Refresh patches

debian/patches/Gemfile/0010-relax-stable-libs.patch

@@ -3,7 +3,7 @@ gitlab Gemfile
 
 --- a/Gemfile
 +++ b/Gemfile
-@@ -13,64 +13,64 @@
+@@ -13,63 +13,63 @@
  # NOTE: When incrementing the major or minor version here, also increment activerecord_version
  # in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve
  # https://gitlab.com/gitlab-org/gitlab/-/issues/375713
@@ -13,9 +13,7 @@ gitlab Gemfile
 -gem 'bootsnap', '~> 1.16.0', require: false
 +gem 'bootsnap', '~> 1.16', require: false
  
- # Pin openssl to match the version bundled with our supported Rubies.
- # See https://stdgems.org/openssl/#gem-version.
- gem 'openssl', '2.2.2'
+ gem 'openssl', '~> 3.0'
 -gem 'ipaddr', '~> 1.2.5'
 +gem 'ipaddr', '~> 1.2', '>= 1.2.5'
  
@@ -25,12 +23,14 @@ gitlab Gemfile
 -gem 'sprockets', '~> 3.7.0'
 +gem 'sprockets', '~> 3.7'
  
--gem 'view_component', '~> 2.74.1'
-+gem 'view_component', '~> 2.74', '>= 2.74.1'
+-gem 'view_component', '~> 2.82.0'
++gem 'view_component', '~> 2.82'
  
  # Supported DBs
--gem 'pg', '~> 1.4.6'
-+gem 'pg', '~> 1.4', '>= 1.4.6'
+-gem 'pg', '~> 1.5.3'
++gem 'pg', '~> 1.5', '>= 1.5.3'
+ 
+ gem 'neighbor', '~> 0.2.3'
  
  gem 'rugged', '~> 1.5'
 -gem 'grape-path-helpers', '~> 1.7.1'
@@ -50,7 +50,7 @@ gitlab Gemfile
  gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable'
  gem 'bcrypt', '~> 3.1', '>= 3.1.14'
  gem 'doorkeeper', '~> 5.6', '>= 5.6.6'
- gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.5'
+ gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.6'
 -gem 'rexml', '~> 3.2.5'
 -gem 'ruby-saml', '~> 1.13.0'
 -gem 'omniauth', '~> 2.1.0'
@@ -60,7 +60,6 @@ gitlab Gemfile
  gem 'omniauth-auth0', '~> 3.1'
  gem 'omniauth-azure-activedirectory-v2', '~> 2.0'
  gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
- gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md
  gem 'omniauth-dingtalk-oauth2', '~> 1.0'
 -gem 'omniauth-alicloud', '~> 2.0.1'
 -gem 'omniauth-facebook', '~> 4.0.0'
@@ -71,8 +70,8 @@ gitlab Gemfile
  gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
  gem 'omniauth-google-oauth2', '~> 1.1'
  gem 'omniauth-oauth2-generic', '~> 0.2.2'
--gem 'omniauth-saml', '~> 2.0.0'
-+gem 'omniauth-saml', '~> 2.0'
+-gem 'omniauth-saml', '~> 2.1.0'
++gem 'omniauth-saml', '~> 2.1'
  gem 'omniauth-twitter', '~> 1.4'
  gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
  gem 'omniauth_openid_connect', '~> 0.6.1'
@@ -87,7 +86,7 @@ gitlab Gemfile
  gem 'jwt', '~> 2.5'
  
  # Kerberos authentication. EE-only
-@@ -80,28 +80,28 @@
+@@ -79,59 +79,59 @@
  # Spam and anti-bot protection
  gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails'
  gem 'akismet', '~> 3.0'
@@ -99,7 +98,6 @@ gitlab Gemfile
 +gem 'devise-two-factor', '~> 4.0', '>= 4.0.2'
  gem 'rqrcode-rails3', '~> 0.1.7'
  gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted'
- gem 'u2f', '~> 0.2.1'
  
  # GitLab Pages
 -gem 'validates_hostname', '~> 1.0.11'
@@ -122,7 +120,9 @@ gitlab Gemfile
  
  # LDAP Auth
  # GitLab fork with several improvements to original library. For full list of changes
-@@ -110,30 +110,30 @@
+ # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
+-gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap'
++gem 'gitlab_omniauth-ldap', '~> 2.2', require: 'omniauth-ldap'
  gem 'net-ldap', '~> 0.17.1'
  
