import OL grafana-10.2.6-13.el9_6
This commit is contained in:
parent
e1d40d7d2d
commit
ffd25b8cdf
32
SOURCES/0013-fix-CVE-2025-4123.patch
Normal file
32
SOURCES/0013-fix-CVE-2025-4123.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 2d4314b5ca1e527a3420fad11d3f1a25351700d4 Mon Sep 17 00:00:00 2001
|
||||
From: Sam Feifer <sfeifer@redhat.com>
|
||||
Date: Wed, 7 May 2025 16:27:08 -0400
|
||||
Subject: [PATCH] fix CVE-2025-4123
|
||||
|
||||
|
||||
diff --git a/conf/defaults.ini b/conf/defaults.ini
|
||||
index e1e5468bfa3..4221144bf54 100644
|
||||
--- a/conf/defaults.ini
|
||||
+++ b/conf/defaults.ini
|
||||
@@ -363,7 +363,7 @@ x_xss_protection = true
|
||||
|
||||
# Enable adding the Content-Security-Policy header to your requests.
|
||||
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
|
||||
-content_security_policy = false
|
||||
+content_security_policy = true
|
||||
|
||||
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
|
||||
# $NONCE in the template includes a random nonce.
|
||||
diff --git a/conf/sample.ini b/conf/sample.ini
|
||||
index 51d2b6c512b..fd588b48225 100644
|
||||
--- a/conf/sample.ini
|
||||
+++ b/conf/sample.ini
|
||||
@@ -364,7 +364,7 @@
|
||||
|
||||
# Enable adding the Content-Security-Policy header to your requests.
|
||||
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
|
||||
-;content_security_policy = false
|
||||
+;content_security_policy = true
|
||||
|
||||
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
|
||||
# $NONCE in the template includes a random nonce.
|
0
SOURCES/build_frontend.sh
Executable file → Normal file
0
SOURCES/build_frontend.sh
Executable file → Normal file
0
SOURCES/create_bundles.sh
Executable file → Normal file
0
SOURCES/create_bundles.sh
Executable file → Normal file
0
SOURCES/create_bundles_in_container.sh
Executable file → Normal file
0
SOURCES/create_bundles_in_container.sh
Executable file → Normal file
@ -1,2 +1,2 @@
|
||||
#Type Name ID GECOS Home directory
|
||||
u grafana - "Grafana user account" /usr/share/grafana
|
||||
u grafana - "Grafana user account" /var/lib/grafana
|
||||
|
0
SOURCES/list_bundled_nodejs_packages.py
Executable file → Normal file
0
SOURCES/list_bundled_nodejs_packages.py
Executable file → Normal file
@ -25,7 +25,7 @@ end}
|
||||
|
||||
Name: grafana
|
||||
Version: 10.2.6
|
||||
Release: 11%{?dist}
|
||||
Release: 13%{?dist}
|
||||
Summary: Metrics dashboard and graph editor
|
||||
License: AGPL-3.0-only
|
||||
URL: https://grafana.org
|
||||
@ -79,6 +79,7 @@ Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch
|
||||
Patch10: 0010-remove-bcrypt-references.patch
|
||||
Patch11: 0011-fix-dompurify-CVE.patch
|
||||
Patch12: 0012-fix-jwt-CVE.patch
|
||||
Patch13: 0013-fix-CVE-2025-4123.patch
|
||||
|
||||
# Patches affecting the vendor tarball
|
||||
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
||||
@ -781,6 +782,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
|
||||
%patch -P 10 -p1
|
||||
%patch -P 11 -p1
|
||||
%patch -P 12 -p1
|
||||
%patch -P 13 -p1
|
||||
|
||||
%patch -P 1001 -p1
|
||||
%if %{enable_fips_mode}
|
||||
@ -1030,6 +1032,12 @@ fi
|
||||
%{_datadir}/selinux/*/grafana.pp
|
||||
|
||||
%changelog
|
||||
* Tue May 13 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-13
|
||||
- Resolves RHEL-89954: CVE-2025-4123
|
||||
|
||||
* Tue Apr 29 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-12
|
||||
- Resolves RHEL-88922: Move home directory of grafana to /var/lib/grafana
|
||||
|
||||
* Tue Mar 25 2025 Sam Feifer <sfeifer@redhat.com> 10.2.6-11
|
||||
- Resolves RHEL-84636: CVE-2025-30204
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user