Security update to gitlab-ce 13.9.2.

Changelog: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ This commit also enforces an older version of devel/rubygem-google-protobuf of version 3.14.0. This also linked PR. This ensures that users to not upgrade by accident to a version that is core dumping. So it is wanted that this port is currently not buildable to protect users from an update. If you want to this upgrade, wait till devel/rubygem-google-protobuf is fixed or downgrade it to 3.14.0. PR: 254014 254010 Security: 8bf856ea-7df7-11eb-9aad-001b217b3468
svn path=/head/; revision=567475
2024-12-28 05:29:48 +00:00 · 2021-03-06 10:08:29 +00:00 · 2021-03-06 10:08:29 +00:00 · 9bb5b00084 · 2021-03-31 03:12:20 +00:00
commit 9bb5b00084
parent db5b5f1ee3
8 changed files with 29 additions and 24 deletions
--- a/devel/gitaly/Makefile
+++ b/devel/gitaly/Makefile
@ -1,7 +1,7 @@
 # $FreeBSD$

 PORTNAME=	gitaly
-DISTVERSION=	13.9.1
+DISTVERSION=	13.9.2
 PORTREVISION=	0
 CATEGORIES=	devel

@ -43,7 +43,7 @@ MAKE_ENV=	GOFLAGS="${GO_BUILDFLAGS}"
 USE_GITLAB=	yes
 GL_ACCOUNT=	gitlab-org
 # Find this here: https://gitlab.com/gitlab-org/gitaly/-/tags
-GL_COMMIT=	4f85f046841f2fbfcf8db5d54f7957aa60977b62
+GL_COMMIT=	4b02bd68a03cbad166b6965be61cf8ffc5b5a6be

 # for go dependencies
 USE_GITHUB=	nodefault
--- a/devel/gitaly/distinfo
+++ b/devel/gitaly/distinfo
@ -1,4 +1,4 @@
-TIMESTAMP = 1614351635
+TIMESTAMP = 1614980687
 SHA256 (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = d81bd47683ef9cbd228691b077373d3e15ca5fa5b9e7919099c4e87779040e84
 SIZE (DataDog-dd-trace-go-v1.7.0_GH0.tar.gz) = 3321111
 SHA256 (alexbrainman-sspi-4729b3d4d858_GH0.tar.gz) = 757930d82a7fca04d46d1c69ac27361ef2dadcb9fabbb3bf3a5ed785ebfc4e27
@ -157,8 +157,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b89d1a6684475fcbaed3f9d2137
 SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460
 SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3
 SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655
-SHA256 (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = c773ea0c94c888cd94878a014b41da521a4126edc4a498aa214e9277e7466e1e
-SIZE (gitlab-org-gitaly-4f85f046841f2fbfcf8db5d54f7957aa60977b62_GL0.tar.gz) = 3353539
+SHA256 (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 462ab9677692a744efcad9ed0ff31ed1bd7889bde79aac8c4519e72f4ab2ef5b
+SIZE (gitlab-org-gitaly-4b02bd68a03cbad166b6965be61cf8ffc5b5a6be_GL0.tar.gz) = 3353602
 SHA256 (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = f2fdaf95afc348cbfe1b4445b5031bc67d2e808e4525db3dfb3a9e27c9adddf3
 SIZE (gitlab-org-gitlab-shell-3f9890ef73dced430d86801a1efc0e93ec50890e_GL0.tar.gz) = 89583
 SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd
--- a/www/gitlab-ce/Makefile
+++ b/www/gitlab-ce/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME?=	gitlab-ce
-PORTVERSION?=	13.9.1
+PORTVERSION?=	13.9.2
 PORTREVISION?=	0
 CATEGORIES=	www devel

