update to upstream Grafana 9.0.9, fix CVE-2022-35957

Resolves: rhbz#2125530
This commit is contained in:
Andreas Gerstmayr 2022-09-21 13:28:25 +02:00
parent 4b8a079f1c
commit 0313c1b6d5
11 changed files with 92 additions and 88 deletions

View File

@ -1,4 +1,4 @@
From 055e0dd18587a4fb04d314527a39e419989b6cd3 Mon Sep 17 00:00:00 2001
From 8ec3bc255d50a53ab206a59d9c0a5bd6560d12b1 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 16:57:52 +0200
Subject: [PATCH] update grafana-cli script with distro-specific paths and

View File

@ -1,4 +1,4 @@
From af9688a2f1d15fa4b4840a0224ec159a97bcc411 Mon Sep 17 00:00:00 2001
From 2af478556ea021b939381cdf69582cd045dd6c85 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:01:09 +0200
Subject: [PATCH] add manpages
@ -6,11 +6,11 @@ Subject: [PATCH] add manpages
diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1
new file mode 100644
index 0000000000..081d35bfae
index 0000000000..2dc5073206
--- /dev/null
+++ b/docs/man/man1/grafana-cli.1
@@ -0,0 +1,63 @@
+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.8" "User Commands"
+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands"
+.SH NAME
+grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION
@ -75,11 +75,11 @@ index 0000000000..081d35bfae
+.BR http://docs.grafana.org/ .
diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1
new file mode 100644
index 0000000000..a10acbb253
index 0000000000..7f33239ea4
--- /dev/null
+++ b/docs/man/man1/grafana-server.1
@@ -0,0 +1,80 @@
+.TH VERSION "1" "September 2022" "Version 9.0.8" "User Commands"
+.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands"
+.SH NAME
+grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION

View File

@ -1,11 +1,11 @@
From 4e98684081dff58ff4159e7c4af46227c85b77c6 Mon Sep 17 00:00:00 2001
From 1a5bc46ab64b80717ff9f17d194171db76a0507d Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:05:48 +0200
Subject: [PATCH] update default configuration
diff --git a/conf/defaults.ini b/conf/defaults.ini
index b2034acc9a..7137cd5707 100644
index dbb7143be4..4a3cf0a21d 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -190,7 +190,7 @@ row_limit = 1000000
@ -27,7 +27,7 @@ index b2034acc9a..7137cd5707 100644
# Set to false to disable all checks to https://grafana.com
# for new versions of plugins. The check is used
diff --git a/conf/sample.ini b/conf/sample.ini
index b5c2e2eae2..24e77d5233 100644
index d44532f346..1ede932e1e 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -196,7 +196,7 @@
@ -57,7 +57,7 @@ index b5c2e2eae2..24e77d5233 100644
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
;default_home_dashboard_path =
@@ -1026,7 +1026,7 @@
@@ -1028,7 +1028,7 @@
;enable_alpha = false
;app_tls_skip_verify_insecure = false
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.

View File

@ -1,4 +1,4 @@
From 64155b6b75589f127b304c1bc04a21baaaf92961 Mon Sep 17 00:00:00 2001
From 9fa3bbb227b19b13b02fa7e24cb4331e4918cc06 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:18:56 +0200
Subject: [PATCH] remove unused backend dependencies

