pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/cacti Changes 0.8.8c:
details: https://anonhg.NetBSD.org/pkgsrc/rev/26c3a23c9768
branches: trunk
changeset: 648094:26c3a23c9768
user: adam <adam%pkgsrc.org@localhost>
date: Wed Mar 11 13:56:46 2015 +0000
description:
Changes 0.8.8c:
Important Security Fixes
CVE-2013-5588 - XSS issue via installer or device editing
CVE-2013-5589 - SQL injection vulnerability in device editing
CVE-2014-2326 - XSS issue via CDEF editing
CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
CVE-2014-4002 - XSS issues in multiple files
CVE-2014-5025 - XSS issue via data source editing
CVE-2014-5026 - XSS issues in multiple files
Important Updates
New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere
diffstat:
net/cacti/Makefile | 5 +-
net/cacti/PLIST | 78 +++++++++++++--
net/cacti/distinfo | 16 +--
net/cacti/patches/patch-cdef.php | 20 ----
net/cacti/patches/patch-graph_xport.php | 71 --------------
net/cacti/patches/patch-host.php | 18 ---
net/cacti/patches/patch-install_index.php | 132 +-------------------------
net/cacti/patches/patch-lib_api_device.php | 17 ---
net/cacti/patches/patch-lib_graph_export.php | 28 -----
net/cacti/patches/patch-lib_rrd.php | 49 ----------
10 files changed, 77 insertions(+), 357 deletions(-)
diffs (truncated from 544 to 300 lines):
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/Makefile
--- a/net/cacti/Makefile Wed Mar 11 11:16:20 2015 +0000
+++ b/net/cacti/Makefile Wed Mar 11 13:56:46 2015 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2015/03/11 07:39:15 nils Exp $
+# $NetBSD: Makefile,v 1.26 2015/03/11 13:56:46 adam Exp $
-DISTNAME= cacti-0.8.8b
-PKGREVISION= 4
+DISTNAME= cacti-0.8.8c
CATEGORIES= net
MASTER_SITES= http://www.cacti.net/downloads/
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/PLIST
--- a/net/cacti/PLIST Wed Mar 11 11:16:20 2015 +0000
+++ b/net/cacti/PLIST Wed Mar 11 13:56:46 2015 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2015/03/11 07:39:15 nils Exp $
+@comment $NetBSD: PLIST,v 1.7 2015/03/11 13:56:46 adam Exp $
bin/cacti-poller
share/cacti/LICENSE
share/cacti/README
@@ -203,6 +203,10 @@
share/cacti/images/move_right.gif
share/cacti/images/move_up.gif
share/cacti/images/reload_icon_small.gif
+share/cacti/images/server.png
+share/cacti/images/server_chart.png
+share/cacti/images/server_chart_curve.png
+share/cacti/images/server_dataquery.png
share/cacti/images/shadow.gif
share/cacti/images/shadow_gray.gif
share/cacti/images/show.gif
@@ -224,11 +228,68 @@
share/cacti/images/view_none.gif
share/cacti/include/auth.php
share/cacti/include/bottom_footer.php
+share/cacti/include/csrf/csrf-magic.js
+share/cacti/include/csrf/csrf-magic.php
+share/cacti/include/csrf/index.php
share/cacti/include/global.php
share/cacti/include/global_arrays.php
share/cacti/include/global_constants.php
share/cacti/include/global_form.php
share/cacti/include/global_settings.php
+share/cacti/include/js/colorpicker.js
+share/cacti/include/js/images/ui-bg_diagonals-thick_18_b81900_40x40.png
+share/cacti/include/js/images/ui-bg_diagonals-thick_20_666666_40x40.png
+share/cacti/include/js/images/ui-bg_flat_10_000000_40x100.png
+share/cacti/include/js/images/ui-bg_glass_100_f6f6f6_1x400.png
+share/cacti/include/js/images/ui-bg_glass_100_fdf5ce_1x400.png
+share/cacti/include/js/images/ui-bg_glass_65_ffffff_1x400.png
+share/cacti/include/js/images/ui-bg_gloss-wave_35_f6a828_500x100.png
+share/cacti/include/js/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
+share/cacti/include/js/images/ui-bg_highlight-soft_75_ffe45c_1x100.png
+share/cacti/include/js/images/ui-icons_222222_256x240.png
+share/cacti/include/js/images/ui-icons_228ef1_256x240.png
+share/cacti/include/js/images/ui-icons_ef8c08_256x240.png
