commit cacti for openSUSE:Leap:15.2:Update
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2:Update checked in at 2020-08-08 12:16:24 Comparing /work/SRC/openSUSE:Leap:15.2:Update/cacti (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.cacti.new.3399 (New) Package is "cacti" Sat Aug 8 12:16:24 2020 rev:2 rq:824451 version:unknown Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.gTqxX9/_old 2020-08-08 12:16:39.241698279 +0200 +++ /var/tmp/diff_new_pack.gTqxX9/_new 2020-08-08 12:16:39.245698280 +0200 @@ -1 +1 @@ - +
commit cacti for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked
in at 2020-05-12 11:40:20
Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old)
and /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New)
Package is "cacti"
Tue May 12 11:40:20 2020 rev:48 rq:802742 version:1.2.12
Changes:
--- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-04-28
20:11:58.376635873 +0200
+++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes 2020-05-12
11:42:35.105028152 +0200
@@ -1,0 +2,12 @@
+Thu May 7 09:34:43 UTC 2020 - Andreas Stieger
+
+- cacti 1.2.12:
+ * CVE-2020-7106: Lack of escaping of color items can lead to XSS
+exposure (boo#1163749)
+ * Fix multiple graphing bugs and web UI issues
+ * Fix multiple warnings, PHP Exceptions and errors
+ * Content-Security-Policy prevents External Links from being opened
+ * Prevent runtime memory issues by increasing memory limit
+ * Improve SNMPv3 handling
+
+---
Old:
cacti-1.2.11.tar.gz
New:
cacti-1.2.12.tar.gz
Other differences:
--
++ cacti.spec ++
--- /var/tmp/diff_new_pack.rPpIcG/_old 2020-05-12 11:42:35.745029497 +0200
+++ /var/tmp/diff_new_pack.rPpIcG/_new 2020-05-12 11:42:35.749029505 +0200
@@ -22,7 +22,7 @@
%define cacti_dir %{apache_datadir}/cacti
%endif
Name: cacti
-Version:1.2.11
+Version:1.2.12
Release:0
Summary:Web Front-End to Monitor System Data via RRDtool
License:GPL-2.0-or-later
@@ -52,8 +52,8 @@
Conflicts: cacti-spine < %{version}
Conflicts: cacti-spine > %{version}
Provides: cacti-system
-Obsoletes: cacti-PA
-Provides: cacti-PA
+Obsoletes: cacti-PA < %{version}
+Provides: cacti-PA = %{version}
BuildArch: noarch
%if 0%{?suse_version}
BuildRequires: apache2-devel
++ cacti-1.2.11.tar.gz -> cacti-1.2.12.tar.gz ++
/work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.11.tar.gz
/work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.12.tar.gz differ: char
5, line 1
++ cacti-config.patch ++
--- /var/tmp/diff_new_pack.rPpIcG/_old 2020-05-12 11:42:35.785029581 +0200
+++ /var/tmp/diff_new_pack.rPpIcG/_new 2020-05-12 11:42:35.785029581 +0200
@@ -1,7 +1,7 @@
-Index: cacti-1.2.11/include/config.php
+Index: cacti-1.2.12/include/config.php
===
cacti-1.2.11.orig/include/config.php
-+++ cacti-1.2.11/include/config.php
+--- cacti-1.2.12.orig/include/config.php
cacti-1.2.12/include/config.php
@@ -44,17 +44,17 @@ $database_ssl_ca = '';
* must remain commented out.
*/
@@ -31,7 +31,7 @@
/*
* The poller_id of this system. set to `1` for the main cacti web server.
-@@ -69,25 +69,25 @@ $poller_id = 1;
+@@ -69,13 +69,13 @@ $poller_id = 1;
* would be set to `/cacti/`.
