From e2a27f7d09ad951ee9f8c910a8d725b2e68ee845 Mon Sep 17 00:00:00 2001 From: Sruthi Chandran Date: Wed, 14 Aug 2019 15:26:13 +0530 Subject: [PATCH] New upstream version 11.11.8+dfsg --- .gitlab/ci/rails.gitlab-ci.yml | 3 ++- CHANGELOG.md | 8 ++++++++ GITALY_SERVER_VERSION | 2 +- GITLAB_PAGES_VERSION | 2 +- VERSION | 2 +- yarn.lock | 36 +++++++++++++++++----------------- 6 files changed, 31 insertions(+), 22 deletions(-) diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 35c5f67427..204573d561 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -105,7 +105,7 @@ variables: SETUP_DB: "false" script: - - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v9.3.0 + - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v11.5.0 - git checkout -f FETCH_HEAD - sed -i "s/gem 'oj', '~> 2.17.4'//" Gemfile - bundle update google-protobuf grpc @@ -113,6 +113,7 @@ - date - cp config/gitlab.yml.example config/gitlab.yml - bundle exec rake db:drop db:create db:schema:load db:seed_fu + - bundle exec rake add_limits_mysql - date - git checkout -f $CI_COMMIT_SHA - bundle install $BUNDLE_INSTALL_FLAGS diff --git a/CHANGELOG.md b/CHANGELOG.md index d7f4e80078..5b914ff740 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.11.8 + +### Security (2 changes) + +- Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits. +- Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie. + + ## 11.11.7 ### Security (9 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index c39f63b9ef..1cd2e944fa 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.42.5 +1.42.7 diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION index bc80560fad..26ca594609 100644 --- a/GITLAB_PAGES_VERSION +++ b/GITLAB_PAGES_VERSION @@ -1 +1 @@ -1.5.0 +1.5.1 diff --git a/VERSION b/VERSION index ae5e173a54..574fc29451 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -11.11.7 +11.11.8 diff --git a/yarn.lock b/yarn.lock index 42b6fc642c..2152e05f05 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1797,13 +1797,13 @@ browserify-zlib@^0.2.0: pako "~1.0.5" browserslist@^4.3.4, browserslist@^4.4.1: - version "4.4.1" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.4.1.tgz#42e828954b6b29a7a53e352277be429478a69062" - integrity sha512-pEBxEXg7JwaakBXjATYw/D1YZh4QUSCX/Mnd/wnqSRPPSi1U39iDhDoKGoBUcraKdxDlrYqJxSI5nNvD+dWP2A== + version "4.5.4" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.5.4.tgz#166c4ecef3b51737a42436ea8002aeea466ea2c7" + integrity sha512-rAjx494LMjqKnMPhFkuLmLp8JWEX0o8ADTGeAbOqaF+XCvYLreZrG5uVjnPBlAQ8REZK4pzXGvp0bWgrFtKaag== dependencies: - caniuse-lite "^1.0.30000929" - electron-to-chromium "^1.3.103" - node-releases "^1.1.3" + caniuse-lite "^1.0.30000955" + electron-to-chromium "^1.3.122" + node-releases "^1.1.13" bs-logger@0.x: version "0.2.6" @@ -1995,10 +1995,10 @@ camelcase@^5.0.0: resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.0.0.tgz#03295527d58bd3cd4aa75363f35b2e8d97be2f42" integrity sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA== -caniuse-lite@^1.0.30000929, caniuse-lite@^1.0.30000932: - version "1.0.30000936" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30000936.tgz#5d33b118763988bf721b9b8ad436d0400e4a116b" - integrity sha512-orX4IdpbFhdNO7bTBhSbahp1EBpqzBc+qrvTRVUFfZgA4zta7TdM6PN5ZxkEUgDnz36m+PfWGcdX7AVfFWItJw== +caniuse-lite@^1.0.30000932, caniuse-lite@^1.0.30000955: + version "1.0.30000988" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30000988.tgz#742f35ec1b8b75b9628d705d7652eea1fef983db" + integrity sha512-lPj3T8poYrRc/bniW5SQPND3GRtSrQdUM/R4mCYTbZxyi3jQiggLvZH4+BYUuX0t4TXjU+vMM7KFDQg+rSzZUQ== capture-exit@^1.2.0: version "1.2.0" @@ -3519,10 +3519,10 @@ ejs@^2.6.1: resolved "https://registry.yarnpkg.com/ejs/-/ejs-2.6.1.tgz#498ec0d495655abc6f23cd61868d926464071aa0" integrity sha512-0xy4A/twfrRCnkhfk8ErDi5DqdAsAqeGxht4xkCUrsvhhbQNs7E+4jV0CN7+NKIY0aHE72+XvqtBIXzD31ZbXQ== -electron-to-chromium@^1.3.103: - version "1.3.113" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.113.tgz#b1ccf619df7295aea17bc6951dc689632629e4a9" - integrity sha512-De+lPAxEcpxvqPTyZAXELNpRZXABRxf+uL/rSykstQhzj/B0l1150G/ExIIxKc16lI89Hgz81J0BHAcbTqK49g== +electron-to-chromium@^1.3.122: + version "1.3.211" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.211.tgz#0c39d17316bf342d1971fed68e754fa1775918f7" + integrity sha512-GZAiK3oHrs0K+LwH+HD+bdjZ17v40oQQdXbbd3dgrwgbENvazrGpcuIADSAREWnxzo9gADB1evuizrbXsnoU2Q== elliptic@^6.0.0: version "6.4.0" @@ -7458,10 +7458,10 @@ node-pre-gyp@^0.10.0: semver "^5.3.0" tar "^4" -node-releases@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.3.tgz#aad9ce0dcb98129c753f772c0aa01360fb90fbd2" - integrity sha512-6VrvH7z6jqqNFY200kdB6HdzkgM96Oaj9v3dqGfgp6mF+cHmU4wyQKZ2/WPDRVoR0Jz9KqbamaBN0ZhdUaysUQ== +node-releases@^1.1.13: + version "1.1.26" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.26.tgz#f30563edc5c7dc20cf524cc8652ffa7be0762937" + integrity sha512-fZPsuhhUHMTlfkhDLGtfY80DSJTjOcx+qD1j5pqPkuhUHVS7xHZIg9EE4DHK8O3f0zTxXHX5VIkDG8pu98/wfQ== dependencies: semver "^5.3.0"