Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked in at 2020-04-28 20:11:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old) and /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Tue Apr 28 20:11:49 2020 rev:47 rq:798367 version:1.2.11 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes 2020-03-02 13:26:06.618726780 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes 2020-04-28 20:11:58.376635873 +0200 @@ -1,0 +2,36 @@ +Sat Apr 11 13:03:12 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de> + +- cacti 1.2.11: + * security fixes and hardening (boo#1169215) + + Add SameSite support for cookies + + Cookie should be properly verified against password + + CSRF at Admin Email + + Improper Access Control on disabling a user + + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1 + * a number of bug fixes + * feature additions + + Allow system uptime to be a variable for use with graphs + + Add Refresh Interval to Data Collectors display + + Add Location based filtering + + Allow for Purging of Data Source Statistics from the GUI + + Restore ability to duplicate a data profile + + Enhance table navigation bars to support systems with larger number of items + + Increase length of Graph Item 'value' field to support pango-markup better + + Allow Basic Auth Accounts to be mapped by CSV file + + Make form elements under checkbox_groups flow using flex grid style + + Set the domain attribute to secure cookies for the 'remember me' option + + Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings + +------------------------------------------------------------------- +Sun Mar 15 16:44:23 UTC 2020 - Paolo Stivanin <i...@paolostivanin.com> + +- cacti 1.2.10: + * CVE-2020-8813: when guest users have access to realtime graphs, + remote code could be executed (boo#1164675) + * When using User Domains, global template user is used instead of + the configured domain template user + * Unix timestamps after Sep 13 2020 are rejected as graph start/end + arguments + * many bug fixes + +------------------------------------------------------------------- Old: ---- cacti-1.2.9.tar.gz New: ---- cacti-1.2.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.324637842 +0200 +++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.328637850 +0200 @@ -1,7 +1,7 @@ # # spec file for package cacti # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define cacti_dir %{apache_datadir}/cacti %endif Name: cacti -Version: 1.2.9 +Version: 1.2.11 Release: 0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0-or-later ++++++ cacti-1.2.9.tar.gz -> cacti-1.2.11.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.9.tar.gz /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.11.tar.gz differ: char 5, line 1 ++++++ cacti-config.patch ++++++ --- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.380637958 +0200 +++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.380637958 +0200 @@ -1,6 +1,8 @@ ---- cacti-1.2.3/include/config.php.old 2019-04-01 10:03:02.728491693 +0200 -+++ cacti-1.2.3/include/config.php 2019-04-01 10:09:33.589795006 +0200 -@@ -44,17 +44,17 @@ +Index: cacti-1.2.11/include/config.php +=================================================================== +--- cacti-1.2.11.orig/include/config.php ++++ cacti-1.2.11/include/config.php +@@ -44,17 +44,17 @@ $database_ssl_ca = ''; * must remain commented out. */ @@ -29,7 +31,7 @@ /* * The poller_id of this system. set to `1` for the main cacti web server. -@@ -69,19 +69,19 @@ +@@ -69,25 +69,25 @@ $poller_id = 1; * would be set to `/cacti/`. */ @@ -44,6 +46,13 @@ +//$cacti_session_name = 'Cacti'; /* + * Default Cookie domain - The cookie domain to be used for Cacti + */ + +-$cacti_cookie_domain = 'cacti.net'; ++//$cacti_cookie_domain = 'cacti.net'; + + /* * Save sessions to a database for load balancing */