head 1.4; access; symbols pkgsrc-2019Q1:1.3.0.36 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.34 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.32 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.30 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.28 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.26 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.24 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.20 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.18 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.16 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.14 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.12 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.10 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.8 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.6 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.4 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.2 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.2.0.8 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.6 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.4 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.2 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.1.1.1.0.18 pkgsrc-2013Q4-base:1.1.1.1 pkgsrc-2013Q3:1.1.1.1.0.16 pkgsrc-2013Q3-base:1.1.1.1 pkgsrc-2013Q2:1.1.1.1.0.14 pkgsrc-2013Q2-base:1.1.1.1 pkgsrc-2013Q1:1.1.1.1.0.12 pkgsrc-2013Q1-base:1.1.1.1 pkgsrc-2012Q4:1.1.1.1.0.10 pkgsrc-2012Q4-base:1.1.1.1 pkgsrc-2012Q3:1.1.1.1.0.8 pkgsrc-2012Q3-base:1.1.1.1 pkgsrc-2012Q2:1.1.1.1.0.6 pkgsrc-2012Q2-base:1.1.1.1 pkgsrc-2012Q1:1.1.1.1.0.4 pkgsrc-2012Q1-base:1.1.1.1 pkgsrc-2011Q4:1.1.1.1.0.2 pkgsrc-2011Q4-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2019.04.29.16.09.05; author hauke; state dead; branches; next 1.3; commitid 0VtNE4bzquaqcglB; 1.3 date 2015.03.11.13.56.46; author adam; state Exp; branches; next 1.2; commitid UT8JLqtBS2ja6cdy; 1.2 date 2014.01.08.20.51.28; author tron; state Exp; branches; next 1.1; commitid Jj6blLLN2EZt7mkx; 1.1 date 2011.11.22.22.23.13; author tez; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2011.11.22.22.23.13; author tez; state Exp; branches 1.1.1.1.18.1; next ; 1.1.1.1.18.1 date 2014.01.09.23.14.33; author spz; state Exp; branches; next ; commitid E1nKepqJvADzSukx; desc @@ 1.4 log @Completing the upgrade to Cacti v1.2.3. Funny enough, the previous commit coincided with my own work on a package upgrade. It brought a few bits and bobs I had been missing, and my work closes a few of its gaps. In detail: INSTALL - set CACTI_USER and APACHE_GROUP properly MESSAGES - mention newer PHPs' php.d, while updating the extension list mention setup problem Makefile - add mandatory dependencies: php-{json,zlib,mbstring,posix} add patched files to 'paths' substitution files/httpd-cacti.conf - convert to Apache 2.4 ACL syntax patches/ - comments, CACTI_LOGDIR substitution Minor touch-ups everywhere - I am sure there is more to do. The result pkglints, builds, installs, configures (taking the above #2621 into account), and runs. @ text @$NetBSD: patch-install_index.php,v 1.3 2015/03/11 13:56:46 adam Exp $ - Find utilites in PREFIX first. - Fix-up hard coded user and path (documentaion only). - Make log directory configurable by package variable --- install/index.php.orig 2014-11-23 20:18:57.000000000 +0000 +++ install/index.php @@@@ -96,7 +96,7 @@@@ function find_best_path($binary_name) { if ($config["cacti_server_os"] == "win32") { $search_paths = array("c:/usr/bin", "c:/cacti", "c:/rrdtool", "c:/spine", "c:/php", "c:/progra~1/php", "c:/net-snmp/bin", "c:/progra~1/net-snmp/bin", "d:/usr/bin", "d:/net-snmp/bin", "d:/progra~1/net-snmp/bin", "d:/cacti", "d:/rrdtool", "d:/spine", "d:/php", "d:/progra~1/php"); }else{ - $search_paths = array("/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"); + $search_paths = array("@@PREFIX@@/bin", "@@PREFIX@@/sbin", "/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"); } for ($i=0; $iSee the sample crontab entry below with the change made in red. Your crontab line will look slightly different based upon your setup.

-

*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1

+

*/5 * * * * @@CACTI_USER@@ php @@CACTIDIR@@poller.php > /dev/null 2>&1

Once you have made this change, please click Next to continue.

