import OL grafana-10.2.6-8.el9_5

2025-03-19 10:23:02 +00:00 · 2025-03-19 10:23:02 +00:00 · 3f796f6f39
commit 3f796f6f39
parent e64a4ca19a
8 changed files with 30 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/grafana-10.2.6.tar.gz
-SOURCES/grafana-vendor-10.2.6-8.tar.xz
-SOURCES/grafana-webpack-10.2.6-8.tar.gz
+SOURCES/grafana-vendor-10.2.6-7.tar.xz
+SOURCES/grafana-webpack-10.2.6-7.tar.gz
--- a/.grafana.metadata
+++ b/.grafana.metadata
@ -1,3 +1,3 @@
 5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz
-2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-8.tar.xz
-3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-8.tar.gz
+2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-7.tar.xz
+3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-7.tar.gz
--- a/SOURCES/build_frontend.sh
+++ b/SOURCES/build_frontend.sh
--- a/SOURCES/create_bundles.sh
+++ b/SOURCES/create_bundles.sh
@ -21,6 +21,7 @@ pushd "${SOURCE_DIR}"

 # Vendor Go dependencies
 patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
+patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
 go mod vendor

 # Generate Go files
@ -59,7 +60,6 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "

 # Vendor Node.js dependencies
 patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
-patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
 export HUSKY=0
 yarn install --frozen-lockfile

--- a/SOURCES/create_bundles_in_container.sh
+++ b/SOURCES/create_bundles_in_container.sh
--- a/SOURCES/grafana.te
+++ b/SOURCES/grafana.te
@ -82,6 +82,9 @@ can_exec(grafana_t, grafana_pcp_exec_t)
 corenet_tcp_connect_all_ephemeral_ports(grafana_t)
 grafana_exec(grafana_t)

+# Allow grafana to connect to mssql's default tcp port of 1433 
+corenet_tcp_connect_mssql_port(grafana_t)
+
 ########################################
 #
 # grafana local policy
@ -131,6 +134,14 @@ optional_policy(`
 	allow grafana_t proc_net_t:lnk_file read;
 ')

+optional_policy(`
+	require {
+		type autofs_t;
+		class dir {getattr};
+	}
+	allow grafana_t autofs_t:dir getattr;
+')
+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)

@ -194,14 +205,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')

-tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
-	corenet_tcp_connect_postgresql_port(grafana_t)
-')
-
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')

+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
 optional_policy(`
    systemd_private_tmp(grafana_tmp_t)
 ')
--- a/SOURCES/list_bundled_nodejs_packages.py
+++ b/SOURCES/list_bundled_nodejs_packages.py
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@ -25,7 +25,7 @@ end}

 Name:             grafana
 Version:          10.2.6
-Release:          7%{?dist}
+Release:          8%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@ -36,13 +36,13 @@ Source0:          https://github.com/grafana/grafana/archive/v%{version}/%{name}
 # Source1 contains the bundled Go and Node.js dependencies
 # Note: In case there were no changes to this tarball, the NVR of this tarball
 # lags behind the NVR of this package.
-Source1:          grafana-vendor-%{version}-8.tar.xz
+Source1:          grafana-vendor-%{version}-7.tar.xz

 %if %{compile_frontend} == 0
 # Source2 contains the precompiled frontend
 # Note: In case there were no changes to this tarball, the NVR of this tarball
 # lags behind the NVR of this package.
-Source2:          grafana-webpack-%{version}-8.tar.gz
+Source2:          grafana-webpack-%{version}-7.tar.gz
 %endif

 # Source3 contains the systemd-sysusers configuration
@ -1028,8 +1028,14 @@ fi
 %{_datadir}/selinux/*/grafana.pp

 %changelog
+* Wed Jan 29 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-8
+- Resolves RHEL-75922: grafana selinux issue with autofs_t
+
 * Wed Oct 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-7
- Resolves RHEL-62312: CVE-2024-47875
+- Resolves RHEL-62308: CVE-2024-47875
+
+* Fri Sep 27 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-6
+- Resolves: RHEL-57927

 * Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5
 - Resolves RHEL-47185