Summary: | www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities) | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Boris Korzun <drtr0jan> | ||||||||||||||||||
Component: | Individual Port(s) | Assignee: | Xin LI <delphij> | ||||||||||||||||||
Status: | Closed FIXED | ||||||||||||||||||||
Severity: | Affects Some People | CC: | delphij, freebsdbugs, mitja.podlogar, ports-secteam, ronald-lists, ygy | ||||||||||||||||||
Priority: | --- | Keywords: | security | ||||||||||||||||||
Version: | Latest | Flags: | drtr0jan:
maintainer-feedback+
ronald-lists: merge-quarterly? |
||||||||||||||||||
Hardware: | Any | ||||||||||||||||||||
OS: | Any | ||||||||||||||||||||
URL: | https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v8-2/ | ||||||||||||||||||||
Attachments: |
|
Description
Boris Korzun
2021-11-04 07:49:36 UTC
Created attachment 229549 [details]
vuxml.diff
Created attachment 229570 [details]
grafana8.diff
Update to 8.2.4.
Created attachment 229571 [details]
vuxml.diff
Created attachment 229575 [details]
grafana8.diff
I think this PR needs the keyword "security". Created attachment 229850 [details]
grafana8.diff
Update to 8.2.6
Changelog:
* Bugfix: TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
Since there is already 8.3 release out, when is 8.2 going to be updated? Created attachment 229973 [details]
grafana8.diff
Update to 8.2.7.
Changelog:
* Security: Fixes CVE-2021-43798.
Created attachment 229974 [details]
vuxml.diff
Thanks, and sorry for the long wait! It all looks good to me, except for moving "MASTER_SITES+=" and "DISTFILES+=" into Makefile.modules. Why do we need to do that? IMO it is more explicit the original way, and I think we should keep that. (In reply to Guangyuan Yang from comment #10) Not all "MASTER_SITES+=" and "DISTFILES+=" are moved into Makefile.modules, module-depended (from go.mod: xorm.io/builder, core and xorm) only. Main "MASTER_SITES+=" and "DISTFILES+=" (https://dl.grafana.com/oss/release/:public) are left in main Makefile. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9e29bc87e91191f9fccb9428fdbcca83fa87a64e commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-12-11 22:59:21 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2021-12-12 00:35:26 +0000 www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities) PR: ports/259638 MFH: 2021Q4 www/grafana8/Makefile | 64 ++-- www/grafana8/Makefile.modules | 135 ++++---- www/grafana8/distinfo | 238 +++++++------- www/grafana8/pkg-plist | 741 +++++++++++++++++++++++++++++++++--------- 4 files changed, 815 insertions(+), 363 deletions(-) A commit in branch 2021Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb commit 21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-12-11 22:59:21 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2021-12-12 00:36:32 +0000 www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities) PR: ports/259638 (cherry picked from commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e) www/grafana8/Makefile | 64 ++-- www/grafana8/Makefile.modules | 135 ++++---- www/grafana8/distinfo | 238 +++++++------- www/grafana8/pkg-plist | 741 +++++++++++++++++++++++++++++++++--------- 4 files changed, 815 insertions(+), 363 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=615d6690d65cd096a7a602276f7ebef7615342eb commit 615d6690d65cd096a7a602276f7ebef7615342eb Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-12-12 00:41:30 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2021-12-12 00:46:03 +0000 security/vuxml: Document multiple vulnerabilities of grafana8 PR: ports/259638 security/vuxml/vuln-2021.xml | 144 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) |