259597 – www/grafana7: Update to 7.5.11 (Fixes Security Vulnerability)

Bug 259597 - www/grafana7: Update to 7.5.11 (Fixes Security Vulnerability)

Summary: www/grafana7: Update to 7.5.11 (Fixes Security Vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Guangyuan Yang

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2021-11-01 15:41 UTC by Xander
Modified:	2021-11-25 23:46 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	ygy: maintainer-feedback- ygy: merge-quarterly+

Attachments
Update to Grafana 7.5.11 (2.08 KB, patch) 2021-11-01 15:41 UTC, Xander	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xander 2021-11-01 15:41:09 UTC

Created attachment 229200 [details]
Update to Grafana 7.5.11

Changelog:
 * Security: Fixes CVE-2021-39226. For more information, see our blog ( https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ )

Comment 1 Xander 2021-11-01 15:44:38 UTC

See also bug #258962 (grafana8)

Comment 2 Guangyuan Yang freebsd_committer

2021-11-25 19:30:31 UTC

security/vuxml entry is needed for the security vulnerability. Also, could you please set your name at https://bugs.freebsd.org/bugzilla/userprefs.cgi?tab=account ?

Comment 3 Xander 2021-11-25 19:40:55 UTC

(In reply to Guangyuan Yang from comment #2)

vuxml was already teken care of in https://cgit.freebsd.org/ports/commit/?id=e2ee21b6d9e95f4daacef5b04106bfda93897e0f (from bug #258962)

Comment 4 Guangyuan Yang freebsd_committer

2021-11-25 19:52:15 UTC

Thanks, I will take it from here.

Comment 5 commit-hook freebsd_committer

2021-11-25 20:56:11 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=09c1162b8dd0e293c93ff2a2a81b2d54b57729e3

commit 09c1162b8dd0e293c93ff2a2a81b2d54b57729e3
Author:     Xander <xj.dropbox+freebsd@gmail.com>
AuthorDate: 2021-11-25 20:51:18 +0000
Commit:     Guangyuan Yang <ygy@FreeBSD.org>
CommitDate: 2021-11-25 20:51:18 +0000

    www/grafana7: Update to 7.5.11

    Changelog:      https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/

    PR:             259597
    MFH:            2021Q4 (security)
    Security:       757ee63b-269a-11ec-a616-6c3be5272acd

 www/grafana7/Makefile |  4 ++--
 www/grafana7/distinfo | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

Comment 6 commit-hook freebsd_committer

2021-11-25 21:09:15 UTC

A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=aab451524e516da6de38e7955a1c6015f355318d

commit aab451524e516da6de38e7955a1c6015f355318d
Author:     Xander <xj.dropbox+freebsd@gmail.com>
AuthorDate: 2021-11-25 20:51:18 +0000
Commit:     Guangyuan Yang <ygy@FreeBSD.org>
CommitDate: 2021-11-25 21:03:25 +0000

    www/grafana7: Update to 7.5.11

    Changelog:      https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/

    PR:             259597
    MFH:            2021Q4 (security)
    Security:       757ee63b-269a-11ec-a616-6c3be5272acd
    (cherry picked from commit 09c1162b8dd0e293c93ff2a2a81b2d54b57729e3)

 www/grafana7/Makefile |  4 ++--
 www/grafana7/distinfo | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

Comment 7 Guangyuan Yang freebsd_committer

2021-11-25 21:30:04 UTC

Also:

Approved by: maintainer (timeout, > 3 weeks)

Thanks!