Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

617cc8fb · Dmitriy Zaporozhets · f4173104 · 14bc511f · 617cc8fb · 617cc8fb
Commit 617cc8fb authored Nov 04, 2013 by Dmitriy Zaporozhets
11 changed files
--- a/doc/update/4.2-to-5.0.md
+++ b/doc/update/4.2-to-5.0.md
 # From 4.2 to 5.0

+## Warning
+GitLab 5.0 is affected by critical security vulnerability CVE-2013-4490. Please update to GitLab 5.4 immediately.
+
 ## Important changes

 * We don't use `gitlab` user any more. Everything will be moved to `git` user

--- a/doc/update/5.0-to-5.1.md
+++ b/doc/update/5.0-to-5.1.md
 # From 5.0 to 5.1

+## Warning
+GitLab 5.1 is affected by critical security vulnerability CVE-2013-4490. Please [update to GitLab 5.4 immediately](5.1-to-5.4.md).
+
 ## Release notes:

 * `unicorn` replaced with `puma`

--- a/doc/update/5.1-to-5.2.md
+++ b/doc/update/5.1-to-5.2.md
 # From 5.1 to 5.2

+## Warning
+GitLab 5.2 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
+
 ### 0. Backup

 It's useful to make a backup just in case things go south:

--- a/doc/update/5.1-to-5.4.md
+++ b/doc/update/5.1-to-5.4.md
+# From 5.1 to 5.4
+Also works starting from 5.2.
+
+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
+
+### 0. Backup
+
+It's useful to make a backup just in case things go south:
+(With MySQL, this may require granting "LOCK TABLES" privileges to the GitLab user on the database version)
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
+```
+
+### 1. Stop server
+
+    sudo service gitlab stop
+
+### 2. Get latest code
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H git fetch
+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
+```
+
+### 3. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
+```
+
+### 4. Install libs, migrations, etc.
+
+```bash
+cd /home/git/gitlab
+
+# MySQL
+sudo -u git -H bundle install --without development test postgres --deployment
+
+#PostgreSQL
+sudo -u git -H bundle install --without development test mysql --deployment
+
+sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
+
+sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
+```
+
+### 5. Update config files
+
+* Make `/home/git/gitlab/config/gitlab.yml` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/gitlab.yml.example but with your settings.
+* Make `/home/git/gitlab/config/puma.rb` same as https://github.com/gitlabhq/gitlabhq/blob/5-4-stable/config/puma.rb.example but with your settings.
+
+### 6. Update Init script
+
+```bash
+sudo rm /etc/init.d/gitlab
+sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
+sudo chmod +x /etc/init.d/gitlab
+```
+
+### 7. Create uploads directory
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H mkdir public/uploads
+sudo chmod -R u+rwX  public/uploads
+```
+
+
+### 8. Start application
+
+    sudo service gitlab start
+    sudo service nginx restart
+
+### 9. Check application status
+
+Check if GitLab and its environment are configured correctly:
+
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
+
+To make sure you didn't miss anything run a more thorough check with:
+
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
+
+If all items are green, then congratulations upgrade complete!
+
+## Things went south? Revert to previous version (5.3)
+
+### 1. Revert the code to the previous version
+Follow the [`upgrade guide from 5.2 to 5.3`](5.2-to-5.3.md), except for the database migration 
+(The backup is already migrated to the previous version)
+
+### 2. Restore from the backup:
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
+```
--- a/doc/update/5.1-to-6.0.md
+++ b/doc/update/5.1-to-6.0.md
 # From 5.1 to 6.0

+## Warning
+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
+
 ### Deprecations

 #### Global projects

--- a/doc/update/5.2-to-5.3.md
+++ b/doc/update/5.2-to-5.3.md
 # From 5.2 to 5.3

+## Warning
+GitLab 5.3 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 5.4 directly](5.1-to-5.4.md).
+
 ### 0. Backup

 It's useful to make a backup just in case things go south:

--- a/doc/update/5.3-to-5.4.md
+++ b/doc/update/5.3-to-5.4.md
 # From 5.3 to 5.4

+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 5.4.
+
 ### 0. Backup

 It's useful to make a backup just in case things go south:
@@ -19,7 +22,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 5-4-stable
+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
 ```

 ### 3. Update gitlab-shell
@@ -27,7 +30,7 @@ sudo -u git -H git checkout 5-4-stable
 ```bash
 cd /home/git/gitlab-shell
 sudo -u git -H git fetch
-sudo -u git -H git checkout v1.5.0
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```

 ### 4. Install libs, migrations, etc.

--- a/doc/update/5.4-to-6.0.md
+++ b/doc/update/5.4-to-6.0.md
 # From 5.4 to 6.0

+## Warning
+GitLab 6.0 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 immediately](6.0-to-6.2.md).
+
 ### Deprecations

 #### Global projects

--- a/doc/update/6.0-to-6.1.md
+++ b/doc/update/6.0-to-6.1.md
 # From 6.0 to 6.1

+## Warning
+GitLab 6.1 is affected by critical security vulnerabilities CVE-2013-4490 and CVE-2013-4489. Please [update to GitLab 6.2 directly](6.0-to-6.2.md).
+
 # In 6.1 we remove a lot of deprecated code.
 # You should update to 6.0 before installing 6.1 so all the necessary conversions are run.


--- a/doc/update/6.0-to-6.2.md
+++ b/doc/update/6.0-to-6.2.md
 # From 6.0 to 6.2

+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
+
 # In 6.1 we remove a lot of deprecated code.
 # You should update to 6.0 before installing 6.1 or higher so all the necessary conversions are run.

@@ -28,7 +31,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 6-2-stable
+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
 ```


@@ -44,7 +47,7 @@ sudo apt-get install logrotate
 ```bash
 cd /home/git/gitlab-shell
 sudo -u git -H git fetch
-sudo -u git -H git checkout v1.7.4
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```

 ### 5. Install libs, migrations, etc.

--- a/doc/update/6.1-to-6.2.md
+++ b/doc/update/6.1-to-6.2.md
 # From 6.1 to 6.2

+## Notice
+Security vulnerabilities CVE-2013-4490 and CVE-2013-4489 have been patched in the latest version of GitLab 6.2.
+
 # You should update to 6.1 before installing 6.2 so all the necessary conversions are run.

 ### 0. Backup
@@ -21,17 +24,25 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 6-2-stable
+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
+```
+
+### 3. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```

-### 3. Install additional packages
+### 4. Install additional packages

 ```bash
 # Add support for lograte for better log file handling
 sudo apt-get install logrotate
 ```

-### 4. Install libs, migrations, etc.
+### 5. Install libs, migrations, etc.

 ```bash
 cd /home/git/gitlab
@@ -49,7 +60,7 @@ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
 sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
 ```

-### 5. Update config files
+### 6. Update config files

 TIP: to see what changed in gitlab.yml.example in this release use next command: 

@@ -71,7 +82,7 @@ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers
 sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
 ```

-### 6. Update Init script
+### 7. Update Init script

 ```bash
 sudo rm /etc/init.d/gitlab
@@ -79,12 +90,12 @@ sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6
 sudo chmod +x /etc/init.d/gitlab
 ```

-### 7. Start application
+### 8. Start application

    sudo service gitlab start
    sudo service nginx restart

-### 8. Check application status
+### 9. Check application status

 Check if GitLab and its environment are configured correctly: