delta/gitlab/gitlab-ce.git, branch update-shell gitlab.com: gitlab-org/gitlab-ce.git Update Gitlab Shell to support low IO priority for storage moves 2016-09-28T18:38:10+00:00 Alejandro Rodríguez alejorro70@gmail.com 2016-09-28T18:38:10+00:00 0b5d6298f363a50d21e81758f6c1a75b924a0995 






Fix CHANGELOG
2016-09-28T18:27:47+00:00

Ruben Davila
rdavila84@gmail.com

2016-09-28T18:27:47+00:00

0816838b8b9da0108b1f37c84393c5a1035f9b66












Merge branch 'resolve-buttons-path' into 'master'

2016-09-28T18:26:14+00:00

Jacob Schatz
jschatz@gitlab.com

2016-09-26T23:00:55+00:00

56dc3e4bad2e66f94663e4ed6735080586faef1e


Pass the full project path for resolve buttons

## What does this MR do?

The full project path is passed from the HTML into the JS rather than the resolve button JS generating the URL based on the the namespaces.

@smcgivern @stanhu Do we have anyway of adding tests for installs with relative URLs?

## What are the relevant issue numbers?

Closes #21704

See merge request !6129





Pass the full project path for resolve buttons

## What does this MR do?

The full project path is passed from the HTML into the JS rather than the resolve button JS generating the URL based on the the namespaces.

@smcgivern @stanhu Do we have anyway of adding tests for installs with relative URLs?

## What are the relevant issue numbers?

Closes #21704

See merge request !6129






Merge branch '22525-emoji-dropdown-shows-search-results-label-several-times' into 'master'

2016-09-28T18:22:23+00:00

Fatih Acet
acetfatih@gmail.com

2016-09-26T22:02:33+00:00

d609605e86a9ac3025fa6dfab0c9779b5a5827c5


Fixed awards dropdown search text from repeating

## What does this MR do?

Thanks @zeiv for this!

>This fixes #20463 by adding the .emoji-search class to the "Search results" h5 element.  AwardsHandler.prototype.setupSearch() was trying to remove the element before creating a new one, but wasn't because the it was attempting to select it with the .emoji-search class, which wasn't being added.

## Are there points in the code the reviewer needs to double check?

>I don't believe so.

## Why was this MR needed?

>See #20463

_(and #22525)_

## Screenshots (if relevant)

![2016-09-23_15.56.04](/uploads/b421400a08b3d9fa32c577e7d8952504/2016-09-23_15.56.04.gif)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?


Closes #22525

See merge request !6498





Fixed awards dropdown search text from repeating

## What does this MR do?

Thanks @zeiv for this!

>This fixes #20463 by adding the .emoji-search class to the "Search results" h5 element.  AwardsHandler.prototype.setupSearch() was trying to remove the element before creating a new one, but wasn't because the it was attempting to select it with the .emoji-search class, which wasn't being added.

## Are there points in the code the reviewer needs to double check?

>I don't believe so.

## Why was this MR needed?

>See #20463

_(and #22525)_

## Screenshots (if relevant)

![2016-09-23_15.56.04](/uploads/b421400a08b3d9fa32c577e7d8952504/2016-09-23_15.56.04.gif)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?


Closes #22525

See merge request !6498






Merge branch 'lfs-ssh-authorization-fix' into 'master'

2016-09-28T18:15:24+00:00

Douwe Maan
douwe@gitlab.com

2016-09-28T18:13:34+00:00

c91bc7c9f8bafc2ba1a16bb30f5795101ec9d989


Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551





Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551






Merge branch 'fix/escape-builds-commands-in-ci-linter' into 'security'

2016-09-28T16:25:56+00:00

Robert Speicher
robert@gitlab.com

2016-09-28T15:02:12+00:00

6596f3539328dead0eb85087dfdd39feacdba6cb


Escape HTML nodes in builds commands in ci linter

This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.

Closes #22541

See merge request !2001





Escape HTML nodes in builds commands in ci linter

This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.

Closes #22541

See merge request !2001






Merge branch '22435-no-api-state-change-via-rails-session' into 'security'
2016-09-28T16:17:09+00:00

Douwe Maan
douwe@gitlab.com

2016-09-28T14:44:11+00:00

cb1b5b03dc461c1464cc81084783cb2ebb3079c0

API: disable rails session auth for non-GET/HEAD requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435

See merge request !1999
Conflicts:
	app/assets/javascripts/labels_select.js





API: disable rails session auth for non-GET/HEAD requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435

See merge request !1999
Conflicts:
	app/assets/javascripts/labels_select.js







Merge branch '22450-restrict-origin' into 'master'

2016-09-28T16:00:23+00:00

Douwe Maan
douwe@gitlab.com

2016-09-27T11:38:59+00:00

93a4e438edc4afa64332d9169d447925a67b8ab5


Set a restrictive CORS policy for the API

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22450

See merge request !1998





Set a restrictive CORS policy for the API

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22450

See merge request !1998






Merge branch '18028-respect-fork-project' into 'security'

2016-09-28T15:57:12+00:00

Rémy Coutable
remy@gitlab.com

2016-09-28T09:42:33+00:00

fe93a9b4ecf52d7cf861f0fae95c27448d43c015


Enforce the fork_project permission in Projects::CreateService

Projects::ForkService delegates to this service almost entirely, but needed one small change so it would propagate create errors correctly.

CreateService#execute needs significant refactoring; it is now right at the complexity limit set by Rubocop. I avoided doing so in this commit to keep the diff as small as possible.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18028

See merge request !1996





Enforce the fork_project permission in Projects::CreateService

Projects::ForkService delegates to this service almost entirely, but needed one small change so it would propagate create errors correctly.

CreateService#execute needs significant refactoring; it is now right at the complexity limit set by Rubocop. I avoided doing so in this commit to keep the diff as small as possible.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18028

See merge request !1996






Merge branch 'dz-improve-mr-versions' into 'master'

2016-09-28T15:52:32+00:00

Rémy Coutable
remy@rymai.me

2016-09-28T14:59:51+00:00

26b47b243acd2698db954b03f6d96d75e01152c0


Fix duplicate master entries in the mr versions dropdown

## What does this MR do?

Fixes bug when "master" was duplicated per each mr version in the dropdown

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22519, Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22715

See merge request !6567





Fix duplicate master entries in the mr versions dropdown

## What does this MR do?

Fixes bug when "master" was duplicated per each mr version in the dropdown

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22519, Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22715

See merge request !6567