diff --git a/cacti-0.8.8b-rra-comments.patch b/cacti-0.8.8b-rra-comments.patch new file mode 100644 index 0000000..c5becfe --- /dev/null +++ b/cacti-0.8.8b-rra-comments.patch @@ -0,0 +1,42 @@ +------------------------------------------------------------------------ +r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line + +fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution +------------------------------------------------------------------------ +Index: branches/0.8.8/lib/rrd.php +=================================================================== +--- branches/0.8.8/lib/rrd.php (revision 7417) ++++ branches/0.8.8/lib/rrd.php (revision 7418) +@@ -1343,20 +1343,20 @@ + $need_rrd_nl = TRUE; + + if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") { ++ # perform variable substitution first (in case this will yield an empty results or brings command injection problems) ++ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item); ++ # next, compute the argument of the COMMENT statement and perform injection counter measures ++ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care ++ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]); ++ } else { ++ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]); ++ } ++ ++ # create rrdtool specific command line + if (read_config_option("rrdtool_version") != "rrd-1.0.x") { +- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " "; +- if (trim($comment_string) == 'COMMENT:"\n"') { +- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work +- } else if (trim($comment_string) != "COMMENT:\"\"") { +- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); +- } ++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " "; + }else { +- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " "; +- if (trim($comment_string) == 'COMMENT:"\n"') { +- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work +- } else if (trim($comment_string) != "COMMENT:\"\"") { +- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); +- } ++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " "; + } + }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) { + $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */ diff --git a/cacti.spec b/cacti.spec index 35c4bab..94f4e1d 100644 --- a/cacti.spec +++ b/cacti.spec @@ -1,6 +1,6 @@ Name: cacti Version: 0.8.8b -Release: 2%{?dist} +Release: 3%{?dist} Summary: An rrd based graphing tool Group: Applications/System @@ -30,6 +30,10 @@ Patch1: cacti-0.8.8a-replace_treeview_by_jquery.jstree.patch # https://bugzilla.redhat.com/1000860 Patch2: cacti-0.8.8b-sanitize-variables.patch +# Upstream patch to fix graph comments +# https://bugzilla.redhat.com/1004550 +Patch3: cacti-0.8.8b-rra-comments.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: php, php-mysql, mysql, httpd, rrdtool, net-snmp, php-snmp @@ -57,6 +61,7 @@ used to creating traffic graphs with MRTG. %patch0 -p1 %patch1 -p1 -b .notreeview %patch2 -p2 -b .sanitize +%patch3 -p2 -b .comments cp %{SOURCE4} %{SOURCE5} %{SOURCE6} include/js/jquery/themes/default/ rm -rf include/treeview @@ -147,6 +152,9 @@ fi %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib %changelog +* Wed Sep 04 2013 Ken Dreyer - 0.8.8b-3 +- Fix comments in thumbnails (BZ #1004550) + * Mon Aug 26 2013 Ken Dreyer - 0.8.8b-2 - Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)