Added patch to fix HTML injection vulnerabilities, thank Vadim Efimov for report, bug #294573. Removed old.

Package-Manager: portage-2.2_rc46/cvs/Linux x86_64
author: Peter Volkov <pva@gentoo.org> 2009-11-25 11:14:41 +0000
committer: Peter Volkov <pva@gentoo.org> 2009-11-25 11:14:41 +0000
commit: 19d343b5e446eb12ab6b4f32a67891e25434ac4c (patch)
tree: f99af5f7039d72be15d1b24adeddc94b11569f52 /net-analyzer/cacti
parent: amd64 stable, bug #294297 (diff)
download: historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.tar.gz
historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.tar.bz2
historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.zip
5 files changed, 21 insertions, 156 deletions
diff --git a/net-analyzer/cacti/ChangeLog b/net-analyzer/cacti/ChangeLog
index c6734499fa7a..ab7a116e3e12 100644
--- a/net-analyzer/cacti/ChangeLog
+++ b/net-analyzer/cacti/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-analyzer/cacti
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.153 2009/11/21 18:11:45 nixnut Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.154 2009/11/25 11:14:41 pva Exp $
+
+*cacti-0.8.7e-r1 (25 Nov 2009)
+
+  25 Nov 2009; Peter Volkov <pva@gentoo.org> -cacti-0.8.6j-r8.ebuild,
+  -files/cacti-0.8.6j-dos-large-values.patch, -cacti-0.8.7d.ebuild,
+  +cacti-0.8.7e-r1.ebuild:
+  Added patch to fix HTML injection vulnerabilities, thank Vadim Efimov for
+  report, bug #294573. Removed old.
 
