gitlab: 17.2.5 -> 17.2.8

17.2.8: Fixes CVE-2024-4278 Fixes CVE-2024-4099 Fixes CVE-2024-8974 17.2.7: Fixes CVE-2024-45409
2024-10-04 06:43:21 +02:00 · 2024-10-04 06:43:21 +02:00 · 2bac9814ef
commit 2bac9814ef
parent 27e30d177e
8 changed files with 26 additions and 26 deletions
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@ -1,15 +1,15 @@
 {
-  "version": "17.2.5",
-  "repo_hash": "0l3s3k3v306ihn47lkj49b8vlly7v11clciwpf7ly4c5mwvwjlx6",
+  "version": "17.2.8",
+  "repo_hash": "172ba8vlaqphyhi6d5r9j3km7krxcis81dzlr5xch4i0apd0yyag",
  "yarn_hash": "10y540bxwaz355p9r4q34199aibadrd5p4d9ck2y3n6735k0hm74",
  "owner": "gitlab-org",
  "repo": "gitlab",
-  "rev": "v17.2.5-ee",
+  "rev": "v17.2.8-ee",
  "passthru": {
-    "GITALY_SERVER_VERSION": "17.2.5",
-    "GITLAB_PAGES_VERSION": "17.2.5",
+    "GITALY_SERVER_VERSION": "17.2.8",
+    "GITLAB_PAGES_VERSION": "17.2.8",
    "GITLAB_SHELL_VERSION": "14.37.0",
    "GITLAB_ELASTICSEARCH_INDEXER_VERSION": "5.2.0",
-    "GITLAB_WORKHORSE_VERSION": "17.2.5"
+    "GITLAB_WORKHORSE_VERSION": "17.2.8"
  }
 }
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@ -6,7 +6,7 @@
 }:

 let
-  version = "17.2.5";
+  version = "17.2.8";
  package_version = "v${lib.versions.major version}";
  gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}";

@ -20,7 +20,7 @@ let
      owner = "gitlab-org";
      repo = "gitaly";
      rev = "v${version}";
-      hash = "sha256-R6GmIBU7rzLBsegcXPjc9Dxp9qe3tP6unqOsnyiozgw=";
+      hash = "sha256-3LaBETnwWmiIi7r68NB8LeJ7fo6oP28fS3TbU5JanOE=";
    };

    vendorHash = "sha256-FqnGVRldhevJgBBvJcvGXzRaYWqSHzZiXIQmCNzJv+4=";
--- a/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix
@ -2,7 +2,7 @@

 buildGoModule rec {
  pname = "gitlab-container-registry";
-  version = "4.9.0";
+  version = "4.10.0";
  rev = "v${version}-gitlab";

  # nixpkgs-update: no auto update
@ -10,10 +10,10 @@ buildGoModule rec {
    owner = "gitlab-org";
    repo = "container-registry";
    inherit rev;
-    hash = "sha256-kBM5ICESRUwHlM9FeJEFQFTM2E2zIF6axOGOHNmloKo=";
+    hash = "sha256-9OiuA0TqRfnZKfAeLbIcPUw5qH6twWKqt0IP8roaWNg=";
  };

-  vendorHash = "sha256-nePIExsIWJgBDUrkkVBzc0qsYdfxR7GL1VhdWcVJnLg=";
+  vendorHash = "sha256-Bzhg5coOrs3JO6Qslr9csUIrnCMJiG89Fio8ziJjH9k=";

  postPatch = ''
    # Disable flaky inmemory storage driver test
--- a/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix
@ -2,14 +2,14 @@

 buildGoModule rec {
  pname = "gitlab-pages";
-  version = "17.2.5";
+  version = "17.2.8";

  # nixpkgs-update: no auto update
  src = fetchFromGitLab {
    owner = "gitlab-org";
    repo = "gitlab-pages";
    rev = "v${version}";
-    hash = "sha256-5qksHuY7EzCoCMBxF4souvUz8xFstfzOZT3CF5YsV7M=";
+    hash = "sha256-NaLRCLmgDI4ArJyntkmYICVEpwZtAU6XVTmXAh4kOSc=";
  };

  vendorHash = "sha256-yNHeM8MExcLwv2Ga4vtBmPFBt/Rj7Gd4QQYDlnAIo+c=";
--- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
@ -5,7 +5,7 @@ in
 buildGoModule rec {
  pname = "gitlab-workhorse";

-  version = "17.2.5";
+  version = "17.2.8";

  # nixpkgs-update: no auto update
  src = fetchFromGitLab {
--- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
@ -76,7 +76,7 @@ gem 'doorkeeper', '~> 5.6', '>= 5.6.6' # rubocop:todo Gemfile/MissingFeatureCate
 gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.7' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'doorkeeper-device_authorization_grant', '~> 1.0.0', feature_category: :system_access
 gem 'rexml', '~> 3.2.6' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'ruby-saml', '~> 1.15.0' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'ruby-saml', '~> 1.17.0', feature_category: :system_access
 gem 'omniauth', '~> 2.1.0' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth-auth0', '~> 3.1' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth-azure-activedirectory-v2', '~> 2.0' # rubocop:todo Gemfile/MissingFeatureCategory
@ -85,7 +85,7 @@ gem 'omniauth-github', '2.0.1' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth-google-oauth2', '~> 1.1' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth-oauth2-generic', '~> 0.2.2' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'omniauth-saml', '~> 2.1.0' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'omniauth-saml', '~> 2.2.1', feature_category: :system_access
 gem 'omniauth-shibboleth-redux', '~> 2.0', require: 'omniauth-shibboleth' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'omniauth_openid_connect', '~> 0.6.1' # rubocop:todo Gemfile/MissingFeatureCategory
--- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
@ -1207,9 +1207,9 @@ GEM
    omniauth-oauth2-generic (0.2.8)
      omniauth-oauth2 (~> 1.0)
      rake
-    omniauth-saml (2.1.0)
-      omniauth (~> 2.0)
-      ruby-saml (~> 1.12)
+    omniauth-saml (2.2.1)
+      omniauth (~> 2.1)
+      ruby-saml (~> 1.17)
    omniauth-shibboleth-redux (2.0.0)
      omniauth (>= 2.0.0)
    omniauth_openid_connect (0.6.1)
@ -1627,7 +1627,7 @@ GEM
    ruby-openai (3.7.0)
      httparty (>= 0.18.1)
    ruby-progressbar (1.11.0)
-    ruby-saml (1.15.0)
+    ruby-saml (1.17.0)
      nokogiri (>= 1.13.10)
      rexml
    ruby-statistics (3.0.0)
@ -2136,7 +2136,7 @@ DEPENDENCIES
  omniauth-google-oauth2 (~> 1.1)
  omniauth-oauth2-generic (~> 0.2.2)
  omniauth-salesforce (~> 1.0.5)!
-  omniauth-saml (~> 2.1.0)
+  omniauth-saml (~> 2.2.1)
  omniauth-shibboleth-redux (~> 2.0)
  omniauth_crowd (~> 2.4.0)!
  omniauth_openid_connect (~> 0.6.1)
@ -2218,7 +2218,7 @@ DEPENDENCIES
  ruby-magic (~> 0.6)
  ruby-openai (~> 3.7)
  ruby-progressbar (~> 1.10)
-  ruby-saml (~> 1.15.0)
+  ruby-saml (~> 1.17.0)
  rubyzip (~> 2.3.2)
  rugged (~> 1.6)
  sanitize (~> 6.0.2)
--- a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
@ -4428,10 +4428,10 @@ src:
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "01k9rkg97npcgm8r4x3ja8y20hsg4zy0dcjpzafx148q4yxbg74n";
+      sha256 = "00nn24s74miy7p65y8lwpjfwgcn7fwld61f9ghngal4asgw6pfwa";
      type = "gem";
    };
-    version = "2.1.0";
+    version = "2.2.1";
  };
  omniauth-shibboleth-redux = {
    dependencies = ["omniauth"];
@ -6029,10 +6029,10 @@ src:
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "18vnbzin5ypxrgcs9lllg7x311b69dyrdw2w1pwz84438hmxm79s";
+      sha256 = "1adq06m684gnpjp6qyb8shgj8jjy2npcfg7y6mg2ab9ilfdq6684";
      type = "gem";
    };
-    version = "1.15.0";
+    version = "1.17.0";
  };
  ruby-statistics = {
    groups = ["default" "test"];