Upstream released new version (has security fixes)

This commit is contained in:
Mike McGrath 2010-05-24 15:57:00 +00:00
parent a3f509ae41
commit 254407a910
7 changed files with 7 additions and 471 deletions

View File

@ -1,6 +1,6 @@
Name: cacti
Version: 0.8.7e
Release: 4%{?dist}
Version: 0.8.7f
Release: 1%{?dist}
Summary: An rrd based graphing tool
Group: Applications/System
@ -11,11 +11,6 @@ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
Source1: cacti-httpd.conf
Source2: cacti.logrotate
Source3: cacti.README.Fedora
Patch0: cli_add_graph.patch
Patch1: snmp_invalid_response.patch
Patch2: template_duplication.patch
Patch3: cross_site_fix.patch
Patch4: sql_injection_template_export.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -35,11 +30,6 @@ used to creating traffic graphs with MRTG.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
@ -115,6 +105,10 @@ fi
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
* Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
- Upstream released new version
- Contains security updates #595289
* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
- Pulling in patches from upstream
- SQL injection fix

View File

@ -1,11 +0,0 @@
--- ../tags/0.8.7e/cli/add_graphs.php 2009-06-28 12:34:31.000000000 -0400
+++ 0.8.7/cli/add_graphs.php 2009-08-18 20:04:44.000000000 -0400
@@ -570,7 +570,7 @@
echo " 3|Fields = Verify all Fields\n";
echo "List Options:\n";
echo " --list-hosts\n";
- echo " --list-graph-templates [--host_template=[ID]]\n";
+ echo " --list-graph-templates [--host-template-id=[ID]]\n";
echo " --list-input-fields --graph-template-id=[ID]\n";
echo " --list-snmp-queries\n";
echo " --list-query-types --snmp-query-id [ID]\n";

