rpms
/
grafana
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-33655

This commit is contained in:
Sam Feifer 2024-05-03 10:53:30 -04:00
parent 5cbb944b12
commit 073eca963a
4 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
1002-vendor-use-pbkdf2-from-OpenSSL.patch
View File

@ -23,7 +23,7 @@ index 0000000000..5a06918832
+
+package boring
+
+// #include "openssl_pbkdf2.h"
+// #include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h"
+// #cgo LDFLAGS: -ldl
+import "C"
+import (
@ -39,14 +39,14 @@ index 0000000000..5a06918832
+ emptySha256 = sha256.Sum256([]byte{})
+)
+
+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
+func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR {
+ emptyHash := h.Sum([]byte{})
+
+ switch {
+ case bytes.Equal(emptyHash, emptySha1[:]):
+ return C._goboringcrypto_EVP_sha1()
+ return C.go_openssl_EVP_sha1()
+ case bytes.Equal(emptyHash, emptySha256[:]):
+ return C._goboringcrypto_EVP_sha256()
+ return C.go_openssl_EVP_sha256()
+ }
+ return nil
+}
@ -78,7 +78,7 @@ index 0000000000..5a06918832
+ }
+
+ out := make([]byte, keyLen)
+ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
+ ok := C.go_openssl_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
+ if ok != 1 {
+ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
+ }
@ -106,17 +106,6 @@ index 0000000000..e244fb5663
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+ panic("boringcrypto: not available")
+}
diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
new file mode 100644
index 0000000000..6dfdf10424
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
@@ -0,0 +1,5 @@
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
+
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
+ (pass, passlen, salt, saltlen, iter, digest, keylen, out))
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
index 593f653008..799a611f94 100644
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go

3
create_bundles.sh
View File

@ -49,6 +49,9 @@ rm -r vendor/golang.org/x/crypto/salsa20
rm -r vendor/golang.org/x/crypto/scrypt
rm -r vendor/golang.org/x/crypto/sha3
# Remove unused code under apsl licenses
rm -r vendor/modernc.org/libc
rm -r vendor/modernc.org/sqlite
# List bundled dependencies
awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \

11
grafana.spec
View File

@ -25,7 +25,7 @@ end}
Name: grafana
Version: 10.2.6
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only
URL: https://grafana.org
@ -36,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
# Source1 contains the bundled Go and Node.js dependencies
# Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package.
Source1: grafana-vendor-%{version}-1.tar.xz
Source1: grafana-vendor-%{version}-2.tar.xz
%if %{compile_frontend} == 0
# Source2 contains the precompiled frontend
# Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package.
Source2: grafana-webpack-%{version}-1.tar.gz
Source2: grafana-webpack-%{version}-2.tar.gz
%endif
# Source3 contains the systemd-sysusers configuration
@ -1024,6 +1024,11 @@ fi
%{_datadir}/selinux/*/grafana.pp
%changelog
* Fri May 3 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-2
- Fixes patch 1002 for update to golang-fips
- Remove unused code under apsl-1.1 and apsl-1.2 licenses
- Resolves RHEL-33655
* Tue Apr 2 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-1
- Rebase to grafana 10.2.6

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (grafana-vendor-10.2.6-2.tar.xz) = 683989009af377daca58f9cb4c6c0898b9e750b4e3bf1a0308fb633e6401fb224e6f471aceae01aa814e9bd8940c943565f6f634356b0f0f6b6e80eae65b3c53
SHA512 (grafana-webpack-10.2.6-2.tar.gz) = 928adef2bd13a1499d2b8834d6f9797d71bf7f595ba85514ad422e5fa9e3f846ddda6bd5462b216f4fcda622cda0e25e7eb272ebd3e11e3882de361c636f7266
SHA512 (grafana-10.2.6.tar.gz) = 7244f4cb6572fe0403e6224f7247fbb273bbd1f359ee706a82001f0d409fb375d113f1cb24a657e845b93eb55ee98e1d7ae713e767c219f4d3b00eaf5c73d28e
SHA512 (grafana-webpack-10.2.6-1.tar.gz) = 1ac6486f5d7743ddc8448482881bef9b3f11334335d2c0f39012eeddec9b9ce5d1e59801459ac6a1752ca24b0b200732aeffd9d23003e5f17ce957e436955c70
SHA512 (grafana-vendor-10.2.6-1.tar.xz) = 4902e47ec5b1c85d5c94f0719df7df0ce5bada0fb0d48791556c9465d61c5324812acae9369ded0259add6c73623a5e4d9b69e907f30985c38ac3103f48ad09c