From 9c632eddb62093ffe68d8cad7db9559ef7a11c42 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 17 Aug 2017 23:00:15 +0530 Subject: [PATCH] refresh patches --- .../0005-use-debian-omniauth-ldap.patch | 8 +- debian/patches/0018-loosen-rdoc.patch | 13 - debian/patches/0050-relax-stable-libs.patch | 282 ++++++----- .../0100-remove-development-test.patch | 102 ++-- debian/patches/0108-make-mysql-optional.patch | 12 +- .../patches/0210-use-jquery-ui-rails6.patch | 41 -- debian/patches/0220-relax-dependencies.patch | 39 +- debian/patches/0300-git-2-11-support.patch | 438 ------------------ debian/patches/052-relax-grape.patch | 13 - debian/patches/cve-2016-9086-fix.patch | 47 -- debian/patches/cve-2017-0882.patch | 26 -- debian/patches/series | 6 - 12 files changed, 191 insertions(+), 836 deletions(-) delete mode 100644 debian/patches/0018-loosen-rdoc.patch delete mode 100644 debian/patches/0210-use-jquery-ui-rails6.patch delete mode 100644 debian/patches/0300-git-2-11-support.patch delete mode 100644 debian/patches/052-relax-grape.patch delete mode 100644 debian/patches/cve-2016-9086-fix.patch delete mode 100644 debian/patches/cve-2017-0882.patch diff --git a/debian/patches/0005-use-debian-omniauth-ldap.patch b/debian/patches/0005-use-debian-omniauth-ldap.patch index 85a10a5383..0a502713bb 100644 --- a/debian/patches/0005-use-debian-omniauth-ldap.patch +++ b/debian/patches/0005-use-debian-omniauth-ldap.patch @@ -1,11 +1,9 @@ Debian package contains gitlab patches Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/13280 -Index: gitlab/Gemfile -=================================================================== ---- gitlab.orig/Gemfile -+++ gitlab/Gemfile -@@ -56,7 +56,7 @@ gem 'gitlab_git', '~> 10.6.8' +--- a/Gemfile ++++ b/Gemfile +@@ -60,7 +60,7 @@ # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master diff --git a/debian/patches/0018-loosen-rdoc.patch b/debian/patches/0018-loosen-rdoc.patch deleted file mode 100644 index e6a8440bec..0000000000 --- a/debian/patches/0018-loosen-rdoc.patch +++ /dev/null @@ -1,13 +0,0 @@ -Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/2814 - ---- a/Gemfile -+++ b/Gemfile -@@ -104,7 +104,7 @@ - gem 'gitlab-markup', '~> 1.5.1' - gem 'redcarpet', '~> 3.3.3' - gem 'RedCloth', '~> 4.3.2' --gem 'rdoc', '~>3.6' -+gem 'rdoc', '~> 4.1' - gem 'org-ruby', '~> 0.9.12' - gem 'creole', '~> 0.5.0' - gem 'wikicloth', '0.8.1' diff --git a/debian/patches/0050-relax-stable-libs.patch b/debian/patches/0050-relax-stable-libs.patch index 10a81c0620..178e7ffea7 100644 --- a/debian/patches/0050-relax-stable-libs.patch +++ b/debian/patches/0050-relax-stable-libs.patch @@ -3,20 +3,18 @@ gitlab Gemfile --- a/Gemfile +++ b/Gemfile -@@ -1,16 +1,16 @@ +@@ -1,15 +1,15 @@ source 'https://rubygems.org' --gem 'rails', '4.2.7.1' --gem 'rails-deprecated_sanitizer', '~> 1.0.3' -+gem 'rails', '~> 4.2', '>= 4.2.7.1' -+gem 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.3' +-gem 'rails', '4.2.8' ++gem 'rails', '~> 4.2.8' + gem 'rails-deprecated_sanitizer', '~> 1.0.3' # Responders respond_to and respond_with gem 'responders', '~> 2.0' -gem 'sprockets', '~> 3.7.0' +gem 'sprockets', '~> 3.7' - gem 'sprockets-es6', '~> 0.9.2' # Default values for AR models -gem 'default_value_for', '~> 3.0.0' @@ -24,42 +22,46 @@ gitlab Gemfile # Supported DBs gem 'mysql2', '~> 0.3.16', group: :mysql -@@ -18,22 +18,22 @@ +@@ -21,38 +21,38 @@ # Authentication libraries - gem 'devise', '~> 4.2' --gem 'doorkeeper', '~> 4.2.0' --gem 'omniauth', '~> 1.3.1' --gem 'omniauth-auth0', '~> 1.4.1' -+gem 'doorkeeper', '~> 4.2' -+gem 'omniauth', '~> 1.3', '>= 1.3.1' -+gem 'omniauth-auth0', '~> 1.4', '>= 1.4.1' - gem 'omniauth-azure-oauth2', '~> 0.0.6' - gem 'omniauth-bitbucket', '~> 0.0.2' --gem 'omniauth-cas3', '~> 1.1.2' --gem 'omniauth-facebook', '~> 4.0.0' --gem 'omniauth-github', '~> 1.1.1' --gem 'omniauth-gitlab', '~> 1.0.0' -+gem 'omniauth-cas3', '~> 1.1', '>= 1.1.2' -+gem 'omniauth-facebook', '~> 4.0' -+gem 'omniauth-github', '~> 1.1', '>= 1.1.1' -+gem 'omniauth-gitlab', '~> 1.0' + gem 'devise', '~> 4.2' +-gem 'doorkeeper', '~> 4.2.0' +-gem 'doorkeeper-openid_connect', '~> 1.1.0' +-gem 'omniauth', '~> 1.4.2' +-gem 'omniauth-auth0', '~> 1.4.1' ++gem 'doorkeeper', '~> 4.2' ++gem 'doorkeeper-openid_connect', '~> 1.1' ++gem 'omniauth', '~> 1.4', '>= 1.4.2' ++gem 'omniauth-auth0', '~> 1.4', '>= 1.4.1' + gem 'omniauth-azure-oauth2', '~> 0.0.6' +-gem 'omniauth-cas3', '~> 1.1.2' +-gem 'omniauth-facebook', '~> 4.0.0' +-gem 'omniauth-github', '~> 1.1.1' +-gem 'omniauth-gitlab', '~> 1.0.2' ++gem 'omniauth-cas3', '~> 1.1', '>= 1.1.2' ++gem 'omniauth-facebook', '~> 4.0' ++gem 'omniauth-github', '~> 1.1', '>= 1.1.1' ++gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2' gem 'omniauth-google-oauth2', '~> 0.4.1' - gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos --gem 'omniauth-saml', '~> 1.7.0' --gem 'omniauth-shibboleth', '~> 1.2.0' --gem 'omniauth-twitter', '~> 1.2.0' --gem 'omniauth_crowd', '~> 2.2.0' --gem 'rack-oauth2', '~> 1.2.1' -+gem 'omniauth-saml', '~> 