  # API
@@ -161,7 +161,7 @@ gitlab Gemfile
  
  # for backups
  gem 'fog-aws', '~> 3.18'
-@@ -149,10 +149,10 @@
+@@ -147,10 +147,10 @@
  # We may want to update this dependency if this is ever addressed upstream, e.g. via
  # https://github.com/aliyun/aliyun-oss-ruby-sdk/pull/93
  gem 'fog-aliyun', '~> 0.4'
@@ -174,7 +174,7 @@ gitlab Gemfile
  gem 'google-apis-core', '~> 0.10.0'
  gem 'google-apis-compute_v1', '~> 0.57.0'
  gem 'google-apis-container_v1', '~> 0.43.0'
-@@ -168,36 +168,36 @@
+@@ -166,36 +166,36 @@
  gem 'unf', '~> 0.1.4'
  
  # Seed data
@@ -185,12 +185,12 @@ gitlab Gemfile
  gem 'elasticsearch-model', '~> 7.2'
  gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
 -gem 'elasticsearch-api',   '7.13.3'
--gem 'aws-sdk-core', '~> 3.171.0'
+-gem 'aws-sdk-core', '~> 3.172.0'
 +gem 'elasticsearch-api',   '~> 7.13', '>= 7.13.3'
-+gem 'aws-sdk-core', '~> 3.171'
++gem 'aws-sdk-core', '~> 3.172'
  gem 'aws-sdk-cloudformation', '~> 1'
--gem 'aws-sdk-s3', '~> 1.121.0'
-+gem 'aws-sdk-s3', '~> 1.121'
+-gem 'aws-sdk-s3', '~> 1.122.0'
++gem 'aws-sdk-s3', '~> 1.122'
  gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
 -gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
 +gem 'typhoeus', '~> 1.4' # Used with Elasticsearch to support http keep-alive connections
@@ -226,7 +226,13 @@ gitlab Gemfile
  
  # Calendar rendering
  gem 'icalendar'
-@@ -212,7 +212,7 @@
+@@ -205,12 +205,12 @@
+ gem 'diff_match_patch', '~> 0.1.0'
+ 
+ # Application server
+-gem 'rack', '~> 2.2.7'
++gem 'rack', '~> 2.2', '>= 2.2.7'
+ # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually
  gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base'
  
  group :puma do
@@ -235,7 +241,7 @@ gitlab Gemfile
    gem 'puma_worker_killer', '~> 0.3.1', require: false
    gem 'sd_notify', '~> 0.1.0', require: false
  end
-@@ -224,13 +224,13 @@
+@@ -222,13 +222,13 @@
  gem 'acts-as-taggable-on', '~> 9.0'
  
  # Background jobs
@@ -253,13 +259,9 @@ gitlab Gemfile
  
  # HTTP requests
  gem 'httparty', '~> 0.20.0'
-@@ -242,14 +242,14 @@
+@@ -240,11 +240,11 @@
  gem 'ruby-progressbar', '~> 1.10'
  
- # GitLab settings
--gem 'settingslogic', '~> 2.0.9'
-+gem 'settingslogic', '~> 2.0', '>= 2.0.9'
- 
  # Linear-time regex library for untrusted regular expressions
 -gem 're2', '~> 1.6.0'
 +gem 're2', '~> 1.6'
@@ -271,7 +273,7 @@ gitlab Gemfile
  gem 'version_sorter', '~> 2.3'
  
  # Export Ruby Regex to Javascript
-@@ -259,21 +259,21 @@
+@@ -254,21 +254,21 @@
  gem 'device_detector'
  
  # Redis
@@ -297,7 +299,7 @@ gitlab Gemfile
  
  # Hangouts Chat integration
  gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'
-@@ -285,17 +285,17 @@
+@@ -280,18 +280,18 @@
  gem 'ruby-fogbugz', '~> 0.3.0'
  
  # Kubernetes integration
@@ -306,6 +308,8 @@ gitlab Gemfile
  
  # AI
  gem 'ruby-openai', '~> 3.7'
+-gem 'circuitbox', '2.0.0'
++gem 'circuitbox', '2.0'
  
  # Sanitize user input
  gem 'sanitize', '~> 6.0'
@@ -313,12 +317,12 @@ gitlab Gemfile
 +gem 'babosa', '~> 1.0', '>= 1.0.4'
  
