Merge remote-tracking branch 'dev/15-10-stable' into 15-10-stable

da8e5b7b · GitLab Release Tools Bot · 1e7eda0f · 4552c092 · da8e5b7b · da8e5b7b
Commit da8e5b7b authored 1 year ago by GitLab Release Tools Bot
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,14 @@
 The latest version of this file can be found at the master branch of the
 omnibus-gitlab repository.
  
+## 15.10.5 (2023-05-01)
+
+### Security (3 changes)
+
+- [Mattermost Security Updates April 2023](gitlab-org/security/omnibus-gitlab@cded3eb54adad5c521fa571aff235ce062e64514) ([merge request](gitlab-org/security/omnibus-gitlab!335))
+- [Patch Openssl for CVE-2023-0464](gitlab-org/security/omnibus-gitlab@5bd5e3ad84e64e37c18482f19a818a21cb0c16c4) ([merge request](gitlab-org/security/omnibus-gitlab!332))
+- [Patch Grafana against session cookie vulnerability and CVE-2023-1410](gitlab-org/security/omnibus-gitlab@febd112507472947b583f560183e0277b1364a9a) ([merge request](gitlab-org/security/omnibus-gitlab!327))
+
 ## 15.10.4 (2023-04-21)
  
 No changes.

--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-15.10.4
\ No newline at end of file
+15.10.5
\ No newline at end of file
--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
-15.10.4
\ No newline at end of file
+15.10.5
\ No newline at end of file
--- a/VERSION
+++ b/VERSION
-15.10.4-ee
\ No newline at end of file
+15.10.5-ee
\ No newline at end of file
--- a/config/patches/grafana/cve-2023-1410.patch
+++ b/config/patches/grafana/cve-2023-1410.patch
+diff --git a/package.json b/package.json
+index e6a40f91a3..118bcff2fc 100644
+--- a/package.json
+++ b/package.json
+@@ -280,7 +280,6 @@
+     "redux-thunk": "2.3.0",
+     "regenerator-runtime": "0.13.3",
+     "reselect": "4.0.0",
+-    "rst2html": "github:thoward/rst2html#990cb89",
+     "rxjs": "6.6.3",
+     "search-query-parser": "1.5.4",
+     "slate": "0.47.8",
+diff --git a/public/app/plugins/datasource/graphite/FunctionEditor.tsx b/public/app/plugins/datasource/graphite/FunctionEditor.tsx
+index d178904640..888b5246da 100644
+--- a/public/app/plugins/datasource/graphite/FunctionEditor.tsx
+++ b/public/app/plugins/datasource/graphite/FunctionEditor.tsx
+@@ -10,11 +10,9 @@ interface FunctionEditorState {
+   showingDescription: boolean;
+ }
+ const FunctionDescription = React.lazy(async () => {
+-  // @ts-ignore
+-  const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
+   return {
+     default(props: { description?: string }) {
+-      return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />;
+      return <div>{props.description}</div>;
+     },
+   };
+ });
+diff --git a/public/app/plugins/datasource/graphite/add_graphite_func.ts b/public/app/plugins/datasource/graphite/add_graphite_func.ts
+index 5216194ef7..ede76f6059 100644
+--- a/public/app/plugins/datasource/graphite/add_graphite_func.ts
+++ b/public/app/plugins/datasource/graphite/add_graphite_func.ts
+@@ -108,9 +108,7 @@ export function graphiteAddFunc($compile: any) {
+             }
+ 
+             const contentElement = document.createElement('div');
+-            // @ts-ignore
+-            const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
+-            contentElement.innerHTML = '<h4>' + funcDef.name + '</h4>' + rst2html(shortDesc);
+            contentElement.innerHTML = '<h4>' + funcDef.name + '</h4>' + shortDesc;
+ 
+             drop = new Drop({
+               target: this,
+diff --git a/yarn.lock b/yarn.lock
+index c17e6153be..1363fc06be 100644
+--- a/yarn.lock
+++ b/yarn.lock
+@@ -7613,11 +7613,6 @@ accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
+     mime-types "~2.1.24"
+     negotiator "0.6.2"
+ 
+-acorn-es7-plugin@^1.0.12:
+-  version "1.1.7"
