commit cacti for openSUSE:Leap:15.2:Update
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2:Update checked in at 2020-08-08 12:16:24 Comparing /work/SRC/openSUSE:Leap:15.2:Update/cacti (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.cacti.new.3399 (New) Package is "cacti" Sat Aug 8 12:16:24 2020 rev:2 rq:824451 version:unknown Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.gTqxX9/_old 2020-08-08 12:16:39.241698279 +0200 +++ /var/tmp/diff_new_pack.gTqxX9/_new 2020-08-08 12:16:39.245698280 +0200 @@ -1 +1 @@ - +
commit cacti for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked in at 2020-05-12 11:40:20 Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old) and /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New) Package is "cacti" Tue May 12 11:40:20 2020 rev:48 rq:802742 version:1.2.12 Changes: --- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-04-28 20:11:58.376635873 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes 2020-05-12 11:42:35.105028152 +0200 @@ -1,0 +2,12 @@ +Thu May 7 09:34:43 UTC 2020 - Andreas Stieger + +- cacti 1.2.12: + * CVE-2020-7106: Lack of escaping of color items can lead to XSS +exposure (boo#1163749) + * Fix multiple graphing bugs and web UI issues + * Fix multiple warnings, PHP Exceptions and errors + * Content-Security-Policy prevents External Links from being opened + * Prevent runtime memory issues by increasing memory limit + * Improve SNMPv3 handling + +--- Old: cacti-1.2.11.tar.gz New: cacti-1.2.12.tar.gz Other differences: -- ++ cacti.spec ++ --- /var/tmp/diff_new_pack.rPpIcG/_old 2020-05-12 11:42:35.745029497 +0200 +++ /var/tmp/diff_new_pack.rPpIcG/_new 2020-05-12 11:42:35.749029505 +0200 @@ -22,7 +22,7 @@ %define cacti_dir %{apache_datadir}/cacti %endif Name: cacti -Version:1.2.11 +Version:1.2.12 Release:0 Summary:Web Front-End to Monitor System Data via RRDtool License:GPL-2.0-or-later @@ -52,8 +52,8 @@ Conflicts: cacti-spine < %{version} Conflicts: cacti-spine > %{version} Provides: cacti-system -Obsoletes: cacti-PA -Provides: cacti-PA +Obsoletes: cacti-PA < %{version} +Provides: cacti-PA = %{version} BuildArch: noarch %if 0%{?suse_version} BuildRequires: apache2-devel ++ cacti-1.2.11.tar.gz -> cacti-1.2.12.tar.gz ++ /work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.11.tar.gz /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.12.tar.gz differ: char 5, line 1 ++ cacti-config.patch ++ --- /var/tmp/diff_new_pack.rPpIcG/_old 2020-05-12 11:42:35.785029581 +0200 +++ /var/tmp/diff_new_pack.rPpIcG/_new 2020-05-12 11:42:35.785029581 +0200 @@ -1,7 +1,7 @@ -Index: cacti-1.2.11/include/config.php +Index: cacti-1.2.12/include/config.php === cacti-1.2.11.orig/include/config.php -+++ cacti-1.2.11/include/config.php +--- cacti-1.2.12.orig/include/config.php cacti-1.2.12/include/config.php @@ -44,17 +44,17 @@ $database_ssl_ca = ''; * must remain commented out. */ @@ -31,7 +31,7 @@ /* * The poller_id of this system. set to `1` for the main cacti web server. -@@ -69,25 +69,25 @@ $poller_id = 1; +@@ -69,13 +69,13 @@ $poller_id = 1; * would be set to `/cacti/`. */ @@ -47,12 +47,7 @@ /* * Default Cookie domain - The cookie domain to be used for Cacti - */ - --$cacti_cookie_domain = 'cacti.net'; -+//$cacti_cookie_domain = 'cacti.net'; - - /* +@@ -87,7 +87,7 @@ $cacti_session_name = 'Cacti'; * Save sessions to a database for load balancing */
