Merge tag 'debian/13.12.8+ds1-1' into buster-fasttrack

gitlab Debian release 13.12.8+ds1-1
This commit is contained in:
Pirate Praveen 2021-07-09 00:42:48 +05:30
commit 0e116ca35e
12 changed files with 138 additions and 18 deletions

View file

@ -2,6 +2,23 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 13.12.8 (2021-07-07)
### Security (1 change)
- [Disable file and network premailer strategies](gitlab-org/security/gitlab@ee69d6d6950bb116cb31523ca805e78af431c25c) ([merge request](gitlab-org/security/gitlab!1545))
## 13.12.7 (2021-07-05)
### Fixed (2 changes)
- [Fix state value in the lfs_object_registry table](gitlab-org/gitlab@feca70558108299a9b7b499e4461b59b7c140ef7) ([merge request](gitlab-org/gitlab!65466)) **GitLab Enterprise Edition**
- [Fix pages deployment storage migration](gitlab-org/gitlab@4e806a7b5e0eef8d88bcdb68724c6b7bf3c08293) ([merge request](gitlab-org/gitlab!65366))
### Changed (1 change)
- [Move migration to a pre-deployment migration](gitlab-org/gitlab@d02fcd44b3dd797e18221e4e91ab913372bdf18a) ([merge request](gitlab-org/gitlab!65466)) **GitLab Enterprise Edition**
## 13.12.6 (2021-07-01) ## 13.12.6 (2021-07-01)
### Added (1 change) ### Added (1 change)

View file

@ -1 +1 @@
13.12.6 13.12.8

View file

@ -1 +1 @@
13.12.6 13.12.8

View file

@ -271,8 +271,12 @@ class Namespace < ApplicationRecord
# Includes projects from this namespace and projects from all subgroups # Includes projects from this namespace and projects from all subgroups
# that belongs to this namespace # that belongs to this namespace
def all_projects def all_projects
if Feature.enabled?(:recursive_approach_for_all_projects, default_enabled: :yaml)
namespace = user? ? self : self_and_descendants namespace = user? ? self : self_and_descendants
Project.where(namespace: namespace) Project.where(namespace: namespace)
else
Project.inside_path(full_path)
end
end end
# Includes pipelines from this namespace and pipelines from all subgroups # Includes pipelines from this namespace and pipelines from all subgroups

View file

@ -0,0 +1,8 @@
---
name: recursive_approach_for_all_projects
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64632
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334817
milestone: '14.1'
type: development
group: group::fulfillment
default_enabled: true

View file

@ -7,5 +7,6 @@ Premailer::Rails.config.merge!(
remove_comments: true, remove_comments: true,
remove_ids: false, remove_ids: false,
remove_scripts: false, remove_scripts: false,
output_encoding: 'US-ASCII' output_encoding: 'US-ASCII',
strategies: [:asset_pipeline]
) )

7
debian/changelog vendored
View file

@ -1,3 +1,10 @@
gitlab (13.12.8+ds1-1) experimental; urgency=medium
* New upstream security release 13.12.8+ds1
Fixes: Arbitrary file read via design feature (Severity: critical)
-- Pirate Praveen <praveen@debian.org> Thu, 08 Jul 2021 21:54:12 +0530
gitlab (13.12.6+ds1-1~fto10+1) buster-fasttrack; urgency=medium gitlab (13.12.6+ds1-1~fto10+1) buster-fasttrack; urgency=medium
* Rebuild for buster-fasttrack. * Rebuild for buster-fasttrack.

View file

@ -8,7 +8,7 @@ module Gitlab
end end
def migrate_to_remote_storage def migrate_to_remote_storage
logger.info('Starting transfer to remote storage') logger.info('Starting transfer to object storage')
migrate(items_with_files_stored_locally, ObjectStorage::Store::REMOTE) migrate(items_with_files_stored_locally, ObjectStorage::Store::REMOTE)
end end
@ -38,11 +38,11 @@ module Gitlab
end end
def log_success(item, store) def log_success(item, store)
logger.info("Transferred #{item.class.name} ID #{item.id} of type #{item.file_type} with size #{item.size} to #{storage_label(store)} storage") logger.info("Transferred #{item.class.name} ID #{item.id} with size #{item.size} to #{storage_label(store)} storage")
end end
def log_error(err, item) def log_error(err, item)
logger.warn("Failed to transfer #{item.class.name} of type #{item.file_type} and ID #{item.id} with error: #{err.message}") logger.warn("Failed to transfer #{item.class.name} ID #{item.id} with error: #{err.message}")
end end
def storage_label(store) def storage_label(store)

