Compare commits

...

No commits in common. 'c9' and 'i10cs' have entirely different histories.
c9 ... i10cs

4
.gitignore vendored

@ -1,3 +1,3 @@
SOURCES/grafana-10.2.6.tar.gz SOURCES/grafana-10.2.6.tar.gz
SOURCES/grafana-vendor-10.2.6-7.tar.xz SOURCES/grafana-vendor-10.2.6-8.tar.xz
SOURCES/grafana-webpack-10.2.6-7.tar.gz SOURCES/grafana-webpack-10.2.6-8.tar.gz

@ -1,3 +1,3 @@
5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz 5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz
2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-7.tar.xz 70d5da67ed04fdcf458baf40e35aa35933879fe5 SOURCES/grafana-vendor-10.2.6-8.tar.xz
3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-7.tar.gz 928f19ae2f710ed11ec8dcbeab224dd40513fa36 SOURCES/grafana-webpack-10.2.6-8.tar.gz

@ -66,7 +66,7 @@ index 916de769f9..2f270d4940 100644
;app_tls_skip_verify_insecure = false ;app_tls_skip_verify_insecure = false
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
-;allow_loading_unsigned_plugins = -;allow_loading_unsigned_plugins =
+allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel +allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-valkey-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-valkey-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel
# Enable or disable installing / uninstalling / updating plugins directly from within Grafana. # Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
;plugin_admin_enabled = false ;plugin_admin_enabled = false
;plugin_admin_external_manage_enabled = false ;plugin_admin_external_manage_enabled = false

@ -21,7 +21,6 @@ pushd "${SOURCE_DIR}"
# Vendor Go dependencies # Vendor Go dependencies
patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
go mod vendor go mod vendor
# Generate Go files # Generate Go files
@ -60,6 +59,7 @@ awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = "
# Vendor Node.js dependencies # Vendor Node.js dependencies
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
export HUSKY=0 export HUSKY=0
yarn install --frozen-lockfile yarn install --frozen-lockfile

@ -23,3 +23,4 @@
#define context for pcp plugin #define context for pcp plugin
#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0) #/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0) /usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
/usr/libexec/grafana-pcp/datasources/valkey/pcp_valkey_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)

@ -82,6 +82,9 @@ can_exec(grafana_t, grafana_pcp_exec_t)
corenet_tcp_connect_all_ephemeral_ports(grafana_t) corenet_tcp_connect_all_ephemeral_ports(grafana_t)
grafana_exec(grafana_t) grafana_exec(grafana_t)
# Allow grafana to connect to mssql's default tcp port of 1433
corenet_tcp_connect_mssql_port(grafana_t)
######################################## ########################################
# #
# grafana local policy # grafana local policy

