grafana-selinux-9.2.10-15.el8 >  H     eã$ U]N z}A>cB 6, 10Vtt|ےvЄ/X栊 K7WB]ᾪUE%eU,\+#!AƯ-Wϋ%"1㘌nMab\9C߸Ͻwǭp.7=x5ί"ӧ4)1K餏 e"Al#r9f{_Y?=UJdmGRՠ2OlZ:cD嚑>cv41'+V_MꅽRnD`{UAu9X %Vp:zVzED|b|V76In]ʀ=,3"ۗ09(:[&/x%3ε7҆ٞB&ijk0U۩7q"=o*0EI!G7 x>\mb6yӧ`==?=d  Itx  , < \ $ ,LtT ( 8 <9 <:w<>9C@9KG9TH9tI9X9Y9\9]9^:Jb:d;e<f<l< t<$u /dev/null || : done /sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || : /sbin/restorecon -RvF /etc/grafana &> /dev/null || : /sbin/restorecon -RvF /var/log/grafana &> /dev/null || : /sbin/restorecon -RvF /var/lib/grafana &> /dev/null || : /sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || : /usr/sbin/semanage port -a -t grafana_port_t -p tcp 3000 &> /dev/null || :if [ $1 -eq 0 ] ; then /usr/sbin/semanage port -d -p tcp 3000 &> /dev/null || : for selinuxvariant in mls targeted do /usr/sbin/semodule -s ${selinuxvariant} -r grafana &> /dev/null || : done /sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || : /sbin/restorecon -RvF /etc/grafana &> /dev/null || : /sbin/restorecon -RvF /var/log/grafana &> /dev/null || : /sbin/restorecon -RvF /var/lib/grafana &> /dev/null || : /sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || : fi m<e_=@^3^^V]]*]p]i]A]9\Q\\\\8\O\\\|\\B@\\\o@\mA@\f\\\Z@\Yz\T4\R@\Q\5@[u[]Sam Feifer 9.2.10-15Sam Feifer 9.2.10-14Sam Feifer 9.2.10-12Stan Cox 9.2.10-6Stan Cox 9.2.10-5Stan Cox 9.2.10-4Stan Cox 9.2.10-3Jan Kurik 9.2.10-2Stan Cox 9.2.10-1Andreas Gerstmayr 7.5.15-4Andreas Gerstmayr 7.5.15-3Andreas Gerstmayr 7.5.15-2Andreas Gerstmayr 7.5.15-1Andreas Gerstmayr 7.5.11-2Andreas Gerstmayr 7.5.11-1Andreas Gerstmayr 7.5.10-1Andreas Gerstmayr 7.5.9-3Andreas Gerstmayr 7.5.9-2Andreas Gerstmayr 7.5.9-1Andreas Gerstmayr 7.5.8-1Andreas Gerstmayr 7.5.7-2Andreas Gerstmayr 7.5.7-1Andreas Gerstmayr 7.3.6-2Andreas Gerstmayr 7.3.6-1Andreas Gerstmayr 7.3.4-1Andreas Gerstmayr 6.7.4-3Andreas Gerstmayr 6.7.4-2Andreas Gerstmayr 6.7.4-1Andreas Gerstmayr 6.7.3-1Mark Goodwin 6.6.2-1Mark Goodwin 6.3.6-1Mark Goodwin 6.3.5-1Mark Goodwin 6.3.4-1Mark Goodwin 6.2.5-1Fedora Release Engineering - 6.2.2-2Mark Goodwin 6.2.2-1Mark Goodwin 6.2.1-1Mark Goodwin 6.2.0-1Mark Goodwin 6.1.6-2Mark Goodwin 6.1.6-1Mark Goodwin 6.1.4-1Mark Goodwin 6.1.3-1Mark Goodwin 6.1.0-1Mark Goodwin 6.0.2-1Mark Goodwin 6.0.1-3Mark Goodwin 6.0.1-2Mark Goodwin 6.0.1-1Mark Goodwin 5.4.3-11Mark Goodwin 5.4.3-10Xavier Bachelot 5.4.3-9Mark Goodwin 5.4.3-8Mark Goodwin 5.4.3-7Mark Goodwin 5.4.3-6Mark Goodwin 5.4.3-5Mark Goodwin 5.4.3-4Mark Goodwin 5.4.3-3Mark Goodwin 5.4.3-2Mark Goodwin 5.4.2-1Mark Goodwin 5.3.1-1Mark Goodwin 5.2.5-1- Resolves RHEL-23466 - Resolves RHEL-21027 - Allows for gid to be 0 - Allows for postgreSQL datasource in selinux policy- Resolves RHEL-19596 - Fixes coredump issue introduced by selinux - Patches out call to panic when trying to walk "/" directory - Fixes postgresql AVC denial- Resolves RHEL-7503 - Adds a selinux policy for grafana - Resolves RHEL-12650 - fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work- Add /usr/share/grafana to systemd-sysusers --replace- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests.- Use systemd-sysusers --replace- Use systemd-sysusers instead of sysusers_create_compat, which is not available in RHEL-8- Update to 9.2.10- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY - resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps - resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters - run integration tests in check phase - update FIPS patch with latest changes in Go packaging- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal- resolve CVE-2022-31107 grafana: OAuth account takeover- update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible- resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files- update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226- update to 7.5.10 tagged upstream community sources, see CHANGELOG- rebuild to resolve CVE-2021-34558- remove unused dependency property-information - always include FIPS patch in SRPM- update to 7.5.9 tagged upstream community sources, see CHANGELOG- update to 7.5.8 tagged upstream community sources, see CHANGELOG - remove unused dependencies selfsigned, http-signature and gofpdf- remove unused cryptographic implementations - use cryptographic functions from OpenSSL if FIPS mode is enabled- update to 7.5.7 tagged upstream community sources, see CHANGELOG- change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083) - add pcp-redis-datasource to allow_loading_unsigned_plugins config option- update to 7.3.6 tagged upstream community sources, see CHANGELOG - remove dependency on SAML (not supported in the open source version of Grafana)- update to 7.3.4 tagged upstream community sources, see CHANGELOG - bundle golang dependencies - optionally bundle node.js dependencies and build and test frontend as part of the specfile - merge all datasources into main grafana package - change default provisioning path to /etc/grafana/provisioning - resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170- apply patch for CVE-2020-13430 also to sources, not only to compiled webpack- security fix for CVE-2020-13430- update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379- update to 6.7.3 tagged upstream community sources, see CHANGELOG - add scripts to list Go dependencies and bundled npmjs dependencies - set Grafana version in Grafana UI and grafana-cli --version - declare README.md as documentation of datasource plugins - create grafana.db on first installation (fixes RH BZ #1805472) - change permissions of /var/lib/grafana to 750 (CVE-2020-12458) - change permissions of /var/lib/grafana/grafana.db