*/
@@ -47,12 +47,7 @@
/*
* Default Cookie domain - The cookie domain to be used for Cacti
- */
-
--$cacti_cookie_domain = 'cacti.net';
-+//$cacti_cookie_domain = 'cacti.net';
-
- /*
+@@ -87,7 +87,7 @@ $cacti_session_name = 'Cacti';
* Save sessions to a database for load balancing
*/
commit cacti for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked
in at 2020-04-28 20:11:49
Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old)
and /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New)
Package is "cacti"
Tue Apr 28 20:11:49 2020 rev:47 rq:798367 version:1.2.11
Changes:
--- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-03-02
13:26:06.618726780 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes 2020-04-28
20:11:58.376635873 +0200
@@ -1,0 +2,36 @@
+Sat Apr 11 13:03:12 UTC 2020 - Andreas Stieger
+
+- cacti 1.2.11:
+ * security fixes and hardening (boo#1169215)
++ Add SameSite support for cookies
++ Cookie should be properly verified against password
++ CSRF at Admin Email
++ Improper Access Control on disabling a user
++ Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
+ * a number of bug fixes
+ * feature additions
++ Allow system uptime to be a variable for use with graphs
++ Add Refresh Interval to Data Collectors display
++ Add Location based filtering
++ Allow for Purging of Data Source Statistics from the GUI
++ Restore ability to duplicate a data profile
++ Enhance table navigation bars to support systems with larger number of
items
++ Increase length of Graph Item 'value' field to support pango-markup
better
++ Allow Basic Auth Accounts to be mapped by CSV file
++ Make form elements under checkbox_groups flow using flex grid style
++ Set the domain attribute to secure cookies for the 'remember me' option
++ Enhance the "Graph Debug Mode" to display RRDtool Command lengths and
excess warnings
+
+---
+Sun Mar 15 16:44:23 UTC 2020 - Paolo Stivanin
+
+- cacti 1.2.10:
+ * CVE-2020-8813: when guest users have access to realtime graphs,
+remote code could be executed (boo#1164675)
+ * When using User Domains, global template user is used instead of
+the configured domain template user
+ * Unix timestamps after Sep 13 2020 are rejected as graph start/end
+arguments
+ * many bug fixes
+
+---
Old:
cacti-1.2.9.tar.gz
New:
cacti-1.2.11.tar.gz
Other differences:
--
++ cacti.spec ++
--- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.324637842 +0200
+++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.328637850 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cacti
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
%define cacti_dir %{apache_datadir}/cacti
%endif
Name: cacti
-Version:1.2.9
+Version:1.2.11
Release:0
Summary:Web Front-End to Monitor System Data via RRDtool
License:GPL-2.0-or-later
++ cacti-1.2.9.tar.gz -> cacti-1.2.11.tar.gz ++
/work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.9.tar.gz
/work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.11.tar.gz differ: char
5, line 1
++ cacti-config.patch ++
--- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.380637958 +0200
+++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.380637958 +0200
@@ -1,6 +1,8 @@
cacti-1.2.3/include/config.php.old 2019-04-01 10:03:02.728491693 +0200
-+++ cacti-1.2.3/include/config.php 2019-04-01 10:09:33.589795006 +0200
-@@ -44,17 +44,17 @@
+Index: cacti-1.2.11/include/config.php
+===
+--- cacti-1.2.11.orig/include/config.php
cacti-1.2.11/include/config.php
+@@ -44,17 +44,17 @@ $database_ssl_ca = '';
* must remain commented out.
*/
@@ -29,7 +31,7 @@
/*
* The poller_id of this system. set to `1` for the main cacti web server.
-@@ -69,19 +69,19 @@
+@@ -69,25 +69,25 @@ $poller_id = 1;
* would be set to `/cacti/`.
