www/grafana8: Update to 8.5.20 (Fixes security vulnerabilities)

ChangeLog: https://grafana.com/docs/grafana/latest/whatsnew/ Fixes: * Spoofing originalUrl of snapshots * Stored XSS in ResourcePicker component PR: 269409 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-23552 CVE-2022-39324
freebsd · Feb 9, 2023 · 71bbafd · 71bbafd
1 parent 869a4cd
commit 71bbafd
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 21 deletions.
diff --git a/www/grafana8/Makefile b/www/grafana8/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	grafana
 DISTVERSIONPREFIX=	v
-DISTVERSION=	8.5.15
-PORTREVISION=	2
+DISTVERSION=	8.5.20
 CATEGORIES=	www
 MASTER_SITES=	https://dl.grafana.com/oss/release/:public
 PKGNAMESUFFIX=	${DISTVERSION:C/([0-9]).*/\1/1}
@@ -24,7 +23,7 @@ USES=		cpe go:modules
 USE_GITHUB=	yes
 
 USE_RC_SUBR=	grafana
-TAG=		be4228d
+TAG=		e927a64
 
 GO_TARGET=	./pkg/cmd/grafana-server \
 		./pkg/cmd/grafana-cli
@@ -39,7 +38,7 @@ SUB_LIST=	GRAFANA_USER=${GRAFANA_USER} \
 		GRAFANA_LOGDIR=${GRAFANA_LOGDIR} \
 		GRAFANA_PLUGINDIR=${GRAFANA_PLUGINDIR} \
 		GRAFANA_PROVISIONINGDIR=${GRAFANA_PROVISIONINGDIR} \
-		GRAFANA_BUILDHASH=cf625893e14b53d42c9c
+		GRAFANA_BUILDHASH=f6f956979adbe34421ce
 
 GRAFANA_USER?=	grafana
 GRAFANA_GROUP?=	grafana

diff --git a/www/grafana8/Makefile.modules b/www/grafana8/Makefile.modules
@@ -113,7 +113,7 @@ GH_TUPLE=	\
 		golang:tools:v0.1.11:golang_tools/vendor/golang.org/x/tools \
 		golang:xerrors:5ec99f83aff1:golang_xerrors/vendor/golang.org/x/xerrors \
 		golang-jwt:jwt:v3.2.1:golang_jwt_jwt/vendor/github.com/golang-jwt/jwt \
-		golang-jwt:jwt:v4.2.0:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
+		golang-jwt:jwt:v4.4.2:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
 		golang-migrate:migrate:v4.7.0:golang_migrate_migrate/vendor/github.com/golang-migrate/migrate/v4 \
 		golang-sql:civil:cb61b32ac6fe:golang_sql_civil/vendor/github.com/golang-sql/civil \
 		gomodule:redigo:v2.0.0:gomodule_redigo/vendor/github.com/gomodule/redigo \
@@ -141,7 +141,7 @@ GH_TUPLE=	\
 		grafana:grafana-google-sdk-go:b190293eaf58:grafana_grafana_google_sdk_go/vendor/github.com/grafana/grafana-google-sdk-go \
 		grafana:grafana-plugin-sdk-go:v0.131.0:grafana_grafana_plugin_sdk_go/vendor/github.com/grafana/grafana-plugin-sdk-go \
 		grafana:loki:7832783b1caa:grafana_loki/vendor/github.com/grafana/loki \
-		grafana:saml:aed1b2edd86b:grafana_saml/vendor/github.com/crewjam/saml \
+		grafana:saml:9d456850a65a:grafana_saml/vendor/github.com/crewjam/saml \
 		grafana:xorm:2fcda7565af6:grafana_xorm/vendor/xorm.io/xorm \
 		grpc-ecosystem:go-grpc-middleware:v1.3.0:grpc_ecosystem_go_grpc_middleware/vendor/github.com/grpc-ecosystem/go-grpc-middleware \
 		grpc-ecosystem:go-grpc-prometheus:6af20e3a5340:grpc_ecosystem_go_grpc_prometheus/vendor/github.com/grpc-ecosystem/go-grpc-prometheus \
@@ -182,7 +182,7 @@ GH_TUPLE=	\
 		mattn:go-colorable:v0.1.8:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
 		mattn:go-isatty:v0.0.12:mattn_go_isatty/vendor/github.com/mattn/go-isatty \
 		mattn:go-runewidth:v0.0.9:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \
-		mattn:go-sqlite3:v1.14.7:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \
+		mattn:go-sqlite3:v1.14.16:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \
 		matttproud:golang_protobuf_extensions:c182affec369:matttproud_golang_protobuf_extensions/vendor/github.com/matttproud/golang_protobuf_extensions \
 		miekg:dns:v1.1.43:miekg_dns/vendor/github.com/miekg/dns \
 		mitchellh:go-testing-interface:v1.14.0:mitchellh_go_testing_interface/vendor/github.com/mitchellh/go-testing-interface \

