Blob Blame Raw
Name: cacti
Version: 0.8.8b
Release: 7%{?dist}
Summary: An rrd based graphing tool

# Use systemd unit files on Fedora 21+ and RHEL 7.
%if 0%{?fedora} >= 21 || 0%{?rhel} >= 7
  %global _with_systemd 1
%endif

Group: Applications/System
# There's a lot of stuff in there. It's all compatible.
License: GPLv2+ and LGPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) and (LGPLv2 or BSD)
URL: http://www.cacti.net/
# Source0: http://www.cacti.net/downloads/%%{name}-%%{version}.tar.gz
# To generate the notreeview tarball:
#  wget http://www.cacti.net/downloads/cacti-0.8.8b.tar.gz
#  tar xzf cacti-0.8.8b.tar.gz
#  rm -rf cacti-0.8.8b/include/treeview/*
#  rm -rf cacti-0.8.8b.tar.gz
#  tar czf cacti-0.8.8b-notreeview.tar.gz cacti-0.8.8b
Source0: %{name}-%{version}-notreeview.tar.gz
Source1: cacti-httpd.conf
Source2: cacti.logrotate
Source3: cacti.README.fedora
Source4: d.gif
Source5: d.png
Source6: throbber.gif
Source7: %{name}.cron
# Add replacement files for treeview
Patch0: cacti-0.8.8a-legal.patch
# Thanks to Paul Gevers and Jan Zalesak (Debian)
Patch1: cacti-0.8.8a-replace_treeview_by_jquery.jstree.patch

# Upstream patch for XSS and SQL injection
# https://bugzilla.redhat.com/1000860
Patch2: cacti-0.8.8b-sanitize-variables.patch

# Upstream patch to fix graph comments
# https://bugzilla.redhat.com/1004550
Patch3: cacti-0.8.8b-rra-comments.patch

# Upstream patch for SQL injection and shell escaping
# https://bugzilla.redhat.com/1084258
Patch4: cacti-0.8.8b-sql-injection-shell-escaping.patch

# Upstream patch for HTML injection
# https://bugzilla.redhat.com/1082122
Patch5: cacti-0.8.8b-html-injection.patch

# Upstream patch for remote command execution
# https://bugzilla.redhat.com/1082122
Patch6: cacti-0.8.8b-remote-command-execution.patch

# Upstream patches for XSS
# https://bugzilla.redhat.com/1113035
Patch7: cacti-0.8.8b-validate-graph-templates-inputs.patch
Patch8: cacti-0.8.8b-validate-drp-action.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Requires: php, php-mysql, mysql, httpd, rrdtool, net-snmp, php-snmp
Requires: net-snmp-utils
Requires: crontabs
Requires(pre): %{_sbindir}/useradd
%if 0%{?_with_systemd}
Requires(preun):  systemd
Requires(postun): systemd
Requires(post):   systemd
%else
Requires(postun): /sbin/service 
%endif
BuildArch: noarch

# This macro was added in Fedora 20. Use the old version if it's undefined
# on older Fedoras and RHELs.
# https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}

%description
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven. Along with being able to maintain graphs, data
sources, and round robin archives in a database, Cacti also
handles the data gathering. There is SNMP support for those
used to creating traffic graphs with MRTG.

%prep
%setup -q
%patch0 -p1
# patch1: Remove treeview
%patch1 -p1
# patch2: XSS and SQL injection, https://bugzilla.redhat.com/1000860
%patch2 -p2
# patch3: Fix graph comments, https://bugzilla.redhat.com/1004550
%patch3 -p2
# patch4: SQL injection and shell escaping, https://bugzilla.redhat.com/1084258
%patch4 -p2
# patch5: HTML injection, https://bugzilla.redhat.com/1082122
%patch5 -p2
# patch6: Remote command execution, https://bugzilla.redhat.com/1082122
%patch6 -p2
# patch7 and 8: XSS, https://bugzilla.redhat.com/1113035
%patch7 -p2
%patch8 -p2
cp %{SOURCE4} %{SOURCE5} %{SOURCE6} include/js/jquery/themes/default/
rm -rf include/treeview

