diff --git a/debian/changelog b/debian/changelog index d9d133cf77..3b9f0eed5e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +gitlab (9.2.10+dfsg-1) experimental; urgency=medium + + * New upstream release + * Move to contrib (packaging of node modules for front end is not complete) + * Use npm install for front end dependencies + + -- Pirate Praveen Fri, 01 Sep 2017 18:00:02 +0530 + gitlab (8.13.11+dfsg1-11) unstable; urgency=medium * Tighten dependency on ruby-truncato diff --git a/debian/control b/debian/control index 2aca9bd1b1..983b010257 100644 --- a/debian/control +++ b/debian/control @@ -1,5 +1,5 @@ Source: gitlab -Section: net +Section: contrib/net Priority: optional Maintainer: Debian Ruby Extras Maintainers Uploaders: Cédric Boutillier , @@ -32,9 +32,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, postfix | exim4 | mail-transport-agent, openssh-client, ucf, - gitlab-shell (>= 3.6.6-4~), + gitlab-shell (>= 5.0.4~), gitlab-workhorse (>= 0.8.5~), - ruby-rails (>= 2:4.2.7~), + ruby-rails (>= 2:4.2.8~), ruby-rails (<< 2:5), ruby-rails-deprecated-sanitizer (>= 1.0.3~), ruby-responders (>= 2.0~), @@ -46,21 +46,25 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, # Authentication libraries ruby-devise (>= 4.2~), ruby-doorkeeper (>= 4.0~), - ruby-omniauth (>= 1.3.1~), + ruby-doorkeeper-openid-connect, + ruby-omniauth (>= 1.4.2~), ruby-omniauth-auth0 (>= 1.4.1~), ruby-omniauth-azure-oauth2 (>= 0.0.6~), ruby-omniauth-bitbucket (>= 0.0.2~), - ruby-omniauth-cas3 (>= 1.1.2~), + ruby-omniauth-cas3 (>= 1.1.4~), ruby-omniauth-facebook (>= 4.0~), ruby-omniauth-github (>= 1.1.1~), ruby-omniauth-gitlab (>= 1.0.2~), ruby-omniauth-google-oauth2 (>= 0.4.1~), ruby-omniauth-kerberos (>= 0.3.0-3~), + ruby-omniauth-oauth2-generic, ruby-omniauth-saml (>= 1.7.0~), ruby-omniauth-shibboleth (>= 1.2.0~), ruby-omniauth-twitter (>= 1.2.0~), ruby-omniauth-crowd (>= 2.2.0~), + ruby-omniauth-authentiq, ruby-rack-oauth2 (>= 1.2.1~), + ruby-jwt (>= 1.5.6~), # Spam and anti-bot protection ruby-recaptcha (>= 3.0~), ruby-akismet, @@ -69,6 +73,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, ruby-rqrcode-rails3 (>= 0.1.7~), ruby-attr-encrypted (>= 3.0~), ruby-u2f, +# GitLab Pages + ruby-validates-hostname, # Browser detection ruby-browser (>= 2.2~), # Extracting information from a git repository @@ -81,25 +87,29 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, # Language detection ruby-github-linguist (>= 4.7.0~), # API - ruby-grape (>= 0.16.2-2~), + ruby-grape (>= 0.19.0~), ruby-grape-entity (>= 0.6~), ruby-rack-cors (>= 0.4.0~), +# Disable strong_params so that Mash does not respond to :permitted? + ruby-hashie-forbidden-attributes, # Pagination ruby-kaminari (>= 0.17~), # HAML ruby-hamlit (>= 2.7~), # Files attachments - ruby-carrierwave (>= 0.9~), + ruby-carrierwave (>= 1.0~), # Drag and Drop UI ruby-dropzonejs-rails (>= 0.7.1~), # for backups ruby-fog-aws (>= 0.9~), ruby-fog-azure, - ruby-fog-core (>= 1.40~), + ruby-fog-core (>= 1.44~), ruby-fog-local (>= 0.3~), - ruby-fog-google (>= 0.3~), + ruby-fog-google (>= 0.5~), ruby-fog-openstack (>= 0.1~), ruby-fog-rackspace, +# for Google storage + ruby-google-api-client, # for aws storage ruby-unf (>= 0.1.4-2~), # Authorization @@ -109,7 +119,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, # Markdown and HTML processing ruby-htmlentities (>= 4.3.3~), ruby-html-pipeline (>= 1.11.0), - ruby-task-list (>= 1.0.5~), + ruby-task-list (>= 1.0.6~), ruby-github-markup (>= 1.5.1~), ruby-redcarpet (>= 3.3.4~), ruby-redcloth (>= 4.3.2-2~), @@ -117,11 +127,12 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, ruby-creole (>= 0.5.0~), ruby-wikicloth (>= 0.8.1~), asciidoctor (>= 1.5.2~), + ruby-asciidoctor-plantuml (>= 0.0.7~), ruby-rouge (>= 2.0~), ruby-truncato (>= 0.7.9~), - ruby-nokogiri (>= 1.6.7.2~), + ruby-nokogiri (>= 1.7.1~), # Diffs - ruby-diffy (>= 3.0.3~), + ruby-diffy (>= 3.1~), # Application server unicorn (>= 5.1~), ruby-unicorn-worker-killer (>= 0.4.4~), @@ -133,33 +144,40 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, ruby-acts-as-taggable-on (>= 4.0~), # Background jobs ruby-sinatra (>= 1.4.7-4~), - ruby-sidekiq (>= 4.2~), - ruby-sidekiq-cron (>= 0.4.0~), + ruby-sidekiq (>= 5.0~), + ruby-sidekiq-cron (>= 0.4.4~), ruby-redis-namespace, + ruby-sidekiq-limit-fetch, # HTTP requests ruby-httparty (>= 0.13.3~), # Colored output to console ruby-rainbow (>= 2.1~), # GitLab settings ruby-settingslogic (>= 2.0.9~), +# Linear-time regex library for untrusted regular expressions + ruby-re2 (>= 1.0~), # Misc ruby-version-sorter (>= 2.1~), # Cache - ruby-redis-rails (>= 4.0.0~), + ruby-redis-rails (>= 5.0.1~), # Campfire integration ruby-tinder (>= 1.10.1-2~), # HipChat integration ruby-hipchat (>= 1.5.0~), +# JIRA integration + ruby-jira (>= 1.1.2), # Flowdock integration ruby-gitlab-flowdock-git-hook (>= 1.0.1-2~), # Gemnasium integration ruby-gemnasium-gitlab-service (>= 0.2~), # Slack integration - ruby-slack-notifier (>= 1.2.0~), + ruby-slack-notifier (>= 1.5.1~), # Asana integration ruby-asana (>= 0.4.0~), # FogBugz integration ruby-fogbugz (>= 0.2.1-3~), +# Kubernetes integration + ruby-kubeclient, # d3 ruby-d3-rails (>= 3.1~), #cal-heatmap @@ -174,7 +192,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, # Working with license ruby-licensee (>= 8.0.0-2~), # Protect against bruteforcing - ruby-rack-attack (>= 4.3.1~), + ruby-rack-attack (>= 4.4.1~), # Ace editor ruby-ace-rails-ap (>= 4.1~), # Keyboard shortcuts @@ -186,6 +204,9 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, # Parse time & duration ruby-chronic (>= 0.10.2-3~), ruby-chronic-duration, + ruby-webpack-rails, + npm, + ruby-rack-proxy, ruby-sass-rails (>= 5.0.6~), ruby-coffee-rails (>= 4.1.0~), ruby-coffee-script-source (>= 1.10.0~), @@ -194,7 +215,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, ruby-jquery-turbolinks (>= 2.1.0~), ruby-addressable (>= 2.3.8~), ruby-bootstrap-sass (>= 3.3.0~), - ruby-font-awesome-rails (>= 4.6.1~), + ruby-font-awesome-rails (>= 4.7~), ruby-gemojione (>= 3.0~), ruby-gon (>= 6.1~), ruby-jquery-atwho-rails (>= 1.3.2~), @@ -215,24 +236,32 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, ruby-connection-pool (>= 2.0~), ruby-sentry-raven (>= 2.0~), ruby-premailer-rails, +# I18n + ruby-parser (>= 3.8.2~), + ruby-gettext-i18n-rails, + ruby-gettext-i18n-rails-js, # ruby-actionmailer, ruby-mail (>= 2.5.4~), ruby-octokit (>= 4.3.0~), - ruby-mail-room (>= 0.8.1~), - ruby-email-reply-parser (>= 0.5.8~), + ruby-mail-room (>= 0.9.1~), + ruby-email-reply-trimmer (>= 0.1~), + ruby-html2text, ruby-prof (>= 0.16.2~), ## CI ruby-activerecord-session-store (>= 1.0~), ruby-nested-form (>= 0.3.2-2~), # OAuth - ruby-oauth2 (>= 1.2.0~), + ruby-oauth2 (>= 1.3~), # Soft deletion - ruby-paranoia (>= 2.0~), + ruby-paranoia (>= 2.2~), # Health check ruby-health-check (>= 2.1~), # System information - ruby-vmstat (>= 2.2.0~), + ruby-vmstat (>= 2.3~), ruby-sys-filesystem, +# Gitaly GRPC client + ruby-gitaly, + ruby-toml-rb, # Vendored js files libjs-jquery-cookie, libjs-jquery-history, @@ -240,7 +269,19 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, libjs-clipboard, libjs-chartjs, libjs-graphael, - libjs-fuzzaldrin-plus (>= 0.3.1+git.20161008.da2cb58+dfsg-4~) + libjs-fuzzaldrin-plus (>= 