24 changed files with 1763 additions and 1410 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-SOURCES/grafana-9.0.9.tar.gz
-SOURCES/grafana-vendor-9.0.9-1.tar.xz
-SOURCES/grafana-webpack-9.0.9-1.tar.gz
+SOURCES/grafana-9.2.10.tar.gz
+SOURCES/grafana-vendor-9.2.10-2.tar.xz
+SOURCES/grafana-webpack-9.2.10-2.tar.gz
--- a/.grafana.metadata
+++ b/.grafana.metadata
@ -1,3 +1,3 @@
-4676eecab36973d5b3cb7ba23b929364c91b7ed8 SOURCES/grafana-9.0.9.tar.gz
-7f0a2e8ac4431208b57781f849d6f5b79d339468 SOURCES/grafana-vendor-9.0.9-1.tar.xz
-08a5daeb99590879c606fb7e7badf7a80823990b SOURCES/grafana-webpack-9.0.9-1.tar.gz
+4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
+1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz
+ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz
--- a/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@ -1,4 +1,4 @@
-From 2ad9b1bd641eab2daae9c461656a56c8c2688485 Mon Sep 17 00:00:00 2001
+From 226822e64ed4badb22e18740e6db411617b42bb7 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 16:57:52 +0200
 Subject: [PATCH] update grafana-cli script with distro-specific paths and
@ -52,7 +52,7 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
 +
-+if [ "$(id -u)" -eq 0 ]; then
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
 +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
--- a/SOURCES/0002-add-manpages.patch
+++ b/SOURCES/0002-add-manpages.patch
@ -1,4 +1,4 @@
-From ecac3e25a416bd66b19bc3074f9583dfd965a919 Mon Sep 17 00:00:00 2001
+From c065b6608a65967bde152557566e0410238714a1 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:01:09 +0200
 Subject: [PATCH] add manpages
--- a/SOURCES/0003-update-default-configuration.patch
+++ b/SOURCES/0003-update-default-configuration.patch
@ -1,14 +1,14 @@
-From a84194c2f7929bd78303daf04a56ab32cd9c4bb3 Mon Sep 17 00:00:00 2001
+From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:05:48 +0200
 Subject: [PATCH] update default configuration


 diff --git a/conf/defaults.ini b/conf/defaults.ini
-index dbb7143be4..4a3cf0a21d 100644
+index 2d6e1235b6..f0eff6d2ac 100644
 --- a/conf/defaults.ini
 +++ b/conf/defaults.ini
-@@ -190,7 +190,7 @@ row_limit = 1000000
+@@ -196,7 +196,7 @@ row_limit = 1000000
 # No ip addresses are being tracked, only simple counters to track
 # running instances, dashboard and error counts. It is very helpful to us.
 # Change this option to false to disable reporting.
@ -17,7 +17,7 @@ index dbb7143be4..4a3cf0a21d 100644
 
 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
 reporting_distributor = grafana-labs
-@@ -200,7 +200,7 @@ reporting_distributor = grafana-labs
+@@ -206,7 +206,7 @@ reporting_distributor = grafana-labs
 # in some UI views to notify that a grafana update exists.
 # This option does not cause any auto updates, nor send any information
 # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
@ -27,10 +27,10 @@ index dbb7143be4..4a3cf0a21d 100644
 # Set to false to disable all checks to https://grafana.com
 # for new versions of plugins. The check is used
 diff --git a/conf/sample.ini b/conf/sample.ini
-index d44532f346..1ede932e1e 100644
+index 227c90e895..dc9fd6a3a5 100644
 --- a/conf/sample.ini
 +++ b/conf/sample.ini
-@@ -196,7 +196,7 @@
+@@ -202,7 +202,7 @@
 # No ip addresses are being tracked, only simple counters to track
 # running instances, dashboard and error counts. It is very helpful to us.
 # Change this option to false to disable reporting.
@ -39,7 +39,7 @@ index d44532f346..1ede932e1e 100644
 
 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
 ;reporting_distributor = grafana-labs
-@@ -206,7 +206,7 @@
+@@ -212,7 +212,7 @@
 # in some UI views to notify that a grafana update exists.
 # This option does not cause any auto updates, nor send any information
 # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
@ -48,7 +48,7 @@ index d44532f346..1ede932e1e 100644
 
 # Set to false to disable all checks to https://grafana.com
 # for new versions of plugins. The check is used
-@@ -338,7 +338,7 @@
+@@ -356,7 +356,7 @@
 
 # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@ -57,7 +57,7 @@ index d44532f346..1ede932e1e 100644
 
 # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
 ;default_home_dashboard_path =
-@@ -1028,7 +1028,7 @@
+@@ -1094,7 +1094,7 @@
 ;enable_alpha = false
 ;app_tls_skip_verify_insecure = false
 # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
--- a/SOURCES/0004-remove-unused-backend-dependencies.patch
+++ b/SOURCES/0004-remove-unused-backend-dependencies.patch
@ -1,4 +1,4 @@
-From 7139240c52b69fde8b893bf73fb6a4910d65f30b Mon Sep 17 00:00:00 2001
+From 944d07247d07b433777ee6ab46bc55cc1d9debe8 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:18:56 +0200
 Subject: [PATCH] remove unused backend dependencies
@ -7,18 +7,18 @@ saml and gofpdf are not used in the OSS edition of Grafana
 after editing `pkg/extensions/main.go`, run `go mod tidy`

 diff --git a/go.mod b/go.mod
-index 951745c95f..5b1379fa98 100644
+index 03c00985c4..faedd337d3 100644
 --- a/go.mod
 +++ b/go.mod
-@@ -27,7 +27,6 @@ require (
+@@ -30,7 +30,6 @@ require (
 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
- 	github.com/centrifugal/centrifuge v0.19.0
+ 	github.com/centrifugal/centrifuge v0.25.0
 	github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
-	github.com/crewjam/saml v0.4.6-0.20210521115923-29c6295245bd
+-	github.com/crewjam/saml v0.4.9
 	github.com/davecgh/go-spew v1.1.1
 	github.com/denisenkom/go-mssqldb v0.12.0
 	github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
-@@ -63,7 +62,6 @@ require (
+@@ -67,7 +66,6 @@ require (
 	github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/json-iterator/go v1.1.12
@ -26,7 +26,7 @@ index 951745c95f..5b1379fa98 100644
 	github.com/lib/pq v1.10.4
 	github.com/linkedin/goavro/v2 v2.10.0
 	github.com/m3db/prometheus_remote_client_golang v0.4.4
-@@ -191,7 +189,6 @@ require (
+@@ -192,7 +190,6 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@ -34,11 +34,20 @@ index 951745c95f..5b1379fa98 100644
 	github.com/mattetti/filebuffer v1.0.1 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/miekg/dns v1.1.43 // indirect
+@@ -208,7 +205,7 @@
+ 	github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect
+ 	github.com/pmezard/go-difflib v1.0.0 // indirect
+ 	github.com/prometheus/common/sigv4 v0.1.0 // indirect
+-	github.com/prometheus/exporter-toolkit v0.7.1 // indirect
+	github.com/prometheus/exporter-toolkit v0.7.3 // indirect
+ 	github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect
+ 	github.com/prometheus/procfs v0.8.0 // indirect
+ 	github.com/protocolbuffers/txtpbfmt v0.0.0-20220428173112-74888fd59c2b // indirect
 diff --git a/go.sum b/go.sum
-index 0f2ad00d37..19e3489ca1 100644
+index e3b45a9f35..b98dc78c57 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -740,7 +740,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
+@@ -665,7 +665,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@ -46,40 +55,16 @@ index 0f2ad00d37..19e3489ca1 100644
 github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
 github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
-@@ -766,7 +765,6 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2
- github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
- github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
- github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
- github.com/deepmap/oapi-codegen v1.6.0/go.mod h1:ryDa9AgbELGeB+YEXE1dR53yAjHwFvE9iAUlWl9Al3M=
- github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU=
- github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
-@@ -923,7 +921,6 @@ github.com/fluent/fluent-bit-go v0.0.0-20190925192703-ea13c021720c/go.mod h1:WQX
- github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
- github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
- github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
- github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
- github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
- github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15/go.mod h1:tPg4cp4nseejPd+UKxtCVQ2hUxNTZ7qQZJa7CLriIeo=
-@@ -1459,8 +1456,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.138.0 h1:uJWNwHL4RoQF3axoi3RDSwoNu/K
- github.com/grafana/grafana-plugin-sdk-go v0.138.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
- github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa h1:+pXjAxavVR2FKKNsuuCXGCWEj8XGc1Af6SPiyBpzU2A=
- github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa/go.mod h1:0O8o/juxNSKN/e+DzWDTRkl7Zm8CkZcz0NDqEdojlrk=
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b h1:YiSGp34F4V0G08HHx1cJBf2GVgwYAkXQjzuVs1t8jYk=
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b/go.mod h1:q83kyQoMD0vhy+RzFLlbw0UgHJ6TAihQpuXvdFmm4s4=
- github.com/grafana/sqlds/v2 v2.3.7/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
- github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751 h1:5PpsfN52XA0hxOjD/qQ0QNiEkp9Y9Tb+yz/Hj9fyL4M=
- github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751/go.mod h1:KuqTKX9lfM87uu9vt9DS/q+REqSrAm2xYMnBBvlmevA=
-@@ -1766,7 +1761,6 @@ github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52Cu
- github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
- github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
- github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
- github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
- github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
- github.com/joncrlsn/dque v2.2.1-0.20200515025108-956d14155fa2+incompatible/go.mod h1:hDZb8oMj3Kp8MxtbNLg9vrtAUDHjgI1yZvqivT4O8Iw=
-@@ -1801,8 +1795,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
+@@ -1376,8 +1375,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.139.0 h1:2RQKM2QpSaWTtaGN6sK+R7LO7zy
+ github.com/grafana/grafana-plugin-sdk-go v0.139.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
+ github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293 h1:dJIdfHqu+XjKz+w9zXLqXKPdp6Jjx/UPSOwdeSfWdeQ=
+ github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293/go.mod h1:HVHqK+BVPa/tmL8EMhLCCrPt2a1GdJpEyxr5hgur2UI=
+-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7 h1:cujJQ3XV6IK7Y96VpYurd2EpI5rfMRFcuyGqUlk+030=
+-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
+ github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104 h1:dYpwFYIChrMfpq3wDa/ZBxAbUGSW5NYmYBeSezhaoao=
+ github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104/go.mod h1:fCV1rqv6XRQg2GfIQ7pU9zdxd5fLRcEBCnrDVwlK+ZY=
+ github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o=
+@@ -1664,8 +1661,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
 github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
@ -87,55 +72,56 @@ index 0f2ad00d37..19e3489ca1 100644
 -github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
 github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
 github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
- github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0kH+BUxvbo=
-@@ -1930,8 +1922,6 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef
- github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+ github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+@@ -1787,8 +1782,6 @@ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
 github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
 github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
+ github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk=
 -github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
 -github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
 github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
 github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-@@ -2239,7 +2229,6 @@ github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHu
+@@ -2066,7 +2059,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
+ github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
- github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
 -github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
- github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-@@ -2433,7 +2422,6 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
- github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
- github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
- github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o=
- github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM=
- github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
- github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
-@@ -2747,7 +2735,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX
- github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
- github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
- github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
- github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
- github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
- gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
+ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+@@ -2156,8 +2148,9 @@ github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdD
+ github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
+ github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
+ github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
+-github.com/prometheus/exporter-toolkit v0.7.1 h1:c6RXaK8xBVercEeUQ4tRNL8UGWzDHfvj9dseo1FcK1Y=
+ github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
+github.com/prometheus/exporter-toolkit v0.7.3 h1:IYBn0CTGi/nYxstdTUKysuSofUNJ3DQW3FmZ/Ub6rgU=
+github.com/prometheus/exporter-toolkit v0.7.3/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
+ github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM=
+ github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc=
+ github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+@@ -2696,7 +2688,6 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
+ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+ golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+-golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
-index adcaff8ca6..c3110f590e 100644
+index 72371bdab4..a7bb7abe0f 100644
 --- a/pkg/extensions/main.go
 +++ b/pkg/extensions/main.go
-@@ -9,7 +9,6 @@ import (
- 	_ "github.com/Azure/go-autorest/autorest/adal"
- 	_ "github.com/beevik/etree"
+@@ -11,13 +11,11 @@ import (
+ 	_ "github.com/blugelabs/bluge"
+ 	_ "github.com/blugelabs/bluge_segment_api"
 	_ "github.com/cortexproject/cortex/pkg/util"
 -	_ "github.com/crewjam/saml"
 	_ "github.com/gobwas/glob"
 	_ "github.com/googleapis/gax-go/v2"
 	_ "github.com/grafana/dskit/backoff"
-@@ -17,7 +16,6 @@ import (
- 	_ "github.com/grafana/loki/clients/pkg/promtail/client"
- 	_ "github.com/grafana/loki/pkg/logproto"
+ 	_ "github.com/grafana/dskit/flagext"
 	_ "github.com/grpc-ecosystem/go-grpc-middleware"
 -	_ "github.com/jung-kurt/gofpdf"
 	_ "github.com/linkedin/goavro/v2"
--- a/SOURCES/0005-remove-unused-frontend-crypto.patch
+++ b/SOURCES/0005-remove-unused-frontend-crypto.patch
@ -1,4 +1,4 @@
-From 0ee0768a196ba12b860b4a0920f729d5ce50ea3e Mon Sep 17 00:00:00 2001
+From 3709d320189b10a12a3780d15e46afd777f06554 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:36:47 +0200
 Subject: [PATCH] remove unused frontend crypto
@ -7,39 +7,53 @@ update `package.json` and then run `yarn install` to update the
 `yarn.lock` lockfile

