Ken Dreyer
068065e6ac
update %changelog for unresolved CVE-2014-2327
...
CVE-2014-2327, missing CSRF token, is not yet resolved. It is still
tracked at RHBZ #1082122 .
Tony Roman <troman@cacti.net> wrote at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 :
"As for CVE-2014-2327 Cross Site Request Forgery Vulnerability, I'm still
working on a solution. I have some limited time this weekend to work on
this fix. But I will be on the west coast for business this next week
and will have time at night to work on this fix."
2014-04-07 19:10:14 -05:00
Ken Dreyer
e04c03e57b
patchs for CVEs
...
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
(RHBZ #1084258 )
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
(RHBZ #1084258 )
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122 )
- Patch for CVE-2014-2327 missing CSRF token (RHBZ #1082122 )
- Patch for CVE-2014-2328 use of exec-like function calls without safety
checks allow arbitrary command execution (RHBZ #1082122 )
2014-04-07 18:59:02 -05:00
Ken Dreyer
3badc5cd12
cron and systemd adjustments
...
- Move cron to a separate file, and require crontabs (RHBZ #947047 ).
- Update for systemd (RHBZ #947047 ).
Thanks Jóhann B. Guðmundsson <johannbg@fedoraproject.org> for both
fixes.
- Replace tab with spaces to satisfy rpmlint.
2014-02-06 21:43:15 -07:00
Ken Dreyer
88983c1129
correct my email address in %changelog
...
Not sure how I could have missed that one...
2014-01-15 18:44:05 -07:00
Ken Dreyer
b0f42c247c
fix comments in thumbnails (BZ #1004550 )
2013-09-08 15:09:23 -06:00
Ken Dreyer
fa1f26bd89
Patch for CVE-2013-5588 and CVE-2013-5589
...
See RHBZ #1000860
2013-08-27 16:37:48 -06:00
Ken Dreyer
8f7fb93344
update to cacti 0.8.8b (BZ #993042 )
2013-08-07 10:54:40 -06:00
Ken Dreyer
98a77a5ffd
use %{_pkgdocdir}
...
Use %{_pkgdocdir}, per
https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
2013-07-29 09:35:39 -06:00
Ken Dreyer
a072f796b9
cacti-0.8.8a-8
2013-07-14 15:45:36 -06:00
Ken Dreyer
679597de71
rpmlint fixes
...
- Remove macros from comments
- Add empty %build
- Trim changelog (removes several bogus calendar dates)
2013-07-14 15:44:20 -06:00
Ken Dreyer
2f786b81b3
use improved treeview replacement patch (RHBZ #888207 )
2013-07-14 15:37:56 -06:00
Ken Dreyer
091a542874
improve security description in cacti's httpd conf (RHBZ #895823 )
2013-07-14 15:37:44 -06:00
Dennis Gilmore
83475f1909
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
2013-02-13 12:12:04 -06:00
Ken Dreyer
d6dd104212
bump release to -6 (missed in previous commit)
2013-01-08 11:09:02 -07:00
Ken Dreyer
2562be05a2
add net-snmp-utils dependency, and doc updates
...
- Add note to README.fedora about the default MySQL password
- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122 )
- Add dependency on net-snmp-utils (RHBZ #893150 )
2013-01-08 11:04:22 -07:00
Ken Dreyer
7b883b2ad6
Install our README file as README.fedora
2013-01-04 15:02:21 -07:00
Ken Dreyer
40b655a3bb
Merge branch 'f18'
2013-01-04 15:00:36 -07:00
Tom Callaway
4565a5415c
helps when you commit the patches
2013-01-04 16:43:56 -05:00
Tom Callaway
abf8431774
helps when you commit the patches
2013-01-04 16:42:49 -05:00
Tom Callaway
07bcd801e7
remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
2013-01-04 16:20:06 -05:00
Tom Callaway
93f833c290
remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
2013-01-04 16:17:28 -05:00
Dennis Gilmore
e000f43027
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-18 13:32:12 -05:00
Ken Dreyer
08df79d670
Add plugins directory (BZ #834355 )
...
- Drop Fedora 15 (EOL) from logrotate syntax adjustment
2012-06-28 07:30:31 -06:00
Ken Dreyer
51c056ef13
New upstream release (BZ #817506 )
...