0.3.1+git.20161008.da2cb58+dfsg-4~), + node-lie, + phantomjs, + node-babel-core, + node-core-js, + node-exports-loader, + node-jed, + node-marked, + node-raw-loader, + node-stats-webpack-plugin, + node-underscore, + node-eslint-plugin-html, + node-file-loader Recommends: certbot Description: git powered software platform to collaborate on code (non-omnibus) gitlab provides web based interface to host source code and track issues. @@ -250,3 +291,6 @@ Description: git powered software platform to collaborate on code (non-omnibus) . Unlike the official package from GitLab Inc., this package does not use omnibus. + . + Note: Currently this package is in contrib because it depends on webpack + from contrib and uses npm to install front end dependencies. diff --git a/debian/gitlab.links b/debian/gitlab.links index 5e549bd8ad..1dec30a30d 100644 --- a/debian/gitlab.links +++ b/debian/gitlab.links @@ -1,6 +1,7 @@ var/lib/gitlab/public usr/share/gitlab/public var/lib/gitlab/shared usr/share/gitlab/shared var/lib/gitlab/db usr/share/gitlab/db +var/lib/gitlab/node_modules usr/share/gitlab/node_modules var/lib/gitlab/.ssh usr/share/gitlab/.ssh var/lib/gitlab/.bundle usr/share/gitlab/.bundle var/lib/gitlab/secrets.yml etc/gitlab/secrets.yml diff --git a/debian/install b/debian/install index 0d1e9464b9..02a563d3c4 100644 --- a/debian/install +++ b/debian/install @@ -28,18 +28,24 @@ features usr/share/gitlab fixtures usr/share/gitlab Gemfile usr/share/gitlab generator_templates usr/share/gitlab +GITLAB_PAGES_VERSION usr/share/gitlab +GITALY_SERVER_VERSION usr/share/gitlab GITLAB_SHELL_VERSION usr/share/gitlab GITLAB_WORKHORSE_VERSION usr/share/gitlab lib usr/share/gitlab +locale usr/share/gitlab MAINTENANCE.md usr/share/gitlab +package.json usr/share/gitlab PROCESS.md usr/share/gitlab Procfile usr/share/gitlab +rubocop usr/share/gitlab Rakefile usr/share/gitlab README.md usr/share/gitlab scripts usr/share/gitlab spec usr/share/gitlab vendor usr/share/gitlab VERSION usr/share/gitlab +yarn.lock usr/share/gitlab shared var/lib/gitlab public var/lib/gitlab db var/lib/gitlab diff --git a/debian/patches/0005-use-debian-omniauth-ldap.patch b/debian/patches/0005-use-debian-omniauth-ldap.patch index 85a10a5383..0a502713bb 100644 --- a/debian/patches/0005-use-debian-omniauth-ldap.patch +++ b/debian/patches/0005-use-debian-omniauth-ldap.patch @@ -1,11 +1,9 @@ Debian package contains gitlab patches Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/13280 -Index: gitlab/Gemfile -=================================================================== ---- gitlab.orig/Gemfile -+++ gitlab/Gemfile -@@ -56,7 +56,7 @@ gem 'gitlab_git', '~> 10.6.8' +--- a/Gemfile ++++ b/Gemfile +@@ -60,7 +60,7 @@ # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master diff --git a/debian/patches/0018-loosen-rdoc.patch b/debian/patches/0018-loosen-rdoc.patch deleted file mode 100644 index e6a8440bec..0000000000 --- a/debian/patches/0018-loosen-rdoc.patch +++ /dev/null @@ -1,13 +0,0 @@ -Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/2814 - ---- a/Gemfile -+++ b/Gemfile -@@ -104,7 +104,7 @@ - gem 'gitlab-markup', '~> 1.5.1' - gem 'redcarpet', '~> 3.3.3' - gem 'RedCloth', '~> 4.3.2' --gem 'rdoc', '~>3.6' -+gem 'rdoc', '~> 4.1' - gem 'org-ruby', '~> 0.9.12' - gem 'creole', '~> 0.5.0' - gem 'wikicloth', '0.8.1' diff --git a/debian/patches/0050-relax-stable-libs.patch b/debian/patches/0050-relax-stable-libs.patch index 10a81c0620..1a7ec297e4 100644 --- a/debian/patches/0050-relax-stable-libs.patch +++ b/debian/patches/0050-relax-stable-libs.patch @@ -3,20 +3,18 @@ gitlab Gemfile --- a/Gemfile +++ b/Gemfile -@@ -1,16 +1,16 @@ +@@ -1,15 +1,15 @@ source 'https://rubygems.org' --gem 'rails', '4.2.7.1' --gem 'rails-deprecated_sanitizer', '~> 1.0.3' -+gem 'rails', '~> 4.2', '>= 4.2.7.1' -+gem 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.3' +-gem 'rails', '4.2.8' ++gem 'rails', '~> 4.2.8' + gem 'rails-deprecated_sanitizer', '~> 1.0.3' # Responders respond_to and respond_with gem 'responders', '~> 2.0' -gem 'sprockets', '~> 3.7.0' +gem 'sprockets', '~> 3.7' - gem 'sprockets-es6', '~> 0.9.2' # Default values for AR models -gem 'default_value_for', '~> 3.0.0' @@ -24,42 +22,46 @@ gitlab Gemfile # Supported DBs gem 'mysql2', '~> 0.3.16', group: :mysql -@@ -18,22 +18,22 @@ +@@ -21,38 +21,38 @@ # Authentication libraries - gem 'devise', '~> 4.2' --gem 'doorkeeper', '~> 4.2.0' --gem 'omniauth', '~> 1.3.1' --gem 'omniauth-auth0', '~> 1.4.1' -+gem 'doorkeeper', '~> 4.2' -+gem 'omniauth', '~> 1.3', '>= 1.3.1' -+gem 'omniauth-auth0', '~> 1.4', '>= 1.4.1' - gem 'omniauth-azure-oauth2', '~> 0.0.6' - gem 'omniauth-bitbucket', '~> 0.0.2' --gem 'omniauth-cas3', '~> 1.1.2' --gem 'omniauth-facebook', '~> 4.0.0' --gem 'omniauth-github', '~> 1.1.1' --gem 'omniauth-gitlab', '~> 1.0.0' -+gem 'omniauth-cas3', '~> 1.1', '>= 1.1.2' -+gem 'omniauth-facebook', '~> 4.0' -+gem 'omniauth-github', '~> 1.1', '>= 1.1.1' -+gem 'omniauth-gitlab', '~> 1.0' + gem 'devise', '~> 4.2' +-gem 'doorkeeper', '~> 4.2.0' +-gem 'doorkeeper-openid_connect', '~> 1.1.0' +-gem 'omniauth', '~> 1.4.2' +-gem 'omniauth-auth0', '~> 1.4.1' ++gem 'doorkeeper', '~> 4.2' ++gem 'doorkeeper-openid_connect', '~> 1.1' ++gem 'omniauth', '~> 1.4', '>= 1.4.2' ++gem 'omniauth-auth0', '~> 1.4', '>= 1.4.1' + gem 'omniauth-azure-oauth2', '~> 0.0.6' +-gem 'omniauth-cas3', '~> 1.1.2' +-gem 'omniauth-facebook', '~> 4.0.0' +-gem 'omniauth-github', '~> 1.1.1' +-gem 'omniauth-gitlab', '~> 1.0.2' ++gem 'omniauth-cas3', '~> 1.1', '>= 1.1.2' ++gem 'omniauth-facebook', '~> 4.0' ++gem 'omniauth-github', '~> 1.1', '>= 1.1.1' ++gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2' gem 'omniauth-google-oauth2', '~> 0.4.1' - gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos --gem 'omniauth-saml', '~> 1.7.0' --gem 'omniauth-shibboleth', '~> 1.2.0' --gem 'omniauth-twitter', '~> 1.2.0' --gem 'omniauth_crowd', '~> 2.2.0' --gem 'rack-oauth2', '~> 1.2.1' -+gem 'omniauth-saml', '~> 1.7' -+gem 'omniauth-shibboleth', '~> 1.2' -+gem 'omniauth-twitter', '~> 1.2' -+gem 'omniauth_crowd', '~> 2.2' -+gem 'rack-oauth2', '~> 1.2', '>= 1.2.1' - gem 'jwt' + gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos + gem 'omniauth-oauth2-generic', '~> 0.2.2' +-gem 'omniauth-saml', '~> 1.7.0' +-gem 'omniauth-shibboleth', '~> 1.2.0' +-gem 'omniauth-twitter', '~> 1.2.0' +-gem 'omniauth_crowd', '~> 2.2.0' ++gem 'omniauth-saml', '~> 1.7' ++gem 'omniauth-shibboleth', '~> 1.2' ++gem 'omniauth-twitter', '~> 1.2' ++gem 'omniauth_crowd', '~> 2.2' + gem 'omniauth-authentiq', '~> 0.3.0' +-gem 'rack-oauth2', '~> 1.2.1' +-gem 'jwt', '~> 1.5.6' ++gem 'rack-oauth2', '~> 1.2', '>= 1.2.1' ++gem 'jwt', '~> 1.5', '>= 1.5.6' # Spam and anti-bot protection -@@ -41,9 +41,9 @@ + gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' gem 'akismet', '~> 2.0' # Two-factor authentication @@ -70,14 +72,13 @@ gitlab Gemfile +gem 'attr_encrypted', '~> 3.0' gem 'u2f', '~> 0.2.1' + # GitLab Pages +-gem 'validates_hostname', '~> 1.0.6' ++gem 'validates_hostname', '~> 1.0', '>= 1.0.6' + # Browser detection -@@ -51,12 +51,12 @@ - - # Extracting information from a git repository - # Provide access to Gitlab::Git library --gem 'gitlab_git', '~> 10.7.0' -+gem 'gitlab_git', '~> 10.7' - + gem 'browser', '~> 2.2' +@@ -60,7 +60,7 @@ # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master @@ -86,16 +87,16 @@ gitlab Gemfile # Git Wiki # Required manually in config/initializers/gollum.rb to