Hello community, here is the log from the commit of package cacti.3596 for openSUSE:13.1:Update checked in at 2015-03-11 16:15:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/cacti.3596 (Old) and /work/SRC/openSUSE:13.1:Update/.cacti.3596.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti.3596" Changes: -------- New Changes file: --- /dev/null 2015-02-28 12:43:00.252025756 +0100 +++ /work/SRC/openSUSE:13.1:Update/.cacti.3596.new/cacti.changes 2015-03-11 16:15:39.000000000 +0100 @@ -0,0 +1,417 @@ +------------------------------------------------------------------- +Wed Mar 4 08:39:55 UTC 2015 - astie...@suse.com + +- Update to version 0.8.8c [boo#920399] + This update fixes four vulnerabilities and adds some compatible + features. + - Security fixes not previously patched: + - CVE-2014-2326 - XSS issue via CDEF editing + - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability + - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export + - CVE-2014-4002 - XSS issues in multiple files + - CVE-2014-5025 - XSS issue via data source editing + - CVE-2014-5026 - XSS issues in multiple files + - Security fixes now upstream: + - CVE-2013-5588 - XSS issue via installer or device editing + - CVE-2013-5589 - SQL injection vulnerability in device editing + - Removed cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch as this code is incorprated to cacti 0.8.8c + - Removed cacti-0.8.8b_security.patch as this code is incorprated to cacti 0.8.8c + - New features: + - New graph tree view + - Updated graph list and graph preview + - Refactor graph tree view to remove GPL incompatible code + - Updated command line database upgrade utility + - Graph zooming now from everywhere + - Removed cacti-0.8.8b-cacti-log-path.patch as it is incompatible with 0.8.8c. + - Removed cacti-0.8.8b-cacti-script.patch as it is incompatible with 0.8.8c. + - Created cacti-0.8.8c-cacti-log-path.patch so that cacti only logs to /var/log/cacti + - Created cacti-0.8.8c-cacti-script.patch so that cacti uses /usr/share/cacti/scripts + +------------------------------------------------------------------- +Sun Apr 13 20:21:53 UTC 2014 - a...@ajaissle.de + +- Add cacti-0.8.8b_security.patch: + - Fixes [bnc#870821]: + - CVE-2014-2326: Unspecified HTML Injection Vulnerability + - Fixes CVE-2014-2328: + - Unspecified Remote Command Execution Vulnerability + - Fixes [bnc#872008]: + - CVE-2014-2708: Unspecified SQL Injection Vulnerability + - CVE-2014-2709: Unspecified Remote Command Execution Vulnerability + +- Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch: + - Fixes [bnc#837440]: + - CVE-2013-5588: HTML Injection Vulnerability + - CVE-2013-5589: SQL Injection Vulnerability + +------------------------------------------------------------------- +Thu Aug 8 06:57:12 UTC 2013 - joop.boo...@opensuse.org + +- Update to version 0.8.8b + - bug: Fixed issue with custom data source information being lost when saved from edit + - bug: Repopulate the poller cache on new installations + - bug: Fix issue with poller not escaping the script query path correctly + - bug: Allow snmpv3 priv proto none + - bug: Fix issue where host activate may flush the entire poller item cache + - security: SQL injection and shell escaping issues + +------------------------------------------------------------------- +Mon Jun 4 08:57:00 UTC 2012 - aldemir.akpi...@airties.com + +- Added official cacti 0.8.8a patch + +------------------------------------------------------------------- +Mon Apr 30 11:09:10 UTC 2012 - aldemir.akpi...@airties.com + +- New version 0.8.8a +- Fixed an rpmlint warning + +------------------------------------------------------------------- +Mon Apr 16 10:27:23 UTC 2012 - joop.boo...@opensuse.org + +- Corrected the crontab file for openSUSE >= 12.2 +- Some cross distro fixes so plugins will also build for other distros + +------------------------------------------------------------------- +Tue Apr 10 17:03:29 UTC 2012 - joop.boo...@opensuse.org + +- Install cacti in /srv/www/cacti/ from openSUSE 12.2 onwards +- Passed the spec file through spec-cleaner +- Cacti-PA can be removed as cacti includes the Plugin Architure + +------------------------------------------------------------------- +Tue Apr 10 09:14:52 UTC 2012 - aldemir.akpi...