!97 [sync] PR-92: Fix CVE-2022-39229

From: @openeuler-sync-bot 
Reviewed-by: @starlet-dx 
Signed-off-by: @starlet-dx

CVE-2022-31107.patch

@@ -0,0 +1,353 @@
+From 41a9a27cf0767828f38a390bbe7cf43f613b882e Mon Sep 17 00:00:00 2001
+From: Andreas Gerstmayr <agerstmayr@redhat.com>
+Date: Fri, 15 Jul 2022 14:05:14 +0200
+Subject: [PATCH] fix CVE-2022-31107
+
+backport 967e17d7ef6bc62a108add33ea699710f0e15870 from v8.4.10
+
+Co-authored-by: Karl Persson <kalle.persson@grafana.com>
+Co-authored-by: Jguer <joao.guerreiro@grafana.com>
+
+diff --git a/pkg/api/ldap_debug.go b/pkg/api/ldap_debug.go
+index 126e760b67..c9e2b606c5 100644
+--- a/pkg/api/ldap_debug.go
++++ b/pkg/api/ldap_debug.go
+@@ -215,6 +215,11 @@ func (hs *HTTPServer) PostSyncUserWithLDAP(c *models.ReqContext) response.Respon
+ 		ReqContext:    c,
+ 		ExternalUser:  user,
+ 		SignupAllowed: hs.Cfg.LDAPAllowSignup,
++		UserLookupParams: models.UserLookupParams{
++			UserID: &query.Result.Id, // Upsert by ID only
++			Email:  nil,
++			Login:  nil,
++		},
+ 	}
+ 
+ 	err = bus.Dispatch(upsertCmd)
+diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
+index 1fce9b6f61..611d51444f 100644
+--- a/pkg/api/login_oauth.go
++++ b/pkg/api/login_oauth.go
+@@ -250,6 +250,11 @@ func syncUser(
+ 		ReqContext:    ctx,
+ 		ExternalUser:  extUser,
+ 		SignupAllowed: connect.IsSignupAllowed(),
++		UserLookupParams: models.UserLookupParams{
++			Email:  &extUser.Email,
++			UserID: nil,
++			Login:  nil,
++		},
+ 	}
+ 	if err := bus.Dispatch(cmd); err != nil {
+ 		return nil, err
+diff --git a/pkg/login/ldap_login.go b/pkg/login/ldap_login.go
+index cb5d984e73..82dac2ee9e 100644
+--- a/pkg/login/ldap_login.go
++++ b/pkg/login/ldap_login.go
+@@ -56,9 +56,13 @@ var loginUsingLDAP = func(query *models.LoginUserQuery) (bool, error) {
+ 		ReqContext:    query.ReqContext,
+ 		ExternalUser:  externalUser,
+ 		SignupAllowed: setting.LDAPAllowSignup,
++		UserLookupParams: models.UserLookupParams{
++			Login:  &externalUser.Login,
++			Email:  &externalUser.Email,
++			UserID: nil,
++		},
+ 	}
+-	err = bus.Dispatch(upsert)
+-	if err != nil {
++	if err = bus.Dispatch(upsert); err != nil {
+ 		return true, err
+ 	}
+ 	query.User = upsert.Result
+diff --git a/pkg/models/user_auth.go b/pkg/models/user_auth.go
+index 2061cf048b..a98efe659e 100644
+--- a/pkg/models/user_auth.go
++++ b/pkg/models/user_auth.go
+@@ -54,11 +54,11 @@ type RequestURIKey struct{}
+ // COMMANDS
+ 
+ type UpsertUserCommand struct {
+-	ReqContext    *ReqContext
+-	ExternalUser  *ExternalUserInfo
++	ReqContext   *ReqContext
++	ExternalUser *ExternalUserInfo
++	UserLookupParams
++	Result        *User
+ 	SignupAllowed bool
+-
+-	Result *User
+ }
+ 
+ type SetAuthInfoCommand struct {
+@@ -95,13 +95,18 @@ type LoginUserQuery struct {
+ type GetUserByAuthInfoQuery struct {
+ 	AuthModule string
+ 	AuthId     string
+-	UserId     int64
+-	Email      string
+-	Login      string
++	UserLookupParams
+ 
+ 	Result *User
+ }
+ 
++type UserLookupParams struct {
++	// Describes lookup order as well
++	UserID *int64  // if set, will try to find the user by id
++	Email  *string // if set, will try to find the user by email
++	Login  *string // if set, will try to find the user by login
++}
++
+ type GetExternalUserInfoByLoginQuery struct {
+ 	LoginOrEmail string
+ 
+diff --git a/pkg/services/contexthandler/authproxy/authproxy.go b/pkg/services/contexthandler/authproxy/authproxy.go
+index 80e5a5b9e0..0d834748a7 100644
+--- a/pkg/services/contexthandler/authproxy/authproxy.go
++++ b/pkg/services/contexthandler/authproxy/authproxy.go
+@@ -246,6 +246,11 @@ func (auth *AuthProxy) LoginViaLDAP() (int64, error) {
+ 		ReqContext:    auth.ctx,
+ 		SignupAllowed: auth.cfg.LDAPAllowSignup,
+ 		ExternalUser:  extUser,
++		UserLookupParams: models.UserLookupParams{
++			Login:  &extUser.Login,
++			Email:  &extUser.Email,
++			UserID: nil,
++		},
+ 	}
+ 	if err := bus.Dispatch(upsert); err != nil {
+ 		return 0, err
+@@ -288,6 +293,11 @@ func (auth *AuthProxy) LoginViaHeader() (int64, error) {
+ 		ReqContext:    auth.ctx,
+ 		SignupAllowed: auth.cfg.AuthProxyAutoSignUp,
+ 		ExternalUser:  extUser,
++		UserLookupParams: models.UserLookupParams{
++			UserID: nil,
++			Login:  &extUser.Login,
++			Email:  &extUser.Email,
++		},
+ 	}
+ 
+ 	err := bus.Dispatch(upsert)
+diff --git a/pkg/services/login/login.go b/pkg/services/login/login.go
