Commit 36dc6e6b510625708836d0d1d6faf17527446e15
Merge branch '5-4-security-update' of /home/git/repositories/gitlab/gitlabhq into 5-4-stable
Showing
8 changed files
with
10 additions
and
45 deletions
Show diff stats
Gemfile
| @@ -23,7 +23,7 @@ gem 'omniauth-github' | @@ -23,7 +23,7 @@ gem 'omniauth-github' | ||
| 23 | 23 | ||
| 24 | # Extracting information from a git repository | 24 | # Extracting information from a git repository |
| 25 | # Provide access to Gitlab::Git library | 25 | # Provide access to Gitlab::Git library |
| 26 | -gem 'gitlab_git', '~> 1.3.0' | 26 | +gem 'gitlab_git', '~> 1.3.1' |
| 27 | 27 | ||
| 28 | # Ruby/Rack Git Smart-HTTP Server Handler | 28 | # Ruby/Rack Git Smart-HTTP Server Handler |
| 29 | gem 'gitlab-grack', '~> 1.0.1', require: 'grack' | 29 | gem 'gitlab-grack', '~> 1.0.1', require: 'grack' |
Gemfile.lock
| @@ -167,7 +167,7 @@ GEM | @@ -167,7 +167,7 @@ GEM | ||
| 167 | stringex (~> 1.5.1) | 167 | stringex (~> 1.5.1) |
| 168 | gitlab-grack (1.0.1) | 168 | gitlab-grack (1.0.1) |
| 169 | rack (~> 1.4.1) | 169 | rack (~> 1.4.1) |
| 170 | - gitlab-grit (2.5.1) | 170 | + gitlab-grit (2.5.2) |
| 171 | charlock_holmes (~> 0.6.9) | 171 | charlock_holmes (~> 0.6.9) |
| 172 | diff-lcs (~> 1.1) | 172 | diff-lcs (~> 1.1) |
| 173 | mime-types (~> 1.15) | 173 | mime-types (~> 1.15) |
| @@ -175,10 +175,10 @@ GEM | @@ -175,10 +175,10 @@ GEM | ||
| 175 | gitlab-pygments.rb (0.3.2) | 175 | gitlab-pygments.rb (0.3.2) |
| 176 | posix-spawn (~> 0.3.6) | 176 | posix-spawn (~> 0.3.6) |
| 177 | yajl-ruby (~> 1.1.0) | 177 | yajl-ruby (~> 1.1.0) |
| 178 | - gitlab_git (1.3.0) | 178 | + gitlab_git (1.3.1) |
| 179 | activesupport (~> 3.2.13) | 179 | activesupport (~> 3.2.13) |
| 180 | github-linguist (~> 2.3.4) | 180 | github-linguist (~> 2.3.4) |
| 181 | - gitlab-grit (~> 2.5.1) | 181 | + gitlab-grit (~> 2.5.2) |
| 182 | gitlab_meta (5.0) | 182 | gitlab_meta (5.0) |
| 183 | gitlab_omniauth-ldap (1.0.3) | 183 | gitlab_omniauth-ldap (1.0.3) |
| 184 | net-ldap (~> 0.3.1) | 184 | net-ldap (~> 0.3.1) |
| @@ -566,7 +566,7 @@ DEPENDENCIES | @@ -566,7 +566,7 @@ DEPENDENCIES | ||
| 566 | gitlab-gollum-lib (~> 1.0.0) | 566 | gitlab-gollum-lib (~> 1.0.0) |
| 567 | gitlab-grack (~> 1.0.1) | 567 | gitlab-grack (~> 1.0.1) |
| 568 | gitlab-pygments.rb (~> 0.3.2) | 568 | gitlab-pygments.rb (~> 0.3.2) |
| 569 | - gitlab_git (~> 1.3.0) | 569 | + gitlab_git (~> 1.3.1) |
| 570 | gitlab_meta (= 5.0) | 570 | gitlab_meta (= 5.0) |
| 571 | gitlab_omniauth-ldap (= 1.0.3) | 571 | gitlab_omniauth-ldap (= 1.0.3) |
| 572 | gon | 572 | gon |
VERSION
app/contexts/search_context.rb
| @@ -7,6 +7,7 @@ class SearchContext | @@ -7,6 +7,7 @@ class SearchContext | ||
| 7 | 7 | ||
| 8 | def execute | 8 | def execute |
| 9 | query = params[:search] | 9 | query = params[:search] |
