net-analyzer/cacti: Add upstream patch for CVE-2015-8369 (bug #568400).

Package-Manager: portage-2.2.27

2 files changed, 266 insertions, 0 deletions

diff --git a/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild b/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild
new file mode 100644
index 000000000000..782f24179571
--- /dev/null
+++ b/net-analyzer/cacti/cacti-0.8.8f-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils webapp
+
+# Support for _p* in version.
+MY_P=${P/_p*/}
+
+DESCRIPTION="Cacti is a complete frontend to rrdtool"
+HOMEPAGE="http://www.cacti.net/"
+SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="snmp doc"
+
+need_httpd
+
+RDEPEND="
+	dev-lang/php[cli,mysql,session,sockets,xml]
+	dev-php/adodb
+	net-analyzer/rrdtool[graph]
+	virtual/cron
+	virtual/mysql
+	snmp? ( >=net-analyzer/net-snmp-5.2.0 )
+"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2015-8369.patch
+
+	sed -i -e \
+		's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \
+		"${S}"/include/global.php || die
+
+	rm -rf lib/adodb || die # don't use bundled adodb
+}
+
+src_compile() { :; }
+
+src_install() {
+	webapp_src_preinst
+
+	rm LICENSE README || die
+	dodoc docs/{CHANGELOG,CONTRIB,README,txt/manual.txt}
+	use doc && dohtml -r docs/html/
+	rm -rf docs
+
+	edos2unix `find -type f -name '*.php'`
+
+	dodir ${MY_HTDOCSDIR}
+	cp -r . "${D}"${MY_HTDOCSDIR}
+
+	webapp_serverowned ${MY_HTDOCSDIR}/rra
+	webapp_serverowned ${MY_HTDOCSDIR}/log/cacti.log
+	webapp_configfile ${MY_HTDOCSDIR}/include/config.php
+	webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
+
+	webapp_src_install
+}
diff --git a/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch b/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch
new file mode 100644
index 000000000000..2019a6160ec5
--- /dev/null
+++ b/net-analyzer/cacti/files/cacti-0.8.8f-CVE-2015-8369.patch
@@ -0,0 +1,204 @@
+--- a/graph.php
++++ b/graph.php
+@@ -32,43 +32,43 @@
+ 
+ api_plugin_hook_function('graph');
+ 
+-include_once("./lib/html_tree.php");
+-include_once("./include/top_graph_header.php");
+-
+ /* ================= input validation ================= */
+-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
+-input_validate_input_number(get_request_var("local_graph_id"));
+-input_validate_input_number(get_request_var("graph_end"));
+-input_validate_input_number(get_request_var("graph_start"));
++input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
++input_validate_input_number(get_request_var_request("local_graph_id"));
++input_validate_input_number(get_request_var_request("graph_end"));
++input_validate_input_number(get_request_var_request("graph_start"));
+ input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
+ /* ==================================================== */
+ 
+-if (!isset($_GET['rra_id'])) {
+-	$_GET['rra_id'] = 'all';
++include_once("./lib/html_tree.php");
++include_once("./include/top_graph_header.php");
++
++if (!isset($_REQUEST['rra_id'])) {
++	$_REQUEST['rra_id'] = 'all';
+ }
+ 
+-if ($_GET["rra_id"] == "all") {
++if ($_REQUEST["rra_id"] == "all") {
+ 	$sql_where = " where id is not null";
+ }else{
+-	$sql_where = " where id=" . $_GET["rra_id"];
++	$sql_where = " where id=" . $_REQUEST["rra_id"];
+ }
+ 
+ /* make sure the graph requested exists (sanity) */
+-if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) {
++if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) {
+ 	print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit;
+ }
+ 
+ /* take graph permissions into account here, if the user does not have permission
+ give an "access denied" message */
+ if (read_config_option("auth_method") != 0) {
+-	$access_denied = !(is_graph_allowed($_GET["local_graph_id"]));
++	$access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"]));
+ 
+ 	if ($access_denied == true) {
+ 		print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit;
+ 	}
+ }
+ 
+-$graph_title = get_graph_title($_GET["local_graph_id"]);
++$graph_title = get_graph_title($_REQUEST["local_graph_id"]);
+ 
+ if ($_REQUEST["view_type"] == "tree") {
+ 	print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>";
+@@ -76,15 +76,15 @@
+ 	print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>";
+ }
+ 
+-$rras = get_associated_rras($_GET["local_graph_id"]);
++$rras = get_associated_rras($_REQUEST["local_graph_id"]);
+ 
+ switch ($_REQUEST["action"]) {
+ case 'view':
+ 	api_plugin_hook_function('page_buttons',
+-		array('lgid' => $_GET["local_graph_id"],
++		array('lgid' => $_REQUEST["local_graph_id"],
+ 			'leafid' => '',//$leaf_id,
+ 			'mode' => 'mrtg',
+-			'rraid' => $_GET["rra_id"])
++			'rraid' => $_REQUEST["rra_id"])
+ 		);
+ 	?>
+ 	<tr class='tableHeader'>
+@@ -105,13 +105,13 @@
+ 					<table width='1' cellpadding='0'>
+ 						<tr>
+ 							<td>
+-								<img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
++								<img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
