Commit Graph

241 Commits

Author SHA1 Message Date
Milan
f391999026
gitlab: 12.8.2 -> 12.8.5 (#82142)
https://about.gitlab.com/releases/2020/03/09/gitlab-12-8-5-released/
2020-03-09 17:23:51 +01:00
Milan
c25756f91c
gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00
talyz
74769b6799 gitaly: Copy gem files into bundler env instead of symlinking
This fixes issue #79374, where gitaly prints warning messages on the
client side when running push or fetch.
2020-03-03 21:19:01 +01:00
talyz
17721d3b33 gitaly: Add myself to maintainers 2020-03-03 21:19:01 +01:00
talyz
a3b2828de3 gitlab-shell: Change name from gitlab-shell-go to gitlab-shell
This is left over from when gitlab-shell had a ruby part and a go
part. The ruby part is now gone, so let's call the go part
gitlab-shell.
2020-03-03 21:19:01 +01:00
talyz
f2bb5238aa gitlab-workhorse: 8.20.0 -> 8.21.0 2020-03-03 21:19:01 +01:00
talyz
facef28665 gitaly: 1.83.0 -> 12.8.1
In order to build gitaly, this locally overrides the version of
libgit2, since gitaly is not compatible with the latest version.
2020-03-03 21:19:01 +01:00
talyz
7d8a2004cf gitlab: 12.7.6 -> 12.8.1
https://about.gitlab.com/releases/2020/02/22/gitlab-12-8-released/
https://about.gitlab.com/releases/2020/02/24/gitlab-12-8-1-released/
2020-03-03 21:19:01 +01:00
Florian Klink
0a87568b03 gitlab: 12.7.5 -> 12.7.6 2020-02-13 22:18:27 +01:00
Florian Klink
0142bd49cc gitlab: 12.7.4 -> 12.7.5
https://about.gitlab.com/releases/2020/01/31/gitlab-12-7-5-released/
2020-02-01 17:07:55 +01:00
Florian Klink
cb02372211 gitlab: 12.6.4 -> 12.7.4
- CVE-2020-7966
 - CVE-2020-8114
 - CVE-2020-7973
 - CVE-2020-6833
 - CVE-2020-7971
 - CVE-2020-7967
 - CVE-2020-7972
 - CVE-2020-7968
 - CVE-2020-7979
 - CVE-2020-7969
 - CVE-2020-7978
 - CVE-2020-7974
 - CVE-2020-7977
 - CVE-2020-7976
 - CVE-2019-16779
 - CVE-2019-18978
 - CVE-2019-16892
2020-01-31 12:34:57 +01:00
Florian Klink
968f7c2890 gitaly: 1.77.1 -> 1.83.0 2020-01-31 12:25:55 +01:00
Florian Klink
d2e149584f gitlab-workhorse: 8.18.0 -> 8.20.0 2020-01-31 12:25:24 +01:00
Florian Klink
3f4d3dbc5f gitlab-shell: 10.3.0 -> 11.0.0 2020-01-31 12:25:11 +01:00
Robin Gloster
7b26075b13
Merge pull request #77624 from mayflower/gitlab-ce-assets-building
gitlab: fix asset building for CE
2020-01-16 20:23:26 +01:00
Florian Klink
57560cc028 gitlab: 12.6.2 -> 12.6.4 2020-01-13 21:49:34 +01:00
Florian Klink
e1e61f31a3 gitaly: a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83 -> 1.77.1 2020-01-13 21:49:18 +01:00
Robin Gloster
6bf0ed8e02
gitlab: fix asset building for CE
We have to specify if we're building CE or EE otherwise at least some JS
building was broken, resulting in e.g. broken "boards" pages.
2020-01-13 15:57:11 +01:00
Florian Klink
d075e33bf5 gitlab: 12.6.1 -> 12.6.2
- CVE-2019-20146
 - CVE-2019-20143
 - CVE-2019-20147
 - CVE-2019-20145
 - CVE-2019-20142
 - CVE-2019-20148
 - CVE-2020-5197
2020-01-02 23:09:53 +01:00
talyz
0825e382c0 gitlab: 12.6.0 -> 12.6.1 2019-12-28 14:00:04 +01:00
talyz
ff28cfa6d3 gitlab: 12.5.5 -> 12.6.0 2019-12-23 00:39:33 +01:00
talyz
a3c72e66a6 gitlab: update.py: Get go deps for gitlab-shell from the root dir
GitLab Shell now has the go.mod and go.sum files in the root of the
repo; the go subdirectory has been removed and all the code in it has
been moved up to the root.
2019-12-23 00:26:28 +01:00
talyz
445bc1494c gitaly: 1.72.1 -> a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83
For some reason this untagged commit is the one referred to in the
main repository; this might be a mistake, but we'll have to package it
for now to follow upstream.
2019-12-23 00:18:39 +01:00
talyz
2f614714ed gitlab-workhorse: 8.14.1 -> 8.18.0 2019-12-22 23:49:29 +01:00
talyz
6972aec884 gitlab-shell: 10.2.0 -> 10.3.0 2019-12-22 23:48:18 +01:00
talyz
7d602d3d36 gitlab: 12.5.4 -> 12.5.5 2019-12-17 22:18:10 +01:00
Florian Klink
5bf07d665f gitlab: 12.5.3 -> 12.5.4
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.
2019-12-11 15:16:36 +01:00
Milan Pässler
a43003d633 gitlab: 12.5.2 -> 12.5.3 2019-12-04 11:30:40 +01:00
Florian Klink
b5cbd81954 Revert "gitlab: fix updater shebang"
This reverts commit be6f3f69bf.

