Compare commits
No commits in common. "c8" and "a9" have entirely different histories.
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1,3 @@
|
|||||||
SOURCES/grafana-9.2.10.tar.gz
|
SOURCES/grafana-9.2.10.tar.gz
|
||||||
SOURCES/grafana-vendor-9.2.10-20.tar.xz
|
SOURCES/grafana-vendor-9.2.10-2.tar.xz
|
||||||
SOURCES/grafana-webpack-9.2.10-20.tar.gz
|
SOURCES/grafana-webpack-9.2.10-2.tar.gz
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
|
4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
|
||||||
866e038c745dc28b5fa621ed4bce90e005d76ea2 SOURCES/grafana-vendor-9.2.10-20.tar.xz
|
1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz
|
||||||
ae5e714190ca155d6a6e9d38dab99d5aa0e988e1 SOURCES/grafana-webpack-9.2.10-20.tar.gz
|
ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz
|
||||||
|
@ -1,15 +1,14 @@
|
|||||||
From 05df8dcac715113517b81b1995ab1f0b69017f4a Mon Sep 17 00:00:00 2001
|
|
||||||
From: ismail simsek <ismailsimsek09@gmail.com>
|
From: ismail simsek <ismailsimsek09@gmail.com>
|
||||||
Date: Thu, 16 Mar 2023 23:16:03 +0100
|
Date: Thu Mar 16 23:16:03 2023 +0100
|
||||||
Subject: [PATCH] graphite functions xss
|
Subject: [PATCH] graphite functions xss
|
||||||
|
|
||||||
commit e59427c074
|
commit e59427c074
|
||||||
[v9.2.x] Fix xss in Graphite functions tooltip (#810)
|
[v9.2.x] Fix xss in Graphite functions tooltip (#810)
|
||||||
|
|
||||||
Fix xss in Graphite functions tooltip (#804)
|
Fix xss in Graphite functions tooltip (#804)
|
||||||
|
|
||||||
(cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
|
(cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
|
||||||
|
|
||||||
Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
|
Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
|
||||||
|
|
||||||
diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
|
diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
|
||||||
|
30
SOURCES/0009-redact-weak-ciphers.patch
Normal file
30
SOURCES/0009-redact-weak-ciphers.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stan Cox <scox@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||||
|
Subject: [PATCH] redact weak ciphers
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go
|
||||||
|
index 2d6e1235b6..f0eff6d2ac 100644
|
||||||
|
--- a/pkg/api/http_server.go 2023-01-24 14:44:19.000000000 -0500
|
||||||
|
+++ b/pkg/api/http_server.go 2023-04-21 13:14:02.684857018 -0400
|
||||||
|
@@ -489,13 +489,13 @@
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
+// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||||
|
- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
- tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
- tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
- tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
- tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
+// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
+// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
+// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
+// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
+// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
19
SOURCES/0011-fix-alert-test.patch
Normal file
19
SOURCES/0011-fix-alert-test.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stan Cox <scox@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||||
|
Subject: [PATCH] fix alert test
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/pkg/tests/api/alerting/api_alertmanager_test.go b/pkg/tests/api/alerting/api_alertmanager_test.go
|
||||||
|
index 2d6e1235b6..f0eff6d2ac 100644
|
||||||
|
--- a/pkg/tests/api/alerting/api_alertmanager_test.go 2023-01-24 14:44:19.000000000 -0500
|
||||||
|
+++ b/pkg/tests/api/alerting/api_alertmanager_test.go 2023-04-13 16:20:51.718515009 -0400
|
||||||
|
@@ -210,7 +210,7 @@
|
||||||
|
{
|
||||||
|
"comment": "string",
|
||||||
|
"createdBy": "string",
|
||||||
|
- "endsAt": "2023-03-31T14:17:04.419Z",
|
||||||
|
+ "endsAt": "2032-03-31T14:17:04.419Z",
|
||||||
|
"matchers": [
|
||||||
|
{
|
||||||
|
"isRegex": true,
|
63
SOURCES/0012-CVE-2023-3128.patch
Normal file
63
