3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

54 commits

Author SHA1 Message Date
Florian Klink fdd0d0de1f gitlab: 12.8.9 -> 12.8.10 2020-04-30 23:16:50 +02:00
Florian Klink d1902923fa gitlab: 12.8.8 -> 12.8.9
See
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
for details.
2020-04-27 10:31:36 +02:00
Florian Klink 8ab04fd87b gitlab: 12.8.7 -> 12.8.8 2020-03-27 10:08:59 +01:00
Kim Lindberger 3a173c1d75
gitlab: 12.8.6 -> 12.8.7 (#82838)
https://about.gitlab.com/releases/2020/03/16/gitlab-12-8-7-released/
2020-03-24 18:45:39 +01:00
Florian Klink ab3b836350 gitlab: 12.8.5 -> 12.8.6
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
2020-03-12 02:57:39 +01:00
Milan f391999026
gitlab: 12.8.2 -> 12.8.5 (#82142)
https://about.gitlab.com/releases/2020/03/09/gitlab-12-8-5-released/
2020-03-09 17:23:51 +01:00
Milan c25756f91c
gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)
2020-03-05 16:37:21 +01:00
talyz 7d8a2004cf gitlab: 12.7.6 -> 12.8.1
https://about.gitlab.com/releases/2020/02/22/gitlab-12-8-released/
https://about.gitlab.com/releases/2020/02/24/gitlab-12-8-1-released/
2020-03-03 21:19:01 +01:00
Florian Klink 0a87568b03 gitlab: 12.7.5 -> 12.7.6 2020-02-13 22:18:27 +01:00
Florian Klink 0142bd49cc gitlab: 12.7.4 -> 12.7.5
https://about.gitlab.com/releases/2020/01/31/gitlab-12-7-5-released/
2020-02-01 17:07:55 +01:00
Florian Klink cb02372211 gitlab: 12.6.4 -> 12.7.4
- CVE-2020-7966
 - CVE-2020-8114
 - CVE-2020-7973
 - CVE-2020-6833
 - CVE-2020-7971
 - CVE-2020-7967
 - CVE-2020-7972
 - CVE-2020-7968
 - CVE-2020-7979
 - CVE-2020-7969
 - CVE-2020-7978
 - CVE-2020-7974
 - CVE-2020-7977
 - CVE-2020-7976
 - CVE-2019-16779
 - CVE-2019-18978
 - CVE-2019-16892
2020-01-31 12:34:57 +01:00
Florian Klink 57560cc028 gitlab: 12.6.2 -> 12.6.4 2020-01-13 21:49:34 +01:00
Florian Klink d075e33bf5 gitlab: 12.6.1 -> 12.6.2
- CVE-2019-20146
 - CVE-2019-20143
 - CVE-2019-20147
 - CVE-2019-20145
 - CVE-2019-20142
 - CVE-2019-20148
 - CVE-2020-5197
2020-01-02 23:09:53 +01:00
talyz 0825e382c0 gitlab: 12.6.0 -> 12.6.1 2019-12-28 14:00:04 +01:00
talyz ff28cfa6d3 gitlab: 12.5.5 -> 12.6.0 2019-12-23 00:39:33 +01:00
talyz 7d602d3d36 gitlab: 12.5.4 -> 12.5.5 2019-12-17 22:18:10 +01:00
Florian Klink 5bf07d665f gitlab: 12.5.3 -> 12.5.4
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.
2019-12-11 15:16:36 +01:00
Milan Pässler a43003d633 gitlab: 12.5.2 -> 12.5.3 2019-12-04 11:30:40 +01:00
Florian Klink 00f4760cdc gitlab: 12.5.0 -> 12.5.2 2019-11-28 00:17:30 +01:00
talyz ce2aa10765 gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00
Milan Pässler f53fe02ff0 gitlab: 12.4.2 -> 12.4.3 2019-11-21 09:35:56 +00:00
talyz a779d7751e gitlab: 12.4.1 -> 12.4.2 2019-11-06 10:56:20 +01:00
talyz 2e8417b52a gitlab: 12.4.0 -> 12.4.1 2019-10-31 18:55:08 +01:00
talyz 5081a6cd56 gitlab: 12.3.5 -> 12.4.0
- gitlab-shell no longer requires ruby for anything else than the
  install script, so the bundlerEnv stuff could be dropped

- gitlab-shell and gitlab-workhorse now report their versions
  correctly
2019-10-28 14:56:37 +01:00
talyz 9be76d0b6a gitlab: 12.3.4 -> 12.3.5 2019-10-08 16:35:50 +02:00
talyz afa3abf632 gitlab: Refactor for new repo structure
GitLab recently restructured their repos; whereas previously they had
one gitlab-ce and one gitlab-ee repo, they're now one and the
same. All proprietary components are put into the ee subdirectory -
removing it gives us the foss / community version of GitLab. For more
info, see
https://about.gitlab.com/2019/02/21/merging-ce-and-ee-codebases/