@ -20,7 +20,7 @@ MY_DEPENDS=	git>=2.29:devel/git \
 	gitlab-agent>=13.9.1:net/gitlab-agent \
 	gitlab-pages>=1.35.0:www/gitlab-pages \
 	gitlab-shell>=13.16.1:devel/gitlab-shell \
-	gitlab-workhorse>=8.63.0:www/gitlab-workhorse \
+	gitlab-workhorse>=8.63.2:www/gitlab-workhorse \
 	redis>=4.0.0:databases/redis \
 	yarn>=1.10.0:www/yarn \
 	gtar>0:archivers/gtar \
@ -188,6 +188,7 @@ MY_DEPENDS=	git>=2.29:devel/git \
 	rubygem-pg_query>=1.3.0<1.4:databases/rubygem-pg_query \
 	rubygem-premailer-rails-rails60>=1.10.3<1.11.0:mail/rubygem-premailer-rails-rails60 \
 	rubygem-gitlab-labkit>=0.14.0<0.16:devel/rubygem-gitlab-labkit \
+	rubygem-thrift>=0.14.0:devel/rubygem-thrift \
 	rubygem-ruby_parser>=3.15<4.0:devel/rubygem-ruby_parser \
 	rubygem-rails-i18n-rails60>=6.0<7.0:devel/rubygem-rails-i18n-rails60 \
 	rubygem-gettext_i18n_rails>=1.8.0<1.9.0:devel/rubygem-gettext_i18n_rails \
@ -221,7 +222,7 @@ MY_DEPENDS=	git>=2.29:devel/git \
 	rubygem-bcrypt_pbkdf>=1.0<2.0:security/rubygem-bcrypt_pbkdf \
 	rubygem-gitaly>=13.9.0.pre.rc1<13.10.0:net/rubygem-gitaly \
 	rubygem-grpc130>=1.30.2<1.31:net/rubygem-grpc130 \
-	rubygem-google-protobuf>=3.12<4:devel/rubygem-google-protobuf \
+	rubygem-google-protobuf>=3.12<3.15:devel/rubygem-google-protobuf \
 	rubygem-toml-rb10>=1.0.0<1.1.0:www/rubygem-toml-rb10 \
 	rubygem-flipper017>=0.17.1<0.18.0:devel/rubygem-flipper017 \
 	rubygem-flipper-active_record017>=0.17.1<0.18.0:databases/rubygem-flipper-active_record017 \
@ -267,7 +268,7 @@ USE_GITLAB=	yes
 GL_ACCOUNT?=	gitlab-org
 GL_PROJECT?=	gitlab-foss
 # Find the here: https://gitlab.com/gitlab-org/gitlab-foss/-/tags
-GL_COMMIT?=	03979b4aaf060cae40934b2aade0bbe8a210e311
+GL_COMMIT?=	189a15a911843a9059d1f8bfd31008557bea520b

 USERS=	git
 GROUPS=	git
--- a/www/gitlab-ce/distinfo
+++ b/www/gitlab-ce/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1614351499
-SHA256 (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 8e224795f0735dc10918ac1b11ff3ee76c5ba1eb76d537166292a08f00dbc914
-SIZE (gitlab-org-gitlab-foss-03979b4aaf060cae40934b2aade0bbe8a210e311_GL0.tar.gz) = 98349077
+TIMESTAMP = 1614980151
+SHA256 (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 9a2ddc533fdd80b05e966c6a048bc1b6242a2f1e1bbe405221c8d61bdfdfbf36
+SIZE (gitlab-org-gitlab-foss-189a15a911843a9059d1f8bfd31008557bea520b_GL0.tar.gz) = 98347897
--- a/www/gitlab-ce/files/patch-Gemfile
+++ b/www/gitlab-ce/files/patch-Gemfile
@ -1,4 +1,4 @@
--- Gemfile.orig	2021-02-19 09:35:35 UTC
+--- Gemfile.orig	2021-03-04 13:43:08 UTC
 +++ Gemfile
@@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.10.0'
 # Authentication libraries
@ -50,10 +50,10 @@
 # LabKit: Tracing and Correlation
 -gem 'gitlab-labkit', '0.14.0'
 +gem 'gitlab-labkit', '0.15.0'
- 
- # I18n
- gem 'ruby_parser', '~> 3.15', require: false
-@@ -329,102 +328,11 @@ gem 'snowplow-tracker', '~> 0.6.1'
+ # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
+ # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
+ gem 'thrift', '>= 0.14.0'
+@@ -332,102 +331,11 @@ gem 'snowplow-tracker', '~> 0.6.1'
 # Metrics
 group :metrics do
   gem 'method_source', '~> 1.0', require: false
--- a/www/gitlab-ce/pkg-plist
+++ b/www/gitlab-ce/pkg-plist
@ -6488,6 +6488,7 @@
 %%WWWDIR%%/app/helpers/webpack_helper.rb
 %%WWWDIR%%/app/helpers/whats_new_helper.rb
 %%WWWDIR%%/app/helpers/wiki_helper.rb
+%%WWWDIR%%/app/helpers/wiki_page_version_helper.rb
 %%WWWDIR%%/app/helpers/workhorse_helper.rb
 %%WWWDIR%%/app/helpers/x509_helper.rb
 %%WWWDIR%%/app/mailers/abuse_report_mailer.rb
@ -27387,6 +27388,7 @@
 %%WWWDIR%%/spec/helpers/visibility_level_helper_spec.rb
 %%WWWDIR%%/spec/helpers/whats_new_helper_spec.rb
 %%WWWDIR%%/spec/helpers/wiki_helper_spec.rb
+%%WWWDIR%%/spec/helpers/wiki_page_version_helper_spec.rb
 %%WWWDIR%%/spec/helpers/x509_helper_spec.rb
 %%WWWDIR%%/spec/initializers/100_patch_omniauth_saml_spec.rb
 %%WWWDIR%%/spec/initializers/6_validations_spec.rb
@ -32879,6 +32881,8 @@
 %%WWWDIR%%/workhorse/internal/staticpages/servefile.go
 %%WWWDIR%%/workhorse/internal/staticpages/servefile_test.go
 %%WWWDIR%%/workhorse/internal/staticpages/static.go
+%%WWWDIR%%/workhorse/internal/staticpages/testdata/file1
+%%WWWDIR%%/workhorse/internal/staticpages/testdata/uploads/file2
 %%WWWDIR%%/workhorse/internal/testhelper/gitaly.go
 %%WWWDIR%%/workhorse/internal/testhelper/testhelper.go
 %%WWWDIR%%/workhorse/internal/upload/accelerate.go
@ -32905,6 +32909,7 @@
 %%WWWDIR%%/workhorse/internal/upstream/roundtripper/transport.go
 %%WWWDIR%%/workhorse/internal/upstream/routes.go
 %%WWWDIR%%/workhorse/internal/upstream/upstream.go
+%%WWWDIR%%/workhorse/internal/upstream/upstream_test.go
 %%WWWDIR%%/workhorse/internal/urlprefix/urlprefix.go
 %%WWWDIR%%/workhorse/internal/utils/svg/LICENSE
 %%WWWDIR%%/workhorse/internal/utils/svg/README.md
--- a/www/gitlab-workhorse/Makefile
+++ b/www/gitlab-workhorse/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME?=	gitlab-workhorse
-PORTVERSION?=	8.63.0
+PORTVERSION?=	8.63.2
 PORTREVISION?=	0
 CATEGORIES=	www