SOURCES/0012-CVE-2023-3128.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 150a1d2777ea86253e6f800a2ee6273b92295ed9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: eabdullin <ed.abdullin.1@gmail.com>
|
||||||
|
Date: Wed, 12 Jul 2023 15:31:00 +0300
|
||||||
|
Subject: [PATCH] CVE-2023-3128
|
||||||
|
|
||||||
|
---
|
||||||
|
pkg/api/login_oauth.go | 17 +++++++++--------
|
||||||
|
pkg/setting/setting.go | 5 ++++-
|
||||||
|
2 files changed, 13 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
|
||||||
|
index b422baf..f124252 100644
|
||||||
|
--- a/pkg/api/login_oauth.go
|
||||||
|
+++ b/pkg/api/login_oauth.go
|
||||||
|
@@ -299,16 +299,17 @@ func (hs *HTTPServer) SyncUser(
|
||||||
|
connect social.SocialConnector,
|
||||||
|
) (*models.User, error) {
|
||||||
|
oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
|
||||||
|
+ lookupParams := models.UserLookupParams{}
|
||||||
|
+ if hs.Cfg.OAuthAllowInsecureEmailLookup {
|
||||||
|
+ lookupParams.Email = &extUser.Email
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
// add/update user in Grafana
|
||||||
|
cmd := &models.UpsertUserCommand{
|
||||||
|
- ReqContext: ctx,
|
||||||
|
- ExternalUser: extUser,
|
||||||
|
- SignupAllowed: connect.IsSignupAllowed(),
|
||||||
|
- UserLookupParams: models.UserLookupParams{
|
||||||
|
- Email: &extUser.Email,
|
||||||
|
- UserID: nil,
|
||||||
|
- Login: nil,
|
||||||
|
- },
|
||||||
|
+ ReqContext: ctx,
|
||||||
|
+ ExternalUser: extUser,
|
||||||
|
+ SignupAllowed: connect.IsSignupAllowed(),
|
||||||
|
+ UserLookupParams: lookupParams,
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
|
||||||
|
diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
|
||||||
|
index ba2c4bb..6b5c948 100644
|
||||||
|
--- a/pkg/setting/setting.go
|
||||||
|
+++ b/pkg/setting/setting.go
|
||||||
|
@@ -312,7 +312,8 @@ type Cfg struct {
|
||||||
|
AuthProxySyncTTL int
|
||||||
|
|
||||||
|
// OAuth
|
||||||
|
- OAuthCookieMaxAge int
|
||||||
|
+ OAuthCookieMaxAge int
|
||||||
|
+ OAuthAllowInsecureEmailLookup bool
|
||||||
|
|
||||||
|
// JWT Auth
|
||||||
|
JWTAuthEnabled bool
|
||||||
|
@@ -1255,6 +1256,8 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
+ cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
|
||||||
|
+
|
||||||
|
const defaultMaxLifetime = "30d"
|
||||||
|
maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
|
||||||
|
cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)
|
@ -1,58 +0,0 @@
|
|||||||
diff --git a/package.json b/package.json
|
|
||||||
index e26f95d855a..14b3826a64d 100644
|
|
||||||
--- a/package.json
|
|
||||||
+++ b/package.json
|
|
||||||
@@ -316,7 +316,7 @@
|
|
||||||
"dangerously-set-html-content": "1.0.9",
|
|
||||||
"date-fns": "2.29.1",
|
|
||||||
"debounce-promise": "3.1.2",
|
|
||||||
- "dompurify": "^2.4.1",
|
|
||||||
+ "dompurify": "^2.5.0",
|
|
||||||
"emotion": "11.0.0",
|
|
||||||
"eventemitter3": "4.0.7",
|
|
||||||
"fast-deep-equal": "^3.1.3",
|
|
||||||
@@ -422,7 +422,8 @@
|
|
||||||
"@storybook/react/webpack": "5.74.0",
|
|
||||||
"ngtemplate-loader/loader-utils": "^2.0.0",
|
|
||||||
"node-fetch": "2.6.7",
|
|
||||||
- "slate-dev-environment@^0.2.2": "patch:slate-dev-environment@npm:0.2.5#.yarn/patches/slate-dev-environment-npm-0.2.5-9aeb7da7b5.patch"
|
|
||||||
+ "slate-dev-environment@^0.2.2": "patch:slate-dev-environment@npm:0.2.5#.yarn/patches/slate-dev-environment-npm-0.2.5-9aeb7da7b5.patch",
|
|
||||||
+ "dompurify": "^2.5.0"
|
|
||||||
},
|
|
||||||
"workspaces": {
|
|
||||||
"packages": [
|
|
||||||
diff --git a/yarn.lock b/yarn.lock
|
|
||||||
index f374e10e333..834cfee2642 100644
|
|
||||||
--- a/yarn.lock
|
|
||||||
+++ b/yarn.lock
|
|
||||||
@@ -18739,17 +18739,10 @@ __metadata:
|
|
||||||
languageName: node
|
|
||||||
linkType: hard
|
|
||||||
|
|
||||||
-"dompurify@npm:^2.2.0":
|
|
||||||
- version: 2.3.8
|
|
||||||
- resolution: "dompurify@npm:2.3.8"
|
|
||||||
- checksum: dc7b32ee57a03fe5166a850071200897cc13fa069287a709e3b2138052d73ec09a87026b9e28c8d2f254a74eaa52ef30644e98e54294c30acbca2a53f1bbc5f4
|
|
||||||
- languageName: node
|
|
||||||
- linkType: hard
|
|
||||||
-
|
|
||||||
-"dompurify@npm:^2.4.1":
|
|
||||||
- version: 2.4.1
|
|
||||||
- resolution: "dompurify@npm:2.4.1"
