[packages/cacti] - up to 0.8.8c

arekm arekm at pld-linux.org
Sun Nov 30 00:22:33 CET 2014 

commit 08cf429564bb6dada21d452958ac8f958b5291aa
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sun Nov 30 00:22:27 2014 +0100

    - up to 0.8.8c

 cacti-config.patch  | 13 ++++++-------
 cacti.spec          | 11 ++++-------
 host_name-url.patch | 48 ++++++++++++++++++++++++++++--------------------
 rra-comments.patch  | 42 ------------------------------------------
 4 files changed, 38 insertions(+), 76 deletions(-)
---
diff --git a/cacti.spec b/cacti.spec
index db26917..c00ec15 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -4,12 +4,12 @@
 Summary:	Cacti is a PHP frontend for rrdtool
 Summary(pl.UTF-8):	Cacti - frontend w PHP do rrdtoola
 Name:		cacti
-Version:	0.8.8b
-Release:	5
+Version:	0.8.8c
+Release:	1
 License:	GPL v2
 Group:		Applications/WWW
 Source0:	http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
-# Source0-md5:	acb40deae073ca22e5c01a8e3ba389fb
+# Source0-md5:	11e3955c9ea494879967e19aa935e682
 Source2:	%{name}.crontab
 Source3:	%{name}-apache.conf
 Source4:	%{name}-lighttpd.conf
@@ -24,10 +24,8 @@ Patch5:		%{name}-linux_memory.patch
 Patch6:		%{name}-log-verbosity.patch
 Patch7:		%{name}-ss_disk-array-indices.patch
 Patch8:		host_name-url.patch
-Patch9:		rra-comments.patch
 # http://www.cacti.net/download_patches.php
-Patch100:	http://www.cacti.net/downloads/patches/%{version}/security.patch
-# Patch100-md5:	bd18f265cca1f9713f88296f0be1ef56
+# Patch100: ..
 URL:		http://www.cacti.net/
 BuildRequires:	sed >= 4.0
 Requires(postun):	/usr/sbin/userdel
@@ -142,7 +140,6 @@ Dokumentacja do Cacti w formacie HTML.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
-%patch9 -p2
 
 mkdir -p sql
 mv *.sql sql
diff --git a/cacti-config.patch b/cacti-config.patch
index d9a821c..1151a13 100644
--- a/cacti-config.patch
+++ b/cacti-config.patch
@@ -74,12 +74,12 @@
  		/* echo the data to the log (append) */
 --- cacti-0.8.8/utilities.php~	2012-10-29 22:14:05.000000000 +0200
 +++ cacti-0.8.8/utilities.php	2012-10-29 22:15:05.781005237 +0200
-@@ -798,12 +798,12 @@
+@@ -773,12 +773,12 @@ function utilities_clear_user_log() {
  }
  
  function utilities_view_logfile() {
--	global $colors, $log_tail_lines, $page_refresh_interval, $refresh;
-+	global $colors, $log_tail_lines, $page_refresh_interval, $config;
+-	global $log_tail_lines, $page_refresh_interval, $refresh;
++	global $log_tail_lines, $page_refresh_interval, $config;
  
  	$logfile = read_config_option("path_cactilog");
  
@@ -89,15 +89,14 @@
  	}
  
  	/* helps determine output color */
-@@ -858,7 +858,7 @@
+@@ -1014,6 +1014,7 @@ function utilities_view_logfile() {
  }
  
  function utilities_clear_logfile() {
--	global $colors;
-+	global $config, $colors;
- 
++	global $config;
  	load_current_session_value("refresh", "sess_logfile_refresh", read_config_option("log_refresh_interval"));
  
