Fix for BZ 222410

2007-01-12 15:52:07 +00:00 · 2007-01-12 15:52:07 +00:00 · b958e124d3
commit b958e124d3
parent 5bec4dfbd6
5 changed files with 316 additions and 1 deletions
--- a/cacti.spec
+++ b/cacti.spec
@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.6i
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: An rrd based graphing tool

 Group: Applications/System
@ -12,6 +12,10 @@ Source2: cacti.logrotate
 Source3: cacti.README.Fedora

 Patch1: cacti-0.8.6h-dbcfg.patch
+Patch2: http://www.cacti.net/downloads/patches/0.8.6i/import_template_argument_space_removal.patch
+Patch3: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-scripts-0.8.6i.patch
+Patch4: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-poller-0.8.6i.patch
+Patch5: http://www.cacti.net/downloads/patches/0.8.6i/poller_output_remainder.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

@ -32,6 +36,10 @@ used to creating traffic graphs with MRTG.
 %prep
 %setup -q
 %patch1 -p0
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1

 echo "#*/5 * * * *	cacti	%{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron

@ -103,6 +111,10 @@ fi
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib

 %changelog
+* Fri Jan 12 2007 Mike McGrath <imlinux@gmail.com> - 0.8.6i-5
+- Added 4 upstream patches
+- Fix for BZ 222410
+
 * Thu Nov 09 2006 Mike McGrath <imlinux@gmail.com> - 0.8.6i-4
 - Patch now includes <?php BG# 214914

