commit cacti.3854 for openSUSE:13.1:Update
Hello community,
here is the log from the commit of package cacti.3854 for openSUSE:13.1:Update checked in at 2015-06-24 14:41:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/cacti.3854 (Old)
and /work/SRC/openSUSE:13.1:Update/.cacti.3854.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti.3854"
Changes:
--------
New Changes file:
--- /dev/null 2015-05-15 19:41:08.266053825 +0200
+++ /work/SRC/openSUSE:13.1:Update/.cacti.3854.new/cacti.changes 2015-06-24 14:41:20.000000000 +0200
@@ -0,0 +1,453 @@
+-------------------------------------------------------------------
+Tue Jun 16 13:21:16 UTC 2015 - joop.boonen@opensuse.org
+
+- Update to version 0.8.8d
+ - Fixes [bnc#934187]
+ - CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities
+ - feature: Remove un-needed fonts and javascript files
+ - bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
+ - bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
+ - bug#0002391: Odd Behaviour on ReIndex of Data Query Data
+ - bug#0002393: Broken thumbnail images for graph templates
+ - bug#0002402: Subtree must not have the same header as the parent header
+ - bug#0002474: CLI add_device.php dows not set availability_method correctly
+ - bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
+ - bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
+ - bug#0002439: Password with special character don't work with LDAP authentication
+ - bug#0002461: invalid bn with ldap and anonymous bind
+ - bug#0002465: Graph Export return empty CSV file
+ - bug#0002484: Incorrect SQL request in cli script repair_database.php
+ - bug#0002485: Broken pagenation on graph viewing
+ - bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
+ - bug#0002490: Can not select page for multiple datasources per device
+ - bug#0002494: CSV export always shows last day
+ - bug#0002504: Data template search not functional
+ - bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
+ - bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
+ - bug#0002544: Duplicate entry in $nav_url during list view
+ - bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
+ - bug#0002572: SQL injection in graph templates
+- Renamed two patch files, to a more generic name:
+ - cacti-0.8.8c-cacti-log-path.patch to cacti-log-path.patch
+ - cacti-0.8.8c-cacti-script.patch to cacti-script.patch
+
+-------------------------------------------------------------------
+Mon Dec 8 11:25:49 UTC 2014 - aldemir.akpinar@gmail.com
+
+- Update to version 0.8.8c
+ - New features
+ - New graph tree view
+ - Updated graph list and graph preview
+ - Refactor graph tree view to remove GPL incompatible code
+ - Updated command line database upgrade utility
+ - Graph zooming now from everywhere
+ - Security fixes
+ - CVE-2013-5588 - XSS issue via installer or device editing
+ - CVE-2013-5589 - SQL injection vulnerability in device editing
+ - CVE-2014-2326 - XSS issue via CDEF editing
+ - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
+ - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
+ - CVE-2014-4002 - XSS issues in multiple files
+ - CVE-2014-5025 - XSS issue via data source editing
+ - CVE-2014-5026 - XSS issues in multiple files
+ - Removed cacti-0.8.8b-cacti-log-path.patch as it is incompatible with 0.8.8c.
+ - Removed cacti-0.8.8b-cacti-script.patch as it is incompatible with 0.8.8c.
