Milan Pässler
6956ce821d
gitlab: 13.0.12 -> 13.0.14
2020-08-30 11:24:25 -07:00
Florian Klink
5aa6b4c2a1
gitlab: 13.0.9 -> 13.0.12 ( #94968 )
2020-08-11 14:11:39 +02:00
Milan Pässler
f3a353f184
gitlab: 13.0.8 -> 13.0.9
...
Security release: https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/
2020-07-07 22:15:03 +02:00
Florian Klink
d986fccd9d
gitlab: 13.0.6 -> 13.0.8 ( #92060 )
2020-07-06 22:44:18 +02:00
Florian Klink
38a4af7d19
gitlab: 13.0.4 -> 13.0.6
...
CI Token Access Control
An authorization issue discovered in the mirroring logic allowed read access to private repositories. This issue is now mitigated in the latest release and is waiting for a CVE ID to be assigned.
https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/
2020-06-11 00:27:11 +02:00
talyz
0b5c534598
gitlab: 13.0.3 -> 13.0.4
...
https://about.gitlab.com/releases/2020/06/03/critical-security-release-13-0-4-released/
2020-06-04 14:32:45 +02:00
Robin Gloster
79454f15ac
gitlab: 12.10.8 -> 13.0.3
...
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/
The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
2020-06-04 14:32:39 +02:00
Robin Gloster
b64205d164
Merge pull request #85293 from petabyteboy/feature/gitlab-12-9-x
...
gitlab: 12.8.10 -> 12.10.6
2020-05-31 06:10:29 +02:00
Robin Gloster
af05325f10
gitlab: 12.10.6 -> 12.10.8
2020-05-31 03:11:57 +02:00
Robin Gloster
7060927382
gitaly: fix gitlab-shell-config path patching
2020-05-31 03:07:50 +02:00
Kimat Boven
c270ecd5ee
gitaly: use libgit2 from all-packages.nix
2020-05-22 10:39:24 +02:00
Milan Pässler
e32bf64da0
gitaly: revert a commit that broke config loading
2020-05-19 01:31:14 +02:00
Milan Pässler
755554808f
gitlab: increase webpack memory limit
2020-05-18 18:35:08 +02:00
Milan Pässler
f61370214c
gitlab: 12.8.10 -> 12.10.6
2020-05-18 18:34:46 +02:00
Frederik Rietdijk
afb1041148
Merge master into staging-next
2020-05-02 09:39:00 +02:00
Florian Klink
fc64bca95b
gitlab: update.py: use the /refs endpoint
...
It seems the atom feed now needs authentication. Use the /refs endpoint,
which is used for the switch branch/tag dropdown. It doesn't show all
records, but has some pagination, but works well enough for now.
2020-05-01 00:13:43 +02:00
Florian Klink
fdd0d0de1f
gitlab: 12.8.9 -> 12.8.10
2020-04-30 23:16:50 +02:00
Florian Klink
9eb6dc762f
gitaly: 12.8.9 -> 12.8.10
2020-04-30 23:16:43 +02:00
zowoq
b5dc07a4b4
treewide: use $out instead of $bin with buildGoPackage
2020-04-28 20:30:29 +10:00
Florian Klink
81c34ec54f
gitaly: 12.8.8 -> 12.8.9
2020-04-27 10:31:36 +02:00
Florian Klink
b1f66bfcb2
gitlab-workhorse: 8.21.1 -> 8.21.2
2020-04-27 10:31:36 +02:00
Florian Klink
d1902923fa
gitlab: 12.8.8 -> 12.8.9
...
See
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
for details.
2020-04-27 10:31:36 +02:00
Michael Fellinger
4c26ab4198
gitlab: update.py: invoke bundle lock manually
...
`bundix -l` doesn't work, as it treats bundler's warning about upgrading
the lockfile version as an error, so invoke `bundle lock` manually.
2020-04-27 10:31:36 +02:00
Florian Klink
412bb5e04d
gitlab: support passing --rev to the update-all
script
...
While it's already possible to invoke `update-data` with the `--rev`
argument, one still needs to run all later phases manually.
Fix this, by having `update-all` also accept a `--rev` argument, and
pass it down to `update-data`.
Also, make the help text a bit more usable, by suggesting the usual
versioning scheme used these times.
2020-04-27 10:31:36 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Michael Fellinger
f92600b406
update versions in Gemfile.lock
2020-04-06 15:02:13 +02:00
Florian Klink
8ab04fd87b
gitlab: 12.8.7 -> 12.8.8
2020-03-27 10:08:59 +01:00
Kim Lindberger
3a173c1d75
gitlab: 12.8.6 -> 12.8.7 ( #82838 )
...
https://about.gitlab.com/releases/2020/03/16/gitlab-12-8-7-released/
2020-03-24 18:45:39 +01:00
Florian Klink
281bd03242
gitaly: 12.8.5 -> 12.8.6
2020-03-12 12:49:23 +01:00
Florian Klink
ab3b836350
gitlab: 12.8.5 -> 12.8.6
...
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
2020-03-12 02:57:39 +01:00
Florian Klink
d2061f024c
gitlab: update script: unset GOROOT
...
or vgo2nix might not be able to resolve some dependencies.