In fact, `yarn2nix-moretea.yarn2nix` should be available via `yarn2nix`
in nixpkgs master.
2019-11-28 16:15:07 +01:00
Florian Klink
deb0049ca0 gitlab-workhorse: 8.14.0 -> 8.14.1 2019-11-28 00:18:03 +01:00
Florian Klink
02eae2c3aa gitaly: 1.72.0 -> 1.72.1 2019-11-28 00:17:50 +01:00
Florian Klink
00f4760cdc gitlab: 12.5.0 -> 12.5.2 2019-11-28 00:17:30 +01:00
Florian Klink
be6f3f69bf gitlab: fix updater shebang 2019-11-28 00:17:17 +01:00
talyz
ce2aa10765 gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00
Florian Klink
e0734891f8
Merge pull request #73857 from petabyteboy/feature/gitlab-12-4-3
gitlab: 12.4.2 -> 12.4.3
2019-11-25 20:41:26 +01:00
Milan Pässler
7e0127e1ca tree-wide: inherit yarn2nix from yarn2nix-moretea 2019-11-24 01:04:26 +01:00
Milan Pässler
f53fe02ff0 gitlab: 12.4.2 -> 12.4.3 2019-11-21 09:35:56 +00:00
talyz
a779d7751e gitlab: 12.4.1 -> 12.4.2 2019-11-06 10:56:20 +01:00
talyz
22302ce845 gitlab: Limit node memory consumption to 2048MB
Hydra fails to build the assets on i686 - it runs out of memory. If we
limit the max consumption to 2048MB the assets still build, and will
hopefully also build on hydra.
2019-11-06 10:56:20 +01:00
talyz
a30facc96e gitlab: Don't build any gitlab component outside linux
For some reason hydra seems to have issues downloading the
gitlab-workhorse source on macOS. Since we don't build the rails app
for macOS, the other components seem a bit useless there, so we
limit them to linux for now.
2019-11-06 10:56:20 +01:00
talyz
2e8417b52a gitlab: 12.4.0 -> 12.4.1 2019-10-31 18:55:08 +01:00
talyz
5081a6cd56 gitlab: 12.3.5 -> 12.4.0
- gitlab-shell no longer requires ruby for anything else than the
  install script, so the bundlerEnv stuff could be dropped

- gitlab-shell and gitlab-workhorse now report their versions
  correctly
2019-10-28 14:56:37 +01:00
talyz
ed4a09c6f3 gitlab: Get rid of most 'already initialized constant'-warnings
On start, unicorn, sidekiq and other parts running ruby code emits
quite a few warnings similar to

/var/gitlab/state/config/application.rb:202: warning: already initialized constant Gitlab::Application::LOOSE_EE_APP_ASSETS
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/config/application.rb:202: warning: previous definition of LOOSE_EE_APP_ASSETS was here
/var/gitlab/state/lib/gitlab.rb:38: warning: already initialized constant Gitlab::COM_URL
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/lib/gitlab.rb:38: warning: previous definition of COM_URL was here

