Update to 0.8.8g (#1302904)

.gitignore

@@ -0,0 +1 @@
+/cacti-0.8.8g.tar.gz

cacti-httpd.conf

@@ -0,0 +1,57 @@
+#
+# Cacti: An rrd based graphing tool
+#
+
+# For security reasons, the Cacti web interface is accessible only to
+# localhost in the default configuration. If you want to allow other clients
+# to access your Cacti installation, change the httpd ACLs below.
+# For example:
+# On httpd 2.4, change "Require host localhost" to "Require all granted".
+# On httpd 2.2, change "Allow from localhost" to "Allow from all".
+
+Alias /cacti    /usr/share/cacti
+
+<Directory /usr/share/cacti/>
+	<IfModule mod_authz_core.c>
+		# httpd 2.4
+		Require host localhost
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		# httpd 2.2
+		Order deny,allow
+		Deny from all
+		Allow from localhost
+	</IfModule>
+</Directory>
+
+<Directory /usr/share/cacti/install>
+	# mod_security overrides.
+	# Uncomment these if you use mod_security.
+	# allow POST of application/x-www-form-urlencoded during install
+	#SecRuleRemoveById 960010
+	# permit the specification of the rrdtool paths during install
+	#SecRuleRemoveById 900011
+</Directory>
+
+
+# These sections marked "Require all denied" (or "Deny from all")
+# should not be modified.
+# These are in place in order to harden Cacti.
+<Directory /usr/share/cacti/log>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>
+<Directory /usr/share/cacti/rra>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>

cacti.README.fedora

@@ -0,0 +1,30 @@
+In order for Cacti to function properly, please edit the following:
+
+/etc/cacti/db.php
+/etc/cron.d/cacti
+/etc/http/conf.d/cacti.conf
+
+The installation procedure, briefly summarized:
+
+  Create the cacti MySQL database:
+
+  # mysqladmin create cacti
+
+  Import the default cacti database:
+
+  # mysql cacti < /usr/share/doc/cacti-0.8.8a/cacti.sql
+
+  Create the user:
+
+  # mysql
+  mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser';
+
+  (Use a different password in the above GRANT command.)
+
+  Then visit http://localhost/cacti/ to complete the installation.
+
+Cacti's install procedure is not fully compatible with mod_security. If you use
+mod_security, please uncomment the SecRuleRemoveById lines in
+/etc/http/conf.d/cacti.conf.
+
+Cacti should work with SELinux. If you cannot get it to work, please file a bug.

cacti.cron

@@ -0,0 +1 @@
+#*/5 * * * *	cacti	/usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

cacti.logrotate

@@ -0,0 +1,8 @@
+/var/log/cacti/cacti.log {
+	missingok
+	monthly
+	notifempty
+	compress
+	create 0664 cacti apache
+	su cacti apache
+}