+share/cacti/include/js/images/ui-icons_ffd27a_256x240.png
+share/cacti/include/js/images/ui-icons_ffffff_256x240.png
+share/cacti/include/js/jquery-ui.css
+share/cacti/include/js/jquery-ui.js
+share/cacti/include/js/jquery.cookie.js
+share/cacti/include/js/jquery.dd.js
+share/cacti/include/js/jquery.dropdown.js
+share/cacti/include/js/jquery.easytabs.js
+share/cacti/include/js/jquery.js
+share/cacti/include/js/jquery.tablednd.js
+share/cacti/include/js/jquery.timepicker.js
+share/cacti/include/js/jquery.zoom.css
+share/cacti/include/js/jquery.zoom.js
+share/cacti/include/js/jstree.js
+share/cacti/include/js/themes/default-dark/32px.png
+share/cacti/include/js/themes/default-dark/40px.png
+share/cacti/include/js/themes/default-dark/style.css
+share/cacti/include/js/themes/default-dark/style.min.css
+share/cacti/include/js/themes/default-dark/throbber.gif
+share/cacti/include/js/themes/default/32px.png
+share/cacti/include/js/themes/default/40px.png
+share/cacti/include/js/themes/default/style.css
+share/cacti/include/js/themes/default/style.min.css
+share/cacti/include/js/themes/default/throbber.gif
+share/cacti/include/js/themes/proton/30px.png
+share/cacti/include/js/themes/proton/32px.png
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-bold-webfont.eot
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-bold-webfont.svg
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-bold-webfont.ttf
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-bold-webfont.woff
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-extralight-webfont.eot
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-extralight-webfont.svg
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-extralight-webfont.ttf
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-extralight-webfont.woff
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-regular-webfont.eot
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-regular-webfont.svg
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-regular-webfont.ttf
+share/cacti/include/js/themes/proton/fonts/titillium/titilliumweb-regular-webfont.woff
+share/cacti/include/js/themes/proton/style.css
+share/cacti/include/js/themes/proton/style.min.css
+share/cacti/include/js/themes/proton/throbber.gif
share/cacti/include/jscalendar/calendar-setup.js
share/cacti/include/jscalendar/calendar.js
share/cacti/include/jscalendar/lang/calendar-af.js
@@ -279,18 +340,6 @@
share/cacti/include/plugins.php
share/cacti/include/top_graph_header.php
share/cacti/include/top_header.php
-share/cacti/include/treeview/ftiens4.js
-share/cacti/include/treeview/ftiens4_export.js
-share/cacti/include/treeview/ftv2blank.gif
-share/cacti/include/treeview/ftv2lastnode.gif
-share/cacti/include/treeview/ftv2mlastnode.gif
-share/cacti/include/treeview/ftv2mnode.gif
-share/cacti/include/treeview/ftv2node.gif
-share/cacti/include/treeview/ftv2plastnode.gif
-share/cacti/include/treeview/ftv2pnode.gif
-share/cacti/include/treeview/ftv2vertline.gif
-share/cacti/include/treeview/ua.js
-share/cacti/include/zoom.js
share/cacti/index.php
share/cacti/install/0_8_1_to_0_8_2.php
share/cacti/install/0_8_2_to_0_8_2a.php
@@ -316,7 +365,8 @@
share/cacti/install/0_8_7h_to_0_8_7i.php
share/cacti/install/0_8_7i_to_0_8_8.php
share/cacti/install/0_8_8_to_0_8_8a.php
-share/cacti/install/0_8_8_to_0_8_8b.php
+share/cacti/install/0_8_8a_to_0_8_8b.php
+share/cacti/install/0_8_8b_to_0_8_8c.php
share/cacti/install/0_8_to_0_8_1.php
share/cacti/install/index.php
share/cacti/install/install_finish.gif
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/distinfo
--- a/net/cacti/distinfo Wed Mar 11 11:16:20 2015 +0000
+++ b/net/cacti/distinfo Wed Mar 11 13:56:46 2015 +0000
@@ -1,15 +1,9 @@
-$NetBSD: distinfo,v 1.5 2014/08/23 12:50:25 adam Exp $
