commit cacti for openSUSE:Leap:15.2

Tue, 28 Apr 2020 11:12:04 -0700 

Hello community,

here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked 
in at 2020-04-28 20:11:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cacti"

Tue Apr 28 20:11:49 2020 rev:47 rq:798367 version:1.2.11

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes    2020-03-02 
13:26:06.618726780 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes  2020-04-28 
20:11:58.376635873 +0200
@@ -1,0 +2,36 @@
+Sat Apr 11 13:03:12 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- cacti 1.2.11:
+  * security fixes and hardening (boo#1169215)
+    + Add SameSite support for cookies
+    + Cookie should be properly verified against password
+    + CSRF at Admin Email
+    + Improper Access Control on disabling a user
+    + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
+  * a number of bug fixes
+  * feature additions
+    + Allow system uptime to be a variable for use with graphs
+    + Add Refresh Interval to Data Collectors display
+    + Add Location based filtering
+    + Allow for Purging of Data Source Statistics from the GUI
+    + Restore ability to duplicate a data profile
+    + Enhance table navigation bars to support systems with larger number of 
items
+    + Increase length of Graph Item 'value' field to support pango-markup 
better
+    + Allow Basic Auth Accounts to be mapped by CSV file
+    + Make form elements under checkbox_groups flow using flex grid style
+    + Set the domain attribute to secure cookies for the 'remember me' option
+    + Enhance the "Graph Debug Mode" to display RRDtool Command lengths and 
excess warnings
+
+-------------------------------------------------------------------
+Sun Mar 15 16:44:23 UTC 2020 - Paolo Stivanin <i...@paolostivanin.com>
+
+- cacti 1.2.10:
+  * CVE-2020-8813: when guest users have access to realtime graphs,
+    remote code could be executed (boo#1164675)
+  * When using User Domains, global template user is used instead of
+    the configured domain template user
+  * Unix timestamps after Sep 13 2020 are rejected as graph start/end
+    arguments
+  * many bug fixes
+
+-------------------------------------------------------------------

Old:
----
  cacti-1.2.9.tar.gz

New:
----
  cacti-1.2.11.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cacti.spec ++++++
--- /var/tmp/diff_new_pack.fBAZFb/_old  2020-04-28 20:11:59.324637842 +0200
+++ /var/tmp/diff_new_pack.fBAZFb/_new  2020-04-28 20:11:59.328637850 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package cacti
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
 %define cacti_dir %{apache_datadir}/cacti
 %endif
 Name:           cacti
-Version:        1.2.9
+Version:        1.2.11
 Release:        0
 Summary:        Web Front-End to Monitor System Data via RRDtool
 License:        GPL-2.0-or-later

++++++ cacti-1.2.9.tar.gz -> cacti-1.2.11.tar.gz ++++++
/work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.9.tar.gz 
/work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.11.tar.gz differ: char 
5, line 1

++++++ cacti-config.patch ++++++
--- /var/tmp/diff_new_pack.fBAZFb/_old  2020-04-28 20:11:59.380637958 +0200
+++ /var/tmp/diff_new_pack.fBAZFb/_new  2020-04-28 20:11:59.380637958 +0200
@@ -1,6 +1,8 @@
---- cacti-1.2.3/include/config.php.old 2019-04-01 10:03:02.728491693 +0200
-+++ cacti-1.2.3/include/config.php     2019-04-01 10:09:33.589795006 +0200
-@@ -44,17 +44,17 @@
+Index: cacti-1.2.11/include/config.php
+===================================================================
+--- cacti-1.2.11.orig/include/config.php
++++ cacti-1.2.11/include/config.php
+@@ -44,17 +44,17 @@ $database_ssl_ca   = '';
   * must remain commented out.
   */
  
@@ -29,7 +31,7 @@
  
  /*
   * The poller_id of this system.  set to `1` for the main cacti web server.
-@@ -69,19 +69,19 @@
+@@ -69,25 +69,25 @@ $poller_id = 1;
   * would be set to `/cacti/`.
   */
  
@@ -44,6 +46,13 @@
 +//$cacti_session_name = 'Cacti';
  
  /*
+  * Default Cookie domain - The cookie domain to be used for Cacti
+  */
+ 
+-$cacti_cookie_domain = 'cacti.net';
++//$cacti_cookie_domain = 'cacti.net';
+ 
+ /*
   * Save sessions to a database for load balancing
   */

Reply via email to