From 0ab0fb5ab35b35323eedeb5641e650a7eab64275 Mon Sep 17 00:00:00 2001
From: lxpzero <lxp01404969@alibaba-inc.com>
Date: Mon, 30 Sep 2024 16:26:01 +0800
Subject: [PATCH] fix CVE-2024-24791

---
 1002-vendor-use-pbkdf2-from-OpenSSL.patch | 4 ++--
 grafana.spec                              | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch
index 48a4536..aa4b421 100644
--- a/1002-vendor-use-pbkdf2-from-OpenSSL.patch
+++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch
@@ -2,7 +2,7 @@ use pbkdf2 from OpenSSL if FIPS mode is enabled
 
 This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
 if FIPS mode is enabled.
-DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
 
 diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
 new file mode 100644
@@ -112,7 +112,7 @@ index 0000000000..6dfdf10424
 --- /dev/null
 +++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
 @@ -0,0 +1,5 @@
-+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
++#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h"
 +
 +DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
 +    (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
diff --git a/grafana.spec b/grafana.spec
index 7d25a91..9f01f18 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -36,7 +36,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          17%{anolis_release}%{?dist}
+Release:          18%{anolis_release}%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -1034,6 +1034,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Mon Sep 30 2024 Xiaoping Liu <liuxiaoping@openanolis.com> 9.2.10-18.0.1
+- fix CVE-2024-24791
+
 * Tue Aug 27 2024 Kaiqiang Wang <wangkaiqiang@ieisystem.com> 9.2.10-17.0.1
 - fix CVE-2024-24788 CVE-2024-24789 CVE-2024-24790
 
-- 
Gitee