@airties.com + +- Minor changes in the spec file, updated version to 0.8.8 + +------------------------------------------------------------------- +Sun Jan 8 12:58:28 UTC 2012 - joop.boo...@boonen.org + +- Reformated the spec file to the openSUSE standard + +------------------------------------------------------------------- +Fri Dec 30 14:40:04 UTC 2011 - aldemir.akpi...@airties.com + +- Added official settings_checkbox patch + +------------------------------------------------------------------- +Tue Dec 13 22:15:03 UTC 2011 - joop.boo...@opensuse.org + +- Build version 0.8.7i + +------------------------------------------------------------------- +Tue Oct 4 13:19:26 UTC 2011 - aldemir.akpi...@airties.com + +- Upgrade to version 0.8.7h + +------------------------------------------------------------------- +Fri Jun 10 00:00:00 UTC 2011 aldemir.akpi...@airties.com + +- added 'Provides' to make cactid installable + +------------------------------------------------------------------- +Sat Jul 10 00:00:00 UTC 2010 joop.boo...@opensuse.org + +- update to cacti-0.8.7g + +------------------------------------------------------------------- +Sat May 22 00:00:00 UTC 2010 joop.boo...@opensuse.org + +- update to cacti-0.8.7f + +------------------------------------------------------------------- +Wed Nov 11 00:00:00 UTC 2009 joop.boo...@opensuse.org + +- Added the missing cli directory + +------------------------------------------------------------------- +Mon Aug 31 00:00:00 UTC 2009 joop.boo...@opensuse.org + +- Minor change in the name of the patch file + +------------------------------------------------------------------- +Fri Aug 28 00:00:00 UTC 2009 pu...@novell.com + +- update to cacti-0.8.7e.tar.bz2 + - bug#0001044: Creating a DS, Output field can't be selected for + DT with a DIM when "Use Per-Data Source Value" is on + - bug#0001341: SNMP query: add oid_suffix for weird SNMP queries + - bug#0001345: Overwriting $snmp_index in query_snmp_host() breaks + SNMP Data query if using get method + - bug#0001346: Strip out noisy 'No Such Instance currently exists + at this OID' + - bug#0001404: timeout in "function ping_icmp" (lib/ping.php) + - bug#0001405: Spaces in DS when .rrd file is created, so it fails + - bug#0001407: Place graph thumbnail into div to lower page length + changes on load graphs + - bug#0001410: Thumbnail Columns is not honored for host display + with snmp index group style + - bug#0001411: Graph searching issue + - bug#0001413: strip_quotes fails + - bug#0001426: multiple form opening due to bug in draw_edit_form() + - bug#0001436: CSV Export Start Date and End Date are always + 1970-01-01 01:00:00 + - bug#0001443: format_snmp_string can return a number with a leading space + - bug#0001446: Wrong dates override in CSV export + - bug#0001456: oid_uptime is not parsed correctly + - bug#0001460: Skiping input parameters in data_query_field_list() + may lead to SQL errors + - bug#0001464: Typo in install/index.php + - bug#0001467: Customisable oid index parse regexp for weird MIBs + - bug#0001468: Tree is not expanded correctly + - bug#0001469: Tree is not being expanded if user followed link + outside of cacti + - bug#0001476: Mark stacked columns in rrdtool_function_xport() output + - bug#0001477: Spelling error in a variable in html_tree.php + - bug#0001478: Combo boxes on Graph Management page produce URLs + with leading spaces + - bug: Top Graph Header Breaks When Plugins Used + - bug: SNMP v3 Password issue caused by Firefox's Password AutoFill + - bug: Strip Quotes does not properly handle the value 'U' + - bug: Changes to the graph tree would not show up immediately for + current user +- bzip sources + +------------------------------------------------------------------- +Mon Jun 15 00:00:00 UTC 2009 prus...@suse.cz + +- reverted BuildRequires from libdb-4_5-devel to db-devel + +------------------------------------------------------------------- +Fri May 22 00:00:00 UTC 2009 joop.boo...