View File

@ -1,175 +0,0 @@
--- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/graph.php 2009-11-21 23:10:16.000000000 -0500
@@ -35,6 +35,8 @@
/* ================= input validation ================= */
input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("graph_end"));
+input_validate_input_number(get_request_var("graph_start"));
input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
/* ==================================================== */
--- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500
@@ -58,7 +58,7 @@
if ($_SESSION["custom"]) {
print "<meta http-equiv=refresh content='99999'>\r\n";
}else{
- print "<meta http-equiv=refresh content='" . read_graph_config_option("page_refresh") . "'>\r\n";
+ print "<meta http-equiv=refresh content='" . htmlspecialchars(read_graph_config_option("page_refresh"),ENT_QUOTES) . "'>\r\n";
}
}
?>
@@ -113,7 +113,7 @@
</tr>
<tr class="noprint">
<td bgcolor="#efefef" colspan="1" height="8" style="background-image: url(images/shadow_gray.gif); background-repeat: repeat-x; border-right: #aaaaaa 1px solid;">
- <img src="images/transparent_line.gif" width="<?php print read_graph_config_option("default_dual_pane_width");?>" height="2" border="0"><br>
+ <img src="images/transparent_line.gif" width="<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>" height="2" border="0"><br>
</td>
<td bgcolor="#ffffff" colspan="1" height="8" style="background-image: url(images/shadow.gif); background-repeat: repeat-x;">
@@ -144,7 +144,7 @@
<tr>
<?php if ((read_graph_config_option("default_tree_view_mode") == "2") && (($_REQUEST["action"] == "tree") || ((isset($_REQUEST["view_type"]) ? $_REQUEST["view_type"] : "") == "tree"))) { ?>
- <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print read_graph_config_option("default_dual_pane_width");?>' class='noprint'>
+ <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
<table border=0 cellpadding=0 cellspacing=0><tr><td><font size=-2><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></font></td></tr></table>
<?php grow_dhtml_trees(); ?>
<script type="text/javascript">initializeDocument();</script>
--- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500
@@ -235,13 +235,21 @@
if (sizeof($items) > 0) {
foreach ($items as $item) {
- print $item["name"] . "<br>";
+ print htmlspecialchars($item["name"],ENT_QUOTES) . "<br>";
}
}
break;
+ case 'font':
+ form_font_box($field_name, $field_array["value"],
+ ((isset($field_array["default"])) ? $field_array["default"] : ""),
+ $field_array["max_length"],
+ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
+ ((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
+
+ break;
default:
- print "<em>" . $field_array["value"] . "</em>";
+ print "<em>" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "</em>";
form_hidden_box($field_name, $field_array["value"], "");
@@ -384,7 +392,7 @@
$form_previous_value = $form_default_value;
}
- print "<input type='hidden' id='$form_name' name='$form_name' value='$form_previous_value'>\n";
+ print "<input type='hidden' id='$form_name' name='$form_name' value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>\n";
}
/* form_dropdown - draws a standard html dropdown box
@@ -568,7 +576,7 @@
}
}
- print ">". $array_display[$id];
+ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
print "</option>\n";
}
@@ -627,6 +635,65 @@
print "</select>\n";
}
+/* form_font_box - draws a standard html textbox and provides status of a fonts existence
+ @arg $form_name - the name of this form element
+ @arg $form_previous_value - the current value of this form element
+ @arg $form_default_value - the value of this form element to use if there is
+ no current value available
+ @arg $form_max_length - the maximum number of characters that can be entered
+ into this textbox
+ @arg $form_size - the size (width) of the textbox
+ @arg $type - the type of textbox, either 'text' or 'password'
+ @arg $current_id - used to determine if a current value for this form element
+ exists or not. a $current_id of '0' indicates that no current value exists,
+ a non-zero value indicates that a current value does exist */
+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
+ if (($form_previous_value == "") && (empty($current_id))) {
+ $form_previous_value = $form_default_value;
+ }
+
+ print "<input type='$type'";
+
+ if (isset($_SESSION["sess_error_fields"])) {
+ if (!empty($_SESSION["sess_error_fields"][$form_name])) {
+ print "class='txtErrorTextBox'";
+ unset($_SESSION["sess_error_fields"][$form_name]);
+ }
+ }
+
+ if (isset($_SESSION["sess_field_values"])) {
+ if (!empty($_SESSION["sess_field_values"][$form_name])) {
+ $form_previous_value = $_SESSION["sess_field_values"][$form_name];
+ }
+ }
+
+ if (strlen($form_previous_value) == 0) { # no data: defaults are used; everythings fine
+ $extra_data = "";
+ } else {
+ if (read_config_option("rrdtool_version") == "rrd-1.3.x") { # rrdtool 1.3 uses fontconfig
+ $font = '"' . $form_previous_value . '"';
+ $out_array = array();
+ exec('fc-list ' . $font, $out_array);
+ if (sizeof($out_array) == 0) {
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: FONT NOT FOUND" . "]</span>";
+ } else {
+ $extra_data = "<span style='color:green'><br>[" . "OK: FONT FOUND" . "]</span>";
+ }
+ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
+ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
+ if (is_file($form_previous_value)) {
+ $extra_data = "<span style='color:green'><br>[" . "OK: FILE FOUND" . "]</span>";
+ }else if (is_dir($form_previous_value)) {
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: IS DIR" . "]</span>";
+ }else{
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: FILE NOT FOUND" . "]</span>";
+ }
+ } # will be used for future versions of rrdtool
+ }
+
+ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
+}
+
/* form_confirm - draws a table presenting the user with some choice and allowing
them to either proceed (delete) or cancel
@arg $body_text - the text to prompt the user with on this form
--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500
@@ -125,9 +125,9 @@
if (isset($_POST["date1"])) {
/* the dates have changed, therefore, I am now custom */
if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
- $timespan["current_value_date1"] = $_POST["date1"];
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
$timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
- $timespan["current_value_date2"] = $_POST["date2"];
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
$timespan["end_now"]=strtotime($timespan["current_value_date2"]);
$_SESSION["sess_current_timespan"] = GT_CUSTOM;
$_SESSION["custom"] = 1;
@@ -135,8 +135,8 @@
}else {
/* the default button wasn't pushed */
if (!isset($_POST["button_clear_x"])) {
- $timespan["current_value_date1"] = $_POST["date1"];
- $timespan["current_value_date2"] = $_POST["date2"];
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
$timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
$timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];

View File

@ -1,25 +0,0 @@
--- ../tags/0.8.7e/include/global_arrays.php 2009-06-28 12:34:31.000000000 -0400
+++ 0.8.7/include/global_arrays.php 2009-08-18 20:04:44.000000000 -0400
@@ -174,6 +174,10 @@
"DES" => "DES (default)",
"AES128" => "AES");
+$banned_snmp_strings = array(
+ "End of MIB",
+ "No Such");
+
$logfile_options = array(1 =>
"Logfile Only",
"Logfile and Syslog/Eventlog",
--- ../tags/0.8.7e/lib/snmp.php 2009-06-28 12:34:30.000000000 -0400
+++ 0.8.7/lib/snmp.php 2009-08-18 20:04:44.000000000 -0400
@@ -27,9 +27,6 @@
define("SNMP_METHOD_PHP", 1);
define("SNMP_METHOD_BINARY", 2);
-/* declare once, use many times */
-$banned_snmp_strings = array("End of MIB", "No Such");
-
/* we must use an apostrophe to escape community names under Unix in case the user uses
characters that the shell might interpret. the ucd-snmp binaries on Windows flip out when
you do this, but are perfectly happy with a quotation mark. */

View File

@ -1 +1 @@
7563a58a57d2c6cc0da28cc341a30969 cacti-0.8.7e.tar.gz
c50a49e3b439dba1fd44ddc34276d4df cacti-0.8.7f.tar.gz

