Resolves: RHEL-62312
This commit is contained in:
parent
fead0d9021
commit
7c7305a12e
55
0011-fix-dompurify-CVE.patch
Normal file
55
0011-fix-dompurify-CVE.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
diff --git a/package.json b/package.json
|
||||||
|
index 38deb6d7dee..010a24fb451 100644
|
||||||
|
--- a/package.json
|
||||||
|
+++ b/package.json
|
||||||
|
@@ -432,7 +432,8 @@
|
||||||
|
"react-split-pane@0.1.92": "patch:react-split-pane@npm:0.1.92#.yarn/patches/react-split-pane-npm-0.1.92-93dbf51dff.patch",
|
||||||
|
"@storybook/blocks@7.4.5": "patch:@storybook/blocks@npm%3A7.4.5#./.yarn/patches/@storybook-blocks-npm-7.4.5-5a2374564a.patch",
|
||||||
|
"history@4.10.1": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch",
|
||||||
|
- "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch"
|
||||||
|
+ "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch",
|
||||||
|
+ "dompurify": "^2.5.0"
|
||||||
|
},
|
||||||
|
"workspaces": {
|
||||||
|
"packages": [
|
||||||
|
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
|
||||||
|
index 2182744e61b..4201ef58dda 100644
|
||||||
|
--- a/packages/grafana-data/package.json
|
||||||
|
+++ b/packages/grafana-data/package.json
|
||||||
|
@@ -41,7 +41,7 @@
|
||||||
|
"@types/string-hash": "1.1.1",
|
||||||
|
"d3-interpolate": "3.0.1",
|
||||||
|
"date-fns": "2.30.0",
|
||||||
|
- "dompurify": "^2.4.3",
|
||||||
|
+ "dompurify": "^2.5.0",
|
||||||
|
"eventemitter3": "5.0.1",
|
||||||
|
"fast_array_intersect": "1.1.0",
|
||||||
|
"history": "4.10.1",
|
||||||
|
diff --git a/yarn.lock b/yarn.lock
|
||||||
|
index bf22ba52a17..88fc4d3fbfb 100644
|
||||||
|
--- a/yarn.lock
|
||||||
|
+++ b/yarn.lock
|
||||||
|
@@ -2953,7 +2953,7 @@ __metadata:
|
||||||
|
"@types/tinycolor2": "npm:1.4.3"
|
||||||
|
d3-interpolate: "npm:3.0.1"
|
||||||
|
date-fns: "npm:2.30.0"
|
||||||
|
- dompurify: "npm:^2.4.3"
|
||||||
|
+ dompurify: "npm:^2.5.0"
|
||||||
|
esbuild: "npm:0.18.12"
|
||||||
|
eventemitter3: "npm:5.0.1"
|
||||||
|
fast_array_intersect: "npm:1.1.0"
|
||||||
|
@@ -14478,10 +14478,10 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"dompurify@npm:^2.2.0, dompurify@npm:^2.4.3":
|
||||||
|
- version: 2.4.5
|
||||||
|
- resolution: "dompurify@npm:2.4.5"
|
||||||
|
- checksum: d764c2ff126b3749dad35bc34eed40f51141d7dfd620e938c92f08d68c32beeb259d06abadeee91f6e2a8c8737ce670e2124ac9a257ba3bcdc666598cebcde01
|
||||||
|
+"dompurify@npm:^2.5.0":
|
||||||
|
+ version: 2.5.7
|
||||||
|
+ resolution: "dompurify@npm:2.5.7"
|
||||||
|
+ checksum: b150ca1e28083252cd51097162dc96cb45203f7e2af1fbaa8ef32b4f4d6b605e4aa8915190d38bd0635cbbf14d13a200138cd3ec1b084096819b14c718355122
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
@ -59,6 +59,7 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "
|
|||||||
|
|
||||||
# Vendor Node.js dependencies
|
# Vendor Node.js dependencies
|
||||||
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
||||||
|
patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
|
||||||
export HUSKY=0
|
export HUSKY=0
|
||||||
yarn install --frozen-lockfile
|
yarn install --frozen-lockfile
|
||||||
|
|
||||||
|
13
grafana.spec
13
grafana.spec
@ -25,7 +25,7 @@ end}
|
|||||||
|
|
||||||
Name: grafana
|
Name: grafana
|
||||||
Version: 10.2.6
|
Version: 10.2.6
|
||||||
Release: 5%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: Metrics dashboard and graph editor
