import CS grafana-10.2.6-25.el10
This commit is contained in:
parent
0445a60813
commit
2e348372ef
@ -1,123 +0,0 @@
|
||||
diff --git a/pkg/api/frontendsettings.go b/pkg/api/frontendsettings.go
|
||||
index 215714b6f83..36949e126b9 100644
|
||||
--- a/pkg/api/frontendsettings.go
|
||||
+++ b/pkg/api/frontendsettings.go
|
||||
@@ -1,6 +1,7 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
+ "bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
@@ -18,6 +19,7 @@ import (
|
||||
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings"
|
||||
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
|
||||
"github.com/grafana/grafana/pkg/services/secrets/kvstore"
|
||||
+ dashboardkind "github.com/grafana/grafana/pkg/services/store/kind/dashboard"
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
"github.com/grafana/grafana/pkg/tsdb/grafanads"
|
||||
"github.com/grafana/grafana/pkg/util"
|
||||
@@ -297,7 +299,12 @@ func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlug
|
||||
|
||||
if c.IsPublicDashboardView() {
|
||||
// If RBAC is enabled, it will filter out all datasources for a public user, so we need to skip it
|
||||
- orgDataSources = dataSources
|
||||
+ // But we can filter to only include datasources actually used by the dashboard
|
||||
+ filtered, err := hs.publicDashFilterUsedDataSources(c, dataSources)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+ orgDataSources = filtered
|
||||
} else {
|
||||
filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByQueryPermissions(dataSources)
|
||||
if err != nil {
|
||||
@@ -633,3 +640,36 @@ func (hs *HTTPServer) getEnabledOAuthProviders() map[string]any {
|
||||
}
|
||||
return providers
|
||||
}
|
||||
+
|
||||
+func (hs *HTTPServer) publicDashFilterUsedDataSources(c *contextmodel.ReqContext, allDataSources []*datasources.DataSource) ([]*datasources.DataSource, error) {
|
||||
+ _, dash, err := hs.PublicDashboardsApi.PublicDashboardService.FindPublicDashboardAndDashboardByAccessToken(c.Req.Context(), c.PublicDashboardAccessToken)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+
|
||||
+ payload, err := dash.Data.Encode()
|
||||
+ if err != nil {
|
||||
+ return nil, fmt.Errorf("failed to encode dashboard data: %w", err)
|
||||
+ }
|
||||
+
|
||||
+ lookup := dashboardkind.CreateDatasourceLookup([]*dashboardkind.DatasourceQueryResult{})
|
||||
+
|
||||
+ usedDSRefs, err := dashboardkind.ReadDashboard(bytes.NewReader(payload), lookup)
|
||||
+ if err != nil {
|
||||
+ return nil, fmt.Errorf("failed to parse dashboard: %w", err)
|
||||
+ }
|
||||
+
|
||||
+ usedUIDs := make(map[string]struct{}, len(usedDSRefs))
|
||||
+ for _, ds := range usedDSRefs {
|
||||
+ usedUIDs[ds.UID] = struct{}{}
|
||||
+ }
|
||||
+
|
||||
+ filtered := make([]*datasources.DataSource, 0)
|
||||
+ for _, ds := range allDataSources {
|
||||
+ if _, ok := usedUIDs[ds.UID]; ok {
|
||||
+ filtered = append(filtered, ds)
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return filtered, nil
|
||||
+}
|
||||
diff --git a/pkg/services/store/kind/dashboard/dashboard.go b/pkg/services/store/kind/dashboard/dashboard.go
|
||||
index b325acd8c57..054dcafe8ca 100644
|
||||
--- a/pkg/services/store/kind/dashboard/dashboard.go
|
||||
+++ b/pkg/services/store/kind/dashboard/dashboard.go
|
||||
@@ -112,8 +112,17 @@ func newDatasourceVariableLookup(dsLookup DatasourceLookup) *datasourceVariableL
|
||||
}
|
||||
}
|
||||
|
||||
+// ReadDashboard parses dashboard JSON and returns the data sources used in the dashboard.