1.7' -+gem 'omniauth-shibboleth', '~> 1.2' -+gem 'omniauth-twitter', '~> 1.2' -+gem 'omniauth_crowd', '~> 2.2' -+gem 'rack-oauth2', '~> 1.2', '>= 1.2.1' - gem 'jwt' + gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos + gem 'omniauth-oauth2-generic', '~> 0.2.2' +-gem 'omniauth-saml', '~> 1.7.0' +-gem 'omniauth-shibboleth', '~> 1.2.0' +-gem 'omniauth-twitter', '~> 1.2.0' +-gem 'omniauth_crowd', '~> 2.2.0' ++gem 'omniauth-saml', '~> 1.7' ++gem 'omniauth-shibboleth', '~> 1.2' ++gem 'omniauth-twitter', '~> 1.2' ++gem 'omniauth_crowd', '~> 2.2' + gem 'omniauth-authentiq', '~> 0.3.0' +-gem 'rack-oauth2', '~> 1.2.1' +-gem 'jwt', '~> 1.5.6' ++gem 'rack-oauth2', '~> 1.2', '>= 1.2.1' ++gem 'jwt', '~> 1.5', '>= 1.5.6' # Spam and anti-bot protection -@@ -41,9 +41,9 @@ + gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' gem 'akismet', '~> 2.0' # Two-factor authentication @@ -70,14 +72,13 @@ gitlab Gemfile +gem 'attr_encrypted', '~> 3.0' gem 'u2f', '~> 0.2.1' + # GitLab Pages +-gem 'validates_hostname', '~> 1.0.6' ++gem 'validates_hostname', '~> 1.0', '>= 1.0.6' + # Browser detection -@@ -51,12 +51,12 @@ - - # Extracting information from a git repository - # Provide access to Gitlab::Git library --gem 'gitlab_git', '~> 10.7.0' -+gem 'gitlab_git', '~> 10.7' - + gem 'browser', '~> 2.2' +@@ -60,7 +60,7 @@ # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master @@ -86,16 +87,16 @@ gitlab Gemfile # Git Wiki # Required manually in config/initializers/gollum.rb to control load order -@@ -64,7 +64,7 @@ - gem 'gollum-rugged_adapter', '~> 0.4.2', require: false +@@ -68,7 +68,7 @@ + gem 'gollum-rugged_adapter', '~> 0.4.4', require: false # Language detection -gem 'github-linguist', '~> 4.7.0', require: 'linguist' +gem 'github-linguist', '~> 4.7', require: 'linguist' # API - gem 'grape', '~> 0.15.0' -@@ -75,7 +75,7 @@ + gem 'grape', '~> 0.19.0' +@@ -82,7 +82,7 @@ gem 'kaminari', '~> 0.17.0' # HAML @@ -103,33 +104,29 @@ gitlab Gemfile +gem 'hamlit', '~> 2.6', '>= 2.6.1' # Files attachments - gem 'carrierwave', '~> 0.10.0' -@@ -96,39 +96,39 @@ - gem 'unf', '~> 0.1.4' - - # Seed data --gem 'seed-fu', '~> 2.3.5' -+gem 'seed-fu', '~> 2.3', '>= 2.3.5' + gem 'carrierwave', '~> 1.0' +@@ -108,37 +108,37 @@ + gem 'seed-fu', '~> 2.3.5' # Markdown and HTML processing --gem 'html-pipeline', '~> 1.11.0' --gem 'deckar01-task_list', '1.0.5', require: 'task_list/railtie' --gem 'gitlab-markup', '~> 1.5.1' --gem 'redcarpet', '~> 3.3.3' --gem 'RedCloth', '~> 4.3.2' -+gem 'html-pipeline', '~> 1.11' -+gem 'deckar01-task_list', '~> 1.0', '>= 1.0.5', require: 'task_list/railtie' -+gem 'gitlab-markup', '~> 1.5', '>= 1.5.1' -+gem 'redcarpet', '~> 3.3', '>= 3.3.3' -+gem 'RedCloth', '~> 4.3', '>= 4.3.2' - gem 'rdoc', '~> 4.1' - gem 'org-ruby', '~> 0.9.12' - gem 'creole', '~> 0.5.0' - gem 'wikicloth', '0.8.1' --gem 'asciidoctor', '~> 1.5.2' -+gem 'asciidoctor', '~> 1.5', '>= 1.5.2' - gem 'rouge', '~> 2.0' - gem 'truncato', '~> 0.7.8' +-gem 'html-pipeline', '~> 1.11.0' +-gem 'deckar01-task_list', '1.0.6', require: 'task_list/railtie' +-gem 'gitlab-markup', '~> 1.5.1' ++gem 'html-pipeline', '~> 1.11' ++gem 'deckar01-task_list', '1.0', '>= 1.0.6', require: 'task_list/railtie' ++gem 'gitlab-markup', '~> 1.5','>= 1.5.1' + gem 'redcarpet', '~> 3.4' +-gem 'RedCloth', '~> 4.3.2' ++gem 'RedCloth', '~> 4.3', '>= 4.3.2' + gem 'rdoc', '~> 4.2' + gem 'org-ruby', '~> 0.9.12' + gem 'creole', '~> 0.5.0' + gem 'wikicloth', '0.8.1' +-gem 'asciidoctor', '~> 1.5.2' ++gem 'asciidoctor', '~> 1.5','>= 1.5.2' + gem 'asciidoctor-plantuml', '0.0.7' + gem 'rouge', '~> 2.0' + gem 'truncato', '~> 0.7.8' # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM @@ -137,8 +134,8 @@ gitlab Gemfile +gem 'nokogiri', '~> 1.6', '>= 1.6.7.2' # Diffs --gem 'diffy', '~> 3.0.3' -+gem 'diffy', '~> 3.0', '>= 3.0.3' +-gem 'diffy', '~> 3.1.0' ++gem 'diffy', '~> 3.1' # Application server group :unicorn do @@ -155,12 +152,17 @@ gitlab Gemfile # Issue tags gem 'acts-as-taggable-on', '~> 4.0' -@@ -136,39 +136,39 @@ +@@ -146,49 +146,49 @@ # Background jobs - gem 'sidekiq', '~> 4.2' - gem 'sidekiq-cron', '~> 0.4.0' + gem 'sidekiq', '~> 5.0' + gem 'sidekiq-cron', '~> 0.4.4' -gem 'redis-namespace', '~> 1.5.2' +gem 'redis-namespace', '~> 1.5', '>= 1.5.2' + gem 'sidekiq-limit_fetch', '~> 3.4' + + # Cron Parser +-gem 'rufus-scheduler', '~> 3.1.10' ++gem 'rufus-scheduler', '~> 3.1', '>= 3.1.10' # HTTP requests gem 'httparty', '~> 0.13.3' @@ -173,14 +175,18 @@ gitlab Gemfile -gem 'settingslogic', '~> 2.0.9' +gem 'settingslogic', '~> 2.0', '>= 2.0.9' + # Linear-time regex library for untrusted regular expressions +-gem 're2', '~> 1.0.0' ++gem 're2', '~> 1.0' + # Misc -gem 'version_sorter', '~> 2.1.0' +gem 'version_sorter', '~> 2.1' # Cache --gem 'redis-rails', '~> 4.0.0' -+gem 'redis-rails', '~> 4.0' +-gem 'redis-rails', '~> 5.0.1' ++gem 'redis-rails', '~> 5.0', '>= 5.0.1' # Redis gem 'redis', '~> 3.2' @@ -190,6 +196,10 @@ gitlab Gemfile -gem 'hipchat', '~> 1.5.0' +gem 'hipchat', '~> 1.5' + # JIRA integration +-gem 