cacti.spec

@@ -0,0 +1,292 @@
+Name: cacti
+Version: 0.8.8g
+Release: 1%{?dist}
+Summary: An rrd based graphing tool
+License: GPLv2+
+URL: http://www.cacti.net/
+Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
+Source1: cacti-httpd.conf
+Source2: cacti.logrotate
+Source3: cacti.README.fedora
+Source4: d.gif
+Source5: d.png
+Source6: throbber.gif
+Source7: %{name}.cron
+Patch0: cacti-0.8.8a-legal.patch
+
+Requires: php, php-mysql, mysql, httpd, rrdtool, net-snmp, php-snmp
+Requires: net-snmp-utils
+Requires: crontabs
+Requires(pre): shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Buildrequires: systemd
+Provides: bundled(js-jquery) = 2.2.2
+BuildArch: noarch
+
+# This macro was added in Fedora 20. Use the old version if it's undefined
+# on older Fedoras and RHELs.
+# https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
+
+%description
+Cacti is a complete frontend to RRDTool. It stores all of the
+necessary information to create graphs and populate them with
+data in a MySQL database. The frontend is completely PHP
+driven.
+
+%prep
+%autosetup
+%patch0 -p1
+
+cp %{SOURCE4} %{SOURCE5} %{SOURCE6} include/js/jquery/themes/default/
+chmod -R 0644 include/js/images/*
+
+%build
+# cacti's build is a noop
+
+%install
+mkdir -p %{buildroot}/%{_sysconfdir}/%{name}
+install -d -m 0755 %{buildroot}/%{_pkgdocdir}
+install -d -m 0755 %{buildroot}/%{_datadir}/%{name}/
+install -m 0644 *.php %{buildroot}/%{_datadir}/%{name}/
+install -d -m 0775 log/ %{buildroot}/%{_localstatedir}/log/%{name}/
+install -m 0664 log/* %{buildroot}/%{_localstatedir}/log/%{name}/
+install -d -m 0755 rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/rra/
+install -d -m 0755 scripts/ %{buildroot}/%{_localstatedir}/lib//%{name}/scripts/
+install -m 0755 scripts/* %{buildroot}/%{_localstatedir}/lib/%{name}/scripts/
+install -d -m 0755 cli/ %{buildroot}/%{_localstatedir}/lib//%{name}/cli/
+install -m 0755 cli/* %{buildroot}/%{_localstatedir}/lib/%{name}/cli/
+install -p -D -m 0644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/cron.d/%{name}
+install -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/cacti.conf
+install -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/logrotate.d/cacti
+
+# The su parameter will trip up older logrotate versions.
+# Conditionally remove it here.
+%if 0%{?rhel} && 0%{?rhel} <= 6
+  sed -i %{buildroot}/%{_sysconfdir}/logrotate.d/cacti -e '/^[ \t]*su /d'
+%endif
+
+cp -a images/ include/ install/ lib/ plugins/ resource/ %{buildroot}%{_datadir}/%{name}
+cp %{SOURCE3} ./docs/README.fedora
+cp -a docs/ %{buildroot}/%{_pkgdocdir}
+mv %{buildroot}/%{_datadir}/%{name}/include/config.php %{buildroot}/%{_sysconfdir}/%{name}/db.php
+chmod +x %{buildroot}/%{_datadir}/%{name}/cmd.php %{buildroot}/%{_datadir}/%{name}/poller.php
+ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/config.php
+ln -s %{_localstatedir}/lib/%{name}/rra %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/lib/%{name}/scripts %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/lib/%{name}/cli %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{_datadir}/%{name}/log
+ln -s %{_datadir}/%{name}/lib %{buildroot}/%{_localstatedir}/lib/%{name}/
+ln -s %{_datadir}/%{name}/include %{buildroot}/%{_localstatedir}/lib/%{name}/
+
+%pre
+useradd -d %{_datadir}/%{name} -r -s /sbin/nologin cacti 2> /dev/null || :
+
+%post
+if [ $1 -eq 1 ] ; then
+	%systemd_postun_with_restart httpd.service
+fi
+
+%postun
+%systemd_postun_with_restart httpd.service
+
+%files
+%dir %{_sysconfdir}/%{name}
+%dir %{_datadir}/%{name}
+%dir %{_localstatedir}/lib/%{name}
+%dir %{_localstatedir}/lib/%{name}/cli
+%dir %{_localstatedir}/lib/%{name}/scripts
+%doc docs/ README cacti.sql
+%license LICENSE
+%config(noreplace) %{_sysconfdir}/cron.d/cacti
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/cacti.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%attr(0640,cacti,apache) %config(noreplace) %{_sysconfdir}/%{name}/db.php
+%{_datadir}/%{name}/*.php
+%{_datadir}/%{name}/images/
+%{_datadir}/%{name}/include/
+%{_datadir}/%{name}/install/
+%{_datadir}/%{name}/lib/
+%{_datadir}/%{name}/log
+%{_datadir}/%{name}/plugins/
+%{_datadir}/%{name}/resource/
+%{_datadir}/%{name}/rra
+%{_datadir}/%{name}/scripts
+%{_datadir}/%{name}/cli
+%{_localstatedir}/lib/%{name}/scripts/*[^p]
+%ghost %attr(-,cacti,apache) %{_localstatedir}/log/%{name}/
+%attr(-,cacti,root) %{_localstatedir}/lib/%{name}/rra/
+%attr(0644,root,root) %{_localstatedir}/lib/%{name}/scripts/*php
+%attr(0644,root,root) %{_localstatedir}/lib/%{name}/cli/*php
+%attr(0644,root,root) %{_localstatedir}/lib/%{name}/include
+%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
+
+%changelog
+* Fri Apr 15 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8g-1
+- Update to 0.8.8g
+- Improve spec file (#1302904)
+
+* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-2
+- CVE-2015-8369: SQL Injection vulnerability in graph.php
+- CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
+- CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
+
+* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-1
+- Update to 0.8.8f
+
+* Fri Jun 27 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-7
+- Patches for CVE-2014-4002 Cross-site scripting vulnerability
+  (RHBZ #1113035)
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8b-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Apr 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-5
+- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
+  (RHBZ #1084258)
+- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
+  (RHBZ #1084258)
+- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
+- Patch for CVE-2014-2328 use of exec-like function calls without safety
+  checks allow arbitrary command execution (RHBZ #1082122)
+
+* Fri Feb 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-4
+- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
+  Jóhann B. Guðmundsson.
+- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
+- Fix rpmlint warning about spaces-to-tabs
+
+* Wed Sep 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-3
+- Fix comments in thumbnails (BZ #1004550)
+
+* Mon Aug 26 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-2
+- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)
+
+* Wed Aug 07 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-1
+- New upstream release (BZ #993042)
+
+* Mon Jul 29 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-9
+- Use %%{_pkgdocdir}, per
+  https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
+
+* Sun Jul 14 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-8
+- Improve security description in cacti's httpd conf (RHBZ #895823)
+- Use improved treeview replacement patch (RHBZ #888207)
+- rpmlint fixes
+- trim RPM changelog
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Jan 08 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-6
+- Add note to README.fedora about the default MySQL password
+- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122)
+- Add dependency on net-snmp-utils (RHBZ #893150)
+
+* Fri Jan 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-5
+- Install our README file as README.fedora
+
+* Fri Jan  4 2013 Tom Callaway <spot@fedoraproject.org> - 0.8.8a-4
+- remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jun 28 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-2
+- Add plugins directory (BZ #834355)
+- Drop Fedora 15 (EOL) from logrotate syntax adjustment
+
+* Mon Apr 30 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-1
+- New upstream release (BZ #817506)
+- Drop upstreamed $url_path patch
+
+* Wed Apr 11 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-3
+- Patch $url_path to default to "/cacti/" (upstream bug 2217)
+
+* Fri Apr 06 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-2
+- Adjust httpd ACL conditionals to test the presence of mod_authz_core
+  (as discussed on fedora-devel)
+
+* Wed Apr 04 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-1
+- New upstream release (BZ #809753).
+
+* Mon Mar 26 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-4
+- Adjust ACLs to support httpd 2.4.
+
+* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7i-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Dec 13 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-2
+- Only set "su" logrotate parameter for F16 and above.
+- Tweak mod_security rules.
+
+* Mon Dec 12 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-1
+- New upstream release (BZ #766573).
+
+* Fri Nov 11 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-2
+- block HTTP access to log and rra directories (#609856)
+- overrides for mod_security
+- set logrotate to su to cacti apache when rotating (#753079)
+
+* Thu Oct 27 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-1
+- New upstream release.
+- Remove upstream'd mysql patch.
+
+* Mon Aug 08 2011 Jon Ciesla <limb@jcomserv.net> - 0.8.7g-3
+- Patch for MySQL 5.5, BZ 728513.
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7g-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jul 12 2010 Mike McGrath <mmcgrath@redhat.com> 0.8.7g-1
+- Upstream released new version
+
+* Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
+- Upstream released new version
+- Contains security updates #595289
+
+* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
+- Pulling in patches from upstream
+- SQL injection fix
+- BZ #541279
+
+* Tue Dec  1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
+- Pulling in some official patches
+- #541279
+- #541962
+
+* Sun Aug 16 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-1
+- Upstream released new version
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Mar 31 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 0.8.7d-3
+- Fix unowned cli directory (#473631)
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Feb 21 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7d-1
+- Upstream released new version
+
+* Mon Jul 28 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-4
+- Added cli directory
+
+* Fri Jul 18 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-3
+- fix my own mistake in the license tag
+
+* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-2
+- fix license tag
+
+* Thu Feb 14 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-1
+- Upstream released new version
+
+* Fri Nov 23 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-2
+- db.php is now 640 instead of 660 - #396331
+
+* Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-1
+- Upstream released new version
+- Fixes for bug #391691 - CVE-2007-6035

dead.package

@@ -1 +0,0 @@
-Too many unpatched CVEs, and upstream is close to dead. See post on fedora-devel / epel-announce.

sources

@@ -0,0 +1 @@
+75f660d54152182e1dbbf0db73143098  cacti-0.8.8g.tar.gz