+ - Removed cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch as this code is incorprated to cacti 0.8.8c
+ - Removed cacti-0.8.8b_security.patch as this code is incorprated to cacti 0.8.8c
+ - Created cacti-0.8.8c-cacti-log-path.patch so that cacti only logs to /var/log/cacti
+ - Created cacti-0.8.8c-cacti-script.patch so that cacti uses /usr/share/cacti/scripts
+
+-------------------------------------------------------------------
+Sun Apr 13 20:21:53 UTC 2014 - aj@ajaissle.de
+
+- Add cacti-0.8.8b_security.patch:
+ - Fixes [bnc#870821]:
+ - CVE-2014-2326: Unspecified HTML Injection Vulnerability
+ - Fixes CVE-2014-2328:
+ - Unspecified Remote Command Execution Vulnerability
+ - Fixes [bnc#872008]:
+ - CVE-2014-2708: Unspecified SQL Injection Vulnerability
+ - CVE-2014-2709: Unspecified Remote Command Execution Vulnerability
+
+- Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch:
+ - Fixes [bnc#837440]:
+ - CVE-2013-5588: HTML Injection Vulnerability
+ - CVE-2013-5589: SQL Injection Vulnerability
+
+-------------------------------------------------------------------
+Sat Apr 12 09:37:55 UTC 2014 - aj@ajaissle.de
+
+- Change php requirements to be more general on SUSE systems
+ [bnc#862993]
+
+-------------------------------------------------------------------
+Thu Aug 8 06:57:12 UTC 2013 - joop.boonen@opensuse.org
+
+- Update to version 0.8.8b
+ - bug: Fixed issue with custom data source information being lost when saved from edit
+ - bug: Repopulate the poller cache on new installations
+ - bug: Fix issue with poller not escaping the script query path correctly
+ - bug: Allow snmpv3 priv proto none
+ - bug: Fix issue where host activate may flush the entire poller item cache
+ - security: SQL injection and shell escaping issues
+
+-------------------------------------------------------------------
+Mon Jun 4 08:57:00 UTC 2012 - aldemir.akpinar@airties.com
+
+- Added official cacti 0.8.8a patch
+
+-------------------------------------------------------------------
+Mon Apr 30 11:09:10 UTC 2012 - aldemir.akpinar@airties.com
+
+- New version 0.8.8a
+- Fixed an rpmlint warning
+
+-------------------------------------------------------------------
+Mon Apr 16 10:27:23 UTC 2012 - joop.boonen@opensuse.org
+
+- Corrected the crontab file for openSUSE >= 12.2
+- Some cross distro fixes so plugins will also build for other distros
+
+-------------------------------------------------------------------
+Tue Apr 10 17:03:29 UTC 2012 - joop.boonen@opensuse.org
+
+- Install cacti in /srv/www/cacti/ from openSUSE 12.2 onwards
+- Passed the spec file through spec-cleaner
+- Cacti-PA can be removed as cacti includes the Plugin Architure
+
+-------------------------------------------------------------------
+Tue Apr 10 09:14:52 UTC 2012 - aldemir.akpinar@airties.com
+
+- Minor changes in the spec file, updated version to 0.8.8
+
+-------------------------------------------------------------------
+Sun Jan 8 12:58:28 UTC 2012 - joop.boonen@boonen.org
+
+- Reformated the spec file to the openSUSE standard
+
+-------------------------------------------------------------------
+Fri Dec 30 14:40:04 UTC 2011 - aldemir.akpinar@airties.com
+
+- Added official settings_checkbox patch
+
+-------------------------------------------------------------------
+Tue Dec 13 22:15:03 UTC 2011 - joop.boonen@opensuse.org
+
+- Build version 0.8.7i
+
+-------------------------------------------------------------------
+Tue Oct 4 13:19:26 UTC 2011 - aldemir.akpinar@airties.com
+
+- Upgrade to version 0.8.7h
+
+-------------------------------------------------------------------
+Fri Jun 10 00:00:00 UTC 2011 aldemir.akpinar@airties.com
+
+- added 'Provides' to make cactid installable
+
+-------------------------------------------------------------------
+Sat Jul 10 00:00:00 UTC 2010 joop.boonen@opensuse.org
+
+- update to cacti-0.8.7g
+
+-------------------------------------------------------------------
