From a7eccd76ef6bcae2f6ee08b7267e896048859881 Mon Sep 17 00:00:00 2001
From: wangkaiqiang <wangkaiqiang@inspur.com>
Date: Tue, 27 Aug 2024 19:45:00 +0800
Subject: [PATCH] fix CVE-2024-24788 CVE-2024-24789 CVE-2024-24790

---
 grafana.spec | 5 ++++-
 grafana.te   | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/grafana.spec b/grafana.spec
index db63011..7d25a91 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -36,7 +36,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          16%{anolis_release}%{?dist}
+Release:          17%{anolis_release}%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -1034,6 +1034,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Tue Aug 27 2024 Kaiqiang Wang <wangkaiqiang@ieisystem.com> 9.2.10-17.0.1
+- fix CVE-2024-24788 CVE-2024-24789 CVE-2024-24790
+
 * Tue May 28 2024 Liwei Ge <geliwei@openanolis.com> 9.2.10-16.0.1
 - Use cn proxy for go build
 - Support loongarch build
diff --git a/grafana.te b/grafana.te
index b7acfed..498ce14 100644
--- a/grafana.te
+++ b/grafana.te
@@ -82,6 +82,9 @@ can_exec(grafana_t, grafana_pcp_exec_t)
 corenet_tcp_connect_all_ephemeral_ports(grafana_t)
 grafana_exec(grafana_t)
 
+# Allow grafana to connect to mssql's default tcp port of 1433
+corenet_tcp_connect_mssql_port(grafana_t)
+
 ########################################
 #
 # grafana local policy
-- 
Gitee