rpms/grafana
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-89949

Browse Source
This commit is contained in:
Sam Feifer 2025-05-15 15:26:44 -04:00
parent 4ccae24676
commit ecbd85de0a
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
0017-fix-CVE-2025-4123.patch Normal file
View File

@ -0,0 +1,39 @@
From 9900159635d616f01fb1be98ef94145637d06d07 Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Tue, 13 May 2025 11:33:22 -0400
Subject: [PATCH] fix CVE-2025-4123
---
conf/defaults.ini | 2 +-
conf/sample.ini | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/conf/defaults.ini b/conf/defaults.ini
index 2d6e1235b60..cf1ce8a962f 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -310,7 +310,7 @@ x_xss_protection = true
# Enable adding the Content-Security-Policy header to your requests.
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
-content_security_policy = false
+content_security_policy = true
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
# $NONCE in the template includes a random nonce.
diff --git a/conf/sample.ini b/conf/sample.ini
index 227c90e895d..19afa036b9b 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -310,7 +310,7 @@
# Enable adding the Content-Security-Policy header to your requests.
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
-;content_security_policy = false
+;content_security_policy = true
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
# $NONCE in the template includes a random nonce.
--
2.49.0

7
grafana.spec
View File

@ -35,7 +35,7 @@ end}
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 22%{?dist} Release: 23%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPLv3 License: AGPLv3
URL: https://grafana.org URL: https://grafana.org
@ -97,6 +97,7 @@ Patch13: 0013-snapshot-delete-check-org.patch
Patch14: 0014-resolve-dompurify-CVE.patch Patch14: 0014-resolve-dompurify-CVE.patch
Patch15: 0015-update-go-git-version.patch Patch15: 0015-update-go-git-version.patch
Patch16: 0016-fix-macaron-version-error.patch Patch16: 0016-fix-macaron-version-error.patch
Patch17: 0017-fix-CVE-2025-4123.patch
# Patches affecting the vendor tarball # Patches affecting the vendor tarball
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
@ -775,6 +776,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
%patch -P 14 -p1 %patch -P 14 -p1
%patch -P 15 -p1 %patch -P 15 -p1
%patch -P 16 -p1 %patch -P 16 -p1
%patch -P 17 -p1
%patch -P 1001 -p1 %patch -P 1001 -p1
%if %{enable_fips_mode} %if %{enable_fips_mode}
@ -1021,6 +1023,9 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Tue May 13 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-23
- Resolves RHEL-89949: CVE-2025-4123
* Wed Feb 5 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-22 * Wed Feb 5 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-22
- Resolves RHEL-75921: grafana selinux issue with autofs_t - Resolves RHEL-75921: grafana selinux issue with autofs_t