From 9db51f9a82cfeeb2c9fdd5ea376ce590c527f19c Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Mon, 16 Jun 2025 13:22:15 +0800
Subject: [PATCH 1/3] [CVE]update to grafana-9.2.10-25

to #ICFESZ

update to grafana-9.2.10-25 for CVE-2025-22871

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 grafana.spec | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/grafana.spec b/grafana.spec
index 30ec0c7..bd83beb 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.1
 # gobuild and gotest macros are not available on CentOS Stream
 # remove once BZ 1965292 is resolved
 # definitions lifted from Fedora 34 podman.spec
@@ -36,7 +35,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          23%{anolis_release}%{?dist}
+Release:          25%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -125,10 +124,6 @@ BuildRequires:    yarnpkg
 BuildRequires:    openssl-devel
 %endif
 
-%ifarch loongarch64
-BuildRequires:    golang-vendored-golang.org
-%endif
-
 %global           GRAFANA_USER %{name}
 %global           GRAFANA_GROUP %{name}
 
@@ -796,8 +791,6 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
 # Build the frontend
 %if %{compile_frontend}
 %{SOURCE5}
-# export GO111MODULE=off
-go env -w GOPROXY=https://goproxy.cn
 %endif
 
 # Build the backend
@@ -807,12 +800,6 @@ go env -w GOPROXY=https://goproxy.cn
 # can be removed in a future Go release
 export GOEXPERIMENT=boringcrypto
 # see grafana-X.Y.Z/pkg/build/cmd.go
-
-%ifarch loongarch64
-rm -rf vendor/golang.org/x/sys
-cp -arp %{_datadir}/golang/vendor/golang.org/x/sys/ vendor/golang.org/x/
-%endif
-
 export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}"
 for cmd in grafana-cli grafana-server; do
     %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
@@ -1036,9 +1023,8 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
-* Tue May 20 2025 Liwei Ge <geliwei@openanolis.com> 9.2.10-23.0.1
-- Use cn proxy for go build
-- Support loongarch build
+* Wed Jun 4 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-25
+- Resolves RHEL-89269: CVE-2025-22871
 
 * Tue May 13 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-23
 - Resolves RHEL-89949: CVE-2025-4123
-- 
Gitee


From f97e642753072334650da6734f408933412134f3 Mon Sep 17 00:00:00 2001
From: songmingliang <songmingliang@uniontech.com>
Date: Tue, 26 Apr 2022 17:07:50 +0800
Subject: [PATCH 2/3] build: use cn proxy for go build

---
 grafana.spec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/grafana.spec b/grafana.spec
index bd83beb..ffa8497 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 # gobuild and gotest macros are not available on CentOS Stream
 # remove once BZ 1965292 is resolved
 # definitions lifted from Fedora 34 podman.spec
@@ -35,7 +36,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          25%{?dist}
+Release:          25%{anolis_release}%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -791,6 +792,8 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
 # Build the frontend
 %if %{compile_frontend}
 %{SOURCE5}
+# export GO111MODULE=off
+go env -w GOPROXY=https://goproxy.cn
 %endif
 
 # Build the backend
@@ -1023,6 +1026,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Mon Jun 16 2025 Liwei Ge <geliwei@openanolis.com> 9.2.10-25.0.1
+- Use cn proxy for go build
+
 * Wed Jun 4 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-25
 - Resolves RHEL-89269: CVE-2025-22871
 
-- 
Gitee


From 756339965a1b97d02dd0e4a2ec2c2cf40c2ea728 Mon Sep 17 00:00:00 2001
From: Liwei Ge <geliwei@openanolis.org>
Date: Wed, 28 Dec 2022 20:40:59 +0800
Subject: [PATCH 3/3] spec: support loongarch build

---
 grafana.spec | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/grafana.spec b/grafana.spec
index ffa8497..9baa329 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -125,6 +125,10 @@ BuildRequires:    yarnpkg
 BuildRequires:    openssl-devel
 %endif
 
+%ifarch loongarch64
+BuildRequires:    golang-vendored-golang.org
+%endif
+
 %global           GRAFANA_USER %{name}
 %global           GRAFANA_GROUP %{name}
 
@@ -803,6 +807,12 @@ go env -w GOPROXY=https://goproxy.cn
 # can be removed in a future Go release
 export GOEXPERIMENT=boringcrypto
 # see grafana-X.Y.Z/pkg/build/cmd.go
+
+%ifarch loongarch64
+rm -rf vendor/golang.org/x/sys
+cp -arp %{_datadir}/golang/vendor/golang.org/x/sys/ vendor/golang.org/x/
+%endif
+
 export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}"
 for cmd in grafana-cli grafana-server; do
     %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
@@ -1028,6 +1038,7 @@ fi
 %changelog
 * Mon Jun 16 2025 Liwei Ge <geliwei@openanolis.com> 9.2.10-25.0.1
 - Use cn proxy for go build
+- Support loongarch build
 
 * Wed Jun 4 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-25
 - Resolves RHEL-89269: CVE-2025-22871
-- 
Gitee