From ee4fa8f461f4ff32ab99bd4927c8f4969c243ed2 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Mon, 8 Aug 2022 13:49:30 +0200
Subject: [PATCH] rebuild to fix various Golang CVEs

Resolves: #2111747
---
 grafana.spec | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/grafana.spec b/grafana.spec
index 6d49b70..ab780df 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -30,7 +30,7 @@ end}
 
 Name:             grafana
 Version:          7.5.15
-Release:          2%{?dist}
+Release:          3%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
 URL:              https://grafana.org
@@ -973,6 +973,17 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
 
 
 %changelog
+* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
+- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
+- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
+- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
+- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
+- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
+- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
+- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
+- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
+- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
+
 * Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
 - resolve CVE-2022-31107 grafana: OAuth account takeover