View File

@ -1,4 +1,4 @@
From 7aacc4ad1439e13a0b1aee0f5775819fb1434ebf Mon Sep 17 00:00:00 2001
From 8a665403e0dfad72eede05b6088a6851776a6489 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:36:47 +0200
Subject: [PATCH] remove unused frontend crypto
@ -7,7 +7,7 @@ update `package.json` and then run `yarn install` to update the
`yarn.lock` lockfile
diff --git a/package.json b/package.json
index 2741ac47bf..9c2e666bf2 100644
index 5e2875090b..137a307f14 100644
--- a/package.json
+++ b/package.json
@@ -396,6 +396,9 @@
@ -18,13 +18,13 @@ index 2741ac47bf..9c2e666bf2 100644
+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
"underscore": "1.13.3",
"@types/slate": "0.47.2",
"@types/slate": "0.47.9",
"@microsoft/api-extractor-model": "7.17.3",
diff --git a/yarn.lock b/yarn.lock
index 1bb1a2f2f5..27fd81c9be 100644
index 8132e0f942..b41c0efb1b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12285,34 +12285,6 @@ __metadata:
@@ -12256,34 +12256,6 @@ __metadata:
languageName: node
linkType: hard
@ -59,7 +59,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"assert@npm:2.0.0":
version: 2.0.0
resolution: "assert@npm:2.0.0"
@@ -12899,15 +12871,6 @@ __metadata:
@@ -12870,15 +12842,6 @@ __metadata:
languageName: node
linkType: hard
@ -75,7 +75,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"before-after-hook@npm:^2.2.0":
version: 2.2.2
resolution: "before-after-hook@npm:2.2.2"
@@ -12999,20 +12962,6 @@ __metadata:
@@ -12970,20 +12933,6 @@ __metadata:
languageName: node
linkType: hard
@ -96,7 +96,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"body-parser@npm:1.19.0":
version: 1.19.0
resolution: "body-parser@npm:1.19.0"
@@ -13137,13 +13086,6 @@ __metadata:
@@ -13108,13 +13057,6 @@ __metadata:
languageName: node
linkType: hard
@ -110,7 +110,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"browser-process-hrtime@npm:^1.0.0":
version: 1.0.0
resolution: "browser-process-hrtime@npm:1.0.0"
@@ -13158,70 +13100,6 @@ __metadata:
@@ -13129,70 +13071,6 @@ __metadata:
languageName: node
linkType: hard
@ -181,7 +181,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"browserify-zlib@npm:^0.2.0":
version: 0.2.0
resolution: "browserify-zlib@npm:0.2.0"
@@ -13323,13 +13201,6 @@ __metadata:
@@ -13294,13 +13172,6 @@ __metadata:
languageName: node
linkType: hard
@ -195,7 +195,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"buffer@npm:^4.3.0":
version: 4.9.2
resolution: "buffer@npm:4.9.2"
@@ -13925,16 +13796,6 @@ __metadata:
@@ -13896,16 +13767,6 @@ __metadata:
languageName: node
linkType: hard
@ -212,7 +212,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"cjs-module-lexer@npm:^1.0.0":
version: 1.2.2
resolution: "cjs-module-lexer@npm:1.2.2"
@@ -14835,13 +14696,6 @@ __metadata:
@@ -14806,13 +14667,6 @@ __metadata:
languageName: node
linkType: hard
@ -226,7 +226,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"core-util-is@npm:~1.0.0":
version: 1.0.3
resolution: "core-util-is@npm:1.0.3"
@@ -14911,16 +14765,6 @@ __metadata:
@@ -14882,16 +14736,6 @@ __metadata:
languageName: node
linkType: hard
@ -243,7 +243,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"create-emotion@npm:^10.0.14, create-emotion@npm:^10.0.27":
version: 10.0.27
resolution: "create-emotion@npm:10.0.27"
@@ -14933,33 +14777,6 @@ __metadata:
@@ -14904,33 +14748,6 @@ __metadata:
languageName: node
linkType: hard
@ -277,7 +277,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"create-require@npm:^1.1.0":
version: 1.1.1
resolution: "create-require@npm:1.1.1"
@@ -14991,22 +14808,10 @@ __metadata:
@@ -14962,22 +14779,10 @@ __metadata:
languageName: node
linkType: hard
@ -304,7 +304,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
languageName: node
linkType: hard
@@ -15957,15 +15762,6 @@ __metadata:
@@ -15928,15 +15733,6 @@ __metadata:
languageName: node
linkType: hard
@ -320,7 +320,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"data-urls@npm:^2.0.0":