 diff --git a/package.json b/package.json
-index 5e2875090b..137a307f14 100644
+index e26f95d855..91d71f1414 100644
 --- a/package.json
 +++ b/package.json
-@@ -396,6 +396,9 @@
+@@ -405,8 +405,10 @@
     "whatwg-fetch": "3.6.2"
   },
   "resolutions": {
 +    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
 +    "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
 +    "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
-     "underscore": "1.13.3",
+     "underscore": "1.13.4",
+-    "@mdx-js/loader/loader-utils": "^2.0.0",
     "@types/slate": "0.47.9",
-     "@microsoft/api-extractor-model": "7.17.3",
+     "@rushstack/node-core-library": "3.52.0",
+     "@rushstack/rig-package": "0.3.13",
 diff --git a/yarn.lock b/yarn.lock
-index 8132e0f942..b41c0efb1b 100644
+index f374e10e33..12c06ad883 100644
 --- a/yarn.lock
 +++ b/yarn.lock
-@@ -12256,34 +12256,6 @@ __metadata:
+@@ -4571,10 +4571,10 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"@braintree/sanitize-url@npm:6.0.0":
+-  version: 6.0.0
+-  resolution: "@braintree/sanitize-url@npm:6.0.0"
+-  checksum: 409ce7709dc1a0c67bc887d20af1becd4145d5c62cc5124b1c4c1f3ea2a8d69b0ee9f582d446469c6f5294b56442b99048cbbba6861dd5c834d4e019b95e1f40
+"@braintree/sanitize-url@npm:^6.0.0":
+  version: 6.0.2
+  resolution: "@braintree/sanitize-url@npm:6.0.2"
+  checksum: 6a9dfd4081cc96516eeb281d1a83d3b5f1ad3d2837adf968fcc2ba18889ee833554f9c641b4083c36d3360a932e4504ddf25b0b51e9933c3742622df82cf7c9a
+   languageName: node
+   linkType: hard
+ 
+@@ -5375,7 +5375,7 @@ __metadata:
+   version: 0.0.0-use.local
+   resolution: "@grafana/data@workspace:packages/grafana-data"
+   dependencies:
+-    "@braintree/sanitize-url": 6.0.0
+    "@braintree/sanitize-url": ^6.0.0
+     "@grafana/schema": 9.2.8
+     "@grafana/tsconfig": ^1.2.0-rc1
+     "@rollup/plugin-commonjs": 22.0.1
+@@ -14511,22 +14511,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"asn1.js@npm:^5.2.0":
-  version: 5.4.1
-  resolution: "asn1.js@npm:5.4.1"
-  dependencies:
-    bn.js: ^4.0.0
-    inherits: ^2.0.1
-    minimalistic-assert: ^1.0.0
-    safer-buffer: ^2.1.0
-  checksum: 3786a101ac6f304bd4e9a7df79549a7561950a13d4bcaec0c7790d44c80d147c1a94ba3d4e663673406064642a40b23fcd6c82a9952468e386c1a1376d747f9a
-  languageName: node
-  linkType: hard
-
 -"asn1@npm:~0.2.3":
 -  version: 0.2.4
 -  resolution: "asn1@npm:0.2.4"
@ -59,7 +73,7 @@ index 8132e0f942..b41c0efb1b 100644
 "assert@npm:2.0.0":
   version: 2.0.0
   resolution: "assert@npm:2.0.0"
-@@ -12870,15 +12842,6 @@ __metadata:
+@@ -15231,15 +15215,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -75,144 +89,7 @@ index 8132e0f942..b41c0efb1b 100644
 "before-after-hook@npm:^2.2.0":
   version: 2.2.2
   resolution: "before-after-hook@npm:2.2.2"
-@@ -12970,20 +12933,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"bn.js@npm:^4.0.0, bn.js@npm:^4.1.0, bn.js@npm:^4.11.9":
-  version: 4.12.0
-  resolution: "bn.js@npm:4.12.0"
-  checksum: 39afb4f15f4ea537b55eaf1446c896af28ac948fdcf47171961475724d1bb65118cca49fa6e3d67706e4790955ec0e74de584e45c8f1ef89f46c812bee5b5a12
-  languageName: node
-  linkType: hard
-
-"bn.js@npm:^5.0.0, bn.js@npm:^5.1.1":
-  version: 5.2.0
-  resolution: "bn.js@npm:5.2.0"
-  checksum: 6117170393200f68b35a061ecbf55d01dd989302e7b3c798a3012354fa638d124f0b2f79e63f77be5556be80322a09c40339eda6413ba7468524c0b6d4b4cb7a
-  languageName: node
-  linkType: hard
-
- "body-parser@npm:1.19.0":
-   version: 1.19.0
-   resolution: "body-parser@npm:1.19.0"
-@@ -13108,13 +13057,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"brorand@npm:^1.0.1, brorand@npm:^1.1.0":
-  version: 1.1.0
-  resolution: "brorand@npm:1.1.0"
-  checksum: 8a05c9f3c4b46572dec6ef71012b1946db6cae8c7bb60ccd4b7dd5a84655db49fe043ecc6272e7ef1f69dc53d6730b9e2a3a03a8310509a3d797a618cbee52be
-  languageName: node
-  linkType: hard
-
- "browser-process-hrtime@npm:^1.0.0":
-   version: 1.0.0
-   resolution: "browser-process-hrtime@npm:1.0.0"
-@@ -13129,70 +13071,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"browserify-aes@npm:^1.0.0, browserify-aes@npm:^1.0.4":
-  version: 1.2.0
-  resolution: "browserify-aes@npm:1.2.0"
-  dependencies:
-    buffer-xor: ^1.0.3
-    cipher-base: ^1.0.0
-    create-hash: ^1.1.0
-    evp_bytestokey: ^1.0.3
-    inherits: ^2.0.1
-    safe-buffer: ^5.0.1
-  checksum: 4a17c3eb55a2aa61c934c286f34921933086bf6d67f02d4adb09fcc6f2fc93977b47d9d884c25619144fccd47b3b3a399e1ad8b3ff5a346be47270114bcf7104
-  languageName: node
-  linkType: hard
-
-"browserify-cipher@npm:^1.0.0":
-  version: 1.0.1
-  resolution: "browserify-cipher@npm:1.0.1"
-  dependencies:
-    browserify-aes: ^1.0.4
-    browserify-des: ^1.0.0
-    evp_bytestokey: ^1.0.0
-  checksum: 2d8500acf1ee535e6bebe808f7a20e4c3a9e2ed1a6885fff1facbfd201ac013ef030422bec65ca9ece8ffe82b03ca580421463f9c45af6c8415fd629f4118c13
-  languageName: node
-  linkType: hard
-
-"browserify-des@npm:^1.0.0":
-  version: 1.0.2
-  resolution: "browserify-des@npm:1.0.2"
-  dependencies:
-    cipher-base: ^1.0.1
-    des.js: ^1.0.0
-    inherits: ^2.0.1
-    safe-buffer: ^5.1.2
-  checksum: b15a3e358a1d78a3b62ddc06c845d02afde6fc826dab23f1b9c016e643e7b1fda41de628d2110b712f6a44fb10cbc1800bc6872a03ddd363fb50768e010395b7
-  languageName: node
-  linkType: hard
-
-"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.0.1":
-  version: 4.1.0
-  resolution: "browserify-rsa@npm:4.1.0"
-  dependencies:
-    bn.js: ^5.0.0
-    randombytes: ^2.0.1
-  checksum: 155f0c135873efc85620571a33d884aa8810e40176125ad424ec9d85016ff105a07f6231650914a760cca66f29af0494087947b7be34880dd4599a0cd3c38e54
-  languageName: node
-  linkType: hard
-
-"browserify-sign@npm:^4.0.0":
-  version: 4.2.1
-  resolution: "browserify-sign@npm:4.2.1"
-  dependencies:
-    bn.js: ^5.1.1
-    browserify-rsa: ^4.0.1
-    create-hash: ^1.2.0
-    create-hmac: ^1.1.7
-    elliptic: ^6.5.3
-    inherits: ^2.0.4
-    parse-asn1: ^5.1.5
-    readable-stream: ^3.6.0
-    safe-buffer: ^5.2.0
-  checksum: 0221f190e3f5b2d40183fa51621be7e838d9caa329fe1ba773406b7637855f37b30f5d83e52ff8f244ed12ffe6278dd9983638609ed88c841ce547e603855707
-  languageName: node
-  linkType: hard
-
- "browserify-zlib@npm:^0.2.0":
-   version: 0.2.0
-   resolution: "browserify-zlib@npm:0.2.0"
-@@ -13294,13 +13172,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"buffer-xor@npm:^1.0.3":
-  version: 1.0.3
-  resolution: "buffer-xor@npm:1.0.3"
-  checksum: 10c520df29d62fa6e785e2800e586a20fc4f6dfad84bcdbd12e1e8a83856de1cb75c7ebd7abe6d036bbfab738a6cf18a3ae9c8e5a2e2eb3167ca7399ce65373a
-  languageName: node
-  linkType: hard
-
- "buffer@npm:^4.3.0":
-   version: 4.9.2
-   resolution: "buffer@npm:4.9.2"
-@@ -13896,16 +13767,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"cipher-base@npm:^1.0.0, cipher-base@npm:^1.0.1, cipher-base@npm:^1.0.3":
-  version: 1.0.4
-  resolution: "cipher-base@npm:1.0.4"
-  dependencies:
-    inherits: ^2.0.1
-    safe-buffer: ^5.0.1
-  checksum: 47d3568dbc17431a339bad1fe7dff83ac0891be8206911ace3d3b818fc695f376df809bea406e759cdea07fff4b454fa25f1013e648851bec790c1d75763032e
-  languageName: node
-  linkType: hard
-
- "cjs-module-lexer@npm:^1.0.0":
-   version: 1.2.2
-   resolution: "cjs-module-lexer@npm:1.2.2"
-@@ -14806,13 +14667,6 @@ __metadata:
+@@ -17053,13 +17028,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -226,85 +103,7 @@ index 8132e0f942..b41c0efb1b 100644
 "core-util-is@npm:~1.0.0":
   version: 1.0.3
   resolution: "core-util-is@npm:1.0.3"
-@@ -14882,16 +14736,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"create-ecdh@npm:^4.0.0":
-  version: 4.0.4
-  resolution: "create-ecdh@npm:4.0.4"
-  dependencies:
-    bn.js: ^4.1.0
-    elliptic: ^6.5.3
-  checksum: 0dd7fca9711d09e152375b79acf1e3f306d1a25ba87b8ff14c2fd8e68b83aafe0a7dd6c4e540c9ffbdd227a5fa1ad9b81eca1f233c38bb47770597ba247e614b
-  languageName: node
-  linkType: hard
-
- "create-emotion@npm:^10.0.14, create-emotion@npm:^10.0.27":
-   version: 10.0.27
-   resolution: "create-emotion@npm:10.0.27"
-@@ -14904,33 +14748,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"create-hash@npm:^1.1.0, create-hash@npm:^1.1.2, create-hash@npm:^1.2.0":
-  version: 1.2.0
-  resolution: "create-hash@npm:1.2.0"
-  dependencies:
-    cipher-base: ^1.0.1
-    inherits: ^2.0.1
-    md5.js: ^1.3.4
-    ripemd160: ^2.0.1
-    sha.js: ^2.4.0
-  checksum: 02a6ae3bb9cd4afee3fabd846c1d8426a0e6b495560a977ba46120c473cb283be6aa1cace76b5f927cf4e499c6146fb798253e48e83d522feba807d6b722eaa9
-  languageName: node
-  linkType: hard
-
-"create-hmac@npm:^1.1.0, create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7":
-  version: 1.1.7
-  resolution: "create-hmac@npm:1.1.7"
-  dependencies:
-    cipher-base: ^1.0.3
-    create-hash: ^1.1.0
-    inherits: ^2.0.1
-    ripemd160: ^2.0.0
-    safe-buffer: ^5.0.1
-    sha.js: ^2.4.8
-  checksum: ba12bb2257b585a0396108c72830e85f882ab659c3320c83584b1037f8ab72415095167ced80dc4ce8e446a8ecc4b2acf36d87befe0707d73b26cf9dc77440ed
-  languageName: node
-  linkType: hard
-
- "create-require@npm:^1.1.0":
-   version: 1.1.1
-   resolution: "create-require@npm:1.1.1"
-@@ -14962,22 +14779,10 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"crypto-browserify@npm:^3.11.0":
-  version: 3.12.0
-  resolution: "crypto-browserify@npm:3.12.0"
-  dependencies:
-    browserify-cipher: ^1.0.0
-    browserify-sign: ^4.0.0
-    create-ecdh: ^4.0.0
-    create-hash: ^1.1.0
-    create-hmac: ^1.1.0
-    diffie-hellman: ^5.0.0
-    inherits: ^2.0.1
-    pbkdf2: ^3.0.3
-    public-encrypt: ^4.0.0
-    randombytes: ^2.0.0
-    randomfill: ^1.0.3
-  checksum: c1609af82605474262f3eaa07daa0b2140026bd264ab316d4bf1170272570dbe02f0c49e29407fe0d3634f96c507c27a19a6765fb856fed854a625f9d15618e2
-+"crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
-+  version: 1.1.3
-+  resolution: "crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
-+  checksum: e233cb660c0eac1172e3c4da249aeaae92b222e9b870d64a427c7212833a1634e56e2f7601989b1a6a6cd0e8841ff3776cd18f8b56dfc20257b893987d624920
-   languageName: node
-   linkType: hard
- 
-@@ -15928,15 +15733,6 @@ __metadata:
+@@ -18097,15 +18065,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -320,42 +119,7 @@ index 8132e0f942..b41c0efb1b 100644
 "data-urls@npm:^2.0.0":
   version: 2.0.0
   resolution: "data-urls@npm:2.0.0"
-@@ -16251,16 +16047,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"des.js@npm:^1.0.0":
-  version: 1.0.1
-  resolution: "des.js@npm:1.0.1"
-  dependencies:
-    inherits: ^2.0.1
-    minimalistic-assert: ^1.0.0
-  checksum: 1ec2eedd7ed6bd61dd5e0519fd4c96124e93bb22de8a9d211b02d63e5dd152824853d919bb2090f965cc0e3eb9c515950a9836b332020d810f9c71feb0fd7df4
-  languageName: node
-  linkType: hard
-
- "destroy@npm:~1.0.4":
-   version: 1.0.4
-   resolution: "destroy@npm:1.0.4"
-@@ -16397,17 +16183,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"diffie-hellman@npm:^5.0.0":
-  version: 5.0.3
-  resolution: "diffie-hellman@npm:5.0.3"
-  dependencies:
-    bn.js: ^4.1.0
-    miller-rabin: ^4.0.0
-    randombytes: ^2.0.0
-  checksum: 0e620f322170c41076e70181dd1c24e23b08b47dbb92a22a644f3b89b6d3834b0f8ee19e37916164e5eb1ee26d2aa836d6129f92723995267250a0b541811065
-  languageName: node
-  linkType: hard
-
- "dir-glob@npm:^2.2.2":
-   version: 2.2.2
-   resolution: "dir-glob@npm:2.2.2"
-@@ -16694,16 +16469,6 @@ __metadata:
+@@ -18842,16 +18801,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -372,47 +136,7 @@ index 8132e0f942..b41c0efb1b 100644
 "ee-first@npm:1.1.1":
   version: 1.1.1
   resolution: "ee-first@npm:1.1.1"
-@@ -16748,21 +16513,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"elliptic@npm:^6.5.3":
-  version: 6.5.4
-  resolution: "elliptic@npm:6.5.4"
-  dependencies:
-    bn.js: ^4.11.9
-    brorand: ^1.1.0
-    hash.js: ^1.0.0
-    hmac-drbg: ^1.0.1
-    inherits: ^2.0.4
-    minimalistic-assert: ^1.0.1
-    minimalistic-crypto-utils: ^1.0.1
-  checksum: d56d21fd04e97869f7ffcc92e18903b9f67f2d4637a23c860492fbbff5a3155fd9ca0184ce0c865dd6eb2487d234ce9551335c021c376cd2d3b7cb749c7d10f4
-  languageName: node
-  linkType: hard
-
- "emitter-component@npm:^1.1.1":
-   version: 1.1.1
-   resolution: "emitter-component@npm:1.1.1"
-@@ -17716,17 +17466,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"evp_bytestokey@npm:^1.0.0, evp_bytestokey@npm:^1.0.3":
-  version: 1.0.3
-  resolution: "evp_bytestokey@npm:1.0.3"
-  dependencies:
-    md5.js: ^1.3.4
-    node-gyp: latest
-    safe-buffer: ^5.1.1
-  checksum: ad4e1577f1a6b721c7800dcc7c733fe01f6c310732bb5bf2240245c2a5b45a38518b91d8be2c610611623160b9d1c0e91f1ce96d639f8b53e8894625cf20fa45
-  languageName: node
-  linkType: hard
-
- "exec-sh@npm:^0.3.2":
-   version: 0.3.6
-   resolution: "exec-sh@npm:0.3.6"
-@@ -18006,20 +17745,6 @@ __metadata:
+@@ -20489,20 +20438,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -433,7 +157,7 @@ index 8132e0f942..b41c0efb1b 100644
 "fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
   version: 3.1.3
   resolution: "fast-deep-equal@npm:3.1.3"
-@@ -19046,15 +18771,6 @@ __metadata:
+@@ -21462,15 +21397,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -447,55 +171,9 @@ index 8132e0f942..b41c0efb1b 100644
 -  linkType: hard
 -
 "git-raw-commits@npm:^2.0.8":
-   version: 2.0.10
-   resolution: "git-raw-commits@npm:2.0.10"
-@@ -19887,27 +19603,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"hash-base@npm:^3.0.0":
-  version: 3.1.0
-  resolution: "hash-base@npm:3.1.0"
-  dependencies:
-    inherits: ^2.0.4
-    readable-stream: ^3.6.0
-    safe-buffer: ^5.2.0
-  checksum: 26b7e97ac3de13cb23fc3145e7e3450b0530274a9562144fc2bf5c1e2983afd0e09ed7cc3b20974ba66039fad316db463da80eb452e7373e780cbee9a0d2f2dc
-  languageName: node
-  linkType: hard
-
-"hash.js@npm:^1.0.0, hash.js@npm:^1.0.3":
-  version: 1.1.7
-  resolution: "hash.js@npm:1.1.7"
-  dependencies:
-    inherits: ^2.0.3
-    minimalistic-assert: ^1.0.1
-  checksum: e350096e659c62422b85fa508e4b3669017311aa4c49b74f19f8e1bc7f3a54a584fdfd45326d4964d6011f2b2d882e38bea775a96046f2a61b7779a979629d8f
-  languageName: node
-  linkType: hard
-
- "hast-to-hyperscript@npm:^9.0.0":
-   version: 9.0.1
-   resolution: "hast-to-hyperscript@npm:9.0.1"
-@@ -20043,17 +19738,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"hmac-drbg@npm:^1.0.1":
-  version: 1.0.1
-  resolution: "hmac-drbg@npm:1.0.1"
-  dependencies:
-    hash.js: ^1.0.3
-    minimalistic-assert: ^1.0.0
-    minimalistic-crypto-utils: ^1.0.1
-  checksum: bd30b6a68d7f22d63f10e1888aee497d7c2c5c0bb469e66bbdac99f143904d1dfe95f8131f95b3e86c86dd239963c9d972fcbe147e7cffa00e55d18585c43fe0
-  languageName: node
-  linkType: hard
-
- "hoist-non-react-statics@npm:3.3.2, hoist-non-react-statics@npm:^3.1.0, hoist-non-react-statics@npm:^3.3.0, hoist-non-react-statics@npm:^3.3.1, hoist-non-react-statics@npm:^3.3.2":
-   version: 3.3.2
-   resolution: "hoist-non-react-statics@npm:3.3.2"
-@@ -20394,25 +20078,10 @@ __metadata:
+   version: 2.0.11
+   resolution: "git-raw-commits@npm:2.0.11"
+@@ -22832,25 +22758,10 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -525,7 +203,7 @@ index 8132e0f942..b41c0efb1b 100644
   languageName: node
   linkType: hard
 