|
|
||||||
- checksum: 1169177465b3cbb25a44322937fba549f6c4e1a91b83245d144471be26619c835cccf0f8e20aa78c25ac11a06efd17cc1b9db9cacadceb78a4c08a1029eafee5
|
|
||||||
+"dompurify@npm:^2.5.0":
|
|
||||||
+ version: 2.5.7
|
|
||||||
+ resolution: "dompurify@npm:2.5.7"
|
|
||||||
+ checksum: 9652139743130b5ebaf5278fadec06d9b3920019b80c205565b9b8d52cd0cea90ff690c1994c5c0da5bc9d57a94dc19236cdf1ccabdc1c6cff7c255e1e597031
|
|
||||||
languageName: node
|
|
||||||
linkType: hard
|
|
||||||
|
|
||||||
@@ -21953,7 +21946,7 @@ __metadata:
|
|
||||||
dangerously-set-html-content: 1.0.9
|
|
||||||
date-fns: 2.29.1
|
|
||||||
debounce-promise: 3.1.2
|
|
||||||
- dompurify: ^2.4.1
|
|
||||||
+ dompurify: ^2.5.0
|
|
||||||
emotion: 11.0.0
|
|
||||||
enzyme: 3.11.0
|
|
||||||
enzyme-to-json: 3.6.2
|
|
@ -2,7 +2,7 @@ use pbkdf2 from OpenSSL if FIPS mode is enabled
|
|||||||
|
|
||||||
This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
|
This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
|
||||||
if FIPS mode is enabled.
|
if FIPS mode is enabled.
|
||||||
DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
|
DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||||
|
|
||||||
diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
@ -112,7 +112,7 @@ index 0000000000..6dfdf10424
|
|||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
||||||
@@ -0,0 +1,5 @@
|
@@ -0,0 +1,5 @@
|
||||||
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h"
|
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
|
||||||
+
|
+
|
||||||
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
|
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
|
||||||
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
|
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
|
||||||
|
@ -40,7 +40,6 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "
|
|||||||
|
|
||||||
# Vendor Node.js dependencies
|
# Vendor Node.js dependencies
|
||||||
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
||||||
patch -p1 --fuzz=0 < ../0014-resolve-dompurify-CVE.patch
|
|
||||||
export HUSKY=0
|
export HUSKY=0
|
||||||
yarn install --frozen-lockfile
|
yarn install --frozen-lockfile
|
||||||
|
|
||||||
|
@ -82,9 +82,6 @@ can_exec(grafana_t, grafana_pcp_exec_t)
|
|||||||
corenet_tcp_connect_all_ephemeral_ports(grafana_t)
|
corenet_tcp_connect_all_ephemeral_ports(grafana_t)
|
||||||
grafana_exec(grafana_t)
|
grafana_exec(grafana_t)
|
||||||
|
|
||||||
# Allow grafana to connect to mssql's default tcp port of 1433
|
|
||||||
corenet_tcp_connect_mssql_port(grafana_t)
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# grafana local policy
|
# grafana local policy
|
||||||
|
@ -1,13 +1,3 @@
|
|||||||
# gobuild and gotest macros are not available on CentOS Stream
|
|
||||||
# remove once BZ 1965292 is resolved
|
|
||||||
# definitions lifted from Fedora 34 podman.spec
|
|
||||||
%if ! 0%{?gobuild:1}
|
|
||||||
%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
|
|
||||||
%endif
|
|
||||||
%if ! 0%{?gotest:1}
|
|
||||||
%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**};
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Specify if the frontend will be compiled as part of the build or
|
# Specify if the frontend will be compiled as part of the build or
|
||||||
# is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system)
|
# is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system)
|
||||||
%define compile_frontend 0
|
%define compile_frontend 0
|
||||||
@ -35,9 +25,9 @@ end}
|
|||||||
|
|
||||||
Name: grafana
|
Name: grafana
|
||||||
Version: 9.2.10
|
Version: 9.2.10
|
||||||
Release: 20%{?dist}
|
Release: 16%{?dist}.alma.1
|
||||||
Summary: Metrics dashboard and graph editor
|
Summary: Metrics dashboard and graph editor
|
||||||
License: AGPLv3
|
License: AGPL-3.0-only
|
||||||
URL: https://grafana.org
|
URL: https://grafana.org
|
||||||
|
|
||||||
# Source0 contains the tagged upstream sources
|
# Source0 contains the tagged upstream sources
|
||||||
@ -46,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
|
|||||||
# Source1 contains the bundled Go and Node.js dependencies
|
# Source1 contains the bundled Go and Node.js dependencies
|