to 640 and user/group grafana:grafana (CVE-2020-12458) - change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459)- added patch0 to set the version string correctly - removed patch 004-xerrors.patch, it's now upstream - added several patches for golang vendored vrs build dep differences - added patch to move grafana-cli binary to libexec dir - update to 6.6.2 tagged upstream community sources, see CHANGELOG- add weak depenency on grafana-pcp - add patch to mute shellcheck SC1090 for grafana-cli - update to 6.3.6 upstream community sources, see CHANGELOG- drop uaparser patch now it's upstream - add xerrors patch, see https://github.com/golang/go/issues/32246 - use vendor sources on rawhide until modules are fully supported - update to latest upstream community sources, see CHANGELOG- include fix for CVE-2019-15043 - add patch for uaparser on 32bit systems - update to latest upstream community sources, see CHANGELOG- update to latest upstream community sources, see CHANGELOG- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild- split out some datasource plugins to sub-packages - update to latest upstream community sources, see CHANGELOG- update to latest upstream community sources, see CHANGELOG- update to latest upstream community sources - drop a couple of patches- add conditional unbundle_vendor_sources macro- update to latest upstream stable release 6.1.6, see CHANGELOG - includes jQuery 3.4.0 security update- update to latest upstream stable release 6.1.4, see CHANGELOG - use gobuild and gochecks macros, eliminate arch symlinks - re-enable grafana-debugsource package - fix GRAFANA_GROUP typo - fix more modes for brp-mangle-shebangs - vendor source unbundling now done in prep after patches - remove all rhel and fedora conditional guff- update to latest upstream stable release 6.1.3, see CHANGELOG - unbundle all vendor sources, replace with BuildRequires, see the long list of blocker BZs linked to BZ#1670656 - BuildRequires go-plugin >= v1.0.0 for grpc_broker (thanks eclipseo) - tweak make_webpack to no longer use grunt, switch to prod build - add ExclusiveArch lua script (thanks quantum.analyst) - move db directory and plugins to /var/lib/grafana - split out into 6 patches, ready for upstream PRs - add check to run go tests for gating checks- update to latest upstream stable release 6.1.0, see CHANGELOG- bump to latest upstream stable release 6.0.2-1 - unbundle almost all remaining vendor code, see linked blockers in BZ#1670656- bump to latest upstream stable release 6.0.1-1- unbundle and add BuildRequires for golang-github-rainycape-unidecode-devel- update to v6.0.1 upstream sources, tweak distro config, re-do patch - simplify make_webpack.sh script (Elliott Sales de Andrade) - vendor/github.com/go-ldap is now gone, so don't unbundle