- Drop upstreamed $url_path patch
2012-04-30 11:08:11 -06:00
Ken Dreyer
77c72073c0
Patch $url_path to default to "/cacti/" (upstream bug 2217)
2012-04-11 13:15:13 -06:00
Ken Dreyer
12e71f16d6
Adjust httpd ACL conditionals to test the presence of mod_authz_core
...
(as discussed on fedora-devel)
2012-04-06 09:59:08 -06:00
Ken Dreyer
99b73ddc76
version 0.8.8
2012-04-04 08:03:42 -06:00
Ken Dreyer
13cc69b855
New upstream release (BZ #809753 ).
2012-04-04 08:01:37 -06:00
Ken Dreyer
596e3b76f5
Adjust ACLs to support httpd 2.4.
2012-03-26 20:14:52 -06:00
Dennis Gilmore
ce61e26e6b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-12 17:00:08 -06:00
Ken Dreyer
5e3850df61
conditionally set "su" logrotate parameter
...
Also, correct that pesky changelog date.
2011-12-13 09:31:24 -07:00
Ken Dreyer
0132c8f8b0
tweak mod_security rules
...
Unfortunately, when Apache includes conf.d/*, the "c" in cacti.conf
comes before "m" in mod_security.conf. This means we can't use the
IfModule directive here to detect the installation of mod_security.
Remove the IfModule section, and just provide instructions to users.
Users will have to manually un-comment the two mod_security overrides.
(Better than nothing.)
2011-12-12 11:42:24 -07:00
Ken Dreyer
6e9a19a762
Document RH bugzilla entry for 0.8.7i
2011-12-12 08:01:54 -07:00
Ken Dreyer
ee43a40ca0
update to 0.8.7i
2011-12-12 07:56:41 -07:00
Ken Dreyer
0b76934562
correct changelog date
2011-11-11 09:18:00 -07:00
Ken Dreyer
0cbd12b67a
add forgotten changelog entries
...
These changes were made in 236450ca
and 75b8883b
, but not recored in the RPM changelog.
2011-11-11 09:02:26 -07:00
Ken Dreyer
77ee32e40c
update logrotate to use su ( #753079 )
2011-11-11 08:55:46 -07:00
Ken Dreyer
75b8883bd9
add mod_security overrides
...
mod_security blocks a cacti upgrade procedure. Override and document
the two rules that cause problems. This could probably be tightened
down to apply only to the "install" directory.
2011-10-27 20:52:18 -06:00
Ken Dreyer
236450cab3
block HTTP access to log and rra directories (BZ #609856 )
2011-10-27 16:46:35 -06:00
Ken Dreyer
8647659f14
rm another merge artifact
2011-10-27 12:52:10 -06:00
Ken Dreyer
f2fab19e54
rm merge artifacts
...
These files were an artifact of merging all the branches
together in git.
2011-10-27 12:45:24 -06:00
Ken Dreyer
fe9c79ca92
Merge branch 'el6'
2011-10-27 12:41:57 -06:00
Ken Dreyer
89f0d5e3cd
Merge branch 'el5'
2011-10-27 12:41:55 -06:00
Ken Dreyer
c70dd17de2
Merge branch 'master' into el6
...
Conflicts:
.gitignore
cacti.spec
sources
2011-10-27 12:40:14 -06:00
Ken Dreyer
3336efd173
Merge branch 'master' into el5
...
Conflicts:
.gitignore
cacti.spec
2011-10-27 12:37:56 -06:00
Ken Dreyer
ea94628ff0
Merge branch 'master' into el4
...
Conflicts:
.gitignore
cacti.spec
sources
2011-10-27 12:32:41 -06:00
Ken Dreyer
355ddffde4
update to 0.8.7h
2011-10-27 12:17:56 -06:00
Ken Dreyer
d154b2d79a
update to 0.8.7h
...
Update to latest upstream.
Symlink for /usr/share/cacti/cli is needed for the upgrade process.
RHBZ #748451
2011-10-24 09:10:32 -06:00
Jon Ciesla
95142bf2bb
MySQL 5.5 fix.
2011-08-08 11:41:48 -05:00
Ken Dreyer
49c521fe5b
properly bump release
...
Bump the digit after the dist tag, per the Fedora packaging guidelines.
Probably doesn't matter much for EPEL, since upgrades from EL5 -> EL6
are not supported, but hey, might as well be consistent.
2011-05-26 23:10:19 -06:00