www/gitlab: Update from 9.3.10 to 9.3.11

Changelog: https://github.com/gitlabhq/gitlabhq/blob/v9.3.11/CHANGELOG.md This fixes an XSS security issue. The mentioned security issues in the gems are already fixed by updates of them gems itself. Security: CVE-2017-5029 Security: CVE-2016-4738 Security: https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html
author: tz <tz@FreeBSD.org> 2017-09-14 18:35:29 +0800
committer: Koop Mast <kwm@rainbow-runner.nl> 2018-02-04 05:31:55 +0800
commit: e221e15ce3e8d1f93f7921eb35b343b9adf4acf2 (patch)
tree: 7288fba787d621b13d20be3c5ec26826933debd3 /www
parent: fa15814ccb8c964e9d882d053abe51babbeca5b4 (diff)
download: freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.tar.gz
freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.tar.zst
freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.zip
3 files changed, 24 insertions, 28 deletions
diff --git a/www/gitlab/Makefile b/www/gitlab/Makefile
index f6ba7bc5cf47..1bb63101aafb 100644
--- a/www/gitlab/Makefile
+++ b/www/gitlab/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	gitlab
-PORTVERSION=	9.3.10
+PORTVERSION=	9.3.11
 DISTVERSIONPREFIX=	v
 CATEGORIES=	www devel
 
@@ -43,7 +43,7 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-omniauth>=1.4.2:security/rubygem-omniauth \
 	rubygem-omniauth-auth0>=1.4.1:net/rubygem-omniauth-auth0 \
 	rubygem-omniauth-azure-oauth2>=0.0.6:net/rubygem-omniauth-azure-oauth2 \
-	rubygem-omniauth-cas3>=1.1.2:security/rubygem-omniauth-cas3 \
+	rubygem-omniauth-cas3>=1.1.4:security/rubygem-omniauth-cas3 \
 	rubygem-omniauth-facebook>=4.0.0:net/rubygem-omniauth-facebook \
 	rubygem-omniauth-github11>=1.1.1:net/rubygem-omniauth-github11 \
 	rubygem-omniauth-gitlab>=1.0.2:security/rubygem-omniauth-gitlab \
@@ -98,8 +98,8 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-asciidoctor>=1.5.2:textproc/rubygem-asciidoctor \
 	rubygem-asciidoctor-plantuml>=0.0.7:textproc/rubygem-asciidoctor-plantuml \
 	rubygem-rouge>=2.0:textproc/rubygem-rouge \
-	rubygem-truncato>=0.7.8:textproc/rubygem-truncato \
-	rubygem-nokogiri>=1.6.7.2:textproc/rubygem-nokogiri  \
+	rubygem-truncato>=0.7.9:textproc/rubygem-truncato \
+	rubygem-nokogiri>=1.8.0:textproc/rubygem-nokogiri  \
 	rubygem-diffy>=3.1.0:textproc/rubygem-diffy \
 	rubygem-unicorn>=5.1.0:www/rubygem-unicorn \
 	rubygem-unicorn-worker-killer>=0.4.4:www/rubygem-unicorn-worker-killer \
@@ -148,7 +148,7 @@ RUN_DEPENDS=	git>=2.14.1:devel/git \
 	rubygem-addressable>=2.3.8:www/rubygem-addressable \
 	rubygem-bootstrap-sass>=3.3.0:www/rubygem-bootstrap-sass \
 	rubygem-font-awesome-rails-rails4>=4.7:devel/rubygem-font-awesome-rails-rails4 \
-	rubygem-gemojione>=3:graphics/rubygem-gemojione \
+	rubygem-gemojione>=3.3:graphics/rubygem-gemojione \
 	rubygem-gon>=6.1.0:www/rubygem-gon \
 	rubygem-jquery-atwho-rails>=1.3.2:www/rubygem-jquery-atwho-rails \
 	rubygem-jquery-rails>=4.1.0:www/rubygem-jquery-rails \
diff --git a/www/gitlab/distinfo b/www/gitlab/distinfo
index f4fbbade854b..00ba82e77ad9 100644
--- a/www/gitlab/distinfo
+++ b/www/gitlab/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1502787428
-SHA256 (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 28d12ef9bdba2359f17b38b9c058b049b13f8a66173ad005ec08480be8cbebe3
-SIZE (gitlabhq-gitlabhq-v9.3.10_GH0.tar.gz) = 31758906
+TIMESTAMP = 1505384599
+SHA256 (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 3a3f0ec77f209e8f3296d55e960388b08cb69c762668c40aea92f6f6511e0677
+SIZE (gitlabhq-gitlabhq-v9.3.11_GH0.tar.gz) = 31763943
diff --git a/www/gitlab/files/patch-Gemfile b/www/gitlab/files/patch-Gemfile
index a60b3e5a607d..d333686137d7 100644
--- a/www/gitlab/files/patch-Gemfile
+++ b/www/gitlab/files/patch-Gemfile
@@ -1,10 +1,10 @@
---- Gemfile.orig	2017-08-09 13:53:30 UTC
+--- Gemfile.orig	2017-09-06 21:34:31 UTC
 +++ Gemfile
 @@ -1,48 +1,43 @@
  source 'https://rubygems.org'
  
 -gem 'rails', '4.2.8'
-+gem 'rails', '>=4.2.8'
++gem 'rails', '>= 4.2.8'
  gem 'rails-deprecated_sanitizer', '~> 1.0.3'
  