@ 1.3 log @Changes 0.8.8c: Important Security Fixes CVE-2013-5588 - XSS issue via installer or device editing CVE-2013-5589 - SQL injection vulnerability in device editing CVE-2014-2326 - XSS issue via CDEF editing CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability CVE-2014-2328 - Remote Command Execution Vulnerability in graph export CVE-2014-4002 - XSS issues in multiple files CVE-2014-5025 - XSS issue via data source editing CVE-2014-5026 - XSS issues in multiple files Important Updates New graph tree view Updated graph list and graph preview Refactor graph tree view to remove GPL incompatible code Updated command line database upgrade utility Graph zooming now from everywhere @ text @d1 1 a1 1 $NetBSD: patch-install_index.php,v 1.2 2014/01/08 20:51:28 tron Exp $ @ 1.2 log @Update the "cacti" package to version 0.8.8b. Changes since 0.8.8a: - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installations - bug: Fix issue with poller not escaping the script query path correctly - bug: Allow snmpv3 priv proto none - bug: Fix issue where host activate may flush the entire poller item cache -security: SQL injection and shell escaping issues Also add the fix for the security vulnerability reported in SA54531 taken from the SVN repository. @ text @d1 1 a1 1 $NetBSD: patch-install_index.php,v 1.1.1.1 2011/11/22 22:23:13 tez Exp $ a5 1 - Fix vulnerability reported in SA54531. Patch taken from here: d7 3 a9 5 http://svn.cacti.net/viewvc?view=rev&revision=7420 --- install/index.php.orig 2013-08-07 03:31:19.000000000 +0100 +++ install/index.php 2014-01-08 20:26:33.000000000 +0000 @@@@ -96,7 +96,7 @@@@ d18 1 a18 1 @@@@ -267,7 +267,7 @@@@ d27 1 a27 102 @@@@ -310,27 +310,28 @@@@ } /* pre-processing that needs to be done for each step */ -if (empty($_REQUEST["step"])) { - $_REQUEST["step"] = 1; -}else{ - if ($_REQUEST["step"] == "1") { - $_REQUEST["step"] = "2"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) { - $_REQUEST["step"] = "3"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) { - $_REQUEST["step"] = "8"; - }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { - $_REQUEST["step"] = "9"; - }elseif ($_REQUEST["step"] == "8") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "9") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "3") { - $_REQUEST["step"] = "4"; +if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) { + $step = intval($_REQUEST["step"]); + if ($step == "1") { + $step = "2"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) { + $step = "3"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) { + $step = "8"; + } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { + $step = "9"; + } elseif ($step == "8") { + $step = "3"; + } elseif ($step == "9") { + $step = "3"; + } elseif ($step == "3") { + $step = "4"; } +} else { + $step = 1; } -if ($_REQUEST["step"] == "4") { +if ($step == "4") { include_once("../lib/data_query.php"); include_once("../lib/utility.php"); @@@@ -366,7 +367,7 @@@@ header ("Location: ../index.php"); exit; -}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) { +}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) { /* if the version is not found, die */ if (!is_int($old_version_index)) { print "

Error

@@@@ -505,7 +506,7 @@@@ - +

Thanks for taking the time to download and install cacti, the complete graphing solution for your network. Before you can start making cool graphs, there are a few @@@@ -530,7 +531,7 @@@@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

- +

Please select the type of installation

@@@@ -551,7 +552,7 @@@@ print "Server Operating System Type: " . $config["cacti_server_os"] . "
"; ?>

- +

Make sure all of these values are correct before continuing.

- +

Upgrade results:

@@@@ -659,7 +660,7 @@@@ print $upgrade_results; ?> - +

Important Upgrade Notice

@@@@ -667,13 +668,13 @@@@ a35 16 -

finishnext.gif" alt="FinishNext">

+

finishnext.gif" alt="FinishNext">

@@@@ -681,7 +682,7 @@@@ -"> + @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 3 find utilites in PREFIX first fixup hard coded user and path (documentaion only) make log directory configurable by package variable d8 5 a12 3 --- install/index.php.orig 2011-09-26 20:41:03.000000000 +0000 +++ install/index.php @@@@ -95,7 +95,7 @@@@ function find_best_path($binary_name) { d21 1 a21 1 @@@@ -266,7 +266,7 @@@@ $input["path_cactilog"]["description"] = d30 102 a131 1 @@@@ -652,7 +652,7 @@@@ if ($_REQUEST["step"] == "4") { d140 16 @ 1.1.1.1 log @Cacti is a complete frontend to rrdtool, it stores all of the necessary information to create graphs and populates them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering also. There is also SNMP support for those used to creating traffic graphs with MRTG. The Plugin Architecture for Cacti was designed to be both simple in nature and robust enough to allow freedom to do almost anything in Cacti. The Plugin Architecture for Cacti is integrated into this package. (created from wip/cacti by pettai) @ text @@ 1.1.1.1.18.1 log @Pullup ticket #4290 - requested by tron net/cacti: security update Revisions pulled up: - net/cacti/Makefile 1.21 - net/cacti/PLIST 1.4 - net/cacti/distinfo 1.4 - net/cacti/patches/patch-host.php 1.1 - net/cacti/patches/patch-install_index.php 1.2 - net/cacti/patches/patch-lib_api_device.php 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Jan 8 20:51:28 UTC 2014 Modified Files: pkgsrc/net/cacti: Makefile PLIST distinfo pkgsrc/net/cacti/patches: patch-install_index.php Added Files: pkgsrc/net/cacti/patches: patch-host.php patch-lib_api_device.php Log Message: Update the "cacti" package to version 0.8.8b. Changes since 0.8.8a: - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installations - bug: Fix issue with poller not escaping the script query path correctly - bug: Allow snmpv3 priv proto none - bug: Fix issue where host activate may flush the entire poller item cache -security: SQL injection and shell escaping issues Also add the fix for the security vulnerability reported in SA54531 taken from the SVN repository. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/cacti/Makefile cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/cacti/PLIST pkgsrc/net/cacti/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/net/cacti/patches/patch-host.php \ pkgsrc/net/cacti/patches/patch-lib_api_device.php cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/cacti/patches/patch-install_index.php @ text @d3 3 a5 4 - Find utilites in PREFIX first. - Fix-up hard coded user and path (documentaion only). - Make log directory configurable by package variable - Fix vulnerability reported in SA54531. Patch taken from here: d7 3 a9 5 http://svn.cacti.net/viewvc?view=rev&revision=7420 --- install/index.php.orig 2013-08-07 03:31:19.000000000 +0100 +++ install/index.php 2014-01-08 20:26:33.000000000 +0000 @@@@ -96,7 +96,7 @@@@ d18 1 a18 1 @@@@ -267,7 +267,7 @@@@ d27 1 a27 102 @@@@ -310,27 +310,28 @@@@ } /* pre-processing that needs to be done for each step */ -if (empty($_REQUEST["step"])) { - $_REQUEST["step"] = 1; -}else{ - if ($_REQUEST["step"] == "1") { - $_REQUEST["step"] = "2"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) { - $_REQUEST["step"] = "3"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) { - $_REQUEST["step"] = "8"; - }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { - $_REQUEST["step"] = "9"; - }elseif ($_REQUEST["step"] == "8") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "9") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "3") { - $_REQUEST["step"] = "4"; +if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) { + $step = intval($_REQUEST["step"]); + if ($step == "1") { + $step = "2"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) { + $step = "3"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) { + $step = "8"; + } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { + $step = "9"; + } elseif ($step == "8") { + $step = "3"; + } elseif ($step == "9") { + $step = "3"; + } elseif ($step == "3") { + $step = "4"; } +} else { + $step = 1; } -if ($_REQUEST["step"] == "4") { +if ($step == "4") { include_once("../lib/data_query.php"); include_once("../lib/utility.php"); @@@@ -366,7 +367,7 @@@@ header ("Location: ../index.php"); exit; -}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) { +}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) { /* if the version is not found, die */ if (!is_int($old_version_index)) { print "

Error

@@@@ -505,7 +506,7 @@@@ - +

Thanks for taking the time to download and install cacti, the complete graphing solution for your network. Before you can start making cool graphs, there are a few @@@@ -530,7 +531,7 @@@@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

- +

Please select the type of installation

@@@@ -551,7 +552,7 @@@@ print "Server Operating System Type: " . $config["cacti_server_os"] . "
"; ?>

- +

Make sure all of these values are correct before continuing.

- +

Upgrade results:

@@@@ -659,7 +660,7 @@@@ print $upgrade_results; ?> - +

Important Upgrade Notice

@@@@ -667,13 +668,13 @@@@ a35 16 -

finishnext.gif" alt="FinishNext">

+

finishnext.gif" alt="FinishNext">

@@@@ -681,7 +682,7 @@@@ -"> + @