Skip to content

G
gitlab-ce
Switch branch/tag
  1. 21 May, 2020 3 commits
  3. 19 May, 2020 1 commit
  5. 18 May, 2020 3 commits
    • Sami Hiltunen's avatar
      delay PostUploadPack response until request is fully read · 2fe99f66
      Sami Hiltunen authored 
      Git and Gitaly stream upload-pack response data as soon as it is
available. Some HTTP clients do not support the response being streamed
back while the server is still reading from the request body. To avoid
this, the request was buffered in to a temporary file before passing it
to Gitaly for handling. The buffer had a maximum size of 10MB, which is
now reached by requests to large repositories. These requests were then
truncated, causing Git to fail.

This commit fixes the problem by removing the request buffering and the
maximum size. Instead, the response is buffered in to a temporary file
until the request body is fully read, thus avoiding the problem of
streaming the request and the response simultaneously.
      2fe99f66
    • Nick Thomas's avatar
      Merge branch 'create-scratch-dir' into 'master' · d952a6c8
      Nick Thomas authored 
      Update make to generate `testdata/scratch` dir

See merge request gitlab-org/gitlab-workhorse!495
      d952a6c8
    • Steve Azzopardi's avatar
      Update make to generate `testdata/scratch` dir · 785a4e65
      Steve Azzopardi authored 
      When running the gitaly tests for the first time to see an error message
to run `make prepare-tests` but then after running the tests again you
start seeing the following error message:

```
Error:  Received unexpected error:
listen unix testdata/scratch/gitaly-8674665223082153551.sock: bind: no
such file or directory
```

This is because the directory `testdata/scratch` is not created.
      785a4e65
  7. 08 May, 2020 4 commits
  9. 07 May, 2020 2 commits
  11. 20 Apr, 2020 2 commits
  13. 15 Apr, 2020 2 commits
  15. 08 Apr, 2020 2 commits
  17. 06 Apr, 2020 1 commit
  19. 04 Apr, 2020 2 commits
  21. 03 Apr, 2020 4 commits
  23. 02 Apr, 2020 3 commits
  25. 01 Apr, 2020 1 commit
  27. 31 Mar, 2020 3 commits
  29. 30 Mar, 2020 1 commit
    • Oswaldo Ferreira's avatar
      Bump Labkit version · 837c5ae7
      Oswaldo Ferreira authored 
      This version bump refers to fac94cb42 in order to
support Go Continuous Profiling with versioning.

I.e. Workhorse will provide its build version to
the profiler and it'll be presented at the Stackdriver
Profiler UI.
      837c5ae7
  31. 27 Mar, 2020 1 commit
  33. 26 Mar, 2020 1 commit
  35. 25 Mar, 2020 1 commit
  37. 23 Mar, 2020 3 commits
    • Alessio Caiazza's avatar
      Merge branch 'security-193100-ignore-duplicate-multipart-params' into 'master' · 7168c2e3
      Alessio Caiazza authored 
      Reject parameters that override upload fields

See merge request gitlab-org/security/gitlab-workhorse!3
      7168c2e3
    • Alessio Caiazza's avatar
      Release v8.28.0 · 3fbf8ef2
      Alessio Caiazza authored
      3fbf8ef2
    • Markus Koller's avatar
      Reject parameters that override upload fields · 7c324521
      Markus Koller authored 
      When Workhorse intercepts file uploads, we store the files and send the
information about the temporary file in new multipart form values called
`file.path`, `file.size` etc.

Since we're also copying all other multipart form values from the
original client request, it was possible to override the values we
set in Workhorse, causing Rails to e.g. load the uploaded file from
an injected `file.path` parameter.

To avoid this, we check if client parameters have the same name as any
of our own added fields and reject the request.
      7c324521
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7