| 10 | + query = Shellwords.shellescape(query) if query.present? | ||
| 10 | 11 | ||
| 11 | return result unless query.present? | 12 | return result unless query.present? |
| 12 | 13 |
config/initializers/connection_fix.rb
| @@ -1,36 +0,0 @@ | @@ -1,36 +0,0 @@ | ||
| 1 | -# from http://gist.github.com/238999 | ||
| 2 | -# | ||
| 3 | -# If your workers are inactive for a long period of time, they'll lose | ||
| 4 | -# their MySQL connection. | ||
| 5 | -# | ||
| 6 | -# This hack ensures we re-connect whenever a connection is | ||
| 7 | -# lost. Because, really. why not? | ||
| 8 | -# | ||
| 9 | -# Stick this in RAILS_ROOT/config/initializers/connection_fix.rb (or somewhere similar) | ||
| 10 | -# | ||
| 11 | -# From: | ||
| 12 | -# http://coderrr.wordpress.com/2009/01/08/activerecord-threading-issues-and-resolutions/ | ||
| 13 | - | ||
| 14 | -if defined?(ActiveRecord::ConnectionAdapters::Mysql2Adapter) | ||
| 15 | - | ||
| 16 | - module ActiveRecord::ConnectionAdapters | ||
| 17 | - | ||
| 18 | - class Mysql2Adapter | ||
| 19 | - alias_method :execute_without_retry, :execute | ||
| 20 | - | ||
| 21 | - def execute(*args) | ||
| 22 | - execute_without_retry(*args) | ||
| 23 | - rescue ActiveRecord::StatementInvalid => e | ||
| 24 | - if e.message =~ /server has gone away/i | ||
| 25 | - warn "Server timed out, retrying" | ||
| 26 | - reconnect! | ||
| 27 | - retry | ||
| 28 | - else | ||
| 29 | - raise e | ||
| 30 | - end | ||
| 31 | - end | ||
| 32 | - end | ||
| 33 | - | ||
| 34 | - end | ||
| 35 | - | ||
| 36 | -end |
doc/install/installation.md
| @@ -119,7 +119,7 @@ GitLab Shell is a ssh access and repository management software developed specia | @@ -119,7 +119,7 @@ GitLab Shell is a ssh access and repository management software developed specia | ||
| 119 | cd gitlab-shell | 119 | cd gitlab-shell |
| 120 | 120 | ||
| 121 | # switch to right version | 121 | # switch to right version |
| 122 | - sudo -u git -H git checkout v1.5.0 | 122 | + sudo -u git -H git checkout v1.7.4 |
| 123 | 123 | ||
| 124 | sudo -u git -H cp config.yml.example config.yml | 124 | sudo -u git -H cp config.yml.example config.yml |
| 125 | 125 |
lib/tasks/gitlab/check.rake
| @@ -657,7 +657,7 @@ namespace :gitlab do | @@ -657,7 +657,7 @@ namespace :gitlab do | ||
| 657 | end | 657 | end |
| 658 | 658 | ||
| 659 | def check_gitlab_shell | 659 | def check_gitlab_shell |
| 660 | - required_version = Gitlab::VersionInfo.new(1, 4, 0) | 660 | + required_version = Gitlab::VersionInfo.new(1, 7, 4) |
| 661 | current_version = Gitlab::VersionInfo.parse(gitlab_shell_version) | 661 | current_version = Gitlab::VersionInfo.parse(gitlab_shell_version) |
| 662 | 662 | ||
| 663 | print "GitLab Shell version >= #{required_version} ? ... " | 663 | print "GitLab Shell version >= #{required_version} ? ... " |
lib/tasks/gitlab/test.rake