control load order -@@ -64,7 +64,7 @@ - gem 'gollum-rugged_adapter', '~> 0.4.2', require: false +@@ -68,7 +68,7 @@ + gem 'gollum-rugged_adapter', '~> 0.4.4', require: false # Language detection -gem 'github-linguist', '~> 4.7.0', require: 'linguist' +gem 'github-linguist', '~> 4.7', require: 'linguist' # API - gem 'grape', '~> 0.15.0' -@@ -75,7 +75,7 @@ + gem 'grape', '~> 0.19.0' +@@ -82,7 +82,7 @@ gem 'kaminari', '~> 0.17.0' # HAML @@ -103,33 +104,29 @@ gitlab Gemfile +gem 'hamlit', '~> 2.6', '>= 2.6.1' # Files attachments - gem 'carrierwave', '~> 0.10.0' -@@ -96,39 +96,39 @@ - gem 'unf', '~> 0.1.4' - - # Seed data --gem 'seed-fu', '~> 2.3.5' -+gem 'seed-fu', '~> 2.3', '>= 2.3.5' + gem 'carrierwave', '~> 1.0' +@@ -108,37 +108,37 @@ + gem 'seed-fu', '~> 2.3.5' # Markdown and HTML processing --gem 'html-pipeline', '~> 1.11.0' --gem 'deckar01-task_list', '1.0.5', require: 'task_list/railtie' --gem 'gitlab-markup', '~> 1.5.1' --gem 'redcarpet', '~> 3.3.3' --gem 'RedCloth', '~> 4.3.2' -+gem 'html-pipeline', '~> 1.11' -+gem 'deckar01-task_list', '~> 1.0', '>= 1.0.5', require: 'task_list/railtie' -+gem 'gitlab-markup', '~> 1.5', '>= 1.5.1' -+gem 'redcarpet', '~> 3.3', '>= 3.3.3' -+gem 'RedCloth', '~> 4.3', '>= 4.3.2' - gem 'rdoc', '~> 4.1' - gem 'org-ruby', '~> 0.9.12' - gem 'creole', '~> 0.5.0' - gem 'wikicloth', '0.8.1' --gem 'asciidoctor', '~> 1.5.2' -+gem 'asciidoctor', '~> 1.5', '>= 1.5.2' - gem 'rouge', '~> 2.0' - gem 'truncato', '~> 0.7.8' +-gem 'html-pipeline', '~> 1.11.0' +-gem 'deckar01-task_list', '1.0.6', require: 'task_list/railtie' +-gem 'gitlab-markup', '~> 1.5.1' ++gem 'html-pipeline', '~> 1.11' ++gem 'deckar01-task_list', '~> 1.0', '>= 1.0.6', require: 'task_list/railtie' ++gem 'gitlab-markup', '~> 1.5','>= 1.5.1' + gem 'redcarpet', '~> 3.4' +-gem 'RedCloth', '~> 4.3.2' ++gem 'RedCloth', '~> 4.3', '>= 4.3.2' + gem 'rdoc', '~> 4.2' + gem 'org-ruby', '~> 0.9.12' + gem 'creole', '~> 0.5.0' + gem 'wikicloth', '0.8.1' +-gem 'asciidoctor', '~> 1.5.2' ++gem 'asciidoctor', '~> 1.5','>= 1.5.2' + gem 'asciidoctor-plantuml', '0.0.7' + gem 'rouge', '~> 2.0' + gem 'truncato', '~> 0.7.8' # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM @@ -137,8 +134,8 @@ gitlab Gemfile +gem 'nokogiri', '~> 1.6', '>= 1.6.7.2' # Diffs --gem 'diffy', '~> 3.0.3' -+gem 'diffy', '~> 3.0', '>= 3.0.3' +-gem 'diffy', '~> 3.1.0' ++gem 'diffy', '~> 3.1' # Application server group :unicorn do @@ -155,12 +152,17 @@ gitlab Gemfile # Issue tags gem 'acts-as-taggable-on', '~> 4.0' -@@ -136,39 +136,39 @@ +@@ -146,49 +146,49 @@ # Background jobs - gem 'sidekiq', '~> 4.2' - gem 'sidekiq-cron', '~> 0.4.0' + gem 'sidekiq', '~> 5.0' + gem 'sidekiq-cron', '~> 0.4.4' -gem 'redis-namespace', '~> 1.5.2' +gem 'redis-namespace', '~> 1.5', '>= 1.5.2' + gem 'sidekiq-limit_fetch', '~> 3.4' + + # Cron Parser +-gem 'rufus-scheduler', '~> 3.1.10' ++gem 'rufus-scheduler', '~> 3.1', '>= 3.1.10' # HTTP requests gem 'httparty', '~> 0.13.3' @@ -173,14 +175,18 @@ gitlab Gemfile -gem 'settingslogic', '~> 2.0.9' +gem 'settingslogic', '~> 2.0', '>= 2.0.9' + # Linear-time regex library for untrusted regular expressions +-gem 're2', '~> 1.0.0' ++gem 're2', '~> 1.0' + # Misc -gem 'version_sorter', '~> 2.1.0' +gem 'version_sorter', '~> 2.1' # Cache --gem 'redis-rails', '~> 4.0.0' -+gem 'redis-rails', '~> 4.0' +-gem 'redis-rails', '~> 5.0.1' ++gem 'redis-rails', '~> 5.0', '>= 5.0.1' # Redis gem 'redis', '~> 3.2' @@ -190,6 +196,10 @@ gitlab Gemfile -gem 'hipchat', '~> 1.5.0' +gem 'hipchat', '~> 1.5' + # JIRA integration +-gem 'jira-ruby', '~> 1.1.2' ++gem 'jira-ruby', '~> 1.1', '>= 1.1.2' + # Flowdock integration -gem 'gitlab-flowdock-git-hook', '~> 1.0.1' +gem 'gitlab-flowdock-git-hook', '~> 1.0', '>= 1.0.1' @@ -198,14 +208,18 @@ gitlab Gemfile gem 'gemnasium-gitlab-service', '~> 0.2' # Slack integration --gem 'slack-notifier', '~> 1.2.0' -+gem 'slack-notifier', '~> 1.2' +-gem 'slack-notifier', '~> 1.5.1' ++gem 'slack-notifier', '~> 1.5', '>= 1.5.1' # Asana integration - gem 'asana', '~> 0.4.0' -@@ -177,63 +177,63 @@ + gem 'asana', '~> 0.6.0' +@@ -197,38 +197,38 @@ gem 'ruby-fogbugz', '~> 0.2.1' + # Kubernetes integration +-gem 'kubeclient', '~> 2.2.0' ++gem 'kubeclient', '~> 2.2' + # d3 -gem 'd3_rails', '~> 3.5.0' +gem 'd3_rails', '~> 3.5' @@ -224,12 +238,12 @@ gitlab Gemfile +gem 'loofah', '~> 2.0', '>= 2.0.3' # Working with license --gem 'licensee', '~> 8.0.0' -+gem 'licensee', '~> 8.0' +-gem 'licensee', '~> 8.7.0' ++gem 'licensee', '~> 8.7' # Protect against bruteforcing --gem 'rack-attack', '~> 4.3.1' -+gem 'rack-attack', '~> 4.3', '>= 4.3.1' +-gem 'rack-attack', '~> 4.4.1' ++gem 'rack-attack', '~> 4.4', '>= 4.4.1' # Ace editor -gem 'ace-rails-ap', '~> 4.1.0' @@ -248,78 +262,98 @@ gitlab Gemfile # Parse time & duration gem 'chronic', '~> 0.10.2' - gem 'chronic_duration', '~> 0.10.6' +@@ -237,32 +237,32 @@ + gem 'webpack-rails', '~> 0.9.10' + gem 'rack-proxy', '~> 0.6.0' -gem 'sass-rails', '~> 5.0.6' -gem 'coffee-rails', '~> 4.1.0' -gem 'uglifier', '~> 2.7.2' +gem 'sass-rails', '~> 5.0', '>= 5.0.6' +gem 'coffee-rails', '~> 4.1' -+gem 'uglifier', '>= 2.7.2' - gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6' ++gem 'uglifier', '~> 2.7', '>= 2.7.2' --gem 'addressable', '~> 2.3.8' --gem 'bootstrap-sass', '~> 3.3.0' --gem 'font-awesome-rails', '~> 4.6.1' -+gem 'addressable', '~> 2.3', '>= 2.3.8' -+gem 'bootstrap-sass', '~> 3.3' -+gem 'font-awesome-rails', '~> 4.6', '>= 4.6.1' - gem 'gemojione', '~> 3.0' --gem 'gon', '~> 6.1.0' +-gem 'addressable', '~> 2.3.8' +-gem 'bootstrap-sass', '~> 3.3.0' ++gem 'addressable', '~> 2.3', '>= 2.3.8' ++gem 'bootstrap-sass', '~> 3.3' + gem 'font-awesome-rails', '~> 4.7' + gem 'gemojione', '~> 3.0' +-gem 'gon', '~> 6.1.0' -gem 'jquery-atwho-rails', '~> 1.3.2' --gem 'jquery-rails', '~> 4.1.0' --gem 'jquery-ui-rails', '~> 5.0.0' -+gem 'gon', '~> 6.1' +-gem 'jquery-rails', '~> 4.1.0' ++gem 'gon', '~> 6.1' +gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2' -+gem 'jquery-rails', '~> 4.1' -+gem 'jquery-ui-rails', '~> 5.0' - gem 'request_store', '~> 1.3' --gem 'select2-rails', '~> 3.5.9' --gem 'virtus', '~> 1.0.1' --gem 'net-ssh', '~> 3.0.1' -+gem 'select2-rails', '~> 3.5', '>= 3.5.9' -+gem 'virtus', '~> 1.0', '>= 1.0.1' -+gem 'net-ssh', '~> 3.0', '>= 3.0.1' - gem 'base32', '~> 0.3.0' ++gem 'jquery-rails', '~> 4.1' + gem 'request_store', '~> 1.3' +-gem 'select2-rails', '~> 3.5.9' +-gem 'virtus', '~> 1.0.1' +-gem 'net-ssh', '~> 3.0.1' ++gem 'select2-rails', '~> 3.5', '>= 3.5.9' ++gem 'virtus', '~> 1.0', '>= 1.0.1' ++gem 'net-ssh', '~> 3.0', '>= 3.0.1' + gem 'base32', '~> 0.3.0' # Sentry integration --gem 'sentry-raven', '~> 2.0.0' -+gem 'sentry-raven', '~> 2.0' +-gem 'sentry-raven', '~> 2.4.0' ++gem 'sentry-raven', '~> 2.4' -gem 'premailer-rails', '~> 1.9.0' +gem 'premailer-rails', '~> 1.9' + # I18n +-gem 'ruby_parser', '~> 3.8.4', require: false +-gem 'gettext_i18n_rails', '~> 1.8.0' +-gem 'gettext_i18n_rails_js', '~> 1.2.0' ++gem 'ruby_parser', '~> 3.8', '>= 3.8.4', require: false ++gem 'gettext_i18n_rails', '~> 1.8' ++gem 'gettext_i18n_rails_js', '~> 1.2' + gem 'gettext', '~> 3.2.2', require: false, group: :development + # Metrics - group :metrics do -@@ -323,7 +323,7 @@ +@@ -337,17 +337,17 @@ + end - gem 'newrelic_rpm', '~> 3.16' + group :test do +- gem 'shoulda-matchers', '~> 2.8.0', require: false +- gem 'email_spec', '~> 1.6.0' +- gem 