Merge branch '10-3-stable-prepare-rc1' of…

CHANGELOG.md

@@ -2,9 +2,9 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
-## 10.2.4 (2017-12-08)
+## 10.2.4 (2017-12-07)
 
-### Security (4 changes)
+### Security (5 changes)
 
 - Fix e-mail address disclosure through member search fields
 - Prevent creating issues through API when user does not have permissions
@@ -248,6 +248,17 @@ entry.
 - Add Gitaly metrics to the performance bar.
 
 
+## 10.1.5 (2017-12-07)
+
+### Security (5 changes)
+
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
+
+
 ## 10.1.4 (2017-11-14)
 
 ### Fixed (4 changes)
@@ -496,6 +507,17 @@ entry.
 - creation of keys moved to services. !13331 (haseebeqx)
 - Add username as GL_USERNAME in hooks.
 
+## 10.0.7 (2017-12-07)
+
+### Security (5 changes)
+
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
+
+
 ## 10.0.5 (2017-11-03)
 
 - [FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258

app/views/projects/environments/metrics.html.haml

@@ -15,9 +15,9 @@
 
   #prometheus-graphs{ data: { "settings-path": edit_project_service_path(@project, 'prometheus'),
     "documentation-path": help_page_path('administration/monitoring/prometheus/index.md'),
-    "empty-getting-started-svg-path": image_path('illustrations/monitoring/getting_started'),
-    "empty-loading-svg-path": image_path('illustrations/monitoring/loading'),
-    "empty-unable-to-connect-svg-path": image_path('illustrations/monitoring/unable_to_connect'),
+    "empty-getting-started-svg-path": image_path('illustrations/monitoring/getting_started.svg'),
+    "empty-loading-svg-path": image_path('illustrations/monitoring/loading.svg'),
+    "empty-unable-to-connect-svg-path": image_path('illustrations/monitoring/unable_to_connect.svg'),
     "additional-metrics": additional_metrics_project_environment_path(@project, @environment, format: :json),
     "project-path": project_path(@project),
     "tags-path": project_tags_path(@project),

changelogs/unreleased/40285-prometheus-loading-screen-no-longer-seems-to-appear.yml

+---
+title: Fix broken illustration images for monitoring page empty states
+merge_request: 15889
+author:
+type: fixed

doc/ci/docker/using_docker_images.md

@@ -319,45 +319,62 @@ As you can see, the syntax of `command` is similar to [Dockerfile's `CMD`][cmd].
 > Introduced in GitLab and GitLab Runner 9.4. Read more about the [extended
 configuration options](#extended-docker-configuration-options).
 
+Before showing the available entrypoint override methods, let's describe shortly
+how the Runner starts and uses a Docker image for the containers used in the
+CI jobs:
+
+1. The Runner starts a Docker container using the defined entrypoint (default
+   from `Dockerfile` that may be overridden in `.gitlab-ci.yml`)
+1. The Runner attaches itself to a running container.
+1. The Runner prepares a script (the combination of
+   [`before_script`](../yaml/README.md#before_script),
+   [`script`](../yaml/README.md#script),
+   and [`after_script`](../yaml/README.md#after_script)).
+1. The Runner sends the script to the container's shell STDIN and receives the
+   output.
+
+To override the entrypoint of a Docker image, the recommended solution is to
+define an empty `entrypoint` in `.gitlab-ci.yml`, so the Runner doesn't start
+a useless shell layer. However, that will not work for all Docker versions, and
+you should check which one your Runner is using. Specifically:
+
+- If Docker 17.06 or later is used, the `entrypoint` can be set to an empty value.
+- If Docker 17.03 or previous versions are used, the `entrypoint` can be set to
+  `/bin/sh -c`, `/bin/bash -c` or an equivalent shell available in the image.
+
+The syntax of `image:entrypoint` is similar to [Dockerfile's `ENTRYPOINT`][entrypoint].
+
+----
+
 Let's assume you have a `super/sql:experimental` image with some SQL database
 inside it and you would like to use it as a base image for your job because you
 want to execute some tests with this database binary. Let's also assume that
 this image is configured with `/usr/bin/super-sql run` as an entrypoint. That
-means, that when starting the container without additional options, it will run
+means that when starting the container without additional options, it will run
 the database's process, while Runner expects that the image will have no
-entrypoint or at least will start with a shell as its entrypoint.
-
-Before the new extended Docker configuration options, you would need to create
-your own image based on the `super/sql:experimental` image, set the entrypoint
-to a shell and then use it in job's configuration, like:
+entrypoint or that the entrypoint is prepared to start a shell command.
 