%build
# cacti's build is a noop

%install
rm -rf %{buildroot}
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/%{name}
%{__install} -d -m 0755 %{buildroot}/%{_pkgdocdir}
%{__install} -d -m 0755 %{buildroot}/%{_datadir}/%{name}/
%{__install} -m 0644 *.php %{buildroot}/%{_datadir}/%{name}/
%{__install} -d -m 0775 log/ %{buildroot}/%{_localstatedir}/log/%{name}/
%{__install} -m 0664 log/* %{buildroot}/%{_localstatedir}/log/%{name}/
%{__install} -d -m 0755 rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/rra/
%{__install} -d -m 0755 scripts/ %{buildroot}/%{_localstatedir}/lib//%{name}/scripts/
%{__install} -m 0755 scripts/* %{buildroot}/%{_localstatedir}/lib/%{name}/scripts/
%{__install} -d -m 0755 cli/ %{buildroot}/%{_localstatedir}/lib//%{name}/cli/
%{__install} -m 0755 cli/* %{buildroot}/%{_localstatedir}/lib/%{name}/cli/
%{__install} -p -D -m 0644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/cron.d/%{name}
%{__install} -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/cacti.conf
%{__install} -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/logrotate.d/cacti

# The su parameter will trip up older logrotate versions.
# Conditionally remove it here.
%if 0%{?rhel} && 0%{?rhel} <= 6
  sed -i %{buildroot}/%{_sysconfdir}/logrotate.d/cacti -e '/^[ \t]*su /d'
%endif

%{__cp} -a images/ include/ install/ lib/ plugins/ resource/ %{buildroot}%{_datadir}/%{name}
%{__cp} %{SOURCE3} ./docs/README.fedora
%{__cp} -a docs/ %{buildroot}/%{_pkgdocdir}
%{__mv} %{buildroot}/%{_datadir}/%{name}/include/config.php %{buildroot}/%{_sysconfdir}/%{name}/db.php
%{__chmod} +x %{buildroot}/%{_datadir}/%{name}/cmd.php %{buildroot}/%{_datadir}/%{name}/poller.php
ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/config.php
ln -s %{_localstatedir}/lib/%{name}/rra %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/lib/%{name}/scripts %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/lib/%{name}/cli %{buildroot}/%{_datadir}/%{name}/
ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{_datadir}/%{name}/log
ln -s %{_datadir}/%{name}/lib %{buildroot}/%{_localstatedir}/lib/%{name}/
ln -s %{_datadir}/%{name}/include %{buildroot}/%{_localstatedir}/lib/%{name}/

%clean
rm -rf %{buildroot}

%pre
%{_sbindir}/useradd -d %{_datadir}/%{name} -r -s /sbin/nologin cacti 2> /dev/null || :

%post
%if 0%{?_with_systemd}
  %systemd_post httpd.service
%else
  if [ $1 == 1 ]; then
    /sbin/service httpd condrestart > /dev/null 2>&1 || :
  fi
%endif

%postun
%if 0%{?_with_systemd}
  %systemd_postun_with_restart httpd.service
%else
  /sbin/service httpd condrestart > /dev/null 2>&1 || :
%endif

%files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %{_localstatedir}/lib/%{name}
%dir %{_localstatedir}/lib/%{name}/cli
%dir %{_localstatedir}/lib/%{name}/scripts
%doc docs/ README LICENSE cacti.sql
%config(noreplace) %{_sysconfdir}/cron.d/cacti
%config(noreplace) %{_sysconfdir}/httpd/conf.d/cacti.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0640,cacti,apache) %config(noreplace) %{_sysconfdir}/%{name}/db.php
%{_datadir}/%{name}/*.php
%{_datadir}/%{name}/images/
%{_datadir}/%{name}/include/
%{_datadir}/%{name}/install/
%{_datadir}/%{name}/lib/
%{_datadir}/%{name}/log
%{_datadir}/%{name}/plugins/
%{_datadir}/%{name}/resource/
%{_datadir}/%{name}/rra
%{_datadir}/%{name}/scripts
%{_datadir}/%{name}/cli
%{_localstatedir}/lib/%{name}/scripts/*[^p]
%attr(-,cacti,apache) %{_localstatedir}/log/%{name}/
%attr(-,cacti,root) %{_localstatedir}/lib/%{name}/rra/
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/scripts/*php
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/cli/*php
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/include
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib

%changelog
* Fri Jun 27 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-7
- Patches for CVE-2014-4002 Cross-site scripting vulnerability
  (RHBZ #1113035)

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8b-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Mon Apr 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-5
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
  (RHBZ #1084258)
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
  (RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
  checks allow arbitrary command execution (RHBZ #1082122)

* Fri Feb 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-4
- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
  Jóhann B. Guðmundsson.
- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
- Fix rpmlint warning about spaces-to-tabs

* Wed Sep 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-3
- Fix comments in thumbnails (BZ #1004550)

* Mon Aug 26 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-2
- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)

* Wed Aug 07 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-1
- New upstream release (BZ #993042)

* Mon Jul 29 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-9
- Use %%{_pkgdocdir}, per
  https://fedoraproject.org/wiki/Changes/UnversionedDocdirs

* Sun Jul 14 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-8
- Improve security description in cacti's httpd conf (RHBZ #895823)
- Use improved treeview replacement patch (RHBZ #888207)
- rpmlint fixes
- trim RPM changelog

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Tue Jan 08 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-6
- Add note to README.fedora about the default MySQL password
- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122)
- Add dependency on net-snmp-utils (RHBZ #893150)

* Fri Jan 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-5
- Install our README file as README.fedora

* Fri Jan  4 2013 Tom Callaway <spot@fedoraproject.org> - 0.8.8a-4
- remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Jun 28 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-2
- Add plugins directory (BZ #834355)
- Drop Fedora 15 (EOL) from logrotate syntax adjustment

* Mon Apr 30 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-1
- New upstream release (BZ #817506)
- Drop upstreamed $url_path patch

* Wed Apr 11 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-3
- Patch $url_path to default to "/cacti/" (upstream bug 2217)

* Fri Apr 06 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-2
- Adjust httpd ACL conditionals to test the presence of mod_authz_core
  (as discussed on fedora-devel)

* Wed Apr 04 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-1
- New upstream release (BZ #809753).

* Mon Mar 26 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-4
- Adjust ACLs to support httpd 2.4.

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7i-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Dec 13 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-2
- Only set "su" logrotate parameter for F16 and above.
- Tweak mod_security rules.

* Mon Dec 12 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-1
- New upstream release (BZ #766573).

* Fri Nov 11 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-2
- block HTTP access to log and rra directories (#609856)
- overrides for mod_security
- set logrotate to su to cacti apache when rotating (#753079)

* Thu Oct 27 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-1
- New upstream release.
- Remove upstream'd mysql patch.

* Mon Aug 08 2011 Jon Ciesla <limb@jcomserv.net> - 0.8.7g-3
- Patch for MySQL 5.5, BZ 728513.

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7g-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Mon Jul 12 2010 Mike McGrath <mmcgrath@redhat.com> 0.8.7g-1
- Upstream released new version

* Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
- Upstream released new version
- Contains security updates #595289

* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
- Pulling in patches from upstream
- SQL injection fix
- BZ #541279

* Tue Dec  1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
- Pulling in some official patches
- #541279
- #541962

* Sun Aug 16 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-1
- Upstream released new version

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Tue Mar 31 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 0.8.7d-3
- Fix unowned cli directory (#473631)

* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Sat Feb 21 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7d-1
- Upstream released new version

* Mon Jul 28 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-4
- Added cli directory

* Fri Jul 18 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-3
- fix my own mistake in the license tag

* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-2
- fix license tag

* Thu Feb 14 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-1
- Upstream released new version

* Fri Nov 23 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-2
- db.php is now 640 instead of 660 - #396331

* Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-1
- Upstream released new version
- Fixes for bug #391691 - CVE-2007-6035