gitlab (14.2.6+ds1-1) experimental; urgency=medium * New upstream version 14.2.5+ds1 * Refresh patches * Update import path for workhorse * Update minimum version of golang gitab-labkit * Fix XS-Go-Import-Path (remove extra workhorse from import path) * Rename workhorse binary to gitlab-workhorse * New upstream version 14.2.6+ds1 * Update minimum versions of gitaly, ruby-gitaly and gitlab-common * Relax dependency on rails in Gemfile * Update dependencies * Remove obsolete maintscript * Force specific version of monaco-editor-webpack-plugin for compatibility * Update minimum version of ruby-unleash * Use matching version of @tiptap/core in package.json * Add a preinst script to check version of postgresql * Tighten some tiptap extension versions too in package.json -- Pirate Praveen Thu, 04 Nov 2021 00:51:54 +0530 gitlab (14.1.7+ds1-2) experimental; urgency=medium * Update min versions of gitaly, ruby-gitaly, gitlab-common, ruby-gitlab-labkit -- Pirate Praveen Mon, 04 Oct 2021 20:55:32 +0530 gitlab (14.1.7+ds1-1) experimental; urgency=medium [ Sruthi Chandran ] * New upstream version 14.1.7+ds1 * Remove patches no longer required * Refresh patches * Run upstream file check before dh_install * Set minimum versions for deps * Install .browserslistrc * Relax autoprefixer-rails version to ~> 10.2 [ Pirate Praveen ] * Remove manual resolution for monaco-editor and fix version incompatibility (Closes: #995572) * Don't add babel plugins now added by upstream again in babel.config.js -- Pirate Praveen Sun, 03 Oct 2021 02:22:04 +0530 gitlab (14.0.10-2) experimental; urgency=medium * Update minimum versions of dependencies, for upgrading from buster, thanks to lepalom for reporting. nodejs (>= 12~) for yarn 3.0, ruby-grape-logging (>= 1.8~), postgresql-contrib (>= 12~) -- Pirate Praveen Mon, 20 Sep 2021 23:18:46 +0530 gitlab (14.0.10-1) experimental; urgency=medium [ Pirate Praveen ] * Bump Standards-Version to 4.6.0 (no changes needed) [ Sruthi Chandran ] * New upstream version 14.0.10 * Add golang-github-hashicorp-yamux-dev to builddeps * Set minimum version for golang-google-grpc-dev * Disable failing tests * Update upstream-file-list, install file and ignored-file-list * Update upstream file check sh * Update maintscript (remove obsolete initializers) [ Pirate Praveen ] * Update minimum versions of dependencies and add new dependencies * Relax dependency on autoprefixer-rails in Gemfile * Remove obsolete initializers * Remove config/initializers/mailer_retries.rb in clean (we have sidekiq 6) * Fix activerecord 6.1.4 compatibility issue with postgresql cte (Closes: #993901) * Add openssh-server to recommends (systemd nspawn do not have this by default) -- Pirate Praveen Thu, 09 Sep 2021 15:47:59 +0530 gitlab (13.12.9+ds1-3) experimental; urgency=medium * Change ruby2.7 dependency to ruby (for scripts that needs ruby) * Update minimum version of ruby-rqrcode-rails3 for 2FA fix * Switch back to using ruby-grpc package (instead of rubygems.org version) -- Pirate Praveen Tue, 10 Aug 2021 21:07:58 +0530 gitlab (13.12.9+ds1-2) experimental; urgency=medium * Switch back to using packaged ruby-google-protobuf (see #992008) -- Pirate Praveen Tue, 10 Aug 2021 01:05:43 +0530 gitlab (13.12.9+ds1-1) experimental; urgency=medium * New upstream security release 13.12.9+ds1 (Fixes: CVE-2021-22237, CVE-2021-22236, CVE-2021-22239) -- Pirate Praveen Wed, 04 Aug 2021 16:31:30 +0530 gitlab (13.12.8+ds1-1) experimental; urgency=medium * New upstream security release 13.12.8+ds1 Fixes: Arbitrary file read via design feature (Severity: critical) -- Pirate Praveen Thu, 08 Jul 2021 21:54:12 +0530 gitlab (13.12.6+ds1-1) experimental; urgency=medium * New upstream security release 13.12.6+ds1 (Fixes: CVE-2021-22223 and more) * Refresh patches * Update minimum versions of ruby-rails and ruby-nokogiri -- Pirate Praveen Fri, 02 Jul 2021 01:38:52 +0530 gitlab (13.12.4+ds1-1) experimental; urgency=medium * Update minimum version of golang-any (>= 2:1.15~) * Export GEM_HOME in gitlab-rails-console script * Install grpc and google-protobuf before GEM_HOME is set * New upstream version 13.12.4+ds1 -- Pirate Praveen Mon, 21 Jun 2021 23:58:09 +0530 gitlab (13.12.3+ds1-7) experimental; urgency=medium * Set GEM_HOME variable in gitlab-debian.conf (this is required for gems installed from rubygems.org) -- Pirate Praveen Mon, 21 Jun 2021 15:14:42 +0530 gitlab (13.12.3+ds1-6) experimental; urgency=medium * Move gem install to start of postinst, before regenerating Gemfile.lock (Closes: #990103) -- Pirate Praveen Mon, 21 Jun 2021 14:09:44 +0530 gitlab (13.12.3+ds1-5) experimental; urgency=medium * Add workaround for #989774 (install google-protobuf from rubygems.org) -- Pirate Praveen Mon, 21 Jun 2021 01:03:03 +0530 gitlab (13.12.3+ds1-4) experimental; urgency=medium * Update minimum version of ruby-gitlab-experiment to 0.5.4 -- Pirate Praveen Fri, 18 Jun 2021 23:01:32 +0530 gitlab (13.12.3+ds1-3) experimental; urgency=medium * Update minimum version of ohai to 16.13.0-2 -- Pirate Praveen Thu, 17 Jun 2021 22:20:21 +0530 gitlab (13.12.3+ds1-2) experimental; urgency=medium * Backport fix for rails 6.0.3.7 support (Thanks to Antoine Le Gonidec) (Closes: #989791) -- Pirate Praveen Thu, 17 Jun 2021 20:09:59 +0530 gitlab (13.12.3+ds1-1) experimental; urgency=medium * [d8d5ad1] New upstream version 13.12.3+ds1 * Refresh patches * Handle new files included by upstream * Relax dependency on autoprefixer gem in Gemfile * Update dependencies * Remove dependency on ruby-google-protobuf (See #989774) -- Pirate Praveen Thu, 10 Jun 2021 00:27:31 +0530 gitlab (13.11.5+ds1-1) experimental; urgency=medium * New upstream security release 13.11.5+ds1 (Fixes: CVE-2021-22181) -- Pirate Praveen Wed, 02 Jun 2021 17:13:59 +0530 gitlab (13.11.3+ds1-1) experimental; urgency=medium * Relax dependency of gon in Gemfile and update minimum version in d/control * Use node-rails-actioncable from system * Drop dependency on ruby-jquery-atwho-rails (no longer used) * New upstream patch release 13.11.3+ds1 -- Pirate Praveen Wed, 12 May 2021 15:55:16 +0530 gitlab (13.11.2+ds1-1) experimental; urgency=medium * New upstream version 13.11.2+ds1 * Refresh patches * Remove obsolete config files and update upstream config file list * Update minimum versions of dependencies * Remove obsolete puma initializer (we have puma 5.2.2) -- Pirate Praveen Fri, 30 Apr 2021 00:12:27 +0530 gitlab (13.10.4+ds1-1) experimental; urgency=medium * New upstream security release 13.10.4+ds1 (Fixes: CVE-2021-22209, CVE-2021-22206, CVE-2021-22210, CVE-2021-22208, CVE-2021-22211) * Update minimum version of node-mermaid to 8.9.2, ruby-carrierwave to 1.3.2 and redis-server to 5:6.0.12~ -- Pirate Praveen Wed, 28 Apr 2021 17:47:54 +0530 gitlab (13.10.3+ds2-3) experimental; urgency=medium * Keep gitlab-workhorse binary in main * Update minimum version of ruby-mail-room -- Pirate Praveen Sun, 25 Apr 2021 18:14:33 +0530 gitlab (13.10.3+ds2-2) experimental; urgency=medium * Update minimum version of node-prosemirror-{model,markdown} * Use packaged versions of lodash and babel-plugin-lodash * Relax dependency on ruby-rexml to allow version embedded in libruby2.7 * Use packaged versions of @babel/* * Update version of gitlab-workhorse to same version as gitlab -- Pirate Praveen Sat, 24 Apr 2021 00:24:27 +0530 gitlab (13.10.3+ds2-1) experimental; urgency=medium * Build gitlab-workhorse binary from workhorse directory * New upstream version 13.10.3+ds1 * Refresh patches * Add golang-github-getsentry-raven-go-dev as build dependency * Remove files no longer shipped by upstream from file lists * New upstream version 13.10.3+ds2 (remove embedded raven-go) * Update minimum versions of dependencies -- Pirate Praveen Sat, 17 Apr 2021 23:31:09 +0530 gitlab (13.9.6+ds1-1) experimental; urgency=medium * New upstream security release 13.9.6+ds1 * Update minimum version of ruby-rexml to 3.2.5 * Add ruby-saml as a dependency * Refresh patches -- Pirate Praveen Thu, 15 Apr 2021 22:42:45 +0530 gitlab (13.9.5+ds1-1) experimental; urgency=medium * Update watch file regex for github.com components * New upstream security release 13.9.5+ds1 * Drop ruby-hipchat dependency and refresh patch for the same change in Gemfile * Add ruby-ruby-magic-static as new dependency * Remove obsolete initializer -- Pirate Praveen Thu, 01 Apr 2021 16:38:24 +0530 gitlab (13.9.4+ds1-3) experimental; urgency=medium * Relax dependency on gitlab-labkit (for matching with gitaly requirement) * Update minimum versions of ruby-rugged and ruby-licensee again (ruby-rugged/libgit2 1.x now work after ruby-licensee was fixed) -- Pirate Praveen Sat, 27 Mar 2021 16:09:29 +0530 gitlab (13.9.4+ds1-2) experimental; urgency=medium * Revert "Update minimum versions of ruby-rugged and ruby-licensee" ruby-rugged/libgit2 1.x breakage is not yet fixed. -- Pirate Praveen Tue, 23 Mar 2021 23:41:10 +0530 gitlab (13.9.4+ds1-1) experimental; urgency=medium * New upstream version 13.9.4+ds1 (Fixes Remote code execution via unsafe user-controlled markdown rendering options) -- Pirate Praveen Fri, 19 Mar 2021 00:10:35 +0530 gitlab (13.9.3+ds1-2) experimental; urgency=medium * Update minimum versions of ruby-rugged and ruby-licensee (packaged versions of these gems work again) -- Pirate Praveen Thu, 11 Mar 2021 21:46:20 +0530 gitlab (13.9.3+ds1-1) experimental; urgency=medium * New upstream version 13.9.3+ds1 * Refresh patches * Update debian/upstream-file-list * Add set -e and fix typos in file names * Update maintscript (remove obsolete initializers) and upstream-config-file-list * Update dependencies -- Pirate Praveen Thu, 11 Mar 2021 21:11:52 +0530 gitlab (13.8.5+ds1-2) experimental; urgency=medium * Update minimum version of gitaly to 13.8~ * Fix typo in dependency (ruby-azure-storage-common) -- Pirate Praveen Tue, 09 Mar 2021 16:59:45 +0530 gitlab (13.8.5+ds1-1) experimental; urgency=medium * New upstream version 13.8.5+ds1 * Refresh patches * Relax dependency on bcrypt and webrick in Gemfile * Update minimum versions of dependencies -- Pirate Praveen Mon, 08 Mar 2021 23:37:34 +0530 gitlab (13.7.8+ds1-1) experimental; urgency=medium [ Dmitry Smirnov ] * watch: fixed upstream MUT/tarballs downloading with "uscan" and "origtargz". * L:debian-rules-uses-unnecessary-dh-argument * CI: minor corrections; exclude "buster-backports" and tags. * watch: added "repacksuffix=+ds1". * changelog update * watch: corrected for "uscan --download-version" case. [ Pirate Praveen ] * Remove elasticsearch-model component from debian/gbp.conf (now included in elasticsearch-rails component) * New upstream version 13.7.8+ds1 (Fixes: CVE-2021-22185, CVE-2021-22186) * Refresh patches * Update minimum version of ruby-thrift to 0.14~ -- Pirate Praveen Fri, 05 Mar 2021 16:21:41 +0530 gitlab (13.7.7-2) experimental; urgency=medium * Remove config-file-list generated during build from repo * Remove more obsolete config files, thanks to Dragos Jarca and Lars Kruse (Closes: #983779) -- Pirate Praveen Tue, 02 Mar 2021 23:55:53 +0530 gitlab (13.7.7-1) experimental; urgency=medium * New upstream version 13.7.7 * Add --quiet to gitlab-sidekiq.service running bundle install --local * Switch back to ruby-rugged 0.28 (use snapshot.debian.org) * Refresh patches * Ignore embedded gitlab-workhorse (packaged separately) * Update minimum versions of ruby-fog-google and ruby-mail-room * Add resolutions: typescript 4.1.5 in package.json * Update minimum versions to ruby-commonmarker and ruby-progressbar * Remove obsolete feature flags and initializers (Closes: #983346) * Automatically check if any config files changed during build -- Pirate Praveen Mon, 01 Mar 2021 19:32:24 +0530 gitlab (13.6.7-3) experimental; urgency=medium * Add --quiet to gitlab-sidekiq.service running bundle install --local * Switch back to ruby-rugged 0.28 (use snapshot.debian.org) -- Pirate Praveen Wed, 24 Feb 2021 21:46:34 +0530 gitlab (13.6.7-2) experimental; urgency=medium * Change dependency on ruby to ruby2.7 * Regenerate Gemfile.lock before gitlab-sidekiq service start. Also provide gitlab-update-gemfile-lock command to manually regenerate Gemfile.lock (Closes: #944698, #914989) * Update minimum version of gitaly (for gitaly-git2go command) -- Pirate Praveen Fri, 19 Feb 2021 14:20:13 +0530 gitlab (13.6.7-1) experimental; urgency=medium * Update minimum version of ruby to 2.7.2 and rubygems-integration to 1.18 * New upstream version 13.6.7 -- Pirate Praveen Thu, 11 Feb 2021 23:39:07 +0530 gitlab (13.6.6-1) experimental; urgency=medium * Use gitlab-rails-console command in README.Debian * Document how to activate a new user from rails console * Update minimum version of ruby-attr-encrypted * New upstream version 13.6.6 (Fixes: CVE-2021-22172, CVE-2021-22169) -- Pirate Praveen Thu, 04 Feb 2021 15:48:11 +0530 gitlab (13.6.5-1) experimental; urgency=medium [ Pirate Praveen ] * Add node_modules as first path to resolve in webpack.config.js * Fix syntax of nginx.ssl.config.example [ Dmitry Smirnov ] * copyright: corrected syntax to pass "cme check dpkg-copyright". [ Pirate Praveen ] * New upstream version 13.5.7 * Update minimum version of ruby-mini-magick * Update minimum version of node-popper.js * New upstream version 13.6.5 * Refresh patches * Update upstream-file-list * Update minimum version of dependencies and add new dependencies * Sync patches with buster-fasttrack branch -- Pirate Praveen Sat, 30 Jan 2021 20:30:57 +0530 gitlab (13.5.6-1) experimental; urgency=medium * Use node-css-loader 5.x and node-postcss 8.x * Switch to yarn 2.x with node-modules plugin * Refactor to make node_modules and package.json write-able * Use link: and portal: protocols in package.json for packaged modules * Use link protocol only in case of permission errors * New upstream version 13.5.5 * Update nginx configuration using upstream templates * Don't install yarn.lock (we use some dependencies from system) * Switch back to using lodash from npmjs.com (see #979531) * New upstream version 13.5.6 (Fixes: CVE-2021-22166, CVE-2020-26414) -- Pirate Praveen Fri, 08 Jan 2021 16:49:21 +0530 gitlab (13.4.7-2) unstable; urgency=medium [ Sruthi Chandran ] * Add canvas as externals in webpack.config.js [ Pirate Praveen ] * Use packaged versions of uuid, mermaid, katex, minimatch, js-yaml, webpack-stats-plugin and font-awesome node modules * Tighten dependency on node-autosize for bug fix (error in browser console) -- Pirate Praveen Thu, 17 Dec 2020 16:14:45 +0530 gitlab (13.4.7-1) unstable; urgency=medium * Use packaged version of pdfjs-dist and adapt for worker-loader 3 api * Remove schema-utils 3.0 from package.json (incompatibilities resolved) All modules depending on schema-utils are now provided by debian packages only * Install grpc using gem command (ruby-grpc package has an unfixed regression - see #966653) * Update uuid to ^8.3.1 in package.json * New upstream version 13.4.7 (Fixes: CVE-2020-26407, CVE-2020-26408, CVE-2020-13357, CVE-2020-26411, CVE-2020-26409) * Drop dependency on ruby-grpc (now handled by gem install) -- Pirate Praveen Tue, 08 Dec 2020 15:32:56 +0530 gitlab (13.4.6-3) unstable; urgency=medium [ Pirate Praveen ] * Use packaged version of css-loader, raw-loader, file-loader, style-loader and copy-webpack-plugin * Add schema-utils 3.0, mkdirp 1.0 and loader-utils 2.0 to package.json to force yarn to move incompatible versions from gitlab's node_modules directory to node_modules directory of other modules (Closes: #976310) -- Sruthi Chandran Sun, 06 Dec 2020 22:54:05 +0530 gitlab (13.4.6-2) unstable; urgency=medium * Upload to unstable (Closes: #976294) * Set minimum version for grpc and google-protobuf -- Sruthi Chandran Wed, 02 Dec 2020 23:45:40 +0530 gitlab (13.4.6-1) experimental; urgency=medium [ Pirate Praveen ] * Relax more test dependencies * Add more autopkgtest dependencies * Update patches to adjust more autopkgtest dependencies in Gemfile * Run tests again and grant required database privilleges * Run only a single test for now * New upstream version 13.4.6 * Bump Standards-Version to 4.5.1 (no changes needed) [ Sruthi Chandran ] * Drop unused patch files * Refresh patches * Update new and removed files from d/gitlab.install * Update dependencies * Create link for .gitlab_kas_secret -- Sruthi Chandran Fri, 27 Nov 2020 02:25:29 +0530 gitlab (13.3.9-1) unstable; urgency=medium * Team Upload [ Pirate Praveen ] * Relax dependency on bullet rubygem in Gemfile * Add new autopkgtest dependencies * Comment out png_quantizator dependency in Gemfile [ Abraham Raji ] * New upstream version 13.3.9 (Fixes: CVE-2020-13355, CVE-2020-26405, CVE-2020-13358, CVE-2020-13359, CVE-2020-13340, CVE-2020-13340, CVE-2020-13353, CVE-2020-13354, CVE-2020-13352, CVE-2020-13356, CVE-2020-13351, CVE-2020-13350, CVE-2020-13349, CVE-2020-13348) -- Abraham Raji Thu, 05 Nov 2020 12:23:49 +0530 gitlab (13.3.8-1) unstable; urgency=medium * New upstream version 13.3.8 * Refresh patches * Install new directory data * Tighten versions of dependencies * Create btree_gist extension in postgres database * Switch back to using css-loader module from npmjs.com * Tighten dependency on gitlab-shell and gitaly -- Pirate Praveen Wed, 28 Oct 2020 21:02:48 +0530 gitlab (13.2.10-1) unstable; urgency=medium [ Abraham Raji ] * New upstream version 13.2.10 (Fixes: CVE-2020-13333, CVE-2020-13332, CVE-2020-13335, CVE-2020-13334, CVE-2020-13327) -- Abraham Raji Sat, 03 Oct 2020 22:31:26 +0000 gitlab (13.2.8-2) unstable; urgency=medium [ Cédric Boutillier ] * [ci skip] Add .gitattributes to keep unwanted files out of the source package [ Pirate Praveen ] * Use packaged versions of prosemirror-markdown and timeago.js node modules -- Pirate Praveen Sun, 06 Sep 2020 14:11:53 +0530 gitlab (13.2.8-1) unstable; urgency=medium * Drop faraday-middleware-aws-signers-v4 from components list * New upstream version 13.2.8 (Fixes: CVE-2020-13318, CVE-2020-13301, CVE-2020-13284, CVE-2020-13298, CVE-2020-13313, CVE-2020-13311, CVE-2020-13289, CVE-2020-13302, CVE-2020-13314, CVE-2020-13309, CVE-2020-13287, CVE-2020-13306, CVE-2020-13299, CVE-2020-13300, CVE-2020-13317, CVE-2020-13303, CVE-2020-13316, CVE-2020-13304, CVE-2020-13305, CVE-2020-13307, CVE-2020-13308, CVE-2020-13315, CVE-2020-13297, CVE-2020-13310) * Refresh patches * Update minimum version of node-jquery to 3.5 * Remove faraday-middleware-aws-signers-v4 from upstream-file-list -- Pirate Praveen Thu, 03 Sep 2020 11:20:31 +0530 gitlab (13.2.6-3) unstable; urgency=medium [ Karthik ] * Add puma dependency to debian/control, add puma systemd service, update gitlab service with puma [ Pirate Praveen ] * Add gitlab-puma.service as dependency of gitlab.service * Remove unicorn from Gemfile and choose puma * Add puma.rb and use it from gitlab-puma.service * Update minimum version of gitlab-common to use unix socket in gitlab-shell * Remove gitlab-unicorn.service and install gitlab-puma.service -- Pirate Praveen Thu, 20 Aug 2020 23:23:49 +0530 gitlab (13.2.6-2) unstable; urgency=medium * Switch to aws-sdk v3 with upstream patch * Drop phantomjs from autopkgtest dependencies * Add needs-internet restriction to autopkgtest -- Pirate Praveen Thu, 20 Aug 2020 17:30:32 +0530 gitlab (13.2.6-1) unstable; urgency=medium * New upstream version 13.2.6 -- Pirate Praveen Wed, 19 Aug 2020 03:01:51 +0530 gitlab (13.2.5-1) unstable; urgency=medium * Bump minimum version of webpack to 4.43 * New upstream version 13.2.5 with a security fix (CVE ID not assigned yet) * Refresh patches * Relax dependency on ruby-browser -- Pirate Praveen Tue, 18 Aug 2020 20:03:24 +0530 gitlab (13.2.3-2) unstable; urgency=medium [ Pirate Praveen ] * Tighten dependency on ruby-gitaly and ruby-acme-client [ Abraham Raji ] * Added copyright notices for templates (Closes: #966085) [ Pirate Praveen ] * Relax dependency on ruby-gitlab-sidekiq-fetcher * Relax dependency on sidekiq gem in