'jira-ruby', '~> 1.1.2' ++gem 'jira-ruby', '~> 1.1', '>= 1.1.2' + # Flowdock integration -gem 'gitlab-flowdock-git-hook', '~> 1.0.1' +gem 'gitlab-flowdock-git-hook', '~> 1.0', '>= 1.0.1' @@ -198,14 +208,18 @@ gitlab Gemfile gem 'gemnasium-gitlab-service', '~> 0.2' # Slack integration --gem 'slack-notifier', '~> 1.2.0' -+gem 'slack-notifier', '~> 1.2' +-gem 'slack-notifier', '~> 1.5.1' ++gem 'slack-notifier', '~> 1.5', '>= 1.5.1' # Asana integration - gem 'asana', '~> 0.4.0' -@@ -177,63 +177,63 @@ + gem 'asana', '~> 0.6.0' +@@ -197,38 +197,38 @@ gem 'ruby-fogbugz', '~> 0.2.1' + # Kubernetes integration +-gem 'kubeclient', '~> 2.2.0' ++gem 'kubeclient', '~> 2.2' + # d3 -gem 'd3_rails', '~> 3.5.0' +gem 'd3_rails', '~> 3.5' @@ -224,12 +238,12 @@ gitlab Gemfile +gem 'loofah', '~> 2.0', '>= 2.0.3' # Working with license --gem 'licensee', '~> 8.0.0' -+gem 'licensee', '~> 8.0' +-gem 'licensee', '~> 8.7.0' ++gem 'licensee', '~> 8.7' # Protect against bruteforcing --gem 'rack-attack', '~> 4.3.1' -+gem 'rack-attack', '~> 4.3', '>= 4.3.1' +-gem 'rack-attack', '~> 4.4.1' ++gem 'rack-attack', '~> 4.4', '>= 4.4.1' # Ace editor -gem 'ace-rails-ap', '~> 4.1.0' @@ -248,78 +262,52 @@ gitlab Gemfile # Parse time & duration gem 'chronic', '~> 0.10.2' - gem 'chronic_duration', '~> 0.10.6' +@@ -237,32 +237,32 @@ + gem 'webpack-rails', '~> 0.9.10' + gem 'rack-proxy', '~> 0.6.0' -gem 'sass-rails', '~> 5.0.6' -gem 'coffee-rails', '~> 4.1.0' -gem 'uglifier', '~> 2.7.2' +gem 'sass-rails', '~> 5.0', '>= 5.0.6' +gem 'coffee-rails', '~> 4.1' -+gem 'uglifier', '>= 2.7.2' - gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6' ++gem 'uglifier', '~> 2.7', '>= 2.7.2' --gem 'addressable', '~> 2.3.8' --gem 'bootstrap-sass', '~> 3.3.0' --gem 'font-awesome-rails', '~> 4.6.1' -+gem 'addressable', '~> 2.3', '>= 2.3.8' -+gem 'bootstrap-sass', '~> 3.3' -+gem 'font-awesome-rails', '~> 4.6', '>= 4.6.1' - gem 'gemojione', '~> 3.0' --gem 'gon', '~> 6.1.0' +-gem 'addressable', '~> 2.3.8' +-gem 'bootstrap-sass', '~> 3.3.0' ++gem 'addressable', '~> 2.3', '>= 2.3.8' ++gem 'bootstrap-sass', '~> 3.3' + gem 'font-awesome-rails', '~> 4.7' + gem 'gemojione', '~> 3.0' +-gem 'gon', '~> 6.1.0' -gem 'jquery-atwho-rails', '~> 1.3.2' --gem 'jquery-rails', '~> 4.1.0' --gem 'jquery-ui-rails', '~> 5.0.0' -+gem 'gon', '~> 6.1' +-gem 'jquery-rails', '~> 4.1.0' ++gem 'gon', '~> 6.1' +gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2' -+gem 'jquery-rails', '~> 4.1' -+gem 'jquery-ui-rails', '~> 5.0' - gem 'request_store', '~> 1.3' --gem 'select2-rails', '~> 3.5.9' --gem 'virtus', '~> 1.0.1' --gem 'net-ssh', '~> 3.0.1' -+gem 'select2-rails', '~> 3.5', '>= 3.5.9' -+gem 'virtus', '~> 1.0', '>= 1.0.1' -+gem 'net-ssh', '~> 3.0', '>= 3.0.1' - gem 'base32', '~> 0.3.0' ++gem 'jquery-rails', '~> 4.1' + gem 'request_store', '~> 1.3' +-gem 'select2-rails', '~> 3.5.9' +-gem 'virtus', '~> 1.0.1' +-gem 'net-ssh', '~> 3.0.1' ++gem 'select2-rails', '~> 3.5', '>= 3.5.9' ++gem 'virtus', '~> 1.0', '>= 1.0.1' ++gem 'net-ssh', '~> 3.0', '>= 3.0.1' + gem 'base32', '~> 0.3.0' # Sentry integration --gem 'sentry-raven', '~> 2.0.0' -+gem 'sentry-raven', '~> 2.0' +-gem 'sentry-raven', '~> 2.4.0' ++gem 'sentry-raven', '~> 2.4' -gem 'premailer-rails', '~> 1.9.0' +gem 'premailer-rails', '~> 1.9' + # I18n +-gem 'ruby_parser', '~> 3.8.4', require: false +-gem 'gettext_i18n_rails', '~> 1.8.0' +-gem 'gettext_i18n_rails_js', '~> 1.2.0' ++gem 'ruby_parser', '~> 3.8', '>= 3.8.4', require: false ++gem 'gettext_i18n_rails', '~> 1.8' ++gem 'gettext_i18n_rails_js', '~> 1.2' + gem 'gettext', '~> 3.2.2', require: false, group: :development + # Metrics - group :metrics do -@@ -323,7 +323,7 @@ - - gem 'newrelic_rpm', '~> 3.16' - --gem 'octokit', '~> 4.3.0' -+gem 'octokit', '~> 4.3' - - gem 'mail_room', '~> 0.8.1' - -@@ -332,18 +332,18 @@ - gem 'ruby-prof', '~> 0.16.2' - - ## CI --gem 'activerecord-session_store', '~> 1.0.0' -+gem 'activerecord-session_store', '~> 1.0' - gem 'nested_form', '~> 0.3.2' - - # OAuth --gem 'oauth2', '~> 1.2.0' -+gem 'oauth2', '~> 1.2' - - # Soft deletion - gem 'paranoia', '~> 2.0' - - # Health check --gem 'health_check', '~> 2.2.0' -+gem 'health_check', '~> 2.2' - - # System information - gem 'vmstat', '~> 2.2' --gem 'sys-filesystem', '~> 1.1.6' -+gem 'sys-filesystem', '~> 1.1', '>= 1.1.6' diff --git a/debian/patches/0100-remove-development-test.patch b/debian/patches/0100-remove-development-test.patch index 279396d181..4239baf6eb 100644 --- a/debian/patches/0100-remove-development-test.patch +++ b/debian/patches/0100-remove-development-test.patch @@ -2,110 +2,74 @@ Bundler will fail when it can't find these locally --- a/Gemfile +++ b/Gemfile -@@ -242,87 +242,34 @@ +@@ -272,70 +272,6 @@ gem 'influxdb', '~> 0.2', require: false end -group :development do - gem 'foreman', '~> 0.78.0' -- gem 'brakeman', '~> 3.3.0', require: false +- gem 'brakeman', '~> 3.6.0', require: false - - gem 'letter_opener_web', '~> 1.3.0' -- gem 'rerun', '~> 0.11.0' -- gem 'bullet', '~> 5.2.0', require: false - gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false -- gem 'web-console', '~> 2.0' - - # Better errors handler -- gem 'better_errors', '~> 1.0.1' +- gem 'better_errors', '~> 2.1.0' - gem 'binding_of_caller', '~> 0.7.2' -+#group :development, :test do -+if ENV["INCLUDE_TEST_DEPENDS"] == "true" -+ gem 'database_cleaner', '~> 1.5' -+ gem 'factory_girl_rails', '~> 4.6' -+ gem 'rspec-rails', '~> 3.4' - -- # Docs generator -- gem 'sdoc', '~> 0.3.20' - - # thin instead webrick - gem 'thin', '~> 1.7.0' -end - -group :development, :test do -- gem 'byebug', '~> 8.2.1', platform: :mri +- gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] +- gem 'pry-byebug', '~> 3.4.1', platform: :mri - gem 'pry-rails', '~> 0.3.4' - - gem 'awesome_print', '~> 1.2.0', require: false - gem 'fuubar', '~> 2.0.0' - -- gem 'database_cleaner', '~> 1.5.0' -- gem 'factory_girl_rails', '~> 4.6.0' -- gem 'rspec-rails', '~> 3.5.0' -- gem 'rspec-retry', '~> 0.4.5' -- gem 'spinach-rails', '~> 0.2.1' +- gem 'database_cleaner', '~> 1.5.0' +- gem 'factory_girl_rails', '~> 4.7.0' +- gem 'rspec-rails', '~> 3.5.0' +- gem 'rspec-retry', '~> 0.4.5' +- gem 'spinach-rails', '~> 0.2.1' - gem 'spinach-rerun-reporter', '~> 0.0.2' -+ gem 'awesome_print', '~> 1.2', require: false -+ gem 'fuubar', '~> 2.0' - - # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) +- gem 'rspec_profiling', '~> 0.0.5' +- gem 'rspec-set', '~> 0.1.3' +- +- # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) - gem 'minitest', '~> 5.7.0' -+ gem 'minitest', '~> 5.7' - - # Generate Fake data -- gem 'ffaker', '~> 2.0.0' - -- gem 'capybara', '~> 2.6.2' +- # Generate Fake data +- gem 'ffaker', '~> 2.4' +- +- gem 'capybara', '~> 2.6.2' - gem 'capybara-screenshot', '~> 1.0.0' -- gem 'poltergeist', '~> 1.9.0' +- gem 'poltergeist', '~> 1.9.0' - -- gem 'teaspoon', '~> 1.1.0' -- gem 'teaspoon-jasmine', '~> 2.2.0' +- gem 'spring', '~> 2.0.0' +- gem 'spring-commands-rspec', '~> 1.0.4' +- gem 'spring-commands-spinach', '~> 1.1.0' - -- gem 'spring', '~> 1.7.0' -- gem 'spring-commands-rspec', '~> 1.0.4' -- gem 'spring-commands-spinach', '~> 1.1.0' -- gem 'spring-commands-teaspoon', '~> 0.0.2' -- -- gem 'rubocop', '~> 0.43.0', require: false -- gem 'rubocop-rspec', '~> 1.5.0', require: false +- gem 'rubocop', '~> 0.47.1', require: false +- gem 'rubocop-rspec', '~> 1.15.0', require: false - gem 'scss_lint', '~> 0.47.0', require: false -- gem 'haml_lint', '~> 0.18.2', require: false -- gem 'simplecov', '0.12.0', require: false -- gem 'flay', '~> 2.6.1', require: false +- gem 'haml_lint', '~> 0.21.0', require: false +- gem 'simplecov', '~> 0.14.0', require: false +- gem 'flay', '~> 2.8.0', require: false - gem 'bundler-audit', '~> 0.5.0', require: false - - gem 'benchmark-ips', '~> 2.3.0', require: false -+ gem 'ffaker', '~> 2.0' - +- - gem 'license_finder', '~> 2.1.0', require: false - gem 'knapsack', '~> 1.11.0' - - gem 'activerecord_sane_schema_dumper', '0.2' +- +- gem 'stackprof', '~> 0.2.10' -end - --group :test do -- gem 'shoulda-matchers', '~> 2.8.0', require: false -- gem 'email_spec', '~> 1.6.0' -- gem 'json-schema', '~> 2.6.2' -- gem 'webmock', '~> 1.21.0' -- gem 'test_after_commit', '~> 0.4.2' -- gem 'sham_rack', '~> 1.3.6' -+ gem 'capybara', '~> 2.5' -+ gem 'capybara-screenshot', '~> 1.0' -+ gem 'poltergeist', '~> 1.9' -+ -+ gem 'license_finder', '~> 2.1', require: false -+ gem 'shoulda-matchers', '~> 2.8', require: false -+ gem 'email_spec', '~> 1.6' -+ gem 'json-schema', '~> 2.6', '>= 2.6.2' -+ gem 'webmock', '~> 1.21' -+ gem 'sham_rack', '~> 1.3', '>= 1.3.6' - gem 'timecop', '~> 0.8.0' - end - --gem 'newrelic_rpm', '~> 3.16' -- - gem 'octokit', '~> 4.3' - - gem 'mail_room', '~> 0.8.1' + group :test do + gem 'shoulda-matchers', '~> 2.8.0', require: false + gem 'email_spec', '~> 1.6.0' diff --git a/debian/patches/0108-make-mysql-optional.patch b/debian/patches/0108-make-mysql-optional.patch index cd2dc042ae..963115fbb3 100644 --- a/debian/patches/0108-make-mysql-optional.patch +++ b/debian/patches/0108-make-mysql-optional.patch @@ -7,11 +7,9 @@ Subject: [PATCH] allow specifying DB choice via ENV variable Gemfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -Index: gitlab/Gemfile -=================================================================== ---- gitlab.orig/Gemfile -+++ gitlab/Gemfile -@@ -13,8 +13,9 @@ gem 'sprockets-es6', '~> 0.9.2' +--- a/Gemfile ++++ b/Gemfile +@@ -12,8 +12,9 @@ gem 'default_value_for', '~> 3.0' # Supported DBs @@ -21,5 +19,5 @@ Index: gitlab/Gemfile +gem "mysql2", '~> 0.3.16' if ENV["DB"] == "all" || ENV["DB"] == "mysql" +gem "pg", '~> 0.18.2' if ENV["DB"] == "all" || ENV["DB"] == "postgres" - # Authentication libraries - gem 'devise', '~> 4.2' + gem 'rugged', '~> 0.25.1.1' + diff --git a/debian/patches/0210-use-jquery-ui-rails6.patch b/debian/patches/0210-use-jquery-ui-rails6.patch deleted file mode 100644 index ab63aef14c..0000000000 --- a/debian/patches/0210-use-jquery-ui-rails6.patch +++ /dev/null @@ -1,41 +0,0 @@ -adapt gitlab to use jquery-ui 6 directory structure - ---- a/Gemfile -+++ b/Gemfile -@@ -224,7 +224,7 @@ - gem 'gon', '~> 6.1' - gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2' - gem 'jquery-rails', '~> 4.1' --gem 'jquery-ui-rails', '~> 5.0' -+gem 'jquery-ui-rails', '~> 6.0' - gem 'request_store', '~> 1.3' - gem 'select2-rails', '~> 3.5', '>= 3.5.9' - gem 'virtus', '~> 1.0', '>= 1.0.1' ---- a/app/assets/javascripts/application.js -+++ b/app/assets/javascripts/application.js -@@ -5,11 +5,11 @@ - // the compiled file. - // - /*= require jquery2 */ --/*= require jquery-ui/autocomplete */ --/*= require jquery-ui/datepicker */ --/*= require jquery-ui/draggable */ --/*= require jquery-ui/effect-highlight */ --/*= require jquery-ui/sortable */ -+/*= require jquery-ui/widgets/autocomplete */ -+/*= require jquery-ui/widgets/datepicker */ -+/*= require jquery-ui/widgets/draggable */ -+/*= require jquery-ui/effects/effect-highlight */ -+/*= require jquery-ui/widgets/sortable */ - /*= require jquery_ujs */ - /*= require jquery.cookie */ - /*= require jquery.endless-scroll */ ---- a/spec/javascripts/new_branch_spec.js -+++ b/spec/javascripts/new_branch_spec.js -@@ -1,5 +1,5 @@ - --/*= require jquery-ui/autocomplete */ -+/*= require jquery-ui/widgets/autocomplete */ - /*= require new_branch_form */ - - (function() { diff --git a/debian/patches/0220-relax-dependencies.patch b/debian/patches/0220-relax-dependencies.patch index 1d8fbc0361..785299472b 100644 --- a/debian/patches/0220-relax-dependencies.patch +++ b/debian/patches/0220-relax-dependencies.patch @@ -1,29 +1,20 @@ --- a/Gemfile +++ b/Gemfile -@@ -172,7 +172,7 @@ - gem 'slack-notifier', '~> 1.2' - - # Asana integration --gem 'asana', '~> 0.4.0' -+gem 'asana', '~> 0.4' - - # FogBugz integration - gem 'ruby-fogbugz', '~> 0.2.1' -@@ -228,7 +228,7 @@ - gem 'request_store', '~> 1.3' - gem 'select2-rails', '~> 3.5', '>= 3.5.9' - gem 'virtus', '~> 1.0', '>= 1.0.1' --gem 'net-ssh', '~> 3.0', '>= 3.0.1' -+gem 'net-ssh', '~> 4.0' - gem 'base32', '~> 0.3.0' +@@ -252,7 +252,7 @@ + gem 'request_store', '~> 1.3' + gem 'select2-rails', '~> 3.5', '>= 3.5.9' + gem 'virtus', '~> 1.0', '>= 1.0.1' +-gem 'net-ssh', '~> 3.0', '>= 3.0.1' ++gem 'net-ssh', '~> 4.0' + gem 'base32', '~> 0.3.0' # Sentry integration -@@ -266,7 +266,7 @@ - gem 'shoulda-matchers', '~> 2.8', require: false - gem 'email_spec', '~> 1.6' - gem 'json-schema', '~> 2.6', '>= 2.6.2' -- gem 'webmock', '~> 1.21' -+ gem 'webmock', '>= 1.21' - gem 'sham_rack', '~> 1.3', '>= 1.3.6' +@@ -277,7 +277,7 @@ + gem 'shoulda-matchers', '~> 2.8.0', require: false + gem 'email_spec', '~> 1.6.0' + gem 'json-schema', '~> 2.6.2' +- gem 'webmock', '~> 1.24.0' ++ gem 'webmock', '>= 1.24.0' + gem 'test_after_commit', '~> 1.1' + gem 'sham_rack', '~> 1.3.6' gem 'timecop', '~> 0.8.0' - end diff --git a/debian/patches/0300-git-2-11-support.patch b/debian/patches/0300-git-2-11-support.patch deleted file mode 100644 index b613f3301d..0000000000 --- a/debian/patches/0300-git-2-11-support.patch +++ /dev/null @@ -1,438 +0,0 @@ -From daf83fa62c940b0da7dc4e0893586b6a9a2dbbf9 Mon Sep 17 00:00:00 2001 -From: Douglas Barbosa Alexandre -Date: Mon, 19 Dec 2016 09:37:16 +0000 -Subject: [PATCH 1/3] [8.13 Backport] Merge branch - '25301-git-2.11-force-push-bug' into 'master' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Accept environment variables from the `pre-receive` script - -1. Starting version 2.11, git changed the way the pre-receive flow works. - - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. -2. In our workflow, the pre-recieve script (in `gitlab-shell`) calls the - `/allowed` endpoint, which calls out directly to git to perform - various checks. These direct calls to git do _not_ have the necessary - environment variables set which allow access to the "alternate object - directory" (explained above). Therefore these calls to git are not able to - access any of the new potential objects to be added during this push. - -3. We fix this by accepting the relevant environment variables - (`GIT_ALTERNATE_OBJECT_DIRECTORIES`, `GIT_OBJECT_DIRECTORY`, and - `GIT_QUARANTINE_PATH`) on the `/allowed` endpoint, and then include - these environment variables while calling out to git. - -4. This commit includes these environment variables while making the "force - push" check. - -See https://gitlab.com/gitlab-org/gitlab-shell/merge_requests/120 - -Signed-off-by: Rémy Coutable ---- - .../unreleased/25301-git-2-11-force-push-bug.yml | 4 ++ - lib/api/internal.rb | 14 +++++- - lib/gitlab/checks/change_access.rb | 5 +- - lib/gitlab/checks/force_push.rb | 11 +++-- - lib/gitlab/git/rev_list.rb | 42 +++++++++++++++++ - lib/gitlab/git_access.rb | 5 +- - lib/gitlab/popen.rb | 4 +- - spec/lib/gitlab/checks/force_push_spec.rb | 19 ++++++++ - spec/lib/gitlab/git/rev_list_spec.rb | 53 ++++++++++++++++++++++ - 9 files changed, 147 insertions(+), 10 deletions(-) - create mode 100644 changelogs/unreleased/25301-git-2-11-force-push-bug.yml - create mode 100644 lib/gitlab/git/rev_list.rb - create mode 100644 spec/lib/gitlab/checks/force_push_spec.rb - create mode 100644 