+$NetBSD: distinfo,v 1.6 2015/03/11 13:56:46 adam Exp $
-SHA1 (cacti-0.8.8b.tar.gz) = 84979416ae08d586064328d6451a3108b74a3b06
-RMD160 (cacti-0.8.8b.tar.gz) = a2c88961565c6b5d593b4f2603514139800c9145
-Size (cacti-0.8.8b.tar.gz) = 2272130 bytes
+SHA1 (cacti-0.8.8c.tar.gz) = 6fdcaf59a7467ac593d4940e5a65338bdea5475b
+RMD160 (cacti-0.8.8c.tar.gz) = 591d08d27824444b68e4f517eb52be8bd08fc5f4
+Size (cacti-0.8.8c.tar.gz) = 2908451 bytes
SHA1 (patch-cacti.sql) = 37e18026c4136630d939ab5a7a4d6336bf166282
-SHA1 (patch-cdef.php) = ee898fcbb0da5db1a1127ba54fbf72c308df47eb
-SHA1 (patch-graph_xport.php) = 275717883721c674ab149e163be0ba780b86b11b
-SHA1 (patch-host.php) = 679fd76c81a719d949e023cecc4cc0c47ac6acf4
SHA1 (patch-include_global.php) = fb0d2f15596b051c60ed6032ecb9038315b7c663
SHA1 (patch-include_global__settings.php) = 54ffd0c3fc9d927595b1568a874c45a4a6033f7b
-SHA1 (patch-install_index.php) = e5ee36159968e1ca160aba953e02b9e80a2eb5d9
-SHA1 (patch-lib_api_device.php) = 0a2d495a0245c8957bfd5214a5e79dbb31f135c4
-SHA1 (patch-lib_graph_export.php) = ef91e864bc830653fbcf490419d39511aa7a258e
-SHA1 (patch-lib_rrd.php) = cf7483d9a67f9f146d130de7da86a0f37f1041c9
+SHA1 (patch-install_index.php) = bc4737d8521d0cff37e18511687be9d258216b6e
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/patches/patch-cdef.php
--- a/net/cacti/patches/patch-cdef.php Wed Mar 11 11:16:20 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-cdef.php,v 1.1 2014/08/23 12:50:25 adam Exp $
-
-Fixes for:
-CVE-2014-2326 Unspecified HTML Injection Vulnerability
-CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
-CVE-2014-2708 Unspecified SQL Injection Vulnerability
-CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
-
---- cdef.php.orig 2013-08-06 22:31:19.000000000 -0400
-+++ cdef.php 2014-04-04 21:39:04.000000000 -0400
-@@ -431,7 +431,7 @@
- <a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item
#<?php print htmlspecialchars($i);?></a>
- </td>
- <td>
-- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print
get_cdef_item_name($cdef_item["id"]);?></strong>
-+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print
htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
- </td>
- <td>
- <a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img
src="images/move_down.gif" border="0" alt="Move Down"></a>
-diff -ruBbd graph_xport.php graph_xport.php
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/patches/patch-graph_xport.php
--- a/net/cacti/patches/patch-graph_xport.php Wed Mar 11 11:16:20 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-$NetBSD: patch-graph_xport.php,v 1.1 2014/08/23 12:50:25 adam Exp $
-
-Fixes for:
-CVE-2014-2326 Unspecified HTML Injection Vulnerability
-CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
-CVE-2014-2708 Unspecified SQL Injection Vulnerability
-CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
-
---- graph_xport.php.orig 2013-08-06 22:31:19.000000000 -0400
-+++ graph_xport.php 2014-04-04 21:39:04.000000000 -0400
-@@ -47,43 +47,48 @@
-
- $graph_data_array = array();
-
-+/* ================= input validation ================= */
-+input_validate_input_number(get_request_var("local_graph_id"));
-+input_validate_input_number(get_request_var("rra_id"));
-+/* ==================================================== */
-+
- /* override: graph start time (unix time) */
--if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
-- $graph_data_array["graph_start"] = $_GET["graph_start"];
-+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) {
-+ $graph_data_array["graph_start"] = get_request_var("graph_start");
- }
-
- /* override: graph end time (unix time) */
--if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
-- $graph_data_array["graph_end"] = $_GET["graph_end"];
