From 3f796f6f39c3201f71c9d1d64fca8a9a1881c097 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 19 Mar 2025 10:23:02 +0000
Subject: [PATCH] import OL grafana-10.2.6-8.el9_5

---
 .gitignore                              |  4 ++--
 .grafana.metadata                       |  4 ++--
 SOURCES/build_frontend.sh               |  0
 SOURCES/create_bundles.sh               |  2 +-
 SOURCES/create_bundles_in_container.sh  |  0
 SOURCES/grafana.te                      | 19 +++++++++++++++----
 SOURCES/list_bundled_nodejs_packages.py |  0
 SPECS/grafana.spec                      | 14 ++++++++++----
 8 files changed, 30 insertions(+), 13 deletions(-)
 mode change 100755 => 100644 SOURCES/build_frontend.sh
 mode change 100755 => 100644 SOURCES/create_bundles.sh
 mode change 100755 => 100644 SOURCES/create_bundles_in_container.sh
 mode change 100755 => 100644 SOURCES/list_bundled_nodejs_packages.py

diff --git a/.gitignore b/.gitignore
index cf6336a..63841e5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/grafana-10.2.6.tar.gz
-SOURCES/grafana-vendor-10.2.6-8.tar.xz
-SOURCES/grafana-webpack-10.2.6-8.tar.gz
+SOURCES/grafana-vendor-10.2.6-7.tar.xz
+SOURCES/grafana-webpack-10.2.6-7.tar.gz
diff --git a/.grafana.metadata b/.grafana.metadata
index 159b93f..484ff38 100644
--- a/.grafana.metadata
+++ b/.grafana.metadata
@@ -1,3 +1,3 @@
 5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz
-2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-8.tar.xz
-3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-8.tar.gz
+2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-7.tar.xz
+3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-7.tar.gz
diff --git a/SOURCES/build_frontend.sh b/SOURCES/build_frontend.sh
old mode 100755
new mode 100644
diff --git a/SOURCES/create_bundles.sh b/SOURCES/create_bundles.sh
old mode 100755
new mode 100644
index d3c97c1..00d4bdd
--- a/SOURCES/create_bundles.sh
+++ b/SOURCES/create_bundles.sh
@@ -21,6 +21,7 @@ pushd "${SOURCE_DIR}"
 
 # Vendor Go dependencies
 patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
+patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
 go mod vendor
 
 # Generate Go files
@@ -59,7 +60,6 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "
 
 # Vendor Node.js dependencies
 patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
-patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
 export HUSKY=0
 yarn install --frozen-lockfile
 
diff --git a/SOURCES/create_bundles_in_container.sh b/SOURCES/create_bundles_in_container.sh
old mode 100755
new mode 100644
diff --git a/SOURCES/grafana.te b/SOURCES/grafana.te
index d25174e..910fd54 100644
--- a/SOURCES/grafana.te
+++ b/SOURCES/grafana.te
@@ -82,6 +82,9 @@ can_exec(grafana_t, grafana_pcp_exec_t)
 corenet_tcp_connect_all_ephemeral_ports(grafana_t)
 grafana_exec(grafana_t)
 
+# Allow grafana to connect to mssql's default tcp port of 1433 
+corenet_tcp_connect_mssql_port(grafana_t)
+
 ########################################
 #
 # grafana local policy
@@ -131,6 +134,14 @@ optional_policy(`
 	allow grafana_t proc_net_t:lnk_file read;
 ')
 
+optional_policy(`
+	require {
+		type autofs_t;
+		class dir {getattr};
+	}
+	allow grafana_t autofs_t:dir getattr;
+')
+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 
@@ -194,14 +205,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')
 
-tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
-	corenet_tcp_connect_postgresql_port(grafana_t)
-')
-
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')
 
+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
 optional_policy(`
     systemd_private_tmp(grafana_tmp_t)
 ')
diff --git a/SOURCES/list_bundled_nodejs_packages.py b/SOURCES/list_bundled_nodejs_packages.py
old mode 100755
new mode 100644
diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index 79969d4..7af6d35 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -25,7 +25,7 @@ end}
 
 Name:             grafana
 Version:          10.2.6
-Release:          7%{?dist}
+Release:          8%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -36,13 +36,13 @@ Source0:          https://github.com/grafana/grafana/archive/v%{version}/%{name}
 # Source1 contains the bundled Go and Node.js dependencies
 # Note: In case there were no changes to this tarball, the NVR of this tarball
 # lags behind the NVR of this package.
-Source1:          grafana-vendor-%{version}-8.tar.xz
+Source1:          grafana-vendor-%{version}-7.tar.xz
 
 %if %{compile_frontend} == 0
 # Source2 contains the precompiled frontend
 # Note: In case there were no changes to this tarball, the NVR of this tarball
 # lags behind the NVR of this package.
-Source2:          grafana-webpack-%{version}-8.tar.gz
+Source2:          grafana-webpack-%{version}-7.tar.gz
 %endif
 
 # Source3 contains the systemd-sysusers configuration
@@ -1028,8 +1028,14 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Wed Jan 29 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-8
+- Resolves RHEL-75922: grafana selinux issue with autofs_t
+
 * Wed Oct 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-7
-- Resolves RHEL-62312: CVE-2024-47875
+- Resolves RHEL-62308: CVE-2024-47875
+
+* Fri Sep 27 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-6
+- Resolves: RHEL-57927
 
 * Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5
 - Resolves RHEL-47185