+-  resolved "https://registry.yarnpkg.com/acorn-es7-plugin/-/acorn-es7-plugin-1.1.7.tgz#f2ee1f3228a90eead1245f9ab1922eb2e71d336b"
+-  integrity sha1-8u4fMiipDurRJF+asZIusucdM2s=
+-
+ acorn-globals@^4.3.2:
+   version "4.3.4"
+   resolved "https://registry.yarnpkg.com/acorn-globals/-/acorn-globals-4.3.4.tgz#9fa1926addc11c97308c4e66d7add0d40c3272e7"
+@@ -7671,7 +7666,7 @@ acorn@^3.0.4:
+   resolved "https://registry.yarnpkg.com/acorn/-/acorn-3.3.0.tgz#45e37fb39e8da3f25baee3ff5369e2bb5f22017a"
+   integrity sha1-ReN/s56No/JbruP/U2niu18iAXo=
+ 
+-acorn@^5.0.0, acorn@^5.5.0:
+acorn@^5.5.0:
+   version "5.7.4"
+   resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.4.tgz#3e8d8a9947d0599a1796d10225d7432f4a4acf5e"
+   integrity sha512-1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg==
+@@ -9443,11 +9438,6 @@ call-me-maybe@^1.0.1:
+   resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.1.tgz#26d208ea89e37b5cbde60250a15f031c16a4d66b"
+   integrity sha1-JtII6onje1y95gJQoV8DHBak1ms=
+ 
+-call-signature@0.0.2:
+-  version "0.0.2"
+-  resolved "https://registry.yarnpkg.com/call-signature/-/call-signature-0.0.2.tgz#a84abc825a55ef4cb2b028bd74e205a65b9a4996"
+-  integrity sha1-qEq8glpV70yysCi9dOIFpluaSZY=
+-
+ caller-callsite@^2.0.0:
+   version "2.0.0"
+   resolved "https://registry.yarnpkg.com/caller-callsite/-/caller-callsite-2.0.0.tgz#847e0fce0a223750a9a027c54b33731ad3154134"
+@@ -9566,17 +9556,7 @@ caniuse-db@1.0.30000772:
+   resolved "https://registry.yarnpkg.com/caniuse-db/-/caniuse-db-1.0.30000772.tgz#51aae891768286eade4a3d8319ea76d6a01b512b"
+   integrity sha1-UarokXaChureSj2DGep21qAbUSs=
+ 
+-caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001173:
+-  version "1.0.30001299"
+-  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz"
+-  integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw==
+-
+-caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001020, caniuse-lite@^1.0.30001035, caniuse-lite@^1.0.30001093:
+-  version "1.0.30001299"
+-  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz"
+-  integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw==
+-
+-caniuse-lite@^1.0.30001109:
+caniuse-lite@^1.0.0, caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001020, caniuse-lite@^1.0.30001035, caniuse-lite@^1.0.30001093, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001173:
+   version "1.0.30001299"
+   resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz"
+   integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw==
+@@ -10552,7 +10532,7 @@ core-js@^1.0.0:
+   resolved "https://registry.yarnpkg.com/core-js/-/core-js-1.2.7.tgz#652294c14651db28fa93bd2d5ff2983a4f08c636"
+   integrity sha1-ZSKUwUZR2yj6k70tX/KYOk8IxjY=
+ 
+-core-js@^2.0.0, core-js@^2.4.0:
+core-js@^2.4.0:
+   version "2.6.10"
+   resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.10.tgz#8a5b8391f8cc7013da703411ce5b585706300d7f"
+   integrity sha512-I39t74+4t+zau64EN1fE5v2W31Adtc/REhzWN+gWRRXg6WH5qAsZm62DHpQ1+Yhe4047T55jvzz7MUqF/dBBlA==
+@@ -11778,11 +11758,6 @@ dezalgo@^1.0.0:
+     asap "^2.0.0"
+     wrappy "1"
+ 
+-diff-match-patch@^1.0.0:
+-  version "1.0.4"
+-  resolved "https://registry.yarnpkg.com/diff-match-patch/-/diff-match-patch-1.0.4.tgz#6ac4b55237463761c4daf0dc603eb869124744b1"
+-  integrity sha512-Uv3SW8bmH9nAtHKaKSanOQmj2DnlH65fUpcrMdfdaOxUG02QQ4YGZ8AE7kKOMisF7UqvOlGKVYWRvezdncW9lg==
+-
+ diff-sequences@^25.2.6:
+   version "25.2.6"
+   resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-25.2.6.tgz#5f467c00edd35352b7bca46d7927d60e687a76dd"
+@@ -12079,11 +12054,6 @@ duplexify@^3.4.2, duplexify@^3.6.0:
+     readable-stream "^2.0.0"
+     stream-shift "^1.0.0"
+ 
+-eastasianwidth@^0.2.0:
+-  version "0.2.0"
+-  resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb"
+-  integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==
+-
+ ecc-jsbn@~0.1.1:
+   version "0.1.2"
+   resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9"
+@@ -12201,22 +12171,6 @@ emotion@10.0.27, emotion@^10.0.27:
+     babel-plugin-emotion "^10.0.27"
+     create-emotion "^10.0.27"
+ 
+-empower-core@^1.2.0:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/empower-core/-/empower-core-1.2.0.tgz#ce3fb2484d5187fa29c23fba8344b0b2fdf5601c"
+-  integrity sha512-g6+K6Geyc1o6FdXs9HwrXleCFan7d66G5xSCfSF7x1mJDCes6t0om9lFQG3zOrzh3Bkb/45N0cZ5Gqsf7YrzGQ==
+-  dependencies:
+-    call-signature "0.0.2"
+-    core-js "^2.0.0"
+-
+-empower@^1.3.1:
+-  version "1.3.1"
+-  resolved "https://registry.yarnpkg.com/empower/-/empower-1.3.1.tgz#768979cbbb36d71d8f5edaab663deacb9dab916c"
+-  integrity sha512-uB6/ViBaawOO/uujFADTK3SqdYlxYNn+N4usK9MRKZ4Hbn/1QSy8k2PezxCA2/+JGbF8vd/eOfghZ90oOSDZCA==
+-  dependencies:
+-    core-js "^2.0.0"
+-    empower-core "^1.2.0"
+-
+ encodeurl@~1.0.2:
+   version "1.0.2"
+   resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59"
+@@ -12925,13 +12879,6 @@ esprima@~3.1.0:
+   resolved "https://registry.yarnpkg.com/esprima/-/esprima-3.1.3.tgz#fdca51cee6133895e3c88d535ce49dbff62a4633"
+   integrity sha1-/cpRzuYTOJXjyI1TXOSdv/YqRjM=
+ 
+-espurify@^1.6.0:
+-  version "1.8.1"
+-  resolved "https://registry.yarnpkg.com/espurify/-/espurify-1.8.1.tgz#5746c6c1ab42d302de10bd1d5bf7f0e8c0515056"
+-  integrity sha512-ZDko6eY/o+D/gHCWyHTU85mKDgYcS4FJj7S+YD6WIInm7GQ6AnOjmcL4+buFV/JOztVLELi/7MmuGU5NHta0Mg==
+-  dependencies:
+-    core-js "^2.0.0"
+-
+ esquery@^1.4.0:
+   version "1.4.0"
+   resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.4.0.tgz#2148ffc38b82e8c7057dfed48425b3e61f0f24a5"
+@@ -15305,11 +15252,6 @@ indexes-of@^1.0.1:
+   resolved "https://registry.yarnpkg.com/indexes-of/-/indexes-of-1.0.1.tgz#f30f716c8e2bd346c7b67d3df3915566a7c05607"
+   integrity sha1-8w9xbI4r00bHtn0985FVZqfAVgc=
+ 
+-indexof@0.0.1:
+-  version "0.0.1"
+-  resolved "https://registry.yarnpkg.com/indexof/-/indexof-0.0.1.tgz#82dc336d232b9062179d05ab3293a66059fd435d"
+-  integrity sha1-gtwzbSMrkGIXnQWrMpOmYFn9Q10=
+-
+ infer-owner@^1.0.3, infer-owner@^1.0.4:
+   version "1.0.4"
+   resolved "https://registry.yarnpkg.com/infer-owner/-/infer-owner-1.0.4.tgz#c4cefcaa8e51051c2a40ba2ce8a3d27295af9467"
+@@ -19118,7 +19060,7 @@ object-is@^1.1.2:
+     define-properties "^1.1.3"
+     es-abstract "^1.18.0-next.1"
+ 
+-object-keys@^1.0.0, object-keys@^1.0.11, object-keys@^1.0.12, object-keys@^1.1.1:
+object-keys@^1.0.11, object-keys@^1.0.12, object-keys@^1.1.1:
+   version "1.1.1"
+   resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
+   integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==
+@@ -20722,105 +20664,6 @@ postcss@^7.0.23, postcss@^7.0.26:
+     source-map "^0.6.1"
+     supports-color "^6.1.0"
+ 
+-power-assert-context-formatter@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-context-formatter/-/power-assert-context-formatter-1.2.0.tgz#8fbe72692288ec5a7203cdf215c8b838a6061d2a"
+-  integrity sha512-HLNEW8Bin+BFCpk/zbyKwkEu9W8/zThIStxGo7weYcFkKgMuGCHUJhvJeBGXDZf0Qm2xis4pbnnciGZiX0EpSg==
+-  dependencies:
+-    core-js "^2.0.0"
+-    power-assert-context-traversal "^1.2.0"
+-
+-power-assert-context-reducer-ast@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-context-reducer-ast/-/power-assert-context-reducer-ast-1.2.0.tgz#c7ca1c9e39a6fb717f7ac5fe9e76e192bf525df3"
+-  integrity sha512-EgOxmZ/Lb7tw4EwSKX7ZnfC0P/qRZFEG28dx/690qvhmOJ6hgThYFm5TUWANDLK5NiNKlPBi5WekVGd2+5wPrw==
+-  dependencies:
+-    acorn "^5.0.0"