'json-schema', '~> 2.6.2' ++ gem 'shoulda-matchers', '~> 2.8', require: false ++ gem 'email_spec', '~> 1.6' ++ gem 'json-schema', '~> 2.6', '>= 2.6.2' + gem 'webmock', '~> 1.24.0' + gem 'test_after_commit', '~> 1.1' +- gem 'sham_rack', '~> 1.3.6' ++ gem 'sham_rack', '~> 1.3', '>= 1.3.6' + gem 'timecop', '~> 0.8.0' +- gem 'concurrent-ruby', '~> 1.0.5' ++ gem 'concurrent-ruby', '~> 1.0','>= 1.0.5' + end --gem 'octokit', '~> 4.3.0' -+gem 'octokit', '~> 4.3' +-gem 'octokit', '~> 4.6.2' ++gem 'octokit', '~> 4.6', '>= 4.6.2' - gem 'mail_room', '~> 0.8.1' + gem 'mail_room', '~> 0.9.1' -@@ -332,18 +332,18 @@ +@@ -357,17 +357,17 @@ gem 'ruby-prof', '~> 0.16.2' - ## CI --gem 'activerecord-session_store', '~> 1.0.0' -+gem 'activerecord-session_store', '~> 1.0' - gem 'nested_form', '~> 0.3.2' - # OAuth --gem 'oauth2', '~> 1.2.0' -+gem 'oauth2', '~> 1.2' +-gem 'oauth2', '~> 1.3.0' ++gem 'oauth2', '~> 1.3' # Soft deletion - gem 'paranoia', '~> 2.0' + gem 'paranoia', '~> 2.2' # Health check --gem 'health_check', '~> 2.2.0' -+gem 'health_check', '~> 2.2' +-gem 'health_check', '~> 2.6.0' ++gem 'health_check', '~> 2.6' # System information - gem 'vmstat', '~> 2.2' +-gem 'vmstat', '~> 2.3.0' -gem 'sys-filesystem', '~> 1.1.6' ++gem 'vmstat', '~> 2.3' +gem 'sys-filesystem', '~> 1.1', '>= 1.1.6' + + # Gitaly GRPC client + gem 'gitaly', '~> 0.6.0' diff --git a/debian/patches/0100-remove-development-test.patch b/debian/patches/0100-remove-development-test.patch index 279396d181..46c887e97a 100644 --- a/debian/patches/0100-remove-development-test.patch +++ b/debian/patches/0100-remove-development-test.patch @@ -2,110 +2,74 @@ Bundler will fail when it can't find these locally --- a/Gemfile +++ b/Gemfile -@@ -242,87 +242,34 @@ +@@ -272,70 +272,6 @@ gem 'influxdb', '~> 0.2', require: false end -group :development do - gem 'foreman', '~> 0.78.0' -- gem 'brakeman', '~> 3.3.0', require: false +- gem 'brakeman', '~> 3.6.0', require: false - - gem 'letter_opener_web', '~> 1.3.0' -- gem 'rerun', '~> 0.11.0' -- gem 'bullet', '~> 5.2.0', require: false - gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false -- gem 'web-console', '~> 2.0' - - # Better errors handler -- gem 'better_errors', '~> 1.0.1' +- gem 'better_errors', '~> 2.1.0' - gem 'binding_of_caller', '~> 0.7.2' -+#group :development, :test do -+if ENV["INCLUDE_TEST_DEPENDS"] == "true" -+ gem 'database_cleaner', '~> 1.5' -+ gem 'factory_girl_rails', '~> 4.6' -+ gem 'rspec-rails', '~> 3.4' - -- # Docs generator -- gem 'sdoc', '~> 0.3.20' - - # thin instead webrick - gem 'thin', '~> 1.7.0' -end - -group :development, :test do -- gem 'byebug', '~> 8.2.1', platform: :mri +- gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] +- gem 'pry-byebug', '~> 3.4.1', platform: :mri - gem 'pry-rails', '~> 0.3.4' - - gem 'awesome_print', '~> 1.2.0', require: false - gem 'fuubar', '~> 2.0.0' - -- gem 'database_cleaner', '~> 1.5.0' -- gem 'factory_girl_rails', '~> 4.6.0' -- gem 'rspec-rails', '~> 3.5.0' -- gem 'rspec-retry', '~> 0.4.5' -- gem 'spinach-rails', '~> 0.2.1' +- gem 'database_cleaner', '~> 1.5.0' +- gem 'factory_girl_rails', '~> 4.7.0' +- gem 'rspec-rails', '~> 3.5.0' +- gem 'rspec-retry', '~> 0.4.5' +- gem 'spinach-rails', '~> 0.2.1' - gem 'spinach-rerun-reporter', '~> 0.0.2' -+ gem 'awesome_print', '~> 1.2', require: false -+ gem 'fuubar', '~> 2.0' - - # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) +- gem 'rspec_profiling', '~> 0.0.5' +- gem 'rspec-set', '~> 0.1.3' +- +- # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) - gem 'minitest', '~> 5.7.0' -+ gem 'minitest', '~> 5.7' - - # Generate Fake data -- gem 'ffaker', '~> 2.0.0' - -- gem 'capybara', '~> 2.6.2' +- # Generate Fake data +- gem 'ffaker', '~> 2.4' +- +- gem 'capybara', '~> 2.6.2' - gem 'capybara-screenshot', '~> 1.0.0' -- gem 'poltergeist', '~> 1.9.0' +- gem 'poltergeist', '~> 1.9.0' - -- gem 'teaspoon', '~> 1.1.0' -- gem 'teaspoon-jasmine', '~> 2.2.0' +- gem 'spring', '~> 2.0.0' +- gem 'spring-commands-rspec', '~> 1.0.4' +- gem 'spring-commands-spinach', '~> 1.1.0' - -- gem 'spring', '~> 1.7.0' -- gem 'spring-commands-rspec', '~> 1.0.4' -- gem 'spring-commands-spinach', '~> 1.1.0' -- gem 'spring-commands-teaspoon', '~> 0.0.2' -- -- gem 'rubocop', '~> 0.43.0', require: false -- gem 'rubocop-rspec', '~> 1.5.0', require: false +- gem 'rubocop', '~> 0.47.1', require: false +- gem 'rubocop-rspec', '~> 1.15.0', require: false - gem 'scss_lint', '~> 0.47.0', require: false -- gem 'haml_lint', '~> 0.18.2', require: false -- gem 'simplecov', '0.12.0', require: false -- gem 'flay', '~> 2.6.1', require: false +- gem 'haml_lint', '~> 0.21.0', require: false +- gem 'simplecov', '~> 0.14.0', require: false +- gem 'flay', '~> 2.8.0', require: false - gem 'bundler-audit', '~> 0.5.0', require: false - - gem 'benchmark-ips', '~> 2.3.0', require: false -+ gem 'ffaker', '~> 2.0' - +- - gem 'license_finder', '~> 2.1.0', require: false - gem 'knapsack', '~> 1.11.0' - - gem 'activerecord_sane_schema_dumper', '0.2' +- +- gem 'stackprof', '~> 0.2.10' -end - --group :test do -- gem 'shoulda-matchers', '~> 2.8.0', require: false -- gem 'email_spec', '~> 1.6.0' -- gem 'json-schema', '~> 2.6.2' -- gem 'webmock', '~> 1.21.0' -- gem 'test_after_commit', '~> 0.4.2' -- gem 'sham_rack', '~> 1.3.6' -+ gem 'capybara', '~> 2.5' -+ gem 'capybara-screenshot', '~> 1.0' -+ gem 'poltergeist', '~> 1.9' -+ -+ gem 'license_finder', '~> 2.1', require: false -+ gem 'shoulda-matchers', '~> 2.8', require: false -+ gem 'email_spec', '~> 1.6' -+ gem 'json-schema', '~> 2.6', '>= 2.6.2' -+ gem 'webmock', '~> 1.21' -+ gem 'sham_rack', '~> 1.3', '>= 1.3.6' - gem 'timecop', '~> 0.8.0' - end - --gem 'newrelic_rpm', '~> 3.16' -- - gem 'octokit', '~> 4.3' - - gem 'mail_room', '~> 0.8.1' + group :test do + gem 'shoulda-matchers', '~> 2.8', require: false + gem 'email_spec', '~> 1.6' diff --git a/debian/patches/0108-make-mysql-optional.patch b/debian/patches/0108-make-mysql-optional.patch index cd2dc042ae..963115fbb3 100644 --- a/debian/patches/0108-make-mysql-optional.patch +++ b/debian/patches/0108-make-mysql-optional.patch @@ -7,11 +7,9 @@ Subject: [PATCH] allow specifying DB choice via ENV variable Gemfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -Index: gitlab/Gemfile -=================================================================== ---- gitlab.orig/Gemfile -+++ gitlab/Gemfile -@@ -13,8 +13,9 @@ gem 'sprockets-es6', '~> 0.9.2' +--- a/Gemfile ++++ b/Gemfile +@@ -12,8 +12,9 @@ gem 'default_value_for', '~> 3.0' # Supported DBs @@ -21,5 +19,5 @@ Index: gitlab/Gemfile +gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql" +gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres" - # Authentication libraries - gem 'devise', '~> 4.2' + gem 'rugged', '~> 0.25.1.1' + diff --git a/debian/patches/0110-make-test-dependencies-conditional.patch b/debian/patches/0110-make-test-dependencies-conditional.patch new file mode 100644 index 0000000000..bd88d1305c --- /dev/null +++ b/debian/patches/0110-make-test-dependencies-conditional.patch @@ -0,0 +1,12 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -273,7 +273,8 @@ + gem 'influxdb', '~> 0.2', require: false + end + +-group :test do ++#group :test do ++if ENV["INCLUDE_TEST_DEPENDS"] == "true" + gem 'shoulda-matchers', '~> 2.8', require: false + gem 'email_spec', '~> 1.6' + gem 'json-schema', '~> 2.6', '>= 2.6.2' diff --git