||||||
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
||||||
# lags behind the NVR of this package.
|
# lags behind the NVR of this package.
|
||||||
Source1: grafana-vendor-%{version}-20.tar.xz
|
Source1: grafana-vendor-%{version}-2.tar.xz
|
||||||
|
|
||||||
%if %{compile_frontend} == 0
|
%if %{compile_frontend} == 0
|
||||||
# Source2 contains the precompiled frontend
|
# Source2 contains the precompiled frontend
|
||||||
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
# Note: In case there were no changes to this tarball, the NVR of this tarball
|
||||||
# lags behind the NVR of this package.
|
# lags behind the NVR of this package.
|
||||||
Source2: grafana-webpack-%{version}-20.tar.gz
|
Source2: grafana-webpack-%{version}-2.tar.gz
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Source3 contains the systemd-sysusers configuration
|
# Source3 contains the systemd-sysusers configuration
|
||||||
@ -84,11 +74,13 @@ Patch5: 0005-remove-unused-frontend-crypto.patch
|
|||||||
Patch6: 0006-skip-marketplace-plugin-install-test.patch
|
Patch6: 0006-skip-marketplace-plugin-install-test.patch
|
||||||
Patch7: 0007-fix-alert-test.patch
|
Patch7: 0007-fix-alert-test.patch
|
||||||
Patch8: 0008-graphite-functions-xss.patch
|
Patch8: 0008-graphite-functions-xss.patch
|
||||||
|
Patch9: 0009-redact-weak-ciphers.patch
|
||||||
Patch10: 0010-skip-tests.patch
|
Patch10: 0010-skip-tests.patch
|
||||||
Patch11: 0011-remove-email-lookup.patch
|
Patch11: 0011-remove-email-lookup.patch
|
||||||
Patch12: 0012-coredump-selinux-error.patch
|
Patch12: 0012-coredump-selinux-error.patch
|
||||||
|
# Patches were taken from:
|
||||||
|
# https://gitlab.com/redhat/centos-stream/rpms/grafana/-/commit/7bf826e0d7843069f48f152ae17c814735fee404
|
||||||
Patch13: 0013-snapshot-delete-check-org.patch
|
Patch13: 0013-snapshot-delete-check-org.patch
|
||||||
Patch14: 0014-resolve-dompurify-CVE.patch
|
|
||||||
|
|
||||||
# Patches affecting the vendor tarball
|
# Patches affecting the vendor tarball
|
||||||
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
|
||||||
@ -532,7 +524,7 @@ Provides: bundled(npm(date-fns)) = 2.25.0
|
|||||||
Provides: bundled(npm(debounce-promise)) = 3.1.2
|
Provides: bundled(npm(debounce-promise)) = 3.1.2
|
||||||
Provides: bundled(npm(deep-freeze)) = 0.0.1
|
Provides: bundled(npm(deep-freeze)) = 0.0.1
|
||||||
Provides: bundled(npm(devtools-protocol)) = 0.0.927104
|
Provides: bundled(npm(devtools-protocol)) = 0.0.927104
|
||||||
Provides: bundled(npm(dompurify)) = 2.5.7
|
Provides: bundled(npm(dompurify)) = 2.3.8
|
||||||
Provides: bundled(npm(emotion)) = 10.0.27
|
Provides: bundled(npm(emotion)) = 10.0.27
|
||||||
Provides: bundled(npm(enzyme)) = 3.11.0
|
Provides: bundled(npm(enzyme)) = 3.11.0
|
||||||
Provides: bundled(npm(enzyme-to-json)) = 3.6.2
|
Provides: bundled(npm(enzyme-to-json)) = 3.6.2
|
||||||
@ -743,7 +735,7 @@ BuildRequires: checkpolicy, selinux-policy-devel, selinux-policy-targeted
|
|||||||
Requires: selinux-policy >= %{_selinux_policy_version}
|
Requires: selinux-policy >= %{_selinux_policy_version}
|
||||||
%endif
|
%endif
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
Requires: selinux-policy-targeted
|
Requires: selinux-policy-targeted
|
||||||
Requires(post): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, grafana
|
Requires(post): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, grafana
|
||||||
Requires(postun): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, /sbin/service, grafana
|
Requires(postun): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, /sbin/service, grafana
|
||||||
|
|
||||||
@ -772,11 +764,11 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
|
|||||||
%patch -P 6 -p1
|
%patch -P 6 -p1
|
||||||
%patch -P 7 -p1
|
%patch -P 7 -p1
|
||||||
%patch -P 8 -p1
|
%patch -P 8 -p1
|
||||||
|
%patch -P 9 -p1
|
||||||
%patch -P 10 -p1
|
%patch -P 10 -p1
|
||||||
%patch -P 11 -p1
|
%patch -P 11 -p1
|
||||||
%patch -P 12 -p1
|
%patch -P 12 -p1
|
||||||
%patch -P 13 -p1
|
%patch -P 13 -p1
|
||||||
%patch -P 14 -p1
|
|
||||||
|
|
||||||
%patch -P 1001 -p1
|
%patch -P 1001 -p1
|
||||||
%if %{enable_fips_mode}
