diff --git a/cacti.spec b/cacti.spec index f4efec6..eb3a56b 100644 --- a/cacti.spec +++ b/cacti.spec @@ -1,6 +1,6 @@ Name: cacti -Version: 0.8.7e -Release: 4%{?dist} +Version: 0.8.7f +Release: 1%{?dist} Summary: An rrd based graphing tool Group: Applications/System @@ -11,11 +11,6 @@ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz Source1: cacti-httpd.conf Source2: cacti.logrotate Source3: cacti.README.Fedora -Patch0: cli_add_graph.patch -Patch1: snmp_invalid_response.patch -Patch2: template_duplication.patch -Patch3: cross_site_fix.patch -Patch4: sql_injection_template_export.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -35,11 +30,6 @@ used to creating traffic graphs with MRTG. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron @@ -115,6 +105,10 @@ fi %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib %changelog +* Mon May 24 2010 Mike McGrath - 0.8.7f-1 +- Upstream released new version +- Contains security updates #595289 + * Fri Apr 23 2010 Mike McGrath - 0.8.7e-4 - Pulling in patches from upstream - SQL injection fix diff --git a/cli_add_graph.patch b/cli_add_graph.patch deleted file mode 100644 index b82d21a..0000000 --- a/cli_add_graph.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ../tags/0.8.7e/cli/add_graphs.php 2009-06-28 12:34:31.000000000 -0400 -+++ 0.8.7/cli/add_graphs.php 2009-08-18 20:04:44.000000000 -0400 -@@ -570,7 +570,7 @@ - echo " 3|Fields = Verify all Fields\n"; - echo "List Options:\n"; - echo " --list-hosts\n"; -- echo " --list-graph-templates [--host_template=[ID]]\n"; -+ echo " --list-graph-templates [--host-template-id=[ID]]\n"; - echo " --list-input-fields --graph-template-id=[ID]\n"; - echo " --list-snmp-queries\n"; - echo " --list-query-types --snmp-query-id [ID]\n"; diff --git a/cross_site_fix.patch b/cross_site_fix.patch deleted file mode 100644 index ddc9e2e..0000000 --- a/cross_site_fix.patch +++ /dev/null @@ -1,175 +0,0 @@ ---- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400 -+++ cacti-0.8.7e-patched/graph.php 2009-11-21 23:10:16.000000000 -0500 -@@ -35,6 +35,8 @@ - /* ================= input validation ================= */ - input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); - input_validate_input_number(get_request_var("local_graph_id")); -+input_validate_input_number(get_request_var("graph_end")); -+input_validate_input_number(get_request_var("graph_start")); - input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); - /* ==================================================== */ - ---- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400 -+++ cacti-0.8.7e-patched/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500 -@@ -58,7 +58,7 @@ - if ($_SESSION["custom"]) { - print "\r\n"; - }else{ -- print "\r\n"; -+ print "\r\n"; - } - } - ?> -@@ -113,7 +113,7 @@ - - - -- " height="2" border="0">
-+ " height="2" border="0">
- - - -@@ -144,7 +144,7 @@ - - - -- -+ -
- - ---- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400 -+++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500 -@@ -235,13 +235,21 @@ - - if (sizeof($items) > 0) { - foreach ($items as $item) { -- print $item["name"] . "
"; -+ print htmlspecialchars($item["name"],ENT_QUOTES) . "
"; - } - } - - break; -+ case 'font': -+ form_font_box($field_name, $field_array["value"], -+ ((isset($field_array["default"])) ? $field_array["default"] : ""), -+ $field_array["max_length"], -+ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text", -+ ((isset($field_array["form_id"])) ? $field_array["form_id"] : "")); -+ -+ break; - default: -- print "" . $field_array["value"] . ""; -+ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . ""; - - form_hidden_box($field_name, $field_array["value"], ""); - -@@ -384,7 +392,7 @@ - $form_previous_value = $form_default_value; - } - -- print "\n"; -+ print "\n"; - } - - /* form_dropdown - draws a standard html dropdown box -@@ -568,7 +576,7 @@ - } - } - -- print ">". $array_display[$id]; -+ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES); - print "\n"; - } - -@@ -627,6 +635,65 @@ - print "\n"; - } - -+/* form_font_box - draws a standard html textbox