   21 Nov 2009; nixnut <nixnut@gentoo.org> cacti-0.8.7e.ebuild:
   ppc stable #293268
diff --git a/net-analyzer/cacti/Manifest b/net-analyzer/cacti/Manifest
index dc6e75874014..07c8d2b5ad51 100644
--- a/net-analyzer/cacti/Manifest
+++ b/net-analyzer/cacti/Manifest
@@ -1,30 +1,16 @@
-AUX cacti-0.8.6j-dos-large-values.patch 1127 RMD160 102be3fdad2334c50a5d8ce4a4655c0220842d82 SHA1 79fab202a7473c66b10909a982c2f9fcf70c9b50 SHA256 b677a380634a4db63b0b85aaf54103efefdbb0e0dcd7d15ce61b7e08949f8d55
 AUX postinstall-en.txt 2249 RMD160 2703588d7971022699b58b2e5a113ab970124f4d SHA1 8c34cadfe75d1bca0eaaae66a5981f0ab575ea3f SHA256 7879329884e33f84108d5fbed732941c9fd8a53b56db499bfc0bd282bd61b10d
-DIST cacti-0.8.6j.tar.gz 1126337 RMD160 981d24753d440af1d3fcfdb20cd988f73fcc44fe SHA1 4ed5b7ada8710c5474e7fc4aad4ad9339caf0188 SHA256 0ddf8a740a5725de67eeea71c38433447ff75388e6e399ce92ccadc36d25bd46
 DIST cacti-0.8.7b.tar.gz 2005650 RMD160 e47f15957554fe6ac00dc4becffc06a790eae6f8 SHA1 fb4dd0374577b100bbe92fba05e084da2e685fe2 SHA256 f248e858879868d7bba2d53c459a3d61f0a9c19ee4843e3983cfe7a9d7fcaef9
-DIST cacti-0.8.7d.tar.gz 2221142 RMD160 e9a3056bdfc1ea28a174b0d55c3f148c055bf2ba SHA1 772193f0b2491feedd950aeb52bd43472fd56645 SHA256 a8ae8b9e50658b4e46b9f60c1373e4cc3f4cc9d72266ce09540e14d71ee57e8e
 DIST cacti-0.8.7e.tar.gz 2232297 RMD160 b6e4bb937e69337113d014d4a802455a852e7baf SHA1 6ba93e200e0fbbddfbc5a9a98a9cf0f70842d904 SHA256 1983f16cd5cf5e30b33b43b167e324713f0711167f5dcde57f3cbfbeddbaa7ff
 DIST cli_add_graph.patch 556 RMD160 21f5ddca4bc22ed7208d468c07c2feba0873e2b2 SHA1 a3eee5b56c2c99fe8a800904572be2fbaf0f3049 SHA256 504af2148efab2699e4cdc17581e8555d1a5d40dfbd30a316e7637378a6c6f11
+DIST cross_site_fix.patch 8705 RMD160 96b72fcc2e17fb0ecd622f4fb627a5ff67f94be2 SHA1 3cf067a88b0c2d4348c88d37c98312760d1f1efe SHA256 75b7d4687722d96e0d32afb3832f93a54e8518c0c949e1dcd9ae634623564b28
 DIST fix_icmp_on_windows_iis_servers.patch 2997 RMD160 176a28cff430e79433dee4b54aac736548a6cda2 SHA1 466936d06e7a7e4d882b2375ae0cac9dc6434ab1 SHA256 5dd61a9accd5a2872d8efa03bb6b7e49c735568094286a1664f2ae4491ecdeeb
-DIST graph_debug_lockup_fix.patch 927 RMD160 8bf2112cb537b330547b8b571cc573a0f3135123 SHA1 be180e9def1f51678ed9424950dd5d5c8d3bc578 SHA256 c8ea30c6bf5764663d106d28b3308377a8c2003cc2afd3d0ba0102ed5fddee1b
-DIST graph_search.patch 1026 RMD160 c19e975b1071f77413de319e26915036e4cc2d2f SHA1 e63a156dd3a045cabb00947afd613d09ceb67aff SHA256 d928388bd03df77f156e5902fdb324b35de4d47264a95c790cc0a1ba21e7372b
-DIST multiple_vulnerabilities-0.8.6j.patch 9284 RMD160 6c7fc9bf7dbba3d9c5b98b9538696826383ef8ff SHA1 7d00e4d42866967136f639c7600d06ef23fe223d SHA256 b9c31af5772758e87c4d784dcb0b96402f7bb9ec76dda2cfe41ea339e0778957
-DIST page_length_graph_view.patch 1399 RMD160 7a27597c742ec868cfa76e3aebf4867082d665b8 SHA1 e2f7d8cc5c4a1c75c8a0384c1fbfd46f53954442 SHA256 cd61cd62006965fba850925301fb1b679544691194c465742dc8c727e502569a
-DIST ping_php_version4_snmpgetnext.patch 1262 RMD160 94882973199b8e59c40ad43a132548862654f312 SHA1 41be27e18e136d79c5e3b2f99438a192fffdc383 SHA256 1e19110c696eb56c6de68247c926c5ec7a2e7554df222f39a663556241644170
-DIST ping_timeout.patch 2475 RMD160 0e6a09c285de751be5e6c89f2457baaa8ce1adf1 SHA1 a80229ec3a11b5079d52491530654792329eb3e6 SHA256 df554876ad4e0163609c855622720a2cffe729b7b40e763bffcbeb37255b3b86
