From 959709c4bb792281df34972aa6416800277cb994 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Fri, 15 Oct 2021 18:20:11 +0000
Subject: [PATCH] import grafana-7.5.11-1.el8

---
 .gitignore                                    |  6 ++--
 .grafana.metadata                             |  6 ++--
 SOURCES/002-manpages.patch                    |  4 +--
 ... => 009-patch-unused-backend-crypto.patch} |  0
 .../{010-fips.cond.patch => 010-fips.patch}   |  0
 SOURCES/Makefile                              | 31 +++++++++++++------
 SPECS/grafana.spec                            | 15 +++++++--
 7 files changed, 42 insertions(+), 20 deletions(-)
 rename SOURCES/{009-patch-unused-backend-crypto.vendor.patch => 009-patch-unused-backend-crypto.patch} (100%)
 rename SOURCES/{010-fips.cond.patch => 010-fips.patch} (100%)

diff --git a/.gitignore b/.gitignore
index e5ae55a..79c4020 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/grafana-7.5.10.tar.gz
-SOURCES/grafana-vendor-7.5.10-1.tar.xz
-SOURCES/grafana-webpack-7.5.10-1.tar.gz
+SOURCES/grafana-7.5.11.tar.gz
+SOURCES/grafana-vendor-7.5.11-1.tar.xz
+SOURCES/grafana-webpack-7.5.11-1.tar.gz
diff --git a/.grafana.metadata b/.grafana.metadata
index 03f3ec2..d33b818 100644
--- a/.grafana.metadata
+++ b/.grafana.metadata
@@ -1,3 +1,3 @@
-bb531789cb0dd0d3c9a2494a5924c64d12194d2f SOURCES/grafana-7.5.10.tar.gz
-804c0d639055608f3788ea84b6f94bca9fe8f1ca SOURCES/grafana-vendor-7.5.10-1.tar.xz
-8b52042f89703513945aa2086e5838cc425533c7 SOURCES/grafana-webpack-7.5.10-1.tar.gz
+cd7bfb63dd91361c1bc9c46d1f889b1f54f7758a SOURCES/grafana-7.5.11.tar.gz
+d55ac0b3a8fb3a0ce772442923e2ca3cba1af78f SOURCES/grafana-vendor-7.5.11-1.tar.xz
+db79c330e9a56dac2cdcae9b7c07c86112a66237 SOURCES/grafana-webpack-7.5.11-1.tar.gz
diff --git a/SOURCES/002-manpages.patch b/SOURCES/002-manpages.patch
index e87d709..36ca294 100644
--- a/SOURCES/002-manpages.patch
+++ b/SOURCES/002-manpages.patch
@@ -4,7 +4,7 @@ index 0000000000..7ac2af882c
 --- /dev/null
 +++ b/docs/man/man1/grafana-cli.1
 @@ -0,0 +1,60 @@
-+.TH GRAFANA "1" "September 2021" "Grafana cli version 7.5.10" "User Commands"
++.TH GRAFANA "1" "October 2021" "Grafana cli version 7.5.11" "User Commands"
 +.SH NAME
 +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
 +.SH DESCRIPTION
@@ -70,7 +70,7 @@ index 0000000000..c616268b31
 --- /dev/null
 +++ b/docs/man/man1/grafana-server.1
 @@ -0,0 +1,72 @@
-+.TH VERSION "1" "September 2021" "Version 7.5.10" "User Commands"
++.TH VERSION "1" "October 2021" "Version 7.5.11" "User Commands"
 +.SH NAME
 +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
 +.SH DESCRIPTION
diff --git a/SOURCES/009-patch-unused-backend-crypto.vendor.patch b/SOURCES/009-patch-unused-backend-crypto.patch
similarity index 100%
rename from SOURCES/009-patch-unused-backend-crypto.vendor.patch
rename to SOURCES/009-patch-unused-backend-crypto.patch
diff --git a/SOURCES/010-fips.cond.patch b/SOURCES/010-fips.patch
similarity index 100%
rename from SOURCES/010-fips.cond.patch
rename to SOURCES/010-fips.patch
diff --git a/SOURCES/Makefile b/SOURCES/Makefile
index eff9c98..dab531d 100644
--- a/SOURCES/Makefile
+++ b/SOURCES/Makefile
@@ -8,10 +8,17 @@ SOURCE_TAR := $(NAME)-$(VERSION).tar.gz
 VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz
 WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz
 