-@@ -22562,13 +22231,6 @@ __metadata:
+@@ -25418,13 +25329,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -539,7 +217,7 @@ index 8132e0f942..b41c0efb1b 100644
 "jsdoc-type-pratt-parser@npm:~2.2.5":
   version: 2.2.5
   resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
-@@ -22683,13 +22345,6 @@ __metadata:
+@@ -25572,13 +25476,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -553,7 +231,7 @@ index 8132e0f942..b41c0efb1b 100644
 "json-source-map@npm:0.6.1":
   version: 0.6.1
   resolution: "json-source-map@npm:0.6.1"
-@@ -22793,30 +22448,6 @@ __metadata:
+@@ -25709,30 +25606,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -584,66 +262,25 @@ index 8132e0f942..b41c0efb1b 100644
 "jsurl@npm:^0.1.5":
   version: 0.1.5
   resolution: "jsurl@npm:0.1.5"
-@@ -23818,17 +23449,6 @@ __metadata:
+@@ -26192,6 +26065,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"md5.js@npm:^1.3.4":
-  version: 1.3.5
-  resolution: "md5.js@npm:1.3.5"
-  dependencies:
-    hash-base: ^3.0.0
-    inherits: ^2.0.1
-    safe-buffer: ^5.1.2
-  checksum: 098494d885684bcc4f92294b18ba61b7bd353c23147fbc4688c75b45cb8590f5a95fd4584d742415dcc52487f7a1ef6ea611cfa1543b0dc4492fe026357f3f0c
-  languageName: node
-  linkType: hard
-
- "mdast-squeeze-paragraphs@npm:^4.0.0":
-   version: 4.0.0
-   resolution: "mdast-squeeze-paragraphs@npm:4.0.0"
-@@ -24108,18 +23728,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"miller-rabin@npm:^4.0.0":
-  version: 4.0.1
-  resolution: "miller-rabin@npm:4.0.1"
-  dependencies:
-    bn.js: ^4.0.0
-    brorand: ^1.0.1
-  bin:
-    miller-rabin: bin/miller-rabin
-  checksum: 00cd1ab838ac49b03f236cc32a14d29d7d28637a53096bf5c6246a032a37749c9bd9ce7360cbf55b41b89b7d649824949ff12bc8eee29ac77c6b38eada619ece
-  languageName: node
-  linkType: hard
-
- "mime-db@npm:1.50.0, mime-db@npm:>= 1.43.0 < 2":
-   version: 1.50.0
-   resolution: "mime-db@npm:1.50.0"
-@@ -24247,20 +23855,13 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"minimalistic-assert@npm:^1.0.0, minimalistic-assert@npm:^1.0.1":
-+"minimalistic-assert@npm:^1.0.0":
-   version: 1.0.1
-   resolution: "minimalistic-assert@npm:1.0.1"
-   checksum: cc7974a9268fbf130fb055aff76700d7e2d8be5f761fb5c60318d0ed010d839ab3661a533ad29a5d37653133385204c503bfac995aaa4236f4e847461ea32ba7
-   languageName: node
-   linkType: hard
- 
-"minimalistic-crypto-utils@npm:^1.0.1":
-  version: 1.0.1
-  resolution: "minimalistic-crypto-utils@npm:1.0.1"
-  checksum: 6e8a0422b30039406efd4c440829ea8f988845db02a3299f372fceba56ffa94994a9c0f2fd70c17f9969eedfbd72f34b5070ead9656a34d3f71c0bd72583a0ed
-  languageName: node
-  linkType: hard
-
- "minimatch@npm:3.0.4, minimatch@npm:^3.0.4":
-   version: 3.0.4
-   resolution: "minimatch@npm:3.0.4"
-@@ -24903,13 +24504,6 @@ __metadata:
+"loader-utils@npm:2.0.0":
+  version: 2.0.0
+  resolution: "loader-utils@npm:2.0.0"
+  dependencies:
+    big.js: ^5.2.2
+    emojis-list: ^3.0.0
+    json5: ^2.1.2
+  checksum: 6856423131b50b6f5f259da36f498cfd7fc3c3f8bb17777cf87fdd9159e797d4ba4288d9a96415fd8da62c2906960e88f74711dee72d03a9003bddcd0d364a51
+  languageName: node
+  linkType: hard
+
+ "loader-utils@npm:^2.0.0":
+   version: 2.0.3
+   resolution: "loader-utils@npm:2.0.3"
+@@ -27755,13 +27639,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -657,120 +294,7 @@ index 8132e0f942..b41c0efb1b 100644
 "node-gettext@npm:^3.0.0":
   version: 3.0.0
   resolution: "node-gettext@npm:3.0.0"
-@@ -26024,19 +25618,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.5":
-  version: 5.1.6
-  resolution: "parse-asn1@npm:5.1.6"
-  dependencies:
-    asn1.js: ^5.2.0
-    browserify-aes: ^1.0.0
-    evp_bytestokey: ^1.0.0
-    pbkdf2: ^3.0.3
-    safe-buffer: ^5.1.1
-  checksum: 9243311d1f88089bc9f2158972aa38d1abd5452f7b7cabf84954ed766048fe574d434d82c6f5a39b988683e96fb84cd933071dda38927e03469dc8c8d14463c7
-  languageName: node
-  linkType: hard
-
- "parse-entities@npm:^2.0.0":
-   version: 2.0.0
-   resolution: "parse-entities@npm:2.0.0"
-@@ -26258,19 +25839,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"pbkdf2@npm:^3.0.3":
-  version: 3.1.2
-  resolution: "pbkdf2@npm:3.1.2"
-  dependencies:
-    create-hash: ^1.1.2
-    create-hmac: ^1.1.4
-    ripemd160: ^2.0.1
-    safe-buffer: ^5.0.1
-    sha.js: ^2.4.8
-  checksum: 2c950a100b1da72123449208e231afc188d980177d021d7121e96a2de7f2abbc96ead2b87d03d8fe5c318face097f203270d7e27908af9f471c165a4e8e69c92
-  languageName: node
-  linkType: hard
-
- "pend@npm:~1.2.0":
-   version: 1.2.0
-   resolution: "pend@npm:1.2.0"
-@@ -27959,20 +27527,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"public-encrypt@npm:^4.0.0":
-  version: 4.0.3
-  resolution: "public-encrypt@npm:4.0.3"
-  dependencies:
-    bn.js: ^4.1.0
-    browserify-rsa: ^4.0.0
-    create-hash: ^1.1.0
-    parse-asn1: ^5.0.0
-    randombytes: ^2.0.1
-    safe-buffer: ^5.1.2
-  checksum: 215d446e43cef021a20b67c1df455e5eea134af0b1f9b8a35f9e850abf32991b0c307327bc5b9bc07162c288d5cdb3d4a783ea6c6640979ed7b5017e3e0c9935
-  languageName: node
-  linkType: hard
-
- "pump@npm:^2.0.0":
-   version: 2.0.1
-   resolution: "pump@npm:2.0.1"
-@@ -28181,7 +27735,7 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"randombytes@npm:^2.0.0, randombytes@npm:^2.0.1, randombytes@npm:^2.0.5, randombytes@npm:^2.1.0":
-+"randombytes@npm:^2.1.0":
-   version: 2.1.0
-   resolution: "randombytes@npm:2.1.0"
-   dependencies:
-@@ -28190,16 +27744,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"randomfill@npm:^1.0.3":
-  version: 1.0.4
-  resolution: "randomfill@npm:1.0.4"
-  dependencies:
-    randombytes: ^2.0.5
-    safe-buffer: ^5.1.0
-  checksum: 33734bb578a868d29ee1b8555e21a36711db084065d94e019a6d03caa67debef8d6a1bfd06a2b597e32901ddc761ab483a85393f0d9a75838f1912461d4dbfc7
-  languageName: node
-  linkType: hard
-
- "range-parser@npm:^1.2.1, range-parser@npm:~1.2.1":
-   version: 1.2.1
-   resolution: "range-parser@npm:1.2.1"
-@@ -30443,16 +29987,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1":
-  version: 2.0.2
-  resolution: "ripemd160@npm:2.0.2"
-  dependencies:
-    hash-base: ^3.0.0
-    inherits: ^2.0.1
-  checksum: 006accc40578ee2beae382757c4ce2908a826b27e2b079efdcd2959ee544ddf210b7b5d7d5e80467807604244e7388427330f5c6d4cd61e6edaddc5773ccc393
-  languageName: node
-  linkType: hard
-
- "rollup-plugin-copy@npm:3.4.0":
-   version: 3.4.0
-   resolution: "rollup-plugin-copy@npm:3.4.0"
-@@ -30638,7 +30172,7 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.1, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.0, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
-+"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
-   version: 5.2.1
-   resolution: "safe-buffer@npm:5.2.1"
-   checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491
-@@ -30654,7 +30188,7 @@ __metadata:
+@@ -33404,7 +33281,7 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -779,7 +303,7 @@ index 8132e0f942..b41c0efb1b 100644
   version: 2.1.2
   resolution: "safer-buffer@npm:2.1.2"
   checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
-@@ -30891,12 +30425,10 @@ __metadata:
+@@ -33623,12 +33500,10 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -796,26 +320,7 @@ index 8132e0f942..b41c0efb1b 100644
   languageName: node
   linkType: hard
 