and provides status of a fonts existence -+ @arg $form_name - the name of this form element -+ @arg $form_previous_value - the current value of this form element -+ @arg $form_default_value - the value of this form element to use if there is -+ no current value available -+ @arg $form_max_length - the maximum number of characters that can be entered -+ into this textbox -+ @arg $form_size - the size (width) of the textbox -+ @arg $type - the type of textbox, either 'text' or 'password' -+ @arg $current_id - used to determine if a current value for this form element -+ exists or not. a $current_id of '0' indicates that no current value exists, -+ a non-zero value indicates that a current value does exist */ -+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) { -+ if (($form_previous_value == "") && (empty($current_id))) { -+ $form_previous_value = $form_default_value; -+ } -+ -+ print ""; -+ } else { -+ $extra_data = "
[" . "OK: FONT FOUND" . "]"; -+ } -+ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" || -+ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files -+ if (is_file($form_previous_value)) { -+ $extra_data = "
[" . "OK: FILE FOUND" . "]"; -+ }else if (is_dir($form_previous_value)) { -+ $extra_data = "
[" . "ERROR: IS DIR" . "]"; -+ }else{ -+ $extra_data = "
[" . "ERROR: FILE NOT FOUND" . "]"; -+ } -+ } # will be used for future versions of rrdtool -+ } -+ -+ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data; -+} -+ - /* form_confirm - draws a table presenting the user with some choice and allowing - them to either proceed (delete) or cancel - @arg $body_text - the text to prompt the user with on this form ---- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400 -+++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500 -@@ -125,9 +125,9 @@ - if (isset($_POST["date1"])) { - /* the dates have changed, therefore, I am now custom */ - if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) { -- $timespan["current_value_date1"] = $_POST["date1"]; -+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); - $timespan["begin_now"] =strtotime($timespan["current_value_date1"]); -- $timespan["current_value_date2"] = $_POST["date2"]; -+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); - $timespan["end_now"]=strtotime($timespan["current_value_date2"]); - $_SESSION["sess_current_timespan"] = GT_CUSTOM; - $_SESSION["custom"] = 1; -@@ -135,8 +135,8 @@ - }else { - /* the default button wasn't pushed */ - if (!isset($_POST["button_clear_x"])) { -- $timespan["current_value_date1"] = $_POST["date1"]; -- $timespan["current_value_date2"] = $_POST["date2"]; -+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); -+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); - $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"]; - $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"]; - diff --git a/snmp_invalid_response.patch b/snmp_invalid_response.patch deleted file mode 100644 index 5b2dd20..0000000 --- a/snmp_invalid_response.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- ../tags/0.8.7e/include/global_arrays.php 2009-06-28 12:34:31.000000000 -0400 -+++ 0.8.7/include/global_arrays.php 2009-08-18 20:04:44.000000000 -0400 -@@ -174,6 +174,10 @@ - "DES" => "DES (default)", - "AES128" => "AES"); - -+$banned_snmp_strings = array( -+ "End of MIB", -+ "No Such"); -+ - $logfile_options = array(1 => - "Logfile Only", - "Logfile and Syslog/Eventlog", ---- ../tags/0.8.7e/lib/snmp.php 2009-06-28 12:34:30.000000000 -0400 -+++ 0.8.7/lib/snmp.php 2009-08-18 20:04:44.000000000 -0400 -@@ -27,9 +27,6 @@ - define("SNMP_METHOD_PHP", 1); - define("SNMP_METHOD_BINARY", 2); - --/* declare once, use many times */ --$banned_snmp_strings = array("End of MIB", "No Such"); -- - /* we must use an apostrophe to escape community names under Unix in case the user uses - characters that the shell might interpret. the ucd-snmp binaries on Windows flip out when - you do this, but are perfectly happy with a quotation mark. */ diff --git a/sources b/sources index c43e0c1..918e8cf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7563a58a57d2c6cc0da28cc341a30969 cacti-0.8.7e.tar.gz +c50a49e3b439dba1fd44ddc34276d4df cacti-0.8.7f.tar.gz diff --git a/sql_injection_template_export.patch b/sql_injection_template_export.patch deleted file mode 100644 index 397990c..0000000 --- a/sql_injection_template_export.