Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cacti for openSUSE:Factory checked 
in at 2023-09-06 18:59:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cacti (Old)
 and      /work/SRC/openSUSE:Factory/.cacti.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cacti"

Wed Sep  6 18:59:29 2023 rev:46 rq:1109188 version:1.2.25

Changes:
--------
--- /work/SRC/openSUSE:Factory/cacti/cacti.changes      2023-02-28 
12:49:23.924759542 +0100
+++ /work/SRC/openSUSE:Factory/.cacti.new.1766/cacti.changes    2023-09-06 
19:03:46.151484903 +0200
@@ -1,0 +2,103 @@
+Wed Sep  6 06:06:32 UTC 2023 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- cacti 1.2.25 (boo#1215024):
+  * Protect against Insecure deserialization of filter data
+  * Protect against Cross-Site Scripting vulnerability when creating new graphs
+  * Protect against Unauthenticated SQL Injection when viewing graphs
+  * Protect against SQL Injection when saving data with sql_save()
+  * Protect against Authenticated command injection when using SNMP options
+  * Protect against Authenticated SQL injection vulnerability when managing 
graphs
+  * Protect against Authenticated SQL injection vulnerability when managing 
reports
+  * Protect against SQL Injection when using regular expressions
+  * Protect against Open redirect in change password functionality
+  * Protect against Cross-Site Scripting vulnerability with Device Name when 
managing Data Sources
+  * Protect against Cross-Site Scripting vulnerability with Device Name when 
administrating Reports
+  * Protect against Cross-Site Scripting vulnerability with Device Name when 
editing Graphs whilst managing Reports
+  * Protect against Cross-Site Scripting vulnerability with Device Name when 
managing Data Sources
+  * Protect against Cross-Site Scripting vulnerability with Device Name when 
debugging data queries
+  * Protect against Cross-Site Scripting vulnerability with Data Source Name 
when managing Graphs
+  * Protect against Cross-Site Scripting vulnerability with Data Source Name 
when debugging Data Queries
+  * Protect against Cross-Site Scripting vulnerability with Data Source 
Information when managing Data Sources
+  * When rebuilding the Poller Cache from command line, allow it to be 
multi-threaded
+  * When searching tree or list views, the URL does not update after changes
+  * When creating a Data Source Template with a specific snmp port, the port 
is not always applied
+  * When a Data Query references a file, the filename should be trimmed to 
remove spurious spaces
+  * THold plugin may not always install or upgrade properly
+  * RRD file structures are not always updated properly, if there are more 
Data Sources in the Data Template than the Graph Template
+  * When reindexing devices, errors may sometimes be shown
+  * Boost may loose data when the database server is overloaded
+  * Boost can sometimes output unexpected or invalid values
+  * Boost should not attempt to start if there are no items to process
+  * Rebuilding the poller cache does not always work as expected
+  * Host CPU items may not work poll as expected when on a remote data 
collector where hmib is also enabled
+  * When creating new graphs, invalid offset errors may be generated
+  * When importing packages, SQL errors may be generated
+  * When managing plugins from command line, the --plugin option is not 
properly handled
+  * When automating an install of Cacti, error messages can be appear
+  * When performing automated install of a plugin, warnings can be thrown
+  * Automation references the wrong table name causing errors
+  * Data Source Info Mode produces invalid recommendations
+  * Data Source Debug 'Run All' generates too many log messages
+  * The description of rebuild poller cache in utilities does not display 
properly
+  * When reindexing a device, debug information may not always display properly
+  * Upon displaying a form with errors, the session error fields variable 
isn't cleared
+  * MariaDB clusters will no longer support exclusive locks
+  * RRDtool can fail to update when sources in Data Template and Graph 
Template data sources do not match
+  * Compatibility improvements for Boost under PHP 8.x
+  * When searching the tree, increase the time before querying for items
+  * Device Location drop down does not always populate correctly
+  * When viewing Realtime graphs, undefined variable errors may be reported
+  * SNMP Uptime is not always ignored for spikekills
+  * Improve detection of downed Devices
+  * When reporting missing functions from Plugins, ensure messages do not 
occur too often
+  * When starting the Cacti daemon, database errors may be reported when there 
is no problem
+  * When reporting from RRDcheck, ensure prefix is in the correct casing
+  * Improve Orphaned Data Source options and display
+  * Parsing the PHP Configuration may sometimes produce errors
+  * Security processes attempt to check for a user lockout even if there is no 
user logged in
+  * When attempting to edit a tree, the search filter for Graphs remains 
disabled
+  * When reindexing, a Data Source that could be un-orphaned may not always be 
unorphaned
+  * When parsing a date value, there could be more than 30 chars
+  * Untemplated Data Sources can fail to update due to lack of an assigned 
Graph
+  * When processing items to check, do not include disabled hosts
+  * When saving a Data Source Template, SQL errors may be reported
+  * When importing a Template, errors may be recorded
+  * Some display strings have invalid formatting that cannot be parsed
+  * When filtering with regular expressions, the 'does not match' option does 
not always function as expected
+  * When enabling a plugin, sometimes it can appear as if nothing happens
+  * Ensure the Rows Per Page option shows limitations set by configuration
+  * Plugins are unable to modify fields in the setting 'Change Device Settings'
+  * When reporting emails being sent, ensure BCC addresses are also included
+  * Improve compatibility of SNMP class trim handling under PHP 8.x
+  * When importing legacy Data Query Templates, the Template can become 
unusable
+  * Provide ability to raise an event when extending the settings form
+  * Prevent unsupported SQL Mode flags from being set
+  * The DSStats summary does not always display expected values
+  * When performing a fresh install, device classification may be missing.
+  * Duplication functions for Graph/Template and Data Source/Template do not 
return and id
+  * Duplication of Device Templates should be an API call
+  * Unable to convert database to latin1 instead of utf8 if desired
+  * When creating Graphs, the process may become slower over time as more 
items exist
+  * When a bulk walk size is set to automatic, this is not always set to the 
optimal value
+  * Update copyright notice on import packages
+  * When viewing Orphan Graphs, SQL errors may be reported
+  * When reindexing hosts from command line, ensure only one process runs at 
once
+  * When a Data Query has no Graphs, it may not be deletable
+  * When duplicating a Graph Template, provide an option to not duplicate Data 
Query association
+  * When duplicating a Data Template errors can appear in the Cacti log
+  * When importing a Package, previewing makes unexpected changes to Cacti 
Templates
+  * When enabling boost on a fresh install, an error may be reported
+  * Improve compatibility for backtrace logging under PHP 8.x
+  * Improve compatibility for Advanced Ping under PHP 8.x
+  * Provide new templates for Fortigate and Aruba Cluster to be available 
during install
+  * Provide new template for SNMP Printer to be available during install
+  * When importing devices, allow a device classification to be known
+  * Extend length of maximum name in settings table
+  * Extend length of maximum name in user settings table
+  * Data Queries do not have a Duplication function
+  * Upgrade d3.js v7.8.2 and billboard.js v3.7.4
+  * Upgrade ua-parser.js to version 1.0.35
+  * Update Cisco Device Template to include HSRP graph template
+  * New hook for device template change 'device_template_change'
+
+-------------------------------------------------------------------

