commit grafana for openSUSE:Factory

Source-Sync Mon, 19 Jan 2026 09:43:55 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package grafana for openSUSE:Factory checked 
in at 2026-01-19 18:39:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grafana (Old)
 and      /work/SRC/openSUSE:Factory/.grafana.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "grafana"

Mon Jan 19 18:39:24 2026 rev:81 rq:1328104 version:11.6.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/grafana/grafana.changes  2025-10-27 
14:40:40.244994777 +0100
+++ /work/SRC/openSUSE:Factory/.grafana.new.1928/grafana.changes        
2026-01-19 18:43:21.543101811 +0100
@@ -1,0 +2,7 @@
+Mon Jan 19 11:53:57 UTC 2026 - Witek Bedyk <[email protected]>
+
+- CVE-2025-68156: Fix potential DoS via unbounded recursion in
+  builtin functions (bsc#1255340)
+- Add 0003-Bump-expr-lang.patch
+
+-------------------------------------------------------------------

New:
----
  0003-Bump-expr-lang.patch

----------(New B)----------
  New:  builtin functions (bsc#1255340)
- Add 0003-Bump-expr-lang.patch
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ grafana.spec ++++++
--- /var/tmp/diff_new_pack.Hyd6MC/_old  2026-01-19 18:43:24.575227269 +0100
+++ /var/tmp/diff_new_pack.Hyd6MC/_new  2026-01-19 18:43:24.575227269 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package grafana
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,7 @@
 Source4:        Makefile
 Source5:        0001-Add-source-code-reference.patch
 Patch2:         0002-Use-bash-instead-of-env.patch
+Patch3:         0003-Bump-expr-lang.patch
 BuildRequires:  fdupes
 BuildRequires:  git-core
 BuildRequires:  golang(API) >= 1.25

++++++ 0003-Bump-expr-lang.patch ++++++
diff --git a/pkg/codegen/go.mod b/pkg/codegen/go.mod
index 1de4e884420..398d54ad264 100644
--- a/pkg/codegen/go.mod
+++ b/pkg/codegen/go.mod
@@ -16,7 +16,7 @@ require (
        github.com/dave/jennifer v1.7.1 // indirect
        github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // 
indirect
        github.com/emicklei/proto v1.13.2 // indirect
-       github.com/expr-lang/expr v1.17.0 // indirect
+       github.com/expr-lang/expr v1.17.7 // indirect
        github.com/getkin/kin-openapi v0.132.0 // indirect
        github.com/go-openapi/jsonpointer v0.21.0 // indirect
        github.com/go-openapi/swag v0.23.0 // indirect
diff --git a/pkg/codegen/go.sum b/pkg/codegen/go.sum
index 0fb82ac718c..94b1beedb45 100644
--- a/pkg/codegen/go.sum
+++ b/pkg/codegen/go.sum
@@ -11,8 +11,8 @@ github.com/davecgh/go-spew 
v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod 
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/proto v1.13.2 
h1:z/etSFO3uyXeuEsVPzfl56WNgzcvIr42aQazXaQmFZY=
 github.com/emicklei/proto v1.13.2/go.mod 
h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A=
-github.com/expr-lang/expr v1.17.0 
h1:+vpszOyzKLQXC9VF+wA8cVA0tlA984/Wabc/1hF9Whg=
-github.com/expr-lang/expr v1.17.0/go.mod 
h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
+github.com/expr-lang/expr v1.17.7 
h1:Q0xY/e/2aCIp8g9s/LGvMDCC5PxYlvHgDZRQ4y16JX8=
+github.com/expr-lang/expr v1.17.7/go.mod 
h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/getkin/kin-openapi v0.132.0 
h1:3ISeLMsQzcb5v26yeJrBcdTCEQTag36ZjaGk7MIRUwk=
 github.com/getkin/kin-openapi v0.132.0/go.mod 
h1:3OlG51PCYNsPByuiMB0t4fjnNlIDnaEDsjiKUV8nL58=
 github.com/go-openapi/jsonpointer v0.21.0 
h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
diff --git a/pkg/plugins/codegen/go.mod b/pkg/plugins/codegen/go.mod
index cdd505e18b4..bae9cc88f1e 100644
--- a/pkg/plugins/codegen/go.mod
+++ b/pkg/plugins/codegen/go.mod
@@ -17,7 +17,7 @@ require (
        github.com/cockroachdb/apd/v3 v3.2.1 // indirect
        github.com/dave/dst v0.27.3 // indirect
        github.com/emicklei/proto v1.13.2 // indirect
-       github.com/expr-lang/expr v1.17.0 // indirect
+       github.com/expr-lang/expr v1.17.7 // indirect
        github.com/getkin/kin-openapi v0.132.0 // indirect
        github.com/go-openapi/jsonpointer v0.21.0 // indirect
        github.com/go-openapi/swag v0.23.0 // indirect
diff --git a/pkg/plugins/codegen/go.sum b/pkg/plugins/codegen/go.sum
index 5f251bb8b75..a29aa5f779e 100644
--- a/pkg/plugins/codegen/go.sum
+++ b/pkg/plugins/codegen/go.sum
@@ -12,8 +12,8 @@ github.com/davecgh/go-spew 
v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod 
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/proto v1.13.2 
h1:z/etSFO3uyXeuEsVPzfl56WNgzcvIr42aQazXaQmFZY=
 github.com/emicklei/proto v1.13.2/go.mod 
h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A=
-github.com/expr-lang/expr v1.17.0 
h1:+vpszOyzKLQXC9VF+wA8cVA0tlA984/Wabc/1hF9Whg=
-github.com/expr-lang/expr v1.17.0/go.mod 
h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
+github.com/expr-lang/expr v1.17.7 
h1:Q0xY/e/2aCIp8g9s/LGvMDCC5PxYlvHgDZRQ4y16JX8=
+github.com/expr-lang/expr v1.17.7/go.mod 
h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/getkin/kin-openapi v0.132.0 
h1:3ISeLMsQzcb5v26yeJrBcdTCEQTag36ZjaGk7MIRUwk=
 github.com/getkin/kin-openapi v0.132.0/go.mod 
h1:3OlG51PCYNsPByuiMB0t4fjnNlIDnaEDsjiKUV8nL58=
 github.com/go-openapi/jsonpointer v0.21.0 
h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=

++++++ Makefile ++++++
--- /var/tmp/diff_new_pack.Hyd6MC/_old  2026-01-19 18:43:24.647230247 +0100
+++ /var/tmp/diff_new_pack.Hyd6MC/_new  2026-01-19 18:43:24.651230413 +0100
@@ -26,6 +26,7 @@
        patch --no-backup-if-mismatch -p1 -i 
../../0001-Add-source-code-reference.patch && \
        # End patches section \
        # Patches for Go modules go after here \
+       patch --no-backup-if-mismatch -p1 -i ../../0003-Bump-expr-lang.patch && 
\
        # End of Go modules patches section \
        go mod download && \
        go mod verify && \

++++++ grafana-11.6.7.tar.gz ++++++
/work/SRC/openSUSE:Factory/grafana/grafana-11.6.7.tar.gz 
/work/SRC/openSUSE:Factory/.grafana.new.1928/grafana-11.6.7.tar.gz differ: char 
5, line 1

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grafana/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.grafana.new.1928/vendor.tar.gz differ: char 5, line 
1

commit grafana for openSUSE:Factory

Reply via email to