Update to 0.8.8g (#1302904)

This commit is contained in:
Morten Stevens 2016-04-15 17:13:41 +02:00
parent 59e6571194
commit fe32fcfaf9
12 changed files with 8556 additions and 1 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/cacti-0.8.8g.tar.gz

8166
cacti-0.8.8a-legal.patch Normal file

File diff suppressed because one or more lines are too long

57
cacti-httpd.conf Normal file
View File

@ -0,0 +1,57 @@
#
# Cacti: An rrd based graphing tool
#
# For security reasons, the Cacti web interface is accessible only to
# localhost in the default configuration. If you want to allow other clients
# to access your Cacti installation, change the httpd ACLs below.
# For example:
# On httpd 2.4, change "Require host localhost" to "Require all granted".
# On httpd 2.2, change "Allow from localhost" to "Allow from all".
Alias /cacti /usr/share/cacti
<Directory /usr/share/cacti/>
<IfModule mod_authz_core.c>
# httpd 2.4
Require host localhost
</IfModule>
<IfModule !mod_authz_core.c>
# httpd 2.2
Order deny,allow
Deny from all
Allow from localhost
</IfModule>
</Directory>
<Directory /usr/share/cacti/install>
# mod_security overrides.
# Uncomment these if you use mod_security.
# allow POST of application/x-www-form-urlencoded during install
#SecRuleRemoveById 960010
# permit the specification of the rrdtool paths during install
#SecRuleRemoveById 900011
</Directory>
# These sections marked "Require all denied" (or "Deny from all")
# should not be modified.
# These are in place in order to harden Cacti.
<Directory /usr/share/cacti/log>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory /usr/share/cacti/rra>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>

30
cacti.README.fedora Normal file
View File

@ -0,0 +1,30 @@
In order for Cacti to function properly, please edit the following:
/etc/cacti/db.php
/etc/cron.d/cacti
/etc/http/conf.d/cacti.conf
The installation procedure, briefly summarized:
Create the cacti MySQL database:
# mysqladmin create cacti
Import the default cacti database:
# mysql cacti < /usr/share/doc/cacti-0.8.8a/cacti.sql
Create the user:
# mysql
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser';
(Use a different password in the above GRANT command.)
Then visit http://localhost/cacti/ to complete the installation.
Cacti's install procedure is not fully compatible with mod_security. If you use
mod_security, please uncomment the SecRuleRemoveById lines in
/etc/http/conf.d/cacti.conf.
Cacti should work with SELinux. If you cannot get it to work, please file a bug.

1
cacti.cron Normal file
View File

@ -0,0 +1 @@
#*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

8
cacti.logrotate Normal file
View File

@ -0,0 +1,8 @@
/var/log/cacti/cacti.log {
missingok
monthly
notifempty
compress
create 0664 cacti apache
su cacti apache
}