version: 2.0.0
resolution: "data-urls@npm:2.0.0"
@@ -16280,16 +16076,6 @@ __metadata:
@@ -16251,16 +16047,6 @@ __metadata:
languageName: node
linkType: hard
@ -337,7 +337,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"destroy@npm:~1.0.4":
version: 1.0.4
resolution: "destroy@npm:1.0.4"
@@ -16426,17 +16212,6 @@ __metadata:
@@ -16397,17 +16183,6 @@ __metadata:
languageName: node
linkType: hard
@ -355,7 +355,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"dir-glob@npm:^2.2.2":
version: 2.2.2
resolution: "dir-glob@npm:2.2.2"
@@ -16723,16 +16498,6 @@ __metadata:
@@ -16694,16 +16469,6 @@ __metadata:
languageName: node
linkType: hard
@ -372,7 +372,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"ee-first@npm:1.1.1":
version: 1.1.1
resolution: "ee-first@npm:1.1.1"
@@ -16777,21 +16542,6 @@ __metadata:
@@ -16748,21 +16513,6 @@ __metadata:
languageName: node
linkType: hard
@ -394,7 +394,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"emitter-component@npm:^1.1.1":
version: 1.1.1
resolution: "emitter-component@npm:1.1.1"
@@ -17745,17 +17495,6 @@ __metadata:
@@ -17716,17 +17466,6 @@ __metadata:
languageName: node
linkType: hard
@ -412,7 +412,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"exec-sh@npm:^0.3.2":
version: 0.3.6
resolution: "exec-sh@npm:0.3.6"
@@ -18035,20 +17774,6 @@ __metadata:
@@ -18006,20 +17745,6 @@ __metadata:
languageName: node
linkType: hard
@ -433,7 +433,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
version: 3.1.3
resolution: "fast-deep-equal@npm:3.1.3"
@@ -19075,15 +18800,6 @@ __metadata:
@@ -19046,15 +18771,6 @@ __metadata:
languageName: node
linkType: hard
@ -449,7 +449,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"git-raw-commits@npm:^2.0.8":
version: 2.0.10
resolution: "git-raw-commits@npm:2.0.10"
@@ -19916,27 +19632,6 @@ __metadata:
@@ -19887,27 +19603,6 @@ __metadata:
languageName: node
linkType: hard
@ -477,7 +477,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"hast-to-hyperscript@npm:^9.0.0":
version: 9.0.1
resolution: "hast-to-hyperscript@npm:9.0.1"
@@ -20072,17 +19767,6 @@ __metadata:
@@ -20043,17 +19738,6 @@ __metadata:
languageName: node
linkType: hard
@ -495,7 +495,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"hoist-non-react-statics@npm:3.3.2, hoist-non-react-statics@npm:^3.1.0, hoist-non-react-statics@npm:^3.3.0, hoist-non-react-statics@npm:^3.3.1, hoist-non-react-statics@npm:^3.3.2":
version: 3.3.2
resolution: "hoist-non-react-statics@npm:3.3.2"
@@ -20423,25 +20107,10 @@ __metadata:
@@ -20394,25 +20078,10 @@ __metadata:
languageName: node
linkType: hard
@ -525,7 +525,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
languageName: node
linkType: hard
@@ -22591,13 +22260,6 @@ __metadata:
@@ -22562,13 +22231,6 @@ __metadata:
languageName: node
linkType: hard
@ -539,7 +539,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"jsdoc-type-pratt-parser@npm:~2.2.5":
version: 2.2.5
resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
@@ -22712,13 +22374,6 @@ __metadata:
@@ -22683,13 +22345,6 @@ __metadata:
languageName: node
linkType: hard
@ -553,7 +553,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"json-source-map@npm:0.6.1":
version: 0.6.1
resolution: "json-source-map@npm:0.6.1"
@@ -22822,30 +22477,6 @@ __metadata:
@@ -22793,30 +22448,6 @@ __metadata:
languageName: node
linkType: hard
@ -584,7 +584,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"jsurl@npm:^0.1.5":
version: 0.1.5
resolution: "jsurl@npm:0.1.5"
@@ -23847,17 +23478,6 @@ __metadata:
@@ -23818,17 +23449,6 @@ __metadata:
languageName: node
linkType: hard
@ -602,7 +602,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"mdast-squeeze-paragraphs@npm:^4.0.0":
version: 4.0.0
resolution: "mdast-squeeze-paragraphs@npm:4.0.0"
@@ -24137,18 +23757,6 @@ __metadata:
@@ -24108,18 +23728,6 @@ __metadata:
languageName: node