+index 9e08a36b06..b74d1d3e8f 100644
+--- a/pkg/services/login/login.go
++++ b/pkg/services/login/login.go
+@@ -37,11 +37,9 @@ func (ls *LoginService) UpsertUser(cmd *models.UpsertUserCommand) error {
+ 	extUser := cmd.ExternalUser
+ 
+ 	userQuery := &models.GetUserByAuthInfoQuery{
+-		AuthModule: extUser.AuthModule,
+-		AuthId:     extUser.AuthId,
+-		UserId:     extUser.UserId,
+-		Email:      extUser.Email,
+-		Login:      extUser.Login,
++		AuthModule:       extUser.AuthModule,
++		AuthId:           extUser.AuthId,
++		UserLookupParams: cmd.UserLookupParams,
+ 	}
+ 	if err := bus.Dispatch(userQuery); err != nil {
+ 		if !errors.Is(err, models.ErrUserNotFound) {
+diff --git a/pkg/services/login/login_test.go b/pkg/services/login/login_test.go
+index 04953b567a..dd84ee29c8 100644
+--- a/pkg/services/login/login_test.go
++++ b/pkg/services/login/login_test.go
+@@ -82,10 +82,12 @@ func Test_teamSync(t *testing.T) {
+ 		QuotaService: &quota.QuotaService{},
+ 	}
+ 
+-	upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: "test_user@example.org"}}
++	email := "test_user@example.org"
++	upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: email},
++		UserLookupParams: models.UserLookupParams{Email: &email}}
+ 	expectedUser := &models.User{
+ 		Id:    1,
+-		Email: "test_user@example.org",
++		Email: email,
+ 		Name:  "test_user",
+ 		Login: "test_user",
+ 	}
+diff --git a/pkg/services/sqlstore/user_auth.go b/pkg/services/sqlstore/user_auth.go
+index 9605ccce76..f6f0e510bc 100644
+--- a/pkg/services/sqlstore/user_auth.go
++++ b/pkg/services/sqlstore/user_auth.go
+@@ -40,11 +40,12 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error {
+ 			}
+ 
+ 			// if user id was specified and doesn't match the user_auth entry, remove it
+-			if query.UserId != 0 && query.UserId != authQuery.Result.UserId {
+-				err = DeleteAuthInfo(&models.DeleteAuthInfoCommand{
++			if query.UserLookupParams.UserID != nil &&
++				*query.UserLookupParams.UserID != 0 &&
++				*query.UserLookupParams.UserID != authQuery.Result.UserId {
++				if err := DeleteAuthInfo(&models.DeleteAuthInfoCommand{
+ 					UserAuth: authQuery.Result,
+-				})
+-				if err != nil {
++				}); err != nil {
+ 					sqlog.Error("Error removing user_auth entry", "error", err)
+ 				}
+ 
+@@ -70,17 +71,18 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error {
+ 		}
+ 	}
+ 
++	params := query.UserLookupParams
+ 	// If not found, try to find the user by id
+-	if !has && query.UserId != 0 {
+-		has, err = x.Id(query.UserId).Get(user)
++	if !has && params.UserID != nil && *params.UserID != 0 {
++		has, err = x.Id(*params.UserID).Get(user)
+ 		if err != nil {
+ 			return err
+ 		}
+ 	}
+ 
+ 	// If not found, try to find the user by email address
+-	if !has && query.Email != "" {
+-		user = &models.User{Email: query.Email}
++	if !has && params.Email != nil && *params.Email != "" {
++		user = &models.User{Email: *params.Email}
+ 		has, err = x.Get(user)
+ 		if err != nil {
+ 			return err
+@@ -88,8 +90,8 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error {
+ 	}
+ 
+ 	// If not found, try to find the user by login
+-	if !has && query.Login != "" {
+-		user = &models.User{Login: query.Login}
++	if !has && params.Login != nil && *params.Login != "" {
++		user = &models.User{Login: *params.Login}
+ 		has, err = x.Get(user)
+ 		if err != nil {
+ 			return err
+diff --git a/pkg/services/sqlstore/user_auth_test.go b/pkg/services/sqlstore/user_auth_test.go
+index e5bb2379e5..d94ce34edb 100644
+--- a/pkg/services/sqlstore/user_auth_test.go
++++ b/pkg/services/sqlstore/user_auth_test.go
+@@ -45,7 +45,7 @@ func TestUserAuth(t *testing.T) {
+ 			// By Login
+ 			login := "loginuser0"
+ 
+-			query := &models.GetUserByAuthInfoQuery{Login: login}
++			query := &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Login: &login}}
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -54,7 +54,7 @@ func TestUserAuth(t *testing.T) {
+ 			// By ID
+ 			id := query.Result.Id
+ 
+-			query = &models.GetUserByAuthInfoQuery{UserId: id}
++			query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{UserID: &id}}
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -63,7 +63,7 @@ func TestUserAuth(t *testing.T) {
+ 			// By Email
+ 			email := "user1@test.com"
+ 
+-			query = &models.GetUserByAuthInfoQuery{Email: email}
