diff --git a/Fix-CVE-2022-21698.patch b/Fix-CVE-2022-21698.patch new file mode 100644 index 0000000000000000000000000000000000000000..79414afcd7057acbdb65109294ef1654e80eede9 --- /dev/null +++ b/Fix-CVE-2022-21698.patch @@ -0,0 +1,488 @@ +From a17c5cebb633b15b67d42b3f94d4bb5db3f06164 Mon Sep 17 00:00:00 2001 +From: jxy_git +Date: Thu, 9 Jan 2025 09:52:11 +0800 +Subject: [PATCH] Fix CVE-2022-21698 + +Reference: https://github.com/prometheus/client_golang/commit/9075cdf61646b5adf54d3ba77a0e4f6c65cb4fd7 + +--- + .../prometheus/promhttp/instrument_client.go | 28 ++- + .../prometheus/promhttp/instrument_server.go | 160 ++++++++++++------ + .../prometheus/promhttp/option.go | 27 +++ + .../prometheus/promhttp/option_test.go | 55 ++++++ + 4 files changed, 213 insertions(+), 57 deletions(-) + create mode 100644 vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go + create mode 100644 vendor/github.com/prometheus/client_golang/prometheus/promhttp/option_test.go + +diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go +index 83c49b6..5f9dca3 100644 +--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go ++++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go +@@ -49,7 +49,10 @@ func InstrumentRoundTripperInFlight(gauge prometheus.Gauge, next http.RoundTripp + // http.RoundTripper to observe the request result with the provided CounterVec. + // The CounterVec must have zero, one, or two non-const non-curried labels. For + // those, the only allowed label names are "code" and "method". The function +-// panics otherwise. Partitioning of the CounterVec happens by HTTP status code ++// panics otherwise. For the "method" label a predefined default label value set ++// is used to filter given values. Values besides predefined values will count ++// as `unknown` method.`WithExtraMethods` can be used to add more ++// methods to the set. Partitioning of the CounterVec happens by HTTP status code + // and/or HTTP method if the respective instance label names are present in the + // CounterVec. For unpartitioned counting, use a CounterVec with zero labels. + // +@@ -57,13 +60,18 @@ func InstrumentRoundTripperInFlight(gauge prometheus.Gauge, next http.RoundTripp + // is not incremented. + // + // See the example for ExampleInstrumentRoundTripperDuration for example usage. +-func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.RoundTripper) RoundTripperFunc { ++func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.RoundTripper, opts ...Option) RoundTripperFunc { ++ rtOpts := &option{} ++ for _, o := range opts { ++ o(rtOpts) ++ } ++ + code, method := checkLabels(counter) + + return RoundTripperFunc(func(r *http.Request) (*http.Response, error) { + resp, err := next.RoundTrip(r) + if err == nil { +- counter.With(labels(code, method, r.Method, resp.StatusCode)).Inc() ++ counter.With(labels(code, method, r.Method, resp.StatusCode, rtOpts.extraMethods...)).Inc() + } + return resp, err + }) +@@ -73,7 +81,10 @@ func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.Rou + // http.RoundTripper to observe the request duration with the provided + // ObserverVec. The ObserverVec must have zero, one, or two non-const + // non-curried labels. For those, the only allowed label names are "code" and +-// "method". The function panics otherwise. The Observe method of the Observer ++// "method". The function panics otherwise. For the "method" label a predefined ++// default label value set is used to filter given values. Values besides ++// predefined values will count as `unknown` method. `WithExtraMethods` ++// can be used to add more methods to the set. The Observe method of the Observer + // in the ObserverVec is called with the request duration in + // seconds. Partitioning happens by HTTP status code and/or HTTP method if the + // respective instance label names are present in the ObserverVec. For +@@ -85,14 +96,19 @@ func InstrumentRoundTripperCounter(counter *prometheus.CounterVec, next http.Rou + // + // Note that this method is only guaranteed to never observe negative durations + // if used with Go1.9+. +-func InstrumentRoundTripperDuration(obs prometheus.ObserverVec, next http.RoundTripper) RoundTripperFunc { ++func InstrumentRoundTripperDuration(obs prometheus.ObserverVec, next http.RoundTripper, opts ...Option) RoundTripperFunc { ++ rtOpts := &option{} ++ for _, o := range opts { ++ o(rtOpts) ++ } ++ + code, method := checkLabels(obs) + + return RoundTripperFunc(func(r *http.Request) (*http.Response, error) { + start := time.Now() + resp, err := next.RoundTrip(r) + if err == nil { +- obs.With(labels(code, method, r.Method, resp.StatusCode)).Observe(time.Since(start).Seconds()) ++ obs.With(labels(code, method, r.Method, resp.StatusCode, rtOpts.extraMethods...)).Observe(time.Since(start).Seconds()) + } + return resp, err + }) +diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go +index 9db2438..9842e5f 100644 +--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go ++++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go +@@ -58,7 +58,12 @@ func InstrumentHandlerInFlight(g prometheus.Gauge, next http.Handler) http.Handl + // + // Note that this method is only guaranteed to never observe negative durations + // if used with Go1.9+. +-func InstrumentHandlerDuration(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc { ++func InstrumentHandlerDuration(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc { ++ mwOpts := &option{} ++ for _, o := range opts { ++ o(mwOpts) ++ } ++ + code, method := checkLabels(obs) + + if code { +@@ -67,57 +72,70 @@ func InstrumentHandlerDuration(obs prometheus.ObserverVec, next http.Handler) ht + d := newDelegator(w, nil) + next.ServeHTTP(d, r) + +- obs.With(labels(code, method, r.Method, d.Status())).Observe(time.Since(now).Seconds()) ++ obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(time.Since(now).Seconds()) + }) + } + + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + now := time.Now() + next.ServeHTTP(w, r) +- obs.With(labels(code, method, r.Method, 0)).Observe(time.Since(now).Seconds()) ++ obs.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Observe(time.Since(now).Seconds()) + }) + } + + // InstrumentHandlerCounter is a middleware that wraps the provided http.Handler +-// to observe the request result with the provided CounterVec. The CounterVec +-// must have zero, one, or two non-const non-curried labels. For those, the only +-// allowed label names are "code" and "method". The function panics +-// otherwise. Partitioning of the CounterVec happens by HTTP status code and/or +-// HTTP method if the respective instance label names are present in the +-// CounterVec. For unpartitioned counting, use a CounterVec with zero labels. ++// to observe the request result with the provided CounterVec. The CounterVec ++// must have valid metric and label names and must have zero, one, or two ++// non-const non-curried labels. For those, the only allowed label names are ++// "code" and "method". The function panics otherwise. For the "method" ++// label a predefined default label value set is used to filter given values. ++// Values besides predefined values will count as `unknown` method. ++// `WithExtraMethods` can be used to add more methods to the set. Partitioning of the ++// CounterVec happens by HTTP status code and/or HTTP method if the respective ++// instance label names are present in the CounterVec. For unpartitioned ++// counting, use a CounterVec with zero labels. + // + // If the wrapped Handler does not set a status code, a status code of 200 is assumed. + // + // If the wrapped Handler panics, the Counter is not incremented. + // + // See the example for InstrumentHandlerDuration for example usage. +-func InstrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) http.HandlerFunc { ++func InstrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler, opts ...Option) http.HandlerFunc { ++ mwOpts := &option{} ++ for _, o := range opts { ++ o(mwOpts) ++ } ++ + code, method := checkLabels(counter) + + if code { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + d := newDelegator(w, nil) + next.ServeHTTP(d, r) +- counter.With(labels(code, method, r.Method, d.Status())).Inc() ++ counter.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Inc() + }) + } + + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + next.ServeHTTP(w, r) +- counter.With(labels(code, method, r.Method, 0)).Inc() ++ counter.