linkType: hard
@ -621,7 +621,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"mime-db@npm:1.50.0, mime-db@npm:>= 1.43.0 < 2":
version: 1.50.0
resolution: "mime-db@npm:1.50.0"
@@ -24276,20 +23884,13 @@ __metadata:
@@ -24247,20 +23855,13 @@ __metadata:
languageName: node
linkType: hard
@ -643,7 +643,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"minimatch@npm:3.0.4, minimatch@npm:^3.0.4":
version: 3.0.4
resolution: "minimatch@npm:3.0.4"
@@ -24932,13 +24533,6 @@ __metadata:
@@ -24903,13 +24504,6 @@ __metadata:
languageName: node
linkType: hard
@ -657,7 +657,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"node-gettext@npm:^3.0.0":
version: 3.0.0
resolution: "node-gettext@npm:3.0.0"
@@ -26053,19 +25647,6 @@ __metadata:
@@ -26024,19 +25618,6 @@ __metadata:
languageName: node
linkType: hard
@ -677,7 +677,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"parse-entities@npm:^2.0.0":
version: 2.0.0
resolution: "parse-entities@npm:2.0.0"
@@ -26287,19 +25868,6 @@ __metadata:
@@ -26258,19 +25839,6 @@ __metadata:
languageName: node
linkType: hard
@ -697,7 +697,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"pend@npm:~1.2.0":
version: 1.2.0
resolution: "pend@npm:1.2.0"
@@ -27988,20 +27556,6 @@ __metadata:
@@ -27959,20 +27527,6 @@ __metadata:
languageName: node
linkType: hard
@ -718,7 +718,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"pump@npm:^2.0.0":
version: 2.0.1
resolution: "pump@npm:2.0.1"
@@ -28210,7 +27764,7 @@ __metadata:
@@ -28181,7 +27735,7 @@ __metadata:
languageName: node
linkType: hard
@ -727,7 +727,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
version: 2.1.0
resolution: "randombytes@npm:2.1.0"
dependencies:
@@ -28219,16 +27773,6 @@ __metadata:
@@ -28190,16 +27744,6 @@ __metadata:
languageName: node
linkType: hard
@ -744,7 +744,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"range-parser@npm:^1.2.1, range-parser@npm:~1.2.1":
version: 1.2.1
resolution: "range-parser@npm:1.2.1"
@@ -30472,16 +30016,6 @@ __metadata:
@@ -30443,16 +29987,6 @@ __metadata:
languageName: node
linkType: hard
@ -761,7 +761,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"rollup-plugin-copy@npm:3.4.0":
version: 3.4.0
resolution: "rollup-plugin-copy@npm:3.4.0"
@@ -30667,7 +30201,7 @@ __metadata:
@@ -30638,7 +30172,7 @@ __metadata:
languageName: node
linkType: hard
@ -770,7 +770,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
version: 5.2.1
resolution: "safe-buffer@npm:5.2.1"
checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491
@@ -30683,7 +30217,7 @@ __metadata:
@@ -30654,7 +30188,7 @@ __metadata:
languageName: node
linkType: hard
@ -779,7 +779,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
version: 2.1.2
resolution: "safer-buffer@npm:2.1.2"
checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
@@ -30920,12 +30454,10 @@ __metadata:
@@ -30891,12 +30425,10 @@ __metadata:
languageName: node
linkType: hard
@ -796,7 +796,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
languageName: node
linkType: hard
@@ -31162,18 +30694,6 @@ __metadata:
@@ -31133,18 +30665,6 @@ __metadata:
languageName: node
linkType: hard
@ -815,7 +815,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"shallow-clone@npm:^3.0.0":
version: 3.0.1
resolution: "shallow-clone@npm:3.0.1"
@@ -31821,27 +31341,6 @@ __metadata:
@@ -31830,27 +31350,6 @@ __metadata:
languageName: node
linkType: hard
@ -843,7 +843,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"ssri@npm:^6.0.1":
version: 6.0.2
resolution: "ssri@npm:6.0.2"
@@ -33500,13 +32999,6 @@ __metadata:
@@ -33509,13 +33008,6 @@ __metadata:
languageName: node
linkType: hard
@ -857,7 +857,7 @@ index 1bb1a2f2f5..27fd81c9be 100644
"type-check@npm:^0.4.0, type-check@npm:~0.4.0":
version: 0.4.0
resolution: "type-check@npm:0.4.0"
@@ -34320,17 +33812,6 @@ __metadata:
@@ -34329,17 +33821,6 @@ __metadata:
languageName: node
linkType: soft