View File

@ -1,13 +0,0 @@
--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
function form_save() {
global $export_types;
+ /* ================= input validation ================= */
+ input_validate_input_number(get_request_var_post("export_item_id"));
+ /* ==================================================== */
+
if (isset($_POST["save_component_export"])) {
$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));

View File

@ -1,234 +0,0 @@
diff -ruBbd 0.8.7e/cli/repair_templates.php 0.8.7/cli/repair_templates.php
--- 0.8.7e/cli/repair_templates.php 2009-08-18 22:03:22.000000000 -0400
+++ 0.8.7/cli/repair_templates.php 2009-08-20 07:43:54.000000000 -0400
@@ -0,0 +1,135 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2009 The Cacti Group |
+ | |
+ | This program is free software; you can redistribute it and/or |
+ | modify it under the terms of the GNU General Public License |
+ | as published by the Free Software Foundation; either version 2 |
+ | of the License, or (at your option) any later version. |
+ | |
+ | This program is distributed in the hope that it will be useful, |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+ | GNU General Public License for more details. |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDTool-based Graphing Solution |
+ +-------------------------------------------------------------------------+
+ | This code is designed, written, and maintained by the Cacti Group. See |
+ | about.php and/or the AUTHORS file for specific developer information. |
+ +-------------------------------------------------------------------------+
+ | http://www.cacti.net/ |
+ +-------------------------------------------------------------------------+
+*/
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+$no_http_headers = true;
+
+include(dirname(__FILE__) . "/../include/global.php");
+include_once("../lib/utility.php");
+include_once("../lib/template.php");
+
+/* process calling arguments */
+$parms = $_SERVER["argv"];
+array_shift($parms);
+
+$execute = FALSE;
+
+foreach($parms as $parameter) {
+ @list($arg, $value) = @explode("=", $parameter);
+
+ switch ($arg) {
+ case "--execute":
+ $execute = TRUE;
+ break;
+ case "-h":
+ case "-v":
+ case "-V":
+ case "--version":
+ case "--help":
+ display_help();
+ exit;
+ default:
+ print "ERROR: Invalid Parameter " . $parameter . "\n\n";
+ display_help();
+ exit;
+ }
+}
+
+if ($execute) {
+ echo "NOTE: Repairing All Duplicated Templates\n";
+} else {
+ echo "NOTE: Performing Check of Templates\n";
+}
+
+/* repair data templates first */
+if ($execute) {
+ echo "NOTE: Repairing Data Templates\n";
+} else {
+ echo "NOTE: Performing Check of Data Templates\n";
+}
+
+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT data_template_id FROM data_template_rrd WHERE hash='' AND local_data_id=0");
+if (sizeof($damaged_template_ids)) {
+ foreach($damaged_template_ids as $id) { $template_name = db_fetch_cell("SELECT name FROM data_template WHERE id=" . $id["data_template_id"]);
+ echo "NOTE: Data Template '$template_name' is Damaged and can be repaired\n";
+ }
+
+ $damaged_templates = db_fetch_assoc("SELECT * FROM data_template_rrd WHERE hash='' AND local_data_id=0");
+ if (sizeof($damaged_templates)) {
+ echo "NOTE: -- Damaged Data Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
+ if ($execute) {
+ foreach($damaged_templates as $template) {
+ $hash = get_hash_data_template($template["local_data_template_rrd_id"], "data_template_item");
+ db_execute("UPDATE data_template_rrd SET hash='$hash' WHERE id=" . $template["id"]);
+ }
+ }
+ }
+} else {
+ echo "NOTE: No Damaged Data Templates Found\n";
+}
+
+/* reset the array */
+$damaged_templates = array();
+
+/* repair graph templates */
+if ($execute) {
+ echo "NOTE: Repairing Graph Templates\n";
+} else {
+ echo "NOTE: Performing Check of Graph Templates\n";
+}
+
+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT graph_template_id FROM graph_template_input WHERE hash=''");
+if (sizeof($damaged_template_ids)) {
+ foreach($damaged_template_ids as $id) {
+ $template_name = db_fetch_cell("SELECT name FROM graph_templates WHERE id=" . $id["graph_template_id"]);
+ echo "NOTE: Graph Template '$template_name' is Damaged and can be repaired\n";