++			query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}}
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -72,7 +72,7 @@ func TestUserAuth(t *testing.T) {
+ 			// Don't find nonexistent user
+ 			email = "nonexistent@test.com"
+ 
+-			query = &models.GetUserByAuthInfoQuery{Email: email}
++			query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}}
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldEqual, models.ErrUserNotFound)
+@@ -90,7 +90,7 @@ func TestUserAuth(t *testing.T) {
+ 			// create user_auth entry
+ 			login := "loginuser0"
+ 
+-			query.Login = login
++			query.UserLookupParams.Login = &login
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -104,9 +104,9 @@ func TestUserAuth(t *testing.T) {
+ 			So(query.Result.Login, ShouldEqual, login)
+ 
+ 			// get with non-matching id
+-			id := query.Result.Id
++			idPlusOne := query.Result.Id + 1
+ 
+-			query.UserId = id + 1
++			query.UserLookupParams.UserID = &idPlusOne
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -143,7 +143,7 @@ func TestUserAuth(t *testing.T) {
+ 			login := "loginuser0"
+ 
+ 			// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
+-			query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test", AuthId: "test"}
++			query := &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 			err = GetUserByAuthInfo(query)
+ 
+ 			So(err, ShouldBeNil)
+@@ -178,7 +178,7 @@ func TestUserAuth(t *testing.T) {
+ 			// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
+ 			// Make the first log-in during the past
+ 			getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
+-			query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test1", AuthId: "test1"}
++			query := &models.GetUserByAuthInfoQuery{AuthModule: "test1", AuthId: "test1", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 			err = GetUserByAuthInfo(query)
+ 			getTime = time.Now
+ 
+@@ -188,7 +188,7 @@ func TestUserAuth(t *testing.T) {
+ 			// Add a second auth module for this user
+ 			// Have this module's last log-in be more recent
+ 			getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
+-			query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test2", AuthId: "test2"}
++			query = &models.GetUserByAuthInfoQuery{AuthModule: "test2", AuthId: "test2", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 			err = GetUserByAuthInfo(query)
+ 			getTime = time.Now
+ 
+diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
+index 7da19f0ef4..aa796ffb02 100644
+--- a/pkg/services/sqlstore/user_test.go
++++ b/pkg/services/sqlstore/user_test.go
+@@ -455,7 +455,7 @@ func TestUserDataAccess(t *testing.T) {
+ 				// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
+ 				// Make the first log-in during the past
+ 				getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
+-				query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: "ldap0"}
++				query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: "ldap0", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 				err := GetUserByAuthInfo(query)
+ 				getTime = time.Now
+ 
+@@ -465,7 +465,7 @@ func TestUserDataAccess(t *testing.T) {
+ 				// Add a second auth module for this user
+ 				// Have this module's last log-in be more recent
+ 				getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
+-				query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"}
++				query = &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 				err = GetUserByAuthInfo(query)
+ 				getTime = time.Now
+ 
+@@ -511,7 +511,7 @@ func TestUserDataAccess(t *testing.T) {
+ 					// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
+ 					// Make the first log-in during the past
+ 					getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
+-					query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i)}
++					query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i), UserLookupParams: models.UserLookupParams{Login: &login}}
+ 					err := GetUserByAuthInfo(query)
+ 					getTime = time.Now
+ 
+@@ -522,7 +522,7 @@ func TestUserDataAccess(t *testing.T) {
+ 				// Log in first user with oauth
+ 				login := "loginuser0"
+ 				getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
+-				query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"}
++				query := &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}}
+ 				err := GetUserByAuthInfo(query)
+ 				getTime = time.Now
+ 