View File

@ -1,4 +1,4 @@
From b540a2caa038568c39456c6a8189664d51ba5236 Mon Sep 17 00:00:00 2001
From ee7dfe8a877a5a20e38896c2115aeb236ca7d453 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Thu, 25 Nov 2021 18:49:52 +0100
Subject: [PATCH] notifications: use HMAC-SHA256 to generate password reset

View File

@ -1,4 +1,4 @@
From 6cd629300d5cb10218ac9b4b23e3f97381acf502 Mon Sep 17 00:00:00 2001
From 547c09f8771dac1ee451aa1761af9d50697d3888 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Thu, 23 Jun 2022 17:00:46 +0200
Subject: [PATCH] skip marketplace plugin install test

View File

@ -1,15 +1,15 @@
From 1582ba252ce38745283b2ed4d3e573ec3e445c28 Mon Sep 17 00:00:00 2001
From 37aed65376760b8459f4588a15ba55fe43131a8b Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Tue, 5 Jul 2022 17:04:13 +0200
Date: Mon, 27 Jun 2022 17:12:27 +0200
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
on 32-bit architectures 2
on 32-bit architectures
diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go
index bdd48d08ed..aa2b1f9945 100644
--- a/pkg/tsdb/prometheus/models/query.go
+++ b/pkg/tsdb/prometheus/models/query.go
@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go
index 40db2d9100..0af2d3ecab 100644
--- a/pkg/tsdb/prometheus/buffered/time_series_query.go
+++ b/pkg/tsdb/prometheus/buffered/time_series_query.go
@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
return time.Duration(0)
}

View File

@ -1,15 +1,15 @@
From bcb0dae049ae5684762bf46fbee68e915fffca99 Mon Sep 17 00:00:00 2001
From 9c3f27a440c515c3b8949c981a58666c7de3c8bc Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Mon, 27 Jun 2022 17:12:27 +0200
Date: Tue, 5 Jul 2022 17:04:13 +0200
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
on 32-bit architectures
on 32-bit architectures 2
diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go
index 40db2d9100..0af2d3ecab 100644
--- a/pkg/tsdb/prometheus/buffered/time_series_query.go
+++ b/pkg/tsdb/prometheus/buffered/time_series_query.go
@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go
index bdd48d08ed..aa2b1f9945 100644
--- a/pkg/tsdb/prometheus/models/query.go
+++ b/pkg/tsdb/prometheus/models/query.go
@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
return time.Duration(0)
}