diff --git a/www/grafana8/distinfo b/www/grafana8/distinfo
@@ -1,12 +1,12 @@
-TIMESTAMP = 1668092902
-SHA256 (grafana-8.5.15.linux-amd64.tar.gz) = 98eac35b7da8ca9b74efcfd6ab519a01bc14d2222b2cf8a6cbd4520cc0a5f98b
-SIZE (grafana-8.5.15.linux-amd64.tar.gz) = 79032031
+TIMESTAMP = 1675776796
+SHA256 (grafana-8.5.20.linux-amd64.tar.gz) = 60343382e8007ccdc5dbd7db1497261c71f4ce628f3ed5d4a564ef175c466f36
+SIZE (grafana-8.5.20.linux-amd64.tar.gz) = 79337888
 SHA256 (v0.3.6.tar.gz) = af49dbe70ab6b0eb31d69afd89c3260b82cb662607b66eac41b65d642faee6bb
 SIZE (v0.3.6.tar.gz) = 22747
 SHA256 (v0.7.3.tar.gz) = 9709c0e8eec3045832f9da81c7bcacf1a32774cb674efcd5662dd8b4d82f70c1
 SIZE (v0.7.3.tar.gz) = 21163
-SHA256 (grafana-grafana-v8.5.15_GH0.tar.gz) = 3ee25419cf85da6cadbd7ed69805b771a769bae7e70757355536dc78e51a1d04
-SIZE (grafana-grafana-v8.5.15_GH0.tar.gz) = 18829793
+SHA256 (grafana-grafana-v8.5.20_GH0.tar.gz) = 4a7932937689dceab40bea685d2230bba4f08cfff24b25e2a3f94af4a0b807b5
+SIZE (grafana-grafana-v8.5.20_GH0.tar.gz) = 18830682
 SHA256 (Azure-azure-sdk-for-go-v59.3.0_GH0.tar.gz) = 219e6cdb7b26dcb4bdac35de2f06abf9caa71810fe88395e692f42729c8e55f5
 SIZE (Azure-azure-sdk-for-go-v59.3.0_GH0.tar.gz) = 46199521
 SHA256 (Azure-azure-sdk-for-go-sdk-azcore-v0.22.0_GH0.tar.gz) = 7375ac472dc4a19c5ce4eb9e646c20d97a9802e68790dc968b49c7874177b331
@@ -227,8 +227,8 @@ SHA256 (golang-xerrors-5ec99f83aff1_GH0.tar.gz) = 71975d658357e170fd6a41f92539cd
 SIZE (golang-xerrors-5ec99f83aff1_GH0.tar.gz) = 13664
 SHA256 (golang-jwt-jwt-v3.2.1_GH0.tar.gz) = 9c7d8c881a6517a7d38276d5cbcfbef93ff7ebb7d43181c471d9dc05b0b8feed
 SIZE (golang-jwt-jwt-v3.2.1_GH0.tar.gz) = 38016
-SHA256 (golang-jwt-jwt-v4.2.0_GH0.tar.gz) = 9dc7ea5faef300ab80bbd90d1811b59255475703c4d643ea6f800d356d518d15
-SIZE (golang-jwt-jwt-v4.2.0_GH0.tar.gz) = 48313
+SHA256 (golang-jwt-jwt-v4.4.2_GH0.tar.gz) = 5c48e918854c3fc1c9bbb9ebf747addb960250f977aa8523344f60f4c423c7c1
+SIZE (golang-jwt-jwt-v4.4.2_GH0.tar.gz) = 51392
 SHA256 (golang-migrate-migrate-v4.7.0_GH0.tar.gz) = d3f5d2ede4dac95cc2ccf0ec051331e3980b5414b182d9854da2baa0d9cbdfb1
 SIZE (golang-migrate-migrate-v4.7.0_GH0.tar.gz) = 119632
 SHA256 (golang-sql-civil-cb61b32ac6fe_GH0.tar.gz) = ebc100d46719b1374b59e59bc63baffaec6a2bface5b0d519024f43c097cdc3e
@@ -283,8 +283,8 @@ SHA256 (grafana-grafana-plugin-sdk-go-v0.131.0_GH0.tar.gz) = 2c26090b753aaa8b01c
 SIZE (grafana-grafana-plugin-sdk-go-v0.131.0_GH0.tar.gz) = 1307404
 SHA256 (grafana-loki-7832783b1caa_GH0.tar.gz) = e89867b5a7b0e8d40d43d355a6292ac05b65f8c85f5ad549fd3ba6e58b6ed02d
 SIZE (grafana-loki-7832783b1caa_GH0.tar.gz) = 26035626
-SHA256 (grafana-saml-aed1b2edd86b_GH0.tar.gz) = 980899519b1e4c9d03be608c48793c12e197d7e73438ca2b27533dbe1c5486c4
-SIZE (grafana-saml-aed1b2edd86b_GH0.tar.gz) = 252303
+SHA256 (grafana-saml-9d456850a65a_GH0.tar.gz) = 04ec34dc2da38ed91c4a5483247a8e310ae70eb978d1172bd018aa6624354c2e
+SIZE (grafana-saml-9d456850a65a_GH0.tar.gz) = 305541
 SHA256 (grafana-xorm-2fcda7565af6_GH0.tar.gz) = f9ef23a67e683ef3153425856c9e71d38c584e76320a174f296e80774659af28
 SIZE (grafana-xorm-2fcda7565af6_GH0.tar.gz) = 414050
 SHA256 (grpc-ecosystem-go-grpc-middleware-v1.3.0_GH0.tar.gz) = c9b908202c05a7f821b03ee49cd678e7e71469519054629770e0565d78275cbc
@@ -365,8 +365,8 @@ SHA256 (mattn-go-isatty-v0.0.12_GH0.tar.gz) = addbdc341d7685ed4cc8d2d8a8fd2bd9b7
 SIZE (mattn-go-isatty-v0.0.12_GH0.tar.gz) = 4548
 SHA256 (mattn-go-runewidth-v0.0.9_GH0.tar.gz) = 4f20a337ad06e071f29535afe9c5207d3e8840c8c86672bbc5f9837c6229c835
 SIZE (mattn-go-runewidth-v0.0.9_GH0.tar.gz) = 16714
-SHA256 (mattn-go-sqlite3-v1.14.7_GH0.tar.gz) = ed9922998dc82553a7cc5889747b123fc216a15036e7c3e1bdeea1acb68bc584
-SIZE (mattn-go-sqlite3-v1.14.7_GH0.tar.gz) = 2391718
+SHA256 (mattn-go-sqlite3-v1.14.16_GH0.tar.gz) = 826a8201600e05860b6a580c0b97a75b11fa6ca469696868d23d7c680ed19c54
+SIZE (mattn-go-sqlite3-v1.14.16_GH0.tar.gz) = 2475472
 SHA256 (matttproud-golang_protobuf_extensions-c182affec369_GH0.tar.gz) = 66a6911e621bfd8823078568688b5683d66ce0b8f85da7b1288d3533d2724735
 SIZE (matttproud-golang_protobuf_extensions-c182affec369_GH0.tar.gz) = 37518
 SHA256 (miekg-dns-v1.1.43_GH0.tar.gz) = 889d61c9ce9594ef0fa4b8b601fcf094082b8c12f5638063652d8dee7ee5339a