This gives us the opportunity to simplify things quite a bit, since we
don't have to keep track of two separate versions of either the base
data or rubyEnv.
2019-10-08 15:52:11 +02:00
talyz f3eb063ecf gitlab: 12.1.6 -> 12.3.4
- Update GitLab to 12.3.4

- Update update.py to cope with the new upstream repository structure

- Refactor gitlab-shell to use buildGoPackage and bundlerEnv for
  dependencies

- Refactor gitlab-workhorse to use buildGoPackage for dependencies

- Make update.py able to update gitlab-shell and gitlab-workhorse
  dependencies

- Various fixes necessary for update to work
2019-10-04 18:03:05 +02:00
Florian Klink 362076c581 gitlab-ee: 12.0.3 -> 12.1.6 2019-08-14 14:51:59 +02:00
Florian Klink 8ce1c4c26a gitlab-ce: 12.0.3 -> 12.1.6 2019-08-14 14:51:00 +02:00
Ben Gamari 363b352af3 gitlab: 11.10.8 -> 12.0.3
This is a major version bump but things were generally straightforward
save two wrinkles:

 * it is necessary to ignore collisions in the gitlab bundler
   environment as both `omniauth_oauth2_generic` and
   `apollo_upload_server` provide a `console` executable.

 * grpc had to be patched since its build system expects the `AR`
   environment variable to contain not just the path to `ar` but
   also the `rpc` flags (see the discussion in nixpkgs #63056).
2019-07-14 23:03:39 +02:00
Florian Klink 580be224c7 gitlab-ee: 11.10.5 -> 11.10.8 2019-07-05 00:44:10 +02:00
Florian Klink c57a9d7f9a gitlab-ce: 11.10.5 -> 11.10.8 2019-07-05 00:44:10 +02:00
Marek Mahut bf01a3ba94 gitlab: 11.10.4 -> 11.10.5 2019-06-13 01:45:13 +02:00
Florian Klink d237c8a182 gitlab-ee: 11.9.11 -> 11.10.4 2019-05-03 20:22:08 +02:00
Florian Klink 02124aa8fb gitlab-ce: 11.9.11 -> 11.10.4 2019-05-03 20:21:55 +02:00
Florian Klink 5d6f6d5d94 gitlab-ee: 11.9.8 -> 11.9.11 2019-05-01 14:48:58 +02:00
Florian Klink b9df035cb7 gitlab-ce: 11.9.8 -> 11.9.11 2019-05-01 14:48:27 +02:00
Florian Klink 33423e52c6 gitlab-ee: 11.9.1 -> 11.9.8 2019-04-22 23:41:32 +02:00
Florian Klink 04b5eb10c0 gitlab-ce: 11.9.1 -> 11.9.8 2019-04-22 23:41:32 +02:00
Florian Klink ec319793b4 gitlab: 11.9.0 -> 11.9.1 2019-03-26 21:00:04 +01:00
Ben Gamari d8c16f11a6 gitlab: 11.8.2 -> 11.9.0 2019-03-25 15:25:11 -04:00
Ben Gamari 0ba98bb64c gitlab: 11.7.5 -> 11.8.2 2019-03-25 15:25:06 -04:00
Florian Klink f4a7c16bd9 gitlab-ee: 11.7.4 -> 11.7.5 2019-02-17 13:43:52 +01:00
Florian Klink 7f6351a21d gitlab: 11.7.4 -> 11.7.5 2019-02-17 13:43:38 +01:00
Jeff Slight 8c043d3c7b gitlab: 11.6.3 -> 11.7.4 2019-02-06 00:30:29 +01:00
Robin Gloster 8fac37db00
gitlab: 11.6.0 -> 11.6.3 2019-01-07 20:08:15 +01:00
Florian Klink 4d7ce7a605 gitlab-ee: 11.5.5 -> 11.6.0 2018-12-25 15:25:45 +01:00
Florian Klink 7ea6bde0ae gitlab-ce: 11.5.5 -> 11.6.0 2018-12-25 15:25:45 +01:00
Florian Klink 236cb26954 gitlab-ee: 11.5.4 -> 11.5.5
CVE-2018-20229, https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
2018-12-24 03:48:18 +01:00
Florian Klink 6397fd3e71 gitlab-ce: 11.5.4 -> 11.5.5
CVE-2018-20229, https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
2018-12-24 03:48:18 +01:00