Bug 230306
| Summary: | Update of security/rubygem-doorkeeper to 4.4.x prevents www/gitlab-ce 11.1.2_2 from starting | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Paul Mather <paul> |
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Many People | CC: | mfechner, ruby |
| Priority: | --- | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
A commit references this bug: Author: mfechner Date: Fri Aug 3 15:48:56 UTC 2018 New revision: 476298 URL: https://svnweb.freebsd.org/changeset/ports/476298 Log: Copied port security/rubygem-doorkeeper and fix it to version 4.3.x which is required by gitlab. PR: 230306 Approved by: mentors (implicit) Changes: head/security/Makefile head/security/rubygem-doorkeeper43/ head/security/rubygem-doorkeeper43/Makefile A commit references this bug: Author: mfechner Date: Sat Aug 4 00:27:17 UTC 2018 New revision: 476329 URL: https://svnweb.freebsd.org/changeset/ports/476329 Log: Update gitlab to 11.1.4. Fixed dependency problem for security/doorkeeper. The currently used doorkeeper43 version has a security vulnerability, this problem was reported upstream to gitlab here: https://gitlab.com/gitlab-org/gitlab-ce/issues/49940 PR: 230306 Approved by: mentors (implicit) Changes: head/www/gitlab-ce/Makefile head/www/gitlab-ce/distinfo head/www/gitlab-ce/pkg-plist Thanks for the report! The Gemfile of gitlab is misleading. It says: gem 'doorkeeper', '~> 4.3' https://gitlab.com/gitlab-org/gitlab-ce/blob/v11.1.2/Gemfile#L37 A commit references this bug: Author: mfechner Date: Fri Aug 31 12:25:38 UTC 2018 New revision: 478551 URL: https://svnweb.freebsd.org/changeset/ports/478551 Log: MFH: r476298 Copied port security/rubygem-doorkeeper and fix it to version 4.3.x which is required by gitlab. PR: 230306 Approved by: mentors (implicit) Approved by: ports-secteam (miwi) Changes: _U branches/2018Q3/ branches/2018Q3/security/Makefile branches/2018Q3/security/rubygem-doorkeeper43/ A commit references this bug: Author: mfechner Date: Fri Aug 31 12:28:57 UTC 2018 New revision: 478553 URL: https://svnweb.freebsd.org/changeset/ports/478553 Log: MFH: r476329 r477216 r478496 Update gitlab to 11.1.4. Fixed dependency problem for security/doorkeeper. The currently used doorkeeper43 version has a security vulnerability, this problem was reported upstream to gitlab here: https://gitlab.com/gitlab-org/gitlab-ce/issues/49940 PR: 230306 Approved by: mentors (implicit) www/gitlab-ce add a check after the build process to verify all used gems matching the requirements. This should make it easier to see gem updates that are breaking the gitlab-ce port. Approved by: mentors (implicit) www/gitlab-ce security update to version 11.1.6. Details about vulnerabilities can be found here: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ Approved by: mentors (implicit) MFC after: 1 d Security: ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd Approved by: ports-secteam (miwi) Changes: _U branches/2018Q3/ branches/2018Q3/www/gitlab-ce/Makefile branches/2018Q3/www/gitlab-ce/distinfo branches/2018Q3/www/gitlab-ce/pkg-plist |
The recent update of the security/rubygem-doorkeeper port to 4.4.1 triggers an error when starting up the current www/gitlab-ce application. The error triggered is in the doorkeeper initialiser (/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb) in GitLab, at line 116: =====8<===== # Remove after we upgrade the doorkeeper gem from version 4.3.2 if Doorkeeper.gem_version > Gem::Version.new('4.3.2') raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}" end =====>8===== (where __FILE__ is /usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb) The previous version of security/rubygem-doorkeeper was 4.3.2. It was updated to 4.4.1 on 31st July, 2018. I guess the easiest fix would be to create a legacy security/rubygem-doorkeeper43 port that holds the Gem at 4.3.2.