From 4e452e009e03b22b78a35febf5c120ec0a62a46f Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 2 Jul 2020 21:28:01 +0530 Subject: [PATCH 1/5] Use packaged versions of d3 and d3-sankey node modules --- debian/control | 2 ++ debian/patches/0740-use-packaged-modules.patch | 10 +++++----- debian/patches/0741-add-graphql-tag.patch | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index f74a357a7a..95f38aca24 100644 --- a/debian/control +++ b/debian/control @@ -357,6 +357,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, node-compression-webpack-plugin (>= 3.0.1~), node-core-js (>= 3.2.1~), node-css-loader (>= 2.1.1~), +# node-d3 includes d3-sankey + node-d3 (>= 5.16~), node-d3-scale (>= 1.0.7~), node-d3-selection (>= 1.2~), node-dateformat, diff --git a/debian/patches/0740-use-packaged-modules.patch b/debian/patches/0740-use-packaged-modules.patch index a54b4491f4..49f4033107 100644 --- a/debian/patches/0740-use-packaged-modules.patch +++ b/debian/patches/0740-use-packaged-modules.patch @@ -89,7 +89,7 @@ Use debian packaged node modules when available "@gitlab/at.js": "1.5.5", "@gitlab/svgs": "1.140.0", "@gitlab/ui": "17.0.1", -@@ -53,54 +47,31 @@ +@@ -53,54 +47,29 @@ "apollo-link": "^1.2.11", "apollo-link-batch-http": "^1.2.11", "apollo-upload-client": "^10.0.0", @@ -110,8 +110,8 @@ Use debian packaged node modules when available - "core-js": "^3.6.4", "cropper": "^2.3.0", - "css-loader": "^2.1.1", - "d3": "^5.16.0", - "d3-sankey": "^0.12.3", +- "d3": "^5.16.0", +- "d3-sankey": "^0.12.3", - "d3-scale": "^2.2.2", - "d3-selection": "^1.2.0", - "dateformat": "^3.0.3", @@ -144,7 +144,7 @@ Use debian packaged node modules when available "marked": "^0.3.12", "mermaid": "^8.5.2", "mersenne-twister": "1.1.0", -@@ -108,13 +79,9 @@ +@@ -108,13 +77,9 @@ "mitt": "^1.2.0", "monaco-editor": "^0.18.1", "monaco-editor-webpack-plugin": "^1.7.0", @@ -158,7 +158,7 @@ Use debian packaged node modules when available "raphael": "^2.2.7", "raw-loader": "^4.0.0", "sanitize-html": "^1.22.0", -@@ -128,31 +95,21 @@ +@@ -128,31 +93,21 @@ "svg4everybody": "2.1.9", "swagger-ui-dist": "^3.26.2", "three": "^0.84.0", diff --git a/debian/patches/0741-add-graphql-tag.patch b/debian/patches/0741-add-graphql-tag.patch index f69eb335ec..ceccfd20ee 100644 --- a/debian/patches/0741-add-graphql-tag.patch +++ b/debian/patches/0741-add-graphql-tag.patch @@ -2,7 +2,7 @@ yarn fails to install graphql-tag --- a/package.json +++ b/package.json -@@ -67,6 +67,7 @@ +@@ -65,6 +65,7 @@ "formdata-polyfill": "^3.0.19", "fuzzaldrin-plus": "^0.6.0", "graphql": "^14.0.2", From 039bc183d90da807aec7d7a40a3fbd228f283da2 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 2 Jul 2020 21:51:34 +0530 Subject: [PATCH 2/5] Update changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 43ddbc4ba9..fdeb9b3bf4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +gitlab (13.1.2-2) UNRELEASED; urgency=medium + + * Use packaged versions of d3 and d3-sankey node modules + + -- Pirate Praveen Thu, 02 Jul 2020 21:28:23 +0530 + gitlab (13.1.2-1) experimental; urgency=medium * New upstream version 13.1.2 with many security fixes (CVE IDs not From 8971fcc4b6f5eb6dffef116ead9b244da6621943 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Fri, 3 Jul 2020 14:39:25 +0530 Subject: [PATCH 3/5] Use packaged version of codemirror --- debian/control | 1 + debian/patches/0740-use-packaged-modules.patch | 8 ++++---- debian/patches/0741-add-graphql-tag.patch | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/debian/control b/debian/control index 95f38aca24..d474ab31a5 