diff options
| author | skreuzer <skreuzer@FreeBSD.org> | 2016-02-25 02:08:04 +0800 |
|---|---|---|
| committer | skreuzer <skreuzer@FreeBSD.org> | 2016-02-25 02:08:04 +0800 |
| commit | b59ea3a10ce5040bea335c2f9e69675f4fed98b9 (patch) | |
| tree | 1d820a031f4775b359c26be5e200118aee50745d /net-mgmt/cacti | |
| parent | 1c1a5cc6156f4120265bc6381ccd397788472e2d (diff) | |
| download | freebsd-ports-graphics-b59ea3a10ce5040bea335c2f9e69675f4fed98b9.tar.gz freebsd-ports-graphics-b59ea3a10ce5040bea335c2f9e69675f4fed98b9.tar.zst freebsd-ports-graphics-b59ea3a10ce5040bea335c2f9e69675f4fed98b9.zip | |
Update to 0.8.8g
Diffstat (limited to 'net-mgmt/cacti')
| -rw-r--r-- | net-mgmt/cacti/Makefile | 3 | ||||
| -rw-r--r-- | net-mgmt/cacti/distinfo | 4 | ||||
| -rw-r--r-- | net-mgmt/cacti/files/patch-CVE-2015-8369 | 218 | ||||
| -rw-r--r-- | net-mgmt/cacti/pkg-plist | 2 |
4 files changed, 4 insertions, 223 deletions
diff --git a/net-mgmt/cacti/Makefile b/net-mgmt/cacti/Makefile index 5e8317d0213..a19f9d335a4 100644 --- a/net-mgmt/cacti/Makefile +++ b/net-mgmt/cacti/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= cacti -PORTVERSION= 0.8.8f${PATCHLEVEL} -PORTREVISION= 2 +PORTVERSION= 0.8.8g${PATCHLEVEL} CATEGORIES= net-mgmt www MASTER_SITES= http://www.cacti.net/downloads/ \ ftp://ftpmirror.uk/freebsd-ports/cacti/ diff --git a/net-mgmt/cacti/distinfo b/net-mgmt/cacti/distinfo index 21548816d17..35a8a0e1228 100644 --- a/net-mgmt/cacti/distinfo +++ b/net-mgmt/cacti/distinfo @@ -1,2 +1,2 @@ -SHA256 (cacti-0.8.8f.tar.gz) = 2ea92407c11bf13302558a5bc9e1f3a57bd14a1d9ded48c505ec495762f76738 -SIZE (cacti-0.8.8f.tar.gz) = 2594409 +SHA256 (cacti-0.8.8g.tar.gz) = 3187bd5054ae4e54496bb23187f14c79a441fedcfd397a2d27cd60179f0dee33 +SIZE (cacti-0.8.8g.tar.gz) = 2584879 diff --git a/net-mgmt/cacti/files/patch-CVE-2015-8369 b/net-mgmt/cacti/files/patch-CVE-2015-8369 deleted file mode 100644 index 97d9b6761d4..00000000000 --- a/net-mgmt/cacti/files/patch-CVE-2015-8369 +++ /dev/null @@ -1,218 +0,0 @@ ------------------------------------------------------------------------- -r7767 | cigamit | 2015-11-28 20:08:16 +0000 (Sat, 28 Nov 2015) | 1 line -Changed paths: - M /cacti/tags/0.8.8g/docs/CHANGELOG - M /cacti/tags/0.8.8g/graph.php - M /cacti/tags/0.8.8g/include/top_graph_header.php ------------------------------------------------------------------------- - --bug:0002646: SQL injection in graph.php - ---- graph.php (revision 7766) -+++ graph.php (revision 7767) -@@ -32,29 +32,29 @@ - - api_plugin_hook_function('graph'); - --include_once("./lib/html_tree.php"); --include_once("./include/top_graph_header.php"); -- - /* ================= input validation ================= */ --input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$"); --input_validate_input_number(get_request_var("local_graph_id")); --input_validate_input_number(get_request_var("graph_end")); --input_validate_input_number(get_request_var("graph_start")); -+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); -+input_validate_input_number(get_request_var_request("local_graph_id")); -+input_validate_input_number(get_request_var_request("graph_end")); -+input_validate_input_number(get_request_var_request("graph_start")); - input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); - /* ==================================================== */ - --if (!isset($_GET['rra_id'])) { -- $_GET['rra_id'] = 'all'; -+include_once("./lib/html_tree.php"); -+include_once("./include/top_graph_header.php"); -+ -+if (!isset($_REQUEST['rra_id'])) { -+ $_REQUEST['rra_id'] = 'all'; - } - --if ($_GET["rra_id"] == "all") { -+if ($_REQUEST["rra_id"] == "all") { - $sql_where = " where id is not null"; - }else{ -- $sql_where = " where id=" . $_GET["rra_id"]; -+ $sql_where = " where id=" . $_REQUEST["rra_id"]; - } - - /* make sure the graph requested exists (sanity) */ --if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) { -+if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) { - print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit; - } - -@@ -61,7 +61,7 @@ - /* take graph permissions into account here, if the user does not have permission - give an "access denied" message */ - if (read_config_option("auth_method") != 0) { -- $access_denied = !