CVE-2022-39229.patch

@@ -0,0 +1,104 @@
+From 5aa2c77ac1ac544ed6b3a2c5efa767e53b810c3b Mon Sep 17 00:00:00 2001
+From: linoman <2051016+linoman@users.noreply.github.com>
+Date: Fri, 16 Sep 2022 10:46:44 +0200
+Subject: [PATCH] fix CVE-2022-39229
+
+Swap order of login fields
+
+(cherry picked from commit 5ec176cada3d8adf651f844e3f707bc469495abd)
+
+Add test for username/login field conflict
+
+(cherry picked from commit 7aabcf26944835b0418eec6b057a0b186ff206bf)
+
+Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
+Co-authored-by: dsotirakis <dimitrios.sotirakis@grafana.com>
+
+diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go
+index 3dba16a75e..d773bd9dfe 100644
+--- a/pkg/services/sqlstore/user.go
++++ b/pkg/services/sqlstore/user.go
+@@ -298,19 +298,24 @@ func GetUserByLogin(query *models.GetUserByLoginQuery) error {
+ 		return models.ErrUserNotFound
+ 	}
+ 
+-	// Try and find the user by login first.
+-	// It's not sufficient to assume that a LoginOrEmail with an "@" is an email.
++	var has bool
++	var err error
+ 	user := &models.User{Login: query.LoginOrEmail}
+-	has, err := x.Get(user)
+ 
+-	if err != nil {
+-		return err
++	// Since username can be an email address, attempt login with email address
++	// first if the login field has the "@" symbol.
++	if strings.Contains(query.LoginOrEmail, "@") {
++		user = &models.User{Email: query.LoginOrEmail}
++		has, err = x.Get(user)
++
++		if err != nil {
++			return err
++		}
+ 	}
+ 
+-	if !has && strings.Contains(query.LoginOrEmail, "@") {
+-		// If the user wasn't found, and it contains an "@" fallback to finding the
+-		// user by email.
+-		user = &models.User{Email: query.LoginOrEmail}
++	// Lookup the login field instead of email field
++	if !has {
++		user = &models.User{Login: query.LoginOrEmail}
+ 		has, err = x.Get(user)
+ 	}
+ 
+diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
+index aa796ffb02..7fb9d9be2a 100644
+--- a/pkg/services/sqlstore/user_test.go
++++ b/pkg/services/sqlstore/user_test.go
+@@ -42,6 +43,45 @@ func TestUserDataAccess(t *testing.T) {
+ 			})
+ 		})
+ 
++		Convey("Get User by login - user_2 uses user_1.email as login", func() {
++			ss = InitTestDB(t)
++
++			// create user_1
++			cmd1 := &models.CreateUserCommand{
++				Email:      "user_1@mail.com",
++				Name:       "user_1",
++				Login:      "user_1",
++				Password:   "user_1_password",
++				IsDisabled: true,
++			}
++			err := CreateUser(context.Background(), cmd1)
++			So(err, ShouldBeNil)
++
++			// create user_2
++			cmd2 := &models.CreateUserCommand{
++				Email:      "user_2@mail.com",
++				Name:       "user_2",
