259638 – www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

Bug 259638 - www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

Summary: www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Xin LI

URL:	https://grafana.com/docs/grafana/late...
Keywords:	security

Depends on:
Blocks:

Reported:	2021-11-04 07:49 UTC by Boris Korzun
Modified:	2021-12-12 00:49 UTC (History)
CC List:	6 users (show)

See Also:

Flags:	drtr0jan: maintainer-feedback+ ronald-lists: merge-quarterly?

Attachments
grafana8.diff (166.32 KB, patch) 2021-11-04 07:49 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
vuxml.diff (2.88 KB, patch) 2021-11-17 12:28 UTC, Boris Korzun	no flags	Details \| Diff
grafana8.diff (166.77 KB, patch) 2021-11-18 11:44 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
vuxml.diff (4.06 KB, patch) 2021-11-18 11:44 UTC, Boris Korzun	no flags	Details \| Diff
grafana8.diff (167.64 KB, patch) 2021-11-18 13:28 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
grafana8.diff (167.66 KB, patch) 2021-12-02 21:37 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
grafana8.diff (167.66 KB, patch) 2021-12-08 09:32 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
vuxml.diff (8.23 KB, patch) 2021-12-08 09:32 UTC, Boris Korzun	drtr0jan: maintainer-approval?	Details \| Diff
Show Obsolete (6) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Boris Korzun 2021-11-04 07:49:36 UTC

Created attachment 229261 [details]
grafana8.diff

Update to 8.2.3.

Changelog:
* https://github.com/grafana/grafana/releases/tag/v8.2.0
* https://github.com/grafana/grafana/releases/tag/v8.2.1
* https://github.com/grafana/grafana/releases/tag/v8.2.2

Comment 1 Boris Korzun 2021-11-17 12:28:15 UTC

Created attachment 229549 [details]
vuxml.diff

Comment 2 Boris Korzun 2021-11-18 11:44:19 UTC

Created attachment 229570 [details]
grafana8.diff

Update to 8.2.4.

Comment 3 Boris Korzun 2021-11-18 11:44:58 UTC

Created attachment 229571 [details]
vuxml.diff

Comment 4 Boris Korzun 2021-11-18 13:28:14 UTC

Created attachment 229575 [details]
grafana8.diff

Comment 5 Ronald Klop 2021-11-30 11:33:14 UTC

I think this PR needs the keyword "security".

Comment 6 Boris Korzun 2021-12-02 21:37:44 UTC

Created attachment 229850 [details]
grafana8.diff

Update to 8.2.6

Changelog:
* Bugfix: TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.

Comment 7 Mitja 2021-12-07 20:29:40 UTC

Since there is already 8.3 release out, when is 8.2 going to be updated?

Comment 8 Boris Korzun 2021-12-08 09:32:03 UTC

Created attachment 229973 [details]
grafana8.diff

Update to 8.2.7.

Changelog:
* Security: Fixes CVE-2021-43798.

Comment 9 Boris Korzun 2021-12-08 09:32:49 UTC

Created attachment 229974 [details]
vuxml.diff

Comment 10 Guangyuan Yang freebsd_committer

2021-12-08 18:11:23 UTC

Thanks, and sorry for the long wait! It all looks good to me, except for moving "MASTER_SITES+=" and "DISTFILES+=" into Makefile.modules. Why do we need to do that? IMO it is more explicit the original way, and I think we should keep that.

Comment 11 Boris Korzun 2021-12-08 19:17:00 UTC

(In reply to Guangyuan Yang from comment #10)
Not all "MASTER_SITES+=" and "DISTFILES+=" are moved into Makefile.modules, module-depended (from go.mod: xorm.io/builder, core and xorm) only.

Main "MASTER_SITES+=" and "DISTFILES+=" (https://dl.grafana.com/oss/release/:public) are left in main Makefile.

Comment 12 commit-hook freebsd_committer

2021-12-12 00:36:59 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9e29bc87e91191f9fccb9428fdbcca83fa87a64e

commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-11 22:59:21 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:35:26 +0000

    www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

    PR:             ports/259638
    MFH:            2021Q4

 www/grafana8/Makefile         |  64 ++--
 www/grafana8/Makefile.modules | 135 ++++----
 www/grafana8/distinfo         | 238 +++++++-------
 www/grafana8/pkg-plist        | 741 +++++++++++++++++++++++++++++++++---------
 4 files changed, 815 insertions(+), 363 deletions(-)

Comment 13 commit-hook freebsd_committer

2021-12-12 00:37:01 UTC

A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb

commit 21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-11 22:59:21 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:36:32 +0000

    www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

    PR:             ports/259638
    (cherry picked from commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e)

 www/grafana8/Makefile         |  64 ++--
 www/grafana8/Makefile.modules | 135 ++++----
 www/grafana8/distinfo         | 238 +++++++-------
 www/grafana8/pkg-plist        | 741 +++++++++++++++++++++++++++++++++---------
 4 files changed, 815 insertions(+), 363 deletions(-)

Comment 14 commit-hook freebsd_committer

2021-12-12 00:47:04 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=615d6690d65cd096a7a602276f7ebef7615342eb

commit 615d6690d65cd096a7a602276f7ebef7615342eb
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-12 00:41:30 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:46:03 +0000

    security/vuxml: Document multiple vulnerabilities of grafana8

    PR:             ports/259638

 security/vuxml/vuln-2021.xml | 144 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 144 insertions(+)