1186,12 @@ production: &base
## GitLab Shell settings
gitlab_shell:
@@ -34,7 +34,7 @@
# Git over HTTP
upload_pack: true
-@@ -1204,13 +1204,13 @@ production: &base
+@@ -1206,13 +1206,13 @@ production: &base
workhorse:
# File that contains the secret key for verifying access for gitlab-workhorse.
# Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
@@ -50,7 +50,7 @@
# The URL to the external KAS API (used by the Kubernetes agents)
# external_url: wss://kas.example.com
-@@ -1223,13 +1223,13 @@ production: &base
+@@ -1225,13 +1225,13 @@ production: &base
## GitLab Elasticsearch settings
elasticsearch:
@@ -66,7 +66,7 @@
## Webpack settings
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
-@@ -1459,13 +1459,13 @@ test:
+@@ -1461,13 +1461,13 @@ test:
gitaly_address: unix:tmp/tests/gitaly/praefect.socket
gitaly:
diff --git a/www/gitlab-workhorse/Makefile b/www/gitlab-workhorse/Makefile
index ec1c1696f3c1..e38d753bea2c 100644
--- a/www/gitlab-workhorse/Makefile
+++ b/www/gitlab-workhorse/Makefile
@@ -1,7 +1,7 @@
# Created by: Torsten Zuehlsdorff <tz@FreeBSD.org>
PORTNAME= gitlab-workhorse
-PORTVERSION= 14.4.0
+PORTVERSION= 14.4.1
PORTREVISION= 0
CATEGORIES= www
@@ -23,12 +23,12 @@ USE_GITLAB= yes
GL_ACCOUNT= gitlab-org
GL_PROJECT= gitlab-foss
# Find the commit hash here: https://gitlab.com/gitlab-org/gitlab-foss/-/tags
-GL_COMMIT= 51b27ab58055b65e14e68b19604e4823389adb73
+GL_COMMIT= 1a23d731c9f1149b8be1f16a1d781490df288f18
# for go dependencies
USE_GITHUB= nodefault
# generated with: make gomod-vendor
-# 103dd
+# 104dd
GH_TUPLE= \
Azure:azure-pipeline-go:v0.2.3:azure_azure_pipeline_go/vendor/github.com/Azure/azure-pipeline-go \
Azure:azure-storage-blob-go:v0.13.0:azure_azure_storage_blob_go/vendor/github.com/Azure/azure-storage-blob-go \
@@ -41,6 +41,7 @@ GH_TUPLE= \
BurntSushi:toml:v0.3.1:burntsushi_toml/vendor/github.com/BurntSushi/toml \
DataDog:datadog-go:v4.4.0:datadog_datadog_go/vendor/github.com/DataDog/datadog-go \
DataDog:dd-trace-go:v1.31.1:datadog_dd_trace_go/vendor/gopkg.in/DataDog/dd-trace-go.v1 \
+ DataDog:sketches-go:v1.0.0:datadog_sketches_go/vendor/github.com/DataDog/sketches-go \
FZambia:sentinel:v1.0.0:fzambia_sentinel/vendor/github.com/FZambia/sentinel \
Microsoft:go-winio:v0.4.19:microsoft_go_winio/vendor/github.com/Microsoft/go-winio \
StackExchange:wmi:cbe66965904d:stackexchange_wmi/vendor/github.com/StackExchange/wmi \
@@ -157,4 +158,3 @@ post-install:
.include <bsd.port.mk>
-
diff --git a/www/gitlab-workhorse/distinfo b/www/gitlab-workhorse/distinfo
index 073562693179..045bd570a552 100644
--- a/www/gitlab-workhorse/distinfo
+++ b/www/gitlab-workhorse/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1634883120
+TIMESTAMP = 1635579452
SHA256 (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 99bd58f4a07dd02d9615e3638b3bb6dbfad80ef678ccdb8e17e3fa2b0fef343e
SIZE (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 17102
SHA256 (Azure-azure-storage-blob-go-v0.13.0_GH0.tar.gz) = 6bf7145210331efa3f0417f6684cf764c22743cf23122048ec136600daebf443
@@ -21,6 +21,8 @@ SHA256 (DataDog-datadog-go-v4.4.0_GH0.tar.gz) = ca4e63041f5e0a176f0affd7a5997925
SIZE (DataDog-datadog-go-v4.4.0_GH0.tar.gz) = 43175
SHA256 (DataDog-dd-trace-go-v1.31.1_GH0.tar.gz) = 9e16bb928d2445fd3430b25b0acbb562077a4c93ad737eeed67bcb38eac8c9ab
SIZE (DataDog-dd-trace-go-v1.31.1_GH0.tar.gz) = 601733
+SHA256 (DataDog-sketches-go-v1.0.0_GH0.tar.gz) = 882d27e9f2b65f8b1de6f0f53fe141044df31ccc02abb6ca12d7a74ebd8b7b7b
+SIZE (DataDog-sketches-go-v1.0.0_GH0.tar.gz) = 22089
SHA256 (FZambia-sentinel-v1.0.0_GH0.tar.gz) = ae08e912e4fd69a0c5d11f832a484f13695ce20e8d32878eba23bc89d9d79e5e
SIZE (FZambia-sentinel-v1.0.0_GH0.tar.gz) = 7919
SHA256 (Microsoft-go-winio-v0.4.19_GH0.tar.gz) = aa80cb2aa45ffd97808c2365c554f839757408f822a0774a356b7b918360fc20
@@ -197,8 +199,8 @@ SHA256 (uber-jaeger-client-go-v2.27.0_GH0.tar.gz) = 7590acdefcbbf9553bd3415bc7e5
SIZE (uber-jaeger-client-go-v2.27.0_GH0.tar.gz) = 210139
SHA256 (uber-jaeger-lib-v2.4.1_GH0.tar.gz) = c178bcad325857dba29551c16f40707701adf6e3a9e01e1ca3e5edfc3c6de8bc
SIZE (uber-jaeger-lib-v2.4.1_GH0.tar.gz) = 38010
-SHA256 (gitlab-org-gitlab-foss-51b27ab58055b65e14e68b19604e4823389adb73_GL0.tar.gz) = 6092274b8b3292f0c1956ee31591ece91c47ebf2c213ab793ea6fa4b5b7e35f7
-SIZE (gitlab-org-gitlab-foss-51b27ab58055b65e14e68b19604e4823389adb73_GL0.tar.gz) = 94863812
+SHA256 (gitlab-org-gitlab-foss-1a23d731c9f1149b8be1f16a1d781490df288f18_GL0.tar.gz) = 5f30bcbbc448b5cd08048131532e0aeff0428d03b7e25331913fa3614f2100d0
+SIZE (gitlab-org-gitlab-foss-1a23d731c9f1149b8be1f16a1d781490df288f18_GL0.tar.gz) = 94874743
SHA256 (gitlab-org-gitaly-df7dadcc3f74276a7176234d4b1475299f46c05c_GL0.tar.gz) = 4c403ee52c1d42d54e9acd14026796782e8272e74c8eb7c3cedf9c924697647e
SIZE (gitlab-org-gitaly-df7dadcc3f74276a7176234d4b1475299f46c05c_GL0.tar.gz) = 3703056
SHA256 (gitlab-org-labkit-9205b46eea68f47a36cefa783a306476f0b2dbfd_GL0.tar.gz) = c957c444298dd0f9ade07cb643d03e455dcc28d24bd203ead8d241bf50c6df57