277631 – www/grafana: Update to 10.4.1 and 9.5.17 (Fixes security vulnerability)

Bug 277631 - www/grafana: Update to 10.4.1 and 9.5.17 (Fixes security vulnerability)

Summary: www/grafana: Update to 10.4.1 and 9.5.17 (Fixes security vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Matthew Seaman

URL:	https://grafana.com/blog/2024/03/06/g...
Keywords:	security

Depends on:
Blocks:

Reported:	2024-03-11 15:04 UTC by Boris Korzun
Modified:	2024-03-26 17:52 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	drtr0jan: merge-quarterly?

Attachments
grafana.patch (2.61 KB, patch) 2024-03-11 15:04 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
grafana9.patch (2.17 KB, patch) 2024-03-11 15:04 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
vuxml.patch (3.12 KB, patch) 2024-03-11 15:05 UTC, Boris Korzun	drtr0jan: maintainer-approval? (ports-secteam)	Details \| Diff
grafana.patch (2.61 KB, patch) 2024-03-26 07:42 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Boris Korzun 2024-03-11 15:04:14 UTC

Created attachment 249092 [details]
grafana.patch

Update to 10.4.0

What's new: https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v10-4
Changelog: https://github.com/grafana/grafana/releases/tag/v10.4.0

Comment 1 Boris Korzun 2024-03-11 15:04:52 UTC

Created attachment 249093 [details]
grafana9.patch

Update to 9.5.17

Changelog: https://github.com/grafana/grafana/releases/tag/v9.5.17

Comment 2 Boris Korzun 2024-03-11 15:05:25 UTC

Created attachment 249094 [details]
vuxml.patch

Comment 3 Boris Korzun 2024-03-26 07:42:59 UTC

Created attachment 249491 [details]
grafana.patch

Update to 10.4.1

What's new: https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v10-4
Changelog: https://github.com/grafana/grafana/releases/tag/v10.4.1

Comment 4 commit-hook freebsd_committer

2024-03-26 17:29:16 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ae0d29991bd190d8526ca001ab7cda10876a4e40

commit ae0d29991bd190d8526ca001ab7cda10876a4e40
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2024-03-26 17:04:56 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:27:48 +0000

    security/vuxml: Add www/grafana and www/grafana9 data sourceprivilege escalation

    PR:     277631

 security/vuxml/vuln/2024.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

Comment 5 commit-hook freebsd_committer

2024-03-26 17:29:17 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=def7702e93614d140559aa1392ab4ce06acd1697

commit def7702e93614d140559aa1392ab4ce06acd1697
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2024-03-26 17:24:57 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:27:48 +0000

    www/grafana9: security update to 9.5.17

    PR:             277631
    Changes:        https://github.com/grafana/grafana/releases/tag/v9.5.17
    Security:       6d31ef38-df85-11ee-abf1-6c3be5272acd

 www/grafana9/Makefile |  5 ++---
 www/grafana9/distinfo | 14 +++++++-------
 2 files changed, 9 insertions(+), 10 deletions(-)

Comment 6 commit-hook freebsd_committer

2024-03-26 17:29:18 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1c0aa3ad5cb801ded221847433d9b53292b4f61e

commit 1c0aa3ad5cb801ded221847433d9b53292b4f61e
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2024-03-26 17:18:06 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:27:48 +0000

    www/grafana: security update to 10.4.1

    Changes:        https://github.com/grafana/grafana/releases/tag/v10.4.0
    Changes:        https://github.com/grafana/grafana/releases/tag/v10.4.1
    Release Notes:  https://grafana.com/blog/2024/03/06/grafana-10.4-release-all-the-latest-features/
    PR:             277631
    Security:       6d31ef38-df85-11ee-abf1-6c3be5272acd

 www/grafana/Makefile |  5 ++---
 www/grafana/distinfo | 18 +++++++++---------
 2 files changed, 11 insertions(+), 12 deletions(-)

Comment 7 commit-hook freebsd_committer

2024-03-26 17:29:19 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dafc8e2df44589b585f441b2182eba11843a30e5

commit dafc8e2df44589b585f441b2182eba11843a30e5
Author:     Matthew Seaman <matthew@FreeBSD.org>
AuthorDate: 2024-03-26 17:11:48 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:27:48 +0000

    security/vuxml: Remove references to non-existent package.

    There never was a grafana10 package.  Initially there was www/grafana
    providing grafana-8.x.  Then a www/grafana9 port was added providing
    grafana-9.x.  The www/grafana port was subsequently obsoleted, and
    then revived, now providing grafana-10.x.  I believe the idea is that
    going forwards, www/grafana will provide the latest stable release
    version and there may be numbered ports for older major versions.

    PR:     277631

 security/vuxml/vuln/2024.xml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

Comment 8 commit-hook freebsd_committer

2024-03-26 17:48:22 UTC

A commit in branch 2024Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cf64d012bc71021bb7dca8da6bb2572b2d7cc71b

commit cf64d012bc71021bb7dca8da6bb2572b2d7cc71b
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2024-03-26 17:24:57 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:47:30 +0000

    www/grafana9: security update to 9.5.17

    PR:             277631
    Changes:        https://github.com/grafana/grafana/releases/tag/v9.5.17
    Security:       6d31ef38-df85-11ee-abf1-6c3be5272acd
    (cherry picked from commit def7702e93614d140559aa1392ab4ce06acd1697)

 www/grafana9/Makefile |  4 ++--
 www/grafana9/distinfo | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

Comment 9 commit-hook freebsd_committer

2024-03-26 17:50:23 UTC

A commit in branch 2024Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f9e7c6d8345c4dfd278c30fbcb1e65c6f6cb3018

commit f9e7c6d8345c4dfd278c30fbcb1e65c6f6cb3018
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2024-03-26 17:18:06 +0000
Commit:     Matthew Seaman <matthew@FreeBSD.org>
CommitDate: 2024-03-26 17:49:08 +0000

    www/grafana: security update to 10.4.1

    Changes:        https://github.com/grafana/grafana/releases/tag/v10.4.0
    Changes:        https://github.com/grafana/grafana/releases/tag/v10.4.1
    Release Notes:  https://grafana.com/blog/2024/03/06/grafana-10.4-release-all-the-latest-features/
    PR:             277631
    Security:       6d31ef38-df85-11ee-abf1-6c3be5272acd

    (cherry picked from commit 1c0aa3ad5cb801ded221847433d9b53292b4f61e)

 www/grafana/Makefile |  5 ++---
 www/grafana/distinfo | 18 +++++++++---------
 2 files changed, 11 insertions(+), 12 deletions(-)

Comment 10 Matthew Seaman freebsd_committer

2024-03-26 17:52:25 UTC

Committed, thanks!