-+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
-+ $graph_data_array["graph_end"] = get_request_var("graph_end");
- }
-
- /* override: graph height (in pixels) */
--if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
-- $graph_data_array["graph_height"] = $_GET["graph_height"];
-+if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
-+ $graph_data_array["graph_height"] = get_request_var("graph_height");
- }
-
- /* override: graph width (in pixels) */
--if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
-- $graph_data_array["graph_width"] = $_GET["graph_width"];
-+if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
-+ $graph_data_array["graph_width"] = get_request_var("graph_width");
- }
-
- /* override: skip drawing the legend? */
- if (!empty($_GET["graph_nolegend"])) {
-- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"];
-+ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend");
- }
-
- /* print RRDTool graph source? */
- if (!empty($_GET["show_source"])) {
-- $graph_data_array["print_source"] = $_GET["show_source"];
-+ $graph_data_array["print_source"] = get_request_var("show_source");
- }
-
--$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'");
-+$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'");
-
- /* for bandwidth, NThPercentile */
- $xport_meta = array();
-
- /* Get graph export */
--$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta);
-+$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta);
-
- /* Make graph title the suggested file name */
- if (is_array($xport_array["meta"])) {
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/patches/patch-host.php
--- a/net/cacti/patches/patch-host.php Wed Mar 11 11:16:20 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-host.php,v 1.1 2014/01/08 20:51:28 tron Exp $
-
-Fix vulnerability reported in SA54531. Patch taken from here:
-
-http://svn.cacti.net/viewvc?view=rev&revision=7420
-
---- host.php.orig 2013-08-07 03:31:19.000000000 +0100
-+++ host.php 2014-01-08 20:26:33.000000000 +0000
-@@ -149,6 +149,9 @@
- if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) {
- raise_message(4);
- }else{
-+ input_validate_input_number(get_request_var_post("id"));
-+ input_validate_input_number(get_request_var_post("host_template_id"));
-+
- $host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"],
- trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"],
- $_POST["snmp_username"], $_POST["snmp_password"],
diff -r 85396cd063f6 -r 26c3a23c9768 net/cacti/patches/patch-install_index.php
--- a/net/cacti/patches/patch-install_index.php Wed Mar 11 11:16:20 2015 +0000
+++ b/net/cacti/patches/patch-install_index.php Wed Mar 11 13:56:46 2015 +0000
@@ -1,15 +1,12 @@
-$NetBSD: patch-install_index.php,v 1.2 2014/01/08 20:51:28 tron Exp $
+$NetBSD: patch-install_index.php,v 1.3 2015/03/11 13:56:46 adam Exp $
- Find utilites in PREFIX first.
- Fix-up hard coded user and path (documentaion only).
- Make log directory configurable by package variable
-- Fix vulnerability reported in SA54531. Patch taken from here:
- http://svn.cacti.net/viewvc?view=rev&revision=7420
-
---- install/index.php.orig 2013-08-07 03:31:19.000000000 +0100
-+++ install/index.php 2014-01-08 20:26:33.000000000 +0000
-@@ -96,7 +96,7 @@
+--- install/index.php.orig 2014-11-23 20:18:57.000000000 +0000
++++ install/index.php
+@@ -96,7 +96,7 @@ function find_best_path($binary_name) {
if ($config["cacti_server_os"] == "win32") {
$search_paths = array("c:/usr/bin", "c:/cacti", "c:/rrdtool", "c:/spine", "c:/php", "c:/progra~1/php", "c:/net-snmp/bin", "c:/progra~1/net-snmp/bin", "d:/usr/bin", "d:/net-snmp/bin",
"d:/progra~1/net-snmp/bin", "d:/cacti", "d:/rrdtool", "d:/spine", "d:/php", "d:/progra~1/php");
}else{
@@ -18,7 +15,7 @@
Home |
Main Index |
Thread Index |
Old Index