+-    acorn-es7-plugin "^1.0.12"
+-    core-js "^2.0.0"
+-    espurify "^1.6.0"
+-    estraverse "^4.2.0"
+-
+-power-assert-context-traversal@^1.2.0:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-context-traversal/-/power-assert-context-traversal-1.2.0.tgz#f6e71454baf640de5c1c9c270349f5c9ab0b2e94"
+-  integrity sha512-NFoHU6g2umNajiP2l4qb0BRWD773Aw9uWdWYH9EQsVwIZnog5bd2YYLFCVvaxWpwNzWeEfZIon2xtyc63026pQ==
+-  dependencies:
+-    core-js "^2.0.0"
+-    estraverse "^4.1.0"
+-
+-power-assert-formatter@^1.4.1:
+-  version "1.4.1"
+-  resolved "https://registry.yarnpkg.com/power-assert-formatter/-/power-assert-formatter-1.4.1.tgz#5dc125ed50a3dfb1dda26c19347f3bf58ec2884a"
+-  integrity sha1-XcEl7VCj37HdomwZNH879Y7CiEo=
+-  dependencies:
+-    core-js "^2.0.0"
+-    power-assert-context-formatter "^1.0.7"
+-    power-assert-context-reducer-ast "^1.0.7"
+-    power-assert-renderer-assertion "^1.0.7"
+-    power-assert-renderer-comparison "^1.0.7"
+-    power-assert-renderer-diagram "^1.0.7"
+-    power-assert-renderer-file "^1.0.7"
+-
+-power-assert-renderer-assertion@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-renderer-assertion/-/power-assert-renderer-assertion-1.2.0.tgz#3db6ffcda106b37bc1e06432ad0d748a682b147a"
+-  integrity sha512-3F7Q1ZLmV2ZCQv7aV7NJLNK9G7QsostrhOU7U0RhEQS/0vhEqrRg2jEJl1jtUL4ZyL2dXUlaaqrmPv5r9kRvIg==
+-  dependencies:
+-    power-assert-renderer-base "^1.1.1"
+-    power-assert-util-string-width "^1.2.0"
+-
+-power-assert-renderer-base@^1.1.1:
+-  version "1.1.1"
+-  resolved "https://registry.yarnpkg.com/power-assert-renderer-base/-/power-assert-renderer-base-1.1.1.tgz#96a650c6fd05ee1bc1f66b54ad61442c8b3f63eb"
+-  integrity sha1-lqZQxv0F7hvB9mtUrWFELIs/Y+s=
+-
+-power-assert-renderer-comparison@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-renderer-comparison/-/power-assert-renderer-comparison-1.2.0.tgz#e4f88113225a69be8aa586ead05aef99462c0495"
+-  integrity sha512-7c3RKPDBKK4E3JqdPtYRE9cM8AyX4LC4yfTvvTYyx8zSqmT5kJnXwzR0yWQLOavACllZfwrAGQzFiXPc5sWa+g==
+-  dependencies:
+-    core-js "^2.0.0"
+-    diff-match-patch "^1.0.0"
+-    power-assert-renderer-base "^1.1.1"
+-    stringifier "^1.3.0"
+-    type-name "^2.0.1"
+-
+-power-assert-renderer-diagram@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-renderer-diagram/-/power-assert-renderer-diagram-1.2.0.tgz#37f66e8542e5677c5b58e6d72b01c0d9a30e2219"
+-  integrity sha512-JZ6PC+DJPQqfU6dwSmpcoD7gNnb/5U77bU5KgNwPPa+i1Pxiz6UuDeM3EUBlhZ1HvH9tMjI60anqVyi5l2oNdg==
+-  dependencies:
+-    core-js "^2.0.0"
+-    power-assert-renderer-base "^1.1.1"
+-    power-assert-util-string-width "^1.2.0"
+-    stringifier "^1.3.0"
+-
+-power-assert-renderer-file@^1.0.7:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-renderer-file/-/power-assert-renderer-file-1.2.0.tgz#3f4bebd9e1455d75cf2ac541e7bb515a87d4ce4b"
+-  integrity sha512-/oaVrRbeOtGoyyd7e4IdLP/jIIUFJdqJtsYzP9/88R39CMnfF/S/rUc8ZQalENfUfQ/wQHu+XZYRMaCEZmEesg==
+-  dependencies:
+-    power-assert-renderer-base "^1.1.1"
+-
+-power-assert-util-string-width@^1.2.0:
+-  version "1.2.0"
+-  resolved "https://registry.yarnpkg.com/power-assert-util-string-width/-/power-assert-util-string-width-1.2.0.tgz#6e06d5e3581bb876c5d377c53109fffa95bd91a0"
+-  integrity sha512-lX90G0igAW0iyORTILZ/QjZWsa1MZ6VVY3L0K86e2eKun3S4LKPH4xZIl8fdeMYLfOjkaszbNSzf1uugLeAm2A==
+-  dependencies:
+-    eastasianwidth "^0.2.0"
+-
+-power-assert@^1.2.0:
+-  version "1.6.1"
+-  resolved "https://registry.yarnpkg.com/power-assert/-/power-assert-1.6.1.tgz#b28cbc02ae808afd1431d0cd5093a39ac5a5b1fe"
+-  integrity sha512-VWkkZV6Y+W8qLX/PtJu2Ur2jDPIs0a5vbP0TpKeybNcIXmT4vcKoVkyTp5lnQvTpY/DxacAZ4RZisHRHLJcAZQ==
+-  dependencies:
