Merge branch '5-4-security-update' of /home/git/repositories/gitlab/gitlabhq into 5-4-stable

Dmitriy Zaporozhets
2 parents 9360c733 b40ff1e0
Showing 8 changed files with 10 additions and 45 deletions Show diff stats
Gemfile
Gemfile.lock
VERSION
app/contexts/search_context.rb
config/initializers/connection_fix.rb
doc/install/installation.md
lib/tasks/gitlab/check.rake
lib/tasks/gitlab/test.rake
@@ -23,7 +23,7 @@ gem &#39;omniauth-github&#39;
  
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem 'gitlab_git', '~> 1.3.0'
+gem 'gitlab_git', '~> 1.3.1'
  
 # Ruby/Rack Git Smart-HTTP Server Handler
 gem 'gitlab-grack', '~> 1.0.1', require: 'grack'
@@ -167,7 +167,7 @@ GEM
       stringex (~> 1.5.1)
     gitlab-grack (1.0.1)
       rack (~> 1.4.1)
-    gitlab-grit (2.5.1)
+    gitlab-grit (2.5.2)
       charlock_holmes (~> 0.6.9)
       diff-lcs (~> 1.1)
       mime-types (~> 1.15)
@@ -175,10 +175,10 @@ GEM
     gitlab-pygments.rb (0.3.2)
       posix-spawn (~> 0.3.6)
       yajl-ruby (~> 1.1.0)
-    gitlab_git (1.3.0)
+    gitlab_git (1.3.1)
       activesupport (~> 3.2.13)
       github-linguist (~> 2.3.4)
-      gitlab-grit (~> 2.5.1)
+      gitlab-grit (~> 2.5.2)
     gitlab_meta (5.0)
     gitlab_omniauth-ldap (1.0.3)
       net-ldap (~> 0.3.1)
@@ -566,7 +566,7 @@ DEPENDENCIES
   gitlab-gollum-lib (~> 1.0.0)
   gitlab-grack (~> 1.0.1)
   gitlab-pygments.rb (~> 0.3.2)
-  gitlab_git (~> 1.3.0)
+  gitlab_git (~> 1.3.1)
   gitlab_meta (= 5.0)
   gitlab_omniauth-ldap (= 1.0.3)
   gon
-5.4.0
 \ No newline at end of file
+5.4.1
@@ -7,6 +7,7 @@ class SearchContext
  
   def execute
     query = params[:search]
+    query = Shellwords.shellescape(query) if query.present?
  
     return result unless query.present?
  
@@ -1,36 +0,0 @@
-# from http://gist.github.com/238999
-#
-# If your workers are inactive for a long period of time, they'll lose
-# their MySQL connection.
-#
-# This hack ensures we re-connect whenever a connection is
-# lost. Because, really. why not?
-#
-# Stick this in RAILS_ROOT/config/initializers/connection_fix.rb (or somewhere similar)
-#
-# From:
-#   http://coderrr.wordpress.com/2009/01/08/activerecord-threading-issues-and-resolutions/
-
-if defined?(ActiveRecord::ConnectionAdapters::Mysql2Adapter)
-
-  module ActiveRecord::ConnectionAdapters
-
-    class Mysql2Adapter
-      alias_method :execute_without_retry, :execute
-
-      def execute(*args)
-        execute_without_retry(*args)
-      rescue ActiveRecord::StatementInvalid => e
-        if e.message =~ /server has gone away/i
-          warn "Server timed out, retrying"
-          reconnect!
-          retry
-        else
-          raise e
-        end
-      end
-    end
-
-  end
-
-end
@@ -119,7 +119,7 @@ GitLab Shell is a ssh access and repository management software developed specia
     cd gitlab-shell
  
     # switch to right version
-    sudo -u git -H git checkout v1.5.0
+    sudo -u git -H git checkout v1.7.4
  
     sudo -u git -H cp config.yml.example config.yml
  
@@ -657,7 +657,7 @@ namespace :gitlab do
   end
  
   def check_gitlab_shell
-    required_version = Gitlab::VersionInfo.new(1, 4, 0)
+    required_version = Gitlab::VersionInfo.new(1, 7, 4)
     current_version = Gitlab::VersionInfo.parse(gitlab_shell_version)
  