--- a/dec06-vulnerability-poller-0.8.6i.patch
+++ b/dec06-vulnerability-poller-0.8.6i.patch
@ -0,0 +1,137 @@
+diff -ruBbd cacti-0.8.6i/cmd.php cacti-0.8.6i-patch/cmd.php
+--- cacti-0.8.6i/cmd.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/cmd.php	2007-01-01 12:27:15.328125000 -0500
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+@@ -70,6 +71,10 @@
+ 	$print_data_to_stdout = false;
+ 	if ($_SERVER["argc"] == "3") {
+ 		if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
+			/* address potential exploits */
+			input_validate_input_number($_SERVER["argv"][1]);
+			input_validate_input_number($_SERVER["argv"][2]);
+
+ 			$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
+ 					"id >= " .
+ 					$_SERVER["argv"][1] .
+diff -ruBbd cacti-0.8.6i/copy_cacti_user.php cacti-0.8.6i-patch/copy_cacti_user.php
+--- cacti-0.8.6i/copy_cacti_user.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/copy_cacti_user.php	2007-01-01 12:27:15.312500000 -0500
+@@ -25,9 +25,10 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (! isset($_SERVER["argv"][0])) {
+-	die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+
+ if (empty($_SERVER["argv"][2])) {
+ 	die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
+ }
+diff -ruBbd cacti-0.8.6i/include/html/inc_timespan_settings.php cacti-0.8.6i-patch/include/html/inc_timespan_settings.php
+--- cacti-0.8.6i/include/html/inc_timespan_settings.php	2006-10-09 00:05:58.000000000 -0400
+++ cacti-0.8.6i-patch/include/html/inc_timespan_settings.php	2007-01-02 11:55:45.953125000 -0500
+@@ -24,6 +24,20 @@
+  +-------------------------------------------------------------------------+
+ */
+ 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+	$_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+	$_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
+ /* initialize the timespan array */
+ $timespan = array();
+ 
+diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patch/poller.php
+--- cacti-0.8.6i/poller.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller.php	2007-01-01 12:27:15.328125000 -0500
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_commands.php cacti-0.8.6i-patch/poller_commands.php
+--- cacti-0.8.6i/poller_commands.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_commands.php	2007-01-01 12:27:15.328125000 -0500
+@@ -27,7 +27,7 @@
+ define("MAX_RECACHE_RUNTIME", 296);
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_export.php cacti-0.8.6i-patch/poller_export.php
+--- cacti-0.8.6i/poller_export.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_export.php	2007-01-01 12:27:15.328125000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_reindex_hosts.php cacti-0.8.6i-patch/poller_reindex_hosts.php
+--- cacti-0.8.6i/poller_reindex_hosts.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_reindex_hosts.php	2007-01-01 12:27:15.328125000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/rebuild_poller_cache.php cacti-0.8.6i-patch/rebuild_poller_cache.php
+--- cacti-0.8.6i/rebuild_poller_cache.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/rebuild_poller_cache.php	2007-01-01 12:27:15.312500000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/script_server.php cacti-0.8.6i-patch/script_server.php
+--- cacti-0.8.6i/script_server.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/script_server.php	2007-01-01 12:27:15.312500000 -0500
+@@ -26,9 +26,8 @@
+ $no_http_headers = true;
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+-	exit(-1);
+ }
+ 
+ /* define STDOUT/STDIN file descriptors if not running under CLI */
--- a/dec06-vulnerability-scripts-0.8.6i.patch
+++ b/dec06-vulnerability-scripts-0.8.6i.patch
@ -0,0 +1,106 @@
+diff -ruBbd cacti-0.8.6i/scripts/query_host_cpu.php cacti-0.8.6i-patch/scripts/query_host_cpu.php
+--- cacti-0.8.6i/scripts/query_host_cpu.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/query_host_cpu.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?php
+ 
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -ruBbd cacti-0.8.6i/scripts/query_host_partitions.php cacti-0.8.6i-patch/scripts/query_host_partitions.php
+--- cacti-0.8.6i/scripts/query_host_partitions.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/query_host_partitions.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?php
+ 
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -ruBbd cacti-0.8.6i/scripts/sql.php cacti-0.8.6i-patch/scripts/sql.php
+--- cacti-0.8.6i/scripts/sql.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/sql.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?
+ 
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+
+ include(dirname(__FILE__) . "/../include/config.php");
+ 
+ if ($database_password == "") {
+diff -ruBbd cacti-0.8.6i/scripts/ss_fping.php cacti-0.8.6i-patch/scripts/ss_fping.php
+--- cacti-0.8.6i/scripts/ss_fping.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_fping.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,7 +1,11 @@
+ <?php
+ #!/usr/bin/php -q
+ 
+-//STANDARD SCRIPT SERVER HEADER!!!
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_host_cpu.php cacti-0.8.6i-patch/scripts/ss_host_cpu.php
+--- cacti-0.8.6i/scripts/ss_host_cpu.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_host_cpu.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,4 +1,10 @@
+ <?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_host_disk.php cacti-0.8.6i-patch/scripts/ss_host_disk.php
+--- cacti-0.8.6i/scripts/ss_host_disk.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_host_disk.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,4 +1,10 @@
+ <?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_sql.php cacti-0.8.6i-patch/scripts/ss_sql.php
+--- cacti-0.8.6i/scripts/ss_sql.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_sql.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,5 +1,10 @@
+ <?php
+ 
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
+ $no_http_headers = true;
+ 
+ /* display ALL errors */
--- a/import_template_argument_space_removal.patch
+++ b/import_template_argument_space_removal.patch
@ -0,0 +1,14 @@
+--- cacti-0.8.6i/lib/import.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/lib/import.php	2007-01-02 08:17:09.593750000 -0500
+@@ -687,6 +687,11 @@
+ 	while (list($field_name, $field_array) = each($fields_data_input_edit)) {
+ 		/* make sure this field exists in the xml array first */
+ 		if (isset($xml_array[$field_name])) {
+			/* fix issue with data input method importing and white spaces */
+			if ($field_name == "input_string") {
+				$xml_array[$field_name] = str_replace("><", "> <", $xml_array[$field_name]);
+			}
+
+ 			$save[$field_name] = addslashes(xml_character_decode($xml_array[$field_name]));
+ 		}
+ 	}
--- a/poller_output_remainder.patch
+++ b/poller_output_remainder.patch
@ -0,0 +1,46 @@
+diff -ruBbd cacti-0.8.6i/lib/poller.php cacti-0.8.6i-patched/lib/poller.php
+--- cacti-0.8.6i/lib/poller.php	2006-10-08 23:06:01.000000000 -0400
+++ cacti-0.8.6i-patched/lib/poller.php	2006-11-21 23:41:02.000000000 -0500
+@@ -213,7 +213,7 @@
+ /* process_poller_output - grabs data from the 'poller_output' table and feeds the *completed*
+      results to RRDTool for processing
+    @arg $rrdtool_pipe - the array of pipes containing the file descriptor for rrdtool */
+-function process_poller_output($rrdtool_pipe) {
+function process_poller_output($rrdtool_pipe, $remainder = FALSE) {
+ 	global $config;
+ 
+ 	include_once($config["library_path"] . "/rrd.php");
+@@ -221,6 +221,12 @@
+ 	/* let's count the number of rrd files we processed */
+ 	$rrds_processed = 0;
+ 
+	if ($remainder) {
+		$limit = "";
+	}else{
+		$limit = "LIMIT 10000";
+	}
+
+ 	/* create/update the rrd files */
+ 	$results = db_fetch_assoc("select
+ 		poller_output.output,
+@@ -231,7 +237,7 @@
+ 		poller_item.rrd_num
+ 		from (poller_output,poller_item)
+ 		where (poller_output.local_data_id=poller_item.local_data_id and poller_output.rrd_name=poller_item.rrd_name)
+-		limit 10000");
+		$limit");
+ 
+ 	if (sizeof($results) > 0) {
+ 		/* create an array keyed off of each .rrd file */
+diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patched/poller.php
+--- cacti-0.8.6i/poller.php	2006-10-08 23:06:01.000000000 -0400
+++ cacti-0.8.6i-patched/poller.php	2006-11-12 11:49:05.000000000 -0500
+@@ -166,7 +166,7 @@
+ 		$polling_items = db_fetch_assoc("select poller_id,end_time from poller_time where poller_id = 0");
+ 
+ 		if (sizeof($polling_items) == $process_file_number) {
+-			$rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe);
+			$rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe, TRUE);
+ 
+ 			/* take time and log performance data */
+ 			list($micro,$seconds) = split(" ", microtime());