 DIST reset_each_patch.patch 1291 RMD160 7227f1bf0706066febdbdf0947f874236b0a5124 SHA1 3cca8797fcc7910a6639c86547a83d96e070dd86 SHA256 b42d70a33a91794fd1f253ad103999138f31d59fe75e91cef7eb27549aa53d7f
-DIST sec_sql_injection-0.8.6j.patch 749 RMD160 c8c93f6bddd7e032cede65872cdea3df0850ec05 SHA1 3c44758623435c4311777e3a080d846dbe475736 SHA256 0f05946e598ce34b9507b8eeaa431c45280c2f6e07003cf583a11735fc01d245
 DIST snmp_auth_none_notice.patch 527 RMD160 3b29b0928babf1df9019691b494c0eab50a747b3 SHA1 dcf6072ef3e1bd667c554a44facc91ea233dea4c SHA256 03d8d7a38c343b346a0ca76005e79d5b939cff4144da853cbd4b6199f3786fb9
 DIST snmp_invalid_response.patch 921 RMD160 02d1f7fc63473fefbfee9a2edc020f5ec960d103 SHA1 8308f02d69ac3fb1a2ced5ad66c6c5c2078fc75f SHA256 4259979a2d9fdc51a6ef3a88368fe97adace3a7f1c3b895dea61757de9822db8
-DIST snmp_string_issue_with_rrdtool_creation.patch 336 RMD160 935531adae3bde73171706341d81b356169b4ca2 SHA1 e0c022271d36989697b2e62877cc405109b9ac93 SHA256 b46ecb20b459239b3af074e0627a945b93ba1d066ef22b436e88748c3b7d787f
-DIST snmpwalk_fix.patch 1056 RMD160 ba1a70dc95ceba6f5716dd8d8351db4a400abcc3 SHA1 e5cb384b87224e26e31063d13bb15e0bea12383c SHA256 ecf344ff6674306c52f6bbeea621d56310444ad12f679202b0de141485429106
 DIST template_duplication.patch 9190 RMD160 ba1d35cc207484b17c30044bb9f025ed6281c37b SHA1 27f3ee2eb37bd3c9430933cf00a30e63b2b05829 SHA256 c6ab6d2396f6b6519607f7908df642a575d32a75430e2b74381a6046d57f8ad9
-DIST thumbnail_graphs_not_working.patch 1515 RMD160 6b228cab1bc99b3f20ddb4e1d45b467fc8dadf35 SHA1 3684fe33e37105c719c59bd3ba7e1aaf2795c9a8 SHA256 3b18602aed1aa8b9773a75a4e89413cd12ce2670fd185eae113de1aa2c1186bd
-DIST tree_console_missing_hosts.patch 771 RMD160 d33f3916317e989b379d1188f3ed23b7d61a7a9e SHA1 bccc1293567c9160971537a3cbbf69ab0ca9cf81 SHA256 5807bb408227b1c9f2ebecf220c048eb7c7148eee41fcd06fdc086124a206180
 DIST upgrade_from_086k_fix.patch 847 RMD160 ab5da2f9ae47a6affd4ff0ec1473a5193353df61 SHA1 105309cc259f80e17e550d53384b125782b02b9f SHA256 9385e019c25d5638a39b10a3afd7ee375d8de911d713a6c79443053419af7ec4
-EBUILD cacti-0.8.6j-r8.ebuild 2534 RMD160 60964b7e3d92eec4dca13b541415b3badcf20af4 SHA1 22e1858b867d73650972728579648badecb07e47 SHA256 2f4c2368bdb194ca070adfac92af8556f76d355754997868b1930c582fb57609
 EBUILD cacti-0.8.7b-r3.ebuild 2023 RMD160 f5695cf9b70b1b3114c682cd3286f2c7d7e75a64 SHA1 d33880634de12d809c30baf5aba460e3596cbb41 SHA256 2d3b4f9fe0a8a6dcb111f2a3429a4ccdaaf7176ae3ea728e0b8e71aabd83e8d7
-EBUILD cacti-0.8.7d.ebuild 2066 RMD160 27f3327847e3ca83f0e9822e35a7f40aa618afc7 SHA1 34262606a0dd48c960d4718caf773400b1cc0f65 SHA256 0907cf1dcbecdf9c05d65f17b6a284c029a41a85128a8a7a07599d0ff8bd47ab
+EBUILD cacti-0.8.7e-r1.ebuild 2081 RMD160 c35802037384acc08e5d6723b7faaf3b72815226 SHA1 60b87401d2b1068fdd2e5a08176bd50e1bdc9509 SHA256 ed4ec7cffdf545a45307e864733c1d7eec972f1a92c4f9be6a95cf6527dd8749
 EBUILD cacti-0.8.7e.ebuild 2061 RMD160 07b0f5ea2e645f9a6b508654c85a78f595d68ee1 SHA1 4d44ec26b671c16fa632b2aa92a6f0a9f3b53781 SHA256 19977e00b20e0f5a6eb6ad818c5403e3425c706090ed61a005723d1229db0311
-MISC ChangeLog 22212 RMD160 79bfce5254d7817062c658911f7afd83218edbce SHA1 1f44178a4b5e226c4246d9b6db6c893becbc0308 SHA256 cb217c0345d170cf57e36b2f317652bdcb6a1c26523de0b19108aaba18ebe3cf
+MISC ChangeLog 22519 RMD160 94971bb364691e536868ff8be1dc1db884d9278a SHA1 e62695cfebf4f6f3b184a31acaad5a167bcdce8e SHA256 270e8ccc4e1aa257917c172fbf8b75a356630e76ed813acfe108c47e009bb91a
