Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 7d31bbceaa12
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 3f97de182f39
Choose a head ref
  • 7 commits
  • 14 files changed
  • 2 contributors

Commits on Mar 5, 2020

  1. gitlab: 12.7.6 -> 12.8.1 

    https://about.gitlab.com/releases/2020/02/22/gitlab-12-8-released/
https://about.gitlab.com/releases/2020/02/24/gitlab-12-8-1-released/

(cherry-picked from commit 7d8a200)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    cf3cc7a View commit details
    Browse the repository at this point in the history

  2. gitaly: 1.83.0 -> 12.8.1 

    (cherry-picked from commit facef28)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    e72a27e View commit details
    Browse the repository at this point in the history

  3. gitlab-workhorse: 8.20.0 -> 8.21.0 

    (cherry-picked from commit f2bb523)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    802ff69 View commit details
    Browse the repository at this point in the history

  4. gitlab-shell: Change name from gitlab-shell-go to gitlab-shell 

    This is left over from when gitlab-shell had a ruby part and a go
part. The ruby part is now gone, so let's call the go part
gitlab-shell.

(cherry-picked from commit a3b2828)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    7537484 View commit details
    Browse the repository at this point in the history

  5. bundlerEnv: Add option to copy gem files instead of symlinking 

    The way ruby loads gems and keeps track of their paths seems to not
always work very well when the gems are accessed through
symlinks. Ruby will then complain that the same files are loaded
multiple times; it relies on the file's full path to determine whether
the file is loaded or not.

This adds an option to simply copy all gem files into the environment
instead, which gets rid of this issue, but may instead result in major
file duplication.

(cherry-picked from commit affcf9b)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    00a06a7 View commit details
    Browse the repository at this point in the history

  6. gitaly: Copy gem files into bundler env instead of symlinking 

    This fixes issue #79374, where gitaly prints warning messages on the
client side when running push or fetch.

(cherry-picked from commit 74769b6)
    @talyz
    talyz authored and Milan Pässler committed Mar 5, 2020
    Copy the full SHA
    1b2ab5d View commit details
    Browse the repository at this point in the history

  7. gitlab: 12.8.1 -> 12.8.2 (#81803) 

    Includes multiple security fixes mentioned in
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
(unfortunately, no CVE numbers as of yet)

 - Directory Traversal to Arbitrary File Read
 - Account Takeover Through Expired Link
 - Server Side Request Forgery Through Deprecated Service
 - Group Two-Factor Authentication Requirement Bypass
 - Stored XSS in Merge Request Pages
 - Stored XSS in Merge Request Submission Form
 - Stored XSS in File View
 - Stored XSS in Grafana Integration
 - Contribution Analytics Exposed to Non-members
 - Incorrect Access Control in Docker Registry via Deploy Tokens
 - Denial of Service via Permission Checks
 - Denial of Service in Design For Public Issue
 - GitHub Tokens Displayed in Plaintext on Integrations Page
 - Incorrect Access Control via LFS Import
 - Unescaped HTML in Header
 - Private Merge Request Titles Leaked via Widget
 - Project Namespace Exposed via Vulnerability Feedback Endpoint
 - Denial of Service Through Recursive Requests
 - Project Authorization Not Being Updated
 - Incorrect Permission Level For Group Invites
 - Disclosure of Private Group Epic Information
 - User IP Address Exposed via Badge images
 - Update postgresql (GitLab Omnibus)

(cherry-picked from commit c25756f)
    Milan committed Mar 5, 2020
    Copy the full SHA
    3f97de1 View commit details
    Browse the repository at this point in the history