+ 							</td>
+ 							<td valign='top' style='padding: 3px;' class='noprint'>
+-								<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
+-								<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+-								<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
+-								<?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
++								<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
++								<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
++								<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
++								<?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
+ 								<a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br>
+ 							</td>
+ 						</tr>
+@@ -143,7 +143,7 @@
+ 	}
+ 
+ 	/* fetch information for the current RRA */
+-	$rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]);
++	$rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]);
+ 
+ 	/* define the time span, which decides which rra to use */
+ 	$timespan = -($rra["timespan"]);
+@@ -154,24 +154,24 @@
+ 		FROM (data_template_data,data_template_rrd,graph_templates_item)
+ 		WHERE graph_templates_item.task_item_id=data_template_rrd.id
+ 		AND data_template_rrd.local_data_id=data_template_data.local_data_id
+-		AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] .
++		AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] .
+ 		" LIMIT 0,1");
+ 	$ds_step = empty($ds_step) ? 300 : $ds_step;
+ 	$seconds_between_graph_updates = ($ds_step * $rra["steps"]);
+ 
+ 	$now = time();
+ 
+-	if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) {
+-		$graph_end = $_GET["graph_end"];
++	if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) {
++		$graph_end = $_REQUEST["graph_end"];
+ 	}else{
+ 		$graph_end = $now - $seconds_between_graph_updates;
+ 	}
+ 
+-	if (isset($_GET["graph_start"])) {
+-		if (($graph_end - $_GET["graph_start"])>$max_timespan) {
++	if (isset($_REQUEST["graph_start"])) {
++		if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) {
+ 			$graph_start = $now - $max_timespan;
+ 		}else {
+-			$graph_start = $_GET["graph_start"];
++			$graph_start = $_REQUEST["graph_start"];
+ 		}
+ 	}else{
+ 		$graph_start = $now + $timespan;
+@@ -186,7 +186,7 @@
+ 		graph_templates_graph.height,
+ 		graph_templates_graph.width
+ 		from graph_templates_graph
+-		where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]);
++		where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]);
+ 
+ 	$graph_height = $graph["height"];
+ 	$graph_width = $graph["width"];
+@@ -214,12 +214,12 @@
+ 			<table width='1' cellpadding='0'>
+ 				<tr>
+ 					<td>
+-						<img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
++						<img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
+ 					</td>
+ 					<td valign='top' style='padding: 3px;' class='noprint'>
+-						<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
+-						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+-						<?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' =>  $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
++						<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
++						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
++						<?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' =>  $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
+ 					</td>
+ 				</tr>
+ 				<tr>
+@@ -249,17 +249,17 @@
+ 			<table width='1' cellpadding='0'>
+ 				<tr>
+ 					<td>
+-						<img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
++						<img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
+ 					</td>
+ 					<td valign='top' style='padding: 3px;'>
+-						<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
+-						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+-						<?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' =>  $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
++						<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
++						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
++						<?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' =>  $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
+ 					</td>
+ 				</tr>
+ 				<tr>
+ 					<td colspan='2' align='center'>
+-						<strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong>
++						<strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong>
+ 					</td>
+ 				</tr>
+ 			</table>
+--- a/include/top_graph_header.php
++++ b/include/top_graph_header.php
+@@ -146,12 +146,12 @@
+ 			$graph_data_array["print_source"] = true;
+ 
+ 			/* override: graph start time (unix time) */
+-			if (!empty($_GET["graph_start"])) {
++			if (!empty($_REQUEST["graph_start"])) {
+ 				$graph_data_array["graph_start"] = get_request_var_request("graph_start");
+ 			}
+ 
+ 			/* override: graph end time (unix time) */
+-			if (!empty($_GET["graph_end"])) {
++			if (!empty($_REQUEST["graph_end"])) {
+ 				$graph_data_array["graph_end"] = get_request_var_request("graph_end");
+ 			}
+