Gemfile to allow 6.x version (Closes: #968239) * Reupload to unstable (the version in unstable is already uninstallable, so depending on some packages from experimental is not worse, it helps security team as they need to worry about less CVEs) -- Pirate Praveen Tue, 11 Aug 2020 19:46:51 +0530 gitlab (13.2.3-1) experimental; urgency=medium * Move tmp/backups outside /run via symbolic link * New upstream version 13.2.1 * Refresh patches * Tighten dependencies * Remove files no longer shipped by upstream from install * Allow gitlab user to create schema * New upstream version 13.2.3 -- Pirate Praveen Sun, 09 Aug 2020 22:54:13 +0530 gitlab (13.1.6-1) experimental; urgency=medium * Move tmp/backups outside /run via symbolic link * New upstream version 13.1.6 (Fixes: CVE-2020-13280, CVE-2020-13281, CVE-2020-13286, CVE-2020-13285, CVE-2020-13283, CVE-2020-13282, CVE-2020-13292, CVE-2020-13293, CVE-2020-13294, CVE-2020-13291, CVE-2020-13288, CVE-2020-13290, CVE-2020-132935) -- Pirate Praveen Sun, 09 Aug 2020 01:30:33 +0530 gitlab (13.1.4-2) experimental; urgency=medium * Update minimum version of ruby to 2.7 * Drop ruby 2.5 compat patches, we have ruby 2.7 in fasttrack now * Remove obsolete initializer: rack_attack_new.rb (thanks to sunweaver and onlyjob) * Fix permissions for ${gitlab_data_dir}/shared/artifacts/tmp/* (thanks to sunweaver) -- Pirate Praveen Thu, 16 Jul 2020 17:22:17 +0530 gitlab (13.1.4-1) experimental; urgency=medium * Tighten dependencies for ruby 2.7 support in fasttrack * New upstream version 13.1.4 -- Pirate Praveen Fri, 10 Jul 2020 23:49:52 +0530 gitlab (13.1.3-1) experimental; urgency=medium * Use packaged versions of d3 and d3-sankey node modules * Use packaged version of codemirror * New upstream version 13.1.3 (Fixes: CVE-2020-15525) -- Pirate Praveen Thu, 09 Jul 2020 12:54:05 +0530 gitlab (13.1.2-1) experimental; urgency=medium * New upstream version 13.1.2 with many security fixes (CVE IDs not assigned yet) * Refresh patches * Update minimum version of ruby-kaminari to 1.2.1 -- Pirate Praveen Thu, 02 Jul 2020 01:55:18 +0530 gitlab (13.1.1-1) experimental; urgency=medium * Use packaged version of node-compression-webpack-plugin * Update minimum version of ruby-oauth2 to 1.4.4 * Add patch to fix ruby 2.5 compatibility issue * Use packaged versions: node-brace-expansion and node-cache-loader * Use packaged version of node-glob * New upstream version 13.1.1 * Update minimum version of ruby-mail-room * Refresh patches -- Pirate Praveen Wed, 01 Jul 2020 17:09:20 +0530 gitlab (13.1.0-1) experimental; urgency=medium * Update minimum version of webpack to 4.30~ * Drop dependency on ruby-liquid and ruby-influxdb * New upstream version 13.1.0 * Refresh patches * Update debian/upstream-file-list for new release * Relax dependency on faraday gem * Add rack-timeout gem to Gemfile * Tighten dependencies (remove ruby-omniauth-ultraauth) * Update dependencies on ruby-faraday, ruby-sentry-raven and ruby-grape-entity * Switch to using structure.sql from schema.rb for database initialization -- Pirate Praveen Mon, 29 Jun 2020 15:51:48 +0530 gitlab (13.0.6-2) experimental; urgency=medium * Switch to using structure.sql from schema.rb for database initialization * Add rack-timeout gem to Gemfile * Relax dependency on ruby-grape-entity -- Pirate Praveen Sat, 27 Jun 2020 23:07:50 +0530 gitlab (13.0.6-1) experimental; urgency=medium * New upstream version 13.0.6 with a security fix (CVE ID not assigned yet) -- Pirate Praveen Thu, 11 Jun 2020 17:01:47 +0530 gitlab (13.0.4-1) experimental; urgency=medium * Add link to issue about missing rack-timeout * Tighten dependency on ruby-gitaly and yarnpkg * Update minimum version for rm_conffile to include 12.10.7 * New upstream version 13.0.4 with a security fix (CVE ID not assigned yet) -- Pirate Praveen Thu, 04 Jun 2020 15:26:50 +0530 gitlab (13.0.3-1) experimental; urgency=medium * New upstream version 13.0.0 * Refresh patches * Handle newly added files in this release * Add (ruby-)rack-timeout to Gemfile and Depends * Remove obsolete initializer from /etc/gitlab * Use packaged version of node-vue-template-compiler * Tighten minimum version of gitaly * New upstream version 13.0.3 -- Pirate Praveen Sat, 30 May 2020 21:13:54 +0530 gitlab (12.10.7-1) experimental; urgency=medium * New upstream version 12.10.7 with many security fixes (CVE IDs not assigned yet) -- Pirate Praveen Thu, 28 May 2020 23:13:13 +0530 gitlab (12.10.3-3) experimental; urgency=medium * Update css-loader options in config/webpack.config.js -- Pirate Praveen Mon, 18 May 2020 16:35:38 +0530 gitlab (12.10.3-2) experimental; urgency=medium * Update dependency on node-css-loader to 2.1.1 -- Pirate Praveen Sat, 16 May 2020 15:57:44 +0530 gitlab (12.10.3-1) experimental; urgency=medium * New upstream version 12.10.3 * Use packaged version of vue node module * Update minimum version of ruby-faraday -- Pirate Praveen Sat, 09 May 2020 16:28:56 +0530 gitlab (12.10.2-2) experimental; urgency=medium * Use packaged version of node-babel-loader * Relax dependency on net-ssh gem to allow new major version -- Pirate Praveen Mon, 04 May 2020 07:00:12 +0530 gitlab (12.10.2-1) experimental; urgency=medium * Fix debian/watch for new gitlab.com tags page change * New upstream version 12.10.2 (Fixes: CVE-2020-12448, CVE-2020-10187) * Update minimum version of ruby-nokogiri to 1.10.9 -- Pirate Praveen Fri, 01 May 2020 12:38:53 +0530 gitlab (12.10.1-1) experimental; urgency=medium * Use packaged version of babel node module * New upstream version 12.10.1 -- Pirate Praveen Sat, 25 Apr 2020 11:02:26 +0530 gitlab (12.10.0-1) experimental; urgency=medium * Drop embedded copy of derailed_benchmarks and use packaged version * Stop excluding non-dfsg files (removed upstream) * New upstream version 12.10.0 * Refresh patches * Update gitlab.install (remove files not present) * Update upstream file list * Tighten dependencies * Fix typo in dependency name * Update lintian overrides * Make db/structure.sql writable by gitlab user * Tighten dependency on gitaly * Remove initializer not needed (we have the required rails version) * Relax dependency on gitaly ruby gem in Gemfile -- Pirate Praveen Wed, 22 Apr 2020 23:51:56 +0530 gitlab (12.9.3+dfsg-1) experimental; urgency=medium * New upstream version 12.9.3+dfsg (Fixes: CVE-2020-11505, CVE-2020-11506, CVE-2020-11649) * Refresh patches -- Pirate Praveen Wed, 15 Apr 2020 14:49:03 +0530 gitlab (12.9.2+dfsg-1) experimental; urgency=medium * Exclude one_password binaries and embed snowplow-javascript-tracker (Closes: #943987) * New upstream version 12.9.2+dfsg * Add comments to all patches -- Pirate Praveen Mon, 13 Apr 2020 15:19:33 +0530 gitlab (12.9.2-6) experimental; urgency=medium * Move source package also to contrib as gitlab-common is moved to src:gitaly * Update lintian overrides * Update copyright file with missing attributions -- Pirate Praveen Sun, 12 Apr 2020 19:46:25 +0530 gitlab (12.9.2-5) experimental; urgency=medium [ vv221 ] * Build assets generated by webpack in production mode (Closes: #956508, #927297) [ Pirate Praveen ] * Drop gitlab-common binary (moved to src:gitaly) * Drop work around for missing assets/select2.png (not required in NODE_ENV=production mode for webpack) -- Pirate Praveen Sun, 12 Apr 2020 17:52:22 +0530 gitlab (12.9.2-4) experimental; urgency=medium * Remove --max-old-path option to webpack (correctly passed in NODE_OPTIONS) * Exclude packaged modules from transpiling (webpack/babel-loader) (Closes: #956449) -- Pirate Praveen Sat, 11 Apr 2020 19:53:38 +0530 gitlab (12.9.2-3) experimental; urgency=medium * Tighten dependency on gitlab-common -- Pirate Praveen Sat, 11 Apr 2020 16:37:06 +0530 gitlab (12.9.2-2) experimental; urgency=medium * Tighten dependency on ruby-graphql (for backports) * Pass NODE_OPTIONS="--max-old-space-size=2048" to webpack to work with nodejs 10 (Closes: #956211) -- Pirate Praveen Sat, 11 Apr 2020 01:29:14 +0530 gitlab (12.9.2-1) experimental; urgency=medium * Switch to gitlab's fork of derailed_benchmarks gem * New upstream version 12.9.2 * Change dependency: ruby-slack-notifier -> ruby-slack-messenger * Tighten dependencies: ruby-rouge, ruby-diffy, ruby-gitlab-labkit * Tighten dependencies: ruby-mail-room, ruby-gitaly, gitaly * Tighten dependencies: gitlab-shell, gitlab-workhorse * Update node-* dependencies * Remove dependencies: node-cache-loader, node-raw-loader, node-file-loader * Update minimum version of nodejs to 12 (See #956211) * Add special handling for webpack to find .json file (Closes: #956218) * Override json evil license lintian error (listed as an example license) -- Pirate Praveen Fri, 10 Apr 2020 09:25:28 +0530 gitlab (12.8.8-6) experimental; urgency=medium * Start nginx after letsencrypt configuration * Drop dependency on libjs-pdf (not needed anymore) * Remove obsolete initializer: active_record_becomes.rb (Closes: #955732) -- Pirate Praveen Sat, 04 Apr 2020 16:11:16 +0530 gitlab (12.8.8-5) experimental; urgency=medium * Add a work around for missing assets/select2.png error on web console (See upstream issue #213245) -- Pirate Praveen Fri, 03 Apr 2020 17:44:31 +0530 gitlab (12.8.8-4) experimental; urgency=medium * Refresh protobuf compat patch (remove fuzz) * Use jquery.waitforimages from npmjs.com (packaged version is broken) -- Pirate Praveen Thu, 02 Apr 2020 20:22:43 +0530 gitlab (12.8.8-3) experimental; urgency=medium * Tighten dependencies for dependencies in buster-backports * Tighten dependency on ruby-grape-path-helpers (fixes issue creation) -- Pirate Praveen Wed, 01 Apr 2020 20:24:55 +0530 gitlab (12.8.8-2) experimental; urgency=medium * Exclude core-js from transpiling (Closes: #954993) -- Pirate Praveen Sat, 28 Mar 2020 19:55:14 +0530 gitlab (12.8.8-1) experimental; urgency=medium * New upstream version 12.8.8 (Fixes: CVE-2020-9795, CVE-2020-10956, CVE-2020-10955, CVE-2020-10954, CVE-2020-10952) * Bump Standards-Version to 