  # Sanitizes SVG input
--gem 'loofah', '~> 2.20.0'
-+gem 'loofah', '~> 2.20'
+-gem 'loofah', '~> 2.21.0'
++gem 'loofah', '~> 2.21'
  
  # Working with license
  # Detects the open source license the repository includes
-@@ -317,32 +317,32 @@
+@@ -313,32 +313,32 @@
  
  gem 'rack-proxy', '~> 0.7.6'
  
@@ -360,9 +364,9 @@ gitlab Gemfile
 -gem 'premailer-rails', '~> 1.10.3'
 +gem 'premailer-rails', '~> 1.10', '>= 1.10.3'
  
- gem 'gitlab-labkit', '~> 0.31.1'
+ gem 'gitlab-labkit', '~> 0.32.0'
  gem 'thrift', '>= 0.16.0'
-@@ -350,11 +350,11 @@
+@@ -346,11 +346,11 @@
  # I18n
  gem 'ruby_parser', '~> 3.20', require: false
  gem 'rails-i18n', '~> 7.0'
@@ -376,20 +380,20 @@ gitlab Gemfile
  
  # Perf bar
  gem 'peek', '~> 1.1'
-@@ -366,10 +366,10 @@
+@@ -362,10 +362,10 @@
  gem 'snowplow-tracker', '~> 0.8.0'
  
  # Metrics
 -gem 'webrick', '~> 1.8.1', require: false
 +gem 'webrick', '~> 1.8', '>= 1.8.1', require: false
- gem 'prometheus-client-mmap', '~> 0.19', require: 'prometheus/client'
+ gem 'prometheus-client-mmap', '~> 0.23', require: 'prometheus/client'
  
 -gem 'warning', '~> 1.3.0'
 +gem 'warning', '~> 1.3'
  
  group :development do
-   gem 'lefthook', '~> 1.3.10', require: false
-@@ -496,8 +496,8 @@
+   gem 'lefthook', '~> 1.3.13', require: false
+@@ -493,8 +493,8 @@
  gem 'health_check', '~> 3.0'
  
  # System information
@@ -400,7 +404,7 @@ gitlab Gemfile
  
  # NTP client
  gem 'net-ntp'
-@@ -506,25 +506,25 @@
+@@ -503,25 +503,25 @@
  gem 'ssh_data', '~> 1.3'
  
  # Spamcheck GRPC protocol definitions
@@ -412,7 +416,7 @@ gitlab Gemfile
 +gem 'gitaly', '~> 15.9'
  
  # KAS GRPC protocol definitions
- gem 'kas-grpc', '~> 0.0.2'
+ gem 'kas-grpc', '~> 0.1.0'
  
 -gem 'grpc', '~> 1.42.0'
 +gem 'grpc', '~> 1.42'
@@ -431,7 +435,7 @@ gitlab Gemfile
  gem 'gitlab-experiment', '~> 0.7.1'
  
  # Structured logging
-@@ -535,9 +535,9 @@
+@@ -532,9 +532,9 @@
  gem 'gitlab-net-dns', '~> 0.9.2'
  
  # Countries list
@@ -443,7 +447,14 @@ gitlab Gemfile
  
  # LRU cache
  gem 'lru_redux'
-@@ -555,18 +555,18 @@
+@@ -546,24 +546,24 @@
+ # `config/initializers/mail_starttls_patch.rb` has also been patched to
+ # fix STARTTLS handling until https://github.com/mikel/mail/pull/1536 is
+ # released.
+-gem 'mail', '= 2.8.1'
++gem 'mail', '~> 2.8.1'
+ gem 'mail-smtp_pool', '~> 0.1.0', path: 'vendor/gems/mail-smtp_pool', require: false
+ 
  gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'vendor/gems/microsoft_graph_mailer'
  
  # File encryption
@@ -467,7 +478,7 @@ gitlab Gemfile
  
  gem 'webauthn', '~> 3.0'
  
-@@ -577,20 +577,20 @@
+@@ -574,14 +574,14 @@
  
  gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff'
  