@opensuse.org + +- Working with prefix + +------------------------------------------------------------------- +Sat Apr 25 00:00:00 UTC 2009 joop_boo...@web.de + +- Updated BuildRequires to libdb-4_5-devel + +------------------------------------------------------------------- +Sat Feb 14 00:00:00 UTC 2009 joop_boo...@web.de + +- cleaned out the spec file +- deleted file for the PA platform + +------------------------------------------------------------------- +Fri Feb 13 00:00:00 UTC 2009 joop_boo...@web.de ++++ 220 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.cacti.3596.new/cacti.changes New: ---- cacti-0.8.8c-cacti-log-path.patch cacti-0.8.8c-cacti-script.patch cacti-0.8.8c.tar.gz cacti-httpd.conf cacti-httpd.conf.default cacti-httpd.conf.nonsuse cacti-httpd.conf.vhost cacti.changes cacti.cron cacti.cron.new cacti.logrotate cacti.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ # # spec file for package cacti # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: cacti Version: 0.8.8c Release: 0.0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0+ Group: System/Monitoring Url: http://www.cacti.net/ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz Source1: %{name}.cron Source2: %{name}-httpd.conf Source3: %{name}.logrotate Source4: %{name}-httpd.conf.default Source5: %{name}-httpd.conf.vhost Source6: %{name}-httpd.conf.nonsuse Source7: %{name}.cron.new # PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-log-path.patch Patch0: %{name}-%{version}-cacti-log-path.patch # PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-script.patch Patch1: %{name}-%{version}-cacti-script.patch Provides: cacti-system %if 0%{?suse_version} BuildRequires: apache2-devel Requires: apache2 Requires: apache2-mod_php5 Requires: cron Requires: php5-mysql Requires: php5-snmp Requires: php5-sockets Requires: rrdtool %endif %if 0%{?fedora_version} || 0%{?rhel_version} || 0%{?centos_version} BuildRequires: httpd-devel Requires: httpd Requires: rrdtool %endif %if 0%{?centos_version} Requires: php-mysql Requires: php-snmp %endif %if 0%{?rhel_version} Requires: php-mysql #Requires: php-snmp %endif %if 0%{?fedora_version} Requires: php-mysqlnd Requires: php-snmp %endif %if 0%{?mandriva_version} BuildRequires: apache-devel Requires: apache Requires: apache-mod_php Requires: php-mysql Requires: php-snmp Requires: php-sockets Requires: rrdtool %endif Requires: logrotate Requires: net-snmp Obsoletes: cacti-PA Provides: cacti-PA BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?suse_version} %define apxs /usr/sbin/apxs2 %else %define apxs /usr/sbin/apxs %endif %define apache2_sysconfdir %(%{apxs} -q SYSCONFDIR) %if 0%{?suse_version} <= 1210 %define prefix %{_datadir}/cacti %else %define prefix /srv/www/cacti %endif %description Cacti is a complete front-end to RRDtool: it stores all necessary information for creating graphs and populates them with data from a MySQL database. The front-end is completely PHP driven. Along with being ableto maintain graphs, data sources, and round robin archives ina database, Cacti also handles data gathering. There exists an SNMP support for those accustomed to creating traffic graphs with MRTG as well. %prep %setup -q %patch0 -p1 %patch1 -p1 %build #nothing to build %install #delete the *.orig files find . -type f -name "*\.orig" -exec rm {} \; install -d -m 755 %{buildroot}%{prefix} install -d -m 755 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 755 %{buildroot}%{_localstatedir}/log/%{name} cp *.php %{buildroot}%{prefix} cp -pr lib %{buildroot}%{prefix} cp -pr include %{buildroot}%{prefix} cp -pr images %{buildroot}%{prefix} cp -pr install %{buildroot}%{prefix} cp -pr resource %{buildroot}%{prefix} cp -pr rra %{buildroot}%{prefix} #cp -pr scripts %{buildroot}%{prefix} #cp -pr cli %{buildroot}%{prefix} install -d -m 755 scripts %{buildroot}%{prefix}/scripts install -m 755 scripts/* %{buildroot}%{prefix}/scripts install -d -m 755 cli %{buildroot}%{prefix}/cli install -m 755 cli/* %{buildroot}%{prefix}/cli install -m 644 *.sql %{buildroot}%{prefix} # cron task install -d -m 755 %{buildroot}%{_sysconfdir}/cron.d %if 0%{?suse_version} > 1210 install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/cron.d/cacti %endif %if 0%{?suse_version} <= 1210 install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/cacti %endif %if ! 