spec/lib/gitlab/git/rev_list_spec.rb - -diff --git a/changelogs/unreleased/25301-git-2-11-force-push-bug.yml b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml -new file mode 100644 -index 0000000..afe5772 ---- /dev/null -+++ b/changelogs/unreleased/25301-git-2-11-force-push-bug.yml -@@ -0,0 +1,4 @@ -+--- -+title: Accept environment variables from the `pre-receive` script -+merge_request: 7967 -+author: -diff --git a/lib/api/internal.rb b/lib/api/internal.rb -index 9a5d1ec..89e47a7 100644 ---- a/lib/api/internal.rb -+++ b/lib/api/internal.rb -@@ -43,6 +43,14 @@ module API - :push_code - ] - end -+ -+ def parse_allowed_environment_variables -+ return if params[:env].blank? -+ -+ JSON.parse(params[:env]) -+ -+ rescue JSON::ParserError -+ end - end - - post "/allowed" do -@@ -61,7 +69,11 @@ module API - if wiki? - Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) - else -- Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) -+ Gitlab::GitAccess.new(actor, -+ project, -+ protocol, -+ authentication_abilities: ssh_authentication_abilities, -+ env: parse_allowed_environment_variables) - end - - access_status = access.check(params[:action], params[:changes]) -diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb -index cb10652..3d20301 100644 ---- a/lib/gitlab/checks/change_access.rb -+++ b/lib/gitlab/checks/change_access.rb -@@ -3,11 +3,12 @@ module Gitlab - class ChangeAccess - attr_reader :user_access, :project - -- def initialize(change, user_access:, project:) -+ def initialize(change, user_access:, project:, env: {}) - @oldrev, @newrev, @ref = change.values_at(:oldrev, :newrev, :ref) - @branch_name = Gitlab::Git.branch_name(@ref) - @user_access = user_access - @project = project -+ @env = env - end - - def exec -@@ -68,7 +69,7 @@ module Gitlab - end - - def forced_push? -- Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev) -+ Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev, env: @env) - end - - def matching_merge_request? -diff --git a/lib/gitlab/checks/force_push.rb b/lib/gitlab/checks/force_push.rb -index 5fe8655..de0c904 100644 ---- a/lib/gitlab/checks/force_push.rb -+++ b/lib/gitlab/checks/force_push.rb -@@ -1,15 +1,20 @@ - module Gitlab - module Checks - class ForcePush -- def self.force_push?(project, oldrev, newrev) -+ def self.force_push?(project, oldrev, newrev, env: {}) - return false if project.empty_repo? - - # Created or deleted branch - if Gitlab::Git.blank_ref?(oldrev) || Gitlab::Git.blank_ref?(newrev) - false - else -- missed_ref, _ = Gitlab::Popen.popen(%W(#{Gitlab.config.git.bin_path} --git-dir=#{project.repository.path_to_repo} rev-list --max-count=1 #{oldrev} ^#{newrev})) -- missed_ref.present? -+ missed_ref, exit_status = Gitlab::Git::RevList.new(oldrev, newrev, project: project, env: env).execute -+ -+ if exit_status == 0 -+ missed_ref.present? -+ else -+ raise "Got a non-zero exit code while calling out to `git rev-list` in the force-push check." -+ end - end - end - end -diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb -new file mode 100644 -index 0000000..25e9d61 ---- /dev/null -+++ b/lib/gitlab/git/rev_list.rb -@@ -0,0 +1,42 @@ -+module Gitlab -+ module Git -+ class RevList -+ attr_reader :project, :env -+ -+ ALLOWED_VARIABLES = %w[GIT_OBJECT_DIRECTORY GIT_ALTERNATE_OBJECT_DIRECTORIES].freeze -+ -+ def initialize(oldrev, newrev, project:, env: nil) -+ @project = project -+ @env = env.presence || {} -+ @args = [Gitlab.config.git.bin_path, -+ "--git-dir=#{project.repository.path_to_repo}", -+ "rev-list", -+ "--max-count=1", -+ oldrev, -+ "^#{newrev}"] -+ end -+ -+ def execute -+ Gitlab::Popen.popen(@args, nil, parse_environment_variables) -+ end -+ -+ def valid? -+ environment_variables.all? do |(name, value)| -+ value.start_with?(project.repository.path_to_repo) -+ end -+ end -+ -+ private -+ -+ def parse_environment_variables -+ return {} unless valid? -+ -+ environment_variables -+ end -+ -+ def environment_variables -+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES) -+ end -+ end -+ end -+end -diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb -index bcbf645..74e8713 100644 ---- a/lib/gitlab/git_access.rb -+++ b/lib/gitlab/git_access.rb -@@ -17,12 +17,13 @@ module Gitlab - - attr_reader :actor, :project, :protocol, :user_access, :authentication_abilities - -- def initialize(actor, project, protocol, authentication_abilities:) -+ def initialize(actor, project, protocol, authentication_abilities:, env: {}) - @actor = actor - @project = project - @protocol = protocol - @authentication_abilities = authentication_abilities - @user_access = UserAccess.new(user, project: project) -+ @env = env - end - - def check(cmd, changes) -@@ -99,7 +100,7 @@ module Gitlab - end - - def change_access_check(change) -- Checks::ChangeAccess.new(change, user_access: user_access, project: project).exec -+ Checks::ChangeAccess.new(change, user_access: user_access, project: project, env: @env).exec - end - - def protocol_allowed? -diff --git a/lib/gitlab/popen.rb b/lib/gitlab/popen.rb -index cc74bb2..4bc5cda 100644 ---- a/lib/gitlab/popen.rb -+++ b/lib/gitlab/popen.rb -@@ -5,13 +5,13 @@ module Gitlab - module Popen - extend self - -- def popen(cmd, path = nil) -+ def popen(cmd, path = nil, vars = {}) - unless cmd.is_a?