+-    define-properties "^1.1.2"
+-    empower "^1.3.1"
+-    power-assert-formatter "^1.4.1"
+-    universal-deep-strict-equal "^1.2.1"
+-    xtend "^4.0.0"
+-
+ preceptor-core@~0.10.0:
+   version "0.10.1"
+   resolved "https://registry.yarnpkg.com/preceptor-core/-/preceptor-core-0.10.1.tgz#c31eb026fad91c24b44351308ac97e625ec69511"
+@@ -22981,16 +22824,6 @@ restore-cursor@^3.1.0:
+     onetime "^5.1.0"
+     signal-exit "^3.0.2"
+ 
+-restructured@0.0.11:
+-  version "0.0.11"
+-  resolved "https://registry.yarnpkg.com/restructured/-/restructured-0.0.11.tgz#f914f6b6f358b8e45d6d8ee268926cf1a783f710"
+-  integrity sha1-+RT2tvNYuORdbY7iaJJs8aeD9xA=
+-  dependencies:
+-    commander "^2.9.0"
+-    lodash "^4.0.0"
+-    power-assert "^1.2.0"
+-    unist-util-map "^1.0.2"
+-
+ ret@~0.1.10:
+   version "0.1.15"
+   resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+@@ -23137,12 +22970,6 @@ rst-selector-parser@^2.2.3:
+     lodash.flattendeep "^4.4.0"
+     nearley "^2.7.10"
+ 
+-"rst2html@github:thoward/rst2html#990cb89":
+-  version "1.0.4"
+-  resolved "https://codeload.github.com/thoward/rst2html/tar.gz/990cb89f2a300cdd9151790be377c4c0840df809"
+-  dependencies:
+-    restructured "0.0.11"
+-
+ rsvp@^4.8.4:
+   version "4.8.5"
+   resolved "https://registry.yarnpkg.com/rsvp/-/rsvp-4.8.5.tgz#c8f155311d167f68f21e168df71ec5b083113734"
+@@ -24427,15 +24254,6 @@ string_decoder@~1.1.1:
+   dependencies:
+     safe-buffer "~5.1.0"
+ 
+-stringifier@^1.3.0:
+-  version "1.4.0"
+-  resolved "https://registry.yarnpkg.com/stringifier/-/stringifier-1.4.0.tgz#d704581567f4526265d00ed8ecb354a02c3fec28"
+-  integrity sha512-cNsMOqqrcbLcHTXEVmkw9y0fwDwkdgtZwlfyolzpQDoAE1xdNGhQhxBUfiDvvZIKl1hnUEgMv66nHwtMz3OjPw==
+-  dependencies:
+-    core-js "^2.0.0"
+-    traverse "^0.6.6"
+-    type-name "^2.0.1"
+-
+ stringify-object@^3.3.0:
+   version "3.3.0"
+   resolved "https://registry.yarnpkg.com/stringify-object/-/stringify-object-3.3.0.tgz#703065aefca19300d3ce88af4f5b3956d7556629"
+@@ -25173,11 +24991,6 @@ tr46@^2.0.2:
+   dependencies:
+     punycode "^2.1.1"
+ 
+-traverse@^0.6.6:
+-  version "0.6.6"
+-  resolved "https://registry.yarnpkg.com/traverse/-/traverse-0.6.6.tgz#cbdf560fd7b9af632502fed40f918c157ea97137"
+-  integrity sha1-y99WD9e5r2MlAv7UD5GMFX6pcTc=
+-
+ tree-kill@^1.1.0:
+   version "1.2.2"
+   resolved "https://registry.yarnpkg.com/tree-kill/-/tree-kill-1.2.2.tgz#4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc"
+@@ -25394,11 +25207,6 @@ type-is@~1.6.17, type-is@~1.6.18:
+     media-typer "0.3.0"
+     mime-types "~2.1.24"
+ 
+-type-name@^2.0.1:
+-  version "2.0.2"
+-  resolved "https://registry.yarnpkg.com/type-name/-/type-name-2.0.2.tgz#efe7d4123d8ac52afff7f40c7e4dec5266008fb4"
+-  integrity sha1-7+fUEj2KxSr/9/QMfk3sUmYAj7Q=
+-
+ type-of@^2.0.1:
+   version "2.0.1"
+   resolved "https://registry.yarnpkg.com/type-of/-/type-of-2.0.1.tgz#e72a1741896568e9f628378d816d6912f7f23972"
+@@ -25590,13 +25398,6 @@ unist-util-is@^4.0.0:
+   resolved "https://registry.yarnpkg.com/unist-util-is/-/unist-util-is-4.0.4.tgz#3e9e8de6af2eb0039a59f50c9b3e99698a924f50"
+   integrity sha512-3dF39j/u423v4BBQrk1AQ2Ve1FxY5W3JKwXxVFzBODQ6WEvccguhgp802qQLKSnxPODE6WuRZtV+ohlUg4meBA==
+ 
+-unist-util-map@^1.0.2:
+-  version "1.0.5"
+-  resolved "https://registry.yarnpkg.com/unist-util-map/-/unist-util-map-1.0.5.tgz#701069b72e1d1cc02db265502a5e82b77c2eb8b7"
+-  integrity sha512-dFil/AN6vqhnQWNCZk0GF/G3+Q5YwsB+PqjnzvpO2wzdRtUJ1E8PN+XRE/PRr/G3FzKjRTJU0haqE0Ekl+O3Ag==
+-  dependencies:
+-    object-assign "^4.0.1"
+-
+ unist-util-position@^3.0.0:
+   version "3.1.0"
+   resolved "https://registry.yarnpkg.com/unist-util-position/-/unist-util-position-3.1.0.tgz#1c42ee6301f8d52f47d14f62bbdb796571fa2d47"