0%{?suse_version} install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/cacti %endif # apache2 config %if 0%{?suse_version} > 1210 mkdir -p %{buildroot}/%{apache2_sysconfdir}/conf.d cp -avL %{SOURCE4} %{buildroot}/%{apache2_sysconfdir}/conf.d/%{name}.conf mkdir -p %{buildroot}/%{apache2_sysconfdir}/vhosts.d/conf.d cp -avL %{SOURCE5} %{buildroot}/%{apache2_sysconfdir}/vhosts.d/conf.d/%{name}.conf %endif %if 0%{?suse_version} <= 1210 install -d -m 755 %{buildroot}%{apache2_sysconfdir}/conf.d install -m 644 %{SOURCE2} %{buildroot}%{apache2_sysconfdir}/conf.d/cacti.conf %endif %if ! 0%{?suse_version} mkdir -p %{buildroot}/%{apache2_sysconfdir}/../conf.d cp -avL %{SOURCE6} %{buildroot}/%{apache2_sysconfdir}/../conf.d/%{name}.conf %endif # logrotate config mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Set the correct permissions for pl and sh files #find %{buildroot}%{prefix} -type f -name "*.sh" -o -name "*.pl" -exec chmod ugo+x {} \; # compute files list without config file find %{buildroot}%{prefix} -type d | sed -e 's|'%{buildroot}'|%dir |' >> %{name}.list find %{buildroot}%{prefix} -type f ! -name config.php | sed -e 's|'%{buildroot}'||' >> %{name}.list %files -f %{name}.list %defattr(-,root,root) %doc LICENSE docs/* %attr(-,wwwrun,www) %dir %{_localstatedir}/lib/cacti %attr(-,wwwrun,www) %dir %{_localstatedir}/log/cacti %config(noreplace) %{prefix}/include/config.php %config(noreplace) %{_sysconfdir}/cron.d/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %if 0%{?suse_version} <= 1210 %dir %{apache2_sysconfdir}/conf.d %config(noreplace) %{apache2_sysconfdir}/conf.d/cacti.conf %endif %if 0%{?suse_version} > 1210 %dir %{apache2_sysconfdir}/conf.d %config (noreplace) %{apache2_sysconfdir}/conf.d/%{name}.conf %dir %{apache2_sysconfdir}/vhosts.d/conf.d %config (noreplace) %{apache2_sysconfdir}/vhosts.d/conf.d/%{name}.conf %endif %if ! 0%{?suse_version} %dir %{apache2_sysconfdir}/../conf.d %config (noreplace) %{apache2_sysconfdir}/../conf.d/%{name}.conf %endif %post %if 0%{?suse_version} chown -R wwwrun.www %{prefix}/rra %endif %changelog ++++++ cacti-0.8.8c-cacti-log-path.patch ++++++ diff -Naur cacti-0.8.8c.org/include/global_settings.php cacti-0.8.8c/include/global_settings.php --- cacti-0.8.8c.org/include/global_settings.php 2014-11-23 15:18:57.000000000 -0500 +++ cacti-0.8.8c/include/global_settings.php 2014-12-08 06:19:56.370675820 -0500 @@ -96,9 +96,9 @@ ), "path_cactilog" => array( "friendly_name" => "Cacti Log File Path", - "description" => "The path to your Cacti log file (if blank, defaults to <path_cacti>/log/cacti.log)", + "description" => "The path to your Cacti log file (if blank, defaults to /var/log/cacti/cacti.log)", "method" => "filepath", - "default" => $config["base_path"] . "/log/cacti.log", + "default" => "/var/log/cacti/cacti.log", "max_length" => "255" ), "pollerpaths_header" => array( diff -Naur cacti-0.8.8c.org/install/index.php cacti-0.8.8c/install/index.php --- cacti-0.8.8c.org/install/index.php 2014-11-23 15:18:57.000000000 -0500 +++ cacti-0.8.8c/install/index.php 2014-12-08 06:20:43.386677933 -0500 @@ -267,7 +267,7 @@ if (config_value_exists("path_cactilog")) { $input["path_cactilog"]["default"] = read_config_option("path_cactilog"); } else { - $input["path_cactilog"]["default"] = $config["base_path"] . "/log/cacti.log"; + $input["path_cactilog"]["default"] = "/var/log/cacti/cacti.log"; } /* SNMP Version */ diff -Naur cacti-0.8.8c.org/lib/functions.php cacti-0.8.8c/lib/functions.php --- cacti-0.8.8c.org/lib/functions.php 2014-11-23 15:18:57.000000000 -0500 +++ cacti-0.8.8c/lib/functions.php 2014-12-08 06:21:00.523678445 -0500 @@ -495,7 +495,7 @@ /* Log to Logfile */ if ((($logdestination == 1) || ($logdestination == 2)) && (read_config_option("log_verbosity") != POLLER_VERBOSITY_NONE)) { if ($logfile == "") { - $logfile = $config["base_path"] . "/log/cacti.log"; + $logfile = "/var/log/cacti/cacti.log"; } /* echo