|
Summary: Metrics dashboard and graph editor
|
||||||
License: AGPL-3.0-only
|
License: AGPL-3.0-only
|
||||||
URL: https://grafana.org
|
URL: https://grafana.org
|
||||||
@ -36,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
|
|||||||
# Source1 contains the bundled Go and Node.js dependencies
|
# Source1 contains the bundled Go and Node.js dependencies
|
||||||
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
||||||
# lags behind the NVR of this package.
|
# lags behind the NVR of this package.
|
||||||
Source1: grafana-vendor-%{version}-2.tar.xz
|
Source1: grafana-vendor-%{version}-8.tar.xz
|
||||||
|
|
||||||
%if %{compile_frontend} == 0
|
%if %{compile_frontend} == 0
|
||||||
# Source2 contains the precompiled frontend
|
# Source2 contains the precompiled frontend
|
||||||
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
||||||
# lags behind the NVR of this package.
|
# lags behind the NVR of this package.
|
||||||
Source2: grafana-webpack-%{version}-2.tar.gz
|
Source2: grafana-webpack-%{version}-8.tar.gz
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Source3 contains the systemd-sysusers configuration
|
# Source3 contains the systemd-sysusers configuration
|
||||||
@ -77,6 +77,7 @@ Patch8: 0008-replace-faulty-slices-sort.patch
|
|||||||
Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch
|
Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch
|
||||||
# https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4
|
# https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4
|
||||||
Patch10: 0010-remove-bcrypt-references.patch
|
Patch10: 0010-remove-bcrypt-references.patch
|
||||||
|
Patch11: 0011-fix-dompurify-CVE.patch
|
||||||
|
|
||||||
# Patches affecting the vendor tarball
|
# Patches affecting the vendor tarball
|
||||||
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
||||||
@ -537,7 +538,7 @@ Provides: bundled(npm(date-fns)) = 2.30.0
|
|||||||
Provides: bundled(npm(debounce-promise)) = 3.1.2
|
Provides: bundled(npm(debounce-promise)) = 3.1.2
|
||||||
Provides: bundled(npm(devtools-protocol)) = 0.0.927104
|
Provides: bundled(npm(devtools-protocol)) = 0.0.927104
|
||||||
Provides: bundled(npm(diff)) = 4.0.2
|
Provides: bundled(npm(diff)) = 4.0.2
|
||||||
Provides: bundled(npm(dompurify)) = 2.4.5
|
Provides: bundled(npm(dompurify)) = 2.5.7
|
||||||
Provides: bundled(npm(emotion)) = 10.0.27
|
Provides: bundled(npm(emotion)) = 10.0.27
|
||||||
Provides: bundled(npm(esbuild)) = 0.17.19
|
Provides: bundled(npm(esbuild)) = 0.17.19
|
||||||
Provides: bundled(npm(esbuild-loader)) = 3.0.1
|
Provides: bundled(npm(esbuild-loader)) = 3.0.1
|
||||||
@ -777,6 +778,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
|
|||||||
%patch -P 8 -p1
|
%patch -P 8 -p1
|
||||||
%patch -P 9 -p1
|
%patch -P 9 -p1
|
||||||
%patch -P 10 -p1
|
%patch -P 10 -p1
|
||||||
|
%patch -P 11 -p1
|
||||||
|
|
||||||
%patch -P 1001 -p1
|
%patch -P 1001 -p1
|
||||||
%if %{enable_fips_mode}
|
%if %{enable_fips_mode}
|
||||||
@ -1026,6 +1028,9 @@ fi
|
|||||||
%{_datadir}/selinux/*/grafana.pp
|
%{_datadir}/selinux/*/grafana.pp
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-8
|
||||||
|
- Resolves RHEL-62312: CVE-2024-47875
|
||||||
|
|
||||||
* Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5
|
* Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5
|
||||||
- Resolves RHEL-47185
|
- Resolves RHEL-47185
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (grafana-vendor-10.2.6-2.tar.xz) = 683989009af377daca58f9cb4c6c0898b9e750b4e3bf1a0308fb633e6401fb224e6f471aceae01aa814e9bd8940c943565f6f634356b0f0f6b6e80eae65b3c53
|
|
||||||
SHA512 (grafana-webpack-10.2.6-2.tar.gz) = 928adef2bd13a1499d2b8834d6f9797d71bf7f595ba85514ad422e5fa9e3f846ddda6bd5462b216f4fcda622cda0e25e7eb272ebd3e11e3882de361c636f7266
|
|
||||||
SHA512 (grafana-10.2.6.tar.gz) = 7244f4cb6572fe0403e6224f7247fbb273bbd1f359ee706a82001f0d409fb375d113f1cb24a657e845b93eb55ee98e1d7ae713e767c219f4d3b00eaf5c73d28e
|
SHA512 (grafana-10.2.6.tar.gz) = 7244f4cb6572fe0403e6224f7247fbb273bbd1f359ee706a82001f0d409fb375d113f1cb24a657e845b93eb55ee98e1d7ae713e767c219f4d3b00eaf5c73d28e
|
||||||
|
SHA512 (grafana-webpack-10.2.6-8.tar.gz) = 8c7efa1800fd015560727b587887f136418c11ae9f05f84bb026e146c3a2dfbe876be8aaf54096c6135b38b28af5d348273811c1c9fadd082763de926f7e59d4
|
||||||
|
SHA512 (grafana-vendor-10.2.6-8.tar.xz) = 37091f69ed2e57d8895e1582793a1bf4036b8a75e524753e0a31b5434b7bd3d0dcb65a484224195411766816ff705a6147ec4186d101413dfd7bad4072fcb190
|
||||||
|
Loading…
Reference in New Issue
Block a user