This seems to be caused by the same ruby files being evaluated
multiple times due to the paths being different - sometimes they're
loaded using the direct path and sometimes through a symlink, due to
our split between config and package data. To fix this, we make sure
that the offending files in the state directory always reference the
store path, regardless of that being the real file or a symlink.
2019-10-19 19:30:28 +02:00
Robin Gloster
eadeca9ea7
Merge pull request #70216 from talyz/gitlab_12_3_2
gitlab: 12.1.6 -> 12.3.5, bundler: 1.17.2 -> 1.17.3
2019-10-09 00:27:04 +02:00
talyz
c115d4df88 gitlab: Add myself to list of maintainers 2019-10-08 16:37:01 +02:00
talyz
9be76d0b6a gitlab: 12.3.4 -> 12.3.5 2019-10-08 16:35:50 +02:00
talyz
afa3abf632 gitlab: Refactor for new repo structure
GitLab recently restructured their repos; whereas previously they had
one gitlab-ce and one gitlab-ee repo, they're now one and the
same. All proprietary components are put into the ee subdirectory -
removing it gives us the foss / community version of GitLab. For more
info, see
https://about.gitlab.com/2019/02/21/merging-ce-and-ee-codebases/

This gives us the opportunity to simplify things quite a bit, since we
don't have to keep track of two separate versions of either the base
data or rubyEnv.
2019-10-08 15:52:11 +02:00
talyz
59324d1fb9 gitlab: Build frontend assets from source
Instead of extracting prebuilt assets from the debian build, build
them from the source. This should give faster package updates and
reduces the amount of data needed to be downloaded by more than 500MB.
2019-10-08 11:24:06 +02:00
Christine Koppelt
ee06d27cf2 treewide: add some missing meta: descriptions and homepages (#70497) 2019-10-06 00:59:26 -04:00
talyz
09e657efea gitlab-shell: Split patch into ruby and go parts
Split the remove-hardcoded-locations patch into two separate patches,
one for the ruby package and one for the go package. This is clearer
and results in fewer rebuilds.
2019-10-04 18:06:23 +02:00
talyz
f3eb063ecf gitlab: 12.1.6 -> 12.3.4
- Update GitLab to 12.3.4

- Update update.py to cope with the new upstream repository structure

- Refactor gitlab-shell to use buildGoPackage and bundlerEnv for
  dependencies

- Refactor gitlab-workhorse to use buildGoPackage for dependencies

- Make update.py able to update gitlab-shell and gitlab-workhorse
  dependencies

- Various fixes necessary for update to work
2019-10-04 18:03:05 +02:00
volth
7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Florian Klink
48da993627 gitaly: 1.47.0 -> 1.53.2 2019-08-14 14:52:16 +02:00
Florian Klink
362076c581 gitlab-ee: 12.0.3 -> 12.1.6 2019-08-14 14:51:59 +02:00
Florian Klink
8ce1c4c26a gitlab-ce: 12.0.3 -> 12.1.6 2019-08-14 14:51:00 +02:00
Florian Klink
765491c895 gitlab: remove gitlab-deb-data.tar after extracting from it
There's no reason to ship a 1.6GiB .tar file in the output.
Slims down that output from 1.9GiB to ~350MiB
2019-08-14 14:45:08 +02:00
Florian Klink
89aae903da gitaly: fix hashes
It seems the sha256 hashes of 3 gitaly dependencies were wrong or
changed.
2019-07-27 14:29:29 +02:00
Robin Gloster
a33ddd7a68
gitlab-shell: fix fallback bin searching 2019-07-16 03:51:22 +02:00
Ben Gamari
9f77b4a599 gitaly: Fix IFD import 2019-07-15 21:29:57 -04:00
Robin Gloster
5589612599
gitlab: add all necessary gem groups 2019-07-16 01:18:42 +02:00
Robin Gloster
722ee7756b
gitlab: add gitaly go mod handling for the updater 2019-07-16 01:18:11 +02:00
Robin Gloster
6c98b0ff43
gitaly: add go mod deps 2019-07-16 01:17:38 +02:00
Ben Gamari
363b352af3 gitlab: 11.10.8 -> 12.0.3
This is a major version bump but things were generally straightforward
save two wrinkles:

 * it is necessary to ignore collisions in the gitlab bundler
   environment as both `omniauth_oauth2_generic` and
   `apollo_upload_server` provide a `console` executable.