4.5.0 (no changes needed) * Add new dependencies for embedded derailed_benchmarks gem -- Pirate Praveen Sat, 28 Mar 2020 18:12:33 +0530 gitlab (12.8.6-1) experimental; urgency=medium [ Sruthi Chandran ] * New upstream version 12.8.6 * Update embedded module versions * Remove embedded doorkeeper as it is available in experimental * Deleted patches already applied upstream - 0488-relax-rdoc.patch, 0670-allow-doorkeepr-4_3.patch, 0770-bump-node-d3.patch * Refresh patches [ Pirate Praveen ] * Add ruby-stackprof as dependency * Drop unused patch files * Drop patch to lower minimum ruby version (already satsfied in buster) * Removed now unused d3 modules from dependencies * Tighten dependency on ruby-method-source and ruby-grape * Cherry pick patch from upstream merge request to support grape 1.3 * Fix protobuf compatibility issue with patch (Closes: #942633) * Tighten dependency on ruby-rack and ruby-rails -- Pirate Praveen Thu, 26 Mar 2020 17:25:38 +0530 gitlab (12.6.8-2) experimental; urgency=medium * Relax dependency on rails in Gemfile * Relax deckar01-task_list dependency in Gemfile -- Pirate Praveen Tue, 17 Mar 2020 17:31:39 +0530 gitlab (12.6.8-1) experimental; urgency=medium * Refresh stable gems in test group * Update autopkgtest Depends * Include development, test group in Gemfile for autopkgtest * Use packaged version of node-xterm * New upstream version 12.6.8 -- Pirate Praveen Sat, 07 Mar 2020 23:23:03 +0530 gitlab (12.6.7-2) experimental; urgency=medium * Use more packaged node modules * Don't run full autopkgtest till some gems are packaged -- Pirate Praveen Sun, 23 Feb 2020 19:48:40 +0530 gitlab (12.6.7-1) experimental; urgency=medium [ Abhijith PA ] * New upstream version 12.6.6 (Fixes: CVE-2020-7973, CVE-2020-7968) * Remove patch 0760-bump-rubyzip.patch * Refresh patches. [ Pirate Praveen ] * Update minimum version of ruby-excon and ruby-rack-cors * New upstream version 12.6.7 * Relax ruby-rack-cors version in Gemfile * Add lines removed by mistake in an earlier commit * Relax dependency on rdoc (ruby 2.5 comes with rdoc 6.0) * Refresh patches again to relax all stable gems -- Pirate Praveen Sat, 15 Feb 2020 14:12:32 +0100 gitlab (12.6.4-1) experimental; urgency=medium * New upstream version 12.6.4 * Fix and restore 0740-use-packaged-modules.patch contents of which was deleted by mistake earlier * Remove embedded core-js as required version is now available -- Sruthi Chandran Tue, 14 Jan 2020 01:24:48 +0530 gitlab (12.6.2-2) experimental; urgency=medium [ Utkarsh Gupta ] * Embed doorkeeper (Closes: #947754) * Fix d/control [ Sruthi Chandran ] * Remove .eslintrc.yml files to fix lintian errors * Remove embedded module heapy as packaged version is now available -- Utkarsh Gupta Sat, 04 Jan 2020 02:59:10 +0530 gitlab (12.6.2-1) experimental; urgency=medium * New upstream version 12.6.2 (Fixes: CVE-2019-20142, CVE-2019-20143, CVE-2019-20144, CVE-2019-20145, CVE-2019-20146, CVE-2019-20147, CVE-2019-20148, CVE-2020-5197) -- Pirate Praveen Fri, 03 Jan 2020 19:14:46 +0530 gitlab (12.6.1-1) experimental; urgency=medium [ Sruthi Chandran ] * New upstream version 12.6.1 * Remove embedded gitlab peek as no longer required * Refresh patches * Override false lintian error [ Pirate Praveen ] * Tighten dependencies * Remove gitlab-peek from upstream-file-list (component removed) * Update minimum version of ruby-aws-sdk for bug fix * Remove obsolete initializer: rack_attack_git_basic_auth.rb -- Pirate Praveen Thu, 02 Jan 2020 01:12:27 +0530 gitlab (12.5.4-2) experimental; urgency=medium * Update minimum version of ruby-gpgme to 2.0.19 * Update minimum version of ruby-premailer-rails to 1.10.3 -- Pirate Praveen Tue, 31 Dec 2019 15:48:16 +0530 gitlab (12.5.4-1) experimental; urgency=medium * New upstream version 12.5.4 * Refresh patches * Update upstream file list * Relax dependency on responders in Gemfile * Tighten dependencies * Relax dependency on grpc and google-protobuf gems (to fix ssh access) -- Pirate Praveen Mon, 30 Dec 2019 17:36:49 +0530 gitlab (12.4.6-1) experimental; urgency=medium [ Pirate Praveen ] * Update minimum version of yarnpkg to 1.19~ * Check if yarn cache directory is present before updating permissions * Update minimum version of git to 2.24~ * New upstream version 12.3.8 * Refresh patches * Remove EE only gems from Gemfile * Update minimum versions of ruby-graphql and ruby-fog-google * [Embedded dependencies] Remove snowplow-tracker and add elasticsearch-model, elasticsearch-rails, faraday-middleware-aws-signers-v4 and gitlab-peek * Update minimum versions of ruby-aws-sdk, ruby-gitlab-sidekiq-fetcher, ruby-jira, ruby-chronic-duration, ruby-prof, gitlab-shell * Relax dependency on kubeclient in Gemfile to allow 4.3 * Remove gitlab-license gem from Gemfile (EE only) * Add new dependencies: ruby-net-ntp, ruby-unleash, ruby-net-dns, ruby-countries, ruby-elasticsearch as dependency [ Abhijith PA ] * New upstream version 12.3.9 [ Pirate Praveen ] * New upstream version 12.4.6 * Don't install 16790-render-xml-artifacts.yml * Update ignored files and upstream files lists * Relax asciidoctor-plantuml and rouge in Gemfile * Add dependency on ruby-gitlab-net-dns * Remove obsolete config file * Update asciidoctor-plantuml require statement for new api * Update minimum version of gitaly, asciidoctor-plantuml, ruby-rouge -- Pirate Praveen Thu, 26 Dec 2019 21:03:03 +0530 gitlab (12.2.9-5) experimental; urgency=medium * Bump minimum version of ruby-font-awesome-rails to allow rails 5.2.3 * Add patches for CVEs (Fixes: CVE-2019-19254, CVE-2019-19257) * Tighten dependency on gitlab-workhorse and gitaly (Fixes: CVE-2019-19260) * Set minimum version of ruby-gitlab-labkit as 0.5~ (for gitaly 1.65.2) -- Pirate Praveen Fri, 29 Nov 2019 12:10:38 +0530 gitlab (12.2.9-4) experimental; urgency=medium * Update node-d3 to version 5.12 (required to update rollup to 1.x) -- Pirate Praveen Fri, 22 Nov 2019 21:25:38 +0530 gitlab (12.2.9-3) experimental; urgency=medium [ Dmitry Smirnov ] * Revert "Add sp.js to debian/missing-sources" [ Pirate Praveen ] * Add gitlab-rails-console command as a convenience script * Update minimum version for rm_confifile maintscript option [ Utkarsh Gupta ] * Add patch to bump rubyzip (Closes: #944906) [ Pirate Praveen ] * Bump minimum version of ruby-zip to 2.0 to match Gemfile -- Pirate Praveen Wed, 20 Nov 2019 13:16:32 +0530 gitlab (12.2.9-2) experimental; urgency=medium * Change .cache/yarn/v4 -> .cache/yarn/v6 * Add sp.js to debian/missing-sources -- Utkarsh Gupta Sat, 02 Nov 2019 01:40:43 +0530 gitlab (12.2.9-1) experimental; urgency=high * New upstream version 12.2.9 (Fixes: CVE-2019-18446 CVE-2019-18447 CVE-2019-18448 CVE-2019-18449 CVE-2019-18450 CVE-2019-18451 CVE-2019-18452 CVE-2019-18453 CVE-2019-18454 CVE-2019-18455 CVE-2019-18457 CVE-2019-18458 CVE-2019-18459 CVE-2019-18460 CVE-2019-18461 CVE-2019-18462 CVE-2019-18463) -- Utkarsh Gupta Thu, 31 Oct 2019 01:43:16 +0530 gitlab (12.2.8-2) experimental; urgency=medium [ Dmitry Smirnov ] * CI: new lintian job + minor corrections * CI: re-factored [ Pirate Praveen ] * Update minimum versions of bundler and nodejs * Update minimum versions of gitaly, gitlab-workhorse and gitlab-shell -- Pirate Praveen Thu, 24 Oct 2019 23:47:12 +0530 gitlab (12.2.8-1) experimental; urgency=medium [ Dmitry Smirnov ] * CI: unpack MUT components [ Sruthi Chandran ] * New upstream version 12.2.8 * Update deps * Embed snowplow-tracker as component * Use system ruby-statistics * Add contracts, dependency of embedded snowplow in dependencies * Refresh patches and delete obselete patches * Remove old config files [ Pirate Praveen ] * Add ruby-invisible-captcha as dependency * Tighten dependency on ruby-gitlab-labkit * Remove obsolete conf file: initializers/postgresql_opclasses_support.rb -- Sruthi Chandran Sun, 20 Oct 2019 22:59:27 +0530 gitlab (12.1.14-1) experimental; urgency=medium [ Pirate Praveen ] * Add node-core-js (<< 3~) constraint to use embedded core-js module (Closes: #941909) [ Utkarsh Gupta ] * New upstream version 12.1.14 * Bump Standards-Version to 4.4.1 -- Utkarsh Gupta Mon, 07 Oct 2019 21:29:31 +0530 gitlab (12.1.13-2) experimental; urgency=medium * Fix last version of initializers/active_record_verbose_query_logs.rb (this fixes the failure during installation) -- Pirate Praveen Sat, 05 Oct 2019 23:08:35 +0530 gitlab (12.1.13-1) experimental; urgency=medium [ Sruthi Chandran ] * New upstream version 12.1.13 * Refresh patches and delete patches already applied upstream * Remove already packaged embedded modules (arel, gitlab-labkit, jwt, omniauth-google-oauth2 and rails) * Add patch to relax gitlab-labkit * Add derailed_benchmarks, heapy and ruby-statistics gems as components [ Pirate Praveen ] * Tighten dependencies * Fix relative path in config/initializers * Set path for gitlab.rb * Remove obsolete initializers [ Dmitry Smirnov ] * Added helper script to unpack MUT components; CI orig tarball handling correction. -- Sruthi Chandran Sat, 05 Oct 2019 12:15:28 +0530 gitlab (12.0.9-4) experimental; urgency=medium * Update minimum version of gitaly to 1.47.3 -- Pirate Praveen Fri, 27 Sep 2019 22:46:22 +0530 gitlab (12.0.9-3) experimental; urgency=medium * Update watch file (gitlab-ce is now gitlab-foss) * Add core-js 3 as component (require transition) -- Pirate Praveen Wed, 25 Sep 2019 15:52:54 +0530 gitlab (12.0.9-2) experimental; urgency=medium * Add patch to bump asciidoctor (Closes: #940814) * Update minimum version for asciidoctor and ruby-octokit -- Utkarsh Gupta Mon, 16 Sep 2019 22:37:08 +0530 gitlab (12.0.9-1) experimental; urgency=high * Team Upload * New upstream version 12.0.9 (Closes: #940007) (Fixes: CVE-2019-16170) -- Nilesh Wed, 11 Sep 2019 10:12:18 -0400 gitlab (12.0.8-3) experimental; urgency=medium * Update minimum version of ruby-gitaly-proto dependency -- Pirate Praveen Wed, 11 Sep 2019 11:13:07 +0530 gitlab (12.0.8-2) experimental; urgency=medium * Add