  # Responders respond_to and respond_with
@@ -33,7 +33,7 @@
 +gem 'omniauth', '>= 1.4.2'
  gem 'omniauth-auth0', '~> 1.4.1'
  gem 'omniauth-azure-oauth2', '~> 0.0.6'
- gem 'omniauth-cas3', '~> 1.1.2'
+ gem 'omniauth-cas3', '~> 1.1.4'
  gem 'omniauth-facebook', '~> 4.0.0'
  gem 'omniauth-github', '~> 1.1.1'
  gem 'omniauth-gitlab', '~> 1.0.2'
@@ -96,7 +96,7 @@
  
  # for aws storage
  gem 'unf', '~> 0.1.4'
-@@ -110,34 +105,34 @@ gem 'seed-fu', '~> 2.3.5'
+@@ -110,31 +105,31 @@ gem 'seed-fu', '~> 2.3.5'
  
  # Markdown and HTML processing
  gem 'html-pipeline', '~> 1.11.0'
@@ -115,12 +115,8 @@
 -gem 'asciidoctor-plantuml', '0.0.7'
 +gem 'asciidoctor-plantuml', '>= 0.0.7'
  gem 'rouge', '~> 2.0'
- gem 'truncato', '~> 0.7.8'
- 
- # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
- # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
--gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
-+gem 'nokogiri', '>= 1.6.7.2'
+ gem 'truncato', '~> 0.7.9'
+ gem 'nokogiri', '~> 1.8.0'
  
  # Diffs
 -gem 'diffy', '~> 3.1.0'
@@ -139,7 +135,7 @@
  # Run events after state machine commits
  gem 'after_commit_queue', '~> 1.3.0'
  
-@@ -154,10 +149,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
+@@ -151,10 +146,10 @@ gem 'sidekiq-limit_fetch', '~> 3.4'
  gem 'rufus-scheduler', '~> 3.4'
  
  # HTTP requests
@@ -152,7 +148,7 @@
  
  # GitLab settings
  gem 'settingslogic', '~> 2.0.9'
-@@ -167,7 +162,7 @@ gem 're2', '~> 1.0.0'
+@@ -164,7 +159,7 @@ gem 're2', '~> 1.0.0'
  
  # Misc
  
@@ -161,7 +157,7 @@
  
  # Cache
  gem 'redis-rails', '~> 5.0.1'
-@@ -177,10 +172,10 @@ gem 'redis', '~> 3.2'
+@@ -174,10 +169,10 @@ gem 'redis', '~> 3.2'
  gem 'connection_pool', '~> 2.0'
  
  # HipChat integration
@@ -174,7 +170,7 @@
  
  # Flowdock integration
  gem 'gitlab-flowdock-git-hook', '~> 1.0.1'
-@@ -198,7 +193,7 @@ gem 'asana', '~> 0.6.0'
+@@ -195,7 +190,7 @@ gem 'asana', '~> 0.6.0'
  gem 'ruby-fogbugz', '~> 0.2.1'
  
  # Kubernetes integration
@@ -183,7 +179,7 @@
  
  # d3
  gem 'd3_rails', '~> 3.5.0'
-@@ -207,7 +202,7 @@ gem 'd3_rails', '~> 3.5.0'
+@@ -204,7 +199,7 @@ gem 'd3_rails', '~> 3.5.0'
  gem 'underscore-rails', '~> 1.8.0'
  
  # Sanitize user input
@@ -192,7 +188,7 @@
  gem 'babosa', '~> 1.0.2'
  
  # Sanitizes SVG input
-@@ -217,7 +212,7 @@ gem 'loofah', '~> 2.0.3'
+@@ -214,7 +209,7 @@ gem 'loofah', '~> 2.0.3'
  gem 'licensee', '~> 8.7.0'
  
  # Protect against bruteforcing
@@ -201,7 +197,7 @@
  
  # Ace editor
  gem 'ace-rails-ap', '~> 4.1.0'
-@@ -236,143 +231,63 @@ gem 'chronic', '~> 0.10.2'
+@@ -233,143 +228,62 @@ gem 'chronic', '~> 0.10.2'
  gem 'chronic_duration', '~> 0.10.6'
  
  gem 'webpack-rails', '~> 0.9.10'
@@ -217,7 +213,7 @@
 +gem 'addressable', '>= 2.3.8'
  gem 'bootstrap-sass', '~> 3.3.0'
  gem 'font-awesome-rails', '~> 4.7'
- gem 'gemojione', '~> 3.0'
+ gem 'gemojione', '~> 3.3'
  gem 'gon', '~> 6.1.0'
  gem 'jquery-atwho-rails', '~> 1.3.2'
 -gem 'jquery-rails', '~> 4.1.0'
@@ -339,7 +335,7 @@
 -  gem 'timecop', '~> 0.8.0'
 -  gem 'concurrent-ruby', '~> 1.0.5'
 -end
- 
+-
 -gem 'octokit', '~> 4.6.2'
 +gem 'octokit', '>= 4.6.2'
  
@@ -357,7 +353,7 @@
  
  # Soft deletion
  gem 'paranoia', '~> 2.2'
-@@ -387,8 +302,10 @@ gem 'sys-filesystem', '~> 1.1.6'
+@@ -384,8 +298,10 @@ gem 'sys-filesystem', '~> 1.1.6'
  # Gitaly GRPC client
  gem 'gitaly', '~> 0.8.0'
author	tz <tz@FreeBSD.org>	2017-09-14 18:35:29 +0800
committer	Koop Mast <kwm@rainbow-runner.nl>	2018-02-04 05:31:55 +0800
commit	e221e15ce3e8d1f93f7921eb35b343b9adf4acf2 (patch)
tree	7288fba787d621b13d20be3c5ec26826933debd3 /www
parent	fa15814ccb8c964e9d882d053abe51babbeca5b4 (diff)
download	freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.tar.gz freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.tar.zst freebsd-ports-gnome-e221e15ce3e8d1f93f7921eb35b343b9adf4acf2.zip