diff --git a/.gitignore b/.gitignore index 3a3be94..8d9599f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/grafana-7.3.6.tar.gz -SOURCES/grafana-vendor-7.3.6.tar.xz -SOURCES/grafana-webpack-7.3.6.tar.gz +SOURCES/grafana-7.5.9.tar.gz +SOURCES/grafana-vendor-7.5.9-2.tar.xz +SOURCES/grafana-webpack-7.5.9-2.tar.gz diff --git a/.grafana.metadata b/.grafana.metadata index 084a745..af2fa86 100644 --- a/.grafana.metadata +++ b/.grafana.metadata @@ -1,3 +1,3 @@ -6fa572f981e490e06dfdae56256dfbf66a3fb4c9 SOURCES/grafana-7.3.6.tar.gz -c0658ab63a4d23a5914cf1425f0b568e7b764654 SOURCES/grafana-vendor-7.3.6.tar.xz -622c6e58ca6dab9efdf784be45315ee8bc72b229 SOURCES/grafana-webpack-7.3.6.tar.gz +e658bc3706a71a2a77f34755ac362fd506d7b1a0 SOURCES/grafana-7.5.9.tar.gz +8fc46c12ac1bae0f2e0434e8fdf71e61e922c74a SOURCES/grafana-vendor-7.5.9-2.tar.xz +28052475c9cb45ac6523479ab9fd3da4ba678400 SOURCES/grafana-webpack-7.5.9-2.tar.gz diff --git a/SOURCES/001-wrappers-grafana-cli.patch b/SOURCES/001-wrappers-grafana-cli.patch index 722d61f..01fe90e 100644 --- a/SOURCES/001-wrappers-grafana-cli.patch +++ b/SOURCES/001-wrappers-grafana-cli.patch @@ -44,6 +44,6 @@ index 9cad151c0d..a786edc596 100755 + cd "${GRAFANA_HOME}" + exec "$EXECUTABLE" "$OPTS" "$@" +else -+ echo "Please run this script as user \"${GRAFANA_USER}\" or root." ++ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root." + exit 5 +fi diff --git a/SOURCES/002-manpages.patch b/SOURCES/002-manpages.patch index fa82dc4..ccc1385 100644 --- a/SOURCES/002-manpages.patch +++ b/SOURCES/002-manpages.patch @@ -4,7 +4,7 @@ index 0000000000..7ac2af882c --- /dev/null +++ b/docs/man/man1/grafana-cli.1 @@ -0,0 +1,60 @@ -+.TH GRAFANA "1" "December 2020" "Grafana cli version 7.3.6" "User Commands" ++.TH GRAFANA "1" "June 2021" "Grafana cli version 7.5.9" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -69,8 +69,8 @@ new file mode 100644 index 0000000000..c616268b31 --- /dev/null +++ b/docs/man/man1/grafana-server.1 -@@ -0,0 +1,84 @@ -+.TH VERSION "1" "December 2020" "Version 7.3.6" "User Commands" +@@ -0,0 +1,72 @@ ++.TH VERSION "1" "June 2021" "Version 7.5.9" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -106,18 +106,6 @@ index 0000000000..c616268b31 +.IP +path to config file +.HP -+\fB\-convey-json\fR -+.IP -+When true, emits results in JSON blocks. Default: 'false' -+.HP -+\fB\-convey-silent\fR -+.IP -+When true, all output from GoConvey is suppressed. -+.HP -+\fB\-convey-story\fR -+.IP -+When true, emits story output, otherwise emits dot output. When not provided, this flag mirrors the value of the '-test.v' flag -+.HP +\fB\-homepath\fR string +.IP +path to grafana install/home path, defaults to working directory diff --git a/SOURCES/003-fix-dashboard-abspath-test.patch b/SOURCES/003-fix-dashboard-abspath-test.patch new file mode 100644 index 0000000..ad7e5bf --- /dev/null +++ b/SOURCES/003-fix-dashboard-abspath-test.patch @@ -0,0 +1,24 @@ +diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go +index 3584bbc242..1a89767b69 100644 +--- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go ++++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go +@@ -28,6 +28,7 @@ func TestProvisionedSymlinkedFolder(t *testing.T) { + } + + want, err := filepath.Abs(containingID) ++ want, err = filepath.EvalSymlinks(want) + + if err != nil { + t.Errorf("expected err to be nil") +diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go +index 946d487d5f..2acef40eed 100644 +--- a/pkg/services/provisioning/dashboards/file_reader_test.go ++++ b/pkg/services/provisioning/dashboards/file_reader_test.go +@@ -318,6 +318,7 @@ func TestDashboardFileReader(t *testing.T) { + } + + absPath1, err := filepath.Abs(unprovision + "/dashboard1.json") ++ absPath1, err = filepath.EvalSymlinks(absPath1) + So(err, ShouldBeNil) + // This one does not exist on disk, simulating a deleted file + absPath2, err := filepath.Abs(unprovision + "/dashboard2.json") diff --git a/SOURCES/003-remove-dashboard-abspath-test.patch b/SOURCES/003-remove-dashboard-abspath-test.patch deleted file mode 100644 index 2076441..0000000 --- a/SOURCES/003-remove-dashboard-abspath-test.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -index 3584bbc242..3d37f5e104 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -@@ -33,6 +33,11 @@ func TestProvisionedSymlinkedFolder(t *testing.T) { - t.Errorf("expected err to be nil") - } - -+ want, err = filepath.EvalSymlinks(want) -+ if err != nil { -+ t.Errorf("expected err to be nil %v", err) -+ } -+ - resolvedPath := reader.resolvedPath() - if resolvedPath != want { - t.Errorf("got %s want %s", resolvedPath, want) -diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go -index 33fe6a0a68..2c67ebb677 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_test.go -@@ -340,20 +340,6 @@ func TestDashboardFileReader(t *testing.T) { - So(err, ShouldBeNil) - - So(len(fakeService.provisioned["Default"]), ShouldEqual, 1) -- So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1) -- }) -- -- Convey("Missing dashboard should be deleted if DisableDeletion = false", func() { -- reader, err := NewDashboardFileReader(cfg, logger) -- So(err, ShouldBeNil) -- -- err = reader.startWalkingDisk() -- So(err, ShouldBeNil) -- -- So(len(fakeService.provisioned["Default"]), ShouldEqual, 1) -- So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1) -- So(len(fakeService.inserted), ShouldEqual, 1) -- So(fakeService.inserted[0].Dashboard.Id, ShouldEqual, 1) - }) - }) - diff --git a/SOURCES/004-skip-x86-goldenfiles-tests.patch b/SOURCES/004-skip-x86-goldenfiles-tests.patch index 20a50e2..bb61e0b 100644 --- a/SOURCES/004-skip-x86-goldenfiles-tests.patch +++ b/SOURCES/004-skip-x86-goldenfiles-tests.patch @@ -12,20 +12,29 @@ index 96efaccfce..bcdd98144f 100644 const arrow = fs.readFileSync(fullpath); const table = Table.from([arrow]); diff --git a/packages/grafana-runtime/src/utils/queryResponse.test.ts b/packages/grafana-runtime/src/utils/queryResponse.test.ts -index 25169669a0..05474366a2 100644 +index 0adb915d2c..8985d7beab 100644 --- a/packages/grafana-runtime/src/utils/queryResponse.test.ts +++ b/packages/grafana-runtime/src/utils/queryResponse.test.ts -@@ -38,7 +38,7 @@ const emptyResults = { +@@ -47,7 +47,7 @@ const emptyResults = { /* eslint-enable */ - describe('GEL Utils', () => { + describe('Query Response parser', () => { - test('should parse output with dataframe', () => { + test.skip('should parse output with dataframe', () => { const res = toDataQueryResponse(resp); const frames = res.data; - for (const frame of frames) { -@@ -106,7 +106,7 @@ describe('GEL Utils', () => { - expect(frames.length).toEqual(0); + expect(frames).toHaveLength(2); +@@ -131,7 +131,7 @@ describe('Query Response parser', () => { + `); + }); + +- test('should parse output with dataframe in order of queries', () => { ++ test.skip('should parse output with dataframe in order of queries', () => { + const queries: DataQuery[] = [{ refId: 'B' }, { refId: 'A' }]; + const res = toDataQueryResponse(resp, queries); + const frames = res.data; +@@ -250,7 +250,7 @@ describe('Query Response parser', () => { + expect(ids).toEqual(['A', 'B', 'X']); }); - test('resultWithError', () => { @@ -34,26 +43,27 @@ index 25169669a0..05474366a2 100644 // qdr.Responses[q.GetRefID()] = backend.DataResponse{ // Error: fmt.Errorf("an Error: %w", fmt.Errorf("another error")), diff --git a/pkg/tsdb/influxdb/flux/executor_test.go b/pkg/tsdb/influxdb/flux/executor_test.go -index e053c6c397..fc7685cbab 100644 +index 7cfc8bd20a..add6b5f3b8 100644 --- a/pkg/tsdb/influxdb/flux/executor_test.go +++ b/pkg/tsdb/influxdb/flux/executor_test.go -@@ -59,6 +59,7 @@ func (r *MockRunner) runQuery(ctx context.Context, q string) (*api.QueryTableRes +@@ -68,6 +68,7 @@ func executeMockedQuery(t *testing.T, name string, query queryModel) *backend.Da } func verifyGoldenResponse(t *testing.T, name string) *backend.DataResponse { + t.Skip("x86 memory dump is not compatible with other architectures") - runner := &MockRunner{ - testDataPath: name + ".csv", - } + dr := executeMockedQuery(t, name, queryModel{MaxDataPoints: 100}) + + err := experimental.CheckGoldenDataResponse(filepath.Join("testdata", fmt.Sprintf("%s.golden.txt", name)), diff --git a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts -index 94c1991dae..8e5b35eb3b 100644 +index