debian-mirror-gitlab/debian/patches/cve-2017-0882.patch

Description: Security patch for CVE-2017-0882
Author: Brian Neel
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
Last-Update: 2017-03-21
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -112,7 +112,7 @@
       end
 
       format.json do
-        render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
+        render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
       end
     end
 
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -278,7 +278,7 @@
                        @merge_request.target_project, @merge_request])
         end
         format.json do
-          render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
+          render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
         end
       end
     else
Add CVE patch 2017-03-21 14:56:56 +05:30			`Description: Security patch for CVE-2017-0882`
			`Author: Brian Neel`
			`Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661`
			`Last-Update: 2017-03-21`
			`---`
			`This patch header follows DEP-3: http://dep.debian.net/deps/dep3/`
			`--- a/app/controllers/projects/issues_controller.rb`
			`+++ b/app/controllers/projects/issues_controller.rb`
			`@@ -112,7 +112,7 @@`
			`end`

			`format.json do`
			`- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })`
			`+ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])`
			`end`
			`end`

			`--- a/app/controllers/projects/merge_requests_controller.rb`
			`+++ b/app/controllers/projects/merge_requests_controller.rb`
			`@@ -278,7 +278,7 @@`
			`@merge_request.target_project, @merge_request])`
			`end`
			`format.json do`
			`- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })`
			`+ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])`
			`end`
			`end`
			`else`