it- tweak after latest feedback, bump to 5.4.3-11 (BZ 1670656) - build debuginfo package again - unbundle BuildRequires for golang-github-hashicorp-version-devel - remove some unneeded development files - remove macros from changelog and other rpmlint tweaks- tweak spec for available and unavailable (bundled) golang packages- Remove extraneous slash (cosmetic) - Create directories just before moving stuff in them - Truncate long lines - Group all golang stuff - Simplify BuildRequires/bundled Provides - Sort BuildRequires/bundled Provides - Fix bundled go packages Provides- add BuildRequires (and unbundle) vendor sources available in Fedora - declare Provides for remaining (bundled) vendor go sources - do not attempt to unbundle anything on RHEL < 7 or Fedora < 28- further refinement for spec doc section from Xavier Bachelot - disable debug_package to avoid empty debugsourcefiles.list- further refinement following review by Xavier Bachelot- further refinement following review by Xavier Bachelot- further spec updates after packaging review - reworked post-install scriplets- tweak FHS patch, update spec after packaging review- add patch to be standard FHS compliant, remove phantomjs - update to v5.4.3 upstream community sources- update to v5.4.2 upstream community sources- update to v5.3.1 upstream community sources- native RPM spec build with current tagged v5.2.5 sources/bin/sh/bin/sh9.2.10-15.el89.2.10-15.el8grafana-selinuxgrafana.fcgrafana.ifgrafana.pp.mlsgrafana.pp.targetedgrafana.tegrafana.ppgrafana.pp/usr/share/doc//usr/share/doc/grafana-selinux//usr/share/selinux/mls//usr/share/selinux/targeted/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryASCII textSE Linux policy interface sourceC++ source, ASCII textutf-8f84758de09ef87ba697c627092098bf5ecf88248b99d5cab1357b1dbb9f47941?07zXZ !#,i?4] b2u jӫ`(y/qp LqkONJz0XB½pK斞?~430 xR9}mkdzy!2iP3CjY'0TsQJ&.|`(H,RVOSRAEUol3Ϗ` "qoD}#ѫ\e®c*mZB6\&ZwbOb0qѱ:{S︻|mģ fUow2jM`(ZLB^0fʜQ"HtsKs}iqBD &A/h>+]+zxEuKPi&uA:yA8\Zϵ[wqzb՗!U'nf.FG8CySծLS64(w6=p/:G#_،P 㞿wSX֥H%XMKg?T\6e޴(g I#\ď\A$"'f2&Uһ#/7aq4Q=xjǣ3lYL^1mmO`xnF5νo]5ý@۸=ef.IbY-1*4e(4H ks? "hBAsʇ1%Z1ǒbKD뙿S ͠%_em P{M)_Ͽ!LsGiCmr0υjh4Q"x;G%kmp@>1#d&k gL|Z$-z^:P2nPL -D@*}?8 2EgCH0d&)}|ޘcX~ +x?Օ=cV}P 횻BP6R;=:DrCV1Ωմ<0Bw7Gȕsy.@_|WB$OLER&+NM|~IPƤq+c I cvFP"`>~2\mݏ?ZRCY.a|-cv1<.o-!o f23uxv]ZJ i7ns C=ac;91>iE@$6Drm=}0Gv}ObLb&iw-WJ# BVw) ݫ`C͐Q"x t}k \O5"Iӝ~+VyܫR=Be}_@vZUꐺg -ksȁD\U S@>|"ce4ZolNi0\ZAh]Qw>_zuxw<7sꞮfaK` j2~ZI^56ZIP[p>XȈ*Y삽"  -,]0ƙ:v!W]SJvJnxߦɁ`vb DUb)ĈMK旡̆ZE֯ԉɨͭ YԊ= |ȴ.n(̧FzP1 ބVT'U{rg١B̅5rd$?jyUJO%4g9hTAب7HG_< `{́ ;&Wρ"uFf7ܢ3T  3Qjub߽*Pab{m Y(#zoER& op R'jM(pd0jz r06X@_1i1iK<` Z= ơLߋ7R<$bVKAgQi[K.ez~(VPfA']쏅/QHn%7=nPg1Cזg&jW^2S)]-Fk_ˀ՞=w!Ev2pyNmϖLhsZ'l+ ~jq㋈A ܙqżzQ*S!L?;I'uiAiZc/m_EQ0€,CEŖE [ ˂$T\te^[Qjk|\*by.oy%7J<,wp4:2_oBG-_4 .J6ǏDeY8p~+3Qst%jKN#u}dCΨk'K92LK+_-\Pp7PaDV@7w%OX*$zeqe 9&i~E;YO-P3%ȩ%%X:g%$> GzYZ(/(9M._4%U4gY/TcYFJg$Jx,.c7nl3Hj<޻ğEVr@+ g 'aW s/O~DuQme=@˟и3T>]JGl~Vׄό /ޓB¶ĭvxuc=77m .8N>Q_?y;iMBbΊCÃ9BEO&zM CLRi0zݑ