missing dependencies -- Pirate Praveen Tue, 10 Sep 2019 23:33:54 +0530 gitlab (12.0.8-1) experimental; urgency=high * New upstream version 12.0.8 (Fixes: CVE-2019-15728 CVE-2019-15730 CVE-2019-15722 CVE-2019-15729 CVE-2019-15721 CVE-2019-15727 CVE-2019-15726 CVE-2019-15724 CVE-2019-15725 CVE-2019-15723 CVE-2019-15732 CVE-2019-15731 CVE-2019-15738 CVE-2019-15737 CVE-2019-15734 CVE-2019-15739 CVE-2019-15740 CVE-2019-15733 CVE-2019-15736 CVE-2019-15741) * Remove dfsg as the files are removed upstream * Refresh patches and delete obsolete patches * Remove already packaged embedded modules (ruby-omniauth-ultraauth, ruby-omniauth-salesforce, ruby-apollo-upload-server and ruby-sassc-rails) -- Sruthi Chandran Sat, 07 Sep 2019 21:38:23 +0530 gitlab (11.11.8+dfsg-1) experimental; urgency=medium * New upstream security release 11.11.8+dfsg (Closes: #934708) (Fixes: CVE-2019-14942 CVE-2019-14944) * Remove embedded jaeger-client, opentracing and thrift -- Sruthi Chandran Wed, 14 Aug 2019 17:14:06 +0530 gitlab (11.11.7+dfsg-1) experimental; urgency=medium [ Pirate Praveen ] * New upstream security release 11.11.7+dfsg (Closes: #933785) (Fixes: CVE-2019-5470, CVE-2019-5469, CVE-2019-5468, CVE-2019-5466, CVE-2019-5465, CVE-2019-5464, CVE-2019-5463, CVE-2019-5462, CVE-2019-5461) * Use packaged version of node-d3 * Refresh patches * Bump standards version to 4.4.0 * Install security.txt * Update embedded rails version to 5.1.7 * Add ruby-omniauth-openid-connect, ruby-sassc and ruby-jaeger-client as new dependencies. * Embed omniauth-ultraauth, omniauth-salesforce, apollo_upload_server, sassc-rails, gitlab-labkit * Update dependency on ruby-sidekiq and ruby-nokogiri, gitaly, ruby-fog-google, ruby-batch-loader, ruby-gitaly-proto, ruby-grpc [ Dmitry Smirnov ] * CI: dropped .git directory and added job to build on Buster. [ Pirate Praveen ] * Update minimum version of gitaly * Switch to packaged version of webpack * Use packaged versions of node-worker-loader, node-cache-loader, node-imports-loader, node-exports-loader, node-url-loader, node-raw-loader and node-file-loader * Remove upstream-file-list.new in clean -- Pirate Praveen Sun, 11 Aug 2019 13:00:50 +0530 gitlab (11.10.8+dfsg-1) experimental; urgency=medium [ Pirate Praveen ] * New upstream security release 11.10.8+dfsg (Fixes: CVE-2019-13001, CVE-2019-13002, CVE-2019-13003, CVE-2019-13004, CVE-2019-13005, CVE-2019-13006, CVE-2019-13007, CVE-2019-13009,CVE-2019-13010, CVE-2019-13011, CVE-2019-13121) * Refresh patches * Use packaged versions of node-autosize, axios, brace-expansion, chart.js, core-js, css-loader, d3-* sub modules, fuzzaldrin-plus, glob, jed, jquery, jquery-ujs, jquery.waitforimages, js-cookie, jszip, jszip-utils, mousetrap, popper.js, raven-js, bootstrap, three-orbit-control, three-stl-loader, timeago.js, dateformat, webpack-stats-plugin and vue-resource * Use packaged pikaday and update path in application.scss (Closes: #930529) -- Pirate Praveen Sun, 07 Jul 2019 13:14:52 +0530 gitlab (11.10.5+dfsg-1) experimental; urgency=medium [ Pirate Praveen ] * New upstream security release 11.10.5+dfsg (Closes: #930004) (Fixes: CVE-2019-12428, CVE-2019-12431, CVE-2019-12432, CVE-2019-12433, CVE-2019-12434, CVE-2019-12441, CVE-2019-12442, CVE-2019-12443, CVE-2019-12444, CVE-2019-12445, CVE-2019-12446) * Arrange changelog in chronological order * Refresh patches [ Abhijith PA ] * Update changelog -- Pirate Praveen Wed, 05 Jun 2019 12:35:18 +0530 gitlab (11.8.10+dfsg-1) unstable; urgency=medium * Team upload * New upstream release. * Remove unwanted lintian-overrides. [ 26a2fcc3] -- Abhijith PA Thu, 30 May 2019 16:15:39 +0530 gitlab (11.10.4+dfsg-2) experimental; urgency=medium * Bump devise to 4.6.2 * Add patch to bump devise to 4.6.2 -- Utkarsh Gupta Tue, 21 May 2019 21:07:19 +0530 gitlab (11.10.4+dfsg-1) experimental; urgency=medium [ Utkarsh Gupta ] * New upstream version 11.10.4+dfsg * Update d/changelog * Update 0050-relax-stable-libs.patch * Refresh d/patches * Install graphql-tag via yarnpkg * Update d/copyright to exclude pdf.* * Add lintian-overrides for false-positive errors * Update d/control to update gem versions * Do not use --frozen-lockfile with yarnpkg * Update d/upstream-file-list * Make yarn.lock writable * Add myself as an uploader [ Abhijith PA ] * remove embedded pdf.js and use libjs-pdf [ Pirate Praveen ] * Remove obsolete configuration files -- Utkarsh Gupta Sat, 18 May 2019 01:40:29 +0530 gitlab (11.8.9+dfsg-1) unstable; urgency=medium * Team upload * New upstream version 11.8.9+dfsg (Fixes: CVE-2019-11544, CVE-2019-11546, CVE-2019-11547, CVE-2019-11548, CVE-2019-11549) (Closes: #928221) * Update d/patches/* -- Utkarsh Gupta Sat, 04 May 2019 00:56:51 +0530 gitlab (11.8.6+dfsg-1) unstable; urgency=medium * Team upload * New upstream version 11.8.6 (Fixes: CVE-2018-5158, CVE-2019-10109, CVE-2019-10110, CVE-2019-10111, CVE-2019-10113, CVE-2019-10115, CVE-2019-10116, CVE-2019-10640) * Use libjs-pdf instead of embedded pdf.js * Add gitlab.examples -- Abhijith PA Wed, 03 Apr 2019 18:19:49 +0530 gitlab (11.8.3-1) unstable; urgency=high [ Pirate Praveen ] * Set minimum version of git to 2.18 [ Sruthi Chandran ] * New upstream version 11.8.3 (Closes: #925196) (Fixes: CVE-2019-9866) -- Sruthi Chandran Fri, 22 Mar 2019 00:19:33 +0530 gitlab (11.8.2-3) unstable; urgency=medium * Add link to gitlab page on Debian wiki in README.Debian * Set minimum version of ruby to 1:2.5~ and add conflict with libruby2.3 (to support smooth upgrading from stretch-backports) * Tighten dependency on ruby-lograge * Remove obsolete config files * Drop patch which expected rails 5.2 * Handle migration from rails 4.2 -- Pirate Praveen Sun, 17 Mar 2019 18:34:25 +0530 gitlab (11.8.2-2) unstable; urgency=medium [ Sruthi Chandran ] * Refactor tmpfiles.d/ conf files * Embed omniauth-google-oauth2 and jwt-2.1.0 (as we are in freeze) * Relax nokogiri [ Pirate Praveen ] * Remove dependency on npm and use yarnpkg directly instead * Tighten dependency on gitaly and gitlab-shell * Move gitlab-shell dependency to gitlab-common -- Pirate Praveen Fri, 15 Mar 2019 22:12:52 +0530 gitlab (11.8.2-1) experimental; urgency=medium * New upstream version 11.8.2 (Closes: #924447) (Fixes: CVE-2019-9170, CVE-2019-9171, CVE-2019-9172, CVE-2019-9174, CVE-2019-9175, CVE-2019-9176, CVE-2019-9178, CVE-2019-9179, CVE-2019-9217, CVE-2019-9219, CVE-2019-9220, CVE-2019-9221, CVE-2019-9222, CVE-2019-9223, CVE-2019-9224, CVE-2019-9225, CVE-2019-9485) * Refresh patches and remove 0120-remove-tracing-group.patch * Embed opentracing, jaeger-client and thrift -- Sruthi Chandran Thu, 14 Mar 2019 17:09:17 +0530 gitlab (11.8.0-1) experimental; urgency=medium [ Dmitry Smirnov ] * Moved list of files from Files-Excluded to "clean" file to avoid error in `mk-origtargz`. [ Sruthi Chandran ] * New upstream version 11.8.0 * Refresh patches * Update script in debian/upstream-file-count-check.sh to identify new/removed files [ Pirate Praveen ] * Refresh patches with fuzz * Update dependency on ruby-rack, ruby-pg, ruby-fog*, ruby-truncato, ruby-nokogiri, ruby-acts-as-taggable-on, ruby-kubeclient, ruby-gitaly-proto, ruby-omniauth-azure-oauth2, ruby-google-api-client, ruby-sidekiq-cron, ruby-oauth2, ruby-googleauth * Remove tracing group from Gemfile * Replace rails 5.2 patch with rails 5.1 patch from upstream * Remove monkey patch not needed with rails 5.2 * Embed rails 5.1 temporarily till gitlab supports rails 5.2 * Create target file of secrets.yml symbolic link * Set GEM_PATH for using embedded gems * Tighten dependency on libjs-uglify -- Pirate Praveen Tue, 12 Mar 2019 21:29:55 +0530 gitlab (11.5.10+dfsg-1) unstable; urgency=medium * New upstream version 11.5.10+dfsg (Closes: #921059) (Fixes: CVE-2019-6781, CVE-2019-6782, CVE-2019-6783, CVE-2019-6784, CVE-2019-6785, CVE-2019-6786, CVE-2019-6787, CVE-2019-6788, CVE-2019-6789, CVE-2019-6790, CVE-2019-6791, CVE-2019-6792, CVE-2019-6794, CVE-2019-6795, CVE-2019-6796, CVE-2019-6960, CVE-2019-6995, CVE-2019-6997, CVE-2019-7155, CVE-2019-7176) * Refresh patches * Add ruby-zip as dependency * Relax dependency on ruby-carrierwave -- Pirate Praveen Sat, 02 Feb 2019 18:14:16 +0530 gitlab (11.5.7+dfsg-1) unstable; urgency=medium * Team upload * New upstream version 11.5.7+dfsg * Fix CVE-2019-6240: Arbitrary repo read in Gitlab project import (Closes: #919822) -- Abhijith PA Sun, 20 Jan 2019 21:37:01 +0530 gitlab (11.5.6+dfsg-1) unstable; urgency=high * New upstream version 11.5.6+dfsg (Closes: #918086) (Fixes: CVE-2018-20488, CVE-2018-20489, CVE-2018-20490, CVE-2018-20491, CVE-2018-20492, CVE-2018-20493, CVE-2018-20494, CVE-2018-20495, CVE-2018-20496, CVE-2018-20497, CVE-2018-20498, CVE-2018-20499, CVE-2018-20500, CVE-2018-20501, CVE-2018-20507) * Bump Standards-Version to 4.3.0 -- Sruthi Chandran Thu, 03 Jan 2019 12:56:20 +0530 gitlab (11.6.0+dfsg-1) experimental; urgency=medium * New upstream version 11.6.0+dfsg * Refresh patches * Remove 0650-fix-8-to-10-migration.patch * Don't install .eslintrc.yml * Add patch to relax rails in Gemfile * Relax gitlab-sidekiq-fetcher * Add patch 0680-rails-5_2.patch to make it work with rails5.2 * Remove config/initializers/active_record_verbose_query_logs.rb * Set path for yarn -- Sruthi Chandran Sun, 23 Dec 2018 12:16:18 +0530 gitlab (11.5.5+dfsg-1) unstable; urgency=high [ Pirate Praveen ] * Restart gitlab before checks in postinst (fixes failures in some checks) * Explicitly call /usr/bin/bundle to avoid gem installed bundler * Move gitlab-rake to /usr/sbin (depends on /sbin/runuser) * Remove optional bullet dependency from Gemfile * Add Gemfile.autopkgtest to specify test only dependencies * Install test only dependencies from rubygems.org for autopkgtest * Drop autopkgtest dependencies installed from rubygems.org * Relax dependency on rspec-rails * Add golang-any as autopkgtest dependency (to build gitlab-shell) * Add gitaly: client_path to gitlab.yml [ Sruthi Chandran ] * New