a/debian/patches/0210-use-jquery-ui-rails6.patch b/debian/patches/0210-use-jquery-ui-rails6.patch deleted file mode 100644 index ab63aef14c..0000000000 --- a/debian/patches/0210-use-jquery-ui-rails6.patch +++ /dev/null @@ -1,41 +0,0 @@ -adapt gitlab to use jquery-ui 6 directory structure - ---- a/Gemfile -+++ b/Gemfile -@@ -224,7 +224,7 @@ - gem 'gon', '~> 6.1' - gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2' - gem 'jquery-rails', '~> 4.1' --gem 'jquery-ui-rails', '~> 5.0' -+gem 'jquery-ui-rails', '~> 6.0' - gem 'request_store', '~> 1.3' - gem 'select2-rails', '~> 3.5', '>= 3.5.9' - gem 'virtus', '~> 1.0', '>= 1.0.1' ---- a/app/assets/javascripts/application.js -+++ b/app/assets/javascripts/application.js -@@ -5,11 +5,11 @@ - // the compiled file. - // - /*= require jquery2 */ --/*= require jquery-ui/autocomplete */ --/*= require jquery-ui/datepicker */ --/*= require jquery-ui/draggable */ --/*= require jquery-ui/effect-highlight */ --/*= require jquery-ui/sortable */ -+/*= require jquery-ui/widgets/autocomplete */ -+/*= require jquery-ui/widgets/datepicker */ -+/*= require jquery-ui/widgets/draggable */ -+/*= require jquery-ui/effects/effect-highlight */ -+/*= require jquery-ui/widgets/sortable */ - /*= require jquery_ujs */ - /*= require jquery.cookie */ - /*= require jquery.endless-scroll */ ---- a/spec/javascripts/new_branch_spec.js -+++ b/spec/javascripts/new_branch_spec.js -@@ -1,5 +1,5 @@ - --/*= require jquery-ui/autocomplete */ -+/*= require jquery-ui/widgets/autocomplete */ - /*= require new_branch_form */ - - (function() { diff --git a/debian/patches/0220-relax-dependencies.patch b/debian/patches/0220-relax-dependencies.patch index 1d8fbc0361..6a2ab70210 100644 --- a/debian/patches/0220-relax-dependencies.patch +++ b/debian/patches/0220-relax-dependencies.patch @@ -1,29 +1,20 @@ --- a/Gemfile +++ b/Gemfile -@@ -172,7 +172,7 @@ - gem 'slack-notifier', '~> 1.2' - - # Asana integration --gem 'asana', '~> 0.4.0' -+gem 'asana', '~> 0.4' - - # FogBugz integration - gem 'ruby-fogbugz', '~> 0.2.1' -@@ -228,7 +228,7 @@ - gem 'request_store', '~> 1.3' - gem 'select2-rails', '~> 3.5', '>= 3.5.9' - gem 'virtus', '~> 1.0', '>= 1.0.1' --gem 'net-ssh', '~> 3.0', '>= 3.0.1' -+gem 'net-ssh', '~> 4.0' - gem 'base32', '~> 0.3.0' +@@ -252,7 +252,7 @@ + gem 'request_store', '~> 1.3' + gem 'select2-rails', '~> 3.5', '>= 3.5.9' + gem 'virtus', '~> 1.0', '>= 1.0.1' +-gem 'net-ssh', '~> 3.0', '>= 3.0.1' ++gem 'net-ssh', '~> 4.0' + gem 'base32', '~> 0.3.0' # Sentry integration -@@ -266,7 +266,7 @@ +@@ -278,7 +278,7 @@ gem 'shoulda-matchers', '~> 2.8', require: false gem 'email_spec', '~> 1.6' gem 'json-schema', '~> 2.6', '>= 2.6.2' -- gem 'webmock', '~> 1.21' -+ gem 'webmock', '>= 1.21' +- gem 'webmock', '~> 1.24.0' ++ gem 'webmock', '>= 1.24.0' + gem 'test_after_commit', '~> 1.1' gem 'sham_rack', '~> 1.3', '>= 1.3.6' gem 'timecop', '~> 0.8.0' - end diff --git a/debian/patches/0230-relax-rugged.patch b/debian/patches/0230-relax-rugged.patch new file mode 100644 index 0000000000..b6b3efbdfd --- /dev/null +++ b/debian/patches/0230-relax-rugged.patch @@ -0,0 +1,20 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -16,7 +16,7 @@ + gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql" + gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres" + +-gem 'rugged', '~> 0.25.1.1' ++gem 'rugged', '~> 0.24.0' + + gem 'faraday', '~> 0.11.0' + +@@ -66,7 +66,7 @@ + # Git Wiki + # Required manually in config/initializers/gollum.rb to control load order + gem 'gollum-lib', '~> 4.2', require: false +-gem 'gollum-rugged_adapter', '~> 0.4.4', require: false ++gem 'gollum-rugged_adapter', '~> 0.4.2', require: false + + # Language detection + gem 'github-linguist', '~> 4.7', require: 'linguist' diff --git a/debian/patches/0240-relax-google-api-client.patch b/debian/patches/0240-relax-google-api-client.patch new file mode 100644 index 0000000000..c3cada96c1 --- /dev/null +++ b/debian/patches/0240-relax-google-api-client.patch @@ -0,0 +1,11 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -100,7 +100,7 @@ + gem 'fog-rackspace', '~> 0.1.1' + + # for Google storage +-gem 'google-api-client', '~> 0.8.6' ++gem 'google-api-client', '~> 0.8' + + # for aws storage + gem 'unf', '~> 0.1.4' diff --git a/debian/patches/0250-relax-licensee.patch b/debian/patches/0250-relax-licensee.patch new file mode 100644 index 0000000000..2ae1ab8aef --- /dev/null +++ b/debian/patches/0250-relax-licensee.patch @@ -0,0 +1,11 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -214,7 +214,7 @@ + gem 'loofah', '~> 2.0', '>= 2.0.3' + + # Working with license +-gem 'licensee', '~> 8.7' ++gem 'licensee', '~> 8.0' + + # Protect against bruteforcing + gem 'rack-attack', '~> 4.4', '>= 4.4.1' diff --git a/debian/patches/0260-relax-ruby-parser.patch b/debian/patches/0260-relax-ruby-parser.patch new file mode 100644 index 0000000000..4dd86f241b --- /dev/null +++ b/debian/patches/0260-relax-ruby-parser.patch @@ -0,0 +1,11 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -261,7 +261,7 @@ + gem 'premailer-rails', '~> 1.9' + + # I18n +-gem 'ruby_parser', '~> 3.8', '>= 3.8.4', require: false ++gem 'ruby_parser', '~> 3.8', '>= 3.8.2', require: false + gem 'gettext_i18n_rails', '~> 1.8' + gem 'gettext_i18n_rails_js', '~> 1.2' + gem 'gettext', '~> 3.2.2', require: false, group: :development diff --git a/debian/patches/0270-relax-toml-rb.patch b/debian/patches/0270-relax-toml-rb.patch new file mode 100644 index 0000000000..632d50bde7 --- /dev/null +++ b/debian/patches/0270-relax-toml-rb.patch @@ -0,0 +1,8 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -310,4 +310,4 @@ + # Gitaly GRPC client + gem 'gitaly', '~> 0.6.0' + +-gem 'toml-rb', '~> 0.3.15', require: false ++gem 'toml-rb', '>= 0.3.15', require: false diff --git a/debian/patches/0280-relax-pg.patch b/debian/patches/0280-relax-pg.patch new file mode 100644 index 0000000000..900e4959fa --- /dev/null +++ b/debian/patches/0280-relax-pg.patch @@ -0,0 +1,11 @@ +--- a/Gemfile ++++ b/Gemfile +@@ -14,7 +14,7 @@ + # Supported DBs + ENV["DB"] ||= "mysql" + gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql" +-gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres" ++gem "pg", '~> 0.18' if ENV["DB"] == "all" || ENV["DB"] == "postgres" + + gem 'rugged', '~> 0.24.0' + diff --git a/debian/patches/0300-git-2-11-support.patch b/debian/patches/0300-git-2-11-support.patch deleted file mode 100644 index b613f3301d..0000000000 --- a/debian/patches/0300-git-2-11-support.patch +++ /dev/null @@ -1,438 +0,0 @@ -From daf83fa62c940b0da7dc4e0893586b6a9a2dbbf9 Mon Sep 17 00:00:00 2001 -From: Douglas Barbosa Alexandre -Date: Mon, 19 Dec 2016 09:37:16 +0000 -Subject: [PATCH 1/3] [8.13 Backport] Merge branch - '25301-git-2.11-force-push-bug' into 'master' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Accept environment variables from the `pre-receive` script - -1. Starting version 2.11, git changed the way the pre-receive flow works. - - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. -2. In our workflow, the pre-recieve script (in `gitlab-shell`) calls the - `/allowed` endpoint, which calls out directly to git to perform - various checks. These direct calls to git do _not_ have the necessary - environment variables set which allow access to the "alternate object - directory" (explained above). Therefore these calls to git are not