diff --git a/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch index 48a45360e4f71ea23f6454d12b17d5ab67dc41f2..aa4b4215b9fb8c01eb74d5830e5fb0412beef8cc 100644 --- a/1002-vendor-use-pbkdf2-from-OpenSSL.patch +++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -2,7 +2,7 @@ use pbkdf2 from OpenSSL if FIPS mode is enabled This patch modifies the x/crypto/pbkdf2 function to use OpenSSL if FIPS mode is enabled. -DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h +DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go new file mode 100644 @@ -112,7 +112,7 @@ index 0000000000..6dfdf10424 --- /dev/null +++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h @@ -0,0 +1,5 @@ -+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h" ++#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h" + +DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, + (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out), diff --git a/grafana.spec b/grafana.spec index 7d25a917b4f328ef13a11382d5dd7932cfebc0d3..9f01f1862d661d839b125a1951f7ba59a202af2f 100644 --- a/grafana.spec +++ b/grafana.spec @@ -36,7 +36,7 @@ end} Name: grafana Version: 9.2.10 -Release: 17%{anolis_release}%{?dist} +Release: 18%{anolis_release}%{?dist} Summary: Metrics dashboard and graph editor License: AGPLv3 URL: https://grafana.org @@ -1034,6 +1034,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Mon Sep 30 2024 Xiaoping Liu 9.2.10-18.0.1 +- fix CVE-2024-24791 + * Tue Aug 27 2024 Kaiqiang Wang 9.2.10-17.0.1 - fix CVE-2024-24788 CVE-2024-24789 CVE-2024-24790