From 3748b5f204b760123081758c8bf5eee5f0a42890 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 11 Jun 2020 00:34:48 +0200
Subject: [PATCH] gitlab: 12.10.9 -> 12.10.11

CI Token Access Control

An authorization issue discovered in the mirroring logic allowed read access to private repositories. This issue is now mitigated in the latest release and is waiting for a CVE ID to be assigned.

https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/
---
 .../version-management/gitlab/data.json             | 10 +++++-----
 .../version-management/gitlab/gitaly/default.nix    |  4 ++--
 .../version-management/gitlab/gitaly/deps.nix       | 13 ++-----------
 .../gitlab/gitlab-workhorse/default.nix             |  4 ++--
 .../gitlab/gitlab-workhorse/deps.nix                |  9 ---------
 5 files changed, 11 insertions(+), 29 deletions(-)

diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
index 64169510ecfb43..8927a5e9773adf 100644
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@@ -1,13 +1,13 @@
 {
-  "version": "12.10.9",
-  "repo_hash": "0mhvw09rvvq4iq18s6xfnl17irg305pxkwjgrsn7k06k0zf4dx5l",
+  "version": "12.10.11",
+  "repo_hash": "058xnmmz4fnan85x0mw0s2i2lr9y7yx2hqxfcil1frj2rz7ralds",
   "owner": "gitlab-org",
   "repo": "gitlab",
-  "rev": "v12.10.9-ee",
+  "rev": "v12.10.11-ee",
   "passthru": {
-    "GITALY_SERVER_VERSION": "12.10.9",
+    "GITALY_SERVER_VERSION": "12.10.11",
     "GITLAB_PAGES_VERSION": "1.17.0",
     "GITLAB_SHELL_VERSION": "12.2.0",
-    "GITLAB_WORKHORSE_VERSION": "8.30.2"
+    "GITLAB_WORKHORSE_VERSION": "8.30.3"
   }
 }
\ No newline at end of file
diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix
index aa3e0c905253c7..781aebf00add2e 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@@ -19,14 +19,14 @@ let
       };
   };
 in buildGoPackage rec {
-  version = "12.10.9";
+  version = "12.10.11";
   pname = "gitaly";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitaly";
     rev = "v${version}";
-    sha256 = "0rcds6shwmqv2acjdj1i0jhjcp3ww8b1aysqqsyvsgfaa160n9s9";
+    sha256 = "1qzrfnihcx8ysy40z2sq5rgdgpp2gy5db8snlx7si2l9h6pjg7hz";
   };
 
   # Fix a check which assumes that hook files are writeable by their
diff --git a/pkgs/applications/version-management/gitlab/gitaly/deps.nix b/pkgs/applications/version-management/gitlab/gitaly/deps.nix
index 47b270dc83d29d..e23c5e08254e80 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/deps.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/deps.nix
@@ -9,15 +9,6 @@
       sha256 = "0pbz5migljd5whxh6z1w79cwx93n85mcs3x1bckl27yzaa4lvqsl";
     };
   }
-  {
-    goPackagePath = "dmitri.shuralyov.com/gpu/mtl";
-    fetch = {
-      type = "git";
-      url = "https://dmitri.shuralyov.com/gpu/mtl";
-      rev = "666a987793e9";
-      sha256 = "1isd03hgiwcf2ld1rlp0plrnfz7r4i7c5q4kb6hkcd22axnmrv0z";
-    };
-  }
   {
     goPackagePath = "github.com/BurntSushi/toml";
     fetch = {
@@ -1436,8 +1427,8 @@
     fetch = {
       type = "git";
       url = "https://github.com/ugorji/go";
-      rev = "d75b2dcb6bc8";
-      sha256 = "0di1k35gpq9bp958ywranpbskx2vdwlb38s22vl9rybm3wa5g3ps";
+      rev = "v1.1.4";
+      sha256 = "0ma2qvn5wqvjidpdz74x832a813qnr1cxbx6n6n125ak9b3wbn5w";
     };
   }
   {
diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
index 4af163bb9775b1..073c478767ef6e 100644
--- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
@@ -3,13 +3,13 @@
 buildGoPackage rec {
   pname = "gitlab-workhorse";
 
-  version = "8.30.2";
+  version = "8.30.3";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-workhorse";
     rev = "v${version}";
-    sha256 = "1ws59ry16kx4nqp92xcqw3fri570pvpdgvy822ndi7rybw5xij7p";
+    sha256 = "13xnx04j8p31l1lslcixf3ihagz9brih9zvypwnjb76ipgcg431z";
   };
 
   goPackagePath = "gitlab.com/gitlab-org/gitlab-workhorse";
diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/deps.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/deps.nix
index 530eb073c7b5d3..63b52b1c85f25d 100644
--- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/deps.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/deps.nix
@@ -9,15 +9,6 @@
       sha256 = "0pbz5migljd5whxh6z1w79cwx93n85mcs3x1bckl27yzaa4lvqsl";
     };
   }
-  {
-    goPackagePath = "dmitri.shuralyov.com/gpu/mtl";
-    fetch = {
-      type = "git";
-      url = "https://dmitri.shuralyov.com/gpu/mtl";
-      rev = "666a987793e9";
-      sha256 = "1isd03hgiwcf2ld1rlp0plrnfz7r4i7c5q4kb6hkcd22axnmrv0z";
-    };
-  }
   {
     goPackagePath = "github.com/BurntSushi/toml";
     fetch = {