 MISC metadata.xml 916 RMD160 04f9ef45ccd484deda4a6333cf8d57b61c1be217 SHA1 cad0945f6d5d5427cfaae181b4c860576d7887b9 SHA256 a6e338947e55cbf427aeb35322f37c5af2e900ef4def9576da82789d804c4a0c
diff --git a/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild b/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild
deleted file mode 100644
index 028673604f05..000000000000
--- a/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild
+++ /dev/null
@@ -1,101 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild,v 1.7 2009/05/26 17:04:42 arfrever Exp $
-
-inherit eutils webapp depend.apache depend.php
-
-# Support for _p* in version.
-MY_P=${P/_p*/}
-HAS_PATCHES=1
-
-DESCRIPTION="Cacti is a complete frontend to rrdtool"
-HOMEPAGE="http://www.cacti.net/"
-SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz"
-
-# patches
-if [ $HAS_PATCHES == 1 ] ; then
-	UPSTREAM_PATCHES="ping_php_version4_snmpgetnext
-					  tree_console_missing_hosts
-					  thumbnail_graphs_not_working
-					  graph_debug_lockup_fix
-					  snmpwalk_fix
-					  sec_sql_injection-0.8.6j
-					  multiple_vulnerabilities-0.8.6j"
-	for i in $UPSTREAM_PATCHES ; do
-		SRC_URI="${SRC_URI} http://www.cacti.net/downloads/patches/${PV/_p*}/${i}.patch"
-	done
-fi
-
-LICENSE="GPL-2"
-KEYWORDS="alpha amd64 ~hppa ppc ppc64 sparc x86"
-IUSE="snmp bundled-adodb"
-
-DEPEND=""
-
-want_apache
-need_php_cli
-need_php_httpd
-
-RDEPEND="!apache2? ( www-servers/lighttpd )
-	snmp? ( net-analyzer/net-snmp )
-	net-analyzer/rrdtool
-	!bundled-adodb? ( dev-php/adodb )
-	virtual/mysql
-	virtual/cron"
-
-src_unpack() {
-	if [ $HAS_PATCHES == 1 ] ; then
-		unpack ${MY_P}.tar.gz
-		[ ! ${MY_P} == ${P} ] && mv ${MY_P} ${P}
-		# patches
-		for i in ${UPSTREAM_PATCHES} ; do
-			EPATCH_OPTS="-p1 -d ${S} -N" epatch "${DISTDIR}"/${i}.patch
-		done ;
-	else
-		unpack ${MY_P}.tar.gz
-	fi
-
-	epatch "${FILESDIR}/${P}"-dos-large-values.patch
-
-	use bundled-adodb || sed -i -e \
-	's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \
-	"${S}"/include/config.php
-}
-
-pkg_setup() {
-	depend.apache_pkg_setup
-	webapp_pkg_setup
-	has_php
-	if [ $PHP_VERSION = 5 ] ; then
-		phpUseFlags="cli mysql xml session pcre"
-	elif [ $PHP_VERSION = 4 ] ; then
-		phpUseFlags="cli mysql xml session pcre expat"
-	fi
-	use bundled-adodb || phpUseFlags="${phpUseFlags} sockets"
-	require_php_with_use ${phpUseFlags}
-}
-
-src_compile() {
-	einfo "Nothing to compile."
-}
-
-src_install() {
-	webapp_src_preinst
-
-	rm LICENSE README
-	dodoc docs/{CHANGELOG,CONTRIB,INSTALL,README,REQUIREMENTS,UPGRADE}
-	rm -rf docs
-	use bundled-adodb || rm -rf lib/adodb
-
-	edos2unix `find -type f -name '*.php'`
-
-	dodir ${MY_HTDOCSDIR}
-	cp -r . "${D}"${MY_HTDOCSDIR}
-
-	webapp_serverowned ${MY_HTDOCSDIR}/rra
-	webapp_serverowned ${MY_HTDOCSDIR}/log/cacti.log
-	webapp_configfile ${MY_HTDOCSDIR}/include/config.php
-	webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
-
-	webapp_src_install
-}
diff --git a/net-analyzer/cacti/cacti-0.8.7d.ebuild b/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild
index 15d672fb486f..6e73139e3223 100644
--- a/net-analyzer/cacti/cacti-0.8.7d.ebuild
+++ b/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.7d.ebuild,v 1.1 2009/03/08 11:26:58 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild,v 1.1 2009/11/25 11:14:41 pva Exp $
 
