From bc8f2e0d6d4ffd8ca0195295e5c0b2d208f287e0 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sun, 30 May 2021 20:33:16 -0700
Subject: [PATCH 1/2] Update google-protobuf to v3.17.1

Due to https://github.com/protocolbuffers/protobuf/issues/8559,
google-protobuf v3.15.8 can seg fault in the FindCommits RPC call if the
options hash is garbage collected before gRPC encodes the message. This
was fixed in google-protobuf v3.17.1 via
https://github.com/protocolbuffers/protobuf/pull/8639.

Unfortunately, pg_query has a hard dependency on google-protobuf
v3.15.x.  This was bumped in
https://github.com/pganalyze/pg_query/pull/212, but an official version
has not yet been tagged.

In addition, https://github.com/pganalyze/pg_query/pull/213 would relax
the dependency so that google-protobuf can be upgraded without having to
update pg_query.

Until pg_query releases a new version, we use our fork to ensure this
seg fault cannot happen.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/330998

Changelog: fixed
---
 Gemfile      |  6 +++---
 Gemfile.lock | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0d0ac74bf1e5ba..6d7c12c204bb18 100644
--- a/Gemfile
+++ b/Gemfile
@@ -308,12 +308,12 @@ gem 'rack-attack', '~> 6.3.0'
 gem 'sentry-raven', '~> 3.1'
 
 # PostgreSQL query parsing
-gem 'pg_query', '~> 2.0.3'
+gem 'gitlab-pg_query', '~> 2.0.4', require: 'pg_query'
 
 gem 'premailer-rails', '~> 1.10.3'
 
 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '~> 0.17.1'
+gem 'gitlab-labkit', '~> 0.18.0'
 # Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
 # because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
 gem 'thrift', '>= 0.14.0'
@@ -483,7 +483,7 @@ gem 'gitaly', '~> 13.12.0.pre.rc1'
 
 gem 'grpc', '~> 1.30.2'
 
-gem 'google-protobuf', '~> 3.15.8'
+gem 'google-protobuf', '~> 3.17.1'
 
 gem 'toml-rb', '~> 1.0.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 196eeb8ea603f2..5be9b9b8a58510 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -467,13 +467,13 @@ GEM
       fog-xml (~> 0.1.0)
       google-api-client (>= 0.44.2, < 0.51)
       google-cloud-env (~> 1.2)
-    gitlab-labkit (0.17.1)
+    gitlab-labkit (0.18.0)
       actionpack (>= 5.0.0, < 7.0.0)
       activesupport (>= 5.0.0, < 7.0.0)
+      gitlab-pg_query (~> 2.0)
       grpc (~> 1.19)
       jaeger-client (~> 1.1)
       opentracing (~> 0.4)
-      pg_query (~> 2.0)
       redis (> 3.0.0, < 5.0.0)
     gitlab-license (1.5.0)
     gitlab-mail_room (0.0.9)
@@ -483,6 +483,8 @@ GEM
       addressable (~> 2.7)
       omniauth (~> 1.9)
       openid_connect (~> 1.2)
+    gitlab-pg_query (2.0.4)
+      google-protobuf (>= 3.17.1)
     gitlab-sidekiq-fetcher (0.5.6)
       sidekiq (~> 5)
     gitlab-styles (6.2.0)
@@ -516,7 +518,7 @@ GEM
       signet (~> 0.12)
     google-cloud-env (1.4.0)
       faraday (>= 0.17.3, < 2.0)
-    google-protobuf (3.15.8)
+    google-protobuf (3.17.1)
     googleapis-common-protos-types (1.0.6)
       google-protobuf (~> 3.14)
     googleauth (0.14.0)
@@ -903,8 +905,6 @@ GEM
     peek (1.1.0)
       railties (>= 4.0.0)
     pg (1.2.3)
-    pg_query (2.0.3)
-      google-protobuf (~> 3.15.5)
     plist (3.6.0)
     png_quantizator (0.2.1)
     po_to_json (1.0.1)
@@ -1477,19 +1477,20 @@ DEPENDENCIES
   gitlab-experiment (~> 0.5.4)
   gitlab-fog-azure-rm (~> 1.0.1)
   gitlab-fog-google (~> 1.13)
-  gitlab-labkit (~> 0.17.1)
+  gitlab-labkit (~> 0.18.0)
   gitlab-license (~> 1.5)
   gitlab-mail_room (~> 0.0.9)
   gitlab-markup (~> 1.7.1)
   gitlab-net-dns (~> 0.9.1)
   gitlab-omniauth-openid-connect (~> 0.4.0)
+  gitlab-pg_query (~> 2.0.4)
   gitlab-sidekiq-fetcher (= 0.5.6)
   gitlab-styles (~> 6.2.0)
   gitlab_chronic_duration (~> 0.10.6.2)
   gitlab_omniauth-ldap (~> 2.1.1)
   gon (~> 6.4.0)
   google-api-client (~> 0.33)
-  google-protobuf (~> 3.15.8)
+  google-protobuf (~> 3.17.1)
   gpgme (~> 2.0.19)
   grape (~> 1.5.2)
   grape-entity (~> 0.9.0)
@@ -1570,7 +1571,6 @@ DEPENDENCIES
   parslet (~> 1.8)
   peek (~> 1.1)
   pg (~> 1.1)
-  pg_query (~> 2.0.3)
   png_quantizator (~> 0.2.1)
   premailer-rails (~> 1.10.3)
   prometheus-client-mmap (~> 0.12.0)
-- 
GitLab


From c76571e4512f76afb192c7de4b730833abca5263 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Mon, 31 May 2021 06:25:42 -0700
Subject: [PATCH 2/2] Add comment about why we need gitlab-pg_query fork

---
 Gemfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Gemfile b/Gemfile
index 6d7c12c204bb18..ce1bed6cc88b8d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -308,6 +308,11 @@ gem 'rack-attack', '~> 6.3.0'
 gem 'sentry-raven', '~> 3.1'
 
 # PostgreSQL query parsing
+#
+# We need this fork until https://github.com/pganalyze/pg_query/pull/212
+# and https://github.com/pganalyze/pg_query/pull/213 are
+# released. gitlab-labkit will need to be updated to use the pg_query
+# version.
 gem 'gitlab-pg_query', '~> 2.0.4', require: 'pg_query'
 
 gem 'premailer-rails', '~> 1.10.3'
-- 
GitLab