commit cacti for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked in at 2020-04-28 20:11:49 Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old) and /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738 (New) Package is "cacti" Tue Apr 28 20:11:49 2020 rev:47 rq:798367 version:1.2.11 Changes: --- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-03-02 13:26:06.618726780 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti.changes 2020-04-28 20:11:58.376635873 +0200 @@ -1,0 +2,36 @@ +Sat Apr 11 13:03:12 UTC 2020 - Andreas Stieger + +- cacti 1.2.11: + * security fixes and hardening (boo#1169215) ++ Add SameSite support for cookies ++ Cookie should be properly verified against password ++ CSRF at Admin Email ++ Improper Access Control on disabling a user ++ Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1 + * a number of bug fixes + * feature additions ++ Allow system uptime to be a variable for use with graphs ++ Add Refresh Interval to Data Collectors display ++ Add Location based filtering ++ Allow for Purging of Data Source Statistics from the GUI ++ Restore ability to duplicate a data profile ++ Enhance table navigation bars to support systems with larger number of items ++ Increase length of Graph Item 'value' field to support pango-markup better ++ Allow Basic Auth Accounts to be mapped by CSV file ++ Make form elements under checkbox_groups flow using flex grid style ++ Set the domain attribute to secure cookies for the 'remember me' option ++ Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings + +--- +Sun Mar 15 16:44:23 UTC 2020 - Paolo Stivanin + +- cacti 1.2.10: + * CVE-2020-8813: when guest users have access to realtime graphs, +remote code could be executed (boo#1164675) + * When using User Domains, global template user is used instead of +the configured domain template user + * Unix timestamps after Sep 13 2020 are rejected as graph start/end +arguments + * many bug fixes + +--- Old: cacti-1.2.9.tar.gz New: cacti-1.2.11.tar.gz Other differences: -- ++ cacti.spec ++ --- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.324637842 +0200 +++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.328637850 +0200 @@ -1,7 +1,7 @@ # # spec file for package cacti # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define cacti_dir %{apache_datadir}/cacti %endif Name: cacti -Version:1.2.9 +Version:1.2.11 Release:0 Summary:Web Front-End to Monitor System Data via RRDtool License:GPL-2.0-or-later ++ cacti-1.2.9.tar.gz -> cacti-1.2.11.tar.gz ++ /work/SRC/openSUSE:Leap:15.2/cacti/cacti-1.2.9.tar.gz /work/SRC/openSUSE:Leap:15.2/.cacti.new.2738/cacti-1.2.11.tar.gz differ: char 5, line 1 ++ cacti-config.patch ++ --- /var/tmp/diff_new_pack.fBAZFb/_old 2020-04-28 20:11:59.380637958 +0200 +++ /var/tmp/diff_new_pack.fBAZFb/_new 2020-04-28 20:11:59.380637958 +0200 @@ -1,6 +1,8 @@ cacti-1.2.3/include/config.php.old 2019-04-01 10:03:02.728491693 +0200 -+++ cacti-1.2.3/include/config.php 2019-04-01 10:09:33.589795006 +0200 -@@ -44,17 +44,17 @@ +Index: cacti-1.2.11/include/config.php +=== +--- cacti-1.2.11.orig/include/config.php cacti-1.2.11/include/config.php +@@ -44,17 +44,17 @@ $database_ssl_ca = ''; * must remain commented out. */ @@ -29,7 +31,7 @@ /* * The poller_id of this system. set to `1` for the main cacti web server. -@@ -69,19 +69,19 @@ +@@ -69,25 +69,25 @@ $poller_id = 1; * would be set to `/cacti/`. */ @@ -44,6 +46,13 @@ +//$cacti_session_name = 'Cacti'; /* + * Default Cookie domain - The cookie domain to be used for Cacti + */ + +-$cacti_cookie_domain = 'cacti.net'; ++//$cacti_cookie_domain = 'cacti.net'; + + /* * Save sessions to a database for load balancing */