diff --git a/www/grafana8/pkg-plist b/www/grafana8/pkg-plist
@@ -183,6 +183,7 @@ bin/grafana-server
 %%DATADIR%%/public/app/core/components/RolePicker/ValueContainer.tsx
 %%DATADIR%%/public/app/core/components/RolePicker/api.ts
 %%DATADIR%%/public/app/core/components/RolePicker/constants.ts
+%%DATADIR%%/public/app/core/components/SVG/SanitizedSVG.tsx
 %%DATADIR%%/public/app/core/components/Select/DashboardPicker.tsx
 %%DATADIR%%/public/app/core/components/Select/FolderPicker.test.tsx
 %%DATADIR%%/public/app/core/components/Select/FolderPicker.tsx
@@ -3262,9 +3263,6 @@ bin/grafana-server
 %%DATADIR%%/public/build/1523.%%GRAFANA_BUILDHASH%%.js
 %%DATADIR%%/public/build/1549.%%GRAFANA_BUILDHASH%%.js
 %%DATADIR%%/public/build/1549.%%GRAFANA_BUILDHASH%%.js.map
-%%DATADIR%%/public/build/1603.%%GRAFANA_BUILDHASH%%.js
-%%DATADIR%%/public/build/1603.%%GRAFANA_BUILDHASH%%.js.LICENSE.txt
-%%DATADIR%%/public/build/1603.%%GRAFANA_BUILDHASH%%.js.map
 %%DATADIR%%/public/build/1657.%%GRAFANA_BUILDHASH%%.js
 %%DATADIR%%/public/build/1657.%%GRAFANA_BUILDHASH%%.js.LICENSE.txt
 %%DATADIR%%/public/build/1657.%%GRAFANA_BUILDHASH%%.js.map
@@ -3504,6 +3502,9 @@ bin/grafana-server
 %%DATADIR%%/public/build/7275.%%GRAFANA_BUILDHASH%%.js
 %%DATADIR%%/public/build/7275.%%GRAFANA_BUILDHASH%%.js.LICENSE.txt
 %%DATADIR%%/public/build/7275.%%GRAFANA_BUILDHASH%%.js.map
+%%DATADIR%%/public/build/7289.%%GRAFANA_BUILDHASH%%.js
+%%DATADIR%%/public/build/7289.%%GRAFANA_BUILDHASH%%.js.LICENSE.txt
+%%DATADIR%%/public/build/7289.%%GRAFANA_BUILDHASH%%.js.map
 %%DATADIR%%/public/build/7371.%%GRAFANA_BUILDHASH%%.js
 %%DATADIR%%/public/build/7371.%%GRAFANA_BUILDHASH%%.js.LICENSE.txt
 %%DATADIR%%/public/build/7371.%%GRAFANA_BUILDHASH%%.js.map