(is_graph_allowed($_GET["local_graph_id"])); -+ $access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"])); - - if ($access_denied == true) { - print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit; -@@ -68,7 +68,7 @@ - } - } - --$graph_title = get_graph_title($_GET["local_graph_id"]); -+$graph_title = get_graph_title($_REQUEST["local_graph_id"]); - - if ($_REQUEST["view_type"] == "tree") { - print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>"; -@@ -76,15 +76,15 @@ - print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>"; - } - --$rras = get_associated_rras($_GET["local_graph_id"]); -+$rras = get_associated_rras($_REQUEST["local_graph_id"]); - - switch ($_REQUEST["action"]) { - case 'view': - api_plugin_hook_function('page_buttons', -- array('lgid' => $_GET["local_graph_id"], -+ array('lgid' => $_REQUEST["local_graph_id"], - 'leafid' => '',//$leaf_id, - 'mode' => 'mrtg', -- 'rraid' => $_GET["rra_id"]) -+ 'rraid' => $_REQUEST["rra_id"]) - ); - ?> - <tr class='tableHeader'> -@@ -105,13 +105,13 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> -+ <img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> - </td> - <td valign='top' style='padding: 3px;' class='noprint'> -- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> - <a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br> - </td> - </tr> -@@ -143,7 +143,7 @@ - } - - /* fetch information for the current RRA */ -- $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]); -+ $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]); - - /* define the time span, which decides which rra to use */ - $timespan = -($rra["timespan"]); -@@ -154,7 +154,7 @@ - FROM (data_template_data,data_template_rrd,graph_templates_item) - WHERE graph_templates_item.task_item_id=data_template_rrd.id - AND data_template_rrd.local_data_id=data_template_data.local_data_id -- AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] . -+ AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] . - " LIMIT 0,1"); - $ds_step = empty($ds_step) ? 300 : $ds_step; - $seconds_between_graph_updates = ($ds_step * $rra["steps"]); -@@ -161,17 +161,17 @@ - - $now = time(); - -- if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) { -- $graph_end = $_GET["graph_end"]; -+ if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) { -+ $graph_end = $_REQUEST["graph_end"]; - }else{ - $graph_end = $now - $seconds_between_graph_updates; - } - -- if (isset($_GET["graph_start"])) { -- if (($graph_end - $_GET["graph_start"])>$max_timespan) { -+ if (isset($_REQUEST["graph_start"])) { -+ if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) { - $graph_start = $now - $max_timespan; - }else { -- $graph_start = $_GET["graph_start"]; -+ $graph_start = $_REQUEST["graph_start"]; - } - }else{ - $graph_start = $now + $timespan; -@@ -186,7 +186,7 @@ - graph_templates_graph.height, - graph_templates_graph.width - from graph_templates_graph -- where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]); -+ where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]); - - $graph_height = $graph["height"]; - $graph_width = $graph["width"]; -@@ -214,12 +214,12 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> -+ <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> - </td> - <td valign='top' style='padding: 3px;' class='noprint'> -- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> - </td> - </tr> - <tr> -@@ -249,17 +249,17 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> -+ <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> - </td> - <td valign='top' style='padding: 3px;'> -- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> - </td> - </tr> - <tr> - <td colspan='2' align='center'> -- <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong> -+ <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong> - </td> - </tr> - </table> ---- include/top_graph_header.php (revision 7766) -+++ include/top_graph_header.php (revision 7767) -@@ -146,12 +146,12 @@ - $graph_data_array["print_source"] = true; - - /* override: graph start time (unix time) */ -- if (!empty($_GET["graph_start"])) { -+ if (!empty($_REQUEST["graph_start"])) { - $graph_data_array["graph_start"] = get_request_var_request("graph_start"); - } - - /* override: graph end time (unix time) */ -- if (!empty($_GET["graph_end"])) { -+ if (!empty($_REQUEST["graph_end"])) { - $graph_data_array["graph_end"] = get_request_var_request("graph_end"); - } - - diff --git a/net-mgmt/cacti/pkg-plist b/net-mgmt/cacti/pkg-plist index 2cf80c96044..2f601fef5a1 100644 --- a/net-mgmt/cacti/pkg-plist +++ b/net-mgmt/cacti/pkg-plist @@ -137,7 +137,6 @@ %%CACTIDIR%%/docs/html/user_management.html %%CACTIDIR%%/docs/html/using_spine.html %%CACTIDIR%%/docs/html/variables.html -%%CACTIDIR%%/docs/pdf/README %%CACTIDIR%%/docs/txt/manual.txt %%CACTIDIR%%/gprint_presets.php %%CACTIDIR%%/graph.php @@ -348,6 +347,7 @@ %%CACTIDIR%%/install/0_8_8c_to_0_8_8d.php %%CACTIDIR%%/install/0_8_8d_to_0_8_8e.php %%CACTIDIR%%/install/0_8_8e_to_0_8_8f.php +%%CACTIDIR%%/install/0_8_8f_to_0_8_8g.php %%CACTIDIR%%/install/0_8_to_0_8_1.php %%CACTIDIR%%/install/index.php %%CACTIDIR%%/install/install_finish.gif |