-@@ -31133,18 +30665,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"sha.js@npm:^2.4.0, sha.js@npm:^2.4.8":
-  version: 2.4.11
-  resolution: "sha.js@npm:2.4.11"
-  dependencies:
-    inherits: ^2.0.1
-    safe-buffer: ^5.0.1
-  bin:
-    sha.js: ./bin.js
-  checksum: ebd3f59d4b799000699097dadb831c8e3da3eb579144fd7eb7a19484cbcbb7aca3c68ba2bb362242eb09e33217de3b4ea56e4678184c334323eca24a58e3ad07
-  languageName: node
-  linkType: hard
-
- "shallow-clone@npm:^3.0.0":
-   version: 3.0.1
-   resolution: "shallow-clone@npm:3.0.1"
-@@ -31830,27 +31350,6 @@ __metadata:
+@@ -34591,27 +34466,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -840,10 +345,10 @@ index 8132e0f942..b41c0efb1b 100644
 -  languageName: node
 -  linkType: hard
 -
- "ssri@npm:^6.0.1":
-   version: 6.0.2
-   resolution: "ssri@npm:6.0.2"
-@@ -33509,13 +33008,6 @@ __metadata:
+ "ssri@npm:^8.0.0, ssri@npm:^8.0.1":
+   version: 8.0.1
+   resolution: "ssri@npm:8.0.1"
+@@ -36287,13 +36141,6 @@ __metadata:
   languageName: node
   linkType: hard
 
@ -857,7 +362,7 @@ index 8132e0f942..b41c0efb1b 100644
 "type-check@npm:^0.4.0, type-check@npm:~0.4.0":
   version: 0.4.0
   resolution: "type-check@npm:0.4.0"
-@@ -34329,17 +33821,6 @@ __metadata:
+@@ -37042,17 +36889,6 @@ __metadata:
   languageName: node
   linkType: soft
 
@ -875,3 +380,18 @@ index 8132e0f942..b41c0efb1b 100644
 "vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
   version: 3.2.0
   resolution: "vfile-location@npm:3.2.0"
+
+diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
+index e26f95d855..91d71f1414 100644
+--- a/packages/grafana-data/package.json
+++ b/packages/grafana-data/package.json
+@@ -33,7 +33,7 @@
+     "typecheck": "tsc --emitDeclarationOnly false --noEmit"
+   },
+   "dependencies": {
+-    "@braintree/sanitize-url": "6.0.0",
+    "@braintree/sanitize-url": "^6.0.0",
+     "@grafana/schema": "9.2.8",
+     "@types/d3-interpolate": "^1.4.0",
+     "d3-interpolate": "1.4.0",
+
--- a/SOURCES/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch
+++ b/SOURCES/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch
@ -1,358 +0,0 @@
-From 5749f50533225b5d38fed1ed86b1c893cc0466b5 Mon Sep 17 00:00:00 2001
-From: Andreas Gerstmayr <agerstmayr@redhat.com>
-Date: Thu, 25 Nov 2021 18:49:52 +0100
-Subject: [PATCH] notifications: use HMAC-SHA256 to generate password reset
- tokens
-
-* changes the time limit code generation function to use HMAC-SHA256
-  instead of SHA-1
-* multiple new testcases
-
-diff --git a/pkg/services/notifications/codes.go b/pkg/services/notifications/codes.go
-index 32cd5dd7cd..72d33e3814 100644
--- a/pkg/services/notifications/codes.go
-+++ b/pkg/services/notifications/codes.go
-@@ -1,48 +1,53 @@
- package notifications
- 
- import (
-	"crypto/sha1" // #nosec
-+	"crypto/hmac"
-+	"crypto/sha256"
- 	"encoding/hex"
- 	"fmt"
-+	"strconv"
- 	"time"
- 
-	"github.com/unknwon/com"
-
- 	"github.com/grafana/grafana/pkg/models"
- 	"github.com/grafana/grafana/pkg/setting"
- )
- 
-const timeLimitCodeLength = 12 + 6 + 40
-+const timeLimitStartDateLength = 12
-+const timeLimitMinutesLength = 6
-+const timeLimitHmacLength = 64
-+const timeLimitCodeLength = timeLimitStartDateLength + timeLimitMinutesLength + timeLimitHmacLength
- 
- // create a time limit code
-// code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string
-func createTimeLimitCode(data string, minutes int, startInf interface{}) (string, error) {
-+// code format: 12 length date time string + 6 minutes string + 64 HMAC-SHA256 encoded string
-+func createTimeLimitCode(payload string, minutes int, startStr string) (string, error) {
- 	format := "200601021504"
- 
- 	var start, end time.Time
-	var startStr, endStr string
-+	var endStr string
- 
-	if startInf == nil {
-+	if startStr == "" {
- 		// Use now time create code
- 		start = time.Now()
- 		startStr = start.Format(format)
- 	} else {
- 		// use start string create code
-		startStr = startInf.(string)
-		start, _ = time.ParseInLocation(format, startStr, time.Local)
-		startStr = start.Format(format)
-+		var err error
-+		start, err = time.ParseInLocation(format, startStr, time.Local)
-+		if err != nil {
-+			return "", err
-+		}
- 	}
- 
- 	end = start.Add(time.Minute * time.Duration(minutes))
- 	endStr = end.Format(format)
- 
-	// create sha1 encode string
-	sh := sha1.New()
-	if _, err := sh.Write([]byte(data + setting.SecretKey + startStr + endStr +
-		com.ToStr(minutes))); err != nil {
-		return "", err
-+	// create HMAC-SHA256 encoded string
-+	key := []byte(setting.SecretKey)
-+	h := hmac.New(sha256.New, key)
-+	if _, err := h.Write([]byte(payload + startStr + endStr)); err != nil {
-+		return "", fmt.Errorf("cannot create hmac: %v", err)
- 	}
-	encoded := hex.EncodeToString(sh.Sum(nil))
-+	encoded := hex.EncodeToString(h.Sum(nil))
- 
- 	code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)
- 	return code, nil
-@@ -50,29 +55,32 @@ func createTimeLimitCode(data string, minutes int, startInf interface{}) (string
- 
- // verify time limit code
- func validateUserEmailCode(cfg *setting.Cfg, user *models.User, code string) (bool, error) {
-	if len(code) <= 18 {
-+	if len(code) < timeLimitCodeLength {
- 		return false, nil
- 	}
- 
-	minutes := cfg.EmailCodeValidMinutes
- 	code = code[:timeLimitCodeLength]
- 
- 	// split code
-	start := code[:12]
-	lives := code[12:18]
-	if d, err := com.StrTo(lives).Int(); err == nil {
-		minutes = d
-+	startStr := code[:timeLimitStartDateLength]
-+	minutesStr := code[timeLimitStartDateLength : timeLimitStartDateLength+timeLimitMinutesLength]
-+	minutes, err := strconv.Atoi(minutesStr)
-+	if err != nil {
-+		return false, fmt.Errorf("invalid time limit code: %v", err)
- 	}
- 
- 	// right active code
-	data := com.ToStr(user.Id) + user.Email + user.Login + user.Password + user.Rands
-	retCode, err := createTimeLimitCode(data, minutes, start)
-+	payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
-+	expectedCode, err := createTimeLimitCode(payload, minutes, startStr)
- 	if err != nil {
- 		return false, err
- 	}
-	if retCode == code && minutes > 0 {
-+	if hmac.Equal([]byte(code), []byte(expectedCode)) && minutes > 0 {
- 		// check time is expired or not
-		before, _ := time.ParseInLocation("200601021504", start, time.Local)
-+		before, err := time.ParseInLocation("200601021504", startStr, time.Local)
-+		if err != nil {
-+			return false, err
-+		}
- 		now := time.Now()
- 		if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() {
- 			return true, nil
-@@ -93,15 +101,15 @@ func getLoginForEmailCode(code string) string {
- 	return string(b)
- }
- 
-func createUserEmailCode(cfg *setting.Cfg, u *models.User, startInf interface{}) (string, error) {
-+func createUserEmailCode(cfg *setting.Cfg, user *models.User, startStr string) (string, error) {
- 	minutes := cfg.EmailCodeValidMinutes
-	data := com.ToStr(u.Id) + u.Email + u.Login + u.Password + u.Rands
-	code, err := createTimeLimitCode(data, minutes, startInf)
-+	payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
-+	code, err := createTimeLimitCode(payload, minutes, startStr)
- 	if err != nil {
- 		return "", err
- 	}
- 
- 	// add tail hex username
-	code += hex.EncodeToString([]byte(u.Login))
-+	code += hex.EncodeToString([]byte(user.Login))
- 	return code, nil
- }
-diff --git a/pkg/services/notifications/codes_test.go b/pkg/services/notifications/codes_test.go
-index a314c8deca..be9b68ca69 100644
--- a/pkg/services/notifications/codes_test.go
-+++ b/pkg/services/notifications/codes_test.go
-@@ -1,7 +1,10 @@
- package notifications
- 
- import (
-+	"fmt"
-+	"strconv"
- 	"testing"
-+	"time"
- 
- 	"github.com/grafana/grafana/pkg/models"
- 	"github.com/grafana/grafana/pkg/setting"
-@@ -9,18 +12,126 @@ import (
- 	"github.com/stretchr/testify/require"
- )
- 
-+func TestTimeLimitCodes(t *testing.T) {
-+	cfg := setting.NewCfg()
-+	cfg.EmailCodeValidMinutes = 120
-+	user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
-+
-+	format := "200601021504"
-+	mailPayload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
-+	tenMinutesAgo := time.Now().Add(-time.Minute * 10)
-+
-+	tests := []struct {
-+		desc    string
-+		payload string
-+		start   time.Time
-+		minutes int
-+		valid   bool
-+	}{
-+		{
-+			desc:    "code generated 10 minutes ago, 5 minutes valid",
-+			payload: mailPayload,
-+			start:   tenMinutesAgo,
-+			minutes: 5,
-+			valid:   false,
-+		},
-+		{
-+			desc:    "code generated 10 minutes ago, 9 minutes valid",
-+			payload: mailPayload,
-+			start:   tenMinutesAgo,
-+			minutes: 9,
-+			valid:   false,
-+		},
-+		{
-+			desc:    "code generated 10 minutes ago, 10 minutes valid",
-+			payload: mailPayload,
-+			start:   tenMinutesAgo,
-+			minutes: 10,
-+			// code was valid exactly 10 minutes since evaluating the tenMinutesAgo assignment
-+			// by the time this test is run the code is already expired
-+			valid: false,
-+		},
-+		{
-+			desc:    "code generated 10 minutes ago, 11 minutes valid",
-+			payload: mailPayload,
-+			start:   tenMinutesAgo,
-+			minutes: 11,
-+			valid:   true,
-+		},
-+		{
-+			desc:    "code generated 10 minutes ago, 20 minutes valid",
-+			payload: mailPayload,
-+			start:   tenMinutesAgo,
-+			minutes: 20,
-+			valid:   true,
-+		},
-+		{
-+			desc:    "code generated 10 minutes ago, 20 minutes valid, tampered payload",
-+			payload: mailPayload[:len(mailPayload)-1] + "x",
-+			start:   tenMinutesAgo,
-+			minutes: 20,
-+			valid:   false,
-+		},
-+	}
-+
-+	for _, test := range tests {
-+		t.Run(test.desc, func(t *testing.T) {
-+			code, err := createTimeLimitCode(test.payload, test.minutes, test.start.Format(format))
-+			require.NoError(t, err)
-+
-+			isValid, err := validateUserEmailCode(cfg, user, code)
-+			require.NoError(t, err)
-+			require.Equal(t, test.valid, isValid)
-+		})
-+	}
-+
-+	t.Run("tampered minutes", func(t *testing.T) {
-+		code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
-+		require.NoError(t, err)
-+
-+		// code is expired
-+		isValid, err := validateUserEmailCode(cfg, user, code)
-+		require.NoError(t, err)
-+		require.Equal(t, false, isValid)
-+
-+		// let's try to extend the code by tampering the minutes
-+		code = code[:12] + fmt.Sprintf("%06d", 20) + code[18:]
-+		isValid, err = validateUserEmailCode(cfg, user, code)
-+		require.NoError(t, err)
-+		require.Equal(t, false, isValid)
-+	})
-+
-+	t.Run("tampered start string", func(t *testing.T) {
-+		code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
-+		require.NoError(t, err)
-+
-+		// code is expired
-+		isValid, err := validateUserEmailCode(cfg, user, code)
-+		require.NoError(t, err)
-+		require.Equal(t, false, isValid)
-+
-+		// let's try to extend the code by tampering the start string
-+		oneMinuteAgo := time.Now().Add(-time.Minute)
-+
-+		code = oneMinuteAgo.Format(format) + code[12:]
-+		isValid, err = validateUserEmailCode(cfg, user, code)
-+		require.NoError(t, err)
-+		require.Equal(t, false, isValid)
-+	})
-+}
-+
- func TestEmailCodes(t *testing.T) {
- 	t.Run("When generating code", func(t *testing.T) {
- 		cfg := setting.NewCfg()
- 		cfg.EmailCodeValidMinutes = 120
- 
- 		user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
-		code, err := createUserEmailCode(cfg, user, nil)
-+		code, err := createUserEmailCode(cfg, user, "")
- 		require.NoError(t, err)
- 
- 		t.Run("getLoginForCode should return login", func(t *testing.T) {
- 			login := getLoginForEmailCode(code)
-			require.Equal(t, login, "asd")
-+			require.Equal(t, "asd", login)
- 		})
- 
- 		t.Run("Can verify valid code", func(t *testing.T) {
-@@ -29,7 +140,7 @@ func TestEmailCodes(t *testing.T) {
- 			require.True(t, isValid)
- 		})
- 
-		t.Run("Cannot verify in-valid code", func(t *testing.T) {
-+		t.Run("Cannot verify invalid code", func(t *testing.T) {
- 			code = "ASD"
- 			isValid, err := validateUserEmailCode(cfg, user, code)
- 			require.NoError(t, err)
-diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go
-index 84a0d42cb6..52facd0992 100644
--- a/pkg/services/notifications/notifications.go
-+++ b/pkg/services/notifications/notifications.go
-@@ -168,7 +168,7 @@ func (ns *NotificationService) SendEmailCommandHandler(ctx context.Context, cmd
- }
- 
- func (ns *NotificationService) SendResetPasswordEmail(ctx context.Context, cmd *models.SendResetPasswordEmailCommand) error {
-	code, err := createUserEmailCode(ns.Cfg, cmd.User, nil)
-+	code, err := createUserEmailCode(ns.Cfg, cmd.User, "")
- 	if err != nil {
- 		return err
- 	}
-diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go
-index 71970e20a0..6f4b318fe0 100644
--- a/pkg/services/notifications/notifications_test.go
-+++ b/pkg/services/notifications/notifications_test.go
-@@ -2,6 +2,7 @@ package notifications
- 
- import (
- 	"context"
-+	"regexp"
- 	"testing"
- 
- 	"github.com/grafana/grafana/pkg/bus"
-@@ -185,7 +186,8 @@ func TestSendEmailAsync(t *testing.T) {
- 
- 	t.Run("When sending reset email password", func(t *testing.T) {
- 		sut, _ := createSut(t, bus)
-		err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &models.User{Email: "asd@asd.com"}})
-+		user := models.User{Email: "asd@asd.com", Login: "asd@asd.com"}
-+		err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &user})
- 		require.NoError(t, err)
- 
- 		sentMsg := <-sut.mailQueue
-@@ -194,6 +196,21 @@ func TestSendEmailAsync(t *testing.T) {
- 		assert.Equal(t, "Reset your Grafana password - asd@asd.com", sentMsg.Subject)
- 		assert.NotContains(t, sentMsg.Body["text/html"], "Subject")
- 		assert.NotContains(t, sentMsg.Body["text/plain"], "Subject")
-+
-+		// find code in mail
-+		r, _ := regexp.Compile(`code=(\w+)`)
-+		match := r.FindString(sentMsg.Body["text/plain"])
-+		code := match[len("code="):]
-+
-+		// verify code
-+		query := models.ValidateResetPasswordCodeQuery{Code: code}
-+		getUserByLogin := func(ctx context.Context, login string) (*models.User, error) {
-+			query := models.GetUserByLoginQuery{LoginOrEmail: login}
-+			query.Result = &user
-+			return query.Result, nil
-+		}
-+		err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin)
-+		require.NoError(t, err)
- 	})
- 
- 	t.Run("When SMTP disabled in configuration", func(t *testing.T) {
--- a/SOURCES/0006-skip-marketplace-plugin-install-test.patch
+++ b/SOURCES/0006-skip-marketplace-plugin-install-test.patch
@ -1,4 +1,4 @@
-From 03a5c7f452efb1dbf605bba8caf3e86e15888c25 Mon Sep 17 00:00:00 2001
+From a23cb1162fd705147489915667b83a236ad248be Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Thu, 23 Jun 2022 17:00:46 +0200
 Subject: [PATCH] skip marketplace plugin install test
@ -8,10 +8,10 @@ Network connectivity is disabled in the build environment for security
 reasons, therefore we need to disable this test.

 diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
-index e86ce50830..fd60fbe67c 100644
+index 0d62275c4b..c237aa9389 100644
 --- a/pkg/tests/api/plugins/api_plugins_test.go
 +++ b/pkg/tests/api/plugins/api_plugins_test.go
-@@ -55,6 +55,7 @@ func TestPlugins(t *testing.T) {
+@@ -56,6 +56,7 @@ func TestPlugins(t *testing.T) {
 		})
 
 		t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
--- a/SOURCES/0007-fix-alert-test.patch
+++ b/SOURCES/0007-fix-alert-test.patch
--- a/SOURCES/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
+++ b/SOURCES/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
@ -1,20 +0,0 @@
-From dc4e1c882d28db17064bd4fb788775a86ebfe066 Mon Sep 17 00:00:00 2001
-From: Andreas Gerstmayr <agerstmayr@redhat.com>
-Date: Mon, 27 Jun 2022 17:12:27 +0200
-Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
- on 32-bit architectures
-
-
-diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go
-index 40db2d9100..0af2d3ecab 100644
--- a/pkg/tsdb/prometheus/buffered/time_series_query.go
-+++ b/pkg/tsdb/prometheus/buffered/time_series_query.go
-@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
- 		return time.Duration(0)
- 	}
- 
-	rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
-+	rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
- 	return rateInterval
- }
- 
--- a/SOURCES/0008-graphite-functions-xss.patch
+++ b/SOURCES/0008-graphite-functions-xss.patch
@ -0,0 +1,31 @@
+From 05df8dcac715113517b81b1995ab1f0b69017f4a Mon Sep 17 00:00:00 2001
+From: ismail simsek <ismailsimsek09@gmail.com>
+Date: Thu, 16 Mar 2023 23:16:03 +0100
+Subject: [PATCH] graphite functions xss
+
+commit e59427c074
+    [v9.2.x] Fix xss in Graphite functions tooltip (#810)
+
+    Fix xss in Graphite functions tooltip (#804)
+
+    (cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
+
+    Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
+
+diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
+index facd0b2511..d4d41da720 100644
+--- a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
+++ b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
+@@ -11,11 +11,9 @@ export interface FunctionEditorControlsProps {
+ }
+ 
+ const FunctionDescription = React.lazy(async () => {
+-  // @ts-ignore
+-  const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
+   return {
+     default(props: { description?: string }) {
+-      return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />;
+      return <div>{props.description}</div>;
+     },
+   };
+ });
--- a/SOURCES/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
+++ b/SOURCES/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
@ -1,20 +0,0 @@
-From 09be2f6709e7d05a2f75756c5f58b0602b54af72 Mon Sep 17 00:00:00 2001
-From: Andreas Gerstmayr <agerstmayr@redhat.com>
-Date: Tue, 5 Jul 2022 17:04:13 +0200
-Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
- on 32-bit architectures 2
-
-
-diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go
-index bdd48d08ed..aa2b1f9945 100644
--- a/pkg/tsdb/prometheus/models/query.go
-+++ b/pkg/tsdb/prometheus/models/query.go
-@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
- 		return time.Duration(0)
- 	}
- 
-	rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
-+	rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
- 	return rateInterval
- }
- 
--- a/SOURCES/0010-skip-tests.patch
+++ b/SOURCES/0010-skip-tests.patch
@ -0,0 +1,71 @@
+From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
+From: Stan Cox <scox@redhat.com>
+Date: Wed, 22 Jun 2022 17:05:48 +0200
+Subject: [PATCH] skip tests
+
+These tests are problematic on s390 but lint complains about patches
+in an %ifarch block so apply to all architectures.
+
+diff --git a/pkg/services/ngalert/notifier/alertmanager_test.go b/pkg/services/ngalert/notifier/alertmanager_test.go
+--- a/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-04 22:38:26.566930436 -0400
+++ b/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-06 13:25:43.785556819 -0400
+@@ -54,6 +54,7 @@
+ }
+ 
+ func TestPutAlert(t *testing.T) {
+	t.Skip("Skip testing TestPutAlert")
+ 	am := setupAMTest(t)
+ 
+ 	startTime := time.Now()
+@@ -350,6 +351,7 @@
+ // implement a custom maintenance function for silences, because we snapshot
+ // our data differently, so we test that functionality.
+ func TestSilenceCleanup(t *testing.T) {
+	t.Skip("Skip testing TestSilenceCleanup")
+ 	require := require.New(t)
+ 
+ 	oldRetention := retentionNotificationsAndSilences
+diff --git a/pkg/services/ngalert/state/manager_test.go b/pkg/services/ngalert/state/manager_test.go
+--- a/pkg/services/ngalert/state/manager_test.go	2023-06-04 22:38:26.570930475 -0400
+++ b/pkg/services/ngalert/state/manager_test.go	2023-06-06 13:26:47.588172342 -0400
+@@ -78,6 +78,7 @@
+ }
+ 
+ func TestProcessEvalResults(t *testing.T) {
+	t.Skip("Skip testing TestProcessEvalResults")
+ 	evaluationTime, err := time.Parse("2006-01-02", "2021-03-25")
+ 	if err != nil {
+ 		t.Fatalf("error parsing date format: %s", err.Error())
+diff --git a/pkg/services/ngalert/schedule/schedule_test.go b/pkg/services/ngalert/schedule/schedule_test.go
+--- a/pkg/services/ngalert/schedule/schedule_test.go	2023-06-04 22:38:26.569930465 -0400
+++ b/pkg/services/ngalert/schedule/schedule_test.go	2023-06-06 13:27:14.475431726 -0400
+@@ -130,6 +130,7 @@
+ }
+ 
+ func TestAlertingTicker(t *testing.T) {
+	t.Skip("Skip testing TestAlertingTicker")
+ 	ctx := context.Background()
+ 	_, dbstore := tests.SetupTestEnv(t, 1)
+ 
+diff --git a/pkg/infra/filestorage/fs_integration_test.go b/pkg/infra/filestorage/fs_integration_test.go
+--- a/pkg/infra/filestorage/fs_integration_test.go	2023-06-04 22:38:26.539930172 -0400
+++ b/pkg/infra/filestorage/fs_integration_test.go	2023-06-06 13:27:48.535760305 -0400
+@@ -169,6 +169,7 @@
+ }
+ 
+ func TestIntegrationFsStorage(t *testing.T) {
+	t.Skip("Skip testing TestIntegrationFsStorage")
+ 	if testing.Short() {
+ 		t.Skip("skipping integration test")
+ 	}
+diff --git a/pkg/tests/api/alerting/api_prometheus_test.go b/pkg/tests/api/alerting/api_prometheus_test.go
+--- a/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-04 22:38:26.588930651 -0400
+++ b/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-06 13:28:13.260998838 -0400
+@@ -25,6 +25,7 @@
+ )
+ 
+ func TestPrometheusRules(t *testing.T) {
+	t.Skip("Skip testing TestPrometheusRules")
+ 	dir, path := testinfra.CreateGrafDir(t, testinfra.GrafanaOpts{
+ 		DisableLegacyAlerting: true,
+ 		EnableUnifiedAlerting: true,
--- a/SOURCES/0010-v9.0.x-Login-email-before-username-57406.patch
+++ b/SOURCES/0010-v9.0.x-Login-email-before-username-57406.patch
@ -1,100 +0,0 @@
-From 74f3c59f7096b5c31d5c218310b20775eb111d0f Mon Sep 17 00:00:00 2001
-From: Karl Persson <kalle.persson@grafana.com>
-Date: Fri, 21 Oct 2022 14:15:21 +0200
-Subject: [PATCH] [v9.0.x] Login email before username (#57406)
-
-* Add test for username/login field conflict
-
-* Swap order of login fields
-
-Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
-
-diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go
-index 9cd80da396..00e3ddc2df 100644
--- a/pkg/services/sqlstore/user.go
-+++ b/pkg/services/sqlstore/user.go
-@@ -170,20 +170,24 @@ func (ss *SQLStore) GetUserByLogin(ctx context.Context, query *models.GetUserByL
- 			return models.ErrUserNotFound
- 		}
- 
-		// Try and find the user by login first.
-		// It's not sufficient to assume that a LoginOrEmail with an "@" is an email.
-+		var has bool
-+		var err error
- 		user := &models.User{Login: query.LoginOrEmail}
-		has, err := sess.Where(notServiceAccountFilter(ss)).Get(user)
-
-		if err != nil {
-			return err
-		}
- 
-		if !has && strings.Contains(query.LoginOrEmail, "@") {
-			// If the user wasn't found, and it contains an "@" fallback to finding the
-			// user by email.
-+		// Since username can be an email address, attempt login with email address
-+		// first if the login field has the "@" symbol.
-+		if strings.Contains(query.LoginOrEmail, "@") {
- 			user = &models.User{Email: query.LoginOrEmail}
- 			has, err = sess.Get(user)
-+
-+			if err != nil {
-+				return err
-+			}
-+		}
-+
-+		// Lookup the login field instead of email field
-+		if !has {
-+			has, err = sess.Where(notServiceAccountFilter(ss)).Get(user)
- 		}
- 
- 		if err != nil {
-diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
-index d3803fa0c9..da23a7cca9 100644
--- a/pkg/services/sqlstore/user_test.go
-+++ b/pkg/services/sqlstore/user_test.go
-@@ -51,6 +51,45 @@ func TestIntegrationUserDataAccess(t *testing.T) {
- 		require.False(t, query.Result.IsDisabled)
- 	})
- 
-+	t.Run("Get User by login - user_2 uses user_1.email as login", func(t *testing.T) {
-+		ss = InitTestDB(t)
-+
-+		// create user_1
-+		cmd := models.CreateUserCommand{
-+			Email:      "user_1@mail.com",
-+			Name:       "user_1",
-+			Login:      "user_1",
-+			Password:   "user_1_password",
-+			IsDisabled: true,
-+		}
-+		user_1, err := ss.CreateUser(context.Background(), cmd)
-+		require.Nil(t, err)
-+
-+		// create user_2
-+		cmd = models.CreateUserCommand{
-+			Email:      "user_2@mail.com",
-+			Name:       "user_2",
-+			Login:      "user_1@mail.com",
-+			Password:   "user_2_password",
-+			IsDisabled: true,
-+		}
-+		user_2, err := ss.CreateUser(context.Background(), cmd)
-+		require.Nil(t, err)
-+
-+		// query user database for user_1 email
-+		query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"}
-+		err = ss.GetUserByLogin(context.Background(), &query)
-+		require.Nil(t, err)
-+
-+		// expect user_1 as result
-+		require.Equal(t, user_1.Email, query.Result.Email)
-+		require.Equal(t, user_1.Login, query.Result.Login)
-+		require.Equal(t, user_1.Name, query.Result.Name)
-+		require.NotEqual(t, user_2.Email, query.Result.Email)
-+		require.NotEqual(t, user_2.Login, query.Result.Login)
-+		require.NotEqual(t, user_2.Name, query.Result.Name)
-+	})
-+
- 	t.Run("Testing DB - creates and loads disabled user", func(t *testing.T) {
- 		ss = InitTestDB(t)
- 		cmd := models.CreateUserCommand{
--- a/SOURCES/0011-remove-email-lookup.patch
+++ b/SOURCES/0011-remove-email-lookup.patch
@ -1,20 +1,18 @@
-From 150a1d2777ea86253e6f800a2ee6273b92295ed9 Mon Sep 17 00:00:00 2001
-From: eabdullin <ed.abdullin.1@gmail.com>
-Date: Wed, 12 Jul 2023 15:31:00 +0300
-Subject: [PATCH] CVE-2023-3128
+commit bae86dbeb0
+Author: Ieva <ieva.vasiljeva@grafana.com>
+Date:   Tue Jun 6 17:45:31 2023 +0100

