import grafana-9.2.10-19.el9_4

c9 imports/c9/grafana-9.2.10-19.el9_4
MSVSphere Packaging Team 2 months ago
parent 5f279d57fc
commit 07af910945
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

4
.gitignore vendored

@ -1,3 +1,3 @@
SOURCES/grafana-9.2.10.tar.gz SOURCES/grafana-9.2.10.tar.gz
SOURCES/grafana-vendor-9.2.10-2.tar.xz SOURCES/grafana-vendor-9.2.10-19.tar.xz
SOURCES/grafana-webpack-9.2.10-2.tar.gz SOURCES/grafana-webpack-9.2.10-19.tar.gz

@ -1,3 +1,3 @@
4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz 4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz 866e038c745dc28b5fa621ed4bce90e005d76ea2 SOURCES/grafana-vendor-9.2.10-19.tar.xz
ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz ae5e714190ca155d6a6e9d38dab99d5aa0e988e1 SOURCES/grafana-webpack-9.2.10-19.tar.gz

@ -0,0 +1,58 @@
diff --git a/package.json b/package.json
index e26f95d855a..14b3826a64d 100644
--- a/package.json
+++ b/package.json
@@ -316,7 +316,7 @@
"dangerously-set-html-content": "1.0.9",
"date-fns": "2.29.1",
"debounce-promise": "3.1.2",
- "dompurify": "^2.4.1",
+ "dompurify": "^2.5.0",
"emotion": "11.0.0",
"eventemitter3": "4.0.7",
"fast-deep-equal": "^3.1.3",
@@ -422,7 +422,8 @@
"@storybook/react/webpack": "5.74.0",
"ngtemplate-loader/loader-utils": "^2.0.0",
"node-fetch": "2.6.7",
- "slate-dev-environment@^0.2.2": "patch:slate-dev-environment@npm:0.2.5#.yarn/patches/slate-dev-environment-npm-0.2.5-9aeb7da7b5.patch"
+ "slate-dev-environment@^0.2.2": "patch:slate-dev-environment@npm:0.2.5#.yarn/patches/slate-dev-environment-npm-0.2.5-9aeb7da7b5.patch",
+ "dompurify": "^2.5.0"
},
"workspaces": {
"packages": [
diff --git a/yarn.lock b/yarn.lock
index f374e10e333..834cfee2642 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -18739,17 +18739,10 @@ __metadata:
languageName: node
linkType: hard
-"dompurify@npm:^2.2.0":
- version: 2.3.8
- resolution: "dompurify@npm:2.3.8"
- checksum: dc7b32ee57a03fe5166a850071200897cc13fa069287a709e3b2138052d73ec09a87026b9e28c8d2f254a74eaa52ef30644e98e54294c30acbca2a53f1bbc5f4
- languageName: node
- linkType: hard
-
-"dompurify@npm:^2.4.1":
- version: 2.4.1
- resolution: "dompurify@npm:2.4.1"
- checksum: 1169177465b3cbb25a44322937fba549f6c4e1a91b83245d144471be26619c835cccf0f8e20aa78c25ac11a06efd17cc1b9db9cacadceb78a4c08a1029eafee5
+"dompurify@npm:^2.5.0":
+ version: 2.5.7
+ resolution: "dompurify@npm:2.5.7"
+ checksum: 9652139743130b5ebaf5278fadec06d9b3920019b80c205565b9b8d52cd0cea90ff690c1994c5c0da5bc9d57a94dc19236cdf1ccabdc1c6cff7c255e1e597031
languageName: node
linkType: hard
@@ -21953,7 +21946,7 @@ __metadata:
dangerously-set-html-content: 1.0.9
date-fns: 2.29.1
debounce-promise: 3.1.2
- dompurify: ^2.4.1
+ dompurify: ^2.5.0
emotion: 11.0.0
enzyme: 3.11.0
enzyme-to-json: 3.6.2

@ -40,6 +40,7 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "
# Vendor Node.js dependencies # Vendor Node.js dependencies
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
patch -p1 --fuzz=0 < ../0014-resolve-dompurify-CVE.patch
export HUSKY=0 export HUSKY=0
yarn install --frozen-lockfile yarn install --frozen-lockfile

@ -25,7 +25,7 @@ end}
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 17%{?dist} Release: 19%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -36,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
# Source1 contains the bundled Go and Node.js dependencies # Source1 contains the bundled Go and Node.js dependencies
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package. # lags behind the NVR of this package.
Source1: grafana-vendor-%{version}-2.tar.xz Source1: grafana-vendor-%{version}-19.tar.xz
%if %{compile_frontend} == 0 %if %{compile_frontend} == 0
# Source2 contains the precompiled frontend # Source2 contains the precompiled frontend
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package. # lags behind the NVR of this package.
Source2: grafana-webpack-%{version}-2.tar.gz Source2: grafana-webpack-%{version}-19.tar.gz
%endif %endif
# Source3 contains the systemd-sysusers configuration # Source3 contains the systemd-sysusers configuration
@ -79,6 +79,7 @@ Patch10: 0010-skip-tests.patch
Patch11: 0011-remove-email-lookup.patch Patch11: 0011-remove-email-lookup.patch
Patch12: 0012-coredump-selinux-error.patch Patch12: 0012-coredump-selinux-error.patch
Patch13: 0013-snapshot-delete-check-org.patch Patch13: 0013-snapshot-delete-check-org.patch
Patch14: 0014-resolve-dompurify-CVE.patch
# Patches affecting the vendor tarball # Patches affecting the vendor tarball
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
@ -522,7 +523,7 @@ Provides: bundled(npm(date-fns)) = 2.25.0
Provides: bundled(npm(debounce-promise)) = 3.1.2 Provides: bundled(npm(debounce-promise)) = 3.1.2
Provides: bundled(npm(deep-freeze)) = 0.0.1 Provides: bundled(npm(deep-freeze)) = 0.0.1
Provides: bundled(npm(devtools-protocol)) = 0.0.927104 Provides: bundled(npm(devtools-protocol)) = 0.0.927104
Provides: bundled(npm(dompurify)) = 2.3.8 Provides: bundled(npm(dompurify)) = 2.5.7
Provides: bundled(npm(emotion)) = 10.0.27 Provides: bundled(npm(emotion)) = 10.0.27
Provides: bundled(npm(enzyme)) = 3.11.0 Provides: bundled(npm(enzyme)) = 3.11.0
Provides: bundled(npm(enzyme-to-json)) = 3.6.2 Provides: bundled(npm(enzyme-to-json)) = 3.6.2
@ -767,6 +768,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
%patch -P 11 -p1 %patch -P 11 -p1
%patch -P 12 -p1 %patch -P 12 -p1
%patch -P 13 -p1 %patch -P 13 -p1
%patch -P 14 -p1
%patch -P 1001 -p1 %patch -P 1001 -p1
%if %{enable_fips_mode} %if %{enable_fips_mode}
@ -1010,6 +1012,12 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Thu Oct 17 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-19
- Resolves RHEL-62309: CVE-2024-47875
* Thu Oct 10 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-18
- Resolves RHEL-61049: CVE-2024-9355
* Tue Sep 17 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-17 * Tue Sep 17 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-17
- Resolves RHEL-57925: CVE-2024-34156 - Resolves RHEL-57925: CVE-2024-34156

Loading…
Cancel
Save