(Array) - raise "System commands must be given as an array of strings" - end - - path ||= Dir.pwd -- vars = { "PWD" => path } -+ vars['PWD'] = path - options = { chdir: path } - - unless File.directory?(path) -diff --git a/spec/lib/gitlab/checks/force_push_spec.rb b/spec/lib/gitlab/checks/force_push_spec.rb -new file mode 100644 -index 0000000..f628801 ---- /dev/null -+++ b/spec/lib/gitlab/checks/force_push_spec.rb -@@ -0,0 +1,19 @@ -+require 'spec_helper' -+ -+describe Gitlab::Checks::ChangeAccess, lib: true do -+ let(:project) { create(:project) } -+ -+ context "exit code checking" do -+ it "does not raise a runtime error if the `popen` call to git returns a zero exit code" do -+ allow(Gitlab::Popen).to receive(:popen).and_return(['normal output', 0]) -+ -+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.not_to raise_error -+ end -+ -+ it "raises a runtime error if the `popen` call to git returns a non-zero exit code" do -+ allow(Gitlab::Popen).to receive(:popen).and_return(['error', 1]) -+ -+ expect { Gitlab::Checks::ForcePush.force_push?(project, 'oldrev', 'newrev') }.to raise_error(RuntimeError) -+ end -+ end -+end -diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb -new file mode 100644 -index 0000000..444639a ---- /dev/null -+++ b/spec/lib/gitlab/git/rev_list_spec.rb -@@ -0,0 +1,53 @@ -+require 'spec_helper' -+ -+describe Gitlab::Git::RevList, lib: true do -+ let(:project) { create(:project) } -+ -+ context "validations" do -+ described_class::ALLOWED_VARIABLES.each do |var| -+ context var do -+ it "accepts values starting with the project repo path" do -+ env = { var => "#{project.repository.path_to_repo}/objects" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).to be_valid -+ end -+ -+ it "rejects values starting not with the project repo path" do -+ env = { var => "/some/other/path" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).not_to be_valid -+ end -+ -+ it "rejects values containing the project repo path but not starting with it" do -+ env = { var => "/some/other/path/#{project.repository.path_to_repo}" } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).not_to be_valid -+ end -+ end -+ end -+ end -+ -+ context "#execute" do -+ let(:env) { { "GIT_OBJECT_DIRECTORY" => project.repository.path_to_repo } } -+ let(:rev_list) { Gitlab::Git::RevList.new('oldrev', 'newrev', project: project, env: env) } -+ -+ it "calls out to `popen` without environment variables if the record is invalid" do -+ allow(rev_list).to receive(:valid?).and_return(false) -+ -+ expect(Open3).to receive(:popen3).with(hash_excluding(env), any_args) -+ -+ rev_list.execute -+ end -+ -+ it "calls out to `popen` with environment variables if the record is valid" do -+ allow(rev_list).to receive(:valid?).and_return(true) -+ -+ expect(Open3).to receive(:popen3).with(hash_including(env), any_args) -+ -+ rev_list.execute -+ end -+ end -+end --- -2.10.2 - - -From 0ce20138298eaebfb9e8225d21e7b0088716e5ad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?R=C3=A9my=20Coutable?= -Date: Tue, 20 Dec 2016 09:45:37 +0100 -Subject: [PATCH 2/3] Reject blank environment vcariables in - Gitlab::Git::RevList -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Rémy Coutable ---- - lib/gitlab/git/rev_list.rb | 4 ++-- - spec/lib/gitlab/git/rev_list_spec.rb | 7 +++++++ - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb -index 25e9d61..79dd0cf 100644 ---- a/lib/gitlab/git/rev_list.rb -+++ b/lib/gitlab/git/rev_list.rb -@@ -22,7 +22,7 @@ module Gitlab - - def valid? - environment_variables.all? do |(name, value)| -- value.start_with?(project.repository.path_to_repo) -+ value.to_s.start_with?(project.repository.path_to_repo) - end - end - -@@ -35,7 +35,7 @@ module Gitlab - end - - def environment_variables -- @environment_variables ||= env.slice(*ALLOWED_VARIABLES) -+ @environment_variables ||= env.slice(*ALLOWED_VARIABLES).compact - end - end - end -diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb -index 444639a..1f9c987 100644 ---- a/spec/lib/gitlab/git/rev_list_spec.rb -+++ b/spec/lib/gitlab/git/rev_list_spec.rb -@@ -26,6 +26,13 @@ describe Gitlab::Git::RevList, lib: true do - - expect(rev_list).not_to be_valid - end -+ -+ it "ignores nil values" do -+ env = { var => nil } -+ rev_list = described_class.new('oldrev', 'newrev', project: project, env: env) -+ -+ expect(rev_list).to be_valid -+ end - end - end - end --- -2.10.2 - - -From b54b031638e7a98c1e51b369cff53602db40e4b0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?R=C3=A9my=20Coutable?