---
- pkg/api/login_oauth.go | 17 +++++++++--------
- pkg/setting/setting.go |  5 ++++-
- 2 files changed, 13 insertions(+), 9 deletions(-)
+    Auth: Remove Email Lookup from oauth integrations 9.2 (#898)
+    
+    backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x

 diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
-index b422baf..f124252 100644
+index 22014aee43..af00c56a68 100644
 --- a/pkg/api/login_oauth.go
 +++ b/pkg/api/login_oauth.go
-@@ -299,16 +299,17 @@ func (hs *HTTPServer) SyncUser(
+@@ -302,16 +302,17 @@
 	connect social.SocialConnector,
- ) (*models.User, error) {
+ ) (*user.User, error) {
 	oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
 +	lookupParams := models.UserLookupParams{}
 +	if hs.Cfg.OAuthAllowInsecureEmailLookup {
@ -39,10 +37,10 @@ index b422baf..f124252 100644
 
 	if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
 diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
-index ba2c4bb..6b5c948 100644
+index 20e8f78a2f..03aa5c17d8 100644
 --- a/pkg/setting/setting.go
 +++ b/pkg/setting/setting.go
-@@ -312,7 +312,8 @@ type Cfg struct {
+@@ -318,7 +318,8 @@
 	AuthProxySyncTTL          int
 
 	// OAuth
@ -51,8 +49,8 @@ index ba2c4bb..6b5c948 100644
 +	OAuthAllowInsecureEmailLookup bool
 
 	// JWT Auth
- 	JWTAuthEnabled       bool
-@@ -1255,6 +1256,8 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
+ 	JWTAuthEnabled                 bool
+@@ -1256,6 +1256,8 @@
 		return err
 	}
 
--- a/SOURCES/0012-coredump-selinux-error.patch
+++ b/SOURCES/0012-coredump-selinux-error.patch
@ -0,0 +1,13 @@
+diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go
+index 20d111edba..6655f81cee 100644
+--- a/pkg/framework/coremodel/helpers.go
+++ b/pkg/framework/coremodel/helpers.go
+@@ -26,7 +26,7 @@ func init() {
+ 	var err error
+ 	defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext())
+ 	if err != nil {
+-		panic(err)
+//		panic(err)
+ 	}
+ }
+ 
--- a/SOURCES/0013-snapshot-delete-check-org.patch
+++ b/SOURCES/0013-snapshot-delete-check-org.patch
@ -0,0 +1,21 @@
+From 9c1236ba6e7d4c6506c62adeb830d9e56db7f425 Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Thu, 28 Mar 2024 13:24:35 -0400
+Subject: [PATCH] snapshot delete check org
+
+
+diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go
+index 47ae50544a..0007e89ccb 100644
+--- a/pkg/api/dashboard_snapshot.go
+++ b/pkg/api/dashboard_snapshot.go
+@@ -328,6 +328,10 @@ func (hs *HTTPServer) DeleteDashboardSnapshot(c *models.ReqContext) response.Res
+ 		return response.Error(http.StatusNotFound, "Failed to get dashboard snapshot", nil)
+ 	}
+ 
+	if query.Result.OrgId != c.OrgID {
+		return response.Error(http.StatusUnauthorized, "OrgID mismatch", nil)
+	}
+
+ 	if query.Result.External {
+ 		err := deleteExternalDashboardSnapshot(query.Result.ExternalDeleteUrl)
+ 		if err != nil {
--- a/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
+++ b/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
@ -209,13 +209,14 @@ diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vend
 index ae3ebc03b9..11dbc3c56e 100644
 --- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
 +++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
-@@ -16,13 +16,11 @@
+@@ -16,14 +16,11 @@
 package web
 
 import (
 -	"encoding/hex"
 	"fmt"
 	"net/http"
+-	"strings"
 	"sync"
 
 	"github.com/go-kit/log"
@ -246,7 +247,7 @@ index ae3ebc03b9..11dbc3c56e 100644
 // validateHeaderConfig checks that the provided header configuration is correct.
 // It does not check the validity of all the values, only the ones which are
 // well-defined enumerations.
-@@ -83,55 +65,3 @@ type webHandler struct {
+@@ -67,60 +49,3 @@ type webHandler struct {
 	// only once in parallel as this is CPU intensive.
 	bcryptMtx sync.Mutex
 }
@ -280,7 +281,12 @@ index ae3ebc03b9..11dbc3c56e 100644
 -			hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"
 -		}
 -
-		cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...))
+-		cacheKey := strings.Join(
+-			[]string{
+-				hex.EncodeToString([]byte(user)),
+-				hex.EncodeToString([]byte(hashedPassword)),
+-				hex.EncodeToString([]byte(pass)),
+-			}, ":")
 -		authOk, ok := u.cache.get(cacheKey)
 -
 -		if !ok {
@ -289,7 +295,7 @@ index ae3ebc03b9..11dbc3c56e 100644
 -			err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))
 -			u.bcryptMtx.Unlock()
 -
-			authOk = err == nil
+-			authOk = validUser && err == nil
 -			u.cache.set(cacheKey, authOk)
 -		}
 -
@ -303,10 +309,9 @@ index ae3ebc03b9..11dbc3c56e 100644
 -	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 -}
 diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
-index 2668964a06..291464ba7e 100644
--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
-+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
-@@ -18,12 +18,8 @@ import (
+--- grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go	2023-03-13 20:00:00.000000000 -0400
+++ /tmp/rpkg/grafana-1-v6p2z4of/grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go	2023-03-16 13:43:13.300238021 -0400
+@@ -18,12 +18,8 @@
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
@ -319,7 +324,7 @@ index 2668964a06..291464ba7e 100644
 	"github.com/pkg/errors"
 	config_util "github.com/prometheus/common/config"
 	"gopkg.in/yaml.v2"
-@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {
+@@ -177,98 +173,6 @@
 	return cfg, nil
 }
 
@ -386,7 +391,12 @@ index 2668964a06..291464ba7e 100644
 -	// Set the GetConfigForClient method of the HTTPS server so that the config
 -	// and certs are reloaded on new connections.
 -	server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
-		return getTLSConfig(tlsConfigPath)
+-		config, err := getTLSConfig(tlsConfigPath)
+-		if err != nil {
+-			return nil, err
+-		}
+-		config.NextProtos = server.TLSConfig.NextProtos
+-		return config, nil
 -	}
 -	return server.ServeTLS(l, "", "")
 -}
@ -413,7 +423,7 @@ index 2668964a06..291464ba7e 100644
 type cipher uint16
 