upstream version 11.5.5+dfsg (Fixes: CVE-2018-20229) * Add myself to uploaders -- Sruthi Chandran Fri, 21 Dec 2018 20:27:36 +0530 gitlab (11.5.4+dfsg-1) unstable; urgency=medium * New upstream version 11.5.4+dfsg (Fixes: CVE-2018-20144) * Add a note about reusing existing system users for Gitlab instance (Closes: #916243) * Add an example fqdn in debconf template (Closes: #916306) * Update minimum version of ruby-nokogiri to 1.8.4 * Look for changes in /usr/share/rubygems-integration as well for triggering Gemfile.lock refresh * Remove world write permissions of .yarn-metadata.json files (Closes: #915860) * Restart gitaly before gitlab:check in postinst -- Pirate Praveen Sat, 15 Dec 2018 14:43:41 +0530 gitlab (11.5.3+dfsg-1) experimental; urgency=medium * New upstream version 11.5.3+dfsg * Only gitlab binary needs to be in contrib (Closes: #915759) * Tighten dependency on ruby-octokit * Set minimum version of ruby-sass to 3.5 * Refresh patches * Update dependencies -- Pirate Praveen Thu, 13 Dec 2018 14:57:24 +0530 gitlab (11.4.9+dfsg-2) unstable; urgency=medium * Reupload to unstable -- Pirate Praveen Sat, 08 Dec 2018 12:49:53 +0530 gitlab (11.4.9+dfsg-1) experimental; urgency=medium * New upstream version 11.4.9+dfsg * Refresh patches * Update dependencies * Remove gitlab-markup dependency (replaced by github-markup) -- Pirate Praveen Thu, 06 Dec 2018 13:21:50 +0530 gitlab (11.3.11+dfsg-1) unstable; urgency=high * New upstream security release 11.3.11+dfsg (Fixes: CVE-2018-19493, CVE-2018-19494, CVE-2018-19495, CVE-2018-19496, CVE-2018-19569, CVE-2018-19570, CVE-2018-19571, CVE-2018-19572, CVE-2018-19573, CVE-2018-19574, CVE-2018-19575, CVE-2018-19576, CVE-2018-19577, CVE-2018-19580, CVE-2018-19583, CVE-2018-19585) -- Pirate Praveen Thu, 29 Nov 2018 21:57:18 +0530 gitlab (11.3.10+dfsg-2) unstable; urgency=medium * Reupload to unstable -- Pirate Praveen Thu, 22 Nov 2018 20:44:42 +0530 gitlab (11.3.10+dfsg-1) experimental; urgency=medium * New upstream version 11.3.10+dfsg (Closes: #914166) (Fixes: CVE-2018-19359) * Relax ruby-js-regex version * Tighten dependencies (update minimum versions) -- Pirate Praveen Wed, 21 Nov 2018 11:49:29 +0530 gitlab (11.2.8+dfsg-2) unstable; urgency=medium * Add gitlab-rake as a command (Closes: #814506) * Revert to using github-linguist 5 -- Pirate Praveen Tue, 20 Nov 2018 10:46:03 +0530 gitlab (11.2.8+dfsg-1) experimental; urgency=medium * New upstream version 11.2.8+dfsg (Fixes: CVE-2018-18646, CVE-2018-18645, CVE-2018-18641, CVE-2018-18640) -- Pirate Praveen Sun, 18 Nov 2018 18:42:27 +0530 gitlab (11.1.8+dfsg-2) unstable; urgency=medium * Reupload to unstable * Add CVEs fixed in 11.1.6 release (Fixes: CVE-2018-16049, CVE-2018-16050, CVE-2018-16051, Missing CSRF in System Hooks, Persistent XSS in Pipeline Tooltip) -- Pirate Praveen Sat, 17 Nov 2018 12:56:07 +0530 gitlab (11.1.8+dfsg-1) experimental; urgency=medium * New upstream version 11.1.8+dfsg (Fixes: CVE-2018-17450, CVE-2018-17454, CVE-2018-15472, CVE-2018-17449, CVE-2018-17452, CVE-2018-17451, CVE-2018-17453, CVE-2018-17455, CVE-2018-17537, CVE-2018-17536) -- Pirate Praveen Fri, 16 Nov 2018 16:45:36 +0530 gitlab (10.8.7+dfsg-1) unstable; urgency=medium * New upstream version 10.8.7+dfsg (Fixes: CVE-2018-14602, CVE-2018-14603, CVE-2018-14604, CVE-2018-14605, CVE-2018-14606) * Refresh and rename patches (to make numbering consistent) * Add dependency on bzip2 (Closes: #910058) * Add ruby-device-detector as new dependency and tighten dependency versions * Remove chmod/chown -R usage in postinst -- Pirate Praveen Mon, 15 Oct 2018 15:55:10 +0530 gitlab (10.7.7+dfsg-3) unstable; urgency=medium * Give gitlab_user ownership of gitlab_data_dir after creating user (Closes: #910929) * Relax default_value_for, dropzonejs-rails, net-ssh in Gemfile * Remove .eslintrc from binary package * Add ruby-ed25519 and remove ruby-rbnacl * Remove chown -R commands from postinst -- Pirate Praveen Sat, 13 Oct 2018 22:29:59 +0530 gitlab (10.7.7+dfsg-2) unstable; urgency=medium [ Lucas Kanashiro ] * Relax recaptcha version (Closes: #907488) [ Pirate Praveen ] * Reupload to unstable (required protobuf and grpc is now in unstable) * Bump dependency on gitaly (for user management via gitlab-common) * Bump Standards-Version to 4.2.1 (no changes needed) -- Pirate Praveen Sat, 13 Oct 2018 00:11:14 +0530 gitlab (10.7.7+dfsg-1) experimental; urgency=medium * New upstream version 10.7.7+dfsg (Fixes: CVE-2018-14364) (Closes: #904026) * Bump Standards-Version to 4.2.0 (no changes needed) -- Pirate Praveen Mon, 20 Aug 2018 21:38:35 +0530 gitlab (10.7.6+dfsg-2) experimental; urgency=medium * Support html-sanitizer >= 2.7.1 (see upstream issue 48415) -- Pirate Praveen Sat, 30 Jun 2018 16:51:41 +0530 gitlab (10.7.6+dfsg-1) experimental; urgency=medium * New upstream version 10.7.6+dfsg * Refresh patches * Move common dependencies to gitlab-common * Don't remove gitlab_data_dir in purge * Support upgrading from 8.13 to 10.x (Upstream issue 48040) -- Pirate Praveen Wed, 27 Jun 2018 16:14:20 +0530 gitlab (10.7.5+dfsg-3) experimental; urgency=medium * Relax ruby version check (2.3.3 includes security fixes) * Add gitlab-common binary to handle user creation for gitlab and gitaly (Closes: #901310) -- Pirate Praveen Wed, 13 Jun 2018 10:57:34 +0530 gitlab (10.7.5+dfsg-2) experimental; urgency=medium * Bump minimum version of gitlab-workhorse to 4.1.0 -- Pirate Praveen Sun, 03 Jun 2018 20:54:56 +0530 gitlab (10.7.5+dfsg-1) experimental; urgency=medium * New upstream version 10.7.5+dfsg (Closes: #900522) -- Pirate Praveen Sun, 03 Jun 2018 19:54:01 +0530 gitlab (10.7.3+dfsg-1) experimental; urgency=medium [ Dmitry Smirnov ] * CI: experimental CI. * CI: origtargz * copyright: format URL to HTTPS. * watch file to version 4; get tar.bz2 instead of tar.gz; [ Pirate Praveen ] * Fix filenamemagle as well to use bz2 * New upstream version 10.7.3+dfsg * Refresh patches * Upload to experimental (required versions of ruby-rugged and ruby-grpc are only available in experimental. libgit2-dev and libgrpc-dev needs library transitions and coordination.) -- Pirate Praveen Sat, 12 May 2018 20:52:12 +0530 gitlab (10.6.5+dfsg-2) unstable; urgency=medium * Set minimum version of nodejs to 6 (punycode@2.1.0 needs nodejs >= 6) * Use yarn installed webpack * Remove symlinks for vendored files (now using it directly) -- Pirate Praveen Wed, 02 May 2018 18:11:00 +0530 gitlab (10.6.5+dfsg-1) unstable; urgency=medium * Use vendored js files (to ease backporting to jessie) * Update watch file for new gitlab.com download url pattern * New upstream version 10.6.5+dfsg * Bump Standards-Version to 4.1.4 (no changes needed) -- Pirate Praveen Tue, 01 May 2018 15:13:49 +0530 gitlab (10.6.3+dfsg-3) unstable; urgency=medium * Relax dependency on asciidoctor-plantuml -- Pirate Praveen Sun, 29 Apr 2018 16:59:15 +0530 gitlab (10.6.3+dfsg-2) unstable; urgency=medium [ Dmitry Smirnov ] * Build-Depends tightening: ruby-grape-entity (>= 0.7.1~) * gitlab.yml.example: fixed path to "gitaly.socket". * Recommends += gitaly; (Closes: #894015) * Fixed versioning of dependencies (ruby-arel (>= 6.0.4~) is crucial). * New patch to fix Markdown rendering (Closes: #895871). [ Pirate Praveen ] * Fix ruby-unf-ext version constraint * Update description, webpack is in main now * Install all frontend dependencies via npm (to ease backporting to stretch) -- Pirate Praveen Fri, 27 Apr 2018 13:26:18 +0530 gitlab (10.6.3+dfsg-1) unstable; urgency=medium * New upstream version 10.6.3 (Closes: #894867, #894868, #894869) -- Pirate Praveen Thu, 05 Apr 2018 14:05:46 +0530 gitlab (10.6.2+dfsg-1) unstable; urgency=medium * New upstream version 10.6.2 * Refresh patches * Tighten dependency on ruby-loofah * Relax dependency on grape-entity (Closes: #894668) -- Pirate Praveen Wed, 04 Apr 2018 22:27:43 +0530 gitlab (10.6.0+dfsg-1) unstable; urgency=medium * New upstream version 10.6.0 -- Pirate Praveen Tue, 27 Mar 2018 20:01:24 +0530 gitlab (10.5.6+dfsg-1) unstable; urgency=medium [ Dmitry Smirnov ] * Tighten/version dependency ruby-net-ldap: [ Pirate Praveen ] * New upstream version 10.5.6 (Closes: #893905) Fixes: CVE-2018-8801 CVE-2018-8971 * Tighten dependency on ruby-omniauth-auth0 -- Pirate Praveen Mon, 26 Mar 2018 14:41:54 +0530 gitlab (10.5.5+dfsg-3) unstable; urgency=medium * Relax kubeclient dependency * Remove plantuml_lexer.rb initializer from /etc (Closes: #893867) -- Pirate Praveen Fri, 23 Mar 2018 21:01:56 +0530 gitlab (10.5.5+dfsg-2) unstable; urgency=medium * Tighten ruby-devise to 4.4.3 * Remove devDependencies from package.json * Start using system node libs, don't add yarn to package.json * Isolate yarn to its own directory -- Pirate Praveen Thu, 22 Mar 2018 21:32:02 +0530 gitlab (10.5.5+dfsg-1) unstable; urgency=medium [ Dmitry Smirnov ] * Depends += "ruby-excon (>= 0.60.0~)" * Added new patch to fix Markdown rendering (Closes: #890757). * Depends: set minimum version for "rake". [ Pirate Praveen ] * New upstream version 10.5.5 (Closes: #888508) - Fixes multiple security vulnerabilities in 10.3.4 (CVE-2017-0914, CVE-2017-0916, CVE-2017-0917, CVE-2017-0918, CVE-2017-0923, CVE-2017-0925, CVE-2017-0926, CVE-2017-0927, CVE-2017-3710) * Remove files no longer present in vendor from Files-Excluded * Refresh patches * Add new node-* dependencies already in the archive as depends * Tighten dependencies * Bump debhelper compat to 10 and standards version to 4.1.3 -- Pirate Praveen Sun, 18 Mar 2018 15:17:08 +0530 gitlab (9.5.4+dfsg-7) unstable; urgency=medium * Reupload to unstable * Remove locale directory during purge * Locales should be compiled before precompiling assets -- Pirate Praveen Thu, 01 Mar 2018 23:45:44 +0530 gitlab (9.5.4+dfsg-6) experimental; urgency=medium * Relax dependencies in Gemfile for rdoc ruby-prof * Build locale and make locale directory writable by symlinking to /var/lib (Closes: #890877) * Remove work around for libjs-jquery-atwho bug (1.5.4+dfsg.1-2 works) -- Pirate Praveen Fri, 23 Feb 2018 00:01:33 +0530 gitlab (9.5.4+dfsg-5) experimental; urgency=medium * Use jquery from system for compatibility with at.js in node_modules * Use document-register-element 1.3.0 (1.7.2 is not compatible) -- Pirate Praveen Wed, 14 Feb 2018 20:10:18 +0530 gitlab (9.5.4+dfsg-4) experimental; urgency=medium * Add workaround for broken libjs-jquery-atwho (#890391) (Download at.js from npmjs.com dist tarball) -- Pirate Praveen Wed, 14 Feb 2018 17:19:26 +0530 gitlab (9.5.4+dfsg-3) experimental; urgency=medium [ Dmitry Smirnov ] * Fixed dependencies. [ Pirate Praveen ] * Update npm itself using npm (for @ support in module names) -- Pirate Praveen Wed, 14 Feb 2018 14:45:11 +0530 gitlab (9.5.4+dfsg-2) experimental; urgency=medium * Relax dependencies in Gemfile * Tighten dependencies in control * Bump standards * Add missing attributions * Fix permissions for .gitlab_shell_secret -- Pirate Praveen Tue, 26 Dec 2017 17:31:57 +0530 gitlab (9.5.4+dfsg-1) experimental; urgency=medium * New upstream release * Move to contrib (packaging of node modules for front end is not complete) * Use npm install for front end dependencies * Refresh patches * Tighten/update dependencies * Update gitlab.yml.example * Fix gitlab-mailroom service * Update overrides * Replace vendored js with system libs -- Pirate Praveen Wed, 13 Dec 2017 10:50:15 +0530 gitlab (8.13.11+dfsg1-11) unstable; urgency=medium * Tighten dependency on ruby-truncato -- Pirate Praveen Mon, 14 Aug 2017 12:21:40 +0530 gitlab (8.13.11+dfsg1-10) unstable; urgency=medium * Relax dependency on ruby-net-ssh (Closes: #868246) -- Pirate Praveen Sun, 30 Jul 2017 16:14:02 +0530 gitlab (8.13.11+dfsg1-9) unstable; urgency=medium * Relax dependency on ruby-asana and ruby-webmock -- Pirate Praveen Tue, 18 Jul 2017 14:07:05 +0530 gitlab (8.13.11+dfsg1-8) unstable; urgency=medium * Export all variables declared in gitlab-debian.conf from /etc/default/gitlab (Closes: #863950) Thanks to yyoshino -- Pirate Praveen Mon, 05 Jun 2017 22:00:03 +0530 gitlab (8.13.11+dfsg1-7) unstable; urgency=medium * Correctly bind dbconfig-common configuration file to gitlab package (and not to $gitlab_user) in debian/config * Revert change in debian/postinst from previous upload which incorrectly binds dbconfig-common configuration file to $gitlab_user package -- Pirate Praveen Fri, 12 May 2017 10:12:55 +0530 gitlab (8.13.11+dfsg1-6) unstable; urgency=medium * Remove hard coded gitlab user in postinst (Closes: #862329) * Remove dbconfig-common config files on purge -- Pirate Praveen Thu, 11 May 2017 22:29:06 +0530 gitlab (8.13.11+dfsg1-5) unstable; urgency=medium * Fix letsencrypt email handling in config * Minor update in postrm output -- Pirate Praveen Thu, 27 Apr 2017 11:23:43 +0530 gitlab (8.13.11+dfsg1-4) unstable; urgency=medium * Check if gitlab_data_dir is defined before using it * Ask email address for letsencrypt updates -- Pirate Praveen Wed, 26 Apr 2017 21:12:25 +0530 gitlab (8.13.11+dfsg1-3) unstable; urgency=medium * Quote variable in test -n (Thanks to Benjamin Drung) -- Pirate Praveen Fri, 21 Apr 2017 16:02:25 +0530 gitlab (8.13.11+dfsg1-2) unstable; urgency=medium * Integrate dbconfig-common (Closes: #859200) * Don't set default gitlab user in postinst * Change template name from purge to purge_data * Switch to runuser from su (runuser correctly handles PAM sessions) -- Pirate Praveen Fri, 21 Apr 2017 13:16:43 +0530 gitlab (8.13.11+dfsg1-1) unstable; urgency=medium [ Balasankar C ] * Repack source to remove fuzzaldrin-plus.js (Closes: #858725) [ Pirate Praveen ] * debian/postrm: Make checks idempotent (use if in place of &&) * debian/postrm: Check variables are defined before using them * debian/config: pre-seed variables to debconf db from config files * debian/postinst: - make sure all required variables are present in the config file - handle reconfiguration correctly by reapplying variables from debconf db to config files - Don't touch systemd override.conf if already exist -- Pirate Praveen Thu, 20 Apr 2017 11:47:49 +0530 gitlab (8.13.11+dfsg-8) unstable; urgency=medium * Don't fail if gitlab-debian.defaults not found (to support upgrading from older versions) * Be more defensive in rm -rf -- Pirate Praveen Thu, 23 Mar 2017 17:16:50 +0530 gitlab (8.13.11+dfsg-7) unstable; urgency=medium [ Balasankar C ] * Add patch cve-2017-0882.patch (Fixes: CVE-2017-0882) [ Pirate Praveen ] * Move gitlab_log_dir variable to /etc (needed got gitlab-unicorn service) -- Pirate Praveen Tue, 21 Mar 2017 18:28:43 +0530 gitlab (8.13.11+dfsg-6) unstable; urgency=medium * Improve configuration file parsing by using source (Closes: #857967) -- Pirate Praveen Fri, 17 Mar 2017 22:29:40 +0530 gitlab (8.13.11+dfsg-5) unstable; urgency=medium * Move variables used only in maintainer scripts to /usr/lib from /etc (Closes: #856606) * Use command -v to check existence of dropdb command in postrm -- Pirate Praveen Tue, 14 Mar 2017 17:21:21 +0530 gitlab (8.13.11+dfsg-4) unstable; urgency=medium [ Balasankar C ] * Update description to specify that the package is non-omnibus, unlike the official one from GitLab. * Remove database on purge only if necessary commands are available (Closes: #855579) [ Pirate Praveen ] * Use /usr/lib/gitlab/templates for config file templates used in postinst (See 854658#34) * Add more checks in postrm to avoid failures which can be ignored -- Balasankar C Fri, 24 Feb 2017 17:06:52 +0530 gitlab (8.13.11+dfsg-3) unstable; urgency=medium * Allow choosing gitlab user (Closes: #854617) * Optionally remove all data on purge (Closes: #821087, #839929) [ Johannes Schauer ] * Amend the README.Debian with instructions of how to upgrade from non-Debian installations (Closes: #823743) -- Pirate Praveen Thu, 16 Feb 2017 17:35:29 +0530 gitlab (8.13.11+dfsg-2) unstable; urgency=medium * Use upstream patch for git 2.11 support (Closes: #853251) * Set minimum version of gitlab-shell to 3.6.6-3 (required for git 2.11 support) -- Pirate Praveen Tue, 07 Feb 2017 11:24:36 +0530 gitlab (8.13.11+dfsg-1) unstable; urgency=medium * New upstream release * Remove WoSign from suggested free SSL providers (they stopped providing free SSL certificates from September 2016) * Backport git 2.11 support (Closes: #851714) -- Pirate Praveen Wed, 18 Jan 2017 13:21:17 +0530 gitlab (8.13.6+dfsg2-2) unstable; urgency=medium * Add patch cve-2016-9469.diff (Fixes: CVE-2016-9469) (Closes: #847157) * Use ruby-jquery-ui-rails 6 (Closes: #847337) * Enable more tests * Use -C for specifing sidekiq queues, Thanks to Justin F. Hallett (Closes: #847114) * Add dpkg trigger to refresh Gemfile.lock if a dependency is changed (Closes: #847420) -- Pirate Praveen Sun, 11 Dec 2016 22:06:59 +0530 gitlab (8.13.6+dfsg2-1) unstable; urgency=medium * Run tests with RAILS_ENV=test * Relax dependency on ruby-grape-entity * Remove tasks related to linting from orig.tar -- Pirate Praveen Wed, 30 Nov 2016 16:15:29 +0530 gitlab (8.13.6+dfsg1-3) unstable; urgency=medium * Fix autopkgtest with upstream patch (Closes: #845656) -- Pirate Praveen Mon, 28 Nov 2016 23:52:13 +0530 gitlab (8.13.6+dfsg1-2) unstable; urgency=medium * Replace embedded copy of fuzzaldrin-plus with libjs-fuzzaldrin-plus (Closes: #814871) -- Pirate Praveen Fri, 25 Nov 2016 22:05:14 +0530 gitlab (8.13.6+dfsg1-1) unstable; urgency=medium * New upstream release (Closes: #845180) * Replace embedded copy of fuzzaldrin-plus with libjs-fuzzaldrin-plus -- Pirate Praveen Thu, 24 Nov 2016 15:29:27 +0530 gitlab (8.13.3+dfsg1-2) unstable; urgency=medium * Reupload to unstable (Closes: #843519) -- Pirate Praveen Fri, 11 Nov 2016 10:56:31 +0530 gitlab (8.13.3+dfsg1-1) experimental; urgency=medium * New upstream release (Fixes: CVE-2016-9086) * Refresh patches * Add dependency on lsb-base -- Pirate Praveen Fri, 04 Nov 2016 16:23:49 +0530 gitlab (8.12.3+dfsg1-1) unstable; urgency=medium * New upstream release (Closes: #838256) * Use spec.rake and spec.pattern to select tests * Use INCLUDE_TEST_DEPENDS variable in Gemfile to select test dependencies (--without does not work with --local in bundle install) * Move /usr/share/gitlab/.bundle to /var/lib/gitlab * Create db/schema.rb only in postinst (Closes: #838668) [ Dmitry Smirnov ] * Fix failure to start masked gitlab.service after reinstall -- Pirate Praveen Sat, 01 Oct 2016 15:23:17 +0530 gitlab (8.11.3+dfsg1-3) unstable; urgency=medium * Run some of gitlab provided tests as autopkgtests -- Pirate Praveen Sat, 17 Sep 2016 21:41:51 +0530 gitlab (8.11.3+dfsg1-2) unstable; urgency=medium * Use config/initializers/secret_token.rb to create secrets.yml (backup your secrets.yml if you are upgrading) -- Pirate Praveen Sat, 17 Sep 2016 14:53:04 +0530 gitlab (8.11.3+dfsg1-1) unstable; urgency=medium * New upstream release * Remove ruby-devise-async dependency -- Pirate Praveen Fri, 16 Sep 2016 12:44:05 +0530 gitlab (8.10.5+dfsg-3) unstable; urgency=high * Remove ruby-activerecord-deprecated-finders dependency (removed from Gemfile) * Setting urgency=high as it helps fix #835749 -- Pirate Praveen Wed, 07 Sep 2016 23:18:08 +0530 gitlab (8.10.5+dfsg-2) unstable; urgency=medium * Reupload to unstable -- Pirate Praveen Thu, 01 Sep 2016 13:17:03 +0530 gitlab (8.10.5+dfsg-1) experimental; urgency=medium * New upstream release rouge 2.0 is now compatible (Closes: #830111) * Refresh patches * Update dependencies -- Pirate Praveen Wed, 31 Aug 2016 19:24:55 +0530 gitlab (8.9.0+dfsg-10) unstable; urgency=medium * Relax dependency on rails in Gemfile (Closes: #834907) -- Pirate Praveen Mon, 22 Aug 2016 11:07:21 +0530 gitlab (8.9.0+dfsg-9) unstable; urgency=medium * Create gitlab user as system user (Closes: #834037) [ Dmitry Smirnov ] * New patch to fix error 500 on runners page (Closes: #819903) Thanks, Libor Klepáč. -- Pirate Praveen Mon, 15 Aug 2016 19:51:05 +0530 gitlab (8.9.0+dfsg-8) unstable; urgency=medium * Update ruby-unicorn-worker-killer