afc8ba357b..587092a58d 100644 --- a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts +++ b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts -@@ -88,6 +88,7 @@ describe('CloudWatchDatasource', () => { - }); +@@ -78,7 +78,7 @@ describe('CloudWatchDatasource', () => { + }); - it('should return log groups as an array of strings', async () => { -+ return; // "it.skip" of this test leads to a test failure of the other log group test, because the mock is not active (see beforeEach() above) - const logGroups = await ctx.ds.describeLogGroups(); - const expectedLogGroups = [ - '/aws/containerinsights/dev303-workshop/application', + describe('When getting log groups', () => { +- it('should return log groups as an array of strings', async () => { ++ it.skip('should return log groups as an array of strings', async () => { + const response = { + results: { + A: { diff --git a/SOURCES/005-pin-yarn-version.patch b/SOURCES/005-pin-yarn-version.patch deleted file mode 100644 index a7dc34d..0000000 --- a/SOURCES/005-pin-yarn-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/package.json b/package.json -index ce11ba6de8..a3210762ed 100644 ---- a/package.json -+++ b/package.json -@@ -314,6 +314,7 @@ - "node": ">=12 <13" - }, - "volta": { -- "node": "12.19.0" -+ "node": "12.19.0", -+ "yarn": "1.22.10" - } - } diff --git a/SOURCES/005-remove-unused-dependencies.patch b/SOURCES/005-remove-unused-dependencies.patch new file mode 100644 index 0000000..19d72f0 --- /dev/null +++ b/SOURCES/005-remove-unused-dependencies.patch @@ -0,0 +1,63 @@ +diff --git a/go.mod b/go.mod +index 426b70ab7a..dc0c9a61ef 100644 +--- a/go.mod ++++ b/go.mod +@@ -21,7 +21,6 @@ require ( + github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b + github.com/centrifugal/centrifuge v0.13.0 + github.com/cortexproject/cortex v1.4.1-0.20201022071705-85942c5703cf +- github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce + github.com/davecgh/go-spew v1.1.1 + github.com/denisenkom/go-mssqldb v0.0.0-20200910202707-1e08a3fab204 + github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect +@@ -57,7 +56,6 @@ require ( + github.com/jmespath/go-jmespath v0.4.0 + github.com/jonboulle/clockwork v0.2.2 // indirect + github.com/json-iterator/go v1.1.10 +- github.com/jung-kurt/gofpdf v1.16.2 + github.com/lib/pq v1.9.0 + github.com/linkedin/goavro/v2 v2.10.0 + github.com/magefile/mage v1.11.0 +diff --git a/go.sum b/go.sum +index 98874d6a7c..03243066ac 100644 +--- a/go.sum ++++ b/go.sum +@@ -282,8 +282,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr + github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= + github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= + github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs= +-github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce h1:pAuTpLhCqC20s2RLhUirfw606jReW+8z2U5EvG+0S7E= +-github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce/go.mod h1:/gCaeLf13J8/621RNZ6TaExji/8xCWcn6UmdJ57wURQ= + github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ= + github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= + github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8= +@@ -914,10 +912,6 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 + github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= + github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= + github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +-github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +-github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc= +-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0= + github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= + github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM= + github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= +diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go +index 24031ace2e..081475fc89 100644 +--- a/pkg/extensions/main.go ++++ b/pkg/extensions/main.go +@@ -6,14 +6,12 @@ import ( + + _ "github.com/beevik/etree" + _ "github.com/cortexproject/cortex/pkg/util" +- _ "github.com/crewjam/saml" + _ "github.com/gobwas/glob" + "github.com/grafana/grafana/pkg/registry" + "github.com/grafana/grafana/pkg/services/licensing" + "github.com/grafana/grafana/pkg/services/validations" + _ "github.com/grafana/loki/pkg/logproto" + _ "github.com/grpc-ecosystem/go-grpc-middleware" +- _ "github.com/jung-kurt/gofpdf" + _ "github.com/linkedin/goavro/v2" + _ "github.com/pkg/errors" + _ "github.com/robfig/cron" diff --git a/SOURCES/006-fix-gtime-test-32bit.patch b/SOURCES/006-fix-gtime-test-32bit.patch new file mode 100644 index 0000000..c38a50f --- /dev/null +++ b/SOURCES/006-fix-gtime-test-32bit.patch @@ -0,0 +1,17 @@ +diff --git a/pkg/components/gtime/gtime_test.go b/pkg/components/gtime/gtime_test.go +index 0b1b23a1db..eb9fe718c7 100644 +--- a/pkg/components/gtime/gtime_test.go ++++ b/pkg/components/gtime/gtime_test.go +@@ -20,9 +20,9 @@ func TestParseInterval(t *testing.T) { + {inp: "1d", duration: 24 * time.Hour}, + {inp: "1w", duration: 168 * time.Hour}, + {inp: "2w", duration: 2 * 168 * time.Hour}, +- {inp: "1M", duration: time.Duration(daysInMonth * 24 * int(time.Hour))}, +- {inp: "1y", duration: time.Duration(daysInYear * 24 * int(time.Hour))}, +- {inp: "5y", duration: time.Duration(calculateDays5y() * 24 * int(time.Hour))}, ++ {inp: "1M", duration: time.Duration(int64(daysInMonth) * 24 * int64(time.Hour))}, ++ {inp: "1y", duration: time.Duration(int64(daysInYear) * 24 * int64(time.Hour))}, ++ {inp: "5y", duration: time.Duration(int64(calculateDays5y()) * 24 * int64(time.Hour))}, + {inp: "invalid-duration", err: regexp.MustCompile(`^time: invalid duration "?invalid-duration"?$`)}, + } + for i, tc := range tcs { diff --git a/SOURCES/006-remove-saml-dependency.patch b/SOURCES/006-remove-saml-dependency.patch deleted file mode 100644 index d164b33..0000000 --- a/SOURCES/006-remove-saml-dependency.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/go.mod b/go.mod -index bb073996ac..c1b6c3219c 100644 ---- a/go.mod -+++ b/go.mod -@@ -19,7 +19,6 @@ require ( - github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3 - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b - github.com/centrifugal/centrifuge v0.11.0 -- github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e - github.com/davecgh/go-spew v1.1.1 - github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec - github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect -diff --git a/go.sum b/go.sum -index c79d983b88..f45fa68f41 100644 ---- a/go.sum -+++ b/go.sum -@@ -228,10 +228,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSY - github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= - github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= - github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs= --github.com/crewjam/saml v0.4.1 h1:ZNSRJvdbypQDY2uApMngeIHNcxS6UCRAgiw3S+pmgRU= --github.com/crewjam/saml v0.4.1/go.mod h1:vHcshzXm2WkPOV1dcToZa99cCB1h3nPiKLtLYK+erBE= --github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e h1:CFIpybPh+vrxRD6R3t2BCV9hdtlOQudsj1vB1ECXOo4= --github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S68bk= - github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY= - github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= - github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8= -diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go -index 337f6566f8..b15c3f907b 100644 ---- a/pkg/extensions/main.go -+++ b/pkg/extensions/main.go -@@ -5,7 +5,6 @@ import ( - // remove the cron (v1) dependency - - _ "github.com/beevik/etree" -- _ "github.com/crewjam/saml" - _ "github.com/gobwas/glob" - "github.com/grafana/grafana/pkg/registry" - "github.com/grafana/grafana/pkg/services/licensing" diff --git a/SOURCES/007-CVE-2021-39226.patch b/SOURCES/007-CVE-2021-39226.patch deleted file mode 100644 index 8202e1a..0000000 --- a/SOURCES/007-CVE-2021-39226.