Thu, 01 Dec 2022 04:44:56 UTC

Information for build grafana-7.5.15-4.el8

ID23020
Package Namegrafana
Version7.5.15
Release4.el8
Epoch
Sourcegit+https://git.centos.org/rpms/grafana#14d768e3b2b9a95bead43b8a8ee4dd72496abddc
SummaryMetrics dashboard and graph editor
DescriptionGrafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Built bymbox_admin
State failed
Volume DEFAULT
StartedWed, 30 Nov 2022 09:05:52 UTC
CompletedWed, 30 Nov 2022 09:07:42 UTC
Taskbuild (dist-c8-stream, /rpms/grafana:imports/c8s/grafana-7.5.15-4.el8)
Extra{'source': {'original_url': 'git+https://git.centos.org/rpms/grafana?#imports/c8s/grafana-7.5.15-4.el8'}}
Tags No tags
RPMs No RPMs
Changelog * Mon Oct 31 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-4 - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY - resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps - resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters - run integration tests in check phase - update FIPS patch with latest changes in Go packaging * Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3 - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * Wed Jul 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2 - resolve CVE-2022-31107 grafana: OAuth account takeover * Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1 - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible * Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2 - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files * Mon Oct 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-1 - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 * Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1 - update to 7.5.10 tagged upstream community sources, see CHANGELOG * Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-3 - rebuild to resolve CVE-2021-34558 * Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2 - remove unused dependency property-information - always include FIPS patch in SRPM * Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1 - update to 7.5.9 tagged upstream community sources, see CHANGELOG * Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1 - update to 7.5.8 tagged upstream community sources, see CHANGELOG - remove unused dependencies selfsigned, http-signature and gofpdf * Fri Jun 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-2 - remove unused cryptographic implementations - use cryptographic functions from OpenSSL if FIPS mode is enabled * Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1 - update to 7.5.7 tagged upstream community sources, see CHANGELOG * Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-2 - change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083) - add pcp-redis-datasource to allow_loading_unsigned_plugins config option * Mon Dec 21 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-1 - update to 7.3.6 tagged upstream community sources, see CHANGELOG - remove dependency on SAML (not supported in the open source version of Grafana) * Wed Nov 25 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.4-1 - update to 7.3.4 tagged upstream community sources, see CHANGELOG - bundle golang dependencies - optionally bundle node.js dependencies and build and test frontend as part of the specfile - merge all datasources into main grafana package - change default provisioning path to /etc/grafana/provisioning - resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170 * Thu Aug 20 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-3 - apply patch for CVE-2020-13430 also to sources, not only to compiled webpack * Wed Aug 19 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-2 - security fix for CVE-2020-13430 * Fri Jun 05 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-1 - update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379 * Tue Apr 28 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.3-1 - update to 6.7.3 tagged upstream community sources, see CHANGELOG - add scripts to list Go dependencies and bundled npmjs dependencies - set Grafana version in Grafana UI and grafana-cli --version - declare README.md as documentation of datasource plugins - create grafana.db on first installation (fixes RH BZ #1805472) - change permissions of /var/lib/grafana to 750 (CVE-2020-12458) - change permissions of /var/lib/grafana/grafana.db to 640 and user/group grafana:grafana (CVE-2020-12458) - change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459) * Wed Feb 26 2020 Mark Goodwin <mgoodwin@redhat.com> 6.6.2-1 - added patch0 to set the version string correctly - removed patch 004-xerrors.patch, it's now upstream - added several patches for golang vendored vrs build dep differences - added patch to move grafana-cli binary to libexec dir - update to 6.6.2 tagged upstream community sources, see CHANGELOG * Wed Nov 20 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.6-1 - add weak depenency on grafana-pcp - add patch to mute shellcheck SC1090 for grafana-cli - update to 6.3.6 upstream community sources, see CHANGELOG * Thu Sep 05 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.5-1 - drop uaparser patch now it's upstream - add xerrors patch, see https://github.com/golang/go/issues/32246 - use vendor sources on rawhide until modules are fully supported - update to latest upstream community