 * grpc had to be patched since its build system expects the `AR`
   environment variable to contain not just the path to `ar` but
   also the `rpc` flags (see the discussion in nixpkgs #63056).
2019-07-14 23:03:39 +02:00
Florian Klink
1a205ad7fb gitlab-ce: remove substituteInPlace
This was removed in
23bcbf04c8
(since v11.6.0)
2019-07-05 00:44:10 +02:00
Florian Klink
80c35fb2a5 gitaly: 1.34.1 -> 1.34.3 2019-07-05 00:44:10 +02:00
Florian Klink
580be224c7 gitlab-ee: 11.10.5 -> 11.10.8 2019-07-05 00:44:10 +02:00
Florian Klink
c57a9d7f9a gitlab-ce: 11.10.5 -> 11.10.8 2019-07-05 00:44:10 +02:00
Léo Gaspard
42170cbf58
gitlab: add link to nixos test in passthru.tests 2019-06-13 02:23:15 +02:00
Marek Mahut
bf01a3ba94 gitlab: 11.10.4 -> 11.10.5 2019-06-13 01:45:13 +02:00
Robin Gloster
2ec5786a4d
gitaly: fix build 2019-05-06 19:11:43 +02:00
Florian Klink
d237c8a182 gitlab-ee: 11.9.11 -> 11.10.4 2019-05-03 20:22:08 +02:00
Florian Klink
02124aa8fb gitlab-ce: 11.9.11 -> 11.10.4 2019-05-03 20:21:55 +02:00
Florian Klink
41d95302c0 gitlab-workhorse: 8.3.3 -> 8.5.2 2019-05-03 20:21:12 +02:00
Florian Klink
030bc8086b gitaly: 1.27.2 -> 1.34.1 2019-05-03 20:20:20 +02:00
Florian Klink
61bf39c5a1 gitlab-shell: 8.7.1 -> 9.0.0 2019-05-03 20:20:01 +02:00
Florian Klink
847eb76cf8 gitlab: update.py: properly sort version numbers, ignore invalid versions 2019-05-03 20:18:14 +02:00
Florian Klink
cc785b3b9a gitaly: 1.27.1 -> 1.27.2 2019-05-01 14:49:16 +02:00
Florian Klink
5d6f6d5d94 gitlab-ee: 11.9.8 -> 11.9.11 2019-05-01 14:48:58 +02:00
Florian Klink
b9df035cb7 gitlab-ce: 11.9.8 -> 11.9.11 2019-05-01 14:48:27 +02:00
Florian Klink
33423e52c6 gitlab-ee: 11.9.1 -> 11.9.8 2019-04-22 23:41:32 +02:00
Florian Klink
04b5eb10c0 gitlab-ce: 11.9.1 -> 11.9.8 2019-04-22 23:41:32 +02:00
Florian Klink
74eb807f83 gitlab-workhorse: 8.3.1 -> 8.3.3 2019-04-22 23:41:32 +02:00
Ben Gamari
50a4de7326 nixos/gitlab: Install and fixup vendorised gitlab-shell
gitaly now ships its own vendorised version of gitlab-shell. Previously
we failed to install this, resulting in
https://gitlab.com/gitlab-org/gitlab-ce/issues/59403.
2019-03-29 11:53:07 -04:00
Florian Klink
ec319793b4 gitlab: 11.9.0 -> 11.9.1 2019-03-26 21:00:04 +01:00
Florian Klink
e558347243 gitaly: 1.27.0 -> 1.27.1 2019-03-26 20:59:46 +01:00
Ben Gamari
d8c16f11a6 gitlab: 11.8.2 -> 11.9.0 2019-03-25 15:25:11 -04:00
Ben Gamari
0ba98bb64c gitlab: 11.7.5 -> 11.8.2 2019-03-25 15:25:06 -04:00
Wael M. Nasreddine
483d823ec4
gitlab-shell: export GOCACHE in the installPhase
TMPDIR, in `GOCACHE = "$TMPDIR";`, will not be intepreted  when it's set
outside of a phase.
2019-03-11 09:59:15 -07:00
Wael M. Nasreddine
6ef04cabd4
go_1_12: init at go 1.12 2019-03-02 14:24:17 -08:00
Florian Klink
f4a7c16bd9 gitlab-ee: 11.7.4 -> 11.7.5 2019-02-17 13:43:52 +01:00
Florian Klink
7f6351a21d gitlab: 11.7.4 -> 11.7.5 2019-02-17 13:43:38 +01:00
Florian Klink
75f66b19dd gitlab-workhorse: 8.0.1 -> 8.0.2 2019-02-17 13:42:35 +01:00
Jeff Slight
8c043d3c7b gitlab: 11.6.3 -> 11.7.4 2019-02-06 00:30:29 +01:00
Robin Gloster
8fac37db00
gitlab: 11.6.0 -> 11.6.3 2019-01-07 20:08:15 +01:00
Florian Klink
134a6decae gitlab-workhorse: 7.1.3 -> 7.6.0 2018-12-25 15:25:45 +01:00
Florian Klink
ca69c9c2d0 gitlab-shell: 8.4.1 -> 8.4.3 2018-12-25 15:25:45 +01:00
Florian Klink
97e7cf75fa gitaly: 0.129.0 -> 1.7.1 2018-12-25 15:25:45 +01:00