@ -21,12 +21,12 @@ MAKE_ENV=	GOFLAGS="${GO_BUILDFLAGS}"
 USE_GITLAB=	yes
 GL_ACCOUNT?=	gitlab-org
 # Find the commit hash here: https://gitlab.com/gitlab-org/gitlab-workhorse/tags
-GL_COMMIT?=	290e36b39ca85d3be0d1b64504d8ebce424e09d3
+GL_COMMIT?=	d6a98839b0a1c98eea332e203a1632f8302b21e9

 # for go dependencies
 USE_GITHUB=	nodefault
 # generated with: make gomod-vendor
-# 94dd
+# 93dd
 GH_TUPLE=	\
 		Azure:azure-pipeline-go:v0.2.3:azure_azure_pipeline_go/vendor/github.com/Azure/azure-pipeline-go \
 		Azure:azure-storage-blob-go:6df5d9af221d:azure_azure_storage_blob_go/vendor/github.com/Azure/azure-storage-blob-go \
@ -121,7 +121,6 @@ GH_TUPLE=	\
 GL_TUPLE=	gitlab-org:gitaly:3f5e218def93024f3aafe590c22cd1b29f744105:gitlab_org_gitaly/vendor/gitlab.com/gitlab-org/gitaly \
 		gitlab-org:labkit:f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811:gitlab_org_labkit/vendor/gitlab.com/gitlab-org/labkit

-
 PLIST_FILES=	bin/gitlab-resize-image \
 		bin/gitlab-workhorse \
 		bin/gitlab-zip-cat \
--- a/www/gitlab-workhorse/distinfo
+++ b/www/gitlab-workhorse/distinfo
@ -1,4 +1,4 @@
-TIMESTAMP = 1614013716
+TIMESTAMP = 1614980366
 SHA256 (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 99bd58f4a07dd02d9615e3638b3bb6dbfad80ef678ccdb8e17e3fa2b0fef343e
 SIZE (Azure-azure-pipeline-go-v0.2.3_GH0.tar.gz) = 17102
 SHA256 (Azure-azure-storage-blob-go-6df5d9af221d_GH0.tar.gz) = 31047920e4c507f913b9922ad920a2e9f6d48e6056bdc6869b6c257e3ab095a7
@ -177,8 +177,8 @@ SHA256 (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 6b89d1a6684475fcbaed3f9d2137
 SIZE (uber-jaeger-client-go-v2.15.0_GH0.tar.gz) = 164460
 SHA256 (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 98901cc41df77858a2f601ad48b45bdf72af40c56f15bc5182416b15db0daac3
 SIZE (uber-jaeger-lib-v1.5.0_GH0.tar.gz) = 31655
-SHA256 (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 96a32f2d0656ba92f46ca26bcfd1b06ffc319ac1fdb4387f5b7f6775f26b9287
-SIZE (gitlab-org-gitlab-workhorse-290e36b39ca85d3be0d1b64504d8ebce424e09d3_GL0.tar.gz) = 2486883
+SHA256 (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 50d50a465475e2814676f71f8732e0906b47573f078ca3277b4ad4754de7f8a7
+SIZE (gitlab-org-gitlab-workhorse-d6a98839b0a1c98eea332e203a1632f8302b21e9_GL0.tar.gz) = 2487786
 SHA256 (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 98d3cd87fb3feb8a14b5ac9e4a968e7a841cc3b309f997a2ba78aa8fd0b58c2d
 SIZE (gitlab-org-gitaly-3f5e218def93024f3aafe590c22cd1b29f744105_GL0.tar.gz) = 3143193
 SHA256 (gitlab-org-labkit-f2d7fb209ecad2eaddb5fb9c4ab03eb8eaa82811_GL0.tar.gz) = 7fb33d071f1731691125807188be8faba6100a43fa66ad9064d204b56642fbfd