diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-02 04:18:19 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-21 13:16:31 +0100 |
| commit | 29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d (patch) | |
| tree | 9d1c7f4379014ad53a8bfc3e29782ea3b5e4ac9d /pkgs/applications/version-management | |
| parent | 37c31c635d77c319c151905678983ae12789188e (diff) | |
| download | nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar.gz nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar.bz2 nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar.lz nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar.xz nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.tar.zst nixlib-29f57ac4479fa5baed5bbbf29fe1b4eac7a86b4d.zip | |
gitlab: 8.16.6 -> 8.17.4 for CVE-2017-0882
Diffstat (limited to 'pkgs/applications/version-management')
4 files changed, 99 insertions, 104 deletions
diff --git a/pkgs/applications/version-management/gitlab/Gemfile b/pkgs/applications/version-management/gitlab/Gemfile index 6d6564ea5f9b..db1ac67a6667 100644 --- a/pkgs/applications/version-management/gitlab/Gemfile +++ b/pkgs/applications/version-management/gitlab/Gemfile @@ -7,7 +7,6 @@ gem 'rails-deprecated_sanitizer', '~> 1.0.3' gem 'responders', '~> 2.0' gem 'sprockets', '~> 3.7.0' -gem 'sprockets-es6', '~> 0.9.2' # Default values for AR models gem 'default_value_for', '~> 3.0.0' @@ -36,7 +35,7 @@ gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' gem 'omniauth-authentiq', '~> 0.2.0' gem 'rack-oauth2', '~> 1.2.1' -gem 'jwt' +gem 'jwt', '~> 1.5.6' # Spam and anti-bot protection gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' @@ -48,6 +47,9 @@ gem 'rqrcode-rails3', '~> 0.1.7' gem 'attr_encrypted', '~> 3.0.0' gem 'u2f', '~> 0.2.1' +# GitLab Pages +gem 'validates_hostname', '~> 1.0.6' + # Browser detection gem 'browser', '~> 2.2' @@ -109,7 +111,7 @@ gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' gem 'asciidoctor', '~> 1.5.2' -gem 'asciidoctor-plantuml', '0.0.6' +gem 'asciidoctor-plantuml', '0.0.7' gem 'rouge', '~> 2.0' gem 'truncato', '~> 0.7.8' @@ -219,10 +221,12 @@ gem 'oj', '~> 2.17.4' gem 'chronic', '~> 0.10.2' gem 'chronic_duration', '~> 0.10.6' +gem 'webpack-rails', '~> 0.9.9' +gem 'rack-proxy', '~> 0.6.0' + gem 'sass-rails', '~> 5.0.6' gem 'coffee-rails', '~> 4.1.0' gem 'uglifier', '~> 2.7.2' -gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6' gem 'addressable', '~> 2.3.8' gem 'bootstrap-sass', '~> 3.3.0' @@ -280,6 +284,7 @@ group :development, :test do gem 'rspec-retry', '~> 0.4.5' gem 'spinach-rails', '~> 0.2.1' gem 'spinach-rerun-reporter', '~> 0.0.2' + gem 'rspec_profiling' # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) gem 'minitest', '~> 5.7.0' @@ -291,13 +296,9 @@ group :development, :test do gem 'capybara-screenshot', '~> 1.0.0' gem 'poltergeist', '~> 1.9.0' - gem 'teaspoon', '~> 1.1.0' - gem 'teaspoon-jasmine', '~> 2.2.0' - gem 'spring', '~> 1.7.0' gem 'spring-commands-rspec', '~> 1.0.4' gem 'spring-commands-spinach', '~> 1.1.0' - gem 'spring-commands-teaspoon', '~> 0.0.2' gem 'rubocop', '~> 0.46.0', require: false gem 'rubocop-rspec', '~> 1.9.1', require: false diff --git a/pkgs/applications/version-management/gitlab/Gemfile.lock b/pkgs/applications/version-management/gitlab/Gemfile.lock index 80cdf9d3258d..1916267bb89b 100644 --- a/pkgs/applications/version-management/gitlab/Gemfile.lock +++ b/pkgs/applications/version-management/gitlab/Gemfile.lock @@ -56,7 +56,7 @@ GEM