diff --git a/CVE-2007-3112.patch b/CVE-2007-3112.patch deleted file mode 100644 index e77b2b4..0000000 --- a/CVE-2007-3112.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- branches/BRANCH_0_8_6/cacti/graph_image.php 2007/03/04 20:17:57 3898 -+++ branches/BRANCH_0_8_6/cacti/graph_image.php 2007/06/04 06:41:13 3956 -@@ -49,22 +49,22 @@ - $graph_data_array = array(); - - /* override: graph start time (unix time) */ --if (!empty($_GET["graph_start"])) { -+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) { - $graph_data_array["graph_start"] = $_GET["graph_start"]; - } - - /* override: graph end time (unix time) */ --if (!empty($_GET["graph_end"])) { -+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { - $graph_data_array["graph_end"] = $_GET["graph_end"]; - } - - /* override: graph height (in pixels) */ --if (!empty($_GET["graph_height"])) { -+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { - $graph_data_array["graph_height"] = $_GET["graph_height"]; - } - - /* override: graph width (in pixels) */ --if (!empty($_GET["graph_width"])) { -+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { - $graph_data_array["graph_width"] = $_GET["graph_width"]; - } - diff --git a/cacti-0.8.6h-dbcfg.patch b/cacti-0.8.6h-dbcfg.patch deleted file mode 100644 index 4095b39..0000000 --- a/cacti-0.8.6h-dbcfg.patch +++ /dev/null @@ -1,104 +0,0 @@ ---- include/config.php.orig 2006-01-13 14:44:09.000000000 -0600 -+++ include/config.php 2006-01-13 14:44:23.000000000 -0600 -@@ -23,15 +23,7 @@ - | - raXnet - http://www.raxnet.net/ | - +-------------------------------------------------------------------------+ - */ -- --/* make sure these values refect your actual database/host/user/password */ --$database_type = "mysql"; --$database_default = "cacti"; --$database_hostname = "localhost"; --$database_username = "cactiuser"; --$database_password = "cactiuser"; --$database_port = "3306"; -- -+require_once("db.php"); - /* ----- you probably do not need to change anything below this line ----- */ - - /* Files that do not need http header information - Command line scripts */ ---- include/db.php.orig 1969-12-31 18:00:00.000000000 -0600 -+++ include/db.php 2006-01-13 15:14:07.000000000 -0600 -@@ -0,0 +1,9 @@ -+ ---- docs/text/manual.txt.orig 2006-01-13 15:21:40.000000000 -0600 -+++ docs/text/manual.txt 2006-01-13 15:22:42.000000000 -0600 -@@ -144,7 +144,7 @@ - mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somep - assword'; - mysql> flush privileges; -- 5. Edit include/config.php and specify the MySQL user, -+ 5. Edit /etc/cacti/db.php and specify the MySQL user, - password and database for your Cacti configuration. - $database_default = "cacti"; - $database_hostname = "localhost"; -@@ -379,7 +379,7 @@ - all the DLL files and sh.exe from the c:\cacti directory. - - Configure Cacti -- 1. Edit cacti_web_root/cacti/include/config.php and specify -+ 1. Edit cacti_web_root/cacti/include/db.php and specify - the MySQL user, password, database, and database port for - your Cacti configuration. - $database_default = "cacti"; -@@ -504,7 +504,7 @@ - shell> tar xzvf cacti-version.tar.gz - 4. Rename the new Cacti directory to match the old one. - shell> mv cacti-version cacti -- 5. Edit include/config.php and specify the MySQL user, -+ 5. Edit /etc/cacti/db.php and specify the MySQL user, - password and database for your Cacti configuration. - $database_default = "cacti"; - $database_hostname = "localhost"; ---- ./docs/UPGRADE.orig 2006-01-13 15:32:34.000000000 -0600 -+++ ./docs/UPGRADE 2006-01-13 15:35:37.000000000 -0600 -@@ -21,7 +21,7 @@ - - shell> mv cacti-version cacti - -- 5. Edit include/config.php and specify the MySQL user, password and -+ 5. Edit /etc/cacti/db.php and specify the MySQL user, password and - database for your Cacti configuration. - - $database_default = "cacti"; ---- ./docs/INSTALL.orig 2006-01-13 15:32:45.000000000 -0600 -+++ ./docs/INSTALL 2006-01-13 15:35:46.000000000 -0600 -@@ -19,7 +19,7 @@ - mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword'; - mysql> flush privileges; - -- 5. Edit include/config.php and specify the MySQL user, password and -+ 5. Edit /etc/cacti/db.php and specify the MySQL user, password and - database for your Cacti configuration. - - $database_default = "cacti"; ---- ./docs/html/upgrade.html.orig 2006-01-13 15:32:22.000000000 -0600 -+++ ./docs/html/upgrade.html 2006-01-13 15:35:18.000000000 -0600 -@@ -67,7 +67,7 @@ - - -
Edit include/config.php and specify the MySQL user, password and database for your Cacti configuration.
