Compare commits

...

No commits in common. 'c9' and 'i9c-beta' have entirely different histories.
c9 ... i9c-beta

4
.gitignore vendored

@ -1,3 +1,3 @@
SOURCES/grafana-10.2.6.tar.gz
SOURCES/grafana-vendor-10.2.6-7.tar.xz
SOURCES/grafana-webpack-10.2.6-7.tar.gz
SOURCES/grafana-vendor-10.2.6-2.tar.xz
SOURCES/grafana-webpack-10.2.6-2.tar.gz

@ -1,3 +1,3 @@
5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz
2b4545a05745a2d2abb719ea9bd86b87f045cf42 SOURCES/grafana-vendor-10.2.6-7.tar.xz
3d7618ff21be2346cf59955487aa766f06e7a18c SOURCES/grafana-webpack-10.2.6-7.tar.gz
1dbd3823c3004d7127fab43b82a0ca9e988922dc SOURCES/grafana-vendor-10.2.6-2.tar.xz
7229d7721cd93d95fde2a306ae775876053a05b0 SOURCES/grafana-webpack-10.2.6-2.tar.gz

@ -1,55 +0,0 @@
diff --git a/package.json b/package.json
index 38deb6d7dee..010a24fb451 100644
--- a/package.json
+++ b/package.json
@@ -432,7 +432,8 @@
"react-split-pane@0.1.92": "patch:react-split-pane@npm:0.1.92#.yarn/patches/react-split-pane-npm-0.1.92-93dbf51dff.patch",
"@storybook/blocks@7.4.5": "patch:@storybook/blocks@npm%3A7.4.5#./.yarn/patches/@storybook-blocks-npm-7.4.5-5a2374564a.patch",
"history@4.10.1": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch",
- "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch"
+ "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch",
+ "dompurify": "^2.5.0"
},
"workspaces": {
"packages": [
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
index 2182744e61b..4201ef58dda 100644
--- a/packages/grafana-data/package.json
+++ b/packages/grafana-data/package.json
@@ -41,7 +41,7 @@
"@types/string-hash": "1.1.1",
"d3-interpolate": "3.0.1",
"date-fns": "2.30.0",
- "dompurify": "^2.4.3",
+ "dompurify": "^2.5.0",
"eventemitter3": "5.0.1",
"fast_array_intersect": "1.1.0",
"history": "4.10.1",
diff --git a/yarn.lock b/yarn.lock
index bf22ba52a17..88fc4d3fbfb 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2953,7 +2953,7 @@ __metadata:
"@types/tinycolor2": "npm:1.4.3"
d3-interpolate: "npm:3.0.1"
date-fns: "npm:2.30.0"
- dompurify: "npm:^2.4.3"
+ dompurify: "npm:^2.5.0"
esbuild: "npm:0.18.12"
eventemitter3: "npm:5.0.1"
fast_array_intersect: "npm:1.1.0"
@@ -14478,10 +14478,10 @@ __metadata:
languageName: node
linkType: hard
-"dompurify@npm:^2.2.0, dompurify@npm:^2.4.3":
- version: 2.4.5
- resolution: "dompurify@npm:2.4.5"
- checksum: d764c2ff126b3749dad35bc34eed40f51141d7dfd620e938c92f08d68c32beeb259d06abadeee91f6e2a8c8737ce670e2124ac9a257ba3bcdc666598cebcde01
+"dompurify@npm:^2.5.0":
+ version: 2.5.7
+ resolution: "dompurify@npm:2.5.7"
+ checksum: b150ca1e28083252cd51097162dc96cb45203f7e2af1fbaa8ef32b4f4d6b605e4aa8915190d38bd0635cbbf14d13a200138cd3ec1b084096819b14c718355122
languageName: node
linkType: hard

@ -21,7 +21,6 @@ pushd "${SOURCE_DIR}"
# Vendor Go dependencies
patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch
go mod vendor
# Generate Go files

@ -25,7 +25,7 @@ end}
Name: grafana
Version: 10.2.6
Release: 7%{?dist}
Release: 4%{?dist}
Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only
URL: https://grafana.org
@ -36,13 +36,13 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
# Source1 contains the bundled Go and Node.js dependencies
# Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package.
Source1: grafana-vendor-%{version}-7.tar.xz
Source1: grafana-vendor-%{version}-2.tar.xz
%if %{compile_frontend} == 0
# Source2 contains the precompiled frontend
# Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of this package.
Source2: grafana-webpack-%{version}-7.tar.gz
Source2: grafana-webpack-%{version}-2.tar.gz
%endif
# Source3 contains the systemd-sysusers configuration
@ -77,7 +77,6 @@ Patch8: 0008-replace-faulty-slices-sort.patch
Patch9: 0009-update-wrappers-and-systemd-with-distro-paths.patch
# https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4
Patch10: 0010-remove-bcrypt-references.patch
Patch11: 0011-fix-dompurify-CVE.patch
# Patches affecting the vendor tarball
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
@ -538,7 +537,7 @@ Provides: bundled(npm(date-fns)) = 2.30.0
Provides: bundled(npm(debounce-promise)) = 3.1.2
Provides: bundled(npm(devtools-protocol)) = 0.0.927104
Provides: bundled(npm(diff)) = 4.0.2
Provides: bundled(npm(dompurify)) = 2.5.7
Provides: bundled(npm(dompurify)) = 2.4.5
Provides: bundled(npm(emotion)) = 10.0.27
Provides: bundled(npm(esbuild)) = 0.17.19
Provides: bundled(npm(esbuild-loader)) = 3.0.1
@ -778,7 +777,6 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 1001 -p1
%if %{enable_fips_mode}
@ -1028,15 +1026,6 @@ fi
%{_datadir}/selinux/*/grafana.pp
%changelog
* Wed Oct 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-7
- Resolves RHEL-62308: CVE-2024-47875
* Fri Sep 27 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-6
- Resolves: RHEL-57927
* Fri Jul 19 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-5
- Resolves RHEL-47185
* Tue Jul 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-4
- Resolves RHEL-44874
@ -1091,6 +1080,9 @@ fi
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
- Update to 9.2.10
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 9.0.9-2
- Rebuilt for MSVSphere 9.2 beta
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws

Loading…
Cancel
Save