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Inc() + }) + } + + // InstrumentHandlerTimeToWriteHeader is a middleware that wraps the provided + // http.Handler to observe with the provided ObserverVec the request duration +-// until the response headers are written. The ObserverVec must have zero, one, +-// or two non-const non-curried labels. For those, the only allowed label names +-// are "code" and "method". The function panics otherwise. The Observe method of +-// the Observer in the ObserverVec is called with the request duration in +-// seconds. Partitioning happens by HTTP status code and/or HTTP method if the +-// respective instance label names are present in the ObserverVec. For +-// unpartitioned observations, use an ObserverVec with zero labels. Note that +-// partitioning of Histograms is expensive and should be used judiciously. ++// until the response headers are written. The ObserverVec must have valid ++// metric and label names and must have zero, one, or two non-const non-curried ++// labels. For those, the only allowed label names are "code" and "method". The ++// function panics otherwise. For the "method" label a predefined default label ++// value set is used to filter given values. Values besides predefined values ++// will count as `unknown` method.`WithExtraMethods` can be used to add more ++// methods to the set. The Observe method of the Observer in the ++// ObserverVec is called with the request duration in seconds. Partitioning ++// happens by HTTP status code and/or HTTP method if the respective instance ++// label names are present in the ObserverVec. For unpartitioned observations, ++// use an ObserverVec with zero labels. Note that partitioning of Histograms is ++// expensive and should be used judiciously. + // + // If the wrapped Handler panics before calling WriteHeader, no value is + // reported. +@@ -126,35 +144,48 @@ func InstrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) + // if used with Go1.9+. + // + // See the example for InstrumentHandlerDuration for example usage. +-func InstrumentHandlerTimeToWriteHeader(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc { ++func InstrumentHandlerTimeToWriteHeader(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc { ++ mwOpts := &option{} ++ for _, o := range opts { ++ o(mwOpts) ++ } ++ + code, method := checkLabels(obs) + + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + now := time.Now() + d := newDelegator(w, func(status int) { +- obs.With(labels(code, method, r.Method, status)).Observe(time.Since(now).Seconds()) ++ obs.With(labels(code, method, r.Method, status, mwOpts.extraMethods...)).Observe(time.Since(now).Seconds()) + }) + next.ServeHTTP(d, r) + }) + } + + // InstrumentHandlerRequestSize is a middleware that wraps the provided +-// http.Handler to observe the request size with the provided ObserverVec. The +-// ObserverVec must have zero, one, or two non-const non-curried labels. For +-// those, the only allowed label names are "code" and "method". The function +-// panics otherwise. The Observe method of the Observer in the ObserverVec is +-// called with the request size in bytes. Partitioning happens by HTTP status +-// code and/or HTTP method if the respective instance label names are present in +-// the ObserverVec. For unpartitioned observations, use an ObserverVec with zero +-// labels. Note that partitioning of Histograms is expensive and should be used +-// judiciously. ++// http.Handler to observe the request size with the provided ObserverVec. The ++// ObserverVec must have valid metric and label names and must have zero, one, ++// or two non-const non-curried labels. For those, the only allowed label names ++// are "code" and "method". The function panics otherwise. For the "method" ++// label a predefined default label value set is used to filter given values. ++// Values besides predefined values will count as `unknown` method. ++// `WithExtraMethods` can be used to add more methods to the set. The Observe ++// method of the Observer in the ObserverVec is called with the request size in ++// bytes. Partitioning happens by HTTP status code and/or HTTP method if the ++// respective instance label names are present in the ObserverVec. For ++// unpartitioned observations, use an ObserverVec with zero labels. Note that ++// partitioning of Histograms is expensive and should be used judiciously. + // + // If the wrapped Handler does not set a status code, a status code of 200 is assumed. + // + // If the wrapped Handler panics, no values are reported. + // + // See the example for InstrumentHandlerDuration for example usage. +-func InstrumentHandlerRequestSize(obs prometheus.ObserverVec, next http.Handler) http.HandlerFunc { ++func