|
||||
+func ReadDashboard(stream io.Reader, lookup DatasourceLookup) ([]DataSourceRef, error) {
|
||||
+ info, err := readDashboard(stream, lookup)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+ return info.Datasource, nil
|
||||
+}
|
||||
+
|
||||
// nolint:gocyclo
|
||||
-// ReadDashboard will take a byte stream and return dashboard info
|
||||
+// readDashboard will take a byte stream and return dashboard info
|
||||
func readDashboard(stream io.Reader, lookup DatasourceLookup) (*dashboardInfo, error) {
|
||||
dash := &dashboardInfo{}
|
||||
|
||||
diff --git a/pkg/services/store/kind/dashboard/ds_lookup.go b/pkg/services/store/kind/dashboard/ds_lookup.go
|
||||
index 5d132d569be..7330e598409 100644
|
||||
--- a/pkg/services/store/kind/dashboard/ds_lookup.go
|
||||
+++ b/pkg/services/store/kind/dashboard/ds_lookup.go
|
||||
@@ -100,6 +100,9 @@ func (d *DsLookup) ByRef(ref *DataSourceRef) *DataSourceRef {
|
||||
if ref == nil {
|
||||
return d.defaultDS
|
||||
}
|
||||
+ if ref.UID == "default" && ref.Type == "" {
|
||||
+ return d.defaultDS
|
||||
+ }
|
||||
|
||||
key := ""
|
||||
if ref.UID != "" {
|
||||
@@ -117,7 +120,13 @@ func (d *DsLookup) ByRef(ref *DataSourceRef) *DataSourceRef {
|
||||
return ds
|
||||
}
|
||||
|
||||
- return d.byName[key]
|
||||
+ ds, ok = d.byName[key]
|
||||
+ if ok {
|
||||
+ return ds
|
||||
+ }
|
||||
+
|
||||
+ // With nothing was found (or configured), use the original reference
|
||||
+ return ref
|
||||
}
|
||||
|
||||
func (d *DsLookup) ByType(dsType string) []DataSourceRef {
|
||||
31
grafana.spec
31
grafana.spec
@ -81,7 +81,6 @@ Patch11: 0011-fix-dompurify-CVE.patch
|
||||
Patch12: 0012-fix-jwt-CVE.patch
|
||||
Patch13: 0013-fix-CVE-2025-4123.patch
|
||||
Patch14: 0014-Fix-CVE-2026-21721.patch
|
||||
Patch15: 0015-Fix-CVE-2026-27877.patch
|
||||
|
||||
# Patches affecting the vendor tarball
|
||||
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
||||
@ -776,7 +775,6 @@ rm -r plugins-bundled
|
||||
%patch -P 12 -p1
|
||||
%patch -P 13 -p1
|
||||
%patch -P 14 -p1
|
||||
%patch -P 15 -p1
|
||||
|
||||
%patch -P 1001 -p1
|
||||
%if %{enable_fips_mode}
|
||||
@ -1021,26 +1019,21 @@ done
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/*/active/modules/200/grafana
|
||||
|
||||
%changelog
|
||||
* Tue Apr 28 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-25
|
||||
- Resolves RHEL-166432: CVE-2026-32282
|
||||
- Resolves RHEL-167473: CVE-2026-32283
|
||||
* Wed Apr 1 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-25
|
||||
- Resolves RHEL-156596: CVE-2026-25679
|
||||
|
||||
* Wed Apr 22 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-24
|
||||
- Resolves RHEL-161790: CVE-2026-27877
|
||||
* Mon Feb 16 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-24
|
||||
- Resolves RHEL-144949: CVE-2026-21721
|
||||
- Resolves RHEL-145413: CVE-2025-61728
|
||||
- Resolves RHEL-146073: CVE-2025-61726
|
||||
- Resolves RHEL-149246: CVE-2025-68121
|
||||
|
||||
* Tue Mar 31 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-23
|
||||
- Resolves RHEL-158458: CVE-2026-25679
|
||||
* Mon Jan 26 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-23
|
||||
- Resolves RHEL-140516: CVE-2025-61729
|
||||
|
||||
* Tue Feb 17 2026 Sam Feifer <sfeifer@redhat.com> 10.2.6-22
|
||||
- Resolves RHEL-144948: CVE-2026-21721
|
||||
- Resolves RHEL-146721: CVE-2025-61726
|
||||
- Resolves RHEL-146926: CVE-2025-61729
|
||||
- Resolves RHEL-147351: CVE-2025-61728
|
||||
- Resolves RHEL-149227: CVE-2025-68121
|
||||
|
||||
* Wed Dec 3 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-21
|
||||
- Resolves RHEL-125631: CVE-2025-58183
|
||||
- Resolves RHEL-132760: Grafana-selinux prevents plugins from searching cgroups
|
||||
* Mon Dec 1 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-22
|
||||
- Resolves RHEL-125629: CVE-2025-58183
|
||||
- Resolves RHEL-132756: Grafana-selinux prevents plugins from searching cgroups
|
||||
|
||||
* Wed Jun 18 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-20
|
||||
- Resolves RHEL-97520: Rework grafana-selinux spec file sections
|
||||
|
||||
Loading…
Reference in New Issue
Block a user