packages/grafana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!26 Fix CVE-2022-21673

Browse Source 
Merge pull request !26 from wk333/master
This commit is contained in:
openeuler-ci-bot 2022-01-27 02:38:06 +00:00 committed by Gitee
commit 425ddc755a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 218 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

212
CVE-2022-21673.patch Normal file
View File

@ -0,0 +1,212 @@
From bb0cfbc1d9ee75ba9c1068276e490e2868bb112f Mon Sep 17 00:00:00 2001
From: Dimitris Sotirakis <dimitrios.sotirakis@grafana.com>
Date: Tue, 18 Jan 2022 10:51:10 +0200
Subject: [PATCH] [v7.5.x] GetUserInfo: return an error if no user was found
(#212)
* Update grabpl version
* return an error if no user was found
(cherry picked from commit b9d3b9b5a40d8aad0adadd6d278427320fb4aebe)
* also if authid is empty
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
---
.drone.yml | 36 +++++++++++++++---------------
pkg/services/sqlstore/user_auth.go | 4 ++++
scripts/lib.star | 2 +-
3 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/.drone.yml b/.drone.yml
index 55dd0893c30e8..6da4e5b76fb1a 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -17,7 +17,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- curl -fLO https://github.com/jwilder/dockerize/releases/download/v$${DOCKERIZE_VERSION}/dockerize-linux-amd64-v$${DOCKERIZE_VERSION}.tar.gz
@@ -266,7 +266,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- curl -fLO https://github.com/jwilder/dockerize/releases/download/v$${DOCKERIZE_VERSION}/dockerize-linux-amd64-v$${DOCKERIZE_VERSION}.tar.gz
@@ -605,7 +605,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- name: build-windows-installer
image: grafana/ci-wix:0.1.1
@@ -654,7 +654,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
environment:
@@ -742,7 +742,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- ./bin/grabpl verify-version ${DRONE_TAG}
@@ -1056,7 +1056,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- name: build-windows-installer
image: grafana/ci-wix:0.1.1
@@ -1106,7 +1106,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
@@ -1503,7 +1503,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
- git checkout ${DRONE_TAG}
@@ -1568,7 +1568,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- ./bin/grabpl verify-version ${DRONE_TAG}
@@ -1676,7 +1676,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- ./bin/grabpl verify-version v7.3.0-test
@@ -1979,7 +1979,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- name: build-windows-installer
image: grafana/ci-wix:0.1.1
@@ -2029,7 +2029,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
@@ -2420,7 +2420,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
- git checkout main
@@ -2485,7 +2485,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- ./bin/grabpl verify-version v7.3.0-test
@@ -2593,7 +2593,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- ./bin/grabpl verify-drone
- curl -fLO https://github.com/jwilder/dockerize/releases/download/v$${DOCKERIZE_VERSION}/dockerize-linux-amd64-v$${DOCKERIZE_VERSION}.tar.gz
@@ -2871,7 +2871,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- name: build-windows-installer
image: grafana/ci-wix:0.1.1
@@ -2917,7 +2917,7 @@ steps:
image: grafana/build-container:1.4.1
commands:
- mkdir -p bin
- - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/grabpl
+ - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/grabpl
- chmod +x bin/grabpl
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
@@ -3311,7 +3311,7 @@ steps:
image: grafana/ci-wix:0.1.1
commands:
- $$ProgressPreference = "SilentlyContinue"
- - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.58/windows/grabpl.exe -OutFile grabpl.exe
+ - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v0.5.59/windows/grabpl.exe -OutFile grabpl.exe
- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-enterprise.git"
- cd grafana-enterprise
- git checkout $$env:DRONE_BRANCH
diff --git a/pkg/services/sqlstore/user_auth.go b/pkg/services/sqlstore/user_auth.go
index 0bef79e160048..9605ccce76a83 100644
--- a/pkg/services/sqlstore/user_auth.go
+++ b/pkg/services/sqlstore/user_auth.go
@@ -142,6 +142,10 @@ func GetExternalUserInfoByLogin(query *models.GetExternalUserInfoByLoginQuery) e
}
func GetAuthInfo(query *models.GetAuthInfoQuery) error {
+ if query.UserId == 0 && query.AuthId == "" {
+ return models.ErrUserNotFound
+ }
+
userAuth := &models.UserAuth{
UserId: query.UserId,
AuthModule: query.AuthModule,
diff --git a/scripts/lib.star b/scripts/lib.star
index e115fe363cbca..da1291f102166 100644
--- a/scripts/lib.star
+++ b/scripts/lib.star
@@ -1,4 +1,4 @@
-grabpl_version = '0.5.58'
+grabpl_version = '0.5.59'
build_image = 'grafana/build-container:1.4.1'
publish_image = 'grafana/grafana-ci-deploy:1.3.1'
grafana_docker_image = 'grafana/drone-grafana-docker:0.3.2'

8
grafana.spec
View File

@ -7,7 +7,7 @@
Name: grafana Name: grafana
Version: 7.5.11 Version: 7.5.11
Release: 3 Release: 4
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: Apache 2.0 License: Apache 2.0
URL: https://grafana.org URL: https://grafana.org
@ -31,6 +31,7 @@ Patch5: 005-fix-gtime-test-32bit.patch
Patch6: 006-remove-unused-frontend-crypto.patch Patch6: 006-remove-unused-frontend-crypto.patch
Patch7: 007-patch-unused-backend-crypto.patch Patch7: 007-patch-unused-backend-crypto.patch
Patch8: CVE-2021-43813.patch Patch8: CVE-2021-43813.patch
Patch9: CVE-2022-21673.patch
BuildRequires: git, systemd, golang BuildRequires: git, systemd, golang
@ -400,7 +401,7 @@ rm -r plugins-bundled
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1
# Set up build subdirs and links # Set up build subdirs and links
@ -565,6 +566,9 @@ rm -r pkg/macaron
%changelog %changelog
* Thu Jan 27 2022 wangkai <wangkai385@huawei.com> 7.5.11-4
- Fix CVE-2022-21673
* Wed Dec 15 2021 wangkai <wangkai385@huawei.com> 7.5.11-3 * Wed Dec 15 2021 wangkai <wangkai385@huawei.com> 7.5.11-3
- Fix CVE-2021-43813 - Fix CVE-2021-43813