-ALL_PATCHES     := $(sort $(wildcard *.patch))
-VENDOR_PATCHES  := $(sort $(wildcard *.vendor.patch))
-COND_PATCHES    := $(sort $(wildcard *.cond.patch))
-REGULAR_PATCHES := $(filter-out $(VENDOR_PATCHES) $(COND_PATCHES),$(ALL_PATCHES))
+# patches which must be applied before creating the vendor tarball, for example:
+# - changes in dependency versions
+# - changes in Go module imports (which affect the vendored Go modules)
+PATCHES_PRE_VENDOR := \
+	005-remove-unused-dependencies.patch \
+	008-remove-unused-frontend-crypto.patch
+
+# patches which must be applied before creating the webpack, for example:
+# - changes in Node.js sources or vendored dependencies
+PATCHES_PRE_WEBPACK :=
+
 
 all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR)
 
@@ -19,11 +26,12 @@ $(SOURCE_TAR):
 	spectool -g $(RPM_NAME).spec
 
 $(VENDOR_TAR): $(SOURCE_TAR)
+	# start with a clean state
 	rm -rf $(SOURCE_DIR)
 	tar xf $(SOURCE_TAR)
 
 	# Patches to apply before vendoring
-	for patch in $(REGULAR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
+	for patch in $(PATCHES_PRE_VENDOR); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
 
 	# Go
 	cd $(SOURCE_DIR) && go mod vendor -v
@@ -46,15 +54,20 @@ $(VENDOR_TAR): $(SOURCE_TAR)
 	rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples
 	./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest
 
-	# Patches to apply after vendoring
-	for patch in $(VENDOR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
-
 	# Create tarball
-	time XZ_OPT=-9 tar cJf $@ \
+	XZ_OPT=-9 time -p tar cJf $@ \
 		$(SOURCE_DIR)/vendor \
 		$$(find $(SOURCE_DIR) -type d -name "node_modules" -prune)
 
 $(WEBPACK_TAR): $(VENDOR_TAR)
+	# start with a clean state
+	rm -rf $(SOURCE_DIR)
+	tar xf $(SOURCE_TAR)
+	tar xf $(VENDOR_TAR)
+
+	# Patches to apply before creating the webpack
+	for patch in $(PATCHES_PRE_WEBPACK); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
+
 	cd $(SOURCE_DIR) && \
 		../build_frontend.sh
 
diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index dee3dcf..d163399 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -29,7 +29,7 @@ end}
 %endif
 
 Name:             grafana
-Version:          7.5.10
+Version:          7.5.11
 Release:          1%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
@@ -85,11 +85,11 @@ Patch8:           008-remove-unused-frontend-crypto.patch
 # The Makefile removes a few files with crypto implementations
 # from the vendor tarball, which are not used in Grafana.
 # This patch removes all references to the deleted files.
-Patch9:           009-patch-unused-backend-crypto.vendor.patch
+Patch9:           009-patch-unused-backend-crypto.patch
 
 # This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
 # if FIPS mode is enabled.
-Patch10:          010-fips.cond.patch
+Patch10:          010-fips.patch
 
 # Intersection of go_arches and nodejs_arches
 ExclusiveArch:    %{grafana_arches}
@@ -485,6 +485,7 @@ rm -r plugins-bundled
 %patch5 -p1
 %patch6 -p1
 %patch8 -p1
+%patch9 -p1
 %if %{enable_fips_mode}
 %patch10 -p1
 %endif
@@ -615,6 +616,10 @@ export GOPATH=%{_builddir}
 # let's set the time zone to a time zone without daylight saving time
 export TZ=GMT
 
+# GO111MODULE=on automatically skips vendored macaron sources in pkg/macaron
+# GO111MODULE=off doesn't skip them, and fails with an error due to the canoncial import path
+rm -r pkg/macaron
+
 %gotest ./pkg/...
 
 %if %{enable_fips_mode}
@@ -666,6 +671,10 @@ GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption
 
 
 %changelog
+* Mon Oct 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-1
+- update to 7.5.11 tagged upstream community sources, see CHANGELOG
+- resolve CVE-2021-39226
+
 * Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
 - update to 7.5.10 tagged upstream community sources, see CHANGELOG