Created attachment 238444 [details] grafana9.diff Update to 9.2.7. Changelog: https://github.com/grafana/grafana/releases/tag/v9.2.7 Fixes high severity security vulnerability: CVE-2022-31097
Created attachment 238445 [details] vuxml.diff vuxml: CVE-2022-31097 update
Created attachment 238446 [details] vuxml.diff
^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval. -- Attachment -> Details -> maintainer-approval [+] Thanks! Also, thanks for the vuxml entry.
Comment on attachment 238444 [details] grafana9.diff (In reply to Fernando Apesteguía from comment #3) In bug #266872 Nuno Teixeira informed me: there was no need to set approval since it was implicit when submitter was a maintainer.
(In reply to Boris Korzun from comment #4) maintainer-feedback != maintainer-approval :-) If you are the maintainer you don't set maintainer-feedback unless someone requests it first, but you should always set maintainer-approval in the *attachments*.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=88270fe5a24f6286e7c774be0fa8825ee47981a6 commit 88270fe5a24f6286e7c774be0fa8825ee47981a6 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-11-30 17:40:01 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-12-01 11:27:47 +0000 www/grafana9: Update to 9.2.7 (CVE-2022-31097) ChangeLog: https://grafana.com/blog/2022/11/29/grafana-security-release-new-versions-with-high-severity-security-fix-for-cve-2022-31097/ PR: 268078 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2022Q4 (security release) Security: CVE-2022-31097 www/grafana9/Makefile | 4 ++-- www/grafana9/distinfo | 14 +++++++------- www/grafana9/pkg-plist | 52 +++++++++++++++++++++++++------------------------- 3 files changed, 35 insertions(+), 35 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f5c4812fa522a84ac4a8ee11ae012024f7f09351 commit f5c4812fa522a84ac4a8ee11ae012024f7f09351 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2022-12-01 11:26:10 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-12-01 11:28:32 +0000 security/vuxml: Record grafana9 vulnerability. Add privilege escalation for CVE-2022-31097. PR: 268078 security/vuxml/vuln/2022.xml | 2 ++ 1 file changed, 2 insertions(+)
Committed, Thanks!
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=fb9fa86fb245e89ca5074b9bfa0c1c774b232d92 commit fb9fa86fb245e89ca5074b9bfa0c1c774b232d92 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-11-30 17:40:01 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-12-01 11:32:35 +0000 www/grafana9: Update to 9.2.7 (CVE-2022-31097) ChangeLog: https://grafana.com/blog/2022/11/29/grafana-security-release-new-versions-with-high-severity-security-fix-for-cve-2022-31097/ PR: 268078 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2022Q4 (security release) Security: CVE-2022-31097 (cherry picked from commit 88270fe5a24f6286e7c774be0fa8825ee47981a6) www/grafana9/Makefile | 4 ++-- www/grafana9/distinfo | 14 +++++++------- www/grafana9/pkg-plist | 50 +++++++++++++++++++++++++++----------------------- 3 files changed, 36 insertions(+), 32 deletions(-)
Created attachment 238568 [details] pkg-plist.diff (In reply to commit-hook from comment #9) You've forgot to cherry-pick pkg-plist from previous commit to 2022Q4. Building 9.2.7 in 2022Q4 is failed. Can you commit a proposal patch?
Ping! Please fix by committing the patch. https://pkg-status.freebsd.org/beefy4/data/123i386-quarterly/c62aeba74957/logs/grafana9-9.2.7.log
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8e65e399fff101c33bd5389235dd61643e142b95 commit 8e65e399fff101c33bd5389235dd61643e142b95 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2022-12-23 15:48:16 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2022-12-23 15:48:16 +0000 www/grafana9: Fix plist PR: 268078 www/grafana9/pkg-plist | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-)