faraday_middleware-multi_json (~> 0.0) oauth2 (~> 1.0) asciidoctor (1.5.3) - asciidoctor-plantuml (0.0.6) + asciidoctor-plantuml (0.0.7) asciidoctor (~> 1.5) ast (2.3.0) attr_encrypted (3.0.3) @@ -74,10 +74,6 @@ GEM descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) - babel-source (5.8.35) - babel-transpiler (0.7.0) - babel-source (>= 4.0, < 6) - execjs (~> 2.0) babosa (1.0.2) base32 (0.3.2) bcrypt (3.1.11) @@ -268,8 +264,6 @@ GEM mime-types (>= 1.16, < 3) posix-spawn (~> 0.3) gitlab-markup (1.5.1) - gitlab-turbolinks-classic (2.5.6) - coffee-rails gitlab_omniauth-ldap (1.2.1) net-ldap (~> 0.9) omniauth (~> 1.0) @@ -381,7 +375,7 @@ GEM json (1.8.3) json-schema (2.6.2) addressable (~> 2.3.8) - jwt (1.5.4) + jwt (1.5.6) kaminari (0.17.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -550,6 +544,8 @@ GEM rack (>= 1.1) rack-protection (1.5.3) rack + rack-proxy (0.6.0) + rack rack-test (0.6.3) rack (>= 1.0) rails (4.2.7.1) @@ -644,6 +640,11 @@ GEM rspec-retry (0.4.5) rspec-core rspec-support (3.5.0) + rspec_profiling (0.0.4) + activerecord + pg + rails + sqlite3 rubocop (0.46.0) parser (>= 2.3.1.1, < 3.0) powerpack (~> 0.1) @@ -662,7 +663,7 @@ GEM sexp_processor (~> 4.1) rubyntlm (0.5.2) rubypants (0.2.0) - rubyzip (1.2.0) + rubyzip (1.2.1) rufus-scheduler (3.1.10) rugged (0.24.0) safe_yaml (1.0.4) @@ -732,19 +733,14 @@ GEM spring (>= 0.9.1) spring-commands-spinach (1.1.0) spring (>= 0.9.1) - spring-commands-teaspoon (0.0.2) - spring (>= 0.9.1) sprockets (3.7.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-es6 (0.9.2) - babel-source (>= 5.8.11) - babel-transpiler - sprockets (>= 3.0.0) sprockets-rails (3.1.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) + sqlite3 (1.3.11) stackprof (0.2.10) state_machines (0.4.0) state_machines-activemodel (0.4.0) @@ -757,10 +753,6 @@ GEM sys-filesystem (1.1.6) ffi sysexits (1.2.0) - teaspoon (1.1.5) - railties (>= 3.2.5, < 6) - teaspoon-jasmine (2.2.0) - teaspoon (>= 1.0.0) temple (0.7.7) test_after_commit (1.1.0) activerecord (>= 3.2) @@ -795,6 +787,9 @@ GEM get_process_mem (~> 0) unicorn (>= 4, < 6) uniform_notifier (1.10.0) + validates_hostname (1.0.6) + activerecord (>= 3.0) + activesupport (>= 3.0) version_sorter (2.1.0) virtus (1.0.5) axiom-types (~> 0.1) @@ -812,6 +807,8 @@ GEM webmock (1.21.0) addressable (>= 2.3.6) crack (>= 0.3.2) + webpack-rails (0.9.9) + rails (>= 3.2.0) websocket-driver (0.6.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) @@ -838,7 +835,7 @@ DEPENDENCIES allocations (~> 1.0) asana (~> 0.4.0) asciidoctor (~> 1.5.2) - asciidoctor-plantuml (= 0.0.6) + asciidoctor-plantuml (= 0.0.7) attr_encrypted (~> 3.0.0) awesome_print (~> 1.2.0) babosa (~> 1.0.2) @@ -888,7 +885,6 @@ DEPENDENCIES github-linguist (~> 4.7.0) gitlab-flowdock-git-hook (~> 1.0.1) gitlab-markup (~> 1.5.1) - gitlab-turbolinks-classic (~> 2.5, >= 2.5.6) gitlab_omniauth-ldap (~> 1.2.1) gollum-lib (~> 4.2) gollum-rugged_adapter (~> 0.4.2) @@ -909,7 +905,7 @@ DEPENDENCIES jquery-rails (~> 4.1.0) jquery-ui-rails (~> 5.0.0) json-schema (~> 2.6.2) - jwt + jwt (~> 1.5.6) kaminari (~> 0.17.0) knapsack (~> 1.11.0) kubeclient (~> 2.2.0) @@ -952,6 +948,7 @@ DEPENDENCIES rack-attack (~> 4.4.1) rack-cors (~> 0.4.0) rack-oauth2 (~> 1.2.1) + rack-proxy (~> 0.6.0) rails (= 4.2.7.1) rails-deprecated_sanitizer (~> 1.0.3) rainbow (~> 2.1.0) @@ -968,6 +965,7 @@ DEPENDENCIES rqrcode-rails3 (~> 0.1.7) rspec-rails (~> 3.5.0) rspec-retry (~> 0.4.5) + rspec_profiling rubocop (~> 0.46.0) rubocop-rspec (~> 