Add latest changes from gitlab-org/gitlab@master

6 files changed, 17 insertions, 26 deletions

diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb
index 4d15ac99277..84f7338a9ce 100644
--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -265,7 +265,7 @@ module Gitlab
       # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/destination/namespace/path'
       # the regex also allows for an empty string ('') to be accepted as this is allowed in
       # a bulk_import POST request
-      @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|\A([.]?)[^\W](\/?[.]?[0-9a-z][-_]*)+\z)/i
+      @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|\A([.]?)\w*([0-9a-z][-_]*)(\/?[.]?[0-9a-z][-_]*)+\z)/i
     end
 
     def bulk_import_source_full_path_regex
diff --git a/lib/support/nginx/gitlab-pages-ssl b/lib/support/nginx/gitlab-pages-ssl
index 900d91e0575..a883d151a96 100644
--- a/lib/support/nginx/gitlab-pages-ssl
+++ b/lib/support/nginx/gitlab-pages-ssl
@@ -38,8 +38,10 @@ server {
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
 
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  # These settings are in line with the modern settings from https://ssl-config.mozilla.org/
+  # and are supported by all still-supported browsers since 2019. If you have specific needs
+  # for older settings, please consult the intermediate settings there.
+  ssl_protocols TLSv1.3;
   ssl_prefer_server_ciphers off;
 
   ## See app/controllers/application_controller.rb for headers set
@@ -53,11 +55,6 @@ server {
   # ssl_stapling_verify on;
   # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
 
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-  ##
-  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
   ## [Optional] Enable HTTP Strict Transport Security
   # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
 
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 435b9055929..23d504736e6 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -97,8 +97,10 @@ server {
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
 
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  # These settings are in line with the modern settings from https://ssl-config.mozilla.org/
+  # and are supported by all still-supported browsers since 2019. If you have specific needs
+  # for older settings, please consult the intermediate settings there.
+  ssl_protocols TLSv1.3;
   ssl_prefer_server_ciphers off;
 
   ## See app/controllers/application_controller.rb for headers set
@@ -114,11 +116,6 @@ server {
   # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
   # resolver_timeout 5s;
 
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-  ##
-  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
   ## [Optional] Enable HTTP Strict Transport Security
   # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
 
diff --git a/lib/support/nginx/registry-ssl b/lib/support/nginx/registry-ssl
index be16037629b..50ecb855e24 100644
--- a/lib/support/nginx/registry-ssl
+++ b/lib/support/nginx/registry-ssl
@@ -34,15 +34,12 @@ server {
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
 
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  # These settings are in line with the modern settings from https://ssl-config.mozilla.org/
+  # and are supported by all still-supported browsers since 2019. If you have specific needs
+  # for older settings, please consult the intermediate settings there.
+  ssl_protocols TLSv1.3;
   ssl_prefer_server_ciphers off;
 
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-  ##
-  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
   ## [Optional] Enable HTTP Strict Transport Security
   # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
 
diff --git a/lib/tasks/gitlab/packages/migrate.rake b/lib/tasks/gitlab/packages/migrate.rake
index 1c28f4308a2..737788583ae 100644
--- a/lib/tasks/gitlab/packages/migrate.rake
+++ b/lib/tasks/gitlab/packages/migrate.rake
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require 'logger'
-
 desc "GitLab | Packages | Migrate packages files to remote storage"
 namespace :gitlab do
   namespace :packages do
     task migrate: :environment do
+      require 'logger'
+
       logger = Logger.new($stdout)
       logger.info('Starting transfer of package files to object storage')
 
diff --git a/lib/tasks/gitlab/pages.rake b/lib/tasks/gitlab/pages.rake
index e6fde28e38f..ecfb163f284 100644
--- a/lib/tasks/gitlab/pages.rake
+++ b/lib/tasks/gitlab/pages.rake
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require 'logger'
-
 namespace :gitlab do
   namespace :pages do
     namespace :deployments do
       task migrate_to_object_storage: :gitlab_environment do
+        require 'logger'
+
         logger = Logger.new($stdout)
 
         helper = Gitlab::LocalAndRemoteStorageMigration::PagesDeploymentMigrater.new(logger)