+@@ -25640,15 +25441,6 @@ unist-util-visit@2.0.3, unist-util-visit@^2.0.0:
+     unist-util-is "^4.0.0"
+     unist-util-visit-parents "^3.0.0"
+ 
+-universal-deep-strict-equal@^1.2.1:
+-  version "1.2.2"
+-  resolved "https://registry.yarnpkg.com/universal-deep-strict-equal/-/universal-deep-strict-equal-1.2.2.tgz#0da4ac2f73cff7924c81fa4de018ca562ca2b0a7"
+-  integrity sha1-DaSsL3PP95JMgfpN4BjKViyisKc=
+-  dependencies:
+-    array-filter "^1.0.0"
+-    indexof "0.0.1"
+-    object-keys "^1.0.0"
+-
+ universal-user-agent@^4.0.0:
+   version "4.0.1"
+   resolved "https://registry.yarnpkg.com/universal-user-agent/-/universal-user-agent-4.0.1.tgz#fd8d6cb773a679a709e967ef8288a31fcc03e557"
--- a/config/patches/grafana/session-cookie.patch
+++ b/config/patches/grafana/session-cookie.patch
+diff --git a/conf/defaults.ini b/conf/defaults.ini
+index b716c9e35a..2d3fcef800 100644
+--- a/conf/defaults.ini
+++ b/conf/defaults.ini
+@@ -342,6 +342,9 @@ hidden_users =
+ # Login cookie name
+ login_cookie_name = grafana_session
+ 
+# GitLab Session Cookie name
+gitlab_auth_cookie_name = _gitlab_session
+
+ # The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation (token_rotation_interval_minutes).
+ login_maximum_inactive_lifetime_duration =
+ 
+diff --git a/pkg/api/pluginproxy/ds_proxy.go b/pkg/api/pluginproxy/ds_proxy.go
+index b5537ba6eb..93f6b398b7 100644
+--- a/pkg/api/pluginproxy/ds_proxy.go
+++ b/pkg/api/pluginproxy/ds_proxy.go
+@@ -222,7 +222,7 @@ func (proxy *DataSourceProxy) director(req *http.Request) {
+ 		}
+ 	}
+ 
+-	proxyutil.ClearCookieHeader(req, keepCookieNames)
+	proxyutil.ClearCookieHeader(req, keepCookieNames, []string{proxy.cfg.LoginCookieName, proxy.cfg.GitLabAuthCookieName})
+ 	proxyutil.PrepareProxyRequest(req)
+ 
+ 	req.Header.Set("User-Agent", fmt.Sprintf("Grafana/%s", setting.BuildVersion))
+diff --git a/pkg/plugins/backendplugin/manager.go b/pkg/plugins/backendplugin/manager.go
+index cc0c902fb6..a6f74b404c 100644
+--- a/pkg/plugins/backendplugin/manager.go
+++ b/pkg/plugins/backendplugin/manager.go
+@@ -275,7 +275,7 @@ func (m *manager) callResourceInternal(w http.ResponseWriter, req *http.Request,
+ 		}
+ 	}
+ 
+-	proxyutil.ClearCookieHeader(req, keepCookieModel.KeepCookies)
+	proxyutil.ClearCookieHeader(req, keepCookieModel.KeepCookies, []string{m.Cfg.LoginCookieName, m.Cfg.GitLabAuthCookieName})
+ 	proxyutil.PrepareProxyRequest(req)
+ 
+ 	body, err := ioutil.ReadAll(req.Body)
+diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
+index 2eb0d6b225..8b41859585 100644
+--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
+@@ -284,6 +284,7 @@ type Cfg struct {
+ 	BasicAuthEnabled             bool
+ 	AdminUser                    string
+ 	AdminPassword                string
+	GitLabAuthCookieName         string
+ 
+ 	// AWS Plugin Auth
+ 	AWSAllowedAuthProviders []string
+@@ -1158,6 +1159,7 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
+ 	auth := iniFile.Section("auth")
+ 
+ 	cfg.LoginCookieName = valueAsString(auth, "login_cookie_name", "grafana_session")
+	cfg.GitLabAuthCookieName = valueAsString(auth, "gitlab_auth_cookie_name", "_gitlab_session")
+ 	maxInactiveDaysVal := auth.Key("login_maximum_inactive_lifetime_days").MustString("")
+ 	if maxInactiveDaysVal != "" {
+ 		maxInactiveDaysVal = fmt.Sprintf("%sd", maxInactiveDaysVal)
+diff --git a/pkg/util/proxyutil/proxyutil.go b/pkg/util/proxyutil/proxyutil.go
+index 3db22a1426..ee56120cc6 100644
+--- a/pkg/util/proxyutil/proxyutil.go
+++ b/pkg/util/proxyutil/proxyutil.go
+@@ -3,6 +3,7 @@ package proxyutil
+ import (
+ 	"net"
+ 	"net/http"
+	"sort"
+ )
+ 
+ // PrepareProxyRequest prepares a request for being proxied.