the data to the log (append) */ diff -Naur cacti-0.8.8c.org/utilities.php cacti-0.8.8c/utilities.php --- cacti-0.8.8c.org/utilities.php 2014-11-23 15:18:57.000000000 -0500 +++ cacti-0.8.8c/utilities.php 2014-12-08 06:21:16.189679334 -0500 @@ -1024,7 +1024,7 @@ $logfile = read_config_option("path_cactilog"); if ($logfile == "") { - $logfile = "./log/cacti.log"; + $logfile = "/var/log/cacti/cacti.log"; } html_start_box("<strong>Clear Cacti Log File</strong>", "100%", "", "1", "center", ""); ++++++ cacti-0.8.8c-cacti-script.patch ++++++ diff -Naur cacti-0.8.7i-PIA-3.1.orig/script_server.pl cacti-0.8.7i-PIA-3.1/script_server.pl --- cacti-0.8.7i-PIA-3.1.orig/script_server.pl 2010-12-04 22:11:33.000000000 +0100 +++ cacti-0.8.7i-PIA-3.1/script_server.pl 2011-12-14 00:20:25.000000000 +0100 @@ -1,4 +1,4 @@ -chdir("./scripts"); +chdir("/usr/share/cacti/scripts"); $loaded = 0; while ($file = <*.pl>) { next if $file eq $0; ++++++ cacti-httpd.conf ++++++ Alias /cacti/ /usr/share/cacti/ <Directory /usr/share/cacti/> Options None order deny,allow deny from all allow from 127.0.0.1 </Directory> # For SSL-servers #Alias /cacti/ /usr/share/nagat/ #<Directory /usr/share/cacti/> # Options None # SSLRequireSSL # order deny,allow # deny from all # AuthType Basic # AuthUserFile /site/cfg/passwd # AuthGroupFile /site/cfg/group # AuthName "cacti" # require group cacti # Satisfy Any #</Directory> ++++++ cacti-httpd.conf.default ++++++ # Example configuration for a cacti repository # # As default server # put the string CACTI in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS # to enable the URL # http://localhost/cacti # # As vhost # If you want to use cacti in one vhost add # Include /etc/apache2/vhosts.d/conf.d/cacti.conf # to the vhost in the vhost.conf file # put the string CACTIVHOST in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS # to enable the URL # http://vhost/cacti <IfDefine CACTI> Alias /cacti/ /srv/www/cacti/ <Directory /srv/www/cacti/> Options None order deny,allow deny from all allow from localhost </Directory> # For SSL-servers # Alias /cacti/ /srv/www/nagat/ # <Directory /srv/www/cacti/> # Options None # SSLRequireSSL # order deny,allow # deny from all # AuthType Basic # AuthUserFile /site/cfg/passwd # AuthGroupFile /site/cfg/group # AuthName "cacti" # require group cacti # Satisfy Any # </Directory> </IfDefine> ++++++ cacti-httpd.conf.nonsuse ++++++ Alias /cacti/ /srv/www/cacti/ <Directory /srv/www/cacti/> Options None order deny,allow deny from all allow from localhost </Directory> # For SSL-servers #Alias /cacti/ /srv/www/nagat/ #<Directory /srv/www/cacti/> # Options None # SSLRequireSSL # order deny,allow # deny from all # AuthType Basic # AuthUserFile /site/cfg/passwd # AuthGroupFile /site/cfg/group # AuthName "cacti" # require group cacti # Satisfy Any #</Directory> ++++++ cacti-httpd.conf.vhost ++++++ # Example configuration for a cacti repository # # As default server # put the string CACTI in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS # to enable the URL # http://localhost/cacti # # As vhost # If you want to use cacti in one vhost add # Include /etc/apache2/vhosts.d/conf.d/cacti.conf # to the vhost in the vhost.conf file # put the string CACTIVHOST in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS # to enable the URL # http://vhost/cacti <IfDefine CACTIVHOST> Alias /cacti/ /srv/www/cacti/ <Directory /srv/www/cacti/> Options None order deny,allow deny from all allow from localhost </Directory> # For SSL-servers # Alias /cacti/ /srv/www/nagat/ # <Directory /srv/www/cacti/> # Options None # SSLRequireSSL # order deny,allow # deny from all # AuthType Basic # AuthUserFile /site/cfg/passwd # AuthGroupFile /site/cfg/group # AuthName "cacti" # require group cacti # Satisfy Any # </Directory> </IfDefine> ++++++ cacti.cron ++++++ */5 * * * * wwwrun php /usr/share/cacti/poller.php > /dev/null 2>&1 ++++++ cacti.cron.new ++++++ */5 * * * * wwwrun php /srv/www/cacti/poller.php > /dev/null 2>&1 ++++++ cacti.logrotate ++++++ /var/log/cacti/cacti.log { missingok compress } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org