100644 --- a/debian/control +++ b/debian/control @@ -354,6 +354,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, node-cache-loader (>= 4.1~), node-chart.js (>= 2.7.2~), node-clipboard, + node-codemirror, node-compression-webpack-plugin (>= 3.0.1~), node-core-js (>= 3.2.1~), node-css-loader (>= 2.1.1~), diff --git a/debian/patches/0740-use-packaged-modules.patch b/debian/patches/0740-use-packaged-modules.patch index 49f4033107..b43a438306 100644 --- a/debian/patches/0740-use-packaged-modules.patch +++ b/debian/patches/0740-use-packaged-modules.patch @@ -89,7 +89,7 @@ Use debian packaged node modules when available "@gitlab/at.js": "1.5.5", "@gitlab/svgs": "1.140.0", "@gitlab/ui": "17.0.1", -@@ -53,54 +47,29 @@ +@@ -53,54 +47,28 @@ "apollo-link": "^1.2.11", "apollo-link-batch-http": "^1.2.11", "apollo-upload-client": "^10.0.0", @@ -103,7 +103,7 @@ Use debian packaged node modules when available - "cache-loader": "^4.1.0", "classlist-polyfill": "^1.2.0", - "clipboard": "^1.7.1", - "codemirror": "^5.48.4", +- "codemirror": "^5.48.4", "codesandbox-api": "0.0.23", - "compression-webpack-plugin": "^3.0.1", "copy-webpack-plugin": "^5.0.5", @@ -144,7 +144,7 @@ Use debian packaged node modules when available "marked": "^0.3.12", "mermaid": "^8.5.2", "mersenne-twister": "1.1.0", -@@ -108,13 +77,9 @@ +@@ -108,13 +76,9 @@ "mitt": "^1.2.0", "monaco-editor": "^0.18.1", "monaco-editor-webpack-plugin": "^1.7.0", @@ -158,7 +158,7 @@ Use debian packaged node modules when available "raphael": "^2.2.7", "raw-loader": "^4.0.0", "sanitize-html": "^1.22.0", -@@ -128,31 +93,21 @@ +@@ -128,31 +92,21 @@ "svg4everybody": "2.1.9", "swagger-ui-dist": "^3.26.2", "three": "^0.84.0", diff --git a/debian/patches/0741-add-graphql-tag.patch b/debian/patches/0741-add-graphql-tag.patch index ceccfd20ee..963fc6a932 100644 --- a/debian/patches/0741-add-graphql-tag.patch +++ b/debian/patches/0741-add-graphql-tag.patch @@ -2,7 +2,7 @@ yarn fails to install graphql-tag --- a/package.json +++ b/package.json -@@ -65,6 +65,7 @@ +@@ -64,6 +64,7 @@ "formdata-polyfill": "^3.0.19", "fuzzaldrin-plus": "^0.6.0", "graphql": "^14.0.2", From 387c3be4e502d5e674457e9b9f45c3a69ff99036 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 9 Jul 2020 12:48:47 +0530 Subject: [PATCH 4/5] New upstream version 13.1.3 --- CHANGELOG.md | 4 ++++ GITALY_SERVER_VERSION | 2 +- VERSION | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa8b386d8b..fb0ee1674c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.1.3 (2020-07-06) + +- No changes. + ## 13.1.2 (2020-07-01) ### Security (18 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 3837381805..5a21446fc6 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.1.2 +13.1.3 diff --git a/VERSION b/VERSION index 3837381805..5a21446fc6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -13.1.2 +13.1.3 From 80a083b0e2abffbb74a9d35931ea834194260d2c Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Thu, 9 Jul 2020 12:55:33 +0530 Subject: [PATCH 5/5] Upload to experimental --- debian/changelog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index fdeb9b3bf4..5c0ed663f2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -gitlab (13.1.2-2) UNRELEASED; urgency=medium +gitlab (13.1.3-1) experimental; urgency=medium * Use packaged versions of d3 and d3-sankey node modules + * Use packaged version of codemirror + * New upstream version 13.1.3 (Fixes: CVE-2020-15525) - -- Pirate Praveen Thu, 02 Jul 2020 21:28:23 +0530 + -- Pirate Praveen Thu, 09 Jul 2020 12:54:05 +0530 gitlab (13.1.2-1) experimental; urgency=medium