From be3aa6cb899137016c6b2469c8c6513755609735 Mon Sep 17 00:00:00 2001
From: Morten Stevens <mstevens@fedoraproject.org>
Date: Feb 10 2020 16:48:47 +0000
Subject: Update to 1.2.9


---

diff --git a/.gitignore b/.gitignore
index b7ff9ff..2f0640e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,3 +43,4 @@
 /cacti-1.2.6.tar.gz
 /cacti-1.2.7.tar.gz
 /cacti-1.2.8.tar.gz
+/cacti-1.2.9.tar.gz
diff --git a/cacti.spec b/cacti.spec
index dc0f799..ac66abe 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -1,8 +1,8 @@
 %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
 Name: cacti
-Version: 1.2.8
-Release: 2%{?dist}
+Version: 1.2.9
+Release: 1%{?dist}
 Summary: An rrd based graphing tool
 License: GPLv2+
 URL: https://www.cacti.net/
@@ -13,6 +13,7 @@ Source3: cacti.README.fedora
 Source4: %{name}.cron
 Source5: cacti.nginx
 Patch0: cacti-1.2.x-disable_log_rotation.patch
+Patch1: cacti-1.2.x-csrf-secret.patch
 
 BuildArch: noarch
 
@@ -90,6 +91,7 @@ driven.
 %{__install} -d -m 0755 resource/ %{buildroot}/%{_localstatedir}/lib/%{name}/resource
 %{__install} -d -m 0755 rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/rra/
 %{__install} -d -m 0755 scripts/ %{buildroot}/%{_localstatedir}/lib/%{name}/scripts/
+%{__install} -d -m 0755 csrf/ %{buildroot}/%{_localstatedir}/lib/%{name}/csrf/
 %{__mv} *.php %{buildroot}/%{_datadir}/%{name}/
 %{__mv} cache/ %{buildroot}/%{_localstatedir}/lib/%{name}/
 %{__mv} cli/ %{buildroot}/%{_localstatedir}/lib/%{name}/
@@ -117,6 +119,8 @@ ln -s %{_datadir}/%{name}/include %{buildroot}/%{_localstatedir}/lib/%{name}/
 # Create logfiles
 touch %{buildroot}/%{_localstatedir}/log/%{name}/%{name}.log
 touch %{buildroot}/%{_localstatedir}/log/%{name}/%{name}_stderr.log
+# Create csrf-secret.php
+touch %{buildroot}/%{_localstatedir}/lib/%{name}/csrf/csrf-secret.php
 
 # Migrate /usr/share/cacti/resource to /var/cacti/resource
 %pretrans -p <lua>
@@ -138,6 +142,7 @@ end
 # Migrate file ownership to apache user
 chown -R apache:apache %{_localstatedir}/lib/%{name}/cache/
 chown -R apache:apache %{_localstatedir}/lib/%{name}/cli/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/csrf/
 chown -R apache:apache %{_localstatedir}/lib/%{name}/resource/
 chown -R apache:apache %{_localstatedir}/lib/%{name}/rra/
 chown -R apache:apache %{_localstatedir}/lib/%{name}/scripts/
@@ -148,6 +153,7 @@ chown root:apache %{_sysconfdir}/%{name}/db.php
 semanage fcontext -a -t httpd_sys_content_t '%{_sysconfdir}/%{name}/db.php' 2>/dev/null || :
 semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cache(/.*)?' 2>/dev/null || :
 semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cli(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/csrf(/.*)?' 2>/dev/null || :
 semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/resource(/.*)?' 2>/dev/null || :
 semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/scripts(/.*)?' 2>/dev/null || :
 restorecon -R %{_localstatedir}/lib/%{name} || :
@@ -162,6 +168,7 @@ if [ $1 -eq 0  ] ; then
 semanage fcontext -d -t httpd_sys_content_t '%{_sysconfdir}/%{name}/db.php' 2>/dev/null || :
 semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cache(/.*)?' 2>/dev/null || :
 semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cli(/.*)?' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/csrf(/.*)?' 2>/dev/null || :
 semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/resource(/.*)?' 2>/dev/null || :
 semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/scripts(/.*)?' 2>/dev/null || :
 fi
@@ -173,6 +180,7 @@ fi
 %dir %{_datadir}/%{name}
 %dir %{_localstatedir}/lib/%{name}
 %dir %{_localstatedir}/lib/%{name}/cli
+%dir %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/csrf
 %dir %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/scripts
 %dir %attr(-,apache,apache) %{_localstatedir}/log/%{name}/
 %config(noreplace) %attr(-,apache,apache) %{_localstatedir}/log/%{name}/%{name}.log
@@ -205,11 +213,16 @@ fi
 %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cache/
 %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cli/*php
 %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cli/.htaccess
+%attr(0770,apache,apache) %{_localstatedir}/lib/%{name}/csrf/csrf-secret.php
 %attr(-,root,root) %{_localstatedir}/lib/%{name}/include
 %attr(-,root,root) %{_localstatedir}/lib/%{name}/lib
 %ghost %{_datadir}/%{name}/resource.rpmmoved
 
 %changelog
+* Mon Feb 10 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.9-1
+- Update to 1.2.9
+- CVE-2020-7106, CVE-2020-7237
+
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
diff --git a/sources b/sources
index ac6ab9a..bebb8f2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cacti-1.2.8.tar.gz) = e24d9de47a06c1741c7bcfe5c5f68a5a0f0cc2eb859fc930ced28f797f84ad537ff1a0a703dc8c26735cc4b54ba09699e33a30ac666e1f8ec2ec26ae4ceccde3
+SHA512 (cacti-1.2.9.tar.gz) = e50eb5587dc0274788b35cb701383ba897ab7c45a65efc7a8d32963b492c1ff1b96b0271ab7b6f9b53ad7dff5dd66b3ce4bd4a91c3ecf8ccd8d4b19b3ac972e4