@@ -484,10 +495,3 @@ gitlab Gemfile
  
  # Work with RPM packages
  gem 'arr-pm', '~> 0.0.12'
- 
- # Apple plist parsing
--gem 'CFPropertyList', '~> 3.0.0'
-+gem 'CFPropertyList', '~> 3.0'
- gem 'app_store_connect'
- 
- # For phone verification

debian/patches/Gemfile/0020-remove-development-test.patch

@@ -2,7 +2,7 @@ Bundler will fail when it can't find these locally
 
 --- a/Gemfile
 +++ b/Gemfile
-@@ -113,14 +113,12 @@
+@@ -111,14 +111,12 @@
  gem 'grape', '~> 1.5','>= 1.5.2'
  gem 'grape-entity', '~> 0.10.0'
  gem 'rack-cors', '~> 1.1', '>= 1.1.1', require: 'rack/cors'
@@ -18,7 +18,7 @@ Bundler will fail when it can't find these locally
  gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
  
  gem 'hashie', '~> 5.0'
-@@ -352,7 +350,6 @@
+@@ -348,7 +346,6 @@
  gem 'rails-i18n', '~> 7.0'
  gem 'gettext_i18n_rails', '~> 1.8'
  gem 'gettext_i18n_rails_js', '~> 1.3'
@@ -26,20 +26,20 @@ Bundler will fail when it can't find these locally
  
  gem 'batch-loader', '~> 2.0', '>= 2.0.1'
  
-@@ -371,85 +368,6 @@
+@@ -367,85 +364,6 @@
  
  gem 'warning', '~> 1.3'
  
 -group :development do
--  gem 'lefthook', '~> 1.3.10', require: false
+-  gem 'lefthook', '~> 1.3.13', require: false
 -  gem 'rubocop'
 -  gem 'solargraph', '~> 0.47.2', require: false
 -
 -  gem 'letter_opener_web', '~> 2.0.0'
--  gem 'lookbook', '~> 1.5', '>= 1.5.3'
+-  gem 'lookbook', '~> 2.0', '>= 2.0.1'
 -
 -  # Better errors handler
--  gem 'better_errors', '~> 2.9.1'
+-  gem 'better_errors', '~> 2.10.0'
 -
 -  gem 'sprite-factory', '~> 1.7'
 -
@@ -94,7 +94,7 @@ Bundler will fail when it can't find these locally
 -end
 -
 -group :development, :test, :danger do
--  gem 'gitlab-dangerfiles', '~> 3.9.0', require: false
+-  gem 'gitlab-dangerfiles', '~> 3.10.0', require: false
 -end
 -
 -group :development, :test, :coverage do

debian/patches/Gemfile/0030-make-test-dependencies-conditional.patch

@@ -2,7 +2,7 @@ Make test dependencies conditional so we can enable them when running autopkgtes
 
 --- a/Gemfile
 +++ b/Gemfile
-@@ -368,7 +368,7 @@
+@@ -364,7 +364,7 @@
  
  gem 'warning', '~> 1.3'
  

debian/patches/Gemfile/0040-relax-httparty.patch

@@ -2,7 +2,7 @@ Allow newer versions of httparty to satisfy dependency
 
 --- a/Gemfile
 +++ b/Gemfile
-@@ -231,7 +231,7 @@
+@@ -229,7 +229,7 @@
  gem 'fugit', '~> 1.8', '>= 1.8.1'
  
  # HTTP requests

debian/patches/Gemfile/0090-remove-ee-only-gems.patch

@@ -2,7 +2,7 @@ This gem is used only in gitlab Enterprise Edition
 
 --- a/Gemfile
 +++ b/Gemfile
-@@ -74,7 +74,7 @@
+@@ -73,7 +73,7 @@
  gem 'jwt', '~> 2.5'
  
  # Kerberos authentication. EE-only
@@ -11,7 +11,7 @@ This gem is used only in gitlab Enterprise Edition
  gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
  
  # Spam and anti-bot protection
-@@ -325,8 +325,6 @@
+@@ -321,8 +321,6 @@
  gem 'request_store', '~> 1.5', '>= 1.5.1'
  gem 'base32', '~> 0.3.0'
  

debian/patches/Gemfile/0180-add-parser-gem.patch

@@ -3,8 +3,8 @@ Forwarded: https://gitlab.com/gitlab-org/gitlab/-/issues/354323
 --- a/Gemfile
 +++ b/Gemfile
 @@ -32,6 +32,9 @@
- # Supported DBs
- gem 'pg', '~> 1.4', '>= 1.4.6'
+ 
+ gem 'neighbor', '~> 0.2.3'
  