able to - access any of the new potential objects to be added during this push. - -3. We fix this by accepting the relevant environment variables - (`GIT_ALTERNATE_OBJECT_DIRECTORIES`, `GIT_OBJECT_DIRECTORY`, and - `GIT_QUARANTINE_PATH`) on the `/allowed` endpoint, and then include - these environment variables while calling out to git. - -4. This commit includes these environment variables while making the "force - push" check. - -See https://gitlab.com/gitlab-org/gitlab-shell/merge_requests/120 - -Signed-off-by: Rémy Coutable ---- - .../unreleased/25301-git-2-11-force-push-bug.yml | 4 ++ - lib/api/internal.rb | 14 +++++- - lib/gitlab/checks/change_access.rb | 5 +- - lib/gitlab/checks/force_push.rb | 11 +++-- - lib/gitlab/git/rev_list.rb | 42 +++++++++++++++++ - lib/gitlab/git_access.rb | 5 +- - lib/gitlab/popen.rb | 4 +- - spec/lib/gitlab/checks/force_push_spec.rb | 19 ++++++++ - spec/lib/gitlab/git/rev_list_spec.rb | 53 ++++++++++++++++++++++ - 9 files changed, 147 insertions(+), 10 deletions(-) - create mode 100644 changelogs/unreleased/25301-git-2-11-force-push-bug.yml - create mode 100644 lib/gitlab/git/rev_list.rb - create mode 100644 spec/lib/gitlab/checks/force_push_spec.rb - create mode 100644 spec/lib/gitlab/git/rev_list_spec.rb - -diff --git a/changelogs/unreleased/25301-git-2-11-force-push-bug.yml b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml -new file mode 100644 -index 0000000..afe5772 ---- /dev/null -+++ b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml -@@ -0,0 +1,4 @@ -+--- -+title: Accept environment variables from the `pre-receive` script -+merge_request: 7967 -+author: -diff --git a/lib/api/internal.rb b/lib/api/internal.rb -index 9a5d1ec..89e47a7 100644 ---- a/lib/api/internal.rb -+++ b/lib/api/internal.rb -@@ -43,6 +43,14 @@ module API - :push_code - ] - end -+ -+ def parse_allowed_environment_variables -+ return if params[:env].blank? -+ -+ JSON.parse(params[:env]) -+ -+ rescue JSON::ParserError -+ end - end - - post "/allowed" do -@@ -61,7 +69,11 @@ module API - if wiki? - Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) - else -- Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) -+ Gitlab::GitAccess.new(actor, -+ project, -+ protocol, -+ authentication_abilities: ssh_authentication_abilities, -+ env: parse_allowed_environment_variables) - end - - access_status = access.check(params[:action], params[:changes]) -diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb -index cb10652..3d20301 100644 ---- a/lib/gitlab/checks/change_access.rb -+++ b/lib/gitlab/checks/change_access.rb -@@ -3,11 +3,12 @@ module Gitlab - class ChangeAccess - attr_reader :user_access, :project - -- def initialize(change, user_access:, project:) -+ def initialize(change, user_access:, project:, env: {}) - @oldrev, @newrev, @ref = change.values_at(:oldrev, :newrev, :ref) - @branch_name = Gitlab::Git.branch_name(@ref) - @user_access = user_access - @project = project -+ @env = env - end - - def exec -@@ -68,7 +69,7 @@ module Gitlab - end - - def forced_push? -- Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev) -+ Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev, env: @env) - end - - def matching_merge_request? -diff --git a/lib/gitlab/checks/force_push.rb b/lib/gitlab/checks/force_push.rb -index 5fe8655..de0c904 100644 ---- a/lib/gitlab/checks/force_push.rb -+++ b/lib/gitlab/checks/force_push.rb -@@ -1,15 +1,20 @@ - module Gitlab - module Checks - class ForcePush -- def self.force_push?(project, oldrev, newrev) -+ def self.force_push?(project, oldrev, newrev, env: {}) - return false if project.empty_repo? - - # Created or deleted branch - if Gitlab::Git.blank_ref?(oldrev) || Gitlab::Git.blank_ref?(newrev) - false - else -- missed_ref, _ = Gitlab::Popen.popen(%W(#{Gitlab.config.git.bin_path} --git-dir=#{project.repository.path_to_repo} rev-list --max-count=1 #{oldrev} ^#{newrev})) -- missed_ref.present? -+ missed_ref, exit_status = Gitlab::Git::RevList.new(oldrev, newrev, project: project, env: env).execute -+ -+ if exit_status == 0 -+ missed_ref.present? -+ else -+ raise "Got a non-zero exit code while calling out to `git rev-list` in the force-push check." -+ end - end - end - end -diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb -new file mode 100644 -index 0000000..25e9d61 ---- /dev/null -+++ b/lib/gitlab/git/rev_list.rb -@@ -0,0 +1,42 @@ -+module Gitlab -+ module Git -+ class RevList -+ attr_reader :project, :env -+ -+ ALLOWED_VARIABLES = %w[GIT_OBJECT_DIRECTORY GIT_ALTERNATE_OBJECT_DIRECTORIES].freeze -+ -+ def initialize(oldrev, newrev, project:, env: nil) -+ @project = project -+ @env = env.presence || {} -+ @args = [Gitlab.config.git.bin_path, -+ "--git-dir=#{project.repository.path_to_repo}", -+ "rev-list", -+ "--max-count=1", -+ oldrev, -+ "^#{newrev}"] -+ end -+ -+ def execute -+ Gitlab::Popen.popen(@args, nil, parse_environment_variables) -+ end -+ -+ def valid? -+ environment_variables.all? do |(name, value)| -+ value.start_with?(project.repository.path_to_repo) -+ end -+ end -+ -+ private -+ -+ def parse_environment_variables -+ return {} unless valid? -+ -+ environment_variables -+ end -+ -+ def environment_variables -+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES) -+ end -+ end -+ end -+end -diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb -index bcbf645..74e8713 100644 ---- a/lib/gitlab/git_access.rb -+++ b/lib/gitlab/git_access.rb -@@ -17,12 +17,13 @@ module Gitlab - - attr_reader :actor, :project, :protocol, :user_access, :authentication_abilities - -- def initialize(actor, project, protocol, authentication_abilities:) -+ def initialize(actor, project, protocol, authentication_abilities:, env: {}) - @actor = actor - @project = project - @protocol = protocol - @authentication_abilities = authentication_abilities - @user_access = UserAccess.new(user, project: project) -+ @env = env - end - - def check(cmd, changes) -@@ -99,7 +100,7 @@ module Gitlab - end - - def change_access_check(change) -- Checks::ChangeAccess.new(change, user_access: user_access, project: project).exec -+ Checks::ChangeAccess.new(change, user_access: user_access, project: project, env: @env).exec - end - - def protocol_allowed? -diff --git a/lib/gitlab/popen.rb b/lib/gitlab/popen.rb -index cc74bb2..4bc5cda 100644 ---- a/lib/gitlab/popen.rb -+++ b/lib/gitlab/popen.rb -@@ -5,13 +5,13 @@ module Gitlab - module Popen - extend self - -- def popen(cmd, path = nil) -+ def popen(cmd, path = nil, vars = {}) - unless cmd.is_a?(Array) - raise "System commands must be given as an array of strings" - end - - path ||= Dir.pwd -- vars = { "PWD" => path } -+ vars['PWD'] = path - options = { chdir: path } - - unless File.directory?