     print "GitLab Shell version >= #{required_version} ? ... "
 namespace :gitlab do
   desc "GITLAB | Run both spinach and rspec"
-  task test: ['spinach', 'spec']
+  task test: ['db:setup', 'spinach', 'spec']
 end
...	...	@@ -23,7 +23,7 @@ gem 'omniauth-github'
23	23
24	24	# Extracting information from a git repository
25	25	# Provide access to Gitlab::Git library
26		-gem 'gitlab_git', '~> 1.3.0'
	26	+gem 'gitlab_git', '~> 1.3.1'
27	27
28	28	# Ruby/Rack Git Smart-HTTP Server Handler
29	29	gem 'gitlab-grack', '~> 1.0.1', require: 'grack'
...	...
...	...	@@ -167,7 +167,7 @@ GEM
167	167	stringex (~> 1.5.1)
168	168	gitlab-grack (1.0.1)
169	169	rack (~> 1.4.1)
170		- gitlab-grit (2.5.1)
	170	+ gitlab-grit (2.5.2)
171	171	charlock_holmes (~> 0.6.9)
172	172	diff-lcs (~> 1.1)
173	173	mime-types (~> 1.15)
...	...	@@ -175,10 +175,10 @@ GEM
175	175	gitlab-pygments.rb (0.3.2)
176	176	posix-spawn (~> 0.3.6)
177	177	yajl-ruby (~> 1.1.0)
178		- gitlab_git (1.3.0)
	178	+ gitlab_git (1.3.1)
179	179	activesupport (~> 3.2.13)
180	180	github-linguist (~> 2.3.4)
181		- gitlab-grit (~> 2.5.1)
	181	+ gitlab-grit (~> 2.5.2)
182	182	gitlab_meta (5.0)
183	183	gitlab_omniauth-ldap (1.0.3)
184	184	net-ldap (~> 0.3.1)
...	...	@@ -566,7 +566,7 @@ DEPENDENCIES
566	566	gitlab-gollum-lib (~> 1.0.0)
567	567	gitlab-grack (~> 1.0.1)
568	568	gitlab-pygments.rb (~> 0.3.2)
569		- gitlab_git (~> 1.3.0)
	569	+ gitlab_git (~> 1.3.1)
570	570	gitlab_meta (= 5.0)
571	571	gitlab_omniauth-ldap (= 1.0.3)
572	572	gon
...	...
...	...	@@ -7,6 +7,7 @@ class SearchContext
7	7
8	8	def execute
9	9	query = params[:search]
	10	+ query = Shellwords.shellescape(query) if query.present?
10	11
11	12	return result unless query.present?
12	13
...	...
...	...	@@ -1,36 +0,0 @@
1		-# from http://gist.github.com/238999
2		-#
3		-# If your workers are inactive for a long period of time, they'll lose
4		-# their MySQL connection.
5		-#
6		-# This hack ensures we re-connect whenever a connection is
7		-# lost. Because, really. why not?
8		-#
9		-# Stick this in RAILS_ROOT/config/initializers/connection_fix.rb (or somewhere similar)
10		-#
11		-# From:
12		-# http://coderrr.wordpress.com/2009/01/08/activerecord-threading-issues-and-resolutions/
13		-
14		-if defined?(ActiveRecord::ConnectionAdapters::Mysql2Adapter)
15		-
16		- module ActiveRecord::ConnectionAdapters
17		-
18		- class Mysql2Adapter
19		- alias_method :execute_without_retry, :execute
20		-
21		- def execute(*args)
22		- execute_without_retry(*args)
23		- rescue ActiveRecord::StatementInvalid => e
24		- if e.message =~ /server has gone away/i
25		- warn "Server timed out, retrying"
26		- reconnect!
27		- retry
28		- else
29		- raise e
30		- end
31		- end
32		- end
33		-
34		- end
35		-
36		-end
...	...	@@ -119,7 +119,7 @@ GitLab Shell is a ssh access and repository management software developed specia
119	119	cd gitlab-shell
120	120
121	121	# switch to right version
122		- sudo -u git -H git checkout v1.5.0
	122	+ sudo -u git -H git checkout v1.7.4
123	123
124	124	sudo -u git -H cp config.yml.example config.yml
125	125
...	...
...	...	@@ -657,7 +657,7 @@ namespace :gitlab do
657	657	end
658	658
659	659	def check_gitlab_shell
660		- required_version = Gitlab::VersionInfo.new(1, 4, 0)
	660	+ required_version = Gitlab::VersionInfo.new(1, 7, 4)
661	661	current_version = Gitlab::VersionInfo.parse(gitlab_shell_version)
662	662
663	663	print "GitLab Shell version >= #{required_version} ? ... "
...	...
1	1	namespace :gitlab do
2	2	desc "GITLAB \| Run both spinach and rspec"
3		- task test: ['spinach', 'spec']
	3	+ task test: ['db:setup', 'spinach', 'spec']
4	4	end
...	...