sources, see CHANGELOG * Fri Aug 30 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.4-1 - include fix for CVE-2019-15043 - add patch for uaparser on 32bit systems - update to latest upstream community sources, see CHANGELOG * Wed Jul 31 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.5-1 - update to latest upstream community sources, see CHANGELOG * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Jun 07 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.2-1 - split out some datasource plugins to sub-packages - update to latest upstream community sources, see CHANGELOG * Wed Jun 05 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.1-1 - update to latest upstream community sources, see CHANGELOG * Fri May 24 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.0-1 - update to latest upstream community sources - drop a couple of patches * Wed May 08 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.6-2 - add conditional unbundle_vendor_sources macro * Tue Apr 30 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.6-1 - update to latest upstream stable release 6.1.6, see CHANGELOG - includes jQuery 3.4.0 security update * Wed Apr 24 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.4-1 - update to latest upstream stable release 6.1.4, see CHANGELOG - use gobuild and gochecks macros, eliminate arch symlinks - re-enable grafana-debugsource package - fix GRAFANA_GROUP typo - fix more modes for brp-mangle-shebangs - vendor source unbundling now done in prep after patches - remove all rhel and fedora conditional guff * Tue Apr 16 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.3-1 - update to latest upstream stable release 6.1.3, see CHANGELOG - unbundle all vendor sources, replace with BuildRequires, see the long list of blocker BZs linked to BZ#1670656 - BuildRequires go-plugin >= v1.0.0 for grpc_broker (thanks eclipseo) - tweak make_webpack to no longer use grunt, switch to prod build - add ExclusiveArch lua script (thanks quantum.analyst) - move db directory and plugins to /var/lib/grafana - split out into 6 patches, ready for upstream PRs - add check to run go tests for gating checks * Thu Apr 04 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.0-1 - update to latest upstream stable release 6.1.0, see CHANGELOG * Thu Mar 21 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.2-1 - bump to latest upstream stable release 6.0.2-1 - unbundle almost all remaining vendor code, see linked blockers in BZ#1670656 * Fri Mar 15 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-3 - bump to latest upstream stable release 6.0.1-1 * Thu Mar 14 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-2 - unbundle and add BuildRequires for golang-github-rainycape-unidecode-devel * Thu Mar 07 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-1 - update to v6.0.1 upstream sources, tweak distro config, re-do patch - simplify make_webpack.sh script (Elliott Sales de Andrade) - vendor/github.com/go-ldap is now gone, so don't unbundle it * Thu Mar 07 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-11 - tweak after latest feedback, bump to 5.4.3-11 (BZ 1670656) - build debuginfo package again - unbundle BuildRequires for golang-github-hashicorp-version-devel - remove some unneeded development files - remove macros from changelog and other rpmlint tweaks * Fri Feb 22 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-10 - tweak spec for available and unavailable (bundled) golang packages * Wed Feb 20 2019 Xavier Bachelot <xavier@bachelot.org> 5.4.3-9 - Remove extraneous slash (cosmetic) - Create directories just before moving stuff in them - Truncate long lines - Group all golang stuff - Simplify BuildRequires/bundled Provides - Sort BuildRequires/bundled Provides - Fix bundled go packages Provides * Fri Feb 15 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-8 - add BuildRequires (and unbundle) vendor sources available in Fedora - declare Provides for remaining (bundled) vendor go sources - do not attempt to unbundle anything on RHEL < 7 or Fedora < 28 * Thu Feb 07 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-7 - further refinement for spec doc section from Xavier Bachelot - disable debug_package to avoid empty debugsourcefiles.list * Wed Feb 06 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-6 - further refinement following review by Xavier Bachelot * Tue Feb 05 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-5 - further refinement following review by Xavier Bachelot * Fri Feb 01 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-4 - further spec updates after packaging review - reworked post-install scriplets * Thu Jan 31 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-3 - tweak FHS patch, update spec after packaging review * Wed Jan 30 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-2 - add patch to be standard FHS compliant, remove phantomjs - update to v5.4.3 upstream community sources * Wed Jan 09 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.2-1 - update to v5.4.2 upstream community sources * Thu Oct 18 2018 Mark Goodwin <mgoodwin@redhat.com> 5.3.1-1 - update to v5.3.1 upstream community sources * Tue Oct 02 2018 Mark Goodwin <mgoodwin@redhat.com> 5.2.5-1 - native RPM spec build with current tagged v5.2.5 sources