@ -2,7 +2,7 @@
# is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system) # is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system)
%define compile_frontend 0 %define compile_frontend 0
%if 0%{?rhel} && ! 0%{?eln} %if 0%{?rhel}
%define enable_fips_mode 1 %define enable_fips_mode 1
%else %else
%define enable_fips_mode 0 %define enable_fips_mode 0
@ -25,7 +25,7 @@ end}
Name: grafana Name: grafana
Version: 10.2.6 Version: 10.2.6
Release: 7%{?dist} Release: 13%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -36,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
# Source1 contains the bundled Go and Node.js dependencies # Source1 contains the bundled Go and Node.js dependencies
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package. # lags behind the NVR of this package.
Source1: grafana-vendor-%{version}-7.tar.xz Source1: grafana-vendor-%{version}-8.tar.xz
%if %{compile_frontend} == 0 %if %{compile_frontend} == 0
# Source2 contains the precompiled frontend # Source2 contains the precompiled frontend
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package. # lags behind the NVR of this package.
Source2: grafana-webpack-%{version}-7.tar.gz Source2: grafana-webpack-%{version}-8.tar.gz
%endif %endif
# Source3 contains the systemd-sysusers configuration # Source3 contains the systemd-sysusers configuration
@ -75,7 +75,6 @@ Patch6: 0006-skip-marketplace-plugin-install-test.patch
Patch7: 0007-redact-weak-ciphers.patch Patch7: 0007-redact-weak-ciphers.patch
Patch8: 0008-replace-faulty-slices-sort.patch Patch8: 0008-replace-faulty-slices-sort.patch
Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch
# https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4
Patch10: 0010-remove-bcrypt-references.patch Patch10: 0010-remove-bcrypt-references.patch
Patch11: 0011-fix-dompurify-CVE.patch Patch11: 0011-fix-dompurify-CVE.patch
@ -90,11 +89,9 @@ ExclusiveArch: %{grafana_arches}
BuildRequires: systemd BuildRequires: systemd
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: golang BuildRequires: golang >= 1.17
BuildRequires: go-srpm-macros BuildRequires: go-srpm-macros
%if 0%{?rhel} >= 9
BuildRequires: go-rpm-macros BuildRequires: go-rpm-macros
%endif
%if %{compile_frontend} %if %{compile_frontend}
BuildRequires: nodejs >= 1:16 BuildRequires: nodejs >= 1:16
@ -798,12 +795,11 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
# Build the backend # Build the backend
# required since RHEL 8.8 to fix the following error:
# "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring"
# can be removed in a future Go release
export GOEXPERIMENT=boringcrypto
# see grafana-X.Y.Z/pkg/build/cmd.go # see grafana-X.Y.Z/pkg/build/cmd.go
export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}" export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}"
%if %{enable_fips_mode}
export GOEXPERIMENT=boringcrypto
%endif
for cmd in grafana grafana-cli grafana-server; do for cmd in grafana grafana-cli grafana-server; do
%gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
done done
@ -936,11 +932,11 @@ yarn run jest
# which is usually true except if the daylight saving time change falls into the last 10 days, then it's either 239 or 241 hours... # which is usually true except if the daylight saving time change falls into the last 10 days, then it's either 239 or 241 hours...
# let's set the time zone to a time zone without daylight saving time # let's set the time zone to a time zone without daylight saving time
export TZ=GMT export TZ=GMT
%if %{enable_fips_mode}
export GOEXPERIMENT=boringcrypto
%endif
# required since RHEL 8.8 to fix the following error: # comment out temporarily while intermittent ngalert tests are investigated
# "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring"
# can be removed in a future Go release
#export GOEXPERIMENT=boringcrypto
# % gotest ./pkg/... # % gotest ./pkg/...
# %if %{enable_fips_mode} # %if %{enable_fips_mode}
@ -1028,79 +1024,112 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Wed Oct 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-7 * Tue Nov 26 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-13
- Resolves RHEL-62308: CVE-2024-47875 - Resolves RHEL-68657: Update configurations to allow loading the valkey datasource
- Revert changes that break older custom dashboards
* Mon Nov 25 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-12
- Resolves RHEL-68657: Update configurations to allow loading the valkey datasource
- Clean up the grafana.ini file
* Fri Sep 27 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-6 * Fri Nov 22 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-11
- Resolves: RHEL-57927 - Resolves RHEL-68657: Update configurations to allow loading the valkey datasource
* Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5 * Mon Nov 11 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-10
- Resolves RHEL-47185 - Resolves RHEL-67042: update selinux policy for valkey datasource
- Resolves RHEL-61900: allow mssql datasource in selinux policy
* Tue Jul 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-4 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 10.2.6-9
- Resolves RHEL-44874 - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Jul 9 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-3 * Mon Oct 28 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-8
- Resolves RHEL-35937 - Resolves RHEL-63100: CVE-2024-47875
* Fri May 3 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-2 * Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 10.2.6-7
- Fixes patch 1002 for update to golang-fips - Rebuilt for MSVSphere 10
- Remove unused code under apsl-1.1 and apsl-1.2 licenses
- Resolves RHEL-33655
* Tue Apr 2 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-1 * Tue Oct 8 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-7
- Resolves: RHEL-57874
* Tue Jul 16 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-6
- Resolves: RHEL-44887
* Tue Jul 9 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-5
- Resolves: RHEL-35909
- Resolves: RHEL-43354
- Resolves: RHEL-43138
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 10.2.6-4
- Bump release for June 2024 mass rebuild
* Tue May 7 2024 Sam Feifer <sfeifer@redhat.com> - 10.2.6-3
- Rebase to grafana 10.2.6 - Rebase to grafana 10.2.6
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15 * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 9.2.10-18
- Resolves RHEL-23468 - Rebuild for golang 1.22.0
- Allows for gid to be 0
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-17
- Allows for postgreSQL datasource in selinux policy - Allows for postgreSQL datasource in selinux policy
- grafana-cli wrapper script now allows for the gid to be 0
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.2.10-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14 * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.2.10-15
- Fixes postgresql AVC denial - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
- Related RHEL-7505
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13 * Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Resolves RHEL-19296 - Fixes postgresql AVC denials
* Fri Dec 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
- Fixes coredump issue introduced by selinux - Fixes coredump issue introduced by selinux
- Patches out call to panic when trying to walk "/" directory - Patches out call to panic when trying to walk "/" directory
* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12 * Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-12