+Sat May 22 00:00:00 UTC 2010 joop.boonen@opensuse.org
+
+- update to cacti-0.8.7f
+
+-------------------------------------------------------------------
+Wed Nov 11 00:00:00 UTC 2009 joop.boonen@opensuse.org
+
+- Added the missing cli directory
+
+-------------------------------------------------------------------
+Mon Aug 31 00:00:00 UTC 2009 joop.boonen@opensuse.org
+
+- Minor change in the name of the patch file
+
+-------------------------------------------------------------------
+Fri Aug 28 00:00:00 UTC 2009 puzel@novell.com
+
+- update to cacti-0.8.7e.tar.bz2
+ - bug#0001044: Creating a DS, Output field can't be selected for
+ DT with a DIM when "Use Per-Data Source Value" is on
+ - bug#0001341: SNMP query: add oid_suffix for weird SNMP queries
+ - bug#0001345: Overwriting $snmp_index in query_snmp_host() breaks
+ SNMP Data query if using get method
+ - bug#0001346: Strip out noisy 'No Such Instance currently exists
+ at this OID'
+ - bug#0001404: timeout in "function ping_icmp" (lib/ping.php)
+ - bug#0001405: Spaces in DS when .rrd file is created, so it fails
+ - bug#0001407: Place graph thumbnail into div to lower page length
+ changes on load graphs
+ - bug#0001410: Thumbnail Columns is not honored for host display
+ with snmp index group style
+ - bug#0001411: Graph searching issue
+ - bug#0001413: strip_quotes fails
+ - bug#0001426: multiple form opening due to bug in draw_edit_form()
+ - bug#0001436: CSV Export Start Date and End Date are always
+ 1970-01-01 01:00:00
+ - bug#0001443: format_snmp_string can return a number with a leading space
+ - bug#0001446: Wrong dates override in CSV export
+ - bug#0001456: oid_uptime is not parsed correctly
+ - bug#0001460: Skiping input parameters in data_query_field_list()
+ may lead to SQL errors
+ - bug#0001464: Typo in install/index.php
+ - bug#0001467: Customisable oid index parse regexp for weird MIBs
+ - bug#0001468: Tree is not expanded correctly
++++ 256 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.cacti.3854.new/cacti.changes
New:
----
cacti-0.8.8d.tar.gz
cacti-httpd.conf
cacti-httpd.conf.default
cacti-httpd.conf.nonsuse
cacti-httpd.conf.vhost
cacti-log-path.patch
cacti-script.patch
cacti.changes
cacti.cron
cacti.cron.new
cacti.logrotate
cacti.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cacti.spec ++++++
#
# spec file for package cacti
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: cacti
Version: 0.8.8d
Release: 0.0
Summary: Web Front-End to Monitor System Data via RRDtool
License: GPL-2.0+
Group: System/Monitoring
Url: http://www.cacti.net/
Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
Source1: %{name}.cron
Source2: %{name}-httpd.conf
Source3: %{name}.logrotate
Source4: %{name}-httpd.conf.default
Source5: %{name}-httpd.conf.vhost
Source6: %{name}-httpd.conf.nonsuse
Source7: %{name}.cron.new
# PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-log-path.patch
Patch0: cacti-log-path.patch
# PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-script.patch
Patch1: cacti-script.patch
Provides: cacti-system
%if 0%{?suse_version}
BuildRequires: apache2-devel
Requires: apache2
Requires: cron
Requires: mod_php_any >= 5.1
Requires: php-mysql >= 5.1
Requires: php-snmp >= 5.1
Requires: php-sockets >= 5.1
Requires: rrdtool
%endif
%if 0%{?fedora_version} || 0%{?rhel_version} || 0%{?centos_version}
BuildRequires: httpd-devel
Requires: httpd
Requires: rrdtool
%endif
%if 0%{?centos_version}
Requires: php-mysql
Requires: php-snmp
%endif
%if 0%{?rhel_version}
Requires: php-mysql
#Requires: php-snmp
%endif
%if 0%{?fedora_version}
Requires: php-mysqlnd
Requires: php-snmp
%endif
%if 0%{?mandriva_version}
BuildRequires: apache-devel
Requires: apache
Requires: apache-mod_php
Requires: php-mysql
Requires: php-snmp
Requires: php-sockets
Requires: rrdtool
%endif
Requires: logrotate
Requires: net-snmp
Obsoletes: cacti-PA
Provides: cacti-PA
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%if 0%{?suse_version}
%define apxs /usr/sbin/apxs2