 inherit eutils webapp depend.php
 
@@ -14,10 +14,11 @@ SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz"
 
 # patches
 if [ "${HAS_PATCHES}" == "1" ] ; then
-	UPSTREAM_PATCHES="ping_timeout
-					graph_search
-					page_length_graph_view
-					snmp_string_issue_with_rrdtool_creation"
+	UPSTREAM_PATCHES="cli_add_graph
+		snmp_invalid_response
+		template_duplication
+		fix_icmp_on_windows_iis_servers
+		cross_site_fix"
 	for i in ${UPSTREAM_PATCHES} ; do
 		SRC_URI="${SRC_URI} http://www.cacti.net/downloads/patches/${PV/_p*}/${i}.patch"
 	done
@@ -54,6 +55,8 @@ src_unpack() {
 	sed -i -e \
 		's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \
 		"${S}"/include/global.php
+
+	rm -rf lib/adodb # don't use bundled adodb
 }
 
 pkg_setup() {
@@ -68,10 +71,9 @@ src_install() {
 	webapp_src_preinst
 
 	rm LICENSE README
-	dodoc docs/{CHANGELOG,CONTRIB,INSTALL,README,REQUIREMENTS,UPGRADE,text/manual.txt}
+	dodoc docs/{CHANGELOG,CONTRIB,README,txt/manual.txt} || die
 	use doc && dohtml -r docs/html/
 	rm -rf docs
-	rm -rf lib/adodb
 
 	edos2unix `find -type f -name '*.php'`
 
diff --git a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch b/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch
deleted file mode 100644
index 7398e962151b..000000000000
--- a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -uNr -r cacti-0.8.6j-orig/graph_image.php cacti-0.8.6j/graph_image.php
---- cacti-0.8.6j-orig/graph_image.php	2007-01-18 01:23:10.000000000 +0100
-+++ cacti-0.8.6j/graph_image.php	2007-06-06 21:00:17.278210000 +0200
-@@ -51,22 +51,22 @@
- $graph_data_array = array();
- 
- /* override: graph start time (unix time) */
--if (!empty($_GET["graph_start"])) {
-+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
- 	$graph_data_array["graph_start"] = $_GET["graph_start"];
- }
- 
- /* override: graph end time (unix time) */
--if (!empty($_GET["graph_end"])) {
-+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
- 	$graph_data_array["graph_end"] = $_GET["graph_end"];
- }
- 
- /* override: graph height (in pixels) */
--if (!empty($_GET["graph_height"])) {
-+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
- 	$graph_data_array["graph_height"] = $_GET["graph_height"];
- }
- 
- /* override: graph width (in pixels) */
--if (!empty($_GET["graph_width"])) {
-+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
- 	$graph_data_array["graph_width"] = $_GET["graph_width"];
- }
-
author	Peter Volkov <pva@gentoo.org>	2009-11-25 11:14:41 +0000
committer	Peter Volkov <pva@gentoo.org>	2009-11-25 11:14:41 +0000
commit	19d343b5e446eb12ab6b4f32a67891e25434ac4c (patch)
tree	f99af5f7039d72be15d1b24adeddc94b11569f52 /net-analyzer/cacti
parent	amd64 stable, bug #294297 (diff)
download	historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.tar.gz historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.tar.bz2 historical-19d343b5e446eb12ab6b4f32a67891e25434ac4c.zip