+ }
+
+ $damaged_templates = db_fetch_assoc("SELECT * FROM graph_template_input WHERE hash=''");
+ if (sizeof($damaged_templates)) {
+ echo "NOTE: -- Damaged Graph Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
+ if ($execute) {
+ foreach($damaged_templates as $template) {
+ $hash = get_hash_graph_template(0, "graph_template_input");
+ db_execute("UPDATE graph_template_input SET hash='$hash' WHERE id=" . $template["id"]);
+ }
+ }
+ }
+} else {
+ echo "NOTE: No Damaged Graph Templates Found\n";
+}
+
+
+/* display_help - displays the usage of the function */
+function display_help () {
+ print "Cacti Database Template Repair Tool v1.0, Copyright 2004-2009 - The Cacti Group\n\n";
+ print "usage: repair_templates.php --execute [--help]\n\n";
+ print "--execute - Perform the repair\n";
+ print "--help - display this help message\n";
+}
+?>
diff -ruBbd 0.8.7e/docs/README 0.8.7/docs/README
--- 0.8.7e/docs/README 2009-08-18 21:57:30.000000000 -0400
+++ 0.8.7/docs/README 2009-08-18 21:58:09.000000000 -0400
@@ -90,6 +90,9 @@
table
poller_reindex_hosts.php - Cause data query reindex on hosts
rebuild_poller_cache.php - Rebuilds the poller cache
+ repair_templates.php - Certain templates, when created using the "duplicate"
+ function in Cacti, do not import/export well. This utility repairs
+ those templates.
diff -ruBbd 0.8.7e/lib/export.php 0.8.7/lib/export.php
--- 0.8.7e/lib/export.php 2009-08-18 21:56:47.000000000 -0400
+++ 0.8.7/lib/export.php 2009-08-18 21:57:50.000000000 -0400
@@ -811,7 +811,9 @@
}
function xml_character_encode($text) {
-
+ if (function_exists("htmlspecialchars")) {
+ return htmlspecialchars($text, ENT_QUOTES, "UTF-8");
+ } else {
$text = str_replace("&", "&amp;", $text);
$text = str_replace(">", "&gt;", $text);
$text = str_replace("<", "&lt;", $text);
@@ -819,6 +821,7 @@
$text = str_replace("\'", "&apos;", $text);
return $text;
+ }
}
?>
diff -ruBbd 0.8.7e/lib/import.php 0.8.7/lib/import.php
--- 0.8.7e/lib/import.php 2009-08-18 21:56:59.000000000 -0400
+++ 0.8.7/lib/import.php 2009-08-18 21:57:55.000000000 -0400
@@ -36,10 +36,6 @@
return $info_array;
}
- if (isset($xml_array["name"])) {
- $xml_array["name"] = htmlspecialchars($xml_array["name"]);
- }
-
while (list($hash, $hash_array) = each($xml_array)) {
/* parse information from the hash */
$parsed_hash = parse_xml_hash($hash);
@@ -115,7 +111,7 @@
$_graph_template_id = db_fetch_cell("select id from graph_templates where hash='$hash'");
$save["id"] = (empty($_graph_template_id) ? "0" : $_graph_template_id);
$save["hash"] = $hash;
- $save["name"] = htmlspecialchars($xml_array["name"]);
+ $save["name"] = $xml_array["name"];
$graph_template_id = sql_save($save, "graph_templates");
$hash_cache["graph_template"][$hash] = $graph_template_id;
@@ -914,9 +910,13 @@
}
function xml_character_decode($text) {
+ if (function_exists("html_entity_decode")) {
+ return html_entity_decode($text, ENT_QUOTES, "UTF-8");
+ } else {
$trans_tbl = get_html_translation_table(HTML_ENTITIES);
$trans_tbl = array_flip($trans_tbl);
return strtr($text, $trans_tbl);
+ }
}
?>
diff -ruBbd 0.8.7e/lib/utility.php 0.8.7/lib/utility.php
--- 0.8.7e/lib/utility.php 2009-08-18 21:57:08.000000000 -0400
+++ 0.8.7/lib/utility.php 2009-08-18 21:58:00.000000000 -0400
@@ -346,6 +346,7 @@
$save["name"] = $graph_template_input["name"];
$save["description"] = $graph_template_input["description"];
$save["column_name"] = $graph_template_input["column_name"];
+ $save["hash"] = get_hash_graph_template(0, "graph_template_input");
$graph_template_input_id = sql_save($save, "graph_template_input");
@@ -436,6 +437,11 @@
$save["local_data_id"] = (isset($local_data_id) ? $local_data_id : 0);
$save["local_data_template_rrd_id"] = (isset($data_template_rrd["local_data_template_rrd_id"]) ? $data_template_rrd["local_data_template_rrd_id"] : 0);
$save["data_template_id"] = (!empty($_local_data_id) ? $data_template_rrd["data_template_id"] : $data_template_id);
+ if ($save["local_data_id"] == 0) {
+ $save["hash"] = get_hash_data_template($data_template_rrd["local_data_template_rrd_id"], "data_template_item");
+ } else {
+ $save["hash"] = '';
+ }
while (list($field, $array) = each($struct_data_source_item)) {
$save{$field} = $data_template_rrd{$field};