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go -index d657b98809..a59865cc22 100644 ---- a/pkg/api/dashboard_snapshot.go -+++ b/pkg/api/dashboard_snapshot.go -@@ -138,6 +138,9 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna - // GET /api/snapshots/:key - func GetDashboardSnapshot(c *models.ReqContext) Response { - key := c.Params(":key") -+ if len(key) == 0 { -+ return Error(404, "Snapshot not found", nil) -+ } - query := &models.GetDashboardSnapshotQuery{Key: key} - - err := bus.Dispatch(query) -@@ -202,6 +205,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error { - // GET /api/snapshots-delete/:deleteKey - func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response { - key := c.Params(":deleteKey") -+ if len(key) == 0 { -+ return Error(404, "Snapshot not found", nil) -+ } - - query := &models.GetDashboardSnapshotQuery{DeleteKey: key} - -@@ -229,6 +235,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response { - // DELETE /api/snapshots/:key - func DeleteDashboardSnapshot(c *models.ReqContext) Response { - key := c.Params(":key") -+ if len(key) == 0 { -+ return Error(404, "Snapshot not found", nil) -+ } - - query := &models.GetDashboardSnapshotQuery{Key: key} - -diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go -index df593d669a..46cb0c160f 100644 ---- a/vendor/gopkg.in/macaron.v1/router.go -+++ b/vendor/gopkg.in/macaron.v1/router.go -@@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) { - func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - if t, ok := r.routers[req.Method]; ok { - // Fast match for static routes -- leaf := r.getLeaf(req.Method, req.URL.Path) -- if leaf != nil { -- leaf.handle(rw, req, nil) -- return -+ if !strings.ContainsAny(req.URL.Path, ":*") { -+ leaf := r.getLeaf(req.Method, req.URL.Path) -+ if leaf != nil { -+ leaf.handle(rw, req, nil) -+ return -+ } - } - - h, p, ok := t.Match(req.URL.EscapedPath()) diff --git a/SOURCES/008-CVE-2021-27358.patch b/SOURCES/008-CVE-2021-27358.patch deleted file mode 100644 index 07e9a9f..0000000 --- a/SOURCES/008-CVE-2021-27358.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go -index c44d7dd9a7..4989ea0e1c 100644 ---- a/pkg/middleware/auth.go -+++ b/pkg/middleware/auth.go -@@ -141,9 +141,9 @@ func SnapshotPublicModeOrSignedIn() macaron.Handler { - return - } - -- _, err := c.Invoke(ReqSignedIn) -- if err != nil { -- c.JsonApiErr(500, "Failed to invoke required signed in middleware", err) -+ if !c.IsSignedIn { -+ notAuthorized(c) -+ return - } - } - } diff --git a/SOURCES/008-remove-unused-frontend-crypto.patch b/SOURCES/008-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000..2409e23 --- /dev/null +++ b/SOURCES/008-remove-unused-frontend-crypto.patch @@ -0,0 +1,26 @@ +diff --git a/package.json b/package.json +index 9c5a2d93e2..7f65949ea4 100644 +--- a/package.json ++++ b/package.json +@@ -294,6 +294,9 @@ + "whatwg-fetch": "3.1.0" + }, + "resolutions": { ++ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", ++ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", + "caniuse-db": "1.0.30000772", + "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export" + }, +diff --git a/scripts/webpack/webpack.common.js b/scripts/webpack/webpack.common.js +index 3e56d31c37..a03ed1a67a 100644 +--- a/scripts/webpack/webpack.common.js ++++ b/scripts/webpack/webpack.common.js +@@ -66,6 +66,7 @@ module.exports = { + }, + node: { + fs: 'empty', ++ crypto: false, + }, + plugins: [ + new MonacoWebpackPlugin({ diff --git a/SOURCES/009-patch-unused-backend-crypto.patch b/SOURCES/009-patch-unused-backend-crypto.patch new file mode 100644 index 0000000..12be571 --- /dev/null +++ b/SOURCES/009-patch-unused-backend-crypto.patch @@ -0,0 +1,168 @@ +diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +new file mode 100644 +index 0000000..871e612 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +@@ -0,0 +1,25 @@ ++package elgamal ++ ++import ( ++ "io" ++ "math/big" ++) ++ ++// PublicKey represents an ElGamal public key. ++type PublicKey struct { ++ G, P, Y *big.Int ++} ++ ++// PrivateKey represents an ElGamal private key. ++type PrivateKey struct { ++ PublicKey ++ X *big.Int ++} ++ ++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { ++ panic("ElGamal encryption not available") ++} ++ ++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { ++ panic("ElGamal encryption not available") ++} +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +index 9728d61..9f04c2d 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +@@ -16,7 +16,6 @@ import ( + "math/big" + "math/bits" + +- "golang.org/x/crypto/cast5" + "golang.org/x/crypto/openpgp/errors" + ) + +@@ -487,7 +486,7 @@ func (cipher CipherFunction) KeySize() int { + case Cipher3DES: + return 24 + case CipherCAST5: +- return cast5.KeySize ++ panic("cast5 cipher not available") + case CipherAES128: + return 16 + case CipherAES192: +@@ -517,7 +516,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { + case Cipher3DES: + block, _ = des.NewTripleDESCipher(key) + case CipherCAST5: +- block, _ = cast5.NewCipher(key) ++ panic("cast5 cipher not available") + case CipherAES128, CipherAES192, CipherAES256: + block, _ = aes.NewCipher(key) + } +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +index 6126030..3a54c5f 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +@@ -5,13 +5,12 @@ + package packet + + import ( +- "crypto/cipher" + "crypto/sha1" + "crypto/subtle" +- "golang.org/x/crypto/openpgp/errors" + "hash" + "io" +- "strconv" ++ ++ "golang.org/x/crypto/openpgp/errors" + ) + + // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The +@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { + // packet can be read. An incorrect key can, with high probability, be detected + // immediately and this will result in a KeyIncorrect error being returned. + func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { +- keySize := c.KeySize() +- if keySize == 0 { +- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) +- } +- if len(key) != keySize { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") +- } +- +- if se.prefix == nil { +- se.prefix = make([]byte, c.blockSize()+2) +- _, err := readFull(se.contents, se.prefix) +- if err != nil { +- return nil, err +- } +- } else if len(se.prefix) != c.blockSize()+2 { +- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") +- } +- +- ocfbResync := OCFBResync +- if se.MDC { +- // MDC packets use a different form of OCFB mode. +- ocfbResync = OCFBNoResync +- } +- +- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) +- if s == nil { +- return nil, errors.ErrKeyIncorrect +- } +- +- plaintext := cipher.StreamReader{S: s, R: se.contents} +- +- if se.MDC { +- // MDC packets have an embedded hash that we need to check. +- h := sha1.New() +- h.Write(se.prefix) +- return &seMDCReader{in: plaintext, h: h}, nil +- } +- +- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser. +- return seReader{plaintext}, nil ++ panic("OCFB cipher not available") + } + + // seReader wraps an io.Reader with a no-op Close method. +@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error { + // written. + // If config is nil, sensible defaults will be used. + func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) { +- if c.KeySize() != len(key) { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") +- } +- writeCloser := noOpCloser{w} +- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC) +- if err != nil { +- return +- } +- +- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion}) +- if err != nil { +- return +- } +- +- block := c.new(key) +- blockSize := block.BlockSize() +- iv := make([]byte, blockSize) +- _, err = config.Random().Read(iv) +- if err != nil { +- return +- } +- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync) +- _, err = ciphertext.Write(prefix) +- if err != nil { +- return +- } +- plaintext := cipher.StreamWriter{S: s, W: ciphertext} +- +- h := sha1.New() +- h.Write(iv) +- h.Write(iv[blockSize-2:]) +- contents = &seMDCWriter{w: plaintext, h: h} +- return ++ panic("OCFB cipher not available") + } diff --git a/SOURCES/010-fips.patch b/SOURCES/010-fips.patch new file mode 100644 index 0000000..f9adee9 --- /dev/null +++ b/SOURCES/010-fips.patch @@ -0,0 +1,140 @@ +diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go +new file mode 100644 +index 0000000..a9c550e +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/boring.go +@@ -0,0 +1,74 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build linux ++// +build !android ++// +build !no_openssl ++// +build !cmd_go_bootstrap ++// +build !msan ++ ++package boring ++ ++// #include "openssl_pbkdf2.h" ++// #cgo LDFLAGS: -ldl ++import "C" ++import ( ++ "bytes" ++ "crypto/sha1" ++ "crypto/sha256" ++ "hash" ++ "unsafe" ++) ++ ++var ( ++ emptySha1 = sha1.Sum([]byte{}) ++ emptySha256 = sha256.Sum256([]byte{}) ++) ++ ++func hashToMD(h hash.Hash) *C.GO_EVP_MD { ++ emptyHash := h.Sum([]byte{}) ++ ++ switch { ++ case bytes.Equal(emptyHash, emptySha1[:]): ++ return C._goboringcrypto_EVP_sha1() ++ case bytes.Equal(emptyHash, emptySha256[:]): ++ return C._goboringcrypto_EVP_sha256() ++ } ++ return nil ++} ++ ++// charptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func charptr(b []byte) *C.char { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.char)(unsafe.Pointer(&b[0])) ++} ++ ++// ucharptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func ucharptr(b []byte) *C.uchar { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.uchar)(unsafe.Pointer(&b[0])) ++} ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ // println("[debug] using pbkdf2 from OpenSSL") ++ ch := h() ++ md := hashToMD(ch) ++ if md == nil { ++ return nil ++ } ++ ++ out := make([]byte, keyLen) ++ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out)) ++ if ok != 1 { ++ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed") ++ } ++ return out ++} +diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go +new file mode 100644 +index 0000000..e244fb5 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl ++ ++package boring ++ ++import ( ++ "hash" ++) ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ panic("boringcrypto: not available") ++} +diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h +new file mode 100644 +index 0000000..6dfdf10 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h +@@ -0,0 +1,5 @@ ++#include "/usr/lib/golang/src/crypto/internal/boring/goboringcrypto.h" ++ ++DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, ++ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out), ++ (pass, passlen, salt, saltlen, iter, digest, keylen, out)) +diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +index 593f653..799a611 100644 +--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go ++++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +@@ -19,8 +19,11 @@ pbkdf2.Key. + package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + + import ( ++ "crypto/boring" + "crypto/hmac" + "hash" ++ ++ xboring "golang.org/x/crypto/internal/boring" + ) + + // Key derives a key from the password, salt and iteration count, returning a +@@ -40,6 +43,10 @@ import ( + // Using a higher iteration count will increase the cost of an exhaustive + // search but will also make derivation proportionally slower. + func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ if boring.Enabled() { ++ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h) ++ } ++ + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen diff --git a/SOURCES/011-CVE-2021-39226.patch b/SOURCES/011-CVE-2021-39226.patch new file mode 100644 index 0000000..a17cd34 --- /dev/null +++ b/SOURCES/011-CVE-2021-39226.patch @@ -0,0 +1,55 @@ +diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go +index 4f7a4b8d09..b500639d15 100644 +--- a/pkg/api/dashboard_snapshot.go ++++ b/pkg/api/dashboard_snapshot.go +@@ -144,6 +144,9 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna + // GET /api/snapshots/:key + func GetDashboardSnapshot(c *models.ReqContext) response.Response { + key := c.Params(":key") ++ if len(key) == 0 { ++ return response.Error(404, "Snapshot not found", nil) ++ } + query := &models.GetDashboardSnapshotQuery{Key: key} + + err := bus.Dispatch(query) +@@ -210,6 +213,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error { + // GET /api/snapshots-delete/:deleteKey + func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) response.Response { + key := c.Params(":deleteKey") ++ if len(key) == 0 { ++ return response.Error(404, "Snapshot not found", nil) ++ } + + query := &models.GetDashboardSnapshotQuery{DeleteKey: key} + +@@ -240,6 +246,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) response.Response + // DELETE /api/snapshots/:key + func DeleteDashboardSnapshot(c *models.ReqContext) response.Response { + key := c.Params(":key") ++ if len(key) == 0 { ++ return response.Error(404, "Snapshot not found", nil) ++ } + + query := &models.GetDashboardSnapshotQuery{Key: key} + +diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go +index df593d669a..46cb0c160f 100644 +--- a/vendor/gopkg.in/macaron.v1/router.go ++++ b/vendor/gopkg.in/macaron.v1/router.go +@@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) { + func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + if t, ok := r.routers[req.Method]; ok { + // Fast match for static routes +- leaf := r.getLeaf(req.Method, req.URL.Path) +- if leaf != nil { +- leaf.handle(rw, req, nil) +- return ++ if !strings.ContainsAny(req.URL.Path, ":*") { ++ leaf := r.getLeaf(req.Method, req.URL.Path) ++ if leaf != nil { ++ leaf.handle(rw, req, nil) ++ return ++ } + } + + h, p, ok := t.Match(req.URL.EscapedPath()) diff --git a/SOURCES/Makefile b/SOURCES/Makefile index 0f923ff..acd932c 100644 --- a/SOURCES/Makefile +++ b/SOURCES/Makefile @@ -1,17 +1,41 @@ -all: grafana-$(VER).tar.gz \ - grafana-vendor-$(VER).tar.xz \ - grafana-webpack-$(VER).tar.gz +ifndef VER + $(error VER is undefined) +endif +ifndef REL + $(error REL is undefined) +endif -grafana-$(VER).tar.gz grafana-$(VER)/: - wget https://github.com/grafana/grafana/archive/v$(VER)/grafana-$(VER).tar.gz +NAME := grafana +RPM_NAME := $(NAME) +SOURCE_DIR := $(NAME)-$(VER) +SOURCE_TAR := $(NAME)-$(VER).tar.gz +VENDOR_TAR := $(RPM_NAME)-vendor-$(VER)-$(REL).tar.xz +WEBPACK_TAR := $(RPM_NAME)-webpack-$(VER)-$(REL).tar.gz + +ALL_PATCHES := $(wildcard *.patch) +PATCHES_TO_APPLY := $(filter-out 009-patch-unused-backend-crypto.patch 010-fips.patch,$(ALL_PATCHES)) + +all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) + +$(SOURCE_TAR): + spectool -g $(RPM_NAME).spec + +$(VENDOR_TAR): $(SOURCE_TAR) rm -rf grafana-$(VER) tar xfz grafana-$(VER).tar.gz - cd grafana-$(VER) && shopt -s nullglob && \ - for patch in ../*.patch; do patch -p1 < $$patch; done -grafana-vendor-$(VER).tar.xz: grafana-$(VER)/ + # patches can affect Go or Node.js dependencies, or the webpack + for patch in $(PATCHES_TO_APPLY); do patch -d grafana-$(VER) -p1 --fuzz=0 < $$patch; done + # Go cd grafana-$(VER) && go mod vendor -v + # Remove unused crypto + rm grafana-$(VER)/vendor/golang.org/x/crypto/cast5/cast5.go + rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/ed25519.go + rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go + rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go + rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go + rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \ sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest @@ -19,7 +43,9 @@ grafana-vendor-$(VER).tar.xz: grafana-$(VER)/ cd grafana-$(VER) && yarn install --pure-lockfile # Remove files with licensing issues find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find grafana-$(VER) -name '*.exe' -delete + find grafana-$(VER) -type d -name 'property-information' -prune -exec rm -r {} \; + find grafana-$(VER) -type f -name '*.exe' -delete + rm -r grafana-$(VER)/node_modules/visjs-network/examples ./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest # Create tarball @@ -27,12 +53,11 @@ grafana-vendor-$(VER).tar.xz: grafana-$(VER)/ grafana-$(VER)/vendor \ $$(find grafana-$(VER) -type d -name "node_modules" -prune) -grafana-webpack-$(VER).tar.gz: grafana-$(VER)/ +$(WEBPACK_TAR): $(VENDOR_TAR) cd grafana-$(VER) && \ - yarn install --pure-lockfile && \ ../build_frontend.sh tar cfz $@ grafana-$(VER)/public/build grafana-$(VER)/public/views grafana-$(VER)/plugins-bundled clean: - rm -rf *.tar.gz *.tar.xz *.manifest *.rpm grafana-*/ + rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ diff --git a/SOURCES/build_frontend.sh b/SOURCES/build_frontend.sh index a9aa76d..fa0fb8e 100755 --- a/SOURCES/build_frontend.sh +++ b/SOURCES/build_frontend.