-+Edit /etc/cacti/db.php and specify the MySQL user, password and database for your Cacti configuration.
-- $database_default = "cacti"; - $database_hostname = "localhost"; ---- ./docs/html/install_unix.html.orig 2006-01-13 15:32:28.000000000 -0600 -+++ ./docs/html/install_unix.html 2006-01-13 15:35:26.000000000 -0600 -@@ -67,7 +67,7 @@ -
Edit include/config.php and specify the MySQL user, password and database for your Cacti configuration.
-+Edit /etc/cacti/db.php and specify the MySQL user, password and database for your Cacti configuration.
-- $database_default = "cacti"; - $database_hostname = "localhost"; diff --git a/cacti.spec b/cacti.spec index de88c3c..1545bbd 100644 --- a/cacti.spec +++ b/cacti.spec @@ -1,6 +1,6 @@ Name: cacti -Version: 0.8.6j -Release: 9%{?dist} +Version: 0.8.7a +Release: 1%{?dist} Summary: An rrd based graphing tool Group: Applications/System @@ -11,14 +11,6 @@ Source1: cacti-httpd.conf Source2: cacti.logrotate Source3: cacti.README.Fedora -Patch1: cacti-0.8.6h-dbcfg.patch -Patch2: CVE-2007-3112.patch -Patch3: ping_php_version4_snmpgetnext.patch -Patch4: tree_console_missing_hosts.patch -Patch5: thumbnail_graphs_not_working.patch -Patch6: graph_debug_lockup_fix.patch -Patch7: snmpwalk_fix.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: php, php-mysql, mysql, httpd, rrdtool, net-snmp, php-snmp @@ -37,13 +29,6 @@ used to creating traffic graphs with MRTG. %prep %setup -q -%patch1 -p0 -%patch2 -p3 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron @@ -64,9 +49,9 @@ rm -rf %{buildroot} %{__cp} -a images/ include/ install/ lib/ resource/ %{buildroot}%{_datadir}/%{name} %{__cp} %{SOURCE3} ./docs/README.cacti %{__cp} -a docs/ %{buildroot}/%{_docdir}/%{name}-%{version} -%{__mv} %{buildroot}/%{_datadir}/%{name}/include/db.php %{buildroot}/%{_sysconfdir}/%{name}/db.php +%{__mv} %{buildroot}/%{_datadir}/%{name}/include/config.php %{buildroot}/%{_sysconfdir}/%{name}/db.php %{__chmod} +x %{buildroot}/%{_datadir}/%{name}/cmd.php %{buildroot}/%{_datadir}/%{name}/poller.php -ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/db.php +ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/config.php ln -s %{_localstatedir}/lib/%{name}/rra %{buildroot}/%{_datadir}/%{name}/ ln -s %{_localstatedir}/lib/%{name}/scripts %{buildroot}/%{_datadir}/%{name}/ ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{_datadir}/%{name}/log @@ -115,8 +100,13 @@ fi %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib %changelog -* Fri Sep 21 2007 Mike McGrath- 0.8.6j-9 -- Added rest of official patches +* Tue Nov 20 2007 Mike McGrath - 0.8.7a-1 +- Upstream released new version +- Fixes for bug #391691 - CVE-2007-6035 + +* Fri Oct 13 2007 Mike McGrath - 0.8.7-2 +- Upstream released new version +- No longer need to patch for /etc/cacti/* * Fri Sep 14 2007 Mike McGrath - 0.8.6j-8 - Fix for CVE-2007-3112 bz#243592 diff --git a/graph_debug_lockup_fix.patch b/graph_debug_lockup_fix.patch deleted file mode 100644 index d740a2a..0000000 --- a/graph_debug_lockup_fix.