- Resolves RHEL-7505 - Fix another set of AVC denials found testing only on some architectures
- Fixes additional selinux denials found when testing on certain architectures
* Mon Nov 20 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-11
- Fix additional AVC denial found when testing on certain architectures
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-10
- Resolves RHEL-7505 - Fix additional AVC denial found when testing
- Fixes selinux denials found when testing on certain architectures
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9
- Resolves RHEL-7505 - Fix AVC denials found when testing
- Adds a selinux policy for grafana - Stop commented out gotest macro from expanding
- Resolves RHEL-12666
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5 * Thu Nov 9 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-8
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth - Hide relabeling messages from selinux when installing/uninstalling
* Thu Jun 8 2023 Stan Cox <scox@redhat.com> 9.2.10-3 * Wed Nov 8 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-7
- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only. - Include the selinux policy in the main package rather than a separate package
* Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2 * Thu Oct 5 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-6
- Added 0010-skip-tests
- Resolves problematic tests when building
* Thu Sep 28 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-5
- Add SELinux policy for grafana
* Sat Jul 22 2023 Carl George <carl@redhat.com> - 9.2.10-4
- resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 9.2.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu May 18 2023 Stan Cox <scox@redhat.com> 9.2.10-2
- Update to 9.2.10 - Update to 9.2.10
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1 * Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-1
- Update to 9.2.10 - Update to 9.2.10
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.9-2
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1 * Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
- update to 9.0.9 tagged upstream community sources, see CHANGELOG - update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2128565)
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
- bump NVR
* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1 * Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1
- update to 9.0.8 tagged upstream community sources, see CHANGELOG - update to 9.0.8 tagged upstream community sources, see CHANGELOG
@ -1109,21 +1138,42 @@ fi
- sync provides/obsoletes with CentOS versions - sync provides/obsoletes with CentOS versions
- drop husky patch - drop husky patch
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3 * Wed Jul 27 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.5-1
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - update to 9.0.5 tagged upstream community sources, see CHANGELOG (rhbz#2107413)
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - run integration tests in check phase
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - remove conditional around go-rpm-macros
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-31107 grafana: OAuth account takeover (rhbz#2107435)
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-31097 grafana: stored XSS vulnerability (rhbz#2107436)
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.2-4
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* Thu Jul 14 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-3
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2 - fix quoting in grafana-cli wrapper script (rhbz#2107046)
- resolve CVE-2022-31107 grafana: OAuth account takeover
* Wed Jul 13 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-2
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1 - use systemd-sysusers to create the Grafana user and group
* Thu Jul 07 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-1
- update to 9.0.2 tagged upstream community sources, see CHANGELOG
* Wed Jun 29 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 8.5.6-1
- update to 8.5.6 tagged upstream community sources, see CHANGELOG
- updated license to AGPLv3
- place commented sample config file in /etc/grafana/grafana.ini
- enable Go modules in build process
- adapt Node.js bundling to yarn v3 and Zero Install feature
* Sun Jun 19 2022 Robert-André Mauchin <zebob.m@gmail.com> - 7.5.15-3
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
* Mon Apr 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
- use clamp-mtime when generating the vendor and webpack tarballs,
to preserve past timestamps but still keep reproducibility
- round tarball mtime timestamp to midnight, to match SOURCE_DATE_EPOCH
* Fri Apr 08 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
- update to 7.5.15 tagged upstream community sources, see CHANGELOG - update to 7.5.15 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
@ -1134,6 +1184,13 @@ fi
- declare Node.js dependencies of subpackages - declare Node.js dependencies of subpackages
- make vendor and webpack tarballs reproducible - make vendor and webpack tarballs reproducible
* Fri Jan 28 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.13-1
- update to 7.5.13 tagged upstream community sources, see CHANGELOG
- support Go 1.18
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3 * Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3
- use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
- update FIPS tests in check phase - update FIPS tests in check phase
@ -1149,9 +1206,11 @@ fi
* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1 * Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
- update to 7.5.10 tagged upstream community sources, see CHANGELOG - update to 7.5.10 tagged upstream community sources, see CHANGELOG
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.9-3 * Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - rebuild to resolve CVE-2021-34558
Related: rhbz#1991688
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2 * Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2
- remove unused dependency property-information - remove unused dependency property-information
@ -1160,10 +1219,6 @@ fi
* Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1 * Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1
- update to 7.5.9 tagged upstream community sources, see CHANGELOG - update to 7.5.9 tagged upstream community sources, see CHANGELOG
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.8-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1 * Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1
- update to 7.5.8 tagged upstream community sources, see CHANGELOG - update to 7.5.8 tagged upstream community sources, see CHANGELOG
- remove unused dependencies selfsigned, http-signature and gofpdf - remove unused dependencies selfsigned, http-signature and gofpdf
@ -1175,8 +1230,9 @@ fi
* Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1 * Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1
- update to 7.5.7 tagged upstream community sources, see CHANGELOG - update to 7.5.7 tagged upstream community sources, see CHANGELOG
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.3.6-4 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.3.6-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-3 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Loading…
Cancel
Save