View File

@ -22,8 +22,8 @@ end}
%global gotestflags %{gotestflags} -tags=integration
Name: grafana
Version: 9.0.8
Release: 2%{?dist}
Version: 9.0.9
Release: 1%{?dist}
Summary: Metrics dashboard and graph editor
License: AGPLv3
URL: https://grafana.org
@ -66,10 +66,10 @@ Patch4: 0004-remove-unused-backend-dependencies.patch
Patch5: 0005-remove-unused-frontend-crypto.patch
# https://github.com/grafana/grafana/pull/42334
Patch6: 0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch
Patch8: 0008-skip-marketplace-plugin-install-test.patch
Patch7: 0007-skip-marketplace-plugin-install-test.patch
# https://github.com/grafana/grafana/pull/51508
Patch8: 0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
Patch9: 0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
Patch10: 0010-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
# Patches affecting the vendor tarball
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
@ -297,7 +297,6 @@ Provides: bundled(npm(@grafana/google-sdk)) = 0.0.3
Provides: bundled(npm(@grafana/lezer-logql)) = 0.0.12
Provides: bundled(npm(@grafana/runtime)) = 0.0.0-use.local
Provides: bundled(npm(@grafana/schema)) = 0.0.0-use.local
Provides: bundled(npm(@grafana/slate-react)) = 0.22.10-grafana
Provides: bundled(npm(@grafana/toolkit)) = 0.0.0-use.local
Provides: bundled(npm(@grafana/tsconfig)) = 1.2.0rc1
Provides: bundled(npm(@grafana/ui)) = 0.0.0-use.local
@ -381,7 +380,6 @@ Provides: bundled(npm(@types/eslint)) = 7.28.2
Provides: bundled(npm(@types/file-saver)) = 2.0.5
Provides: bundled(npm(@types/fs-extra)) = 8.1.2
Provides: bundled(npm(@types/google.analytics)) = 0.0.42
Provides: bundled(npm(@types/grafana__slate-react)) = 0.22.5
Provides: bundled(npm(@types/history)) = 4.7.9
Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1
Provides: bundled(npm(@types/inquirer)) = 8.2.1
@ -427,8 +425,9 @@ Provides: bundled(npm(@types/reselect)) = 2.2.0
Provides: bundled(npm(@types/rimraf)) = 3.0.2
Provides: bundled(npm(@types/semver)) = 7.3.9
Provides: bundled(npm(@types/sinon)) = 10.0.11
Provides: bundled(npm(@types/slate)) = 0.47.2
Provides: bundled(npm(@types/slate)) = 0.47.9
Provides: bundled(npm(@types/slate-plain-serializer)) = 0.7.2
Provides: bundled(npm(@types/slate-react)) = 0.22.9
Provides: bundled(npm(@types/systemjs)) = 0.20.8
Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.14.1
Provides: bundled(npm(@types/testing-library__react-hooks)) = 3.4.1
@ -642,8 +641,9 @@ Provides: bundled(npm(selecto)) = 1.16.2
Provides: bundled(npm(semver)) = 5.7.1
Provides: bundled(npm(simple-git)) = 3.7.1
Provides: bundled(npm(sinon)) = 14.0.0
Provides: bundled(npm(slate)) = 0.47.8
Provides: bundled(npm(slate-plain-serializer)) = 0.7.10
Provides: bundled(npm(slate)) = 0.47.9
Provides: bundled(npm(slate-plain-serializer)) = 0.7.11
Provides: bundled(npm(slate-react)) = 0.22.10
Provides: bundled(npm(storybook-dark-mode)) = 1.1.0
Provides: bundled(npm(style-loader)) = 1.3.0
Provides: bundled(npm(stylelint)) = 14.8.2
@ -703,9 +703,9 @@ rm -r plugins-bundled
%if 0%{?fedora} || 0%{?rhel} > 8
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch1001 -p1
%if %{enable_fips_mode}
@ -889,6 +889,10 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
%changelog
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
- bump NVR

View File

@ -1,3 +1,3 @@
SHA512 (grafana-9.0.8.tar.gz) = faa8497512f31646ad2391f080452b8d2fd7b6077df566f304d3d2aad22ea164d0f06dd03cf9af87be513ee1feea935562cbd264d5e58c0fd3dff3dd960f6afc
SHA512 (grafana-webpack-9.0.8-1.tar.gz) = 9bd7180b80363925ec0a8adf40316923e3f28aa6ce3980d20b82b84515ae72665cb6d6aa7ae878b26e17a64b84d0b19231eedc57d2d2dd78542ac70095335b51
SHA512 (grafana-vendor-9.0.8-1.tar.xz) = 669f1a470ab011b0dee57438591a1be3d9597af912484862b6dfe7456450132267791034beadb8dc7f96eced7a77db675471f6fb1dd373928fab4317e429102c
SHA512 (grafana-9.0.9.tar.gz) = fe75923db2c3c6644f43de540c9357cb4bdb8b4a2f266488ae9bee5337039239581593de01b1504731167a8ab28004e542918ba2e1f2d11719052883a4c4d4da
SHA512 (grafana-webpack-9.0.9-1.tar.gz) = 7a78a8bb9f274bdf88405ebbd2805181417a9c7d3297d9e8b61894fb2a296cd550952e64a12e7de1b3771be2af63659d20f17e204d5f56fa057604d0afa9ee1a
SHA512 (grafana-vendor-9.0.9-1.tar.xz) = 25e9720035681c12664e47223516136ff6655d015c27cffdd16e753a77795b5db227be7ee80837d70b0c194239fcda6d9affcce37695fc4dc5dd8639e10d9ee7