-```Dockerfile
-# my-super-sql:experimental image's Dockerfile
+With the extended Docker configuration options, instead of creating your
+own image based on `super/sql:experimental`, setting the `ENTRYPOINT`
+to a shell, and then using the new image in your CI job, you can now simply
+define an `entrypoint` in `.gitlab-ci.yml`.
 
-FROM super/sql:experimental
-ENTRYPOINT ["/bin/sh"]
-```
+**For Docker 17.06+:**
 
 ```yaml
-# .gitlab-ci.yml
-
-image: my-super-sql:experimental
+image:
+  name: super/sql:experimental
+  entrypoint: [""]
 ```
 
-After the new extended Docker configuration options, you can now simply
-set an `entrypoint` in `.gitlab-ci.yml`, like:
+**For Docker =< 17.03:**
 
 ```yaml
-# .gitlab-ci.yml
-
 image:
   name: super/sql:experimental
-  entrypoint: ["/bin/sh"]
+  entrypoint: ["/bin/sh", "-c"]
 ```
 
-As you can see the syntax of `entrypoint` is similar to
-[Dockerfile's `ENTRYPOINT`][entrypoint].
-
 ## Define image and services in `config.toml`
 
 Look for the `[runners.docker]` section:

doc/install/installation.md

@@ -299,9 +299,9 @@ sudo usermod -aG redis git
 ### Clone the Source
 
     # Clone GitLab repository
-    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 10-2-stable gitlab
+    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 10-3-stable gitlab
 
-**Note:** You can change `10-2-stable` to `master` if you want the *bleeding edge* version, but never install master on a production server!
+**Note:** You can change `10-3-stable` to `master` if you want the *bleeding edge* version, but never install master on a production server!
 
 ### Configure It
 

vendor/Dockerfile/CONTRIBUTING.md

-The canonical repository for `Dockerfile` templates is
-https://gitlab.com/gitlab-org/Dockerfile.
+## Developer Certificate of Origin + License
 
-GitLab only mirrors the templates. Please submit your merge requests to 
-https://gitlab.com/gitlab-org/Dockerfile.
+By contributing to GitLab B.V., You accept and agree to the following terms and
+conditions for Your present and future Contributions submitted to GitLab B.V.
+Except for the license granted herein to GitLab B.V. and recipients of software
+distributed by GitLab B.V., You reserve all right, title, and interest in and to
+Your Contributions. All Contributions are subject to the following DCO + License
+terms.
 
-## Contributing
+[DCO + License](https://gitlab.com/gitlab-org/dco/blob/master/README.md)
 
-Thank you for your interest in contributing to this GitLab project! We welcome
-all contributions. By participating in this project, you agree to abide by the
-[code of conduct](#code-of-conduct).
-
-## Contributor license agreement
-
-By submitting code as an individual you agree to the [individual contributor
-license agreement][individual-agreement].
-
-By submitting code as an entity you agree to the [corporate contributor license
-agreement][corporate-agreement].
+_This notice should stay as the first item in the CONTRIBUTING.md file._
 
 ## Code of conduct
 

vendor/Dockerfile/LICENSE

-The MIT License (MIT)
+Copyright (c) 2011-2017 GitLab B.V.
 
-Copyright (c) 2016-2017 GitLab.org
+With regard to the GitLab Software:
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +9,17 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+For all third party components incorporated into the GitLab Software, those 
+components are licensed under the original license provided by the owner of the 
+applicable component.

vendor/gitignore/Global/Matlab.gitignore

 ##---------------------------------------------------
-## Remove autosaves generated by the Matlab editor
+## Remove autosaves generated by the MATLAB editor
 ## We have git for backups!
 ##---------------------------------------------------
 
