From c04ae24b7f431824231e7ecab5ee33fe8d636d61 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 10 Aug 2022 16:06:02 +0200
Subject: [PATCH] rebuild to fix various Golang CVEs

Resolves: #2111753
---
 grafana-pcp.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/grafana-pcp.spec b/grafana-pcp.spec
index 58f9f98..a0698b9 100644
--- a/grafana-pcp.spec
+++ b/grafana-pcp.spec
@@ -24,7 +24,7 @@ end}
 
 Name:           grafana-pcp
 Version:        3.2.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Performance Co-Pilot Grafana Plugin
 License:        ASL 2.0
 URL:            https://github.com/performancecopilot/grafana-pcp
@@ -198,6 +198,14 @@ export GOPATH=%{_builddir}
 
 
 %changelog
+* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-2
+- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
+- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
+- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
+- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
+- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
+- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
+
 * Fri Nov 12 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-1
 - update to 3.2.0 tagged upstream community sources, see CHANGELOG