Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2015-06-17 16:16:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2015-03-05 18:17:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.cacti.new/cacti.changes 2015-06-17 16:16:22.000000000 +0200 @@ -1,0 +2,33 @@ +Tue Jun 16 13:21:16 UTC 2015 - [email protected] + +- Update to version 0.8.8d + - Fixes [bnc#934187] + - CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities + - feature: Remove un-needed fonts and javascript files + - bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540 + - bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors + - bug#0002391: Odd Behaviour on ReIndex of Data Query Data + - bug#0002393: Broken thumbnail images for graph templates + - bug#0002402: Subtree must not have the same header as the parent header + - bug#0002474: CLI add_device.php dows not set availability_method correctly + - bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag + - bug#0002428: Fail to delete all data input items when removing more than 1000 data sources + - bug#0002439: Password with special character don't work with LDAP authentication + - bug#0002461: invalid bn with ldap and anonymous bind + - bug#0002465: Graph Export return empty CSV file + - bug#0002484: Incorrect SQL request in cli script repair_database.php + - bug#0002485: Broken pagenation on graph viewing + - bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time + - bug#0002490: Can not select page for multiple datasources per device + - bug#0002494: CSV export always shows last day + - bug#0002504: Data template search not functional + - bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification + - bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation + - bug#0002544: Duplicate entry in $nav_url during list view + - bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342 + - bug#0002572: SQL injection in graph templates +- Renamed two patch files, to a more generic name: + - cacti-0.8.8c-cacti-log-path.patch to cacti-log-path.patch + - cacti-0.8.8c-cacti-script.patch to cacti-script.patch + +------------------------------------------------------------------- Old: ---- cacti-0.8.8c-cacti-log-path.patch cacti-0.8.8c-cacti-script.patch cacti-0.8.8c.tar.gz New: ---- cacti-0.8.8d.tar.gz cacti-log-path.patch cacti-script.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.U2RVGE/_old 2015-06-17 16:16:22.000000000 +0200 +++ /var/tmp/diff_new_pack.U2RVGE/_new 2015-06-17 16:16:22.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package cacti # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: cacti -Version: 0.8.8c +Version: 0.8.8d Release: 0.0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0+ @@ -32,9 +32,9 @@ Source6: %{name}-httpd.conf.nonsuse Source7: %{name}.cron.new # PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-log-path.patch -Patch0: %{name}-%{version}-cacti-log-path.patch +Patch0: cacti-log-path.patch # PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-script.patch -Patch1: %{name}-%{version}-cacti-script.patch +Patch1: cacti-script.patch Provides: cacti-system %if 0%{?suse_version} BuildRequires: apache2-devel ++++++ cacti-0.8.8c.tar.gz -> cacti-0.8.8d.tar.gz ++++++ ++++ 14834 lines of diff (skipped) ++++++ cacti-0.8.8c-cacti-log-path.patch -> cacti-log-path.patch ++++++ ++++++ cacti-0.8.8c-cacti-script.patch -> cacti-script.patch ++++++
