From 5f279d57fc83ed0938dc71e6ff823d62fac0e7b3 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 24 Sep 2024 03:30:45 +0300 Subject: [PATCH] import grafana-9.2.10-17.el9_4 --- SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch | 4 ++-- SPECS/grafana.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch index 48a4536..aa4b421 100644 --- a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch +++ b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -2,7 +2,7 @@ use pbkdf2 from OpenSSL if FIPS mode is enabled This patch modifies the x/crypto/pbkdf2 function to use OpenSSL if FIPS mode is enabled. -DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h +DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go new file mode 100644 @@ -112,7 +112,7 @@ index 0000000000..6dfdf10424 --- /dev/null +++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h @@ -0,0 +1,5 @@ -+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h" ++#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h" + +DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, + (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out), diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec index 634f595..90842d2 100644 --- a/SPECS/grafana.spec +++ b/SPECS/grafana.spec @@ -25,7 +25,7 @@ end} Name: grafana Version: 9.2.10 -Release: 16%{?dist} +Release: 17%{?dist} Summary: Metrics dashboard and graph editor License: AGPL-3.0-only URL: https://grafana.org @@ -1010,6 +1010,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Tue Sep 17 2024 Sam Feifer 9.2.10-17 +- Resolves RHEL-57925: CVE-2024-34156 + * Tue Apr 16 2024 Sam Feifer 9.2.10-16 - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313