View file

@ -0,0 +1,14 @@
# frozen_string_literal: true
require 'spec_helper'
require 'support/shared_examples/lib/gitlab/local_and_remote_storage_migration_shared_examples'
RSpec.describe Gitlab::LocalAndRemoteStorageMigration::ArtifactMigrater do
before do
stub_artifacts_object_storage(enabled: true)
end
let!(:item) { create(:ci_job_artifact, :archive, file_store: start_store) }
it_behaves_like 'local and remote storage migration'
end

View file

@ -0,0 +1,14 @@
# frozen_string_literal: true
require 'spec_helper'
require 'support/shared_examples/lib/gitlab/local_and_remote_storage_migration_shared_examples'
RSpec.describe Gitlab::LocalAndRemoteStorageMigration::PagesDeploymentMigrater do
before do
stub_pages_object_storage(::Pages::DeploymentUploader, enabled: true)
end
let!(:item) { create(:pages_deployment, file_store: start_store) }
it_behaves_like 'local and remote storage migration'
end

View file

@ -1010,7 +1010,7 @@ RSpec.describe Namespace do
end end
end end
describe '#all_projects' do shared_examples '#all_projects' do
context 'when namespace is a group' do context 'when namespace is a group' do
let(:namespace) { create(:group) } let(:namespace) { create(:group) }
let(:child) { create(:group, parent: namespace) } let(:child) { create(:group, parent: namespace) }
@ -1019,12 +1019,6 @@ RSpec.describe Namespace do
it { expect(namespace.all_projects.to_a).to match_array([project2, project1]) } it { expect(namespace.all_projects.to_a).to match_array([project2, project1]) }
it { expect(child.all_projects.to_a).to match_array([project2]) } it { expect(child.all_projects.to_a).to match_array([project2]) }
it 'queries for the namespace and its descendants' do
expect(Project).to receive(:where).with(namespace: [namespace, child])
namespace.all_projects
end
end end
context 'when namespace is a user namespace' do context 'when namespace is a user namespace' do
@ -1033,13 +1027,21 @@ RSpec.describe Namespace do
let_it_be(:project) { create(:project, namespace: user_namespace) } let_it_be(:project) { create(:project, namespace: user_namespace) }
it { expect(user_namespace.all_projects.to_a).to match_array([project]) } it { expect(user_namespace.all_projects.to_a).to match_array([project]) }
it 'only queries for the namespace itself' do
expect(Project).to receive(:where).with(namespace: user_namespace)
user_namespace.all_projects
end end
end end
describe '#all_projects' do
context 'when recursive approach is enabled' do
include_examples '#all_projects'
end
context 'when recursive approach is disabled' do
before do
stub_feature_flags(recursive_approach_for_all_projects: false)
end
include_examples '#all_projects'
end
end end
describe '#all_pipelines' do describe '#all_pipelines' do

View file

@ -0,0 +1,53 @@
# frozen_string_literal: true
RSpec.shared_examples 'local and remote storage migration' do
let(:logger) { Logger.new("/dev/null") }
let(:migrater) { described_class.new(logger) }
using RSpec::Parameterized::TableSyntax
where(:start_store, :end_store, :method) do
ObjectStorage::Store::LOCAL | ObjectStorage::Store::REMOTE | :migrate_to_remote_storage
ObjectStorage::Store::REMOTE | ObjectStorage::Store::REMOTE | :migrate_to_remote_storage # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands
ObjectStorage::Store::REMOTE | ObjectStorage::Store::LOCAL | :migrate_to_local_storage
ObjectStorage::Store::LOCAL | ObjectStorage::Store::LOCAL | :migrate_to_local_storage # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands
end
with_them do
let(:storage_name) { end_store == ObjectStorage::Store::REMOTE ? 'object' : 'local' }
it 'successfully migrates' do
expect(logger).to receive(:info).with("Starting transfer to #{storage_name} storage")
if start_store != end_store
expect(logger).to receive(:info).with("Transferred #{item.class.name} ID #{item.id} with size #{item.size} to #{storage_name} storage")
end
expect(item.file_store).to eq(start_store)
migrater.send(method)
expect(item.reload.file_store).to eq(end_store)
end
end
context 'when migration fails' do
let(:start_store) { ObjectStorage::Store::LOCAL }
it 'prints error' do
expect_next_instance_of(item.file.class) do |file|
expect(file).to receive(:migrate!).and_raise("error message")
end
expect(logger).to receive(:info).with("Starting transfer to object storage")
expect(logger).to receive(:warn).with("Failed to transfer #{item.class.name} ID #{item.id} with error: error message")
expect(item.file_store).to eq(start_store)
migrater.migrate_to_remote_storage
expect(item.reload.file_store).to eq(start_store)
end
end
end