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400 -+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400 -@@ -49,6 +49,10 @@ - function form_save() { - global $export_types; - -+ /* ================= input validation ================= */ -+ input_validate_input_number(get_request_var_post("export_item_id")); -+ /* ==================================================== */ -+ - if (isset($_POST["save_component_export"])) { - $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true)); - diff --git a/template_duplication.patch b/template_duplication.patch deleted file mode 100644 index cd6ff4b..0000000 --- a/template_duplication.patch +++ /dev/null @@ -1,234 +0,0 @@ -diff -ruBbd 0.8.7e/cli/repair_templates.php 0.8.7/cli/repair_templates.php ---- 0.8.7e/cli/repair_templates.php 2009-08-18 22:03:22.000000000 -0400 -+++ 0.8.7/cli/repair_templates.php 2009-08-20 07:43:54.000000000 -0400 -@@ -0,0 +1,135 @@ -+This script is only meant to run at the command line."); -+} -+ -+$no_http_headers = true; -+ -+include(dirname(__FILE__) . "/../include/global.php"); -+include_once("../lib/utility.php"); -+include_once("../lib/template.php"); -+ -+/* process calling arguments */ -+$parms = $_SERVER["argv"]; -+array_shift($parms); -+ -+$execute = FALSE; -+ -+foreach($parms as $parameter) { -+ @list($arg, $value) = @explode("=", $parameter); -+ -+ switch ($arg) { -+ case "--execute": -+ $execute = TRUE; -+ break; -+ case "-h": -+ case "-v": -+ case "-V": -+ case "--version": -+ case "--help": -+ display_help(); -+ exit; -+ default: -+ print "ERROR: Invalid Parameter " . $parameter . "\n\n"; -+ display_help(); -+ exit; -+ } -+} -+ -+if ($execute) { -+ echo "NOTE: Repairing All Duplicated Templates\n"; -+} else { -+ echo "NOTE: Performing Check of Templates\n"; -+} -+ -+/* repair data templates first */ -+if ($execute) { -+ echo "NOTE: Repairing Data Templates\n"; -+} else { -+ echo "NOTE: Performing Check of Data Templates\n"; -+} -+ -+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT data_template_id FROM data_template_rrd WHERE hash='' AND local_data_id=0"); -+if (sizeof($damaged_template_ids)) { -+ foreach($damaged_template_ids as $id) { $template_name = db_fetch_cell("SELECT name FROM data_template WHERE id=" . $id["data_template_id"]); -+ echo "NOTE: Data Template '$template_name' is Damaged and can be repaired\n"; -+ } -+ -+ $damaged_templates = db_fetch_assoc("SELECT * FROM data_template_rrd WHERE hash='' AND local_data_id=0"); -+ if (sizeof($damaged_templates)) { -+ echo "NOTE: -- Damaged Data Templates Objects Found is '" . sizeof($damaged_templates) . "'\n"; -+ if ($execute) { -+ foreach($damaged_templates as $template) { -+ $hash = get_hash_data_template($template["local_data_template_rrd_id"], "data_template_item"); -+ db_execute("UPDATE data_template_rrd SET hash='$hash' WHERE id=" . $template["id"]); -+ } -+ } -+ } -+} else { -+ echo "NOTE: No Damaged Data Templates Found\n"; -+} -+ -+/* reset the array */ -+$damaged_templates = array(); -+ -+/* repair graph templates */ -+if ($execute) { -+ echo "NOTE: Repairing Graph Templates\n"; -+} else { -+ echo "NOTE: Performing Check of Graph Templates\n"; -+} -+ -+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT graph_template_id FROM graph_template_input WHERE hash=''"); -+if (sizeof($damaged_template_ids)) { -+ foreach($damaged_template_ids as $id) { -+ $template_name = db_fetch_cell("SELECT name FROM graph_templates WHERE id=" . $id["graph_template_id"]); -+ echo "NOTE: Graph Template '$template_name' is Damaged and can be repaired\n"; -+ } -+ -+ $damaged_templates = db_fetch_assoc("SELECT * FROM graph_template_input WHERE hash=''"); -+ if (sizeof($damaged_templates)) { -+ echo "NOTE: -- Damaged Graph Templates Objects Found is '" . sizeof($damaged_templates) . "'\n"; -+ if ($execute) { -+ foreach($damaged_templates as $template) { -+ $hash = get_hash_graph_template(0, "graph_template_input"); -+ db_execute("UPDATE graph_template_input SET hash='$hash' WHERE id=" . $template["id"]); -+ } -+ } -+ } -+} else { -+ echo "NOTE: No Damaged Graph Templates Found\n"; -+} -+ -+ -+/* display_help - displays the usage of the function */ -+function display_help () { -+ print "Cacti Database Template Repair Tool v1.0, Copyright 2004-2009 - The Cacti Group\n\n"; -+ print "usage: repair_templates.php --execute [--help]\n\n"; -+ print "--execute - Perform the repair\n"; -+ print "--help - display this help message\n"; -+} -+?> -diff -ruBbd 0.8.7e/docs/README 0.8.7/docs/README ---- 0.8.7e/docs/README 2009-08-18 21:57:30.000000000 -0400 -+++ 0.8.7/docs/README 2009-08-18 21:58:09.000000000 -0400 -@@ -90,6 +90,9 @@ - table - poller_reindex_hosts.php - Cause data query reindex on hosts - rebuild_poller_cache.php - Rebuilds the poller cache -+ repair_templates.php - Certain templates, when created using the "duplicate" -+ function in Cacti, do not import/export well. This utility repairs -+ those templates. - - - -diff -ruBbd 0.8.7e/lib/export.php 0.8.7/lib/export.php ---- 0.8.7e/lib/export.php 2009-08-18 21:56:47.000000000 -0400 -+++ 0.8.7/lib/export.php 2009-08-18 21:57:50.000000000 -0400 -@@ -811,7 +811,9 @@ - } - - function xml_character_encode($text) { -- -+ if (function_exists("htmlspecialchars")) { -+ return htmlspecialchars($text, ENT_QUOTES, "UTF-8"); -+ } else { - $text = str_replace("&", "&", $text); - $text = str_replace(">", ">", $text); - $text = str_replace("<", "<", $text); -@@ -819,6 +821,7 @@ - $text = str_replace("\'", "'", $text); - - return $text; -+ } - } - - ?> -diff -ruBbd 0.8.7e/lib/import.php 0.8.7/lib/import.php ---- 0.8.7e/lib/import.php 2009-08-18 21:56:59.000000000 -0400 -+++ 0.8.7/lib/import.php 2009-08-18 21:57:55.000000000 -0400 -@@ -36,10 +36,6 @@ - return $info_array; - } - -- if (isset($xml_array["name"])) { -- $xml_array["name"] = htmlspecialchars($xml_array["name"]); -- } -- - while (list($hash, $hash_array) = each($xml_array)) { - /* parse information from the hash */ - $parsed_hash = parse_xml_hash($hash); -@@ -115,7 +111,7 @@ - $_graph_template_id = db_fetch_cell("select id from graph_templates where hash='$hash'"); - $save["id"] = (empty($_graph_template_id) ? "0" : $_graph_template_id); - $save["hash"] = $hash; -- $save["name"] = htmlspecialchars($xml_array["name"]); -+ $save["name"] = $xml_array["name"]; - $graph_template_id = sql_save($save, "graph_templates"); - - $hash_cache["graph_template"][$hash] = $graph_template_id; -@@ -914,9 +910,13 @@ - } - - function xml_character_decode($text) { -+ if (function_exists("html_entity_decode")) { -+ return html_entity_decode($text, ENT_QUOTES, "UTF-8"); -+ } else { - $trans_tbl = get_html_translation_table(HTML_ENTITIES); - $trans_tbl = array_flip($trans_tbl); - return strtr($text, $trans_tbl); -+ } - } - - ?> -diff -ruBbd 0.8.7e/lib/utility.php 0.8.7/lib/utility.php ---- 0.8.7e/lib/utility.php 2009-08-18 21:57:08.000000000 -0400 -+++ 0.8.7/lib/utility.php 2009-08-18 21:58:00.000000000 -0400 -@@ -346,6 +346,7 @@ - $save["name"] = $graph_template_input["name"]; - $save["description"] = $graph_template_input["description"]; - $save["column_name"] = $graph_template_input["column_name"]; -+ $save["hash"] = get_hash_graph_template(0, "graph_template_input"); - - $graph_template_input_id = sql_save($save, "graph_template_input"); - -@@ -436,6 +437,11 @@ - $save["local_data_id"] = (isset($local_data_id) ? $local_data_id : 0); - $save["local_data_template_rrd_id"] = (isset($data_template_rrd["local_data_template_rrd_id"]) ? $data_template_rrd["local_data_template_rrd_id"] : 0); - $save["data_template_id"] = (!empty($_local_data_id) ? $data_template_rrd["data_template_id"] : $data_template_id); -+ if ($save["local_data_id"] == 0) { -+ $save["hash"] = get_hash_data_template($data_template_rrd["local_data_template_rrd_id"], "data_template_item"); -+ } else { -+ $save["hash"] = ''; -+ } - - while (list($field, $array) = each($struct_data_source_item)) { - $save{$field} = $data_template_rrd{$field};