Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grafana for openSUSE:Factory checked in at 2023-02-16 17:03:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grafana (Old) and /work/SRC/openSUSE:Factory/.grafana.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grafana" Thu Feb 16 17:03:12 2023 rev:40 rq:1066204 version:8.5.20 Changes: -------- --- /work/SRC/openSUSE:Factory/grafana/grafana.changes 2023-02-07 18:49:53.715392937 +0100 +++ /work/SRC/openSUSE:Factory/.grafana.new.22824/grafana.changes 2023-02-16 17:03:14.396527186 +0100 @@ -1,0 +2,7 @@ +Wed Feb 15 08:35:28 UTC 2023 - Witek Bedyk <[email protected]> + +- Add 0002-Update-exporter-toolkit-to-version-0.7.3.patch + (bsc#1208065, CVE-2022-46146) +- Require Go 1.19 or newer + +------------------------------------------------------------------- New: ---- 0002-Update-exporter-toolkit-to-version-0.7.3.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grafana.spec ++++++ --- /var/tmp/diff_new_pack.eQLlun/_old 2023-02-16 17:03:17.124537897 +0100 +++ /var/tmp/diff_new_pack.eQLlun/_new 2023-02-16 17:03:17.128537913 +0100 @@ -36,11 +36,13 @@ # Makefile to automate build process Source4: Makefile Source5: 0001-Add-source-code-reference.patch +# CVE-2022-46146 bsc#1208065 +Patch0: 0002-Update-exporter-toolkit-to-version-0.7.3.patch BuildRequires: fdupes BuildRequires: git-core BuildRequires: golang-packaging BuildRequires: wire -BuildRequires: golang(API) >= 1.17 +BuildRequires: golang(API) >= 1.19 Requires(post): %fillup_prereq Requires: group(grafana) Requires: user(grafana) @@ -61,6 +63,7 @@ %prep %setup -q -n grafana-%{version} %setup -q -T -D -a 1 -n grafana-%{version} +%patch0 -p1 %build %goprep github.com/grafana/grafana ++++++ 0002-Update-exporter-toolkit-to-version-0.7.3.patch ++++++ From: Witek Bedyk <[email protected]> Subject: [PATCH] Update exporter-toolkit to version 0.7.3 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 2572cebe7e..91829bc695 100644 --- a/go.mod +++ b/go.mod @@ -218,7 +218,7 @@ require ( github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/common/sigv4 v0.1.0 // indirect - github.com/prometheus/exporter-toolkit v0.7.0 // indirect + github.com/prometheus/exporter-toolkit v0.7.3 // indirect github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect github.com/prometheus/procfs v0.7.3 // indirect github.com/protocolbuffers/txtpbfmt v0.0.0-20201118171849-f6a6b3f636fc // indirect -- 2.35.3 ++++++ Makefile ++++++ --- /var/tmp/diff_new_pack.eQLlun/_old 2023-02-16 17:03:17.200538195 +0100 +++ /var/tmp/diff_new_pack.eQLlun/_new 2023-02-16 17:03:17.208538227 +0100 @@ -24,7 +24,12 @@ cd $$basename && \ # Patches for the JS frontend go after here \ patch --no-backup-if-mismatch -p1 -i ../../0001-Add-source-code-reference.patch && \ + patch --no-backup-if-mismatch -p1 -i ../../0002-Update-exporter-toolkit-to-version-0.7.3.patch && \ # End patches section \ + go mod download && \ + go mod verify && \ + go mod vendor && \ + tar --format=posix -cf ../../vendor.tar vendor && \ # avoid ".git can't be found" \ git init && \ # avoid "FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory" \ @@ -36,5 +41,6 @@ tar -rf ../$$tar $$basename/public && \ cd .. && \ gzip $$tar && \ + gzip -f vendor.tar && \ rm -rf $$tmpdir ++++++ _service ++++++ --- /var/tmp/diff_new_pack.eQLlun/_old 2023-02-16 17:03:17.252538400 +0100 +++ /var/tmp/diff_new_pack.eQLlun/_new 2023-02-16 17:03:17.256538415 +0100 @@ -15,6 +15,5 @@ <service name="set_version" mode="disabled"> <param name="basename">grafana</param> </service> - <service name="go_modules" mode="disabled"/> </services> ++++++ grafana-8.5.20.tar.gz ++++++ /work/SRC/openSUSE:Factory/grafana/grafana-8.5.20.tar.gz /work/SRC/openSUSE:Factory/.grafana.new.22824/grafana-8.5.20.tar.gz differ: char 5, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/grafana/vendor.tar.gz /work/SRC/openSUSE:Factory/.grafana.new.22824/vendor.tar.gz differ: char 5, line 1