dependency * Don't fail when .ssh exist -- Pirate Praveen Tue, 26 Jul 2016 15:03:10 +0530 gitlab (8.9.0+dfsg-7) unstable; urgency=medium * Tighten dependencies * Allow unicorn 5.0 -- Pirate Praveen Thu, 21 Jul 2016 13:51:37 +0530 gitlab (8.9.0+dfsg-6) unstable; urgency=medium * Create .ssh/authorized_keys in postinst -- Pirate Praveen Wed, 20 Jul 2016 23:13:59 +0530 gitlab (8.9.0+dfsg-5) unstable; urgency=medium * Tighten dependencies * Don't run gitlab:shell:install in postinst (Closes: #831877) (installed config.yml works) * Add a note about CAcert and browser trust [ Dmitry Smirnov ] * Do not leave dangling symlinks behind after purge * Remove generated assets on purge * rules: do not install LICENSE files * rules: properly use dh-systemd (Closes: #820991) * Rewrite terrible upstream .service files: - added meta "gitlab.service" that work alike corresponding init.d script - new .service files with support for "reload" and propagation of "reload" from "gitlab.service" - non-forking PIDFILE-less implementation This change fixes services' start-up and postinst error on first install. * templates: Replace StartSSL with CACert -- Pirate Praveen Wed, 20 Jul 2016 20:28:21 +0530 gitlab (8.9.0+dfsg-4) unstable; urgency=medium * Move config files to /usr/share/doc as examples and copy them to /var/lib for modification (Closes: #821086) * Fix gitlab-shell's config.yml handling (Closes: #827846) -- Pirate Praveen Thu, 14 Jul 2016 19:53:16 +0530 gitlab (8.9.0+dfsg-3) unstable; urgency=medium * Relax grape and rouge in Gemfile -- Pirate Praveen Sun, 10 Jul 2016 20:23:41 +0530 gitlab (8.9.0+dfsg-2) unstable; urgency=medium * Reupload to unstable * Relax omniauth-google-oauth2 in Gemfile -- Pirate Praveen Sat, 09 Jul 2016 20:14:24 +0530 gitlab (8.9.0+dfsg-1) experimental; urgency=medium * New upstream release * Refresh patches and update dependencies -- Pirate Praveen Thu, 23 Jun 2016 23:54:28 +0530 gitlab (8.9.0+dfsg~rc4-1) experimental; urgency=medium * New upstream release candidate * Refresh patches * Use jquery in place of jquery2 (debian has only jquery and it has same API) * Remove /etc/gitlab/initializers/devise_async.rb (removed upstream) * Symlink /usr/share/gitlab/.ssh to var/lib/gitlab/.ssh -- Pirate Praveen Wed, 22 Jun 2016 13:57:27 +0530 gitlab (8.8.2+dfsg-5) unstable; urgency=medium * Relax dependencies for all stable libraries (>= 1.0) (Closes: #827374) -- Pirate Praveen Thu, 16 Jun 2016 12:31:40 +0530 gitlab (8.8.2+dfsg-4) unstable; urgency=high * Allow minor updates for ruby-state-machines-activerecord (Closes: #827013) -- Pirate Praveen Sun, 12 Jun 2016 12:51:19 +0530 gitlab (8.8.2+dfsg-3) unstable; urgency=medium * Update minimum version of rails to 4.2.6 * Update minimum version of ruby-request-store to 1.3 * Add postgresql-contrib as dependency for pg_trgm extension (Closes: #826302) * Add ruby-coffee-script-source (>= 1.10.0~) as dependency -- Pirate Praveen Sun, 05 Jun 2016 18:20:51 +0530 gitlab (8.8.2+dfsg-2) unstable; urgency=medium * Move gitlab-shell's config.yml to /etc * Update minimum version of gitlab-shell to 3.0.0 -- Pirate Praveen Sat, 04 Jun 2016 21:47:12 +0530 gitlab (8.8.2+dfsg-1) unstable; urgency=medium * New upstream release (Closes: #823290) * Refresh patches * Bump standards version to 3.9.8 (no changes) * Enable the pg_trgm extension for postgresql * Check if nginx site configuration directory is present before copying (Closes: #821085) * Symlink /run/gitlab/cache to /var/lib/gitlab/cache (or /run gets filled up) * Remove debconf db on purge -- Pirate Praveen Thu, 02 Jun 2016 22:27:15 +0530 gitlab (8.5.8+dfsg-5) unstable; urgency=medium * Make nginx optional (Closes: #819260) * Manage nginx configuration via ucf (Closes: #819262) * Manage gitlab-debian.conf and gitlab.yml via ucf * Make postinst more verbose -- Pirate Praveen Fri, 08 Apr 2016 17:29:34 +0530 gitlab (8.5.8+dfsg-4) unstable; urgency=medium * Tighten version requirements for dependencies * Fix permissions for uploads * Run db:migrate when db exist * Restrict file permissions for secret files (Closes: #819412) * Move db to /var/lib/gitlab (fix migrations) [ Libor Klepáč ] * Create builds directory in /var/log (Closes: #819907) -- Pirate Praveen Tue, 05 Apr 2016 22:55:36 +0530 gitlab (8.5.8+dfsg-3) unstable; urgency=medium * Reupload to unstable * Add mail-transport-agent as dependency * Symlink 'shared' to /var/lib/gitlab instead of 'shared/cache' - gitlab expects everything inside shared to be in the same file system. * Use embedded copy of fuzzaldrin-plus (See #814871 for more details) * Bring back db check in postinst (initialize the db only if it is empty) * Choose unicode for db encoding * Don't run letsencrypt if certificate is already present -- Pirate Praveen Tue, 05 Apr 2016 00:14:30 +0530 gitlab (8.5.8+dfsg-2) experimental; urgency=medium * Change letsencrypt from depends to recommends -- Pirate Praveen Sun, 03 Apr 2016 11:09:51 +0530 gitlab (8.5.8+dfsg-1) experimental; urgency=medium * New upstream release -- Pirate Praveen Sat, 02 Apr 2016 21:30:27 +0530 gitlab (8.4.3+dfsg-12) unstable; urgency=medium [ Libor Klepáč ] * Add fix-wiki.patch: Fix wiki display (Closes: #815465) [ Pirate Praveen ] * Use redis-server.service instead of redis.service (which is an alias to redis-server.service and won't be available if redis-server.service is disabled) in systemd files. -- Pirate Praveen Fri, 18 Mar 2016 19:12:10 +0530 gitlab (8.4.3+dfsg-11) unstable; urgency=medium * Relax stable library versions requirement * Relax dependency on grape-entity [ Johannes Schauer ] * Add diagnostic info to README.Debian * Add steps of migrating a source install to debian package -- Pirate Praveen Wed, 16 Mar 2016 20:16:47 +0530 gitlab (8.4.3+dfsg-10) unstable; urgency=medium [ Balasankar C ] * Team upload. * Bump Standards Version (No Changes). * Fix typo in debian/README.Debian. * 0038-relax-net-ssh.patch : Add dep3 header. [ Pirate Praveen ] * Replace gitlab:setup with db:schema:load and db:seed_fu (Closes: #815798) * Relax rails dependency in Gemfile (Closes: #817150) -- Pirate Praveen Tue, 15 Mar 2016 19:42:59 +0530 gitlab (8.4.3+dfsg-9) unstable; urgency=medium * Reorganize directory layout (Closes: #814476) - Move gitlab user's home directory to /var/lib - Add config as a symlink to /etc/gitlab - Add log as a symlink to /var/log/gitlab - Add public as a symlink to /var/lib/gitlab/public - Add more files that needs write permission to /var -- Pirate Praveen Thu, 18 Feb 2016 22:51:32 +0530 gitlab (8.4.3+dfsg-8) unstable; urgency=medium * Install tmpfiles.d/gitlab.conf and allow www-data user to read /run/gitlab (Closes: #814714) * Switch to sendmail method by default. -- Pirate Praveen Tue, 16 Feb 2016 13:58:16 +0530 gitlab (8.4.3+dfsg-7) unstable; urgency=medium * bc should be in build-dep (Closes: #814695) * fix pid file mismatch between /etc/default/gitlab and systemd service files (Closes: #814714) * use tmpfiles.d for /run/gitlab (Closes: #814713) Thanks to Christian Seiler -- Pirate Praveen Tue, 16 Feb 2016 00:08:18 +0530 gitlab (8.4.3+dfsg-6) unstable; urgency=medium * Fix pid and sockets path for gitlab-workhorse -- Pirate Praveen Sun, 14 Feb 2016 12:45:24 +0530 gitlab (8.4.3+dfsg-5) unstable; urgency=medium * Switch to su from sudo -- Pirate Praveen Sat, 13 Feb 2016 23:53:42 +0530 gitlab (8.4.3+dfsg-4) unstable; urgency=medium * Don't overwrite existing database (Closes: #814458) * Write logs, pids and sockets to /var (Closes: #814476) * Add more files to debian/install (Closes: #814503) * Add a check in debian/rules for installing all files -- Pirate Praveen Sat, 13 Feb 2016 21:55:51 +0530 gitlab (8.4.3+dfsg-3) unstable; urgency=medium * Check if /run/systemd/system dirctory exist for systemd -- Pirate Praveen Fri, 12 Feb 2016 01:01:59 +0530 gitlab (8.4.3+dfsg-2) unstable; urgency=medium [ Balasankar C ] * Add email configuration via sendmail method [ Pirate Praveen ] * Download certificates via letsencrypt * Check /proc/1/cmdline for systemd (Closes: #814413) -- Pirate Praveen Fri, 12 Feb 2016 00:17:01 +0530 gitlab (8.4.3+dfsg-1) unstable; urgency=medium * New upstream release * Refresh patches (rails version is in sync) * Configure ssl for nginx if selected * Use letsencrypt certificate paths if selected * Add git as dependency (Closes: #813807) * SSH key upload is working (Closes: #812861) * Configure gitlab_url as workwround (Closes: #813770 ) -- Pirate Praveen Tue, 09 Feb 2016 23:39:34 +0530 gitlab (8.4.0+dfsg-2) unstable; urgency=medium * Add systemd units (Closes: #812841) * Remove Gemfile.lock if found before bundle install (Closes: #813550) (Closes: #812907) -- Pirate Praveen Thu, 04 Feb 2016 16:28:26 +0530 gitlab (8.4.0+dfsg-1) unstable; urgency=medium * New upstream release * Use su instead of sudo everywhere (Closes: #812951) * Add rake and ruby-sentry-raven as dependencies * Remove patch 0107-relax-omniauth-facebook.patch -- Pirate Praveen Tue, 02 Feb 2016 19:28:45 +0530 gitlab (8.4.0+dfsg~rc2-4) unstable; urgency=medium * Reupload to unstable * Relax ruby-net-ssh dependency -- Pirate Praveen Thu, 28 Jan 2016 02:01:57 +0530 gitlab (8.4.0+dfsg~rc2-3) experimental; urgency=medium * Read gitlab-debian.conf from /etc/default/gitlab - Use debian specific configuration in init script * Add nginx to dependencies (Closes: #812724) * Add ruby-influxdb to dependencies (Closes: #812839) * Add missing dependecies from Gemfile and tighen versions * Use environmental variables by commenting out defaults in gitlab.yml -- Pirate Praveen Wed, 27 Jan 2016 13:40:31 +0530 gitlab (8.4.0+dfsg~rc2-2) experimental; urgency=medium * Add README.Debian to document debian specific changes * Make mysql optional (Closes: #812345) * Configure hostname via debconf and integrate nginx -- Pirate Praveen Sun, 24 Jan 2016 15:19:19 +0530 gitlab (8.4.0+dfsg~rc2-1) experimental; urgency=medium * Initial release (Closes: #651606) -- Pirate Praveen Wed, 20 Jan 2016 00:56:59 +0530