 func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
-@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) {
+@@ -351,11 +255,3 @@
 	}
 	return fmt.Sprintf("%v", tv), nil
 }
@ -425,3 +435,722 @@ index 2668964a06..291464ba7e 100644
 -func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
 -	return ListenAndServe(server, tlsConfigPath, logger)
 -}
+diff a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go
+--- a/vendor/github.com/go-git/go-git/v5/options.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/options.go	2022-12-20 10:24:35.162653691 -0500
+@@ -7,7 +7,7 @@
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/ProtonMail/go-crypto/openpgp"
+	//	"github.com/ProtonMail/go-crypto/openpgp"
+ 	"github.com/go-git/go-git/v5/config"
+ 	"github.com/go-git/go-git/v5/plumbing"
+ 	"github.com/go-git/go-git/v5/plumbing/object"
+@@ -434,7 +434,7 @@
+ 	// SignKey denotes a key to sign the commit with. A nil value here means the
+ 	// commit will not be signed. The private key must be present and already
+ 	// decrypted.
+-	SignKey *openpgp.Entity
+	//	SignKey *openpgp.Entity
+ }
+ 
+ // Validate validates the fields and sets the default values.
+@@ -517,7 +517,7 @@
+ 	Message string
+ 	// SignKey denotes a key to sign the tag with. A nil value here means the tag
+ 	// will not be signed. The private key must be present and already decrypted.
+-	SignKey *openpgp.Entity
+	//	SignKey *openpgp.Entity
+ }
+ 
+ // Validate validates the fields and sets the default values.
+diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
+--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go	2022-12-20 10:33:26.630073026 -0500
+@@ -9,7 +9,7 @@
+ 	"io"
+ 	"strings"
+ 
+-	"github.com/ProtonMail/go-crypto/openpgp"
+	//	"github.com/ProtonMail/go-crypto/openpgp"
+ 
+ 	"github.com/go-git/go-git/v5/plumbing"
+ 	"github.com/go-git/go-git/v5/plumbing/storer"
+@@ -354,7 +354,8 @@
+ 
+ // Verify performs PGP verification of the commit with a provided armored
+ // keyring and returns openpgp.Entity associated with verifying key on success.
+-func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
+func (c *Commit) Verify(armoredKeyRing string) (*int, error) {
+	/*
+ 	keyRingReader := strings.NewReader(armoredKeyRing)
+ 	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
+ 	if err != nil {
+@@ -375,6 +376,8 @@
+ 	}
+ 
+ 	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
+	*/
+	return nil,  nil
+ }
+ 
+ func indent(t string) string {
+diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go
+--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go	2022-12-20 10:37:05.542949113 -0500
+@@ -6,9 +6,9 @@
+ 	"fmt"
+ 	"io"
+ 	stdioutil "io/ioutil"
+-	"strings"
+	//	"strings"
+ 
+-	"github.com/ProtonMail/go-crypto/openpgp"
+	//	"github.com/ProtonMail/go-crypto/openpgp"
+ 
+ 	"github.com/go-git/go-git/v5/plumbing"
+ 	"github.com/go-git/go-git/v5/plumbing/storer"
+@@ -284,7 +284,8 @@
+ 
+ // Verify performs PGP verification of the tag with a provided armored
+ // keyring and returns openpgp.Entity associated with verifying key on success.
+-func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
+func (t *Tag) Verify(armoredKeyRing string) (*int, error) {
+	/*
+ 	keyRingReader := strings.NewReader(armoredKeyRing)
+ 	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
+ 	if err != nil {
+@@ -305,6 +306,8 @@
+ 	}
+ 
+ 	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
+	*/
+	return nil, nil
+ }
+ 
+ // TagIter provides an iterator for a set of tags.
+diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go
+--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go	2022-12-20 13:42:13.659296361 -0500
+@@ -1,6 +1,7 @@
+ package ssh
+ 
+ import (
+	/*
+ 	"errors"
+ 	"fmt"
+ 	"io/ioutil"
+@@ -14,6 +15,7 @@
+ 	sshagent "github.com/xanzy/ssh-agent"
+ 	"golang.org/x/crypto/ssh"
+ 	"golang.org/x/crypto/ssh/knownhosts"
+	*/
+ )
+ 
+ const DefaultUsername = "git"
+@@ -22,10 +24,12 @@
+ // must implement. The clientConfig method returns the ssh client
+ // configuration needed to establish an ssh connection.
+ type AuthMethod interface {
+	/*
+ 	transport.AuthMethod
+ 	// ClientConfig should return a valid ssh.ClientConfig to be used to create
+ 	// a connection to the SSH server.
+ 	ClientConfig() (*ssh.ClientConfig, error)
+	*/
+ }
+ 
+ // The names of the AuthMethod implementations. To be returned by the
+@@ -42,78 +46,101 @@
+ // KeyboardInteractive implements AuthMethod by using a
+ // prompt/response sequence controlled by the server.
+ type KeyboardInteractive struct {
+	/*
+ 	User      string
+ 	Challenge ssh.KeyboardInteractiveChallenge
+ 	HostKeyCallbackHelper
+	*/
+ }
+ 
+ func (a *KeyboardInteractive) Name() string {
+-	return KeyboardInteractiveName
+	//	return KeyboardInteractiveName
+	return ""
+ }
+ 
+ func (a *KeyboardInteractive) String() string {
+-	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+ 	return ""
+ }
+ 
+-func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) {
+func (a *KeyboardInteractive) ClientConfig() (*int, error) {
+	/*
+ 	return a.SetHostKeyCallback(&ssh.ClientConfig{
+ 		User: a.User,
+ 		Auth: []ssh.AuthMethod{
+ 			a.Challenge,
+ 		},
+ 	})
+	*/
+	return nil, nil
+ }
+ 
+ // Password implements AuthMethod by using the given password.
+ type Password struct {
+	/*
+ 	User     string
+ 	Password string
+ 	HostKeyCallbackHelper
+	*/
+ }
+ 
+ func (a *Password) Name() string {
+-	return PasswordName
+	//	return PasswordName
+	return ""
+ }
+ 
+ func (a *Password) String() string {
+-	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	return ""
+ }
+ 
+-func (a *Password) ClientConfig() (*ssh.ClientConfig, error) {
+func (a *Password) ClientConfig() (*int, error) {
+	/*
+ 	return a.SetHostKeyCallback(&ssh.ClientConfig{
+ 		User: a.User,
+ 		Auth: []ssh.AuthMethod{ssh.Password(a.Password)},
+ 	})
+	*/
+	return nil, nil
+ }
+ 
+ // PasswordCallback implements AuthMethod by using a callback
+ // to fetch the password.
+ type PasswordCallback struct {
+	/*
+ 	User     string
+ 	Callback func() (pass string, err error)
+ 	HostKeyCallbackHelper
+	*/
+ }
+ 
+ func (a *PasswordCallback) Name() string {
+-	return PasswordCallbackName
+	//	return PasswordCallbackName
+	return ""
+ }
+ 
+ func (a *PasswordCallback) String() string {
+-	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	return ""
+ }
+ 
+-func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) {
+func (a *PasswordCallback) ClientConfig() (*int, error) {
+	/*
+ 	return a.SetHostKeyCallback(&ssh.ClientConfig{
+ 		User: a.User,
+ 		Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)},
+ 	})
+	*/
+	return nil, nil
+ }
+ 
+ // PublicKeys implements AuthMethod by using the given key pairs.
+ type PublicKeys struct {
+	/*
+ 	User   string
+ 	Signer ssh.Signer
+ 	HostKeyCallbackHelper
+	*/
+ }
+ 
+ // NewPublicKeys returns a PublicKeys from a PEM encoded private key. An
+@@ -121,6 +148,7 @@
+ // encrypted PEM block otherwise password should be empty. It supports RSA
+ // (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.
+ func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
+	/*
+ 	signer, err := ssh.ParsePrivateKey(pemBytes)
+ 	if _, ok := err.(*ssh.PassphraseMissingError); ok {
+ 		signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password))
+@@ -129,36 +157,47 @@
+ 		return nil, err
+ 	}
+ 	return &PublicKeys{User: user, Signer: signer}, nil
+	*/
+	return nil, nil
+ }
+ 
+ // NewPublicKeysFromFile returns a PublicKeys from a file containing a PEM
+ // encoded private key. An encryption password should be given if the pemBytes
+ // contains a password encrypted PEM block otherwise password should be empty.
+ func NewPublicKeysFromFile(user, pemFile, password string) (*PublicKeys, error) {
+	/*
+ 	bytes, err := ioutil.ReadFile(pemFile)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+ 
+ 	return NewPublicKeys(user, bytes, password)
+	*/
+	return nil, nil
+ }
+ 
+ func (a *PublicKeys) Name() string {
+-	return PublicKeysName
+	//	return PublicKeysName
+	return ""
+ }
+ 
+ func (a *PublicKeys) String() string {
+-	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	return ""
+ }
+ 
+-func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) {
+func (a *PublicKeys) ClientConfig() (*int, error) {
+	/*
+ 	return a.SetHostKeyCallback(&ssh.ClientConfig{
+ 		User: a.User,
+ 		Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)},
+ 	})
+	*/
+	return nil, nil
+ }
+ 
+ func username() (string, error) {
+	/*
+ 	var username string
+ 	if user, err := user.Current(); err == nil {
+ 		username = user.Username
+@@ -171,20 +210,25 @@
+ 	}
+ 
+ 	return username, nil
+	*/
+	return "",  nil
+ }
+ 
+ // PublicKeysCallback implements AuthMethod by asking a
+ // ssh.agent.Agent to act as a signer.
+ type PublicKeysCallback struct {
+	/*
+ 	User     string
+ 	Callback func() (signers []ssh.Signer, err error)
+ 	HostKeyCallbackHelper
+	*/
+ }
+ 
+ // NewSSHAgentAuth returns a PublicKeysCallback based on a SSH agent, it opens
+ // a pipe with the SSH agent and uses the pipe as the implementer of the public
+ // key callback function.
+ func NewSSHAgentAuth(u string) (*PublicKeysCallback, error) {
+	/*
+ 	var err error
+ 	if u == "" {
+ 		u, err = username()
+@@ -202,21 +246,28 @@
+ 		User:     u,
+ 		Callback: a.Signers,
+ 	}, nil
+	*/
+	return nil, nil
+ }
+ 
+ func (a *PublicKeysCallback) Name() string {
+-	return PublicKeysCallbackName
+	   //	return PublicKeysCallbackName
+	   return ""
+ }
+ 
+ func (a *PublicKeysCallback) String() string {
+-	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
+	return ""
+ }
+ 
+-func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) {
+func (a *PublicKeysCallback) ClientConfig() (*int, error) {
+	/*	
+ 	return a.SetHostKeyCallback(&ssh.ClientConfig{
+ 		User: a.User,
+ 		Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)},
+ 	})
+	*/
+	return nil, nil
+ }
+ 
+ // NewKnownHostsCallback returns ssh.HostKeyCallback based on a file based on a
+@@ -229,7 +280,8 @@
+ // If SSH_KNOWN_HOSTS is not set the following file locations will be used:
+ //   ~/.ssh/known_hosts
+ //   /etc/ssh/ssh_known_hosts
+-func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) {
+func NewKnownHostsCallback(files ...string) (*int, error) {
+	/*
+ 	var err error
+ 
+ 	if len(files) == 0 {
+@@ -243,9 +295,12 @@
+ 	}
+ 
+ 	return knownhosts.New(files...)
+	*/
+	return nil, nil
+ }
+ 
+-func getDefaultKnownHostsFiles() ([]string, error) {
+func getDefaultKnownHostsFiles() (*int, error) {
+	/*
+ 	files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS"))
+ 	if len(files) != 0 {
+ 		return files, nil
+@@ -260,9 +315,12 @@
+ 		filepath.Join(homeDirPath, "/.ssh/known_hosts"),
+ 		"/etc/ssh/ssh_known_hosts",
+ 	}, nil
+	*/
+	return nil, nil
+ }
+ 
+-func filterKnownHostsFiles(files ...string) ([]string, error) {
+func filterKnownHostsFiles(files ...string) (*int, error) {
+	/*
+ 	var out []string
+ 	for _, file := range files {
+ 		_, err := os.Stat(file)
+@@ -281,6 +339,8 @@
+ 	}
+ 
+ 	return out, nil
+	*/
+	return nil, nil
+ }
+ 
+ // HostKeyCallbackHelper is a helper that provides common functionality to
+@@ -289,13 +349,14 @@
+ 	// HostKeyCallback is the function type used for verifying server keys.
+ 	// If nil default callback will be create using NewKnownHostsCallback
+ 	// without argument.
+-	HostKeyCallback ssh.HostKeyCallback
+	//	HostKeyCallback ssh.HostKeyCallback
+ }
+ 
+ // SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If
+ // HostKeyCallback is empty a default callback is created using
+ // NewKnownHostsCallback.
+-func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) {
+func (m *HostKeyCallbackHelper) SetHostKeyCallback(*int) (*int, error) {
+	/*
+ 	var err error
+ 	if m.HostKeyCallback == nil {
+ 		if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil {
+@@ -305,4 +366,6 @@
+ 
+ 	cfg.HostKeyCallback = m.HostKeyCallback
+ 	return cfg, nil
+	*/
+	return nil, nil
+ }
+diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
+--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go	2022-12-20 14:01:25.825788050 -0500
+@@ -2,18 +2,22 @@
+ package ssh
+ 
+ import (
+-	"context"
+	//	"context"
+ 	"fmt"
+	/*
+ 	"reflect"
+ 	"strconv"
+ 	"strings"
+	*/
+ 
+ 	"github.com/go-git/go-git/v5/plumbing/transport"
+ 	"github.com/go-git/go-git/v5/plumbing/transport/internal/common"
+ 
+ 	"github.com/kevinburke/ssh_config"
+	/*
+ 	"golang.org/x/crypto/ssh"
+ 	"golang.org/x/net/proxy"
+	*/
+ )
+ 
+ // DefaultClient is the default SSH client.
+@@ -28,23 +32,26 @@
+ }
+ 
+ // NewClient creates a new SSH client with an optional *ssh.ClientConfig.
+-func NewClient(config *ssh.ClientConfig) transport.Transport {
+-	return common.NewClient(&runner{config: config})
+func NewClient(*int) transport.Transport {
+	//	return common.NewClient(&runner{config: config})
+	return nil
+ }
+ 
+ // DefaultAuthBuilder is the function used to create a default AuthMethod, when
+ // the user doesn't provide any.
+ var DefaultAuthBuilder = func(user string) (AuthMethod, error) {
+-	return NewSSHAgentAuth(user)
+	//	return NewSSHAgentAuth(user)
+	return nil, nil
+ }
+ 
+ const DefaultPort = 22
+ 
+ type runner struct {
+-	config *ssh.ClientConfig
+	//	config *ssh.ClientConfig
+ }
+ 
+ func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) {
+	/*
+ 	c := &command{command: cmd, endpoint: ep, config: r.config}
+ 	if auth != nil {
+ 		c.setAuth(auth)
+@@ -54,9 +61,12 @@
+ 		return nil, err
+ 	}
+ 	return c, nil
+	*/
+	return nil, nil
+ }
+ 
+ type command struct {
+	/*
+ 	*ssh.Session
+ 	connected bool
+ 	command   string
+@@ -64,24 +74,29 @@
+ 	client    *ssh.Client
+ 	auth      AuthMethod
+ 	config    *ssh.ClientConfig
+	*/
+ }
+ 
+ func (c *command) setAuth(auth transport.AuthMethod) error {
+	/*
+ 	a, ok := auth.(AuthMethod)
+ 	if !ok {
+ 		return transport.ErrInvalidAuthMethod
+ 	}
+ 
+ 	c.auth = a
+	*/
+ 	return nil
+ }
+ 
+ func (c *command) Start() error {
+-	return c.Session.Start(endpointToCommand(c.command, c.endpoint))
+	//	return c.Session.Start(endpointToCommand(c.command, c.endpoint))
+	return nil
+ }
+ 
+ // Close closes the SSH session and connection.
+ func (c *command) Close() error {
+	/*
+ 	if !c.connected {
+ 		return nil
+ 	}
+@@ -99,6 +114,8 @@
+ 	}
+ 
+ 	return err
+	*/
+	return nil
+ }
+ 
+ // connect connects to the SSH server, unless a AuthMethod was set with
+@@ -106,6 +123,7 @@
+ // it connects to a SSH agent, using the address stored in the SSH_AUTH_SOCK
+ // environment var.
+ func (c *command) connect() error {
+	/*
+ 	if c.connected {
+ 		return transport.ErrAlreadyConnected
+ 	}
+@@ -136,10 +154,12 @@
+ 	}
+ 
+ 	c.connected = true
+	*/
+ 	return nil
+ }
+ 
+-func dial(network, addr string, config *ssh.ClientConfig) (*ssh.Client, error) {
+func dial(network, addr string, config *int) (*int, error) {
+	/*
+ 	var (
+ 		ctx    = context.Background()
+ 		cancel context.CancelFunc
+@@ -160,9 +180,12 @@
+ 		return nil, err
+ 	}
+ 	return ssh.NewClient(c, chans, reqs), nil
+	*/
+	return nil, nil
+ }
+ 
+ func (c *command) getHostWithPort() string {
+	/*
+ 	if addr, found := c.doGetHostWithPortFromSSHConfig(); found {
+ 		return addr
+ 	}
+@@ -174,9 +197,12 @@
+ 	}
+ 
+ 	return fmt.Sprintf("%s:%d", host, port)
+	*/
+	return ""
+ }
+ 
+ func (c *command) doGetHostWithPortFromSSHConfig() (addr string, found bool) {
+	/*
+ 	if DefaultSSHConfig == nil {
+ 		return
+ 	}
+@@ -202,12 +228,13 @@
+ 	}
+ 
+ 	addr = fmt.Sprintf("%s:%d", host, port)
+	*/
+ 	return
+ }
+ 
+ func (c *command) setAuthFromEndpoint() error {
+ 	var err error
+-	c.auth, err = DefaultAuthBuilder(c.endpoint.User)
+	//	c.auth, err = DefaultAuthBuilder(c.endpoint.User)
+ 	return err
+ }
+ 
+@@ -215,7 +242,8 @@
+ 	return fmt.Sprintf("%s '%s'", cmd, ep.Path)
+ }
+ 
+-func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) {
+func overrideConfig(overrides *int, c *int) {
+	/*
+ 	if overrides == nil {
+ 		return
+ 	}
+@@ -232,4 +260,5 @@
+ 	}
+ 
+ 	*c = vc.Interface().(ssh.ClientConfig)
+	*/
+ }
+diff a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go
+--- a/vendor/github.com/go-git/go-git/v5/repository.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/repository.go	2022-12-20 13:46:57.584666477 -0500
+@@ -13,7 +13,7 @@
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/ProtonMail/go-crypto/openpgp"
+	//	"github.com/ProtonMail/go-crypto/openpgp"
+ 	"github.com/go-git/go-billy/v5"
+ 	"github.com/go-git/go-billy/v5/osfs"
+ 	"github.com/go-git/go-billy/v5/util"
+@@ -706,6 +706,7 @@
+ 		Target:     hash,
+ 	}
+ 
+	/*
+ 	if opts.SignKey != nil {
+ 		sig, err := r.buildTagSignature(tag, opts.SignKey)
+ 		if err != nil {
+@@ -714,6 +715,7 @@
+ 
+ 		tag.PGPSignature = sig
+ 	}
+	*/
+ 
+ 	obj := r.Storer.NewEncodedObject()
+ 	if err := tag.Encode(obj); err != nil {
+@@ -723,7 +725,8 @@
+ 	return r.Storer.SetEncodedObject(obj)
+ }
+ 
+-func (r *Repository) buildTagSignature(tag *object.Tag, signKey *openpgp.Entity) (string, error) {
+func (r *Repository) buildTagSignature(tag *object.Tag, signKey *int) (string, error) {
+	/*
+ 	encoded := &plumbing.MemoryObject{}
+ 	if err := tag.Encode(encoded); err != nil {
+ 		return "", err
+@@ -740,6 +743,8 @@
+ 	}
+ 
+ 	return b.String(), nil
+	*/
+	return "", nil
+ }
+ 
+ // Tag returns a tag from the repository.
+diff a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go
+--- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go	2022-10-30 20:00:00.000000000 -0400
+++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go	2022-12-20 13:47:27.671919357 -0500
+@@ -1,7 +1,7 @@
+ package git
+ 
+ import (
+-	"bytes"
+	//	"bytes"
+ 	"path"
+ 	"sort"
+ 	"strings"
+@@ -12,7 +12,7 @@
+ 	"github.com/go-git/go-git/v5/plumbing/object"
+ 	"github.com/go-git/go-git/v5/storage"
+ 
+-	"github.com/ProtonMail/go-crypto/openpgp"
+	//	"github.com/ProtonMail/go-crypto/openpgp"
+ 	"github.com/go-git/go-billy/v5"
+ )
+ 
+@@ -101,6 +101,7 @@
+ 		ParentHashes: opts.Parents,
+ 	}
+ 
+	/*
+ 	if opts.SignKey != nil {
+ 		sig, err := w.buildCommitSignature(commit, opts.SignKey)
+ 		if err != nil {
+@@ -108,6 +109,7 @@
+ 		}
+ 		commit.PGPSignature = sig
+ 	}
+	*/
+ 
+ 	obj := w.r.Storer.NewEncodedObject()
+ 	if err := commit.Encode(obj); err != nil {
+@@ -116,7 +118,8 @@
+ 	return w.r.Storer.SetEncodedObject(obj)
+ }
+ 
+-func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) {
+func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *int) (string, error) {
+	/*
+ 	encoded := &plumbing.MemoryObject{}
+ 	if err := commit.Encode(encoded); err != nil {
+ 		return "", err
+@@ -130,6 +133,8 @@
+ 		return "", err
+ 	}
+ 	return b.String(), nil
+	*/
+	return "", nil
+ }
+ 
+ // buildTreeHelper converts a given index.Index file into multiple git objects
--- a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
+++ b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
@ -2,6 +2,7 @@ use pbkdf2 from OpenSSL if FIPS mode is enabled