1.9.1) ruby-fogbugz (~> 0.2.1) @@ -992,15 +990,11 @@ DEPENDENCIES spring (~> 1.7.0) spring-commands-rspec (~> 1.0.4) spring-commands-spinach (~> 1.1.0) - spring-commands-teaspoon (~> 0.0.2) sprockets (~> 3.7.0) - sprockets-es6 (~> 0.9.2) stackprof (~> 0.2.10) state_machines-activerecord (~> 0.4.0) sys-filesystem (~> 1.1.6) - teaspoon (~> 1.1.0) - teaspoon-jasmine (~> 2.2.0) - test_after_commit (~> 0.4.2) + test_after_commit (~> 1.1) thin (~> 1.7.0) timecop (~> 0.8.0) truncato (~> 0.7.8) @@ -1010,12 +1004,14 @@ DEPENDENCIES unf (~> 0.1.4) unicorn (~> 5.1.0) unicorn-worker-killer (~> 0.4.4) + validates_hostname (~> 1.0.6) version_sorter (~> 2.1.0) virtus (~> 1.0.1) vmstat (~> 2.3.0) web-console (~> 2.0) webmock (~> 1.21.0) + webpack-rails (~> 0.9.9) wikicloth (= 0.8.1) BUNDLED WITH - 1.13.7 + 1.14.5 diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 60921fc54886..0e078950e665 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -1,5 +1,5 @@ -{ stdenv, lib, bundler, fetchFromGitHub, bundlerEnv, libiconv, ruby -, tzdata, git, nodejs, procps +{ stdenv, lib, bundler, fetchurl, fetchFromGitHub, bundlerEnv, libiconv, ruby +, tzdata, git, nodejs, procps, dpkg }: /* When updating the Gemfile add `gem "activerecord-nulldb-adapter"` @@ -18,19 +18,27 @@ let }; }; + version = "8.17.4"; + + gitlabDeb = fetchurl { + url = "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_${version}-ce.0_amd64.deb/download"; + sha256 = "1fd6y9lyavzsm2ac10sip01dnvcd73ymcn2rqdljr4sq4f222mry"; + }; + in stdenv.mkDerivation rec { name = "gitlab-${version}"; - version = "8.16.6"; - buildInputs = [ env ruby bundler tzdata git nodejs procps ]; + buildInputs = [ + env ruby bundler tzdata git nodejs procps dpkg + ]; src = fetchFromGitHub { owner = "gitlabhq"; repo = "gitlabhq"; rev = "v${version}"; - sha256 = "03rzms2frwx4c09l2rig1amlxj965s2iq421i52j8wj2khb7pd7g"; + sha256 = "1yrbbf55pz7863xngl2mxwj9w4imdlqvmqywd1zpnswdsjqxa5xj"; }; patches = [ @@ -64,9 +72,15 @@ stdenv.mkDerivation rec { buildPhase = '' mv config/gitlab.yml.example config/gitlab.yml - GITLAB_DATABASE_ADAPTER=nulldb \ - SKIP_STORAGE_VALIDATION=true \ - rake assets:precompile RAILS_ENV=production + + dpkg -x ${gitlabDeb} . + mv -v opt/gitlab/embedded/service/gitlab-rails/public/assets public + rm -rf opt + + export GITLAB_DATABASE_ADAPTER=nulldb + export SKIP_STORAGE_VALIDATION=true + rake assets:precompile RAILS_ENV=production + mv config/gitlab.yml config/gitlab.yml.example rm config/secrets.yml mv config config.dist diff --git a/pkgs/applications/version-management/gitlab/gemset.nix b/pkgs/applications/version-management/gitlab/gemset.nix index 1ebb7c5b1fa1..4bc57f6bd08e 100644 --- a/pkgs/applications/version-management/gitlab/gemset.nix +++ b/pkgs/applications/version-management/gitlab/gemset.nix @@ -146,10 +146,10 @@ asciidoctor-plantuml = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0rd8yh0by5sxhg1c3cb1mzkp4jp3j8v6vzbyv1mx492s9ml451fx"; + sha256 = "00ax9r822n4ykl6jizaxp03wqzknr7nn20mmqjpiwajy9j0zvr88"; type = "gem"; }; - version = "0.0.6"; + version = "0.0.7"; }; ast = { source = { @@ -207,22 +207,6 @@ }; version = "0.1.1"; }; - babel-source = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1ncq8h82k6hypzfb5dk7z95mmcdwnhsxmc53xz17m1nbklm25vvr"; - type = "gem"; - }; - version = "5.8.35"; - }; - babel-transpiler = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0w0minwxj56w96xps1msm6n75fs0y7r1vqcr9zlsn74fksnz81jc"; - type = "gem"; - }; - version = "0.7.0"; - }; babosa = { source = { remotes = ["https://rubygems.org"]; @@ -944,14 +928,6 @@ }; version = "1.5.1"; }; - gitlab-turbolinks-classic = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1zfqwa1pahhcz1yxvwigg94bck2zsqk2jsrc0wdcybhr0iwi5jra"; - type = "gem"; - }; - version = "2.5.6"; - }; gitlab_omniauth-ldap = { source = { remotes = ["https://rubygems.org"]; @@ -1235,10 +1211,10 @@ jwt = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0s5llb4mhpy0phzbrc4jd2jd2b91h1axy4bhci7g1bdz1w2m3a2i"; + sha256 = "124zz1142bi2if7hl5pcrcamwchv4icyr5kaal9m2q6wqbdl6aw4"; type = "gem"; }; - version = "1.5.4"; + version = "1.5.6"; }; kaminari = { source = { @@ -1848,6 +1824,14 @@ }; version = "1.5.3"; }; + rack-proxy = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bpbcb9ch94ha2q7gdri88ry7ch0z6ian289kah9ayxyqg19j6f4"; + type = "gem"; + }; + version = "0.6.0"; + }; rack-test = { source = { remotes = ["https://rubygems.org"]; @@ -2152,6 +2136,14 @@ }; version = "3.5.0"; }; + rspec_profiling = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01qrs189r0q08ys8vax269ff858q9ypsc94n1d700m9da44zi3wg"; + type = "gem"; + }; + version = "0.0.4"; + }; rubocop = { source = { remotes = ["https://rubygems.org"]; @@ -2227,10 +2219,10 @@ rubyzip = { source = { remotes = ["https://rubygems.org"]; - sha256 = "10a9p1m68lpn8pwqp972lv61140flvahm3g9yzbxzjks2z3qlb2s"; + sha256 = "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz"; type = "gem"; }; - version = "1.2.0"; + version = "1.2.1"; }; rufus-scheduler = { source = { @@ -2464,14 +2456,6 @@ }; version = "1.1.0"; }; - spring-commands-teaspoon = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1g7n4m2s9d0frh7y1xibzpphqajfnx4fvgfc66nh545dd91w2nqz"; - type = "gem"; - }; - version = "0.0.2"; - }; sprockets = { source = { remotes = ["https://rubygems.org"]; @@ -2480,21 +2464,21 @@ }; version = "3.7.0"; }; - sprockets-es6 = { + sprockets-rails = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0508h3vnjz08c64k11za6cqnbvvifka9pmdrycamzzjd4dmf10y3"; + sha256 = "1sak0as7ka964f6zjb1w8hkvfkkbf55kpcyvh7k6nyrb6pqnwmnf"; type = "gem"; }; - version = "0.9.2"; + version = "3.1.1"; }; - sprockets-rails = { + sqlite3 = { source = { remotes = ["https://rubygems.org"]; - sha256 = "1sak0as7ka964f6zjb1w8hkvfkkbf55kpcyvh7k6nyrb6pqnwmnf"; + sha256 = "19r06wglnm6479ffj9dl0fa4p5j2wi6dj7k6k3d0rbx7036cv3ny"; type = "gem"; }; - version = "3.1.1"; + version = "1.3.11"; }; stackprof = { source = { @@ -2552,22 +2536,6 @@ }; version = "1.2.0"; }; - teaspoon = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1xz5f1w8jm2fg1g194kf17gh36imd7sgs9cx0adqx1l22p7jrkvv"; - type = "gem"; - }; - version = "1.1.5"; - }; - teaspoon-jasmine = { - source = { - remotes = ["https://rubygems.org"]; - sha256 = "00wygrv1jm4aj15p1ab9d5fdrj6y83kv26xgp52mx4lp78h2ms9q"; - type = "gem"; - }; - version = "2.2.0"; - }; temple = { source = { remotes = ["https://rubygems.org"]; @@ -2728,6 +2696,14 @@ }; version = "1.10.0"; }; + validates_hostname = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04p1l0v98j4ffvaks1ig9mygx5grpbpdgz7haq3mygva9iy8ykja"; + type = "gem"; + }; + version = "1.0.6"; + }; version_sorter = { source = { remotes = ["https://rubygems.org"]; @@ -2776,6 +2752,14 @@ }; version = "1.21.0"; }; + webpack-rails = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02jxkpdbi48yhcgldgl5jxnhnad83rdgpkkcwh8w1h6iyg04d42j"; + type = "gem"; + }; + version = "0.9.9"; + }; websocket-driver = { source = { remotes = ["https://rubygems.org"]; |