*/
@@ -44,6 +46,13 @@
+//$cacti_session_name = 'Cacti';
/*
+ * Default Cookie domain - The cookie domain to be used for Cacti
+ */
+
+-$cacti_cookie_domain = 'cacti.net';
++//$cacti_cookie_domain = 'cacti.net';
+
+ /*
* Save sessions to a database for load balancing
*/
commit cacti for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked in at 2020-03-02 13:25:59 Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old) and /work/SRC/openSUSE:Leap:15.2/.cacti.new.26092 (New) Package is "cacti" Mon Mar 2 13:25:59 2020 rev:46 rq:780760 version:1.2.9 Changes: --- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-01-15 14:49:14.985372412 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.26092/cacti.changes 2020-03-02 13:26:06.618726780 +0100 @@ -1,0 +2,700 @@ +Sat Feb 15 18:46:00 UTC 2020 - Andreas Stieger + +- cacti 1.2.9: + * CVE-2020-7106: Lack of escaping on some pages could lead to XSS +exposure (boo#1161297) + * CVE-2020-7237: Remote Code Execution due to input validation +failure in Performance Boost Debug Log (boo#1161297) + * many bug fixes + +--- +Sun Feb 2 17:10:52 UTC 2020 - Andreas Stieger + +- cacti 1.2.8: + * CVE-2019-17357: When viewing graphs, some input variables were +not properly checked (SQL injection possible) [boo#1158990] + * CVE-2019-17358: Unsafe deserialisation of data [boo#1158992] + * When using HTTPS, secure cookie to prevent potential weakness + * various bug fixes + +--- +Thu Oct 17 15:13:04 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + +--- +Mon Sep 30 05:52:15 UTC 2019 - David Liedke + +-Build version 1.2.7 + -security#2964: CVE-2019-16723 Security issue allows to view all graphs + -issue#1181: When opening the Scheduler, it may appear off screen when + opened near the bottom of a window + -issue#2894: When using Remote Data Collectors, database information and + recommendations may show Incorrect values + -issue#2895: When using data sources from different RRDs, Percentile + calculation may be incorrect + -issue#2899: When displaying a form, variable substitution may not always + work as expected + -issue#2922: When running a data query, the result may come back as undefined + -issue#2925: When using consolidation functions, retrieving the first step + can cause errors + -issue#2926: When editing a graph, variable validation errors may prevent + changes from being saved + -issue#2929: Boost performance may become poor even in single server mode + -issue#2930: RRDtool can generate errors to standard output which can corrupt images + -issue#2932: When RRDTool generates an error creating an image, it is not + always reportedly properly + -issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit + -issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect + location for DB upgrade scripts + -issue#2940: Images are not always properly sized until the page size changes + -issue#2949: Order icons may not be properly aligned + -issue#2951: Allow legends to be modified for Aggregate Graphs + -issue#2958: Drop down autocomplete lists do not always open as expected + -issue#2961: When syncing device templates, undefined function may be raised + -issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime + -issue#2966: Realtime popup windows do not always honor settings + -issue#2967: When using Spikekill, gap and range fill are not operating as expected + -issue#2970: When a user edits their profile, buttons may appear as unusable whilst + still being enabled + -issue#2973: User menu does not always display properly on mobile devices + -issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' + set but not found in data source + -issue#2975: Datasource Debug does not properly handle European numbers in + certain circumstances + -issue#2976: Boost messages should be stored in their own log file + -issue#2977: Data updates with past timestamps can cause boost errors + -issue#2978: Moving hosts between data collectors is slow + -issue#2979: Multi Output Fields are not parsed correctly + -issue#2984: When checking SQL fields, value was not always primed + -issue#2986: Selecting 'Devices' menu pick closes 'Management' menu + -feature#2943: Allow all Data Queries of a device to be re-indexed at once + -feature#2952: If device is down or threshold breached, highlight in tree view + -feature#2985: Update phpseclib to 2.0.23 + +--- +Mon Sep 2 12:24:33 UTC 2019 - David Liedke + +-Build version 1.2.6 + -issue#2794: Graph template not saved on graph edit + -issue#2825: "innodb_doublewrite = off" possibly dangerous recommendation +