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -eu # Build the frontend yarn run build diff --git a/SOURCES/distro-defaults.ini b/SOURCES/distro-defaults.ini index d925297..daa0679 100644 --- a/SOURCES/distro-defaults.ini +++ b/SOURCES/distro-defaults.ini @@ -66,6 +66,13 @@ cert_key = # Unix socket path socket = /tmp/grafana.sock +# CDN Url +cdn_url = + +# Sets the maximum time in minutes before timing out read of an incoming request and closing idle connections. +# `0` means there is no timeout for reading the request. +read_timeout = 0 + #################################### Database ############################ [database] # You can configure the database connection by specifying type, host, name, user and password @@ -98,6 +105,12 @@ log_queries = # For "mysql", use either "true", "false", or "skip-verify". ssl_mode = disable +# Database drivers may support different transaction isolation levels. +# Currently, only "mysql" driver supports isolation levels. +# If the value is empty - driver's default isolation level is applied. +# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE". +isolation_level = + ca_cert_path = client_key_path = client_cert_path = @@ -142,9 +155,17 @@ tls_handshake_timeout_seconds = 10 # waiting for the server to approve. expect_continue_timeout_seconds = 1 +# Optionally limits the total number of connections per host, including connections in the dialing, +# active, and idle states. On limit violation, dials will block. +# A value of zero (0) means no limit. +max_conns_per_host = 0 + # The maximum number of idle connections that Grafana will keep alive. max_idle_connections = 100 +# The maximum number of idle connections per host that Grafana will keep alive. +max_idle_connections_per_host = 2 + # How many seconds the data proxy keeps an idle connection open before timing out. idle_conn_timeout_seconds = 90 @@ -159,6 +180,9 @@ send_user_header = false # Change this option to false to disable reporting. reporting_enabled = false +# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs +reporting_distributor = grafana-labs + # Set to false to disable all checks to https://grafana.com # for new versions (grafana itself and plugins), check is used # in some UI views to notify that grafana or plugin update exists @@ -227,6 +251,13 @@ x_content_type_options = true # when they detect reflected cross-site scripting (XSS) attacks. x_xss_protection = true +# Enable adding the Content-Security-Policy header to your requests. +# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. +content_security_policy = false + +# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. +# $NONCE in the template includes a random nonce. +content_security_policy_template = """script-src 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';""" #################################### Snapshots ########################### [snapshots] @@ -255,6 +286,11 @@ min_refresh_interval = 1s # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" default_home_dashboard_path = +################################### Data sources ######################### +[datasources] +# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API. +datasource_limit = 5000 + #################################### Users ############################### [users] # disable user signup / registration @@ -282,6 +318,9 @@ password_hint = password # Default UI theme ("dark" or "light") default_theme = dark +# Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash. +home_page = + # External user management external_manage_link_url = external_manage_link_name = @@ -296,6 +335,9 @@ editors_can_admin = false # The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes). user_invite_max_lifetime_duration = 24h +# Enter a comma-separated list of usernames to hide them in the Grafana UI. These users are shown to Grafana admins and to themselves. +hidden_users = + [auth] # Login cookie name login_cookie_name = grafana_session @@ -442,6 +484,7 @@ scopes = user:email email_attribute_name = email:primary email_attribute_path = login_attribute_path = +name_attribute_path = role_attribute_path = id_token_attribute_name = auth_url = @@ -478,11 +521,24 @@ enabled = false config_file = /etc/grafana/ldap.toml allow_sign_up = true -# LDAP backround sync (Enterprise only) +# LDAP background sync (Enterprise only) # At 1 am every day sync_cron = "0 0 1 * * *" active_sync_enabled = true +#################################### AWS ########################### +[aws] +# Enter a comma-separated list of allowed AWS authentication providers. +# Options are: default (AWS SDK Default), keys (Access && secret key), credentials (Credentials field), ec2_iam_role (EC2 IAM Role) +allowed_auth_providers = default,keys,credentials + +# Allow AWS users to assume a role using temporary security credentials. +# If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers +assume_role_enabled = true + +# Specify max no of pages to be returned by the ListMetricPages API +list_metrics_page_limit = 500 + #################################### SMTP / Emailing ##################### [smtp] enabled = false @@ -559,6 +615,25 @@ facility = # Syslog tag. By default, the process' argv[0] is used. tag = +[log.frontend] +# Should Sentry javascript agent be initialized +enabled = false + +# Sentry DSN if you want to send events to Sentry. +sentry_dsn = + +# Custom HTTP endpoint to send events captured by the Sentry agent to. Default will log the events to stdout. +custom_endpoint = /log + +# Rate of events to be reported between 0 (none) and 1 (all), float +sample_rate = 1.0 + +# Requests per second limit enforced per an extended period, for Grafana backend log ingestion endpoint (/log). +log_endpoint_requests_per_second_limit = 3 + +# Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log) +log_endpoint_burst_limit = 15 + #################################### Usage Quotas ######################## [quota] enabled = false @@ -631,6 +706,9 @@ max_annotation_age = max_annotations_to_keep = #################################### Annotations ######################### +[annotations] +# Configures the batch size for the annotation clean-up job. This setting is used for dashboard, API, and alert annotations. +cleanupjob_batchsize = 100 [annotations.dashboard] # Dashboard annotations means that annotations are associated with the dashboard they are created on. @@ -858,3 +936,7 @@ use_browser_locale = false # Default timezone for user preferences. Options are 'browser' for the browser local timezone or a timezone name from IANA Time Zone database, e.g. 'UTC' or 'Europe/Amsterdam' etc. default_timezone = browser + +[expressions] +# Enable or disable the expressions functionality. +enabled = true diff --git a/SOURCES/list_bundled_nodejs_packages.py b/SOURCES/list_bundled_nodejs_packages.py index a7c5e22..3158c2c 100755 --- a/SOURCES/list_bundled_nodejs_packages.py +++ b/SOURCES/list_bundled_nodejs_packages.py @@ -1,4 +1,7 @@ #!/usr/bin/env python3 +# +# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json +# import sys import json import re diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec index 0acde69..ada6d1f 100644 --- a/SPECS/grafana.spec +++ b/SPECS/grafana.spec @@ -1,7 +1,3 @@ -# https://bugzilla.redhat.com/show_bug.cgi?id=1752991 -# unfortunately the go_arches macro doesn't reflect that change yet -ExcludeArch: i686 - %global grafana_arches %{lua: go_arches = {} for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do go_arches[arch] = 1 @@ -12,22 +8,19 @@ ExcludeArch: i686 end end} -# gobuild and gotest macros are defined in go-rpm-macros, which is not available on RHEL -# definitions lifted from Fedora 34 podman.spec -%if ! 0%{?gobuild:1} -%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; -%endif -%if ! 