Add missing privileges to MySQL database

Closes gitlab-org/gitlab-ce#19321

See merge request !5079

Updated breakpoint for sidebar pinning

Updates the breakpoint for sidebar pinning to 1024px.

Think we will have the same issue as before when picking into stable with `$window` not being defined.

See merge request !5019
(cherry picked from commit c5d164d1)

Expiry date on pinned nav cookie

Adds an expiry date far into the future for the pinned nav cookie so that it survives logout & browser closing.

See merge request !5009
(cherry picked from commit 73196fbd)

Handle external issues in IssueReferenceFilter

Rendering issue references such as `#1` was broken for projects using an external issues tracker.

See gitlab-org/gitlab-ce#19036

See merge request !4988
(cherry picked from commit 6e82c0e0)

Fix restore warning message

## What does this MR do?

Fix the restore Rake task so it properly outputs the database warning. This is a pretty important warning and it was not even being output. After this fix, the output looks like the screenshot below.

![Screen_Shot_2016-06-28_at_3.53.46_PM](/uploads/d250189d39fcacd0c8ec0aacf9cd930d/Screen_Shot_2016-06-28_at_3.53.46_PM.png)

See merge request !4980
(cherry picked from commit 0144dce7)

Do not show build retry link when build is active

Closes #19244

See merge request !4967
(cherry picked from commit dc2d0051)

Fixed comit avatar alignment

## What does this MR do?

Fixes the alignment of the avatar on https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG

Also fixes potential issues in other places.

## Screenshots (if relevant)

![Screen_Shot_2016-06-27_at_10.58.26](/uploads/fa4f50cfc30a870422d1afa63a4331d1/Screen_Shot_2016-06-27_at_10.58.26.png)![Screen_Shot_2016-06-27_at_10.58.35](/uploads/bd7dc3cf77464c1775fabb45b8079f02/Screen_Shot_2016-06-27_at_10.58.35.png)

See merge request !4933
(cherry picked from commit 8cada02d)

Fixed URL on label button when filtering

## What does this MR do?

Gives the filtered labels the correct URL. Previously they tried to link to `labels#show` whereas now it links to the correct filter path.

## What are the relevant issue numbers?

Closes #19005

See merge request !4897
(cherry picked from commit d3d9df5a)

File Browser navigation fixes

Fixes a double request being made when clicking the file name when navigating through file browser and also fixes opening a file in a new tab or when doing ctrl + click.

Closes #19050

**Before**

![navigation-old](/uploads/f9a40c91e430e31beae3a896cffb1c68/navigation-old.gif)

**After**

![navigation](/uploads/dec9b43894c00cc09d80d19c83506530/navigation.gif)

See merge request !4891
(cherry picked from commit b32a6add)

Resolve "Sub nav isn't showing on file view"

## What does this MR do?
Adds subnav to `Repository` > `File` view

## What are the relevant issue numbers?
Closes #19003
Part of #18844

## Screenshots (if relevant)
![Screen_Shot_2016-06-23_at_5.33.05_PM](/uploads/aa6993b2376dbe454af87d852aa74f5e/Screen_Shot_2016-06-23_at_5.33.05_PM.png)

cc @dzaporozhets

See merge request !4890
(cherry picked from commit 2efee5f6)

Fixed search field blur not removing focus

## What does this MR do?

Adds a blur event to remove focus styling from the search input.

Any particular reason we were looking for clicks on the document? I can't see why we would be.

## What are the relevant issue numbers?

Closes #18670

## Screenshots (if relevant)

![tab](/uploads/4c74d4f76ec7b45bfcf581606d2defb5/tab.gif)

See merge request !4704
(cherry picked from commit c051630a)

Ensure logged-out users can't see private refs

https://gitlab.com/gitlab-org/gitlab-ce/issues/18033

I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10.

See merge request !1974
(cherry picked from commit 3a6ebb1f)

Fix privilege escalation issue with OAuth external users

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312

This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.

/cc @douwe

See merge request !1975
(cherry picked from commit 5e6342b7)

Use update_columns to by_pass all the dirty code on active_record

See merge request !4985
(cherry picked from commit ad09fcb5)

Reduce overhead and optimize ProjectTeam#max_member_access performance

See merge request !4973
(cherry picked from commit d33991f8)

Fixes missing avatar on system notes

Closes #17295

![Screen_Shot_2016-06-27_at_12.50.50_PM](/uploads/b142226e608ccfe751a9b6059f57c9ec/Screen_Shot_2016-06-27_at_12.50.50_PM.jpg)

See merge request !4954
(cherry picked from commit 9e8fdead)

Removed fade when filtering results

## What does this MR do?

Removes the `opacity` change when filtering results seeing as we now do `Turbolinks.visit` it isn't required.