++				Login:      "user_1@mail.com",
++				Password:   "user_2_password",
++				IsDisabled: true,
++			}
++			err = CreateUser(context.Background(), cmd2)
++			So(err, ShouldBeNil)
++
++			// query user database for user_1 email
++			query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"}
++			err = GetUserByLogin(&query)
++			So(err, ShouldBeNil)
++
++			// expect user_1 as result
++			So(query.Result.Email, ShouldEqual, cmd1.Email)
++			So(query.Result.Login, ShouldEqual, cmd1.Login)
++			So(query.Result.Name, ShouldEqual, cmd1.Name)
++			So(query.Result.Email, ShouldNotEqual, cmd2.Email)
++			So(query.Result.Login, ShouldNotEqual, cmd2.Login)
++			So(query.Result.Name, ShouldNotEqual, cmd2.Name)
++		})
++
+ 		Convey("Creates disabled user", func() {
+ 			cmd := &models.CreateUserCommand{
+ 				Email:      "usertest@test.com",

fix-gtime_test.patch

@@ -0,0 +1,50 @@
+From 3e491ce63e1c8f63abc891765848a7484f0d6005 Mon Sep 17 00:00:00 2001
+From: Andres Martinez Gotor <andres.martinez@grafana.com>
+Date: Wed, 1 Mar 2023 13:08:34 +0100
+Subject: [PATCH] fix gtime_test (#637)
+
+---
+ pkg/components/gtime/gtime_test.go | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/pkg/components/gtime/gtime_test.go b/pkg/components/gtime/gtime_test.go
+index 0b1b23a..a7b952d 100644
+--- a/pkg/components/gtime/gtime_test.go
++++ b/pkg/components/gtime/gtime_test.go
+@@ -72,13 +72,13 @@ func TestParseDuration(t *testing.T) {
+ 
+ func calculateDays() (int, int) {
+ 	now := time.Now().UTC()
+-	currentYear, currentMonth, _ := now.Date()
++	currentYear, currentMonth, currentDay := now.Date()
+ 
+ 	firstDayOfMonth := time.Date(currentYear, currentMonth, 1, 0, 0, 0, 0, time.UTC)
+ 	daysInMonth := firstDayOfMonth.AddDate(0, 1, -1).Day()
+ 
+-	t1 := time.Date(currentYear, 1, 1, 0, 0, 0, 0, time.UTC)
+-	t2 := time.Date(currentYear+1, 1, 1, 0, 0, 0, 0, time.UTC)
++	t1 := time.Date(currentYear, currentMonth, currentDay, 0, 0, 0, 0, time.UTC)
++	t2 := t1.AddDate(1, 0, 0)
+ 
+ 	daysInYear := int(t2.Sub(t1).Hours() / 24)
+ 
+@@ -87,13 +87,13 @@ func calculateDays() (int, int) {
+ 
+ func calculateDays5y() int {
+ 	now := time.Now().UTC()
+-	currentYear, _, _ := now.Date()
++	currentYear, currentMonth, currentDay := now.Date()
+ 
+ 	var daysInYear int
+ 
+ 	for i := 0; i < 5; i++ {
+-		t1 := time.Date(currentYear+i, 1, 1, 0, 0, 0, 0, time.UTC)
+-		t2 := time.Date(currentYear+i+1, 1, 1, 0, 0, 0, 0, time.UTC)
++		t1 := time.Date(currentYear+i, currentMonth, currentDay, 0, 0, 0, 0, time.UTC)
++		t2 := t1.AddDate(1, 0, 0)
+ 
+ 		daysInYear = daysInYear + int(t2.Sub(t1).Hours()/24)
+ 	}
+-- 
+2.33.0
+

