[packages/cacti] - up to 1.2.9; fixes CVE-2020-7106, CVE-2020-7237
arekm
arekm at pld-linux.org
Wed Feb 12 11:23:05 CET 2020
commit 7a13808f24fa60940d143ee090ec615e50575b41
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Feb 12 11:22:56 2020 +0100
- up to 1.2.9; fixes CVE-2020-7106, CVE-2020-7237
cacti-config.patch | 9 ++++++---
cacti.spec | 6 ++++--
2 files changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/cacti.spec b/cacti.spec
index 6c1ef5c..ea84a15 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -3,12 +3,12 @@
Summary: Cacti is a PHP frontend for rrdtool
Summary(pl.UTF-8): Cacti - frontend w PHP do rrdtoola
Name: cacti
-Version: 1.2.8
+Version: 1.2.9
Release: 1
License: GPL v2
Group: Applications/WWW
Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
-# Source0-md5: 822e317918956246398cfc891dff66bc
+# Source0-md5: 1561dac3fddc4385389fe64b5a7c7067
Source2: %{name}.crontab
Source3: %{name}-apache.conf
Source4: %{name}-lighttpd.conf
@@ -171,6 +171,8 @@ cp -p %{SOURCE5} sql
/bin.php/!i#!%{_bindir}/php
}' scripts/*.php cli/*.php
+%{__sed} -i -e 's,#!/usr/bin/env php,#!/usr/bin/php,' include/vendor/cldr-to-gettext-plural-rules/bin/export-plural-rules
+
chmod a+rx scripts/*.php cli/*.php
find '(' -name '*~' -o -name '*.orig' ')' -print0 | xargs -0 -r -l512 rm -f
diff --git a/cacti-config.patch b/cacti-config.patch
index 49feed2..791d897 100644
--- a/cacti-config.patch
+++ b/cacti-config.patch
@@ -1,17 +1,20 @@
--- cacti-0.8.7b/include/global.php 2008-10-05 04:38:29.740276226 +0300
+++ cacti-0.8.7g/include/global.php 2010-12-13 12:10:44.312310245 +0200
-@@ -64,10 +64,7 @@ $url_path = '/cacti/';
- /* allow upto 5000 items to be selected */
+@@ -83,13 +83,7 @@ $disable_log_rotation = false;
ini_set('max_input_vars', '5000');
+ $config = array();
-/* Include configuration, or use the defaults */
-if (file_exists(dirname(__FILE__) . '/config.php')) {
+- if (!is_readable(dirname(__FILE__) . '/config.php')) {
+- die('Configuration file include/config.php is present, but unreadable.' . PHP_EOL);
+- }
- include(dirname(__FILE__) . '/config.php');
-}
+require '/etc/webapps/cacti/config.php';
if (isset($config['cacti_version'])) {
- die('Invalid include/config.php file detected.');
+ die('Invalid include/config.php file detected.' . PHP_EOL);
@@ -139,7 +139,8 @@ if ($config['cacti_server_os'] == 'win32
$config['library_path'] = preg_replace("/(.*[\/])include/", "\\1lib", dirname(__FILE__));
}
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/cacti.git/commitdiff/7a13808f24fa60940d143ee090ec615e50575b41
More information about the pld-cvs-commit
mailing list