From c25756f91ccfc8b3c085d91de6ec4d6e469ccc20 Mon Sep 17 00:00:00 2001
From: Milan <mil@nyantec.com>
Date: Thu, 5 Mar 2020 16:37:21 +0100
Subject: [PATCH] gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)
- Directory Traversal to Arbitrary File Read
- Account Takeover Through Expired Link
- Server Side Request Forgery Through Deprecated Service
- Group Two-Factor Authentication Requirement Bypass
- Stored XSS in Merge Request Pages
- Stored XSS in Merge Request Submission Form
- Stored XSS in File View
- Stored XSS in Grafana Integration
- Contribution Analytics Exposed to Non-members
- Incorrect Access Control in Docker Registry via Deploy Tokens
- Denial of Service via Permission Checks
- Denial of Service in Design For Public Issue
- GitHub Tokens Displayed in Plaintext on Integrations Page
- Incorrect Access Control via LFS Import
- Unescaped HTML in Header
- Private Merge Request Titles Leaked via Widget
- Project Namespace Exposed via Vulnerability Feedback Endpoint
- Denial of Service Through Recursive Requests
- Project Authorization Not Being Updated
- Incorrect Permission Level For Group Invites
- Disclosure of Private Group Epic Information
- User IP Address Exposed via Badge images
- Update postgresql (GitLab Omnibus)
---
pkgs/applications/version-management/gitlab/data.json | 8 ++++----
.../version-management/gitlab/gitaly/default.nix | 4 ++--
.../version-management/gitlab/gitaly/deps.nix | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
index 87c37f1c75f4..2772ef5b6f4b 100644
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@@ -1,11 +1,11 @@
{
- "version": "12.8.1",
- "repo_hash": "1h844a79scf3an5rv0wi332lrf7mv1zcv2mg6zllk82f7nf341gn",
+ "version": "12.8.2",
+ "repo_hash": "1d27s61kglryr5pashwfq55z7fh16fxkx1m4gc82xihwfzarf4x9",
"owner": "gitlab-org",
"repo": "gitlab",
- "rev": "v12.8.1-ee",
+ "rev": "v12.8.2-ee",
"passthru": {
- "GITALY_SERVER_VERSION": "12.8.1",
+ "GITALY_SERVER_VERSION": "12.8.2",
"GITLAB_PAGES_VERSION": "1.16.0",
"GITLAB_SHELL_VERSION": "11.0.0",
"GITLAB_WORKHORSE_VERSION": "8.21.0"
diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix
index bac51cd278c2..af97873463e8 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@@ -28,14 +28,14 @@ let
};
});
in buildGoPackage rec {
- version = "12.8.1";
+ version = "12.8.2";
pname = "gitaly";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
- sha256 = "0sjkh0j36dpakqmq7l5gd1ydmx1kxgij53bjvvn37r19liqdijnx";
+ sha256 = "1zc44y5yl799vqg12w3iaivk4xwj9i4k6f198svplipa760nl9ic";
};
# Fix a check which assumes that hook files are writeable by their
diff --git a/pkgs/applications/version-management/gitlab/gitaly/deps.nix b/pkgs/applications/version-management/gitlab/gitaly/deps.nix
index 83a2f0f5f748..5ab063d1deab 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/deps.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/deps.nix
@@ -1319,8 +1319,8 @@
fetch = {
type = "git";
url = "https://github.com/ugorji/go";
- rev = "v1.1.4";
- sha256 = "0ma2qvn5wqvjidpdz74x832a813qnr1cxbx6n6n125ak9b3wbn5w";
+ rev = "d75b2dcb6bc8";
+ sha256 = "0di1k35gpq9bp958ywranpbskx2vdwlb38s22vl9rybm3wa5g3ps";
};
}
{