0%{?gotest:1} -%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**}; -%endif - # Specify if the frontend will be compiled as part of the build or # is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system) %define compile_frontend 0 +%if 0%{?rhel} +%define enable_fips_mode 1 +%else +%define enable_fips_mode 0 +%endif + Name: grafana -Version: 7.3.6 -Release: 3%{?dist} +Version: 7.5.9 +Release: 4%{?dist} Summary: Metrics dashboard and graph editor License: ASL 2.0 URL: https://grafana.org @@ -36,11 +29,15 @@ URL: https://grafana.org Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}-%{version}.tar.gz # Source1 contains the bundled Go and Node.js dependencies -Source1: grafana-vendor-%{version}.tar.xz +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of the Grafana package. +Source1: grafana-vendor-%{version}-2.tar.xz %if %{compile_frontend} == 0 # Source2 contains the precompiled frontend -Source2: grafana-webpack-%{version}.tar.gz +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of the Grafana package. +Source2: grafana-webpack-%{version}-2.tar.gz %endif # Source3 contains Grafana configuration defaults for distributions @@ -59,9 +56,9 @@ Source6: list_bundled_nodejs_packages.py Patch1: 001-wrappers-grafana-cli.patch Patch2: 002-manpages.patch -# remove failing assertions due to a symlink +# resolve symlinks before comparing paths # BUILD/src/github.com/grafana/grafana -> BUILD/grafana-X.Y.Z -Patch3: 003-remove-dashboard-abspath-test.patch +Patch3: 003-fix-dashboard-abspath-test.patch # Required for s390x # the golden files include memory dumps from a x86 machine @@ -69,20 +66,38 @@ Patch3: 003-remove-dashboard-abspath-test.patch # therefore loading this memory dump fails on s390x Patch4: 004-skip-x86-goldenfiles-tests.patch -Patch5: 005-pin-yarn-version.patch -Patch6: 006-remove-saml-dependency.patch -Patch7: 007-CVE-2021-39226.patch -Patch8: 008-CVE-2021-27358.patch +Patch5: 005-remove-unused-dependencies.patch + +Patch6: 006-fix-gtime-test-32bit.patch + +Patch8: 008-remove-unused-frontend-crypto.patch + +# The Makefile removes a few files with crypto implementations +# from the vendor tarball, which are not used in Grafana. +# This patch removes all references to the deleted files. +Patch9: 009-patch-unused-backend-crypto.patch + +# This patch modifies the x/crypto/pbkdf2 function to use OpenSSL +# if FIPS mode is enabled. +Patch10: 010-fips.patch + +# Patch for CVE-2021-39226 +Patch11: 011-CVE-2021-39226.patch # Intersection of go_arches and nodejs_arches ExclusiveArch: %{grafana_arches} -BuildRequires: git, systemd, golang, go-srpm-macros +BuildRequires: systemd, golang, go-srpm-macros %if 0%{?fedora} >= 31 BuildRequires: go-rpm-macros %endif + %if %{compile_frontend} -BuildRequires: nodejs >= 1:12, nodejs < 1:13, yarnpkg +BuildRequires: nodejs >= 1:14, yarnpkg +%endif + +%if %{enable_fips_mode} +BuildRequires: openssl-devel %endif # omit golang debugsource, see BZ995136 and related @@ -130,95 +145,110 @@ Provides: grafana-stackdriver = 7.3.6-1 # this is for security purposes, if nodejs-foo ever needs an update, # affected packages can be easily identified. # Note: generated by the Makefile (see README.md) -Provides: bundled(golang(cloud.google.com/go/storage)) = 1.10.0 +Provides: bundled(golang(cloud.google.com/go/storage)) = 1.13.0 Provides: bundled(golang(github.com/BurntSushi/toml)) = 0.3.1 Provides: bundled(golang(github.com/VividCortex/mysqlerr)) = 0.0.0-20170204212430.6c6b55f8796f -Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.33.12 +Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.37.20 Provides: bundled(golang(github.com/beevik/etree)) = 1.1.0 Provides: bundled(golang(github.com/benbjohnson/clock)) = 0.0.0-20161215174838.7dc76406b6d3 Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20190913173617.a41fca850d0b -Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.11.0 +Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.13.0 +Provides: bundled(golang(github.com/cortexproject/cortex)) = 1.4.1-0.20201022071705.85942c5703cf Provides: bundled(golang(github.com/davecgh/go-spew)) = 1.1.1 -Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.0.0-20200620013148.b91950f658ec +Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.0.0-20200910202707.1e08a3fab204 Provides: bundled(golang(github.com/facebookgo/inject)) = 0.0.0-20180706035515.f23751cae28b -Provides: bundled(golang(github.com/fatih/color)) = 1.9.0 +Provides: bundled(golang(github.com/fatih/color)) = 1.10.0 Provides: bundled(golang(github.com/gchaincl/sqlhooks)) = 1.3.0 +Provides: bundled(golang(github.com/getsentry/sentry-go)) = 0.10.0 Provides: bundled(golang(github.com/go-macaron/binding)) = 0.0.0-20190806013118.0b4f37bab25b Provides: bundled(golang(github.com/go-macaron/gzip)) = 0.0.0-20160222043647.cad1c6580a07 -Provides: bundled(golang(github.com/go-macaron/session)) = 0.0.0-20190805070824.1a3cdc6f5659 +Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.3+incompatible Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.5.0 Provides: bundled(golang(github.com/go-stack/stack)) = 1.8.0 Provides: bundled(golang(github.com/gobwas/glob)) = 0.2.3 +Provides: bundled(golang(github.com/golang/mock)) = 1.5.0 Provides: bundled(golang(github.com/golang/protobuf)) = 1.4.3 -Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.2 -Provides: bundled(golang(github.com/gosimple/slug)) = 1.4.2 +Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.4 +Provides: bundled(golang(github.com/google/uuid)) = 1.2.0 +Provides: bundled(golang(github.com/gosimple/slug)) = 1.9.0 +Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.4.0 Provides: bundled(golang(github.com/grafana/grafana-plugin-model)) = 0.0.0-20190930120109.1fc953a61fb4 -Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.79.0 -Provides: bundled(golang(github.com/grafana/loki)) = 1.6.0 -Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.2.1 -Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 0.12.2 -Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.2.2 -Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.2.0 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.88.0 +Provides: bundled(golang(github.com/grafana/loki)) = 1.6.2-0.20201026154740.6978ee5d7387 +Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.2.2 +Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 0.15.0 +Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.4.0 +Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.2.1 Provides: bundled(golang(github.com/inconshreveable/log15)) = 0.0.0-20180818164646.67afb5ed74ec Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.2.0 -Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.3.0 -Provides: bundled(golang(github.com/jung-kurt/gofpdf)) = 1.10.1 -Provides: bundled(golang(github.com/lib/pq)) = 1.3.0 -Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.9.7 -Provides: bundled(golang(github.com/magefile/mage)) = 1.9.0 +Provides: bundled(golang(github.com/jaegertracing/jaeger)) = 1.22.1-0.20210304164023.2fff3ca58910 +Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.4.0 +Provides: bundled(golang(github.com/json-iterator/go)) = 1.1.10 +Provides: bundled(golang(github.com/lib/pq)) = 1.9.0 +Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.10.0 +Provides: bundled(golang(github.com/magefile/mage)) = 1.11.0 Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.12 -Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.11.0 +Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.6 +Provides: bundled(golang(github.com/mwitkow/go-conntrack)) = 0.0.0-20190716064945.2f068394615f Provides: bundled(golang(github.com/opentracing/opentracing-go)) = 1.2.0 Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible Provides: bundled(golang(github.com/pkg/errors)) = 0.9.1 -Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.8.0 +Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.9.0 Provides: bundled(golang(github.com/prometheus/client_model)) = 0.2.0 -Provides: bundled(golang(github.com/prometheus/common)) = 0.14.0 +Provides: bundled(golang(github.com/prometheus/common)) = 0.18.0 Provides: bundled(golang(github.com/robfig/cron)) = 0.0.0-20180505203441.b41be1df6967 -Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.0 +Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1 Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.1.0 Provides: bundled(golang(github.com/smartystreets/goconvey)) = 1.6.4 -Provides: bundled(golang(github.com/stretchr/testify)) = 1.6.1 +Provides: bundled(golang(github.com/stretchr/testify)) = 1.7.0 Provides: bundled(golang(github.com/teris-io/shortid)) = 0.0.0-20171029131806.771a37caa5cf Provides: bundled(golang(github.com/timberio/go-datemath)) = 0.1.1-0.20200323150745.74ddef604fff Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20190826212731.daf92ba38329 Provides: bundled(golang(github.com/uber/jaeger-client-go)) = 2.25.0+incompatible Provides: bundled(golang(github.com/unknwon/com)) = 1.0.1 -Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.1.1 +Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.3.0 Provides: bundled(golang(github.com/weaveworks/common)) = 0.0.0-20201119133501.0619918236ec Provides: bundled(golang(github.com/xorcare/pointer)) = 1.1.0 Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0 -Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20201208171446.5f87f3452ae9 -Provides: bundled(golang(golang.org/x/net)) = 0.0.0-20201022231255.08b38378de70 -Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20200902213428.5d25da1a8d43 -Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20201020160332.67f06af15bc9 +Provides: bundled(golang(go.opentelemetry.io/collector)) = 0.21.0 +Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20201221181555.eec23a3978ad +Provides: bundled(golang(golang.org/x/net)) = 0.0.0-20210119194325.5f4716e94777 +Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20210113205817.d3ed898aa8a3 +Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20201207232520.09787c993a3a Provides: bundled(golang(golang.org/x/time)) = 0.0.0-20200630173020.3af7569d3a1e -Provides: bundled(golang(google.golang.org/grpc)) = 1.33.1 -Provides: bundled(golang(gopkg.in/ini.v1)) = 1.51.0 +Provides: bundled(golang(gonum.org/v1/gonum)) = 0.8.2 +Provides: bundled(golang(google.golang.org/api)) = 0.40.0 +Provides: bundled(golang(google.golang.org/grpc)) = 1.36.0 +Provides: bundled(golang(gopkg.in/ini.v1)) = 1.62.0 Provides: bundled(golang(gopkg.in/ldap.v3)) = 3.0.2 -Provides: bundled(golang(gopkg.in/macaron.v1)) = 1.3.9 +Provides: bundled(golang(gopkg.in/macaron.v1)) = 1.4.0 Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1 Provides: bundled(golang(gopkg.in/redis.v5)) = 5.2.9 -Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.4.1 -Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.3.0 +Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.5.1 +Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.4.0 Provides: bundled(golang(xorm.io/core)) = 0.7.3 -Provides: bundled(golang(xorm.io/xorm)) = 0.8.1 -Provides: bundled(npm(@babel/core)) = 7.6.2 +Provides: bundled(golang(xorm.io/xorm)) = 0.8.2 +Provides: bundled(npm(@babel/core)) = 7.6.4 Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.8.3 Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.8.3 -Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.2.0 -Provides: bundled(npm(@babel/preset-env)) = 7.6.3 -Provides: bundled(npm(@babel/preset-react)) = 7.6.3 +Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.7.4 +Provides: bundled(npm(@babel/preset-env)) = 7.7.4 +Provides: bundled(npm(@babel/preset-react)) = 7.8.3 Provides: bundled(npm(@babel/preset-typescript)) = 7.8.3 Provides: bundled(npm(@emotion/core)) = 10.0.21 -Provides: bundled(npm(@grafana/api-documenter)) = 0.9.3 +Provides: bundled(npm(@grafana/api-documenter)) = 7.11.2 Provides: bundled(npm(@grafana/api-extractor)) = 7.10.1 -Provides: bundled(npm(@grafana/eslint-config)) = 2.0.3 +Provides: bundled(npm(@grafana/aws-sdk)) = 0.0.3 +Provides: bundled(npm(@grafana/eslint-config)) = 2.3.0 Provides: bundled(npm(@grafana/slate-react)) = 0.22.9-grafana -Provides: bundled(npm(@reduxjs/toolkit)) = 1.3.4 +Provides: bundled(npm(@popperjs/core)) = 2.5.4 +Provides: bundled(npm(@reduxjs/toolkit)) = 1.5.0 Provides: bundled(npm(@rtsao/plugin-proposal-class-properties)) = 7.0.1-patch.1 -Provides: bundled(npm(@testing-library/jest-dom)) = 5.11.3 -Provides: bundled(npm(@testing-library/react)) = 10.4.8 +Provides: bundled(npm(@sentry/browser)) = 5.25.0 +Provides: bundled(npm(@sentry/types)) = 5.24.2 +Provides: bundled(npm(@sentry/utils)) = 5.24.2 +Provides: bundled(npm(@testing-library/jest-dom)) = 5.11.5 +Provides: bundled(npm(@testing-library/react)) = 11.1.2 Provides: bundled(npm(@testing-library/react-hooks)) = 3.2.1 Provides: bundled(npm(@testing-library/user-event)) = 12.1.3 Provides: bundled(npm(@torkelo/react-select)) = 3.0.8 @@ -230,28 +260,29 @@ Provides: bundled(npm(@types/classnames)) = 2.2.7 Provides: bundled(npm(@types/clipboard)) = 2.0.1 Provides: bundled(npm(@types/common-tags)) = 1.8.0 Provides: bundled(npm(@types/d3)) = 5.7.2 +Provides: bundled(npm(@types/d3-force)) = 1.2.1 Provides: bundled(npm(@types/d3-scale-chromatic)) = 1.3.1 +Provides: bundled(npm(@types/debounce-promise)) = 3.1.3 Provides: bundled(npm(@types/enzyme)) = 3.10.3 Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6 Provides: bundled(npm(@types/file-saver)) = 2.0.1 Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1 Provides: bundled(npm(@types/is-hotkey)) = 0.1.1 -Provides: bundled(npm(@types/jest)) = 23.3.14 +Provides: bundled(npm(@types/jest)) = 26.0.12 Provides: bundled(npm(@types/jquery)) = 3.3.38 Provides: bundled(npm(@types/jsurl)) = 1.2.28 Provides: bundled(npm(@types/lodash)) = 4.14.123 Provides: bundled(npm(@types/lru-cache)) = 5.1.0 -Provides: bundled(npm(@types/marked)) = 1.1.0 Provides: bundled(npm(@types/md5)) = 2.1.33 Provides: bundled(npm(@types/moment-timezone)) = 0.5.13 Provides: bundled(npm(@types/mousetrap)) = 1.6.3 Provides: bundled(npm(@types/node)) = 10.14.1 Provides: bundled(npm(@types/papaparse)) = 5.2.0 Provides: bundled(npm(@types/prismjs)) = 1.16.0 -Provides: bundled(npm(@types/react)) = 16.8.16 +Provides: bundled(npm(@types/react)) = 16.9.9 Provides: bundled(npm(@types/react-beautiful-dnd)) = 12.1.2 -Provides: bundled(npm(@types/react-dom)) = 16.8.4 -Provides: bundled(npm(@types/react-grid-layout)) = 0.16.7 +Provides: bundled(npm(@types/react-dom)) = 16.9.2 +Provides: bundled(npm(@types/react-grid-layout)) = 1.1.1 Provides: bundled(npm(@types/react-loadable)) = 5.5.2 Provides: bundled(npm(@types/react-redux)) = 7.1.7 Provides: bundled(npm(@types/react-select)) = 3.0.8 @@ -265,26 +296,25 @@ Provides: bundled(npm(@types/reselect)) = 2.2.0 Provides: bundled(npm(@types/slate)) = 0.47.1 Provides: bundled(npm(@types/slate-plain-serializer)) = 0.6.1 Provides: bundled(npm(@types/slate-react)) = 0.22.5 -Provides: bundled(npm(@types/sockjs-client)) = 1.1.1 -Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.9.2 +Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.9.5 Provides: bundled(npm(@types/testing-library__react-hooks)) = 3.1.0 Provides: bundled(npm(@types/tinycolor2)) = 1.4.1 Provides: bundled(npm(@types/uuid)) = 8.3.0 -Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 4.0.1 -Provides: bundled(npm(@typescript-eslint/parser)) = 4.0.1 +Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 4.15.0 +Provides: bundled(npm(@typescript-eslint/parser)) = 4.15.0 Provides: bundled(npm(@welldone-software/why-did-you-render)) = 4.0.6 +Provides: bundled(npm(@wojtekmaj/enzyme-adapter-react-17)) = 0.3.1 Provides: bundled(npm(abortcontroller-polyfill)) = 1.4.0 -Provides: bundled(npm(angular)) = 1.6.9 +Provides: bundled(npm(angular)) = 1.8.2 Provides: bundled(npm(angular-bindonce)) = 0.3.1 Provides: bundled(npm(angular-mocks)) = 1.6.6 -Provides: bundled(npm(angular-native-dragdrop)) = 1.2.2 -Provides: bundled(npm(angular-route)) = 1.6.6 -Provides: bundled(npm(angular-sanitize)) = 1.6.6 +Provides: bundled(npm(angular-route)) = 1.8.2 +Provides: bundled(npm(angular-sanitize)) = 1.8.2 Provides: bundled(npm(antlr4)) = 4.8.0 Provides: bundled(npm(autoprefixer)) = 9.7.4 -Provides: bundled(npm(axios)) = 0.19.0 +Provides: bundled(npm(axios)) = 0.21.1 Provides: bundled(npm(babel-core)) = 7.0.0-bridge.0 -Provides: bundled(npm(babel-jest)) = 24.8.0 +Provides: bundled(npm(babel-jest)) = 26.6.3 Provides: bundled(npm(babel-loader)) = 8.0.6 Provides: bundled(npm(babel-plugin-angularjs-annotate)) = 0.10.0 Provides: bundled(npm(baron)) = 3.0.3 @@ -296,43 +326,34 @@ Provides: bundled(npm(clean-webpack-plugin)) = 3.0.0 Provides: bundled(npm(clipboard)) = 2.0.4 Provides: bundled(npm(common-tags)) = 1.8.0 Provides: bundled(npm(core-js)) = 1.2.7 -Provides: bundled(npm(css-loader)) = 3.2.0 +Provides: bundled(npm(css-loader)) = 3.4.2 Provides: bundled(npm(d3)) = 5.15.0 +Provides: bundled(npm(d3-force)) = 1.2.1 Provides: bundled(npm(d3-scale-chromatic)) = 1.5.0 Provides: bundled(npm(dangerously-set-html-content)) = 1.0.6 +Provides: bundled(npm(debounce-promise)) = 3.1.2 Provides: bundled(npm(emotion)) = 10.0.27 Provides: bundled(npm(enzyme)) = 3.11.0 -Provides: bundled(npm(enzyme-adapter-react-16)) = 1.15.2 Provides: bundled(npm(enzyme-to-json)) = 3.4.4 +Provides: bundled(npm(es-abstract)) = 1.18.0-next.1 Provides: bundled(npm(es6-promise)) = 4.2.8 Provides: bundled(npm(es6-shim)) = 0.35.5 Provides: bundled(npm(eslint)) = 2.13.1 -Provides: bundled(npm(eslint-config-prettier)) = 6.11.0 -Provides: bundled(npm(eslint-plugin-jsdoc)) = 28.6.1 -Provides: bundled(npm(eslint-plugin-prettier)) = 3.1.4 -Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.0.5 +Provides: bundled(npm(eslint-config-prettier)) = 7.2.0 +Provides: bundled(npm(eslint-plugin-jsdoc)) = 31.6.1 +Provides: bundled(npm(eslint-plugin-no-only-tests)) = 2.4.0 +Provides: bundled(npm(eslint-plugin-prettier)) = 3.3.1 +Provides: bundled(npm(eslint-plugin-react)) = 7.22.0 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.2.0 Provides: bundled(npm(eventemitter3)) = 3.1.2 Provides: bundled(npm(expect.js)) = 0.3.1 Provides: bundled(npm(expose-loader)) = 0.7.5 Provides: bundled(npm(fast-text-encoding)) = 1.0.0 -Provides: bundled(npm(file-loader)) = 4.3.0 +Provides: bundled(npm(file-loader)) = 5.0.2 Provides: bundled(npm(file-saver)) = 2.0.2 Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 1.0.0 Provides: bundled(npm(gaze)) = 1.1.3 -Provides: bundled(npm(glob)) = 5.0.15 -Provides: bundled(npm(grunt)) = 1.0.4 -Provides: bundled(npm(grunt-angular-templates)) = 1.1.0 -Provides: bundled(npm(grunt-cli)) = 1.2.0 -Provides: bundled(npm(grunt-contrib-clean)) = 2.0.0 -Provides: bundled(npm(grunt-contrib-compress)) = 1.6.0 -Provides: bundled(npm(grunt-contrib-copy)) = 1.0.0 -Provides: bundled(npm(grunt-exec)) = 3.0.0 -Provides: bundled(npm(grunt-newer)) = 1.3.0 -Provides: bundled(npm(grunt-notify)) = 0.4.5 -Provides: bundled(npm(grunt-postcss)) = 0.9.0 -Provides: bundled(npm(grunt-sass-lint)) = 0.2.4 -Provides: bundled(npm(grunt-usemin)) = 3.1.1 -Provides: bundled(npm(grunt-webpack)) = 3.1.3 +Provides: bundled(npm(glob)) = 7.1.3 Provides: bundled(npm(hoist-non-react-statics)) = 2.5.5 Provides: bundled(npm(html-loader)) = 0.5.5 Provides: bundled(npm(html-webpack-harddisk-plugin)) = 1.0.1 @@ -340,17 +361,17 @@ Provides: bundled(npm(html-webpack-plugin)) = 3.2.0 Provides: bundled(npm(husky)) = 4.2.1 Provides: bundled(npm(immutable)) = 3.8.2 Provides: bundled(npm(is-hotkey)) = 0.1.4 -Provides: bundled(npm(jest)) = 25.5.4 -Provides: bundled(npm(jest-canvas-mock)) = 2.1.2 +Provides: bundled(npm(jest)) = 26.6.3 +Provides: bundled(npm(jest-canvas-mock)) = 2.3.0 Provides: bundled(npm(jest-date-mock)) = 1.0.8 -Provides: bundled(npm(jquery)) = 3.4.1 +Provides: bundled(npm(jest-matcher-utils)) = 26.0.0 +Provides: bundled(npm(jquery)) = 3.5.1 Provides: bundled(npm(jsurl)) = 0.1.5 -Provides: bundled(npm(lerna)) = 3.20.2 +Provides: bundled(npm(lerna)) = 3.22.1 Provides: bundled(npm(lint-staged)) = 10.0.7 Provides: bundled(npm(load-grunt-tasks)) = 5.1.0 -Provides: bundled(npm(lodash)) = 3.10.1 +Provides: bundled(npm(lodash)) = 4.17.21 Provides: bundled(npm(lru-cache)) = 4.1.5 -Provides: bundled(npm(marked)) = 0.3.19 Provides: bundled(npm(md5)) = 2.2.1 Provides: bundled(npm(memoize-one)) = 4.1.0 Provides: bundled(npm(mini-css-extract-plugin)) = 0.7.0 @@ -364,31 +385,32 @@ Provides: bundled(npm(mousetrap)) = 1.6.5 Provides: bundled(npm(mousetrap-global-bind)) = 1.1.0 Provides: bundled(npm(mutationobserver-shim)) = 0.3.3 Provides: bundled(npm(ngtemplate-loader)) = 2.0.1 -Provides: bundled(npm(node-sass)) = 4.13.1 Provides: bundled(npm(nodemon)) = 2.0.2 -Provides: bundled(npm(optimize-css-assets-webpack-plugin)) = 5.0.3 -Provides: bundled(npm(papaparse)) = 4.6.3 +Provides: bundled(npm(optimize-css-assets-webpack-plugin)) = 5.0.4 +Provides: bundled(npm(papaparse)) = 5.3.0 Provides: bundled(npm(postcss-browser-reporter)) = 0.6.0 Provides: bundled(npm(postcss-loader)) = 3.0.0 Provides: bundled(npm(postcss-reporter)) = 6.0.1 -Provides: bundled(npm(prettier)) = 1.18.2 -Provides: bundled(npm(prismjs)) = 1.17.1 +Provides: bundled(npm(prettier)) = 2.0.5 +Provides: bundled(npm(prismjs)) = 1.21.0 Provides: bundled(npm(prop-types)) = 15.7.2 Provides: bundled(npm(rc-cascader)) = 1.0.1 Provides: bundled(npm(re-resizable)) = 6.2.0 -Provides: bundled(npm(react)) = 16.10.2 -Provides: bundled(npm(react-dom)) = 16.10.2 -Provides: bundled(npm(react-grid-layout)) = 0.17.1 +Provides: bundled(npm(react)) = 16.13.1 +Provides: bundled(npm(react-beautiful-dnd)) = 13.0.0 +Provides: bundled(npm(react-dom)) = 17.0.1 +Provides: bundled(npm(react-grid-layout)) = 1.2.0 Provides: bundled(npm(react-highlight-words)) = 0.16.0 Provides: bundled(npm(react-hot-loader)) = 4.8.0 Provides: bundled(npm(react-loadable)) = 5.5.0 -Provides: bundled(npm(react-popper)) = 1.3.3 +Provides: bundled(npm(react-popper)) = 2.2.4 Provides: bundled(npm(react-redux)) = 7.2.0 Provides: bundled(npm(react-reverse-portal)) = 2.0.1 -Provides: bundled(npm(react-sizeme)) = 2.6.8 +Provides: bundled(npm(react-select-event)) = 5.1.0 +Provides: bundled(npm(react-sizeme)) = 2.6.12 Provides: bundled(npm(react-split-pane)) = 0.1.89 Provides: bundled(npm(react-test-renderer)) = 16.10.2 -Provides: bundled(npm(react-transition-group)) = 2.9.0 +Provides: bundled(npm(react-transition-group)) = 4.3.0 Provides: bundled(npm(react-use)) = 13.27.0 Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.2 Provides: bundled(npm(react-window)) = 1.8.5 @@ -403,29 +425,30 @@ Provides: bundled(npm(rimraf)) = 2.6.3 Provides: bundled(npm(rst2html)) = 1.0.4 Provides: bundled(npm(rxjs)) = 6.5.5 Provides: bundled(npm(rxjs-spy)) = 7.5.1 +Provides: bundled(npm(sass)) = 1.27.0 Provides: bundled(npm(sass-lint)) = 1.12.1 Provides: bundled(npm(sass-loader)) = 8.0.2 Provides: bundled(npm(search-query-parser)) = 1.5.4 Provides: bundled(npm(sinon)) = 8.1.1 Provides: bundled(npm(slate)) = 0.47.8 Provides: bundled(npm(slate-plain-serializer)) = 0.7.10 -Provides: bundled(npm(sockjs-client)) = 1.4.0 Provides: bundled(npm(style-loader)) = 1.1.3 -Provides: bundled(npm(terser-webpack-plugin)) = 1.4.1 +Provides: bundled(npm(terser-webpack-plugin)) = 1.4.5 Provides: bundled(npm(tether)) = 1.4.7 Provides: bundled(npm(tether-drop)) = 1.5.0 Provides: bundled(npm(tinycolor2)) = 1.4.1 -Provides: bundled(npm(ts-jest)) = 26.3.0 -Provides: bundled(npm(ts-node)) = 8.8.1 +Provides: bundled(npm(ts-jest)) = 26.4.4 +Provides: bundled(npm(ts-node)) = 9.0.0 Provides: bundled(npm(tslib)) = 1.10.0 Provides: bundled(npm(tti-polyfill)) = 0.2.2 -Provides: bundled(npm(typescript)) = 3.7.5 +Provides: bundled(npm(typescript)) = 3.9.7 Provides: bundled(npm(uuid)) = 3.3.3 -Provides: bundled(npm(webpack)) = 4.41.2 +Provides: bundled(npm(visjs-network)) = 4.25.0 +Provides: bundled(npm(webpack)) = 4.41.5 Provides: bundled(npm(webpack-bundle-analyzer)) = 3.6.0 Provides: bundled(npm(webpack-cleanup-plugin)) = 0.5.1 Provides: bundled(npm(webpack-cli)) = 3.3.10 -Provides: bundled(npm(webpack-dev-server)) = 3.10.3 +Provides: bundled(npm(webpack-dev-server)) = 3.11.1 Provides: bundled(npm(webpack-merge)) = 4.2.2 Provides: bundled(npm(whatwg-fetch)) = 3.0.0 Provides: bundled(npm(zone.js)) = 0.7.8 @@ -454,8 +477,12 @@ rm -r plugins-bundled %endif %patch5 -p1 %patch6 -p1 -%patch7 -p1 %patch8 -p1 +%patch9 -p1 +%if %{enable_fips_mode} +%patch10 -p1 +%endif +%patch11 -p1 # Set up build subdirs and links mkdir -p %{_builddir}/src/github.com/grafana @@ -571,7 +598,7 @@ chmod 640 %{_sysconfdir}/%{name}/ldap.toml %check # Test frontend %if %{compile_frontend} -yarn test +node_modules/.bin/jest %endif # Test backend @@ -585,6 +612,9 @@ export TZ=GMT %gotest ./pkg/... +%if %{enable_fips_mode} +GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption +%endif %files # binaries and wrappers @@ -631,9 +661,29 @@ export TZ=GMT %changelog -* Wed Oct 06 2021 Andreas Gerstmayr 7.3.6-3 +* Wed Oct 06 2021 Andreas Gerstmayr 7.5.9-4 - resolve CVE-2021-39226 -- resolve CVE-2021-27358 + +* Mon Aug 16 2021 Andreas Gerstmayr 7.5.9-3 +- rebuild to resolve CVE-2021-34558 + +* Thu Jul 08 2021 Andreas Gerstmayr 7.5.9-2 +- remove unused dependency property-information +- always include FIPS patch in SRPM + +* Fri Jun 25 2021 Andreas Gerstmayr 7.5.9-1 +- update to 7.5.9 tagged upstream community sources, see CHANGELOG + +* Mon Jun 21 2021 Andreas Gerstmayr 7.5.8-1 +- update to 7.5.8 tagged upstream community sources, see CHANGELOG +- remove unused dependencies selfsigned, http-signature and gofpdf + +* Fri Jun 11 2021 Andreas Gerstmayr 7.5.7-2 +- remove unused cryptographic implementations +- use cryptographic functions from OpenSSL if FIPS mode is enabled + +* Tue May 25 2021 Andreas Gerstmayr 7.5.7-1 +- update to 7.5.7 tagged upstream community sources, see CHANGELOG * Fri Jan 22 2021 Andreas Gerstmayr 7.3.6-2 - change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083)