subject:"\[gentoo\-commits\] repo\/gentoo\:master commit in\: net\-analyzer\/cacti\/, net\-analyzer\/cacti\/files\/"

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/cacti/, net-analyzer/cacti/files/

2021-10-17 Thread John Helmert III

commit: 8d752c75f06d85b2eeceb3770f27484ca7bd2df1
Author: John Helmert III  gentoo  org>
AuthorDate: Sun Oct 17 20:07:19 2021 +
Commit: John Helmert III  gentoo  org>
CommitDate: Sun Oct 17 20:36:42 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d752c75

net-analyzer/cacti: drop 1.2.16-r1

Bug: https://bugs.gentoo.org/765022
Signed-off-by: John Helmert III  gentoo.org>

 net-analyzer/cacti/Manifest|   1 -
 net-analyzer/cacti/cacti-1.2.16-r1.ebuild  |  54 
 .../cacti/files/cacti-1.2.16-CVE-2020-35701.patch  |  29 --
 .../cacti/files/cacti-1.2.16-XSS-issue-4019.patch  | 360 -
 4 files changed, 444 deletions(-)

diff --git a/net-analyzer/cacti/Manifest b/net-analyzer/cacti/Manifest
index 8d2399500a5..b8685c4f777 100644
--- a/net-analyzer/cacti/Manifest
+++ b/net-analyzer/cacti/Manifest
@@ -1,2 +1 @@
-DIST cacti-1.2.16.tar.gz 29197220 BLAKE2B 
19939d0ff79c895b481aeb7ffec8331d8b9c10a6b7e0dbda6532e06ef0322f21cf02f4bf53a9522e1f672dd04b343f5550e2f34f08b3af2050e1f72465cffc43
 SHA512 
fe22acf4dea8ab6ec79825d66a84ad4c43fdce2815e7327536d182bc04400ed7b1d268209bbbca8b307c4779ee5bf7369a617ec1f052d8805757c2ca9b30cc35
 DIST cacti-1.2.17.tar.gz 38344112 BLAKE2B 
e555fc99560d10e94181c38b50e6f839532fb3dc66ff688b36a7efd10c15304e7636c9b4b483763fcea751317bcb283bb2bd8f813d5759c98aed6bbf02fd256a
 SHA512 
94ae75b2494a91c536906c7bbeaa948d16c7ad96ed3a62c1eb21175f92c01787c6849960bbc791e04b3df46edbfd3cd787eb825bb423ce0814c0904edb2c915d

diff --git a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild 
b/net-analyzer/cacti/cacti-1.2.16-r1.ebuild
deleted file mode 100644
index 78185ebd73d..000
--- a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit edos2unix webapp
-
-# Support for _p* in version.
-MY_P=${P/_p*/}
-
-DESCRIPTION="Cacti is a complete frontend to rrdtool"
-HOMEPAGE="https://www.cacti.net/;
-SRC_URI="https://www.cacti.net/downloads/${MY_P}.tar.gz;
-
-LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ppc ~ppc64 sparc x86"
-IUSE="snmp doc"
-
-need_httpd
-
-RDEPEND="
-   dev-lang/php[cli,mysql,pdo,session,sockets,xml]
-   dev-php/adodb
-   net-analyzer/rrdtool[graph]
-   virtual/cron
-   snmp? ( >=net-analyzer/net-snmp-5.2.0 )
-"
-
-PATCHES=(
-   "${FILESDIR}/${P}-CVE-2020-35701.patch"
-   "${FILESDIR}/${P}-XSS-issue-4019.patch"
-)
-
-src_compile() { :; }
-
-src_install() {
-   dodoc CHANGELOG
-   dodoc -r docs
-   mv docs .. || die
-
-   webapp_src_preinst
-
-   edos2unix `find -type f -name '*.php'`
-
-   dodir ${MY_HTDOCSDIR}
-   cp -r . "${ED}"${MY_HTDOCSDIR}
-
-   webapp_serverowned ${MY_HTDOCSDIR}/rra
-   webapp_serverowned ${MY_HTDOCSDIR}/log
-   webapp_configfile ${MY_HTDOCSDIR}/include/config.php
-   webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
-
-   webapp_src_install
-}

diff --git a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch 
b/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
deleted file mode 100644
index f55b7b0a40d..000
--- a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://bugs.gentoo.org/765019
-https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
-
-From 565e0604a53f4988dc5b544d01f4a631eaa80d82 Mon Sep 17 00:00:00 2001
-From: TheWitness 
-Date: Thu, 24 Dec 2020 10:39:50 -0500
-Subject: [PATCH] Fixing Issue #4022
-
-SQL Injection in data_debug.php
 a/data_debug.php
-+++ b/data_debug.php
-@@ -35,6 +35,8 @@
- 
- set_default_action();
- 
-+validate_request_vars();
-+
- switch (get_request_var('action')) {
-   case 'actions':
-   form_actions();
-@@ -123,8 +125,6 @@
- 
-   break;
-   default:
--  validate_request_vars();
--
-   $refresh = array(
-   'seconds' => get_request_var('refresh'),
-   'page'=> 'data_debug.php?header=false',

diff --git a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch 
b/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch
deleted file mode 100644
index 1f09e572c86..000
--- a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch
+++ /dev/null
@@ -1,360 +0,0 @@
-https://github.com/Cacti/cacti/issues/4019
-
-From ef10fe1c340ed932dc18b6a566b21f9dd15933c2 Mon Sep 17 00:00:00 2001
-From: TheWitness 
-Date: Wed, 23 Dec 2020 16:33:27 -0500
-Subject: [PATCH] Fixing Issue #4019
-
-* In a recent audit of core Cacti code, there were a few stored XSS issues 
that can be exposed
-* Also removed a few spurious title_trims, that should no longer be a problem.
 a/automation_devices.php
-+++ b/automation_devices.php
-@@ -485,7 +485,7 @@ function draw_filter() {
-$name) {
--

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/cacti/, net-analyzer/cacti/files/

2016-02-01 Thread Jeroen Roovers

commit: aa240655c683eb070932a40e3b0773be307603bf
Author: Jeroen Roovers  gentoo  org>
AuthorDate: Tue Feb  2 05:10:43 2016 +
Commit: Jeroen Roovers  gentoo  org>
CommitDate: Tue Feb  2 05:10:43 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa240655

net-analyzer/cacti: Add upstream patch for CVE-2015-8369 (bug #568400).

Package-Manager: portage-2.2.27

 net-analyzer/cacti/cacti-0.8.8f-r1.ebuild  |  62 +++
 .../cacti/files/cacti-0.8.8f-CVE-2015-8369.patch   | 204 +
 2 files changed, 266 insertions(+)

diff --git a/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild 
b/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild
new file mode 100644
index 000..782f241
--- /dev/null
+++ b/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils webapp
+
+# Support for _p* in version.
+MY_P=${P/_p*/}
+
+DESCRIPTION="Cacti is a complete frontend to rrdtool"
+HOMEPAGE="http://www.cacti.net/;
+SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz;
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="snmp doc"
+
+need_httpd
+
+RDEPEND="
+   dev-lang/php[cli,mysql,session,sockets,xml]
+   dev-php/adodb
+   net-analyzer/rrdtool[graph]
+   virtual/cron
+   virtual/mysql
+   snmp? ( >=net-analyzer/net-snmp-5.2.0 )
+"
+
+src_prepare() {
+   epatch "${FILESDIR}"/${P}-CVE-2015-8369.patch
+
+   sed -i -e \
+   's:$config\["library_path"\] . 
"/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \
+   "${S}"/include/global.php || die
+
+   rm -rf lib/adodb || die # don't use bundled adodb
+}
+
+src_compile() { :; }
+
+src_install() {
+   webapp_src_preinst
+
+   rm LICENSE README || die
+   dodoc docs/{CHANGELOG,CONTRIB,README,txt/manual.txt}
+   use doc && dohtml -r docs/html/
+   rm -rf docs
+
+   edos2unix `find -type f -name '*.php'`
+
+   dodir ${MY_HTDOCSDIR}
+   cp -r . "${D}"${MY_HTDOCSDIR}
+
+   webapp_serverowned ${MY_HTDOCSDIR}/rra
+   webapp_serverowned ${MY_HTDOCSDIR}/log/cacti.log
+   webapp_configfile ${MY_HTDOCSDIR}/include/config.php
+   webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
+
+   webapp_src_install
+}

diff --git a/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch 
b/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch
new file mode 100644
index 000..2019a61
--- /dev/null
+++ b/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch
@@ -0,0 +1,204 @@
+--- a/graph.php
 b/graph.php
+@@ -32,43 +32,43 @@
+ 
+ api_plugin_hook_function('graph');
+ 
+-include_once("./lib/html_tree.php");
+-include_once("./include/top_graph_header.php");
+-
+ /* = input validation = */
+-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
+-input_validate_input_number(get_request_var("local_graph_id"));
+-input_validate_input_number(get_request_var("graph_end"));
+-input_validate_input_number(get_request_var("graph_start"));
++input_validate_input_regex(get_request_var_request("rra_id"), 
"^([0-9]+|all)$");
++input_validate_input_number(get_request_var_request("local_graph_id"));
++input_validate_input_number(get_request_var_request("graph_end"));
++input_validate_input_number(get_request_var_request("graph_start"));
+ input_validate_input_regex(get_request_var_request("view_type"), 
"^([a-zA-Z0-9]+)$");
+ /*  */
+ 
+-if (!isset($_GET['rra_id'])) {
+-  $_GET['rra_id'] = 'all';
++include_once("./lib/html_tree.php");
++include_once("./include/top_graph_header.php");
++
++if (!isset($_REQUEST['rra_id'])) {
++  $_REQUEST['rra_id'] = 'all';
+ }
+ 
+-if ($_GET["rra_id"] == "all") {
++if ($_REQUEST["rra_id"] == "all") {
+   $sql_where = " where id is not null";
+ }else{
+-  $sql_where = " where id=" . $_GET["rra_id"];
++  $sql_where = " where id=" . $_REQUEST["rra_id"];
+ }
+ 
+ /* make sure the graph requested exists (sanity) */
+-if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where 
local_graph_id=" . $_GET["local_graph_id"]))) {
++if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where 
local_graph_id=" . $_REQUEST["local_graph_id"]))) {
+   print "GRAPH DOES NOT 
EXIST"; exit;
+ }
+ 
+ /* take graph permissions into account here, if the user does not have 
permission
+ give an "access denied" message */
+ if (read_config_option("auth_method") != 0) {
+-  $access_denied = !(is_graph_allowed($_GET["local_graph_id"]));
++  $access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"]));
+ 
+   if ($access_denied == true) {
+   print "ACCESS 
DENIED"; exit;
+   }
+ }
+ 
+-$graph_title = get_graph_title($_GET["local_graph_id"]);
++$graph_title =

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/cacti/, net-analyzer/cacti/files/

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/cacti/, net-analyzer/cacti/files/

2 matches

Site Navigation

Mail list logo

Footer information