 +# Background migrations/fix vulnerabilities
 +gem 'parser', '~> 3.0'

debian/patches/Gemfile/0210-comment-out-openssl.patch

@@ -1,13 +0,0 @@
-We have to use openssl available in the archive
-
---- a/Gemfile
-+++ b/Gemfile
-@@ -19,7 +19,7 @@
- 
- # Pin openssl to match the version bundled with our supported Rubies.
- # See https://stdgems.org/openssl/#gem-version.
--gem 'openssl', '2.2.2'
-+#gem 'openssl', '2.2.2'
- gem 'ipaddr', '~> 1.2', '>= 1.2.5'
- 
- # Responders respond_to and respond_with

debian/patches/series

@@ -4,7 +4,6 @@ Gemfile/0030-make-test-dependencies-conditional.patch
 Gemfile/0040-relax-httparty.patch
 Gemfile/0090-remove-ee-only-gems.patch
 Gemfile/0180-add-parser-gem.patch
-Gemfile/0210-comment-out-openssl.patch
 Gemfile/0220-relax-oj-in-ipynbdiff.patch
 #Gemfile/0230-relax-omniauth-auth0.patch
 nodejs/0010-set-webpack-root.patch

debian/patches/tweaks/0030-fix-gitlab-yml-path.patch

@@ -2,12 +2,11 @@ Fix for debian package layout
 
 --- a/config/settings.rb
 +++ b/config/settings.rb
-@@ -3,7 +3,7 @@
- require 'settingslogic'
+@@ -1,6 +1,6 @@
+ # frozen_string_literal: true
  
- class Settings < Settingslogic
--  source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
-+  source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('gitlab.yml', __dir__)) }
-   namespace ENV.fetch('GITLAB_ENV') { Rails.env }
+-require_relative '../lib/gitlab_settings'
++require_relative '/usr/share/gitlab/lib/gitlab_settings'
  
-   class << self
+ file = ENV.fetch('GITLAB_CONFIG') { Rails.root.join('config/gitlab.yml') }
+ section = ENV.fetch('GITLAB_ENV') { Rails.env }

debian/patches/tweaks/0050-add-salsa-link-to-help.patch

@@ -5,15 +5,15 @@ Last-Update: 2018-12-16
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/app/helpers/version_check_helper.rb
 +++ b/app/helpers/version_check_helper.rb
-@@ -22,7 +22,10 @@
-   end
- 
+@@ -24,7 +24,10 @@
    def link_to_version
+     link = link_to(Gitlab::Source.ref, Gitlab::Source.release_url)
+ 
 -    if Gitlab.pre_release?
 +    if ENV['GITLAB_DEBIAN_VERSION'] && ENV['SALSA_TAG_URL']
 +      debian_tag = ENV['GITLAB_DEBIAN_VERSION'].gsub('~', '_')
 +      link_to ENV['GITLAB_DEBIAN_VERSION'], ENV['SALSA_TAG_URL'] + debian_tag
 +    elsif Gitlab.pre_release?
-       commit_link = link_to(Gitlab.revision, source_host_url + namespace_project_commits_path(source_code_group, source_code_project, Gitlab.revision))
-       [Gitlab::VERSION, content_tag(:small, commit_link)].join(' ').html_safe
+       [Gitlab::VERSION, content_tag(:small, link)].join(' ').html_safe
      else
+       link

debian/patches/tweaks/0060-fix-relative-paths.patch

@@ -13,7 +13,7 @@ Debian specific patch to adapt to debian policy mandated paths
 +require '/usr/share/gitlab/config/smime_signature_settings'
  
  # Default settings
- Settings['shared'] ||= Settingslogic.new({})
+ Settings['shared'] ||= {}
 --- a/config/environment.rb
 +++ b/config/environment.rb
 @@ -1,7 +1,7 @@

debian/patches/tweaks/0070-remove-capybara-screenshot-rspec.patch

@@ -8,7 +8,7 @@
  require 'selenium-webdriver'
  
  # Give CI some extra time
-@@ -133,18 +132,6 @@
+@@ -129,18 +128,6 @@
  Capybara.default_normalize_ws = true
  Capybara.enable_aria_label = true
  

debian/patches/tweaks/0080-search-binaries-in-path.patch

@@ -9,7 +9,7 @@ Last-Update: 2021-01-26
  	"time"
 +	"os/exec"
  
- 	"github.com/golang-jwt/jwt/v4"
+ 	"github.com/golang-jwt/jwt/v5"
  	"github.com/stretchr/testify/require"
 @@ -96,8 +97,11 @@
  	rootDir := RootDir()