Created attachment 190715 [details] Security update to 10.4.3
Please do not commit yet, I will add the next days all required updates that blocks this one, I will switch the mainterflag the moment everything is commited that blocks this update.
Moin Matthias :-) Okay, then give me a go when done. I want to try and pull all the PRs to me. Joneum
10.4.4 is released yesterday. Please use this version instead.
I created now hopefully all changes that are required, I will upgrade the to 10.4.4 and provide with a new diff if everything is fine.
(In reply to Matthias Fechner from comment #4) I think we can, as in the past, do that again in several steps. Let's work on the update for 10.4.3, and then 10.4.4 I will test all updates again in poudrire, and then open a review to catch up with the opinion of @tz ( i cc him here)
Created attachment 190729 [details] Security update to 10.4.4. This patch also includes a fix for gem update security/rubygem-attr_encrypted to security/rubygem-attr_encrypted30 which breaks gitlab.
If you would like to see all changes collected, you can also use the branch 10.4 from here: http://gitlab.toco-domains.de/FreeBSD/GitLab I pushed all modification required for the update 10.4.4 to it.
(In reply to Jochen Neumeister from comment #5) I suggest to update to 10.4.4 directly because it's only 1 dependency change (nokogiri from 1.8.1 to 1.8.2) and mostly bugfixes from 10.4.3.
All tests were successful, so we should be ready to merge all PRs into HEAD.
Committed in r462404
Thanks @tz for your time spend to commit everything! We should create a security entry and mark every version of gitlab < 10.4.3 with critical security bugs.
Security bulletin added: https://svnweb.freebsd.org/changeset/ports/462481
Hello, Firstly thanks for all you guys work on the packages! It seems like the latest bump of the gitlab + gems made my system want to remove gitlab when running pkg upgrade. Below is a paste of the output of pkg: Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking for upgrades (19 candidates): 100% Processing candidates (19 candidates): 100% Checking integrity... done (9 conflicting) - rubygem-sass-rails-rails4-5.0.7 conflicts with rubygem-sass-rails5-5.0.7 on /usr/local/lib/ruby/gems/2.4/specifications/sass-rails-5.0.7.gemspec - rubygem-pg0-0.21.0 conflicts with rubygem-pg-0.21.0 on /usr/local/lib/ruby/gems/2.4/specifications/pg-0.21.0.gemspec - rubygem-unicorn51-5.1.0 conflicts with rubygem-unicorn-5.4.0 on /usr/local/bin/unicorn - rubygem-unicorn-worker-killer044-0.4.4 conflicts with rubygem-unicorn-worker-killer-0.4.4 on /usr/local/lib/ruby/gems/2.4/specifications/unicorn-worker-killer-0.4.4.gemspec - rubygem-hamlit26-2.6.2 conflicts with rubygem-hamlit-2.8.7 on /usr/local/bin/hamlit - rubygem-hamlit26-2.6.2 conflicts with rubygem-hamlit-2.8.6 on /usr/local/bin/hamlit - rubygem-github-linguist47-4.7.6 conflicts with rubygem-github-linguist-6.0.1 on /usr/local/bin/git-linguist - rubygem-sentry-raven25-2.5.3 conflicts with rubygem-sentry-raven-2.7.2 on /usr/local/bin/raven - rubygem-ruby-prof016-0.16.2 conflicts with rubygem-ruby-prof-0.17.0 on /usr/local/bin/ruby-prof Cannot solve problem using SAT solver, trying another plan Checking integrity... done (0 conflicting) The following 59 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: gitlab-10.1.6_2 rubygem-sass-rails5-5.0.7 New packages to be INSTALLED: rubygem-sass-rails-rails4: 5.0.7 rubygem-pg0: 0.21.0 rubygem-uglifier27: 2.7.2 rubygem-toml-rb03: 0.3.15 rubygem-rack-cors: 1.0.2 rubygem-rack-attack44: 4.4.1 rubygem-kubeclient22: 2.2.0 rubygem-recursive-open-struct100: 1.0.0 rubygem-jquery-atwho-rails13: 1.3.2 rubygem-gon61: 6.1.0 rubygem-dropzonejs-rails07: 0.7.4 rubygem-wikicloth081: 0.8.1 rubygem-version_sorter21: 2.1.0 rubygem-loofah20: 2.0.3 rubygem-diffy31: 3.1.0 rubygem-asciidoctor-plantuml007: 0.0.7 rubygem-rack-oauth212: 1.2.3 rubygem-omniauth14: 1.4.3 rubygem-omniauth-shibboleth12: 1.2.1 rubygem-omniauth-saml17: 1.7.0 rubygem-net-ssh41: 4.1.0 rubygem-attr_encrypted30: 3.0.3 rubygem-omniauth-twitter12: 1.2.1 rubygem-omniauth-auth014: 1.4.2 rubygem-octokit46: 4.6.2 rubygem-fog-google0: 0.6.0 rubygem-asset_sync220: 2.2.0 rubygem-hipchat15: 1.5.4 rubygem-premailer-rails19: 1.9.7 rubygem-recaptcha3: 3.4.0 rubygem-omniauth_crowd22: 2.2.3 rubygem-health_check26: 2.6.0 rubygem-grape-entity060: 0.6.0 rubygem-gettext_i18n_rails_js12: 1.2.0 rubygem-flipper011: 0.11.0 rubygem-flipper-active_support_cache_store011: 0.11.0 rubygem-batch-loader: 1.2.1 rubygem-seed-fu236: 2.3.6 rubygem-redis-namespace15: 1.5.3 rubygem-flipper-active_record011: 0.11.0 Installed packages to be UPGRADED: vim-tiny: 8.0.1496 -> 8.0.1521 rubygem-rails4: 4.2.10 -> 4.2.10_1 rubygem-rack-protection: 2.0.0 -> 2.0.1 rubygem-rack-oauth2: 1.8.0 -> 1.8.1 rubygem-prometheus-client-mmap: 0.7.0.b18 -> 0.7.0.b44 rubygem-pg: 0.21.0 -> 1.0.0 rubygem-peek-pg: 1.3.0 -> 1.3.0_1 rubygem-peek-performance_bar: 1.3.0 -> 1.3.1 rubygem-mustermann: 1.0.1 -> 1.0.2 rubygem-hamlit: 2.8.6 -> 2.8.7 rubygem-google-api-client: 0.19.7 -> 0.19.8 ruby24-gems: 2.7.5 -> 2.7.6 npm: 5.6.0_1 -> 5.6.0_2 gmake: 4.2.1_1 -> 4.2.1_2 gitlab-workhorse: 2.3.0 -> 3.3.1 gitlab-shell: 5.9.3 -> 5.11.0 git: 2.16.1 -> 2.16.2 Number of packages to be removed: 2 Number of packages to be installed: 40 Number of packages to be upgraded: 17 Thanks, Hans
(In reply to Hans from comment #13) Please follow the manual you can find here: http://gitlab.toco-domains.de/FreeBSD/GitLab-docu/blob/master/update/10.1-10.4-freebsd.md or here: https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/update/10.1-10.4-freebsd.md
(In reply to Matthias Fechner from comment #14) Thanks a ton! That was a semi scarry upgrade (Not a Ruby guy AT ALL). Snapshotted the jail and followed the guide at: https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/update/10.1-10.4-freebsd.md And it worked like a charm! Thanks for saving me a headache over the weekend and sorry for thinking it was a bug.