grafana.spec

@@ -7,7 +7,7 @@
 
 Name:             grafana
 Version:          7.5.15
-Release:          2
+Release:          7
 Summary:          Metrics dashboard and graph editor
 License:          Apache 2.0
 URL:              https://grafana.org
@@ -27,6 +27,10 @@ Source5:          build_frontend.sh
 Source6:          list_bundled_nodejs_packages.py
 # Source7 contains the script to create the vendor and webpack bundles in a container
 Source7:          create_bundles_in_container.sh
+%ifarch loongarch64
+#Source8 from https://github.com/golang/sys version: v0.4.0
+Source8:	  sys.tar.gz
+%endif
 
 # Patches
 Patch1:           001-wrappers-grafana-cli.patch
@@ -45,6 +49,10 @@ Patch14:          014-CVE-2022-21698.patch
 Patch15:          015-CVE-2022-21698.vendor.patch
 #https://github.com/grafana/grafana/pull/49223
 Patch16:          CVE-2022-29170.patch
+Patch17:          CVE-2022-31107.patch
+# https://github.com/grafana/grafana-plugin-sdk-go/pull/637
+Patch18:          fix-gtime_test.patch
+Patch19:          CVE-2022-39229.patch
 
 BuildRequires:    git, systemd, golang 
 
@@ -419,10 +427,17 @@ rm -r plugins-bundled
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
 
 
 # Set up build subdirs and links
 mkdir -p %{_builddir}/src/github.com/grafana
+%ifarch loongarch64
+rm -rf vendor/golang.org/x/sys
+tar -xf %{SOURCE8} -C vendor/golang.org/x/
+%endif
 ln -s %{_builddir}/%{name}-%{version} \
     %{_builddir}/src/github.com/grafana/grafana
 
@@ -583,6 +598,21 @@ rm -r pkg/macaron
 
 
 %changelog
+* Sat Oct 12 2024 yaoxin <yao_xin001@hoperun.com> - 7.5.15-7
+- Fix CVE-2022-39229
+
+* Mon Jan 22 2024 yaoxin <yao_xin001@hoperun.com> - 7.5.15-6
+- Rebuild for golang cves: CVE-2023-39325 and CVE-2022-32148
+
+* Thu Jul 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 7.5.15-5
+- add loong64 support for grafana
+
+* Thu Apr 13 2023 wangkai <13474090681@163.com> - 7.5.15-4
+- Fix gtime_test
+
+* Wed Aug 17 2022 yaoxin <yaoxin30@h-partners.com> - 7.5.15-3
+- Fix CVE-2022-31107
+
 * Mon Jun 6 2022 yaoxin <yaoxin30@h-partners.com> - 7.5.15-2
 - Fix CVE-2022-29170
 

grafana.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: grafana/grafana
+tag_prefix: ^v
+seperator: .