 This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
 if FIPS mode is enabled.
+DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h

 diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
 new file mode 100644
--- a/SOURCES/grafana.fc
+++ b/SOURCES/grafana.fc
@ -0,0 +1,24 @@
+/etc/systemd/system/grafana-server.service		--	gen_context(system_u:object_r:grafana_unit_file_t,s0)
+/usr/lib/systemd/system/grafana-server.service		--	gen_context(system_u:object_r:grafana_unit_file_t,s0)
+
+/etc/grafana(/.*)?						gen_context(system_u:object_r:grafana_conf_t,s0)
+
+/usr/sbin/grafana-cli					--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/sbin/grafana-server				--	gen_context(system_u:object_r:grafana_exec_t,s0)
+
+/var/lib/grafana(/.*)?						gen_context(system_u:object_r:grafana_var_lib_t,s0)
+#/var/lib/grafana/grafana.db				--	gen_context(system_u:object_r:grafana_db_t,s0)
+
+/var/log/grafana(/.*)?						gen_context(system_u:object_r:grafana_log_t,s0)
+
+/var/run/grafana(/.*)?			--	gen_context(system_u:object_r:grafana_var_run_t,s0)
+
+#/var/lib/grafana/plugins(/.*)?					gen_context(system_u:object_r:grafana_plugin_t,s0)
+
+/usr/share/grafana/bin/grafana				--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/share/grafana/bin/grafana-cli			--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/share/grafana/bin/grafana-server			--	gen_context(system_u:object_r:grafana_exec_t,s0)
+
+#define context for pcp plugin
+#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*)           -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
+/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*)           -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
--- a/SOURCES/grafana.if
+++ b/SOURCES/grafana.if
@ -0,0 +1,141 @@
+## <summary>policy for grafana</summary>
+
+########################################
+## <summary>
+##	Execute grafana_exec_t in the grafana domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`grafana_domtrans',`
+	gen_require(`
+		type grafana_t, grafana_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, grafana_exec_t, grafana_t)
+')
+
+########################################
+## <summary>
+##      Allow domain to name_connect to grafana port. Default :3000
+## </summary>
+## <param name="domain">
+## <summary>
+##      Domain allowed access
+## </summary>
+## </param>
+#
+interface(`connect_grafana_port',`
+        gen_require(`
+		class tcp_socket name_connect;
+                type grafana_port_t;
+        ')
+
+	allow $1 grafana_port_t:tcp_socket name_connect;
+')
+
+#######################################
+## <summary>
+##	Read grafana database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`grafana_read_db',`
+	gen_require(`
+		type grafana_db_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, grafana_var_lib_t, grafana_var_lib_t)	
+	read_files_pattern($1, grafana_db_t, grafana_db_t)
+')
+
+######################################
+## <summary>
+##	Execute grafana in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`grafana_exec',`
+	gen_require(`
+		type grafana_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, grafana_exec_t)
+')
+########################################
+## <summary>
+##	Execute grafana server in the grafana domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`grafana_systemctl',`
+	gen_require(`
+		type grafana_t;
+		type grafana_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+        systemd_read_fifo_file_passwd_run($1)
+	allow $1 grafana_unit_file_t:file read_file_perms;
+	allow $1 grafana_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, grafana_t)
+')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an grafana environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`grafana_admin',`
+	gen_require(`
+	type grafana_t;
+	type grafana_unit_file_t;
+	')
+
+	allow $1 grafana_t:process { signal_perms };
+	ps_process_pattern($1, grafana_t)
+
+	tunable_policy(`deny_ptrace',`',`
+        	allow $1 grafana_t:process ptrace;
+    	')
+
+	grafana_systemctl($1)
+	admin_pattern($1, grafana_unit_file_t)
+	allow $1 grafana_unit_file_t:service all_service_perms;
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
--- a/SOURCES/grafana.te
+++ b/SOURCES/grafana.te
@ -0,0 +1,199 @@
+policy_module(grafana, 1.0.4)
+
+########################################
+#
+# Declarations
+#
+#permissive grafana_t;
+
+## <desc>
+## <p>
+## Allow grafana to be used with a reverse proxy
+## </p>
+## </desc>
+gen_tunable(grafana_can_reverse_proxy, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to elasticsearch's default tcp port of 9200
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to mysql's default tcp port of 3306
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_mysql_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to postgresql's default tcp port of 5432
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to prometheus' default tcp port of 9090
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_prometheus_port, false)
+
+
+type grafana_t;
+type grafana_exec_t;
+init_daemon_domain(grafana_t, grafana_exec_t)
+init_nnp_daemon_domain(grafana_t)
+
+type grafana_unit_file_t;
+systemd_unit_file(grafana_unit_file_t)
+
+type grafana_conf_t;
+files_config_file(grafana_conf_t)
+
+type grafana_db_t;
+files_config_file(grafana_db_t)
+
+type grafana_tmp_t;
+files_tmp_file(grafana_tmp_t)
+
+type grafana_tmpfs_t;
+files_tmpfs_file(grafana_tmpfs_t)
+
+type grafana_log_t;
+logging_log_file(grafana_log_t)
+
+type grafana_var_run_t;
+files_pid_file(grafana_var_run_t)
+
+type grafana_var_lib_t;
+files_type(grafana_var_lib_t)
+
+type grafana_port_t;
+corenet_port(grafana_port_t)
+
+type grafana_pcp_exec_t;
+corecmd_executable_file(grafana_pcp_exec_t)
+can_exec(grafana_t, grafana_pcp_exec_t)
+
+# Ports 32768-60999 (pcp port is 44322)
+corenet_tcp_connect_all_ephemeral_ports(grafana_t)
+grafana_exec(grafana_t)
+
+########################################
+#
+# grafana local policy
+#
+allow grafana_t self:tcp_socket create_stream_socket_perms;
+allow grafana_t self:udp_socket create_stream_socket_perms;
+allow grafana_t self:unix_dgram_socket create_socket_perms;
+
+allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
+
+allow grafana_t self:unix_stream_socket connectto;
+
+allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
+
+optional_policy(`
+	require {
+		type smtp_port_t;
+		class tcp_socket { name_connect };
+	}
+	allow grafana_t smtp_port_t:tcp_socket name_connect;
+')
+
+optional_policy(`
+	require {
+		type usr_t;
+		class file { execute execute_no_trans };
+	}
+	allow grafana_t usr_t:file { execute execute_no_trans };
+')
+
+optional_policy(`
+	require {
+		type postgresql_t;
+		type postgresql_var_run_t;
+		class unix_stream_socket { connectto };
+		class sock_file { write };
+	}
+	allow grafana_t postgresql_t:unix_stream_socket connectto;
+	allow grafana_t postgresql_var_run_t:sock_file write;
+')
+
+manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
+manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
+
+manage_dirs_pattern(grafana_t, grafana_db_t, grafana_db_t)
+manage_files_pattern(grafana_t, grafana_db_t, grafana_db_t)
+
+manage_dirs_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+manage_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+manage_sock_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+files_tmp_filetrans(grafana_t, grafana_tmp_t, { dir file sock_file })
+
+manage_dirs_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
+manage_files_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
+fs_tmpfs_filetrans(grafana_t, grafana_tmpfs_t, {dir file})
+
+manage_dirs_pattern(grafana_t, grafana_log_t, grafana_log_t)
+manage_files_pattern(grafana_t, grafana_log_t, grafana_log_t)
+logging_log_filetrans(grafana_t, grafana_log_t, { dir file })
+
+manage_dirs_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
+manage_files_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
+files_pid_filetrans(grafana_t, grafana_var_run_t, { dir file })
+
+manage_dirs_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+manage_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+manage_lnk_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+files_var_lib_filetrans(grafana_t, grafana_var_lib_t, { dir file })
+
+
+corenet_tcp_connect_http_port(grafana_t)
+corenet_tcp_bind_generic_node(grafana_t)
+
+kernel_dgram_send(grafana_t)
+kernel_read_net_sysctls(grafana_t)
+kernel_read_system_state(grafana_t)
+
+auth_read_passwd(grafana_t)
+
+dev_read_sysfs(grafana_t)
+
+sysnet_read_config(grafana_t)
+
+logging_send_syslog_msg(grafana_t)
+
+miscfiles_read_generic_certs(grafana_t)
+
+tunable_policy(`grafana_can_reverse_proxy',`
+	gen_require(`
+		type httpd_t;
+	')
+
+	connect_grafana_port(httpd_t) # Reverse proxy support
+	corenet_tcp_connect_http_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_elasticsearch_port',` # Elasticsearch default tcp port 9200
+	corenet_tcp_connect_wap_wsp_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3306
+	corenet_tcp_connect_mysqld_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
+	corenet_tcp_connect_websm_port(grafana_t)
+')
+
+optional_policy(`
+    systemd_private_tmp(grafana_tmp_t)
+')
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec