Merge branch 'security_update_master' of /home/git/repositories/gitlab/gitlabhq

Dmitriy Zaporozhets
2 parents e1607ec4 7265b406
Showing 11 changed files with 152 additions and 11 deletions Show diff stats
doc/update/4.2-to-5.0.md
doc/update/5.0-to-5.1.md
doc/update/5.1-to-5.2.md
doc/update/5.1-to-5.4.md
doc/update/5.1-to-6.0.md
doc/update/5.2-to-5.3.md
doc/update/5.3-to-5.4.md
doc/update/5.4-to-6.0.md
doc/update/6.0-to-6.1.md
doc/update/6.0-to-6.2.md
doc/update/6.1-to-6.2.md
 # From 4.2 to 5.0
  
+## Warning
+GitLab 5.0 is affected by critical security vulnerability CVE-2013-4490. Please update to GitLab 5.4 immediately.
+
 ## Important changes
  
 * We don't use `gitlab` user any more. Everything will be moved to `git` user
 # From 5.0 to 5.1
  
+## Warning
+GitLab 5.1 is affected by critical security vulnerability CVE-2013-4490. Please [update to GitLab 5.4 immediately](5.1-to-5.4.md).
+
 ## Release notes:
  
 * `unicorn` replaced with `puma`
 # From 5.1 to 5.2
  
+## Warning
+GitLab 5.2 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
+
 ### 0. Backup
  
 It's useful to make a backup just in case things go south:
@@ -0,0 +1,103 @@
+# From 5.1 to 5.4
+Also works starting from 5.2.
+
+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
+
+### 0. Backup
+
+It's useful to make a backup just in case things go south:
+(With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
+```
+
+### 1. Stop server
+
+    sudo service gitlab stop
+
+### 2. Get latest code
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H git fetch
+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
+```
+
+### 3. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
+```
+
+### 4. Install libs, migrations, etc.
+
+```bash
+cd /home/git/gitlab
+
+# MySQL
+sudo -u git -H bundle install --without development test postgres --deployment
+
+#PostgreSQL
+sudo -u git -H bundle install --without development test mysql --deployment
+
+sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
+
+sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
+```
+
+### 5. Update config files
+
+* Make `/home/git/gitlab/config/gitlab.yml` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/gitlab.yml.example but with your settings.
+* Make `/home/git/gitlab/config/puma.rb` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/puma.rb.example but with your settings.
+
+### 6. Update Init script
+
+```bash
+sudo rm /etc/init.d/gitlab
+sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
+sudo chmod +x /etc/init.d/gitlab
+```
+
+### 7. Create uploads directory
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H mkdir public/uploads
+sudo chmod -R u+rwX  public/uploads
+```
+
+
+### 8. Start application
+
+    sudo service gitlab start
+    sudo service nginx restart
+
+### 9. Check application status
+
+Check if GitLab and its environment are configured correctly:
+
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
+
+To make sure you didn't miss anything run a more thorough check with:
+
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
+
+If all items are green, then congratulations upgrade complete!
+
+## Things went south? Revert to previous version (5.3)
+
+### 1. Revert the code to the previous version
+Follow the [`upgrade guide from 5.2 to 5.3`](5.2-to-5.3.md), except for the database migration 
+(The backup is already migrated to the previous version)
+
+### 2. Restore from the backup:
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
+```
 # From 5.1 to 6.0
  
+## Warning
+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
+
 ### Deprecations
  
 #### Global projects
 # From 5.2 to 5.3
  
+## Warning
+GitLab 5.3 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
+
 ### 0. Backup
  
 It's useful to make a backup just in case things go south:
 # From 5.3 to 5.4
  
+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
+
 ### 0. Backup
  
 It's useful to make a backup just in case things go south:
@@ -19,7 +22,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 5-4-stable
+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
 ```
  
 ### 3. Update gitlab-shell
@@ -27,7 +30,7 @@ sudo -u git -H git checkout 5-4-stable
 ```bash
 cd /home/git/gitlab-shell
 sudo -u git -H git fetch
-sudo -u git -H git checkout v1.5.0
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```
  
 ### 4. Install libs, migrations, etc.
 # From 5.4 to 6.0
  
+## Warning
+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
+
 ### Deprecations
  
 #### Global projects
 # From 6.0 to 6.1
  
+## Warning
+GitLab 6.1 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 directly](6.0-to-6.2.md).
+
 # In 6.1 we remove a lot of deprecated code.
 # You should update to 6.0 before installing 6.1 so all the necessary conversions are run.
  
 # From 6.0 to 6.2
  
+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
+
 # In 6.1 we remove a lot of deprecated code.
 # You should update to 6.0 before installing 6.1 or higher so all the necessary conversions are run.
  
@@ -28,7 +31,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 6-2-stable
+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
 ```
  
  
@@ -44,7 +47,7 @@ sudo apt-get install logrotate
 ```bash
 cd /home/git/gitlab-shell
 sudo -u git -H git fetch
-sudo -u git -H git checkout v1.7.4
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```
  
 ### 5. Install libs, migrations, etc.
 # From 6.1 to 6.2
  
+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
+
 # You should update to 6.1 before installing 6.2 so all the necessary conversions are run.
  
 ### 0. Backup
@@ -21,17 +24,25 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 6-2-stable
+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
+```
+
+### 3. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```
  
-### 3. Install additional packages
+### 4. Install additional packages
  
 ```bash
 # Add support for lograte for better log file handling
 sudo apt-get install logrotate
 ```
  
-### 4. Install libs, migrations, etc.
+### 5. Install libs, migrations, etc.
  
 ```bash
 cd /home/git/gitlab
@@ -49,7 +60,7 @@ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
 sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
 ```
  
-### 5. Update config files
+### 6. Update config files
  
 TIP: to see what changed in gitlab.yml.example in this release use next command: 
  
@@ -71,7 +82,7 @@ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers
 sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
 ```
  
-### 6. Update Init script
+### 7. Update Init script
  
 ```bash
 sudo rm /etc/init.d/gitlab
@@ -79,12 +90,12 @@ sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6
 sudo chmod +x /etc/init.d/gitlab
 ```
  
-### 7. Start application
+### 8. Start application
  
     sudo service gitlab start
     sudo service nginx restart
  
-### 8. Check application status
+### 9. Check application status
  
 Check if GitLab and its environment are configured correctly:
1	1	# From 4.2 to 5.0
2	2
	3	+## Warning
	4	+GitLab 5.0 is affected by critical security vulnerability CVE-2013-4490. Please update to GitLab 5.4 immediately.
	5	+
3	6	## Important changes
4	7
5	8	* We don't use `gitlab` user any more. Everything will be moved to `git` user
...	...
1	1	# From 5.0 to 5.1
2	2
	3	+## Warning
	4	+GitLab 5.1 is affected by critical security vulnerability CVE-2013-4490. Please [update to GitLab 5.4 immediately](5.1-to-5.4.md).
	5	+
3	6	## Release notes:
4	7
5	8	* `unicorn` replaced with `puma`
...	...
1	1	# From 5.1 to 5.2
2	2
	3	+## Warning
	4	+GitLab 5.2 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
	5	+
3	6	### 0. Backup
4	7
5	8	It's useful to make a backup just in case things go south:
...	...
...	...	@@ -0,0 +1,103 @@
	1	+# From 5.1 to 5.4
	2	+Also works starting from 5.2.
	3	+
	4	+## Notice
	5	+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
	6	+
	7	+### 0. Backup
	8	+
	9	+It's useful to make a backup just in case things go south:
	10	+(With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)
	11	+
	12	+```bash
	13	+cd /home/git/gitlab
	14	+sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
	15	+```
	16	+
	17	+### 1. Stop server
	18	+
	19	+ sudo service gitlab stop
	20	+
	21	+### 2. Get latest code
	22	+
	23	+```bash
	24	+cd /home/git/gitlab
	25	+sudo -u git -H git fetch
	26	+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
	27	+```
	28	+
	29	+### 3. Update gitlab-shell
	30	+
	31	+```bash
	32	+cd /home/git/gitlab-shell
	33	+sudo -u git -H git fetch
	34	+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
	35	+```
	36	+
	37	+### 4. Install libs, migrations, etc.
	38	+
	39	+```bash
	40	+cd /home/git/gitlab
	41	+
	42	+# MySQL
	43	+sudo -u git -H bundle install --without development test postgres --deployment
	44	+
	45	+#PostgreSQL
	46	+sudo -u git -H bundle install --without development test mysql --deployment
	47	+
	48	+sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
	49	+
	50	+sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
	51	+```
	52	+
	53	+### 5. Update config files
	54	+
	55	+* Make `/home/git/gitlab/config/gitlab.yml` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/gitlab.yml.example but with your settings.
	56	+* Make `/home/git/gitlab/config/puma.rb` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/puma.rb.example but with your settings.
	57	+
	58	+### 6. Update Init script
	59	+
	60	+```bash
	61	+sudo rm /etc/init.d/gitlab
	62	+sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
	63	+sudo chmod +x /etc/init.d/gitlab
	64	+```
	65	+
	66	+### 7. Create uploads directory
	67	+
	68	+```bash
	69	+cd /home/git/gitlab
	70	+sudo -u git -H mkdir public/uploads
	71	+sudo chmod -R u+rwX public/uploads
	72	+```
	73	+
	74	+
	75	+### 8. Start application
	76	+
	77	+ sudo service gitlab start
	78	+ sudo service nginx restart
	79	+
	80	+### 9. Check application status
	81	+
	82	+Check if GitLab and its environment are configured correctly:
	83	+
	84	+ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
	85	+
	86	+To make sure you didn't miss anything run a more thorough check with:
	87	+
	88	+ sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
	89	+
	90	+If all items are green, then congratulations upgrade complete!
	91	+
	92	+## Things went south? Revert to previous version (5.3)
	93	+
	94	+### 1. Revert the code to the previous version
	95	+Follow the [`upgrade guide from 5.2 to 5.3`](5.2-to-5.3.md), except for the database migration
	96	+(The backup is already migrated to the previous version)
	97	+
	98	+### 2. Restore from the backup:
	99	+
	100	+```bash
	101	+cd /home/git/gitlab
	102	+sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
	103	+```
...	...
1	1	# From 5.1 to 6.0
2	2
	3	+## Warning
	4	+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
	5	+
3	6	### Deprecations
4	7
5	8	#### Global projects
...	...
1	1	# From 5.2 to 5.3
2	2
	3	+## Warning
	4	+GitLab 5.3 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
	5	+
3	6	### 0. Backup
4	7
5	8	It's useful to make a backup just in case things go south:
...	...
1	1	# From 5.3 to 5.4
2	2
	3	+## Notice
	4	+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
	5	+
3	6	### 0. Backup
4	7
5	8	It's useful to make a backup just in case things go south:
...	...	@@ -19,7 +22,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
19	22	```bash
20	23	cd /home/git/gitlab
21	24	sudo -u git -H git fetch
22		-sudo -u git -H git checkout 5-4-stable
	25	+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
23	26	```
24	27
25	28	### 3. Update gitlab-shell
...	...	@@ -27,7 +30,7 @@ sudo -u git -H git checkout 5-4-stable
27	30	```bash
28	31	cd /home/git/gitlab-shell
29	32	sudo -u git -H git fetch
30		-sudo -u git -H git checkout v1.5.0
	33	+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
31	34	```
32	35
33	36	### 4. Install libs, migrations, etc.
...	...
1	1	# From 5.4 to 6.0
2	2
	3	+## Warning
	4	+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
	5	+
3	6	### Deprecations
4	7
5	8	#### Global projects
...	...
1	1	# From 6.0 to 6.1
2	2
	3	+## Warning
	4	+GitLab 6.1 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 directly](6.0-to-6.2.md).
	5	+
3	6	# In 6.1 we remove a lot of deprecated code.
4	7	# You should update to 6.0 before installing 6.1 so all the necessary conversions are run.
5	8
...	...
1	1	# From 6.0 to 6.2
2	2
	3	+## Notice
	4	+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
	5	+
3	6	# In 6.1 we remove a lot of deprecated code.
4	7	# You should update to 6.0 before installing 6.1 or higher so all the necessary conversions are run.
5	8
...	...	@@ -28,7 +31,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
28	31	```bash
29	32	cd /home/git/gitlab
30	33	sudo -u git -H git fetch
31		-sudo -u git -H git checkout 6-2-stable
	34	+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
32	35	```
33	36
34	37
...	...	@@ -44,7 +47,7 @@ sudo apt-get install logrotate
44	47	```bash
45	48	cd /home/git/gitlab-shell
46	49	sudo -u git -H git fetch
47		-sudo -u git -H git checkout v1.7.4
	50	+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
48	51	```
49	52
50	53	### 5. Install libs, migrations, etc.
...	...