|
%if %{enable_fips_mode}
|
||||||
@ -885,10 +877,7 @@ done
|
|||||||
cd -
|
cd -
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# sysusers_create_compat macro is not present in rhel8
|
%sysusers_create_compat %{SOURCE3}
|
||||||
# SOURCE3 may not be available in %%prein stage so specify on command line via --replace
|
|
||||||
# instead of "systemd-sysusers %%{SOURCE3}"
|
|
||||||
echo 'u grafana - "Grafana user account" /usr/share/grafana' | systemd-sysusers --replace=/usr/lib/sysusers.d/grafana.conf -
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun grafana-server.service
|
%systemd_preun grafana-server.service
|
||||||
@ -1023,69 +1012,68 @@ fi
|
|||||||
%{_datadir}/selinux/*/grafana.pp
|
%{_datadir}/selinux/*/grafana.pp
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Oct 17 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-20
|
* Mon Apr 30 2024 Eduard Abdullin <eabdullin@almalinux.org> 9.2.10-16.alma.1
|
||||||
- Resolves RHEL-62307: CVE-2024-47875
|
- snapshot delete check org
|
||||||
|
|
||||||
* Thu Oct 10 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-19
|
|
||||||
- Resolves RHEL-61779: CVE-2024-9355
|
|
||||||
|
|
||||||
* Mon Jul 22 2024 Lauren Chilton <lchilton@redhat.com> 9.2.10-18
|
|
||||||
- Resolves RHEL-47191
|
|
||||||
|
|
||||||
* Wed Jun 26 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-17
|
|
||||||
- Allow for mssql datasource in selinux policy
|
|
||||||
- Resolves RHEL-43435
|
|
||||||
|
|
||||||
* Fri Apr 5 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-16
|
|
||||||
- Check OrdID is correct before deleting snapshot
|
|
||||||
- fix CVE-2024-1313
|
|
||||||
- fix CVE-2024-1394
|
|
||||||
|
|
||||||
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
|
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
|
||||||
- Resolves RHEL-23466
|
- Resolves RHEL-23468
|
||||||
- Resolves RHEL-21027
|
|
||||||
- Allows for gid to be 0
|
- Allows for gid to be 0
|
||||||
- Allows for postgreSQL datasource in selinux policy
|
- Allows for postgreSQL datasource in selinux policy
|
||||||
|
|
||||||
* Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
|
* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
|
||||||
- Resolves RHEL-19596
|
- Fixes postgresql AVC denial
|
||||||
|
- Related RHEL-7505
|
||||||
|
|
||||||
|
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
|
||||||
|
- Resolves RHEL-19296
|
||||||
- Fixes coredump issue introduced by selinux
|
- Fixes coredump issue introduced by selinux
|
||||||
- Patches out call to panic when trying to walk "/" directory
|
- Patches out call to panic when trying to walk "/" directory
|
||||||
- Fixes postgresql AVC denial
|
|
||||||
|
|
||||||
* Fri Dec 1 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
|
* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
|
||||||
- Resolves RHEL-7503
|
- Resolves RHEL-7505
|
||||||
|
- Fixes additional selinux denials found when testing on certain architectures
|
||||||
|
|
||||||
|
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
|
||||||
|
- Resolves RHEL-7505
|
||||||
|
- Fixes selinux denials found when testing on certain architectures
|
||||||
|
|
||||||
|
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10
|
||||||
|
- Resolves RHEL-7505
|
||||||
- Adds a selinux policy for grafana
|
- Adds a selinux policy for grafana
|
||||||
- Resolves RHEL-12650
|
- Resolves RHEL-12666
|
||||||
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
|
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
|
||||||
|
|
||||||
* Fri Jul 21 2023 Stan Cox <scox@redhat.com> 9.2.10-6
|
|
||||||
- Add /usr/share/grafana to systemd-sysusers --replace
|
|
||||||
|
|
||||||
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
|
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
|
||||||
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
|
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
|
||||||
|
|
||||||
* Thu Jun 8 2023 Stan Cox <scox@redhat.com> 9.2.10-4
|
* Thu Jun 8 2023 Stan Cox <scox@redhat.com> 9.2.10-3
|
||||||
- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests.
|
- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only.
