diff --git a/SOURCES/0013-snapshot-delete-check-org.patch b/SOURCES/0013-snapshot-delete-check-org.patch new file mode 100644 index 0000000..4211884 --- /dev/null +++ b/SOURCES/0013-snapshot-delete-check-org.patch @@ -0,0 +1,21 @@ +From 9c1236ba6e7d4c6506c62adeb830d9e56db7f425 Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Thu, 28 Mar 2024 13:24:35 -0400 +Subject: [PATCH] snapshot delete check org + + +diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go +index 47ae50544a..0007e89ccb 100644 +--- a/pkg/api/dashboard_snapshot.go ++++ b/pkg/api/dashboard_snapshot.go +@@ -328,6 +328,10 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *models.ReqContext) response.Res + return response.Error(http.StatusNotFound, "Failed to get dashboard snapshot", nil) + } + ++ if query.Result.OrgId != c.OrgID { ++ return response.Error(http.StatusUnauthorized, "OrgID mismatch", nil) ++ } ++ + if query.Result.External { + err := deleteExternalDashboardSnapshot(query.Result.ExternalDeleteUrl) + if err != nil { diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec index 7ff55af..ae0d486 100644 --- a/SPECS/grafana.spec +++ b/SPECS/grafana.spec @@ -25,7 +25,7 @@ end} Name: grafana Version: 9.2.10 -Release: 15%{?dist} +Release: 16%{?dist}.alma.1 Summary: Metrics dashboard and graph editor License: AGPL-3.0-only URL: https://grafana.org @@ -78,6 +78,9 @@ Patch9: 0009-redact-weak-ciphers.patch Patch10: 0010-skip-tests.patch Patch11: 0011-remove-email-lookup.patch Patch12: 0012-coredump-selinux-error.patch +# Patches were taken from: +# https://gitlab.com/redhat/centos-stream/rpms/grafana/-/commit/7bf826e0d7843069f48f152ae17c814735fee404 +Patch13: 0013-snapshot-delete-check-org.patch # Patches affecting the vendor tarball Patch1001: 1001-vendor-patch-removed-backend-crypto.patch @@ -765,6 +768,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux %patch -P 10 -p1 %patch -P 11 -p1 %patch -P 12 -p1 +%patch -P 13 -p1 %patch -P 1001 -p1 %if %{enable_fips_mode} @@ -1008,6 +1012,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Mon Apr 30 2024 Eduard Abdullin 9.2.10-16.alma.1 +- snapshot delete check org + * Wed Jan 31 2024 Sam Feifer 9.2.10-15 - Resolves RHEL-23468 - Allows for gid to be 0