commit cacti for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package cacti for openSUSE:Leap:15.2 checked in at 2020-03-02 13:25:59 Comparing /work/SRC/openSUSE:Leap:15.2/cacti (Old) and /work/SRC/openSUSE:Leap:15.2/.cacti.new.26092 (New) Package is "cacti" Mon Mar 2 13:25:59 2020 rev:46 rq:780760 version:1.2.9 Changes: --- /work/SRC/openSUSE:Leap:15.2/cacti/cacti.changes2020-01-15 14:49:14.985372412 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.cacti.new.26092/cacti.changes 2020-03-02 13:26:06.618726780 +0100 @@ -1,0 +2,700 @@ +Sat Feb 15 18:46:00 UTC 2020 - Andreas Stieger + +- cacti 1.2.9: + * CVE-2020-7106: Lack of escaping on some pages could lead to XSS +exposure (boo#1161297) + * CVE-2020-7237: Remote Code Execution due to input validation +failure in Performance Boost Debug Log (boo#1161297) + * many bug fixes + +--- +Sun Feb 2 17:10:52 UTC 2020 - Andreas Stieger + +- cacti 1.2.8: + * CVE-2019-17357: When viewing graphs, some input variables were +not properly checked (SQL injection possible) [boo#1158990] + * CVE-2019-17358: Unsafe deserialisation of data [boo#1158992] + * When using HTTPS, secure cookie to prevent potential weakness + * various bug fixes + +--- +Thu Oct 17 15:13:04 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + +--- +Mon Sep 30 05:52:15 UTC 2019 - David Liedke + +-Build version 1.2.7 + -security#2964: CVE-2019-16723 Security issue allows to view all graphs + -issue#1181: When opening the Scheduler, it may appear off screen when + opened near the bottom of a window + -issue#2894: When using Remote Data Collectors, database information and + recommendations may show Incorrect values + -issue#2895: When using data sources from different RRDs, Percentile + calculation may be incorrect + -issue#2899: When displaying a form, variable substitution may not always + work as expected + -issue#2922: When running a data query, the result may come back as undefined + -issue#2925: When using consolidation functions, retrieving the first step + can cause errors + -issue#2926: When editing a graph, variable validation errors may prevent + changes from being saved + -issue#2929: Boost performance may become poor even in single server mode + -issue#2930: RRDtool can generate errors to standard output which can corrupt images + -issue#2932: When RRDTool generates an error creating an image, it is not + always reportedly properly + -issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit + -issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect + location for DB upgrade scripts + -issue#2940: Images are not always properly sized until the page size changes + -issue#2949: Order icons may not be properly aligned + -issue#2951: Allow legends to be modified for Aggregate Graphs + -issue#2958: Drop down autocomplete lists do not always open as expected + -issue#2961: When syncing device templates, undefined function may be raised + -issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime + -issue#2966: Realtime popup windows do not always honor settings + -issue#2967: When using Spikekill, gap and range fill are not operating as expected + -issue#2970: When a user edits their profile, buttons may appear as unusable whilst + still being enabled + -issue#2973: User menu does not always display properly on mobile devices + -issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' + set but not found in data source + -issue#2975: Datasource Debug does not properly handle European numbers in + certain circumstances + -issue#2976: Boost messages should be stored in their own log file + -issue#2977: Data updates with past timestamps can cause boost errors + -issue#2978: Moving hosts between data collectors is slow + -issue#2979: Multi Output Fields are not parsed correctly + -issue#2984: When checking SQL fields, value was not always primed + -issue#2986: Selecting 'Devices' menu pick closes 'Management' menu + -feature#2943: Allow all Data Queries of a device to be re-indexed at once + -feature#2952: If device is down or threshold breached, highlight in tree view + -feature#2985: Update phpseclib to 2.0.23 + +--- +Mon Sep 2 12:24:33 UTC 2019 - David Liedke + +-Build version 1.2.6 + -issue#2794: Graph template not saved on graph edit + -issue#2825: "innodb_doublewrite = off" possibly dangerous recommendation +