  • 1b]`̰X4'ιr4Rݕ4FD ~3h[o\gQm=,a )3-K)* aCZ H2#͸fls[Gp&Ъ{{t"CDV{{ꐼ) =כ`d.H>q+.h; Z=YgRA(LWtS1b-{b7f=z00c4 Usaa GN:u-̮ Hʍq"REKp*_WR 6fWơ>XJ ) 2Pآ TqSNͳC~v4?9VGFCxG4}'$X:5۞Ʒ'`B]Kd7cո@<յkr_vgybYQ*R~IV<{t0\U(1n \ZVELNH Wé9] o}׫ Mq)U>@TVmC'k EbfX3!665+_TBݶ]f>˶X ]0g>BRkY5qݾ4a;1Umې?[<7ZF;j({J|+GT!PA6ttje!;fx뽝Y16]W.5!QdZC;  ϻ3͵PJ!)Zc жd =$ ~xdQhQxJzjop<~]0 ł$kSށ^20pr,mRv%gF8x̥2a}R<8u%@_~J?D&'Vܼ-נV1q0X8HXJ3-?˙tsĻ+LbZJ-|KK1wOđ$QNlL>:Wk*]W6vg)kUw73^e#r LMShiY_:._%/ v 8gK+. XU 5jiAH4A˝ \[u8M *Tq`3/Z ѐlwS4t:JSe}+{d[P{=$Bb"-zXWc|4U <0wɨ9D҄0ey4IMTiӤӺ%J0"]o\EQetL/sE2 E&έ,`7xJ#Ovξ nn1uDzS ;YKGdkcbIVw o{RbN&nxol.pT= t#FV%AԆŃצAAm|fʱ;Gظ5\_F 1QdO'H%Y5]G z`PJM>OKD&֫[fN׬HfR)[x9h"AWff$\Jc8*KrohMiF|3V50l30 Qa@2RXzϵDҫ< w?ueO?,1 2*K Ǽcz$ёFɂ95VfdP8@&4៷[b9fP7#_mqd w4ӊy@'Y*O`1\:Hw;{k-c&gEPdP (>r J7.7&$O5G8eNc֚@7}n_ u4&;>sFRP_YBy%q̭~Uv'Z}'1)7@7ފ߽AhсQ|+kX uuT&LKƑ wOBy@aФI='.B2z e fi0Boj[>T ^ Pv6|g>5<+Lu..)ܰAm`~/LYiw/SYgiD}D?wWlǑgYc=B$-v@t.muAbP"w[vTPEuKE7;d%L;4$s Mh<^_rfE(c'%` NpN;(窯kʗHZs[uܪPágST8Յ=3MYP.[bxdՈnV, QflT>A7p ;U }F$Fman/)bv8'FdPU?̂ iP._тgkzh`ie:2Dj /!mjA9Ivj|JB/N'(}o_>*̺ 博i|ģ]f)ǫӨwdQ`(8|GݻEǷ9FS7yxRn"64X(F[f\ W!dZ1T3H!B1&Mc~S[s+=C[sowD=D9$P m)YDͼ&x#.RcFM qlBU'caJ7p J$RaY)qolO[p>܃MFW~@B_+9 F2^¥>/]ݏh'I+NTk=I]|=pQEBJ\ܾ4)u F)bΨ' )n_U;uRvfMe}pɯC_R#2Q)O`PdT[E_(1Teh6 Q,I|H-fg- zD;G` Lt&橲:*|QNf}Q&qw\w,uWtP+U4[>!0ίƈwP>2l鈋ѹk0IR{TieɥA#f. 63y?{QM o̗$԰XbG_~)nTExS5^q~-X2E |rO`lwre\ QD4 \:h"&5_P= 2i4xltz0G{mNrA,>pHM6e Ý({$ѣW7H4)>5h9>L!ɵva.7LyToA9ThhG t֣`B‡|,Rkl$.5dĉB[tTަ,,{R76rȹ?H|烙6Krŝ q}gE/"&vGpSe^QQ_caBo_ }„ZI&0 ekwrmtB;Ãg*l^: 0XFxa_Q5y,M8~g~`Y3z7e!M>͋5 y/. ѻϛفf/5JB*r:va_kV \xUN:Ȕ 0^N$]!y&?W;k; جk_BȐ;8WFA傪^S|'X28ѳG2^ψKc33{ƹP{txr0f@KdOVY7g+6@XQF֦^zÐ~v>MA8,$1Ӳ^(Ñ=0[.:Il MCMAj]K,7H l*xxnЃ#!!hVݨ1*:ήN-+}?.*%_z;9Js#9=J1 F`6FnW`"œbKkAșJ. y0'²;Xݣ {{mf`ҸU`y i^$[95|[xJ*XB$1y-oGD;[Vh3`ZPms|?۷c`ɘɬ Qhh5fo2~.zbW3c:er;*Puk> BB* $rTL!ÜaH)ރs|~|ZJt"\5}M @{//*Lce?阆 ~+M2[ԈVipo\TTѧ!ed<k/I2ZUv؉Fl8:,ǖj\!~PBanvV aRII  8<*g0(cL{ь6 MDY.'QOt-0L‚F:'H<$ah;ټ2{12r?JS:ɸj=K*Ժ%dx`񣀝n:u\Wuı >4cn6rƠmJ/{zҗy*Q5$hplphmx1 "$O "+ˡ G˻X1$ёC'[h6Bkj5*hσ{$ջSTAx"W!,LDq Փe!v^,8aZS<2 tPc/*T@[#.Xdrbr}Ai\ H|O~NAg>HndE"e1Çې |Ev۷FlJ tJEwAm!)e~ 9[-1}=,EUƄʂx=1E63scy<4{蒄pU rn!}<Q:qHe(5{|Y۔:施@kLM4;bAJbt>D85Ů#x6Nh] 71Nu}В/`:/ܼ/(dk! a9XpH-MEuז 4_VZX(Aϸ 6} 5yW̿@_T[0 qC} #Mp sg P2o&"F/b:qȑX848|"45I3cс|{hsVxK|(/_G) Sy&0ܺ`دB2mN ,y' 90)}cy1݀[2kK7TSz8h:]pGv$us& G8\R:h B>N &;"5SFɅyz±"3f$ϊDJHiIH/̖`.p7ZEgqfUSߨ`\D:}n,"0xJPsFg kwT,z[µer{йQ|=QB$xSc.6z0"X_Fݕ&@'^Esb،`i%L!t] (vbH ) vfA$]-=~V4ϵ0GlDF6VjH;/h7UN"kl~Aqog"/HLKPJ^_{z"E!8󂥏4#^' hxU .%C![ 69*;) ;FR*_8=~`wCe!x̦I"-(Y? @v-+Rö(ψS%2\)@ h 53|ѕB?s]0(9k=˗ Ba'@Lm7i GEk$\%7NVטHf;,bh_5$0KD<[.ƃ~VeӹbvFܕh[PZWAʬHBm@;rzj5L$ RG:Lв|_ *HܣGR}fcdGpj/JF%=}e.3Qۓy%SƉAir$ _QR'Sy/Ӷ6Rbj