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- cacti-0.8.6j/lib/rrd.php 2007-01-17 19:23:10.000000000 -0500 -+++ cacti-0.8.6j-patch/lib/rrd.php 2007-03-01 15:32:18.609375000 -0500 -@@ -83,6 +83,7 @@ - if ($config["cacti_server_os"] == "unix") { - /* an empty $rrd_struc array means no fp is available */ - if (sizeof($rrd_struc) == 0) { -+ session_write_close(); - $fp = popen(read_config_option("path_rrdtool") . escape_command(" $command_line"), "r"); - }else{ - fwrite(rrd_get_fd($rrd_struc, RRDTOOL_PIPE_CHILD_READ), escape_command(" $command_line") . "\r\n"); -@@ -91,6 +92,7 @@ - }elseif ($config["cacti_server_os"] == "win32") { - /* an empty $rrd_struc array means no fp is available */ - if (sizeof($rrd_struc) == 0) { -+ session_write_close(); - $fp = popen(read_config_option("path_rrdtool") . escape_command(" $command_line"), "rb"); - }else{ - fwrite(rrd_get_fd($rrd_struc, RRDTOOL_PIPE_CHILD_READ), escape_command(" $command_line") . "\r\n"); diff --git a/ping_php_version4_snmpgetnext.patch b/ping_php_version4_snmpgetnext.patch deleted file mode 100644 index 10576f6..0000000 --- a/ping_php_version4_snmpgetnext.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- cacti-0.8.6j/lib/ping.php 2007-01-17 19:23:10.000000000 -0500 -+++ cacti-0.8.6j-patch/lib/ping.php 2007-01-20 19:45:55.015625000 -0500 -@@ -281,7 +281,13 @@ - - /* poll sysUptime for status */ - $retry_count = 0; -+ -+ /* getnext does not work in php versions less than 5 */ -+ if (version_compare("5", phpversion(), "<")) { - $oid = ".1"; -+ }else{ $oid = ".1.3.6.1.2.1.1.3.0"; -+ } -+ - while (1) { - if ($retry_count >= $this->retries) { - $this->snmp_status = "down"; -@@ -289,6 +295,8 @@ - return false; - } - -+ /* getnext does not work in php versions less than 5 */ -+ if (version_compare("5", phpversion(), "<")) { - $output = cacti_snmp_getnext($this->host["hostname"], - $this->host["snmp_community"], - $oid, -@@ -298,6 +306,16 @@ - $this->host["snmp_port"], - $this->host["snmp_timeout"], - SNMP_CMDPHP); -+ }else{ $output = cacti_snmp_get($this->host["hostname"], -+ $this->host["snmp_community"], -+ $oid, -+ $this->host["snmp_version"], -+ $this->host["snmp_username"], -+ $this->host["snmp_password"], -+ $this->host["snmp_port"], -+ $this->host["snmp_timeout"], -+ SNMP_CMDPHP); -+ } - - /* determine total time +- ~10% */ - $this->time = $this->get_time($this->precision); diff --git a/snmpwalk_fix.patch b/snmpwalk_fix.patch deleted file mode 100644 index 9661ac6..0000000 --- a/snmpwalk_fix.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ruBbd cacti-0.8.6j/lib/snmp.php cacti-0.8.6j-patched/lib/snmp.php ---- cacti-0.8.6j/lib/snmp.php 2007-01-17 19:23:10.000000000 -0500 -+++ cacti-0.8.6j-patched/lib/snmp.php 2007-05-15 21:26:14.000000000 -0400 -@@ -221,9 +219,9 @@ - $temp_array = exec_into_array(read_config_option("path_snmpwalk") . " -v$version -t $timeout -r $retries $hostname:$port $snmp_auth $oid"); - }else { - if (file_exists($path_snmpbulkwalk) && ($version > 1)) { -- $temp_array = exec_into_array($path_snmpbulkwalk . " -O n $snmp_auth -v $version -t $timeout -r $retries -Cr50 $hostname:$port $oid"); -+ $temp_array = exec_into_array($path_snmpbulkwalk . " -O Qn $snmp_auth -v $version -t $timeout -r $retries -Cr50 $hostname:$port $oid"); - }else{ -- $temp_array = exec_into_array(read_config_option("path_snmpwalk") . " -O n $snmp_auth -v $version -t $timeout -r $retries $hostname:$port $oid"); -+ $temp_array = exec_into_array(read_config_option("path_snmpwalk") . " -O Qn $snmp_auth -v $version -t $timeout -r $retries $hostname:$port $oid"); - } - } - diff --git a/sources b/sources index 2979952..4d4cbe5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -29436be46b289d13dfce48e7618129e2 cacti-0.8.6j.tar.gz +7d298e496058ec91f6d1ecdc97e0cca5 cacti-0.8.7a.tar.gz diff --git a/thumbnail_graphs_not_working.patch b/thumbnail_graphs_not_working.patch deleted file mode 100644 index badb558..0000000 --- a/thumbnail_graphs_not_working.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- cacti-0.8.6j/lib/rrd.php 2007-01-17 19:23:10.000000000 -0500 -+++ cacti-0.8.6j-patch/lib/rrd.php 2007-02-01 20:29:59.687500000 -0500 -@@ -1080,9 +1080,15 @@ - - if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") { - if (read_config_option("rrdtool_version") == "rrd-1.2.x") { -- $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":\"" . str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]) . $hardreturn[$graph_item_id] . "\" "; -+ $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":\"" . str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]) . $hardreturn[$graph_item_id] . "\" "; -+ if (trim($comment_string) != "COMMENT:\"\"") { -+ $txt_graph_items .= $comment_string; -+ } - }else { -- $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":\"" . $graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id] . "\" "; -+ $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":\"" . $graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id] . "\" "; -+ if (trim($comment_string) != "COMMENT:\"\"") { -+ $txt_graph_items .= $comment_string; -+ } - } - }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) { - $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */ diff --git a/tree_console_missing_hosts.patch b/tree_console_missing_hosts.patch deleted file mode 100644 index dde7a00..0000000 --- a/tree_console_missing_hosts.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- cacti-0.8.6j/lib/html_tree.php 2007-01-17 19:23:10.000000000 -0500 -+++ cacti-0.8.6j-patch/lib/html_tree.php 2007-01-27 15:48:50.390625000 -0500 -@@ -328,7 +328,7 @@ - while ($i > 1) { - $i--; - -- $parent_tier = substr($tier_string, 0, $i * CHARS_PER_TIER); -+ $parent_tier = tree_tier_string(substr($tier_string, 0, $i * CHARS_PER_TIER)); - $parent_variable = "sess_tree_leaf_expand_" . $leaf["graph_tree_id"] . "_" . $parent_tier; - - $effective = @$_SESSION[$parent_variable]; -@@ -365,8 +365,6 @@ - @returns - the string representing the leaf position - */ - function tree_tier_string($order_key, $chars_per_tier = CHARS_PER_TIER) { -- $root_test = str_pad('', $chars_per_tier, '0'); -- - $new_string = preg_replace("/0+$/",'',$order_key); - - return $new_string;