= -Date: Mon, 6 Feb 2017 10:04:21 +0100 -Subject: [PATCH 3/3] Update gitlab-shell to 3.6.7 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Rémy Coutable ---- - changelogs/unreleased/use-gitlab-shell-3-6-7.yml | 4 ++++ - doc/update/8.12-to-8.13.md | 4 ++-- - 3 files changed, 7 insertions(+), 3 deletions(-) - create mode 100644 changelogs/unreleased/use-gitlab-shell-3-6-7.yml - -diff --git a/changelogs/unreleased/use-gitlab-shell-3-6-7.yml b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml -new file mode 100644 -index 0000000..c6600ce ---- /dev/null -+++ b/changelogs/unreleased/use-gitlab-shell-3-6-7.yml -@@ -0,0 +1,4 @@ -+--- -+title: Use gitlab-shell v3.6.7 -+merge_request: -+author: -diff --git a/doc/update/8.12-to-8.13.md b/doc/update/8.12-to-8.13.md -index c0084d9..6457ec9 100644 ---- a/doc/update/8.12-to-8.13.md -+++ b/doc/update/8.12-to-8.13.md -@@ -72,7 +72,7 @@ sudo -u git -H git checkout 8-13-stable-ee - ```bash - cd /home/git/gitlab-shell - sudo -u git -H git fetch --all --tags --sudo -u git -H git checkout v3.6.6 -+sudo -u git -H git checkout v3.6.7 - ``` - - ### 6. Update gitlab-workhorse -@@ -166,7 +166,7 @@ See [smtp_settings.rb.sample] as an example. - Ensure you're still up-to-date with the latest init script changes: - - sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab -- -+ - For Ubuntu 16.04.1 LTS: - - sudo systemctl daemon-reload --- -2.10.2 - diff --git a/debian/patches/052-relax-grape.patch b/debian/patches/052-relax-grape.patch deleted file mode 100644 index f216979952..0000000000 --- a/debian/patches/052-relax-grape.patch +++ /dev/null @@ -1,13 +0,0 @@ -https://gitlab.com/gitlab-org/gitlab-ce/issues/19670 - ---- a/Gemfile -+++ b/Gemfile -@@ -68,7 +68,7 @@ - gem 'github-linguist', '~> 4.7', require: 'linguist' - - # API --gem 'grape', '~> 0.15.0' -+gem 'grape', '~> 0.16.0' - gem 'grape-entity', '~> 0.6.0' - gem 'rack-cors', '~> 0.4.0', require: 'rack/cors' - diff --git a/debian/patches/cve-2016-9086-fix.patch b/debian/patches/cve-2016-9086-fix.patch deleted file mode 100644 index d57950c16b..0000000000 --- a/debian/patches/cve-2016-9086-fix.patch +++ /dev/null @@ -1,47 +0,0 @@ -Description: Fix file disclosure via hidden symlinks using the project import -Author: Rémy Coutable -Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/36091 -Last-Update: 2017-08-17 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/lib/gitlab/import_export/file_importer.rb -+++ b/lib/gitlab/import_export/file_importer.rb -@@ -47,12 +47,16 @@ - end - - def remove_symlinks! -- Dir["#{@shared.export_path}/**/*"].each do |path| -+ extracted_files.each do |path| - FileUtils.rm(path) if File.lstat(path).symlink? - end - - true - end -+ -+ def extracted_files -+ Dir.glob("#{@shared.export_path}/**/*", File::FNM_DOTMATCH).reject { |f| f =~ /.*\/\.{1,2}$/ } -+ end - end - end - end ---- a/spec/lib/gitlab/import_export/file_importer_spec.rb -+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb -@@ -5,6 +5,7 @@ - let(:export_path) { "#{Dir::tmpdir}/file_importer_spec" } - let(:valid_file) { "#{shared.export_path}/valid.json" } - let(:symlink_file) { "#{shared.export_path}/invalid.json" } -+ let(:hidden_symlink_file) { "#{shared.export_path}/.hidden" } - let(:subfolder_symlink_file) { "#{shared.export_path}/subfolder/invalid.json" } - - before do -@@ -25,6 +26,10 @@ - expect(File.exist?(symlink_file)).to be false - end - -+ it 'removes hidden symlinks in root folder' do -+ expect(File.exist?(hidden_symlink_file)).to be false -+ end -+ - it 'removes symlinks in subfolders' do - expect(File.exist?(subfolder_symlink_file)).to be false - end diff --git a/debian/patches/cve-2017-0882.patch b/debian/patches/cve-2017-0882.patch deleted file mode 100644 index 2da61bec95..0000000000 --- a/debian/patches/cve-2017-0882.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb -index cb64926..d7928cb 100644 ---- a/app/controllers/projects/issues_controller.rb -+++ b/app/controllers/projects/issues_controller.rb -@@ -112,7 +112,7 @@ class Projects::IssuesController < Projects::ApplicationController - end - - format.json do -- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }) -+ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }) - end - end - -diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb -index 6e15c06..317011c 100644 ---- a/app/controllers/projects/merge_requests_controller.rb -+++ b/app/controllers/projects/merge_requests_controller.rb -@@ -278,7 +278,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController - @merge_request.target_project, @merge_request]) - end - format.json do -- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }) -+ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }) - end - end - else diff --git a/debian/patches/series b/debian/patches/series index 9b95d52b8c..31a7ae6937 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,14 +1,8 @@ -cve-2016-9086-fix.patch 0005-use-debian-omniauth-ldap.patch -0018-loosen-rdoc.patch 0050-relax-stable-libs.patch 0100-remove-development-test.patch 0108-make-mysql-optional.patch source-init-functions.patch pid-log-paths.patch -052-relax-grape.patch 0200-remove-order-dependency-in-label-finder-spec.patch -0210-use-jquery-ui-rails6.patch 0220-relax-dependencies.patch -0300-git-2-11-support.patch -cve-2017-0882.patch