2020-03-12 02:56:48 +01:00
Milan
f391999026
gitlab: 12.8.2 -> 12.8.5 ( #82142 )
...
https://about.gitlab.com/releases/2020/03/09/gitlab-12-8-5-released/
2020-03-09 17:23:51 +01:00
Milan
c25756f91c
gitlab: 12.8.1 -> 12.8.2 ( #81803 )
...
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)
- Directory Traversal to Arbitrary File Read
- Account Takeover Through Expired Link
- Server Side Request Forgery Through Deprecated Service
- Group Two-Factor Authentication Requirement Bypass
- Stored XSS in Merge Request Pages
- Stored XSS in Merge Request Submission Form
- Stored XSS in File View
- Stored XSS in Grafana Integration
- Contribution Analytics Exposed to Non-members
- Incorrect Access Control in Docker Registry via Deploy Tokens
- Denial of Service via Permission Checks
- Denial of Service in Design For Public Issue
- GitHub Tokens Displayed in Plaintext on Integrations Page
- Incorrect Access Control via LFS Import
- Unescaped HTML in Header
- Private Merge Request Titles Leaked via Widget
- Project Namespace Exposed via Vulnerability Feedback Endpoint
- Denial of Service Through Recursive Requests
- Project Authorization Not Being Updated
- Incorrect Permission Level For Group Invites
- Disclosure of Private Group Epic Information
- User IP Address Exposed via Badge images
- Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00
talyz
74769b6799
gitaly: Copy gem files into bundler env instead of symlinking
...
This fixes issue #79374 , where gitaly prints warning messages on the
client side when running push or fetch.
2020-03-03 21:19:01 +01:00
talyz
17721d3b33
gitaly: Add myself to maintainers
2020-03-03 21:19:01 +01:00
talyz
a3b2828de3
gitlab-shell: Change name from gitlab-shell-go to gitlab-shell
...
This is left over from when gitlab-shell had a ruby part and a go
part. The ruby part is now gone, so let's call the go part
gitlab-shell.
2020-03-03 21:19:01 +01:00
talyz
f2bb5238aa
gitlab-workhorse: 8.20.0 -> 8.21.0
2020-03-03 21:19:01 +01:00
talyz
facef28665
gitaly: 1.83.0 -> 12.8.1
...
In order to build gitaly, this locally overrides the version of
libgit2, since gitaly is not compatible with the latest version.
2020-03-03 21:19:01 +01:00
talyz
7d8a2004cf
gitlab: 12.7.6 -> 12.8.1
...
https://about.gitlab.com/releases/2020/02/22/gitlab-12-8-released/
https://about.gitlab.com/releases/2020/02/24/gitlab-12-8-1-released/
2020-03-03 21:19:01 +01:00
Florian Klink
0a87568b03
gitlab: 12.7.5 -> 12.7.6
2020-02-13 22:18:27 +01:00
Florian Klink
0142bd49cc
gitlab: 12.7.4 -> 12.7.5
...
https://about.gitlab.com/releases/2020/01/31/gitlab-12-7-5-released/
2020-02-01 17:07:55 +01:00
Florian Klink
cb02372211
gitlab: 12.6.4 -> 12.7.4
...
- CVE-2020-7966
- CVE-2020-8114
- CVE-2020-7973
- CVE-2020-6833
- CVE-2020-7971
- CVE-2020-7967
- CVE-2020-7972
- CVE-2020-7968
- CVE-2020-7979
- CVE-2020-7969
- CVE-2020-7978
- CVE-2020-7974
- CVE-2020-7977
- CVE-2020-7976
- CVE-2019-16779
- CVE-2019-18978
- CVE-2019-16892
2020-01-31 12:34:57 +01:00
Florian Klink
968f7c2890
gitaly: 1.77.1 -> 1.83.0
2020-01-31 12:25:55 +01:00
Florian Klink
d2e149584f
gitlab-workhorse: 8.18.0 -> 8.20.0
2020-01-31 12:25:24 +01:00
Florian Klink
3f4d3dbc5f
gitlab-shell: 10.3.0 -> 11.0.0
2020-01-31 12:25:11 +01:00
Robin Gloster
7b26075b13
Merge pull request #77624 from mayflower/gitlab-ce-assets-building
...
gitlab: fix asset building for CE
2020-01-16 20:23:26 +01:00
Florian Klink
57560cc028
gitlab: 12.6.2 -> 12.6.4
2020-01-13 21:49:34 +01:00
Florian Klink
e1e61f31a3
gitaly: a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83 -> 1.77.1
2020-01-13 21:49:18 +01:00
Robin Gloster
6bf0ed8e02
gitlab: fix asset building for CE
...
We have to specify if we're building CE or EE otherwise at least some JS
building was broken, resulting in e.g. broken "boards" pages.
2020-01-13 15:57:11 +01:00
Florian Klink
d075e33bf5
gitlab: 12.6.1 -> 12.6.2
...
- CVE-2019-20146
- CVE-2019-20143
- CVE-2019-20147
- CVE-2019-20145
- CVE-2019-20142
- CVE-2019-20148
- CVE-2020-5197
2020-01-02 23:09:53 +01:00