@@ -14,6 +14,7 @@
 
 # Simulink Code Generation
 slprj/
+sccprj/
 
 # Session info
 octave-workspace

vendor/gitignore/Go.gitignore

@@ -9,6 +9,3 @@
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
-
-# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
-.glide/

vendor/gitignore/Haskell.gitignore

@@ -17,5 +17,6 @@ cabal.sandbox.config
 *.eventlog
 .stack-work/
 cabal.project.local
+cabal.project.local~
 .HTF/
 .ghc.environment.*

vendor/gitignore/Jekyll.gitignore

 _site/
 .sass-cache/
+.jekyll-cache/
 .jekyll-metadata

vendor/gitignore/ROS.gitignore

+devel/
+logs/
 build/
 bin/
 lib/

vendor/gitignore/Symfony.gitignore

@@ -25,6 +25,7 @@
 /bin/*
 !bin/console
 !bin/symfony_requirements
+/vendor/
 
 # Assets and user uploads
 /web/bundles/
@@ -37,6 +38,9 @@
 # Build data
 /build/
 
+# Composer PHAR
+/composer.phar
+
 # Backup entities generated with doctrine:generate:entities command
 **/Entity/*~
 

vendor/gitignore/TeX.gitignore

@@ -215,7 +215,11 @@ TSWLatexianTemp*
 *~[0-9]*
 
 # auto folder when using emacs and auctex
-/auto/*
+./auto/*
+*.el
 
 # expex forward references with \gathertags
 *-tags.tex
+
+# standalone packages
+*.sta

vendor/gitignore/Unity.gitignore

-/[Ll]ibrary/
-/[Tt]emp/
-/[Oo]bj/
-/[Bb]uild/
-/[Bb]uilds/
-/Assets/AssetStoreTools*
+[Ll]ibrary/
+[Tt]emp/
+[Oo]bj/
+[Bb]uild/
+[Bb]uilds/
+Assets/AssetStoreTools*
 
 # Visual Studio 2015 cache directory
 /.vs/
@@ -25,6 +25,7 @@ ExportedObj/
 
 # Unity3D generated meta files
 *.pidb.meta
+*.pdb.meta
 
 # Unity3D Generated File On Crash Reports
 sysinfo.txt

vendor/gitignore/UnrealEngine.gitignore

@@ -50,6 +50,7 @@ SourceArt/**/*.tga
 
 # Binary Files
 Binaries/*
+Plugins/*/Binaries/*
 
 # Builds
 Build/*
@@ -70,6 +71,7 @@ Saved/*
 
 # Compiled source files for the engine to use
 Intermediate/*
+Plugins/*/Intermediate/*
 
 # Cache files for the editor to use
 DerivedDataCache/*

vendor/gitignore/VisualStudio.gitignore

@@ -24,11 +24,14 @@ bld/
 [Oo]bj/
 [Ll]og/
 
-# Visual Studio 2015 cache/options directory
+# Visual Studio 2015/2017 cache/options directory
 .vs/
 # Uncomment if you have tasks that create the project's static files in wwwroot
 #wwwroot/
 
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
@@ -51,6 +54,10 @@ project.fragment.lock.json
 artifacts/
 **/Properties/launchSettings.json
 
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
 *_i.c
 *_p.c
 *_i.h
@@ -247,7 +254,7 @@ FakesAssemblies/
 .ntvs_analysis.dat
 node_modules/
 
-# Typescript v1 declaration files
+# TypeScript v1 declaration files
 typings/
 
 # Visual Studio 6 build log
@@ -303,3 +310,6 @@ __pycache__/
 
 # OpenCover UI analysis results
 OpenCover/
+
+# Azure Stream Analytics local run output 
+ASALocalRun/

vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml

@@ -83,6 +83,16 @@ codequality:
   artifacts:
     paths: [codeclimate.json]
 
+sast:
+  image: registry.gitlab.com/gitlab-org/gl-sast:latest
+  variables:
+    POSTGRES_DB: "false"
+  allow_failure: true
+  script:
+    - /app/bin/run .
+  artifacts:
+    paths: [gl-sast-report.json]
+
 review:
   stage: review
   script:
@@ -218,8 +228,8 @@ production:
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume /tmp/cc:/tmp/cc"
 
-    docker run ${cc_opts} codeclimate/codeclimate init
-    docker run ${cc_opts} codeclimate/codeclimate analyze -f json > codeclimate.json
+    docker run ${cc_opts} codeclimate/codeclimate:0.69.0 init
+    docker run ${cc_opts} codeclimate/codeclimate:0.69.0 analyze -f json > codeclimate.json
   }
 
   function deploy() {
@@ -345,6 +355,13 @@ production:
   }
 
   function build() {
+
+    if [[ -n "$CI_REGISTRY_USER" ]]; then
+      echo "Logging to GitLab Container Registry with CI credentials..."
+      docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+      echo ""
+    fi
+
     if [[ -f Dockerfile ]]; then
       echo "Building Dockerfile-based application..."
       docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" .
@@ -362,12 +379,6 @@ production:
       echo ""
     fi
 