Best way to see issue - filter issues & then go back. Will still have opacity styling.

See merge request !4932
(cherry picked from commit bef4294c)

Fixed avatar alignment in new MR view

## What does this MR do?

Fixes the alignment of the avatar in new MR view.
Closes #19076

## Screenshots (if relevant)

![Screen_Shot_2016-06-24_at_12.53.58](/uploads/fc94faf2e48f194852693b7ae79e8fa3/Screen_Shot_2016-06-24_at_12.53.58.png)

See merge request !4901
(cherry picked from commit 3611ee56)

Use memorized tags array when searching tags by name

See merge request !4859
(cherry picked from commit 9d0ef60d)

Fix encrypted data backwards compatibility after upgrading attr_encrypted gem

Adds missing attribute to attr_encrypted so it is fully backwards-compatible. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19073

See merge request !4963
(cherry picked from commit 2c3f3cb3)

Fix rendering of commit notes

See merge request !4953
(cherry picked from commit 9c9b0eef)

Resolve "Pin should show up at 1280px min"

Decreased window min width for pinned sidebar

Closes  #19171
Part of #19200

![Screen_Shot_2016-06-27_at_9.36.13_AM](/uploads/d0a87bca5af1bee808c5b1046c0ecf72/Screen_Shot_2016-06-27_at_9.36.13_AM.png)

See merge request !4947
(cherry picked from commit bbbd0e6c)

Switched mobile button icons to ellipsis and angle

## What does this MR do?
Switches the mobile button icons

## What are the relevant issue numbers?
Closes #19170
Part of #19200

## Screenshots (if relevant)
![Screen_Shot_2016-06-27_at_9.08.28_AM](/uploads/7784489402e342e671d02b24d2ea0d64/Screen_Shot_2016-06-27_at_9.08.28_AM.png)

See merge request !4944
(cherry picked from commit abc6004f)

Correctly return todo ID after creating todo

See merge request !4941
(cherry picked from commit 21842cf9)

Better debugging for memory killer middleware

This adds more info to the warning messages output by `MemoryKiller`.

Previously only the PID was showed, making it difficult to debug issues like https://gitlab.com/gitlab-org/gitlab-ce/issues/19124

This adds the worker class and job ID to the log messages.

See merge request !4936
(cherry picked from commit 3659992c)

Remove duplicate new page btn from edit wiki

## What does this MR do?
Removes duplicate button on wiki page

## What are the relevant issue numbers?
Closes #19075

## Screenshots (if relevant)
![Screen_Shot_2016-06-24_at_9.45.28_AM](/uploads/8dca96c3e75b428d63acaaba6dede9a6/Screen_Shot_2016-06-24_at_9.45.28_AM.png)
![Screen_Shot_2016-06-24_at_9.45.57_AM](/uploads/e6ea97b07e48d2fe6f108d8c5a943583/Screen_Shot_2016-06-24_at_9.45.57_AM.png)

See merge request !4904
(cherry picked from commit 121c5c83)

Use clock_gettime for all performance timestamps

This MR adjusts the performance monitoring code to use `Process.clock_gettime` (thus `clock_gettime(3)`) instead of `Time.now`.

Using `Time.now` / `Time.new` adds more overhead than `Process.clock_gettime`, it also doesn't provide a way of getting timestamps in nanoseconds (which `Process.clock_gettime` does allow).

See merge request !4899
(cherry picked from commit 53ad9522)

[ci skip]

Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml

## What does this MR do?

Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)

Fixes #19206

See merge request !4951

Fix visibility of snippets when searching

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997

See merge request !1972

Fix an information disclosure when requesting access to a group containing private projects

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102.

The commit speaks for itself:

    Fix an information disclosure when requesting access to a group containing private projects
    
    The issue was with the `User#groups` and `User#projects` associations
    which goes through the `User#group_members` and `User#project_members`.
    
    Initially I chose to use a secure approach by storing the requester's
    user ID in `Member#created_by_id` instead of `Member#user_id` because I
    was aware that there was a security risk since I didn't know the
    codebase well enough.
    
    Then during the review, we decided to change that and directly store the
    requester's user ID into `Member#user_id` (for the sake of simplifying
    the code I believe), meaning that every `group_members` / `project_members`
    association would include the requesters by default...
    
    My bad for not checking that all the `group_members` / `project_members`
    associations and the ones that go through them (e.g. `Group#users` and
    `Project#users`) were made safe with the `where(requested_at: nil)` /
    `where(members: { requested_at: nil })` scopes.
    
    Now they are all secure.

See merge request !1973

Remove duplicate changelog entry

## What does this MR do?

Removes a changelog entry from 8.9.1, which is only present in 8.10



See merge request !4937

[ci skip]

[ci skip]