+ 	$refresh["seconds"] = get_request_var_request("refresh");
 @@ -870,7 +870,7 @@
  	$logfile = read_config_option("path_cactilog");
  
diff --git a/host_name-url.patch b/host_name-url.patch
index 1cafab8..44698bc 100644
--- a/host_name-url.patch
+++ b/host_name-url.patch
@@ -1,30 +1,38 @@
 --- cacti-0.8.7e/graph_view.php	2009-10-02 10:30:43.000000000 +0300
 +++ cacti/graph_view.php	2009-10-07 12:42:04.032959475 +0300
-@@ -158,12 +158,18 @@
+@@ -30,6 +30,7 @@ include_once('./lib/timespan_settings.ph
+ define("MAX_DISPLAY_PAGES", 21);
+ 
+ /* ================= input validation ================= */
++input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
+ input_validate_input_number(get_request_var_request('branch_id'));
+ input_validate_input_number(get_request_var_request('hide'));
+ input_validate_input_number(get_request_var_request('tree_id'));
+@@ -41,6 +42,11 @@ input_validate_input_regex(get_request_v
+ input_validate_input_regex(get_request_var_request('nodeid'), '^([_a-z0-9]+)$');
+ /* ==================================================== */
+ 
++if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
++	// fill $host_id from $host_name. empty result is ok too, we'll list previous view then
++	$_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
++}
++
+ /* clean up action string */
+ if (isset($_REQUEST['action'])) {
+ 	$_REQUEST['action'] = sanitize_search_string(get_request_var_request('action'));
+@@ -162,6 +168,7 @@ case 'preview':
  	}
  
  	/* ================= input validation ================= */
 +	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
- 	input_validate_input_number(get_request_var_request("host_id"));
- 	input_validate_input_number(get_request_var_request("graph_template_id"));
- 	input_validate_input_number(get_request_var_request("page"));
- 	input_validate_input_number(get_request_var_request("rows"));
- 	/* ==================================================== */
- 
-+	if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
-+		// fill $host_id from $host_name. empty result is ok too, we'll list previous view then
-+		$_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
-+	}
-+
- 	/* clean up search string */
- 	if (isset($_REQUEST["filter"])) {
- 		$_REQUEST["filter"] = sanitize_search_string(get_request_var_request("filter"));
-@@ -550,6 +556,7 @@
+ 	input_validate_input_number(get_request_var_request('host_id'));
+ 	input_validate_input_number(get_request_var_request('graph_template_id'));
+ 	input_validate_input_number(get_request_var_request('page'));
+@@ -600,6 +607,7 @@ case 'list':
  	}
  
  	/* ================= input validation ================= */
 +	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
- 	input_validate_input_number(get_request_var_request("host_id"));
- 	input_validate_input_number(get_request_var_request("graph_template_id"));
- 	/* ==================================================== */
-
+ 	input_validate_input_number(get_request_var_request('host_id'));
+ 	input_validate_input_number(get_request_var_request('graph_template_id'));
+ 	input_validate_input_number(get_request_var_request('rows'));
diff --git a/rra-comments.patch b/rra-comments.patch
deleted file mode 100644
index c5becfe..0000000
--- a/rra-comments.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-------------------------------------------------------------------------
-r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
-
-fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
-------------------------------------------------------------------------
-Index: branches/0.8.8/lib/rrd.php
-===================================================================
---- branches/0.8.8/lib/rrd.php	(revision 7417)
-+++ branches/0.8.8/lib/rrd.php	(revision 7418)
-@@ -1343,20 +1343,20 @@
- 		$need_rrd_nl = TRUE;
- 
- 		if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
-+			# perform variable substitution first (in case this will yield an empty results or brings command injection problems)
-+			$comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
-+			# next, compute the argument of the COMMENT statement and perform injection counter measures
-+			if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
-+				$comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
-+			} else {
-+				$comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
-+			}
-+
-+			# create rrdtool specific command line
- 			if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
--				$comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
--				if (trim($comment_string) == 'COMMENT:"\n"') {
--					$txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
--				} else if (trim($comment_string) != "COMMENT:\"\"") {
--					$txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
--				}
-+				$txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
- 			}else {
--				$comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
--				if (trim($comment_string) == 'COMMENT:"\n"') {
--					$txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
--				} else if (trim($comment_string) != "COMMENT:\"\"") {
--					$txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
--				}
-+				$txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
- 			}
- 		}elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
- 			$graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/cacti.git/commitdiff/08cf429564bb6dada21d452958ac8f958b5291aa

More information about the pld-cvs-commit mailing list