InstrumentHandlerRequestSize(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.HandlerFunc { ++ mwOpts := &option{} ++ for _, o := range opts { ++ o(mwOpts) ++ } ++ + code, method := checkLabels(obs) + + if code { +@@ -162,39 +193,48 @@ func InstrumentHandlerRequestSize(obs prometheus.ObserverVec, next http.Handler) + d := newDelegator(w, nil) + next.ServeHTTP(d, r) + size := computeApproximateRequestSize(r) +- obs.With(labels(code, method, r.Method, d.Status())).Observe(float64(size)) ++ obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(float64(size)) + }) + } + + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + next.ServeHTTP(w, r) + size := computeApproximateRequestSize(r) +- obs.With(labels(code, method, r.Method, 0)).Observe(float64(size)) ++ obs.With(labels(code, method, r.Method, 0, mwOpts.extraMethods...)).Observe(float64(size)) + }) + } + + // InstrumentHandlerResponseSize is a middleware that wraps the provided +-// http.Handler to observe the response size with the provided ObserverVec. The +-// ObserverVec must have zero, one, or two non-const non-curried labels. For +-// those, the only allowed label names are "code" and "method". The function +-// panics otherwise. The Observe method of the Observer in the ObserverVec is +-// called with the response size in bytes. Partitioning happens by HTTP status +-// code and/or HTTP method if the respective instance label names are present in +-// the ObserverVec. For unpartitioned observations, use an ObserverVec with zero +-// labels. Note that partitioning of Histograms is expensive and should be used +-// judiciously. ++// http.Handler to observe the response size with the provided ObserverVec. The ++// ObserverVec must have valid metric and label names and must have zero, one, ++// or two non-const non-curried labels. For those, the only allowed label names ++// are "code" and "method". The function panics otherwise. For the "method" ++// label a predefined default label value set is used to filter given values. ++// Values besides predefined values will count as `unknown` method. ++// `WithExtraMethods` can be used to add more methods to the set. The Observe ++// method of the Observer in the ObserverVec is called with the response size in ++// bytes. Partitioning happens by HTTP status code and/or HTTP method if the ++// respective instance label names are present in the ObserverVec. For ++// unpartitioned observations, use an ObserverVec with zero labels. Note that ++// partitioning of Histograms is expensive and should be used judiciously. + // + // If the wrapped Handler does not set a status code, a status code of 200 is assumed. + // + // If the wrapped Handler panics, no values are reported. + // + // See the example for InstrumentHandlerDuration for example usage. +-func InstrumentHandlerResponseSize(obs prometheus.ObserverVec, next http.Handler) http.Handler { ++func InstrumentHandlerResponseSize(obs prometheus.ObserverVec, next http.Handler, opts ...Option) http.Handler { ++ mwOpts := &option{} ++ for _, o := range opts { ++ o(mwOpts) ++ } ++ + code, method := checkLabels(obs) ++ + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + d := newDelegator(w, nil) + next.ServeHTTP(d, r) +- obs.With(labels(code, method, r.Method, d.Status())).Observe(float64(d.Written())) ++ obs.With(labels(code, method, r.Method, d.Status(), mwOpts.extraMethods...)).Observe(float64(d.Written())) + }) + } + +@@ -279,7 +319,7 @@ func isLabelCurried(c prometheus.Collector, label string) bool { + // unnecessary allocations on each request. + var emptyLabels = prometheus.Labels{} + +-func labels(code, method bool, reqMethod string, status int) prometheus.Labels { ++func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels { + if !(code || method) { + return emptyLabels + } +@@ -289,7 +329,7 @@ func labels(code, method bool, reqMethod string, status int) prometheus.Labels { + labels["code"] = sanitizeCode(status) + } + if method { +- labels["method"] = sanitizeMethod(reqMethod) ++ labels["method"] = sanitizeMethod(reqMethod, extraMethods...) + } + + return labels +@@ -319,7 +359,12 @@ func computeApproximateRequestSize(r *http.Request) int { + return s + } + +-func sanitizeMethod(m string) string { ++// If the wrapped http.Handler has a known method, it will be sanitized and returned. ++// Otherwise, "unknown" will be returned. The known method list can be extended ++// as needed by using extraMethods