Commit Graph

206 Commits

Author SHA1 Message Date
Florian Klink
fc64bca95b gitlab: update.py: use the /refs endpoint
It seems the atom feed now needs authentication. Use the /refs endpoint,
which is used for the switch branch/tag dropdown. It doesn't show all
records, but has some pagination, but works well enough for now.
2020-05-01 00:13:43 +02:00
Florian Klink
fdd0d0de1f gitlab: 12.8.9 -> 12.8.10 2020-04-30 23:16:50 +02:00
Florian Klink
9eb6dc762f gitaly: 12.8.9 -> 12.8.10 2020-04-30 23:16:43 +02:00
Florian Klink
81c34ec54f gitaly: 12.8.8 -> 12.8.9 2020-04-27 10:31:36 +02:00
Florian Klink
b1f66bfcb2 gitlab-workhorse: 8.21.1 -> 8.21.2 2020-04-27 10:31:36 +02:00
Florian Klink
d1902923fa gitlab: 12.8.8 -> 12.8.9
See
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
for details.
2020-04-27 10:31:36 +02:00
Michael Fellinger
4c26ab4198 gitlab: update.py: invoke bundle lock manually
`bundix -l` doesn't work, as it treats bundler's warning about upgrading
the lockfile version as an error, so invoke `bundle lock` manually.
2020-04-27 10:31:36 +02:00
Florian Klink
412bb5e04d gitlab: support passing --rev to the update-all script
While it's already possible to invoke `update-data` with the `--rev`
argument, one still needs to run all later phases manually.

Fix this, by having `update-all` also accept a `--rev` argument, and
pass it down to `update-data`.

