Bug 230306 - Update of security/rubygem-doorkeeper to 4.4.x prevents www/gitlab-ce 11.1.2_2 from starting
Summary: Update of security/rubygem-doorkeeper to 4.4.x prevents www/gitlab-ce 11.1.2_...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-02 20:45 UTC by Paul Mather
Modified: 2018-08-31 12:29 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Mather 2018-08-02 20:45:28 UTC
The recent update of the security/rubygem-doorkeeper port to 4.4.1 triggers an error when starting up the current www/gitlab-ce application.  The error triggered is in the doorkeeper initialiser (/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb) in GitLab, at line 116:

=====8<=====
# Remove after we upgrade the doorkeeper gem from version 4.3.2
if Doorkeeper.gem_version > Gem::Version.new('4.3.2')
  raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
end
=====>8=====


(where __FILE__ is /usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb)

The previous version of security/rubygem-doorkeeper was 4.3.2.  It was updated to 4.4.1 on 31st July, 2018.

I guess the easiest fix would be to create a legacy security/rubygem-doorkeeper43 port that holds the Gem at 4.3.2.
Comment 1 commit-hook freebsd_committer 2018-08-03 15:49:49 UTC
A commit references this bug:

Author: mfechner
Date: Fri Aug  3 15:48:56 UTC 2018
New revision: 476298
URL: https://svnweb.freebsd.org/changeset/ports/476298

Log:
  Copied port security/rubygem-doorkeeper and fix it to version 4.3.x which is required by gitlab.

  PR:		230306
  Approved by:	mentors (implicit)

Changes:
  head/security/Makefile
  head/security/rubygem-doorkeeper43/
  head/security/rubygem-doorkeeper43/Makefile
Comment 2 commit-hook freebsd_committer 2018-08-04 00:27:32 UTC
A commit references this bug:

Author: mfechner
Date: Sat Aug  4 00:27:17 UTC 2018
New revision: 476329
URL: https://svnweb.freebsd.org/changeset/ports/476329

Log:
  Update gitlab to 11.1.4.
  Fixed dependency problem for security/doorkeeper.
  The currently used doorkeeper43 version has a security vulnerability, this problem was reported upstream to gitlab here:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/49940

  PR:		230306
  Approved by:	mentors (implicit)

Changes:
  head/www/gitlab-ce/Makefile
  head/www/gitlab-ce/distinfo
  head/www/gitlab-ce/pkg-plist
Comment 3 Matthias Fechner freebsd_committer 2018-08-04 00:27:59 UTC
Thanks for the report!
Comment 4 Sunpoet Po-Chuan Hsieh freebsd_committer 2018-08-04 08:14:18 UTC
The Gemfile of gitlab is misleading. It says:

gem 'doorkeeper', '~> 4.3'

https://gitlab.com/gitlab-org/gitlab-ce/blob/v11.1.2/Gemfile#L37
Comment 5 commit-hook freebsd_committer 2018-08-31 12:26:32 UTC
A commit references this bug:

Author: mfechner
Date: Fri Aug 31 12:25:38 UTC 2018
New revision: 478551
URL: https://svnweb.freebsd.org/changeset/ports/478551

Log:
  MFH: r476298

  Copied port security/rubygem-doorkeeper and fix it to version 4.3.x which is required by gitlab.

  PR:		230306
  Approved by:	mentors (implicit)

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/security/Makefile
  branches/2018Q3/security/rubygem-doorkeeper43/
Comment 6 commit-hook freebsd_committer 2018-08-31 12:29:37 UTC
A commit references this bug:

Author: mfechner
Date: Fri Aug 31 12:28:57 UTC 2018
New revision: 478553
URL: https://svnweb.freebsd.org/changeset/ports/478553

Log:
  MFH: r476329 r477216 r478496

  Update gitlab to 11.1.4.
  Fixed dependency problem for security/doorkeeper.
  The currently used doorkeeper43 version has a security vulnerability, this problem was reported upstream to gitlab here:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/49940

  PR:		230306
  Approved by:	mentors (implicit)

  www/gitlab-ce add a check after the build process to verify all used gems matching the requirements.
  This should make it easier to see gem updates that are breaking the gitlab-ce port.

  Approved by:	mentors (implicit)

  www/gitlab-ce security update to version 11.1.6.
  Details about vulnerabilities can be found here:
  https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/

  Approved by:	mentors (implicit)
  MFC after:	1 d
  Security:	ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/www/gitlab-ce/Makefile
  branches/2018Q3/www/gitlab-ce/distinfo
  branches/2018Q3/www/gitlab-ce/pkg-plist