parameter. ++func sanitizeMethod(m string, extraMethods ...string) string { ++ // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods for ++ // the methods chosen as default. + switch m { + case "GET", "get": + return "get" +@@ -337,15 +382,25 @@ func sanitizeMethod(m string) string { + return "options" + case "NOTIFY", "notify": + return "notify" ++ case "TRACE", "trace": ++ return "trace" ++ case "PATCH", "patch": ++ return "patch" + default: +- return strings.ToLower(m) ++ for _, method := range extraMethods { ++ if strings.EqualFold(m, method) { ++ return strings.ToLower(m) ++ } ++ } ++ return "unknown" + } + } + + // If the wrapped http.Handler has not set a status code, i.e. the value is +-// currently 0, santizeCode will return 200, for consistency with behavior in ++// currently 0, sanitizeCode will return 200, for consistency with behavior in + // the stdlib. + func sanitizeCode(s int) string { ++ // See for accepted codes https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml + switch s { + case 100: + return "100" +@@ -442,6 +497,9 @@ func sanitizeCode(s int) string { + return "511" + + default: +- return strconv.Itoa(s) ++ if s >= 100 && s <= 599 { ++ return strconv.Itoa(s) ++ } ++ return "unknown" + } + } +diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go +new file mode 100644 +index 0000000..2fddb59 +--- /dev/null ++++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option.go +@@ -0,0 +1,27 @@ ++// Copyright 2022 The Prometheus Authors ++// Licensed under the Apache License, Version 2.0 (the "License"); ++// you may not use this file except in compliance with the License. ++// You may obtain a copy of the License at ++// ++// http://www.apache.org/licenses/LICENSE-2.0 ++// ++// Unless required by applicable law or agreed to in writing, software ++// distributed under the License is distributed on an "AS IS" BASIS, ++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++// See the License for the specific language governing permissions and ++// limitations under the License. ++package promhttp ++// Option are used to configure a middleware or round tripper.. ++type Option func(*option) ++type option struct { ++ extraMethods []string ++} ++// WithExtraMethods adds additional HTTP methods to the list of allowed methods. ++// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods for the default list. ++// ++// See the example for ExampleInstrumentHandlerWithExtraMethods for example usage. ++func WithExtraMethods(methods ...string) Option { ++ return func(o *option) { ++ o.extraMethods = methods ++ } ++} +\ No newline at end of file +diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option_test.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option_test.go +new file mode 100644 +index 0000000..44a2c19 +--- /dev/null ++++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/option_test.go +@@ -0,0 +1,55 @@ ++// Copyright 2022 The Prometheus Authors ++// Licensed under the Apache License, Version 2.0 (the "License"); ++// you may not use this file except in compliance with the License. ++// You may obtain a copy of the License at ++// ++// http://www.apache.org/licenses/LICENSE-2.0 ++// ++// Unless required by applicable law or agreed to in writing, software ++// distributed under the License is distributed on an "AS IS" BASIS, ++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++// See the License for the specific language governing permissions and ++// limitations under the License. ++package promhttp ++import ( ++ "log" ++ "net/http" ++ "github.com/prometheus/client_golang/prometheus" ++) ++func ExampleInstrumentHandlerWithExtraMethods() { ++ counter := prometheus.NewCounterVec( ++ prometheus.CounterOpts{ ++ Name: "api_requests_total", ++ Help: "A counter for requests to the wrapped handler.", ++ }, ++ []string{"code", "method"}, ++ ) ++ // duration is partitioned by the HTTP method and handler. It uses custom ++ // buckets based on the expected request duration. ++ duration := prometheus.NewHistogramVec( ++ prometheus.HistogramOpts{ ++ Name: "request_duration_seconds", ++ Help: "A histogram of latencies for requests.", ++ Buckets: []float64{.25, .5, 1, 2.5, 5, 10}, ++ }, ++ []string{"handler", "method"}, ++ ) ++ // Create the handlers that will be wrapped by the middleware. ++ pullHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ++ w.Write([]byte("Pull")) ++ }) ++ // Specify additional HTTP methods to be added to the label allow list. ++ opts := WithExtraMethods("CUSTOM_METHOD") ++ // Instrument the handlers with all the metrics, injecting the "handler" ++ // label by currying. ++ pullChain := ++ InstrumentHandlerDuration(duration.MustCurryWith(prometheus.Labels{"handler": "pull"}), ++ InstrumentHandlerCounter(counter, pullHandler, opts), ++ opts, ++ ) ++ http.Handle("/metrics", Handler()) ++ http.Handle("/pull", pullChain) ++ if err := http.ListenAndServe(":3000", nil); err != nil { ++ log.Fatal(err) ++ } ++} +\ No newline at end of file +-- +2.43.0 + diff --git a/alertmanager-0.21.0.linux-amd64.tar.gz b/alertmanager-0.21.0.linux-amd64.tar.gz deleted file mode 100644 index 9bf9ba1f4acf73c18eaf87a1e6dc29e7ed2e2932..0000000000000000000000000000000000000000 Binary files a/alertmanager-0.21.0.linux-amd64.tar.gz and /dev/null differ diff --git a/alertmanager-0.21.0.linux-arm64.tar.gz b/alertmanager-0.21.0.linux-arm64.tar.gz deleted file mode 100644 index fa4fd8a74b4a823bb71ab43324f1b82b80dd0e32..0000000000000000000000000000000000000000 Binary files a/alertmanager-0.21.0.linux-arm64.tar.gz and /dev/null differ diff --git a/alertmanager.spec b/alertmanager.spec index 615e6d6c648b14e56a1d32bf0228d932dc9fc191..69c87e30eb656ac2e31e72bff966fd9fcf977719 100644 --- a/alertmanager.spec +++ b/alertmanager.spec @@ -2,45 +2,46 @@ Name: alertmanager Version: 0.21.0 -Release: 3 +Release: 4 Summary: Prometheus Alertmanager. License: ASL 2.0 URL: https://github.com/prometheus/%{name} -%ifarch aarch64 -%global hostarch arm64 -%endif -%ifarch x86_64 -%global hostarch amd64 -%endif - -Source0: https://github.com/prometheus/%{name}/releases/download/v%{version}/%{name}-%{version}.linux-%{hostarch}.tar.gz +Source0: https://github.com/prometheus/%{name}/archive/refs/tags/v%{version}.tar.gz Source1: %{name}.service Source2: %{name}.default +Source3: %{name}.yml + +Patch3000: Fix-CVE-2022-21698.patch + +BuildRequires: golang +BuildRequires: systemd %{?systemd_requires} Requires(pre): shadow-utils %description - The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integration such as email, PagerDuty, or OpsGenie. It also takes care of silencing and inhibition of alerts. %prep -%setup -q -n %{name}-%{version}.linux-%{hostarch} +%setup -q -n %{name}-%{version} +%patch3000 -p1 %build -/bin/true +export GOFLAGS="-mod=vendor -buildmode=pie" +go build -ldflags '-w -s -linkmode=external -extldflags "-Wl,-z,relro -Wl,-z,now -pie"' -mod=vendor -o %{_builddir}/%{name}-%{version}/bin/alertmanager ./cmd/alertmanager +go build -ldflags '-w -s -linkmode=external -extldflags "-Wl,-z,relro -Wl,-z,now -pie"' -mod=vendor -o %{_builddir}/%{name}-%{version}/bin/amtool ./cmd/amtool %install mkdir -vp %{buildroot}%{_sharedstatedir}/prometheus -install -D -m 644 alertmanager.yml %{buildroot}%{_sysconfdir}/prometheus/%{name}.yml -install -D -m 755 %{name} %{buildroot}%{_bindir}/%{name} -install -D -m 755 amtool %{buildroot}%{_bindir}/amtool +install -D -m 755 -vd %{buildroot}%{_bindir} +install -D -m 755 -vp %{_builddir}/%{name}-%{version}/bin/* %{buildroot}%{_bindir} install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/default/%{name} +install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/prometheus/%{name}.yml %pre getent group prometheus >/dev/null || groupadd -r prometheus @@ -68,6 +69,12 @@ exit 0 %dir %attr(755, prometheus, prometheus)%{_sharedstatedir}/prometheus %changelog +* Mon Jan 13 2025 jiangxinyu - 0.21.0-4 +- Type: CVE +- CVE: CVE-2022-21698 +- SUG: NA +- DESC: Fix CVE-2022-21698 + * Thu Aug 05 2021 herengui - 0.21.0-3 - Type: bugfix - ID: #I4431I diff --git a/alertmanager.yml b/alertmanager.yml new file mode 100644 index 0000000000000000000000000000000000000000..e1f079dce03d61a394758c4acf6410432cd9e291 --- /dev/null +++ b/alertmanager.yml @@ -0,0 +1,19 @@ +global: + resolve_timeout: 5m + +route: + group_by: ['alertname'] + group_wait: 10s + group_interval: 10s + repeat_interval: 1h + receiver: 'web.hook' +receivers: +- name: 'web.hook' + webhook_configs: + - url: 'http://127.0.0.1:5001/' +inhibit_rules: + - source_match: + severity: 'critical' + target_match: + severity: 'warning' + equal: ['alertname', 'dev', 'instance'] diff --git a/v0.21.0.tar.gz b/v0.21.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1024c83aa2577ebeac39647c7b348f84feb21e9b Binary files /dev/null and b/v0.21.0.tar.gz differ