Old:
----
  cacti-1.2.24.tar.gz

New:
----
  cacti-1.2.25.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cacti.spec ++++++
--- /var/tmp/diff_new_pack.PxK4uu/_old  2023-09-06 19:03:47.803543796 +0200
+++ /var/tmp/diff_new_pack.PxK4uu/_new  2023-09-06 19:03:47.807543938 +0200
@@ -28,13 +28,13 @@
 %bcond_with systemd
 %endif
 Name:           cacti
-Version:        1.2.24
+Version:        1.2.25
 Release:        0
 Summary:        Web Front-End to Monitor System Data via RRDtool
 License:        GPL-2.0-or-later
 Group:          System/Monitoring
 URL:            https://www.cacti.net/
-Source0:        https://www.cacti.net/downloads/%{name}-%{version}.tar.gz
+Source0:        http://files.cacti.net/cacti/linux/%{name}-%{version}.tar.gz
 Source1:        %{name}.cron
 Source2:        %{name}-httpd.conf
 Source3:        %{name}.logrotate

++++++ cacti-1.2.24.tar.gz -> cacti-1.2.25.tar.gz ++++++
/work/SRC/openSUSE:Factory/cacti/cacti-1.2.24.tar.gz 
/work/SRC/openSUSE:Factory/.cacti.new.1766/cacti-1.2.25.tar.gz differ: char 29, 
line 1

Reply via email to