Also, make the help text a bit more usable, by suggesting the usual
versioning scheme used these times.
2020-04-27 10:31:36 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Michael Fellinger
f92600b406
update versions in Gemfile.lock 2020-04-06 15:02:13 +02:00
Florian Klink
8ab04fd87b gitlab: 12.8.7 -> 12.8.8 2020-03-27 10:08:59 +01:00
Kim Lindberger
3a173c1d75
gitlab: 12.8.6 -> 12.8.7 (#82838)
https://about.gitlab.com/releases/2020/03/16/gitlab-12-8-7-released/
2020-03-24 18:45:39 +01:00
Florian Klink
281bd03242 gitaly: 12.8.5 -> 12.8.6 2020-03-12 12:49:23 +01:00
Florian Klink
ab3b836350 gitlab: 12.8.5 -> 12.8.6
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
2020-03-12 02:57:39 +01:00
Florian Klink
d2061f024c gitlab: update script: unset GOROOT
or vgo2nix might not be able to resolve some dependencies.
2020-03-12 02:56:48 +01:00
Milan
f391999026
gitlab: 12.8.2 -> 12.8.5 (#82142)
https://about.gitlab.com/releases/2020/03/09/gitlab-12-8-5-released/
2020-03-09 17:23:51 +01:00
Milan
c25756f91c
gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00
talyz
74769b6799 gitaly: Copy gem files into bundler env instead of symlinking
This fixes issue #79374, where gitaly prints warning messages on the
client side when running push or fetch.
2020-03-03 21:19:01 +01:00
talyz
17721d3b33 gitaly: Add myself to maintainers 2020-03-03 21:19:01 +01:00
talyz
a3b2828de3 gitlab-shell: Change name from gitlab-shell-go to gitlab-shell
This is left over from when gitlab-shell had a ruby part and a go
part. The ruby part is now gone, so let's call the go part
gitlab-shell.
2020-03-03 21:19:01 +01:00
talyz
f2bb5238aa gitlab-workhorse: 8.20.0 -> 8.21.0 2020-03-03 21:19:01 +01:00
talyz
facef28665 gitaly: 1.83.0 -> 12.8.1
In order to build gitaly, this locally overrides the version of
libgit2, since gitaly is not compatible with the latest version.
2020-03-03 21:19:01 +01:00
talyz
7d8a2004cf gitlab: 12.7.6 -> 12.8.1
https://about.gitlab.com/releases/2020/02/22/gitlab-12-8-released/
https://about.gitlab.com/releases/2020/02/24/gitlab-12-8-1-released/
2020-03-03 21:19:01 +01:00
Florian Klink
0a87568b03 gitlab: 12.7.5 -> 12.7.6 2020-02-13 22:18:27 +01:00
Florian Klink
0142bd49cc gitlab: 12.7.4 -> 12.7.5
https://about.gitlab.com/releases/2020/01/31/gitlab-12-7-5-released/
2020-02-01 17:07:55 +01:00
Florian Klink
cb02372211 gitlab: 12.6.4 -> 12.7.4
- CVE-2020-7966
 - CVE-2020-8114
 - CVE-2020-7973
 - CVE-2020-6833
 - CVE-2020-7971
 - CVE-2020-7967
 - CVE-2020-7972
 - CVE-2020-7968
 - CVE-2020-7979
 - CVE-2020-7969
 - CVE-2020-7978
 - CVE-2020-7974
 - CVE-2020-7977
 - CVE-2020-7976
 - CVE-2019-16779
 - CVE-2019-18978
 - CVE-2019-16892
2020-01-31 12:34:57 +01:00
Florian Klink
968f7c2890 gitaly: 1.77.1 -> 1.83.0 2020-01-31 12:25:55 +01:00
Florian Klink
d2e149584f gitlab-workhorse: 8.18.0 -> 8.20.0 2020-01-31 12:25:24 +01:00
Florian Klink
3f4d3dbc5f gitlab-shell: 10.3.0 -> 11.0.0 2020-01-31 12:25:11 +01:00
Robin Gloster
7b26075b13
Merge pull request #77624 from mayflower/gitlab-ce-assets-building
gitlab: fix asset building for CE
2020-01-16 20:23:26 +01:00
Florian Klink
57560cc028 gitlab: 12.6.2 -> 12.6.4 2020-01-13 21:49:34 +01:00
Florian Klink
e1e61f31a3 gitaly: a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83 -> 1.77.1 2020-01-13 21:49:18 +01:00
Robin Gloster
6bf0ed8e02
gitlab: fix asset building for CE
We have to specify if we're building CE or EE otherwise at least some JS
building was broken, resulting in e.g. broken "boards" pages.
2020-01-13 15:57:11 +01:00
Florian Klink
d075e33bf5 gitlab: 12.6.1 -> 12.6.2
- CVE-2019-20146
 - CVE-2019-20143
 - CVE-2019-20147
 - CVE-2019-20145
 - CVE-2019-20142
 - CVE-2019-20148
 - CVE-2020-5197
2020-01-02 23:09:53 +01:00
talyz
0825e382c0 gitlab: 12.6.0 -> 12.6.1 2019-12-28 14:00:04 +01:00
talyz
ff28cfa6d3 gitlab: 12.5.5 -> 12.6.0 2019-12-23 00:39:33 +01:00
talyz
a3c72e66a6 gitlab: update.py: Get go deps for gitlab-shell from the root dir
GitLab Shell now has the go.mod and go.sum files in the root of the
repo; the go subdirectory has been removed and all the code in it has
been moved up to the root.
2019-12-23 00:26:28 +01:00
talyz
445bc1494c gitaly: 1.72.1 -> a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83
For some reason this untagged commit is the one referred to in the
main repository; this might be a mistake, but we'll have to package it
for now to follow upstream.
2019-12-23 00:18:39 +01:00
talyz
2f614714ed gitlab-workhorse: 8.14.1 -> 8.18.0 2019-12-22 23:49:29 +01:00
talyz
6972aec884 gitlab-shell: 10.2.0 -> 10.3.0 2019-12-22 23:48:18 +01:00
talyz
7d602d3d36 gitlab: 12.5.4 -> 12.5.5 2019-12-17 22:18:10 +01:00
Florian Klink
5bf07d665f gitlab: 12.5.3 -> 12.5.4
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.
2019-12-11 15:16:36 +01:00
Milan Pässler
a43003d633 gitlab: 12.5.2 -> 12.5.3 2019-12-04 11:30:40 +01:00
Florian Klink
b5cbd81954 Revert "gitlab: fix updater shebang"
This reverts commit be6f3f69bf.

In fact, `yarn2nix-moretea.yarn2nix` should be available via `yarn2nix`
in nixpkgs master.
2019-11-28 16:15:07 +01:00
Florian Klink
deb0049ca0 gitlab-workhorse: 8.14.0 -> 8.14.1 2019-11-28 00:18:03 +01:00
Florian Klink
02eae2c3aa gitaly: 1.72.0 -> 1.72.1 2019-11-28 00:17:50 +01:00
Florian Klink
00f4760cdc gitlab: 12.5.0 -> 12.5.2 2019-11-28 00:17:30 +01:00
Florian Klink
be6f3f69bf gitlab: fix updater shebang 2019-11-28 00:17:17 +01:00
talyz
ce2aa10765 gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00
Florian Klink
e0734891f8
Merge pull request #73857 from petabyteboy/feature/gitlab-12-4-3
gitlab: 12.4.2 -> 12.4.3
2019-11-25 20:41:26 +01:00