292
cacti.spec Normal file
View File

@ -0,0 +1,292 @@
Name: cacti
Version: 0.8.8g
Release: 1%{?dist}
Summary: An rrd based graphing tool
License: GPLv2+
URL: http://www.cacti.net/
Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
Source1: cacti-httpd.conf
Source2: cacti.logrotate
Source3: cacti.README.fedora
Source4: d.gif
Source5: d.png
Source6: throbber.gif
Source7: %{name}.cron
Patch0: cacti-0.8.8a-legal.patch
Requires: php, php-mysql, mysql, httpd, rrdtool, net-snmp, php-snmp
Requires: net-snmp-utils
Requires: crontabs
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Buildrequires: systemd
Provides: bundled(js-jquery) = 2.2.2
BuildArch: noarch
# This macro was added in Fedora 20. Use the old version if it's undefined
# on older Fedoras and RHELs.
# https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
%description
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven.
%prep
%autosetup
%patch0 -p1
cp %{SOURCE4} %{SOURCE5} %{SOURCE6} include/js/jquery/themes/default/
chmod -R 0644 include/js/images/*
%build
# cacti's build is a noop
%install
mkdir -p %{buildroot}/%{_sysconfdir}/%{name}
install -d -m 0755 %{buildroot}/%{_pkgdocdir}
install -d -m 0755 %{buildroot}/%{_datadir}/%{name}/
install -m 0644 *.php %{buildroot}/%{_datadir}/%{name}/
install -d -m 0775 log/ %{buildroot}/%{_localstatedir}/log/%{name}/
install -m 0664 log/* %{buildroot}/%{_localstatedir}/log/%{name}/
install -d -m 0755 rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/rra/
install -d -m 0755 scripts/ %{buildroot}/%{_localstatedir}/lib//%{name}/scripts/
install -m 0755 scripts/* %{buildroot}/%{_localstatedir}/lib/%{name}/scripts/
install -d -m 0755 cli/ %{buildroot}/%{_localstatedir}/lib//%{name}/cli/
install -m 0755 cli/* %{buildroot}/%{_localstatedir}/lib/%{name}/cli/
install -p -D -m 0644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/cron.d/%{name}
install -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/cacti.conf
install -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/logrotate.d/cacti
# The su parameter will trip up older logrotate versions.
# Conditionally remove it here.
%if 0%{?rhel} && 0%{?rhel} <= 6
sed -i %{buildroot}/%{_sysconfdir}/logrotate.d/cacti -e '/^[ \t]*su /d'
%endif
cp -a images/ include/ install/ lib/ plugins/ resource/ %{buildroot}%{_datadir}/%{name}
cp %{SOURCE3} ./docs/README.fedora
cp -a docs/ %{buildroot}/%{_pkgdocdir}
mv %{buildroot}/%{_datadir}/%{name}/include/config.php %{buildroot}/%{_sysconfdir}/%{name}/db.php
chmod +x %{buildroot}/%{_datadir}/%{name}/cmd.php %{buildroot}/%{_datadir}/%{name}/poller.php
ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/config.php
ln -s %{_localstatedir}/lib/%{name}/rra %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/lib/%{name}/scripts %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/lib/%{name}/cli %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{_datadir}/%{name}/log
ln -s %{_datadir}/%{name}/lib %{buildroot}/%{_localstatedir}/lib/%{name}/
ln -s %{_datadir}/%{name}/include %{buildroot}/%{_localstatedir}/lib/%{name}/
%pre
useradd -d %{_datadir}/%{name} -r -s /sbin/nologin cacti 2> /dev/null || :
%post
if [ $1 -eq 1 ] ; then
%systemd_postun_with_restart httpd.service
fi
%postun
%systemd_postun_with_restart httpd.service
%files
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %{_localstatedir}/lib/%{name}
%dir %{_localstatedir}/lib/%{name}/cli
%dir %{_localstatedir}/lib/%{name}/scripts
%doc docs/ README cacti.sql
%license LICENSE
%config(noreplace) %{_sysconfdir}/cron.d/cacti
%config(noreplace) %{_sysconfdir}/httpd/conf.d/cacti.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0640,cacti,apache) %config(noreplace) %{_sysconfdir}/%{name}/db.php
%{_datadir}/%{name}/*.php
%{_datadir}/%{name}/images/
%{_datadir}/%{name}/include/
%{_datadir}/%{name}/install/
%{_datadir}/%{name}/lib/
%{_datadir}/%{name}/log
%{_datadir}/%{name}/plugins/
%{_datadir}/%{name}/resource/
%{_datadir}/%{name}/rra
%{_datadir}/%{name}/scripts
%{_datadir}/%{name}/cli
%{_localstatedir}/lib/%{name}/scripts/*[^p]
%ghost %attr(-,cacti,apache) %{_localstatedir}/log/%{name}/
%attr(-,cacti,root) %{_localstatedir}/lib/%{name}/rra/
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/scripts/*php
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/cli/*php
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/include
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
* Fri Apr 15 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8g-1
- Update to 0.8.8g
- Improve spec file (#1302904)
* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-2
- CVE-2015-8369: SQL Injection vulnerability in graph.php
- CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
- CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-1
- Update to 0.8.8f
* Fri Jun 27 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-7
- Patches for CVE-2014-4002 Cross-site scripting vulnerability
(RHBZ #1113035)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8b-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Apr 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-5
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
(RHBZ #1084258)
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
(RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
checks allow arbitrary command execution (RHBZ #1082122)
* Fri Feb 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-4
- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
Jóhann B. Guðmundsson.
- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
- Fix rpmlint warning about spaces-to-tabs
* Wed Sep 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-3
- Fix comments in thumbnails (BZ #1004550)
* Mon Aug 26 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-2
- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)
* Wed Aug 07 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-1
- New upstream release (BZ #993042)
* Mon Jul 29 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-9
- Use %%{_pkgdocdir}, per
https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
* Sun Jul 14 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-8
- Improve security description in cacti's httpd conf (RHBZ #895823)
- Use improved treeview replacement patch (RHBZ #888207)
- rpmlint fixes
- trim RPM changelog
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Jan 08 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-6
- Add note to README.fedora about the default MySQL password
- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122)
- Add dependency on net-snmp-utils (RHBZ #893150)
* Fri Jan 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-5
- Install our README file as README.fedora
* Fri Jan 4 2013 Tom Callaway <spot@fedoraproject.org> - 0.8.8a-4
- remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jun 28 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-2
- Add plugins directory (BZ #834355)
- Drop Fedora 15 (EOL) from logrotate syntax adjustment
* Mon Apr 30 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-1
- New upstream release (BZ #817506)
- Drop upstreamed $url_path patch
* Wed Apr 11 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-3
- Patch $url_path to default to "/cacti/" (upstream bug 2217)
* Fri Apr 06 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-2
- Adjust httpd ACL conditionals to test the presence of mod_authz_core
(as discussed on fedora-devel)
* Wed Apr 04 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-1
- New upstream release (BZ #809753).
* Mon Mar 26 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-4
- Adjust ACLs to support httpd 2.4.
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7i-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 13 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-2
- Only set "su" logrotate parameter for F16 and above.
- Tweak mod_security rules.
* Mon Dec 12 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-1
- New upstream release (BZ #766573).
* Fri Nov 11 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-2
- block HTTP access to log and rra directories (#609856)
- overrides for mod_security
- set logrotate to su to cacti apache when rotating (#753079)
* Thu Oct 27 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-1
- New upstream release.
- Remove upstream'd mysql patch.
* Mon Aug 08 2011 Jon Ciesla <limb@jcomserv.net> - 0.8.7g-3
- Patch for MySQL 5.5, BZ 728513.
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7g-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jul 12 2010 Mike McGrath <mmcgrath@redhat.com> 0.8.7g-1
- Upstream released new version
* Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
- Upstream released new version
- Contains security updates #595289
* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
- Pulling in patches from upstream
- SQL injection fix
- BZ #541279
* Tue Dec 1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
- Pulling in some official patches
- #541279
- #541962
* Sun Aug 16 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-1
- Upstream released new version
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Mar 31 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 0.8.7d-3
- Fix unowned cli directory (#473631)
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Feb 21 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7d-1
- Upstream released new version
* Mon Jul 28 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-4
- Added cli directory
* Fri Jul 18 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-3
- fix my own mistake in the license tag
* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-2
- fix license tag
* Thu Feb 14 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-1
- Upstream released new version
* Fri Nov 23 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-2
- db.php is now 640 instead of 660 - #396331
* Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-1
- Upstream released new version
- Fixes for bug #391691 - CVE-2007-6035

BIN
d.gif Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
d.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.5 KiB

View File

@ -1 +0,0 @@
Too many unpatched CVEs, and upstream is close to dead. See post on fedora-devel / epel-announce.

1
sources Normal file
View File

@ -0,0 +1 @@
75f660d54152182e1dbbf0db73143098 cacti-0.8.8g.tar.gz

BIN
throbber.gif Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.8 KiB