parent
171ce90ada
commit
077561a443
21
010-CVE-2020-13430.patch
Normal file
21
010-CVE-2020-13430.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff --git a/public/app/plugins/datasource/opentsdb/query_ctrl.ts b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
|
||||
index 8569de2eb0..cbb1790625 100644
|
||||
--- a/public/app/plugins/datasource/opentsdb/query_ctrl.ts
|
||||
+++ b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
|
||||
@@ -2,6 +2,7 @@ import _ from 'lodash';
|
||||
import kbn from 'app/core/utils/kbn';
|
||||
import { QueryCtrl } from 'app/plugins/sdk';
|
||||
import { auto } from 'angular';
|
||||
+import { escapeHtml } from 'app/core/utils/text';
|
||||
|
||||
export class OpenTsQueryCtrl extends QueryCtrl {
|
||||
static templateUrl = 'partials/query.editor.html';
|
||||
@@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {
|
||||
|
||||
getTextValues(metricFindResult: any) {
|
||||
return _.map(metricFindResult, value => {
|
||||
- return value.text;
|
||||
+ return escapeHtml(value.text);
|
||||
});
|
||||
}
|
||||
|
@ -24,7 +24,7 @@ end}
|
||||
|
||||
Name: grafana
|
||||
Version: 6.7.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Metrics dashboard and graph editor
|
||||
License: ASL 2.0
|
||||
URL: https://grafana.org
|
||||
@ -58,6 +58,7 @@ Patch6: 006-pkg-setting-ini-default-section.patch
|
||||
Patch7: 007-pkg-prometheus-client-query-range.patch
|
||||
Patch8: 008-pkg-services-notifications-codes-Unknwon.patch
|
||||
Patch9: 009-pkg-fix-xorm-import.patch
|
||||
Patch10: 010-CVE-2020-13430.patch
|
||||
|
||||
# Intersection of go_arches and nodejs_arches
|
||||
ExclusiveArch: %{grafana_arches}
|
||||
@ -631,6 +632,9 @@ export GO111MODULE=off
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 19 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-2
|
||||
- security fix for CVE-2020-13430
|
||||
|
||||
* Fri Jun 05 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-1
|
||||
- update to 6.7.4 tagged upstream community sources, see CHANGELOG
|
||||
- security fix for CVE-2020-13379
|
||||
|
@ -26,6 +26,9 @@ git clone https://github.com/grafana/grafana grafana-$VER
|
||||
cd grafana-$VER
|
||||
git checkout -b v$VER v$VER
|
||||
|
||||
# applying webpack patches
|
||||
patch -p1 < ../010-CVE-2020-13430.patch
|
||||
|
||||
# exclude the phantomjs-prebuilt binary module from the webpack
|
||||
sed -i '/phantomjs-prebuilt/d' package.json
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user