(path) -diff --git a/spec/lib/gitlab/checks/force_push_spec.rb b/spec/lib/gitlab/checks/force_push_spec.rb -new file mode 100644 -index 0000000..f628801 ---- /dev/null -+++ b/spec/lib/gitlab/checks/force_push_spec.rb -@@ -0,0 +1,19 @@ -+require 'spec_helper' -+ -+describe Gitlab::Checks::ChangeAccess, lib: true do -+ let(:project) { create(:project) } -+ -+ context "exit code checking" do -+ it "does not raise a runtime error if the `popen` call to git returns a zero exit code" do -+ allow(Gitlab::Popen).to receive(:popen).and_return(['normal output', 0]) -+ -+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.not_to raise_error -+ end -+ -+ it "raises a runtime error if the `popen` call to git returns a non-zero exit code" do -+ allow(Gitlab::Popen).to receive(:popen).and_return(['error', 1]) -+ -+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.to raise_error(RuntimeError) -+ end -+ end -+end -diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb -new file mode 100644 -index 0000000..444639a ---- /dev/null -+++ b/spec/lib/gitlab/git/rev_list_spec.rb -@@ -0,0 +1,53 @@ -+require 'spec_helper' -+ -+describe Gitlab::Git::RevList, lib: true do -+ let(:project) { create(:project) } -+ -+ context "validations" do -+ described_class::ALLOWED_VARIABLES.each do |var| -+ context var do -+ it "accepts values starting with the project repo path" do -+ env = { var => "#{project.repository.path_to_repo}/objects" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).to be_valid -+ end -+ -+ it "rejects values starting not with the project repo path" do -+ env = { var => "/some/other/path" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).not_to be_valid -+ end -+ -+ it "rejects values containing the project repo path but not starting with it" do -+ env = { var => "/some/other/path/#{project.repository.path_to_repo}" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).not_to be_valid -+ end -+ end -+ end -+ end -+ -+ context "#execute" do -+ let(:env) { { "GIT_OBJECT_DIRECTORY" => project.repository.path_to_repo } } -+ let(:rev_list) { Gitlab::Git::RevList.new('oldrev', 'newrev', project: project, env: env) } -+ -+ it "calls out to `popen` without environment variables if the record is invalid" do -+ allow(rev_list).to receive(:valid?).and_return(false) -+ -+ expect(Open3).to receive(:popen3).with(hash_excluding(env), any_args) -+ -+ rev_list.execute -+ end -+ -+ it "calls out to `popen` with environment variables if the record is valid" do -+ allow(rev_list).to receive(:valid?).and_return(true) -+ -+ expect(Open3).to receive(:popen3).with(hash_including(env), any_args) -+ -+ rev_list.execute -+ end -+ end -+end --- -2.10.2 - - -From 0ce20138298eaebfb9e8225d21e7b0088716e5ad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?R=C3=A9my=20Coutable?= -Date: Tue, 20 Dec 2016 09:45:37 +0100 -Subject: [PATCH 2/3] Reject blank environment vcariables in - Gitlab::Git::RevList -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Rémy Coutable ---- - lib/gitlab/git/rev_list.rb | 4 ++-- - spec/lib/gitlab/git/rev_list_spec.rb | 7 +++++++ - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb -index 25e9d61..79dd0cf 100644 ---- a/lib/gitlab/git/rev_list.rb -+++ b/lib/gitlab/git/rev_list.rb -@@ -22,7 +22,7 @@ module Gitlab - - def valid? - environment_variables.all? do |(name, value)| -- value.start_with?(project.repository.path_to_repo) -+ value.to_s.start_with?(project.repository.path_to_repo) - end - end - -@@ -35,7 +35,7 @@ module Gitlab - end - - def environment_variables -- @environment_variables ||= env.slice(*ALLOWED_VARIABLES) -+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES).compact - end - end - end -diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb -index 444639a..1f9c987 100644 ---- a/spec/lib/gitlab/git/rev_list_spec.rb -+++ b/spec/lib/gitlab/git/rev_list_spec.rb -@@ -26,6 +26,13 @@ describe Gitlab::Git::RevList, lib: true do - - expect(rev_list).not_to be_valid - end -+ -+ it "ignores nil values" do -+ env = { var => nil } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).to be_valid -+ end - end - end - end --- -2.10.2 - - -From b54b031638e7a98c1e51b369cff53602db40e4b0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?R=C3=A9my=20Coutable?= -Date: Mon, 6 Feb 2017 10:04:21 +0100 -Subject: [PATCH 3/3] Update gitlab-shell to 3.6.7 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Rémy Coutable ---- - changelogs/unreleased/use-gitlab-shell-3-6-7.yml | 4 ++++ - doc/update/8.12-to-8.13.md | 4 ++-- - 3 files changed, 7 insertions(+), 3 deletions(-) - create mode 100644 changelogs/unreleased/use-gitlab-shell-3-6-7.yml - -diff --git a/changelogs/unreleased/use-gitlab-shell-3-6-7.yml b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml -new file mode 100644 -index 0000000..c6600ce ---- /dev/null -+++ b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml -@@ -0,0 +1,4 @@ -+--- -+title: Use gitlab-shell v3.6.7 -+merge_request: -+author: -diff --git a/doc/update/8.12-to-8.13.md b/doc/update/8.12-to-8.13.md -index c0084d9..6457ec9 100644 ---- a/doc/update/8.12-to-8.13.md -+++ b/doc/update/8.12-to-8.13.md -@@ -72,7 +72,7 @@ sudo -u git -H git checkout 8-13-stable-ee - ```bash - cd /home/git/gitlab-shell - sudo -u git -H git fetch --all --tags --sudo -u git -H git checkout v3.6.6 -+sudo -u git -H git checkout v3.6.7 - ``` - - ### 6. Update gitlab-workhorse -@@ -166,7 +166,7 @@ See [smtp_settings.rb.sample] as an example. - Ensure you're still up-to-date with the latest init script changes: - - sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab -- -+ - For Ubuntu 16.04.1 LTS: - - sudo systemctl daemon-reload --- -2.10.2 - diff --git a/debian/patches/0400-use-npm-webpack.patch b/debian/patches/0400-use-npm-webpack.patch new file mode 100644 index 0000000000..4c94e944e8 --- /dev/null +++ b/debian/patches/0400-use-npm-webpack.patch @@ -0,0 +1,13 @@ +--- a/package.json ++++ b/package.json +@@ -8,8 +8,8 @@ + "karma": "karma start config/karma.config.js --single-run", + "karma-coverage": "BABEL_ENV=coverage karma start config/karma.config.js --single-run", + "karma-start": "karma start config/karma.config.js", +- "webpack": "webpack --config config/webpack.config.js", +- "webpack-prod": "NODE_ENV=production webpack --config config/webpack.config.js" ++ "webpack": "NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js", ++ "webpack-prod": "NODE_ENV=production NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js" + }, + "dependencies": { + "babel-core": "^6.22.1", diff --git a/debian/patches/0410-set-webpack-root.patch b/debian/patches/0410-set-webpack-root.patch new file mode 100644 index 0000000000..5fc65a4930 --- /dev/null +++ b/debian/patches/0410-set-webpack-root.patch @@ -0,0 +1,11 @@ +--- a/config/webpack.config.js ++++ b/config/webpack.config.js +@@ -8,7 +8,7 @@ + var BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin; + var WatchMissingNodeModulesPlugin = require('react-dev-utils/WatchMissingNodeModulesPlugin'); + +-var ROOT_PATH = path.resolve(__dirname, '..'); ++var ROOT_PATH = '/usr/share/gitlab'; + var IS_PRODUCTION = process.env.NODE_ENV === 'production'; + var IS_DEV_SERVER = process.argv[1].indexOf('webpack-dev-server') !