+@@ -26,19 +27,31 @@ func PrepareProxyRequest(req *http.Request) {
+ 	}
+ }
+ 
+-// ClearCookieHeader clear cookie header, except for cookies specified to be kept.
+-func ClearCookieHeader(req *http.Request, keepCookiesNames []string) {
+-	var keepCookies []*http.Cookie
+// ClearCookieHeader clear cookie header, except for cookies specified to be kept (keepCookiesNames) if not in skipCookiesNames.
+func ClearCookieHeader(req *http.Request, keepCookiesNames []string, skipCookiesNames []string) {
+	keepCookies := map[string]*http.Cookie{}
+ 	for _, c := range req.Cookies() {
+ 		for _, v := range keepCookiesNames {
+ 			if c.Name == v {
+-				keepCookies = append(keepCookies, c)
+				keepCookies[c.Name] = c
+ 			}
+ 		}
+ 	}
+ 
+	for _, v := range skipCookiesNames {
+		delete(keepCookies, v)
+	}
+
+ 	req.Header.Del("Cookie")
+-	for _, c := range keepCookies {
+
+	sortedCookies := []string{}
+	for name := range keepCookies {
+		sortedCookies = append(sortedCookies, name)
+	}
+	sort.Strings(sortedCookies)
+
+	for _, name := range sortedCookies {
+		c := keepCookies[name]
+ 		req.AddCookie(c)
+ 	}
+ }
+diff --git a/pkg/util/proxyutil/proxyutil_test.go b/pkg/util/proxyutil/proxyutil_test.go
+index 5ff61ec1d2..03d816bbcd 100644
+--- a/pkg/util/proxyutil/proxyutil_test.go
+++ b/pkg/util/proxyutil/proxyutil_test.go
+@@ -49,7 +49,7 @@ func TestClearCookieHeader(t *testing.T) {
+ 		require.NoError(t, err)
+ 		req.AddCookie(&http.Cookie{Name: "cookie"})
+ 
+-		ClearCookieHeader(req, nil)
+		ClearCookieHeader(req, nil, nil)
+ 		require.NotContains(t, req.Header, "Cookie")
+ 	})
+ 
+@@ -60,8 +60,20 @@ func TestClearCookieHeader(t *testing.T) {
+ 		req.AddCookie(&http.Cookie{Name: "cookie2"})
+ 		req.AddCookie(&http.Cookie{Name: "cookie3"})
+ 
+-		ClearCookieHeader(req, []string{"cookie1", "cookie3"})
+		ClearCookieHeader(req, []string{"cookie1", "cookie3"}, nil)
+ 		require.Contains(t, req.Header, "Cookie")
+ 		require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
+ 	})
+
+	t.Run("Clear cookie header with cookies to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodGet, "/", nil)
+		require.NoError(t, err)
+		req.AddCookie(&http.Cookie{Name: "cookie1"})
+		req.AddCookie(&http.Cookie{Name: "cookie2"})
+		req.AddCookie(&http.Cookie{Name: "cookie3"})
+
+		ClearCookieHeader(req, []string{"cookie1", "cookie3"}, []string{"cookie3"})
+		require.Contains(t, req.Header, "Cookie")
+		require.Equal(t, "cookie1=", req.Header.Get("Cookie"))
+	})
+ }
--- a/config/patches/openssl/openssl-1.1.1t-excessive-resource-use-verifying-policy-constraints.patch
+++ b/config/patches/openssl/openssl-1.1.1t-excessive-resource-use-verifying-policy-constraints.patch
+From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 15:28:20 +1100
+Subject: [PATCH] x509: excessive resource use verifying policy constraints
+
+A security vulnerability has been identified in all supported versions
+of OpenSSL related to the verification of X.509 certificate chains
+that include policy constraints.  Attackers may be able to exploit this
+vulnerability by creating a malicious certificate chain that triggers
+exponential use of computational resources, leading to a denial-of-service
+(DoS) attack on affected systems.
+
+Fixes CVE-2023-0464
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20569)
+---
+ crypto/x509v3/pcy_local.h |  8 +++++++-
+ crypto/x509v3/pcy_node.c  | 12 +++++++++---
+ crypto/x509v3/pcy_tree.c  | 37 +++++++++++++++++++++++++++----------
+ 3 files changed, 43 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h
+index 5daf78de45..344aa06765 100644
+--- a/crypto/x509v3/pcy_local.h
+++ b/crypto/x509v3/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
+    /* The number of nodes in the tree */
+    size_t node_count;
+    /* The maximum number of nodes in the tree */
+    size_t node_maximum;
+
+     /* This is the tree 'level' data */
+     X509_POLICY_LEVEL *levels;
+     int nlevel;
+@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree);
+                                 X509_POLICY_TREE *tree,
+                                 int extra_data);
+ void policy_node_free(X509_POLICY_NODE *node);
+ int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
+index e2d7b15322..d574fb9d66 100644
+--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree)
+                                 X509_POLICY_TREE *tree,
+                                 int extra_data)
+ {
+     X509_POLICY_NODE *node;
+
+    /* Verify that the tree isn't too large.  This mitigates CVE-2023-0464 */
+    if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+        return NULL;
+
+     node = OPENSSL_zalloc(sizeof(*node));
+     if (node == NULL) {
+         X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+     }
+     node->data = data;
+     node->parent = parent;
+-    if (level) {
+    if (level != NULL) {
+         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+             if (level->anyPolicy)
+                 goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+
+-    if (tree) {
+    if (extra_data) {
+         if (tree->extra_data == NULL)
+             tree->extra_data = sk_X509_POLICY_DATA_new_null();
+         if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+
+    tree->node_count++;
+     if (parent)
+         parent->nchild++;
+
+diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
+index 6e8322cbc5..6c7fd35405 100644
+--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
+@@ -13,6 +13,18 @@
+
+ #include "pcy_local.h"
+
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
+ /*
+  * Enable this to print out the complete policy tree at various point during
+  * evaluation.
