Bug 259638 - www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)
Summary: www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Xin LI
URL: https://grafana.com/docs/grafana/late...
Keywords: security
Depends on:
Blocks:
 
Reported: 2021-11-04 07:49 UTC by Boris Korzun
Modified: 2021-12-12 00:49 UTC (History)
6 users (show)

See Also:
drtr0jan: maintainer-feedback+
ronald-lists: merge-quarterly?


Attachments
grafana8.diff (166.32 KB, patch)
2021-11-04 07:49 UTC, Boris Korzun
drtr0jan: maintainer-approval+
Details | Diff
vuxml.diff (2.88 KB, patch)
2021-11-17 12:28 UTC, Boris Korzun
no flags Details | Diff
grafana8.diff (166.77 KB, patch)
2021-11-18 11:44 UTC, Boris Korzun
drtr0jan: maintainer-approval+
Details | Diff
vuxml.diff (4.06 KB, patch)
2021-11-18 11:44 UTC, Boris Korzun
no flags Details | Diff
grafana8.diff (167.64 KB, patch)
2021-11-18 13:28 UTC, Boris Korzun
drtr0jan: maintainer-approval+
Details | Diff
grafana8.diff (167.66 KB, patch)
2021-12-02 21:37 UTC, Boris Korzun
drtr0jan: maintainer-approval+
Details | Diff
grafana8.diff (167.66 KB, patch)
2021-12-08 09:32 UTC, Boris Korzun
drtr0jan: maintainer-approval+
Details | Diff
vuxml.diff (8.23 KB, patch)
2021-12-08 09:32 UTC, Boris Korzun
drtr0jan: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Boris Korzun 2021-11-17 12:28:15 UTC
Created attachment 229549 [details]
vuxml.diff
Comment 2 Boris Korzun 2021-11-18 11:44:19 UTC
Created attachment 229570 [details]
grafana8.diff

Update to 8.2.4.
Comment 3 Boris Korzun 2021-11-18 11:44:58 UTC
Created attachment 229571 [details]
vuxml.diff
Comment 4 Boris Korzun 2021-11-18 13:28:14 UTC
Created attachment 229575 [details]
grafana8.diff
Comment 5 Ronald Klop 2021-11-30 11:33:14 UTC
I think this PR needs the keyword "security".
Comment 6 Boris Korzun 2021-12-02 21:37:44 UTC
Created attachment 229850 [details]
grafana8.diff

Update to 8.2.6

Changelog:
* Bugfix: TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
Comment 7 Mitja 2021-12-07 20:29:40 UTC
Since there is already 8.3 release out, when is 8.2 going to be updated?
Comment 8 Boris Korzun 2021-12-08 09:32:03 UTC
Created attachment 229973 [details]
grafana8.diff

Update to 8.2.7.

Changelog:
* Security: Fixes CVE-2021-43798.
Comment 9 Boris Korzun 2021-12-08 09:32:49 UTC
Created attachment 229974 [details]
vuxml.diff
Comment 10 Guangyuan Yang freebsd_committer 2021-12-08 18:11:23 UTC
Thanks, and sorry for the long wait! It all looks good to me, except for moving "MASTER_SITES+=" and "DISTFILES+=" into Makefile.modules. Why do we need to do that? IMO it is more explicit the original way, and I think we should keep that.
Comment 11 Boris Korzun 2021-12-08 19:17:00 UTC
(In reply to Guangyuan Yang from comment #10)
Not all "MASTER_SITES+=" and "DISTFILES+=" are moved into Makefile.modules, module-depended (from go.mod: xorm.io/builder, core and xorm) only.

Main "MASTER_SITES+=" and "DISTFILES+=" (https://dl.grafana.com/oss/release/:public) are left in main Makefile.
Comment 12 commit-hook freebsd_committer 2021-12-12 00:36:59 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9e29bc87e91191f9fccb9428fdbcca83fa87a64e

commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-11 22:59:21 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:35:26 +0000

    www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

    PR:             ports/259638
    MFH:            2021Q4

 www/grafana8/Makefile         |  64 ++--
 www/grafana8/Makefile.modules | 135 ++++----
 www/grafana8/distinfo         | 238 +++++++-------
 www/grafana8/pkg-plist        | 741 +++++++++++++++++++++++++++++++++---------
 4 files changed, 815 insertions(+), 363 deletions(-)
Comment 13 commit-hook freebsd_committer 2021-12-12 00:37:01 UTC
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb

commit 21dc151c4e27b395a4a3832c5a0c5ef2b3d23eeb
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-11 22:59:21 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:36:32 +0000

    www/grafana8: Update to 8.2.7 (Fixes high vulnerabilities)

    PR:             ports/259638
    (cherry picked from commit 9e29bc87e91191f9fccb9428fdbcca83fa87a64e)

 www/grafana8/Makefile         |  64 ++--
 www/grafana8/Makefile.modules | 135 ++++----
 www/grafana8/distinfo         | 238 +++++++-------
 www/grafana8/pkg-plist        | 741 +++++++++++++++++++++++++++++++++---------
 4 files changed, 815 insertions(+), 363 deletions(-)
Comment 14 commit-hook freebsd_committer 2021-12-12 00:47:04 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=615d6690d65cd096a7a602276f7ebef7615342eb

commit 615d6690d65cd096a7a602276f7ebef7615342eb
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2021-12-12 00:41:30 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-12-12 00:46:03 +0000

    security/vuxml: Document multiple vulnerabilities of grafana8

    PR:             ports/259638

 security/vuxml/vuln-2021.xml | 144 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 144 insertions(+)