== -1; + var DEV_SERVER_HOST = process.env.DEV_SERVER_HOST || 'localhost'; diff --git a/debian/patches/0420-use-system-libs.patch b/debian/patches/0420-use-system-libs.patch new file mode 100644 index 0000000000..334a2048f3 --- /dev/null +++ b/debian/patches/0420-use-system-libs.patch @@ -0,0 +1,55 @@ +--- a/package.json ++++ b/package.json +@@ -12,52 +12,41 @@ + "webpack-prod": "NODE_ENV=production NODE_PATH=/usr/share/gitlab/node_modules node_modules/.bin/webpack --config config/webpack.config.js" + }, + "dependencies": { +- "babel-core": "^6.22.1", + "babel-loader": "^6.2.10", + "babel-plugin-transform-define": "^1.2.0", + "babel-preset-latest": "^6.24.0", + "babel-preset-stage-2": "^6.22.0", + "bootstrap-sass": "^3.3.6", + "compression-webpack-plugin": "^0.3.2", +- "core-js": "^2.4.1", + "css-loader": "^0.28.0", + "d3": "^3.5.11", + "document-register-element": "^1.3.0", + "dropzone": "^4.2.0", + "emoji-unicode-version": "^0.2.1", +- "eslint-plugin-html": "^2.0.1", +- "exports-loader": "^0.6.4", +- "file-loader": "^0.11.1", +- "jed": "^1.1.1", + "jquery": "^2.2.1", + "jquery-ujs": "^1.2.1", + "js-cookie": "^2.1.3", + "jszip": "^3.1.3", + "jszip-utils": "^0.0.2", +- "marked": "^0.3.6", + "mousetrap": "^1.4.6", + "pdfjs-dist": "^1.8.252", + "pikaday": "^1.5.1", + "prismjs": "^1.6.0", + "raphael": "^2.2.7", + "raven-js": "^3.14.0", +- "raw-loader": "^0.5.1", + "react-dev-utils": "^0.5.2", + "select2": "3.5.2-browserify", + "sql.js": "^0.4.0", +- "stats-webpack-plugin": "^0.4.3", + "three": "^0.84.0", + "three-orbit-controls": "^82.1.0", + "three-stl-loader": "^1.0.4", + "timeago.js": "^2.0.5", +- "underscore": "^1.8.3", + "url-loader": "^0.5.8", + "visibilityjs": "^1.2.4", + "vue": "^2.2.6", + "vue-loader": "^11.3.4", + "vue-resource": "^0.9.3", + "vue-template-compiler": "^2.2.6", +- "webpack": "^2.3.3", + "webpack-bundle-analyzer": "^2.3.0" + }, + "devDependencies": { diff --git a/debian/patches/052-relax-grape.patch b/debian/patches/052-relax-grape.patch deleted file mode 100644 index f216979952..0000000000 --- a/debian/patches/052-relax-grape.patch +++ /dev/null @@ -1,13 +0,0 @@ -https://gitlab.com/gitlab-org/gitlab-ce/issues/19670 - ---- a/Gemfile -+++ b/Gemfile -@@ -68,7 +68,7 @@ - gem 'github-linguist', '~> 4.7', require: 'linguist' - - # API --gem 'grape', '~> 0.15.0' -+gem 'grape', '~> 0.16.0' - gem 'grape-entity', '~> 0.6.0' - gem 'rack-cors', '~> 0.4.0', require: 'rack/cors' - diff --git a/debian/patches/add-system-lib-path-for-webpack.patch b/debian/patches/add-system-lib-path-for-webpack.patch new file mode 100644 index 0000000000..03f9720835 --- /dev/null +++ b/debian/patches/add-system-lib-path-for-webpack.patch @@ -0,0 +1,10 @@ +--- a/config/webpack.config.js ++++ b/config/webpack.config.js +@@ -186,6 +186,7 @@ + + resolve: { + extensions: ['.js'], ++ modules: ['/usr/share/gitlab/node_modules', '/usr/lib/nodejs'], + alias: { + '~': path.join(ROOT_PATH, 'app/assets/javascripts'), + 'emojis': path.join(ROOT_PATH, 'fixtures/emojis'), diff --git a/debian/patches/cve-2016-9086-fix.patch b/debian/patches/cve-2016-9086-fix.patch deleted file mode 100644 index d57950c16b..0000000000 --- a/debian/patches/cve-2016-9086-fix.patch +++ /dev/null @@ -1,47 +0,0 @@ -Description: Fix file disclosure via hidden symlinks using the project import -Author: Rémy Coutable -Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/36091 -Last-Update: 2017-08-17 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/lib/gitlab/import_export/file_importer.rb -+++ b/lib/gitlab/import_export/file_importer.rb -@@ -47,12 +47,16 @@ - end - - def remove_symlinks! -- Dir["#{@shared.export_path}/**/*"].each do |path| -+ extracted_files.each do |path| - FileUtils.rm(path) if File.lstat(path).symlink? - end - - true - end -+ -+ def extracted_files -+ Dir.glob("#{@shared.export_path}/**/*", File::FNM_DOTMATCH).reject { |f| f =~ /.*\/\.{1,2}$/ } -+ end - end - end - end ---- a/spec/lib/gitlab/import_export/file_importer_spec.rb -+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb -@@ -5,6 +5,7 @@ - let(:export_path) { "#{Dir::tmpdir}/file_importer_spec" } - let(:valid_file) { "#{shared.export_path}/valid.json" } - let(:symlink_file) { "#{shared.export_path}/invalid.json" } -+ let(:hidden_symlink_file) { "#{shared.export_path}/.hidden" } - let(:subfolder_symlink_file) { "#{shared.export_path}/subfolder/invalid.json" } - - before do -@@ -25,6 +26,10 @@ - expect(File.exist?(symlink_file)).to be false - end - -+ it 'removes hidden symlinks in root folder' do -+ expect(File.exist?(hidden_symlink_file)).to be false -+ end -+ - it 'removes symlinks in subfolders' do - expect(File.exist?(subfolder_symlink_file)).to be false - end diff --git a/debian/patches/cve-2017-0882.patch b/debian/patches/cve-2017-0882.patch deleted file mode 100644 index 2da61bec95..0000000000 --- a/debian/patches/cve-2017-0882.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb -index cb64926..d7928cb 100644 ---- a/app/controllers/projects/issues_controller.rb -+++ b/app/controllers/projects/issues_controller.rb -@@ -112,7 +112,7 @@ class Projects::IssuesController < Projects::ApplicationController - end - - format.json do -- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }) -+ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }) - end - end - -diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb -index 6e15c06..317011c 100644 ---- a/app/controllers/projects/merge_requests_controller.rb -+++ b/app/controllers/projects/merge_requests_controller.rb -@@ -278,7 +278,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController - @merge_request.target_project, @merge_request]) - end - format.json do -- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }) -+ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }) - end - end - else diff --git a/debian/patches/series b/debian/patches/series index 9b95d52b8c..209efdd083 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,14 +1,19 @@ -cve-2016-9086-fix.patch 0005-use-debian-omniauth-ldap.patch -0018-loosen-rdoc.patch 0050-relax-stable-libs.patch 0100-remove-development-test.patch 0108-make-mysql-optional.patch +0110-make-test-dependencies-conditional.patch source-init-functions.patch pid-log-paths.patch -052-relax-grape.patch 0200-remove-order-dependency-in-label-finder-spec.patch -0210-use-jquery-ui-rails6.patch 0220-relax-dependencies.patch -0300-git-2-11-support.patch -cve-2017-0882.patch +0230-relax-rugged.patch +0240-relax-google-api-client.patch +0250-relax-licensee.patch +0260-relax-ruby-parser.patch +0270-relax-toml-rb.patch +0280-relax-pg.patch +0400-use-npm-webpack.patch +0410-set-webpack-root.patch +0420-use-system-libs.patch +add-system-lib-path-for-webpack.patch diff --git a/debian/rake-tasks.sh b/debian/rake-tasks.sh index 1f8a355290..65820c1420 100755 --- a/debian/rake-tasks.sh +++ b/debian/rake-tasks.sh @@ -25,5 +25,13 @@ fi # Restrict permissions for secret files chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret +echo "Installing node modules" +runuser -u ${gitlab_user} -- sh -c 'install -d /var/lib/gitlab/node_modules' +runuser -u ${gitlab_user} -- sh -c 'npm install' +runuser -u ${gitlab_user} -- sh -c 'ln -s /usr/lib/nodejs/exports-loader node_modules' +runuser -u ${gitlab_user} -- sh -c 'ln -s /usr/lib/nodejs/raw-loader node_modules' +runuser -u ${gitlab_user} -- sh -c 'rm -rf node_modules/webpack' +runuser -u ${gitlab_user} -- sh -c 'NODE_PATH=/usr/share/gitlab/node_modules webpack --config config/webpack.config.js' + echo "Precompiling assets..." runuser -u ${gitlab_user} -- sh -c 'bundle exec rake tmp:cache:clear assets:precompile' diff --git a/debian/rules b/debian/rules index 6a20f557e8..5323782482 100755 --- a/debian/rules +++ b/debian/rules @@ -5,8 +5,6 @@ override_dh_install: dh_install -XLICENSE - uglifyjs -o debian/gitlab/usr/share/gitlab/vendor/assets/javascripts/vue.min.js vendor/assets/javascripts/vue.full.js - uglifyjs -o debian/gitlab/usr/share/gitlab/vendor/assets/javascripts/vue-resource.min.js vendor/assets/javascripts/vue-resource.full.js # Make sure we are installing all required files in debian/install sh debian/upstream-file-count-check.sh rm -rf debian/gitlab/usr/share/gitlab/tmp/*