+@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+         return X509_PCY_TREE_INTERNAL;
+     }
+
+    /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+    tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
+     /*
+      * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+      *
+@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+     level = tree->levels;
+     if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+         goto bad_tree;
+-    if (level_add_node(level, data, NULL, tree) == NULL) {
+    if (level_add_node(level, data, NULL, tree, 1) == NULL) {
+         policy_data_free(data);
+         goto bad_tree;
+     }
+@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+  * Return value: 1 on success, 0 otherwise
+  */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+-                                    X509_POLICY_DATA *data)
+                                    X509_POLICY_DATA *data,
+                                    X509_POLICY_TREE *tree)
+ {
+     X509_POLICY_LEVEL *last = curr - 1;
+     int i, matched = 0;
+@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+         if (policy_node_match(last, node, data->valid_policy)) {
+-            if (level_add_node(curr, data, node, NULL) == NULL)
+            if (level_add_node(curr, data, node, tree, 0) == NULL)
+                 return 0;
+             matched = 1;
+         }
+     }
+     if (!matched && last->anyPolicy) {
+-        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+        if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+             return 0;
+     }
+     return 1;
+@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+  * Return value: 1 on success, 0 otherwise.
+  */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+-                           const X509_POLICY_CACHE *cache)
+                           const X509_POLICY_CACHE *cache,
+                           X509_POLICY_TREE *tree)
+ {
+     int i;
+
+@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+         /* Look for matching nodes in previous level */
+-        if (!tree_link_matching_nodes(curr, data))
+        if (!tree_link_matching_nodes(curr, data, tree))
+             return 0;
+     }
+     return 1;
+@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+     /* Curr may not have anyPolicy */
+     data->qualifier_set = cache->anyPolicy->qualifier_set;
+     data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+-    if (level_add_node(curr, data, node, tree) == NULL) {
+    if (level_add_node(curr, data, node, tree, 1) == NULL) {
+         policy_data_free(data);
+         return 0;
+     }
+@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+     }
+     /* Finally add link to anyPolicy */
+     if (last->anyPolicy &&
+-        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
+         return 0;
+     return 1;
+ }
+@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+             extra->qualifier_set = anyPolicy->data->qualifier_set;
+             extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                 | POLICY_DATA_FLAG_EXTRA_NODE;
+-            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
+         }
+         if (!tree->user_policies) {
+             tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+     for (i = 1; i < tree->nlevel; i++, curr++) {
+         cache = policy_cache_set(curr->cert);
+-        if (!tree_link_nodes(curr, cache))
+        if (!tree_link_nodes(curr, cache, tree))
+             return X509_PCY_TREE_INTERNAL;
+
+         if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+--
+2.34.1
--- a/config/software/grafana.rb
+++ b/config/software/grafana.rb
@@ -42,6 +42,8 @@ build do
  env['CYPRESS_INSTALL_BINARY'] = '0'
  
  patch source: '1-cve-2022-31107-oauth-vulnerability.patch'
+  patch source: 'session-cookie.patch'
+  patch source: 'cve-2023-1410.patch'
  
  # Build backend
  make 'build-go', env: env

--- a/config/software/mattermost.rb
+++ b/config/software/mattermost.rb
@@ -17,10 +17,10 @@
 #
  
 name 'mattermost'
-default_version '7.8.2'
+default_version '7.8.3'
  
 source url: "https://releases.mattermost.com/#{version}/mattermost-team-#{version}-linux-amd64.tar.gz",
-       sha256: '9e53a3e30eed2c36b2b6b0dccd1bc18a59cb265385c7ee7974252239fc8c89ff'
+       sha256: '36363d0b21268653eb4f8b25255741bcfceb32ca619249783d4ad69fa92aaa79'
 relative_path 'mattermost'
  
 license_name = 'GITLAB-MATTERMOST-COMPILED-LICENSE.txt'

--- a/config/software/openssl.rb
+++ b/config/software/openssl.rb
@@ -67,6 +67,7 @@ build do
  command configure_command, env: env, in_msys_bash: true
  
  patch source: "openssl-1.1.1f-do-not-install-docs.patch", env: env
+  patch source: "openssl-1.1.1t-excessive-resource-use-verifying-policy-constraints.patch", env: env
  
  make 'depend', env: env
  # make -j N on openssl is not reliable