%else
%define apxs /usr/sbin/apxs
%endif
%define apache2_sysconfdir %(%{apxs} -q SYSCONFDIR)
%if 0%{?suse_version} <= 1210
%define prefix %{_datadir}/cacti
%else
%define prefix /srv/www/cacti
%endif
%description
Cacti is a complete front-end to RRDtool: it stores all necessary
information for creating graphs and populates them with data from a
MySQL database. The front-end is completely PHP driven. Along with
being ableto maintain graphs, data sources, and round robin archives
ina database, Cacti also handles data gathering. There exists an SNMP
support for those accustomed to creating traffic graphs with MRTG as
well.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
#nothing to build
%install
#delete the *.orig files
find . -type f -name "*\.orig" -exec rm {} \;
install -d -m 755 %{buildroot}%{prefix}
install -d -m 755 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 755 %{buildroot}%{_localstatedir}/log/%{name}
cp *.php %{buildroot}%{prefix}
cp -pr lib %{buildroot}%{prefix}
cp -pr include %{buildroot}%{prefix}
cp -pr images %{buildroot}%{prefix}
cp -pr install %{buildroot}%{prefix}
cp -pr resource %{buildroot}%{prefix}
cp -pr rra %{buildroot}%{prefix}
#cp -pr scripts %{buildroot}%{prefix}
#cp -pr cli %{buildroot}%{prefix}
install -d -m 755 scripts %{buildroot}%{prefix}/scripts
install -m 755 scripts/* %{buildroot}%{prefix}/scripts
install -d -m 755 cli %{buildroot}%{prefix}/cli
install -m 755 cli/* %{buildroot}%{prefix}/cli
install -m 644 *.sql %{buildroot}%{prefix}
# cron task
install -d -m 755 %{buildroot}%{_sysconfdir}/cron.d
%if 0%{?suse_version} > 1210
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/cron.d/cacti
%endif
%if 0%{?suse_version} <= 1210
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/cacti
%endif
%if ! 0%{?suse_version}
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/cacti
%endif
# apache2 config
%if 0%{?suse_version} > 1210
mkdir -p %{buildroot}/%{apache2_sysconfdir}/conf.d
cp -avL %{SOURCE4} %{buildroot}/%{apache2_sysconfdir}/conf.d/%{name}.conf
mkdir -p %{buildroot}/%{apache2_sysconfdir}/vhosts.d/conf.d
cp -avL %{SOURCE5} %{buildroot}/%{apache2_sysconfdir}/vhosts.d/conf.d/%{name}.conf
%endif
%if 0%{?suse_version} <= 1210
install -d -m 755 %{buildroot}%{apache2_sysconfdir}/conf.d
install -m 644 %{SOURCE2} %{buildroot}%{apache2_sysconfdir}/conf.d/cacti.conf
%endif
%if ! 0%{?suse_version}
mkdir -p %{buildroot}/%{apache2_sysconfdir}/../conf.d
cp -avL %{SOURCE6} %{buildroot}/%{apache2_sysconfdir}/../conf.d/%{name}.conf
%endif
# logrotate config
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# Set the correct permissions for pl and sh files
#find %{buildroot}%{prefix} -type f -name "*.sh" -o -name "*.pl" -exec chmod ugo+x {} \;
# compute files list without config file
find %{buildroot}%{prefix} -type d | sed -e 's|'%{buildroot}'|%dir |' >> %{name}.list
find %{buildroot}%{prefix} -type f ! -name config.php | sed -e 's|'%{buildroot}'||' >> %{name}.list
%files -f %{name}.list
%defattr(-,root,root)
%doc LICENSE docs/*
%attr(-,wwwrun,www) %dir %{_localstatedir}/lib/cacti
%attr(-,wwwrun,www) %dir %{_localstatedir}/log/cacti
%config(noreplace) %{prefix}/include/config.php
%config(noreplace) %{_sysconfdir}/cron.d/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%if 0%{?suse_version} <= 1210
%dir %{apache2_sysconfdir}/conf.d
%config(noreplace) %{apache2_sysconfdir}/conf.d/cacti.conf
%endif
%if 0%{?suse_version} > 1210
%dir %{apache2_sysconfdir}/conf.d
%config (noreplace) %{apache2_sysconfdir}/conf.d/%{name}.conf
%dir %{apache2_sysconfdir}/vhosts.d/conf.d
%config (noreplace) %{apache2_sysconfdir}/vhosts.d/conf.d/%{name}.conf
%endif
%if ! 0%{?suse_version}
%dir %{apache2_sysconfdir}/../conf.d
%config (noreplace) %{apache2_sysconfdir}/../conf.d/%{name}.conf
%endif
%post
%if 0%{?suse_version}
chown -R wwwrun.www %{prefix}/rra
%endif
%changelog
++++++ cacti-httpd.conf ++++++
Alias /cacti/ /usr/share/cacti/
participants (1)
-
root@hilbert.suse.de