import grafana-6.3.6-2.el8_2
This commit is contained in:
CentOS Sources
parent
e2f674e9e5
commit
1a1a0cb69f
|
|
@ -0,0 +1,39 @@
|
|||
diff --git a/pkg/api/avatar/avatar.go b/pkg/api/avatar/avatar.go
|
||||
--- a/pkg/api/avatar/avatar.go
|
||||
+++ b/pkg/api/avatar/avatar.go
|
||||
@@ -17,14 +17,15 @@ import (
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path/filepath"
|
||||
+ "regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
+ "github.com/grafana/grafana/pkg/models"
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
- "gopkg.in/macaron.v1"
|
||||
|
||||
gocache "github.com/patrickmn/go-cache"
|
||||
)
|
||||
@@ -97,9 +98,15 @@ type CacheServer struct {
|
||||
cache *gocache.Cache
|
||||
}
|
||||
|
||||
-func (this *CacheServer) Handler(ctx *macaron.Context) {
|
||||
- urlPath := ctx.Req.URL.Path
|
||||
- hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
|
||||
+var validMD5 = regexp.MustCompile("^[a-fA-F0-9]{32}$")
|
||||
+
|
||||
+func (this *CacheServer) Handler(ctx *models.ReqContext) {
|
||||
+ hash := ctx.Params("hash")
|
||||
+
|
||||
+ if len(hash) != 32 || !validMD5.MatchString(hash) {
|
||||
+ ctx.JsonApiErr(404, "Avatar not found", nil)
|
||||
+ return
|
||||
+ }
|
||||
|
||||
var avatar *Avatar
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ end}
|
|||
|
||||
Name: grafana
|
||||
Version: 6.3.6
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Metrics dashboard and graph editor
|
||||
License: ASL 2.0
|
||||
URL: https://grafana.org
|
||||
|
|
@ -43,6 +43,9 @@ Patch3: 003-new-files.patch
|
|||
Patch4: 004-xerrors.patch
|
||||
Patch5: 005-mute-shellcheck-grafana-cli.patch
|
||||
|
||||
# Patch for CVE-2020-13379
|
||||
Patch6: 006-CVE-2020-13379.patch
|
||||
|
||||
# Intersection of go_arches and nodejs_arches
|
||||
ExclusiveArch: %{grafana_arches}
|
||||
|
||||
|
|
@ -409,6 +412,7 @@ The Grafana stackdriver datasource.
|
|||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
# Set up build subdirs and links
|
||||
mkdir -p %{_builddir}/src/github.com/grafana
|
||||
|
|
@ -440,13 +444,13 @@ cd %{_builddir}/src/github.com/grafana/grafana
|
|||
echo _builddir=%{_builddir} archbindir=%{archbindir}
|
||||
[ ! -d %{archbindir} ] && mkdir -p %{archbindir}
|
||||
export GOPATH=%{_builddir}:%{gopath}
|
||||
# export GO111MODULE=off
|
||||
%if 0%{?fedora} >= 31
|
||||
# native fedora golang build but without modules (no grafana support yet)
|
||||
go build -mod=vendor -o %{archbindir}/grafana-cli ./pkg/cmd/grafana-cli
|
||||
go build -mod=vendor -o %{archbindir}/grafana-server ./pkg/cmd/grafana-server
|
||||
%else
|
||||
# use the grafana build.go script.
|
||||
export GO111MODULE=off
|
||||
go run build.go build
|
||||
%endif
|
||||
|
||||
|
|
@ -633,6 +637,9 @@ go test ./pkg/...
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Jun 17 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.3.6-2
|
||||
- fix CVE-2020-13379
|
||||
|
||||
* Wed Nov 20 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.6-1
|
||||
- add weak depenency on grafana-pcp
|
||||
- add patch to mute shellcheck SC1090 for grafana-cli
|
||||
|
|
|
|||
Loading…
Reference in New Issue