Page MenuHomeFreeBSD

www/gitlab security update to 10.8.5
ClosedPublic

Authored by mfechner on Jun 25 2018, 5:37 PM.

Details

Summary

_NOTE_: Version skipped so far, there seems to be a major bug with the new sanitize version, I create a PR for this:
https://gitlab.com/gitlab-org/gitlab-ce/issues/48415

Commit message:
Security update to 10.8.5. For details see here:
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released

Test Plan

Please note, build process and tests are currently running, but I want to give it in parallel into approval process.
I will not commit it before I tested it with a new installation and upgrade a 10.8.4.

All patches are build, you can find all build logs:
https://pkg.fechner.net/jail.html?mastername=111amd64-gitlab

The fresh packages are tested against a new installation using:
https://gitlab.fechner.net/mfechner/Gitlab-vagrant

An old version is updated following the manual:
https://gitlab.fechner.net/mfechner/Gitlab-docu

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

mfechner created this revision.Jun 25 2018, 5:37 PM
mfechner edited the summary of this revision. (Show Details)Jun 25 2018, 6:18 PM
tz accepted this revision.Jun 26 2018, 7:52 AM

The update itself looks fine so far. Good that you catched this error! Now there are two possibilities:

  • Do the upgrade even with the bug in mind and warn the users
  • Only fix the security issues by porting the fixes as patches (and leave the broken fix)
This revision is now accepted and ready to land.Jun 26 2018, 7:52 AM

The version 10.8.4 should not contain all bugs, as I already fixed some of them and reported them to gitlab with a confidental issue.
You will see that e.g. sanitizer is already fixed in 10.8.4.

I hope I find tomorrow evening some time to test pipeline-html gem.
I already build everything but I can access my test environment only from my local network which I will have access earliest tomorrow evening.

I think the hint from the gitlab developer that html-pipeline 2.7.1 is required fixes it. I added a review to get the new port here: https://reviews.freebsd.org/D16032

I will do later this evening additional tests to make sure gitlab works as expected and will commit it then.

This revision was automatically updated to reflect the committed changes.