|
||||||
|
|
||||||
* Thu May 25 2023 Stan Cox <scox@redhat.com> 9.2.10-3
|
* Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2
|
||||||
- Use systemd-sysusers --replace
|
- Update to 9.2.10
|
||||||
|
|
||||||
* Tue May 23 2023 Jan Kurik <jkurik@redhat.com> 9.2.10-2
|
|
||||||
- Use systemd-sysusers instead of sysusers_create_compat, which is not available in RHEL-8
|
|
||||||
|
|
||||||
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
|
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
|
||||||
- Update to 9.2.10
|
- Update to 9.2.10
|
||||||
|
|
||||||
* Mon Oct 31 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-4
|
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2
|
||||||
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
|
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
|
||||||
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
|
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
|
||||||
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
|
|
||||||
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
|
|
||||||
- run integration tests in check phase
|
|
||||||
- update FIPS patch with latest changes in Go packaging
|
|
||||||
|
|
||||||
* Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
|
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
|
||||||
|
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
|
||||||
|
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
|
||||||
|
|
||||||
|
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
|
||||||
|
- bump NVR
|
||||||
|
|
||||||
|
* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1
|
||||||
|
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
|
||||||
|
- do not list /usr/share/grafana/conf twice
|
||||||
|
- drop makefile in favor of create_bundles.sh script
|
||||||
|
- sync provides/obsoletes with CentOS versions
|
||||||
|
- drop husky patch
|
||||||
|
|
||||||
|
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
|
||||||
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
|
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
|
||||||
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
|
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
|
||||||
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
|
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
|
||||||
@ -1096,7 +1084,7 @@ fi
|
|||||||
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
|
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
|
||||||
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
|
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
|
||||||
|
|
||||||
* Wed Jul 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
|
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
|
||||||
- resolve CVE-2022-31107 grafana: OAuth account takeover
|
- resolve CVE-2022-31107 grafana: OAuth account takeover
|
||||||
|
|
||||||
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
|
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
|
||||||
@ -1110,6 +1098,10 @@ fi
|
|||||||
- declare Node.js dependencies of subpackages
|
- declare Node.js dependencies of subpackages
|
||||||
- make vendor and webpack tarballs reproducible
|
- make vendor and webpack tarballs reproducible
|
||||||
|
|
||||||
|
* Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3
|
||||||
|
- use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
|
||||||
|
- update FIPS tests in check phase
|
||||||
|
|
||||||
* Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2
|
* Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2
|
||||||
- resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
|
- resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
|
||||||
- resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files
|
- resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files
|
||||||
@ -1121,8 +1113,9 @@ fi
|
|||||||
* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
|
* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
|
||||||
- update to 7.5.10 tagged upstream community sources, see CHANGELOG
|
- update to 7.5.10 tagged upstream community sources, see CHANGELOG
|
||||||
|
|
||||||
* Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-3
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.9-3
|
||||||
- rebuild to resolve CVE-2021-34558
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2
|
* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2
|
||||||
- remove unused dependency property-information
|
- remove unused dependency property-information
|
||||||
@ -1131,6 +1124,10 @@ fi
|
|||||||
* Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1
|
* Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1
|
||||||
- update to 7.5.9 tagged upstream community sources, see CHANGELOG
|
- update to 7.5.9 tagged upstream community sources, see CHANGELOG
|
||||||
|
|
||||||
|
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.8-2
|
||||||
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1
|
* Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1
|
||||||
- update to 7.5.8 tagged upstream community sources, see CHANGELOG
|
- update to 7.5.8 tagged upstream community sources, see CHANGELOG
|
||||||
- remove unused dependencies selfsigned, http-signature and gofpdf
|
- remove unused dependencies selfsigned, http-signature and gofpdf
|
||||||
@ -1142,6 +1139,12 @@ fi
|
|||||||
* Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1
|
* Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1
|
||||||
- update to 7.5.7 tagged upstream community sources, see CHANGELOG
|
- update to 7.5.7 tagged upstream community sources, see CHANGELOG
|
||||||
|
|
||||||
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.3.6-4
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-2
|
* Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-2
|
||||||
- change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083)
|
- change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083)
|
||||||
- add pcp-redis-datasource to allow_loading_unsigned_plugins config option
|
- add pcp-redis-datasource to allow_loading_unsigned_plugins config option
|
||||||
@ -1152,17 +1155,24 @@ fi
|
|||||||
|
|
||||||
* Wed Nov 25 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.4-1
|
* Wed Nov 25 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.4-1
|
||||||
- update to 7.3.4 tagged upstream community sources, see CHANGELOG
|
- update to 7.3.4 tagged upstream community sources, see CHANGELOG
|
||||||
- bundle golang dependencies
|
|
||||||
|
* Tue Nov 10 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.1-1
|
||||||
|
- update to 7.3.1 tagged upstream community sources, see CHANGELOG
|
||||||
- optionally bundle node.js dependencies and build and test frontend as part of the specfile
|
- optionally bundle node.js dependencies and build and test frontend as part of the specfile
|
||||||
- merge all datasources into main grafana package
|
- change default provisioning path to /etc/grafana/provisioning (changed in version 7.1.1-1)
|
||||||
- change default provisioning path to /etc/grafana/provisioning
|
|
||||||
- resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170
|
- resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170
|
||||||
|
|
||||||
* Thu Aug 20 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-3
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.1.1-2
|
||||||
- apply patch for CVE-2020-13430 also to sources, not only to compiled webpack
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Aug 19 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-2
|
* Thu Jul 30 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.1.1-1
|
||||||
- security fix for CVE-2020-13430
|
- update to 7.1.1 tagged upstream community sources, see CHANGELOG
|
||||||
|
- merge all datasources into main grafana package
|
||||||
|
- bundle golang dependencies
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.7.4-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Jun 05 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-1
|
* Fri Jun 05 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-1
|
||||||
- update to 6.7.4 tagged upstream community sources, see CHANGELOG
|
- update to 6.7.4 tagged upstream community sources, see CHANGELOG
|
||||||
|
Loading…
Reference in New Issue
Block a user