-    if [[ -n "$CI_REGISTRY_USER" ]]; then
-      echo "Logging to GitLab Container Registry with CI credentials..."
-      docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
-      echo ""
-    fi
-
     echo "Pushing to GitLab Container Registry..."
     docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
     echo ""
@@ -402,7 +413,9 @@ production:
       name="$name-$track"
     fi
 
-    helm delete "$name" || true
+    if [[ -n "$(helm ls -q "^$name$")" ]]; then
+      helm delete "$name"
+    fi
   }
 
 before_script:

vendor/gitlab-ci-yml/CONTRIBUTING.md

-## Contributing
+## Developer Certificate of Origin + License
 
-Thank you for your interest in contributing to this GitLab project! We welcome
-all contributions. By participating in this project, you agree to abide by the
-[code of conduct](#code-of-conduct).
+By contributing to GitLab B.V., You accept and agree to the following terms and
+conditions for Your present and future Contributions submitted to GitLab B.V.
+Except for the license granted herein to GitLab B.V. and recipients of software
+distributed by GitLab B.V., You reserve all right, title, and interest in and to
+Your Contributions. All Contributions are subject to the following DCO + License
+terms.
 
-## Contributor license agreement
+[DCO + License](https://gitlab.com/gitlab-org/dco/blob/master/README.md)
 
-By submitting code as an individual you agree to the [individual contributor
-license agreement][individual-agreement].
-
-By submitting code as an entity you agree to the [corporate contributor license
-agreement][corporate-agreement].
+_This notice should stay as the first item in the CONTRIBUTING.md file._
 
 ## Code of conduct
 

vendor/gitlab-ci-yml/Chef.gitlab-ci.yml

+# This file uses Test Kitchen with the kitchen-dokken driver to
+# perform functional testing. Doing so requires that your runner be a
+# Docker runner configured for privileged mode. Please see
+# https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode
+# for help configuring your runner properly, or, if you want to switch
+# to a different driver, see http://kitchen.ci/docs/drivers
+
+image: "chef/chefdk"
+services:
+  - docker:dind
+
+variables:
+  DOCKER_HOST: "tcp://docker:2375"
+  KITCHEN_LOCAL_YAML: ".kitchen.dokken.yml"
+
+stages:
+  - lint
+  - unit
+  - functional
+
+foodcritic:
+  stage: lint
+  script:
+  - chef exec foodcritic .
+
+cookstyle:
+  stage: lint
+  script:
+  - chef exec cookstyle .
+
+chefspec:
+  stage: unit
+  script:
+  - chef exec rspec spec
+
+# Set up your test matrix here. Example:
+#verify-centos-6:
+#  stage: functional
+#  before_script:
+#  - apt-get update
+#  - apt-get -y install rsync
+#  script:
+#  - kitchen verify default-centos-6 --destroy=always
+#  
+#verify-centos-7:
+#  stage: functional
+#  before_script:
+#  - apt-get update
+#  - apt-get -y install rsync
+#  script:
+#  - kitchen verify default-centos-7 --destroy=always

vendor/gitlab-ci-yml/Go.gitlab-ci.yml

@@ -11,8 +11,8 @@ variables:
 # repository in /go/src/gitlab.com/namespace/project
 # Thus, making a symbolic link corrects this.
 before_script:
-  - mkdir -p $GOPATH/src/$REPO_NAME
-  - ln -svf $CI_PROJECT_DIR/* $GOPATH/src/$REPO_NAME
+  - mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
+  - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
   - cd $GOPATH/src/$REPO_NAME
 
 stages:

vendor/gitlab-ci-yml/LICENSE

-The MIT License (MIT)
+Copyright (c) 2011-2017 GitLab B.V.
 
-Copyright (c) 2016-2017 GitLab.org
+With regard to the GitLab Software:
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +9,17 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+For all third party components incorporated into the GitLab Software, those 
+components are licensed under the original license provided by the owner of the 
+applicable component.

vendor/gitlab-ci-yml/Rust.gitlab-ci.yml

@@ -20,4 +20,4 @@ image: "rust:latest"
 test:cargo:
   script:
   - rustc --version && cargo --version      # Print version info for debugging
-  - cargo test --verbose --jobs 1 --release # Don't paralize to make errors more readable
+  - cargo test --verbose --jobs 1 --release # Don't parallelise to make errors more readable