diff options
| author |   Peter Volkov <pva@gentoo.org> | 2009-11-25 11:14:41 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2009-11-25 11:14:41 +0000 |
| commit | 9ea1140230ecb0781bc8f015e97216a0973fd64a (patch) | |
| tree | 85c8612d24536490a37ed3b3e12ff819488b6ad3 /net-analyzer | |
| parent | amd64 stable, bug #294297 (diff) | |
| download | gentoo-2-9ea1140230ecb0781bc8f015e97216a0973fd64a.tar.gz gentoo-2-9ea1140230ecb0781bc8f015e97216a0973fd64a.tar.bz2 gentoo-2-9ea1140230ecb0781bc8f015e97216a0973fd64a.zip | |
Added patch to fix HTML injection vulnerabilities, thank Vadim Efimov for report, bug #294573. Removed old.
(Portage version: 2.2_rc46/cvs/Linux x86_64)
Diffstat (limited to 'net-analyzer')
| -rw-r--r-- | net-analyzer/cacti/ChangeLog | 10 | ||||
| -rw-r--r-- | net-analyzer/cacti/cacti-0.8.6j-r8.ebuild | 101 | ||||
| -rw-r--r-- | net-analyzer/cacti/cacti-0.8.7e-r1.ebuild (renamed from net-analyzer/cacti/cacti-0.8.7d.ebuild) | 16 | ||||
| -rw-r--r-- | net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch | 30 |
4 files changed, 18 insertions, 139 deletions
diff --git a/net-analyzer/cacti/ChangeLog b/net-analyzer/cacti/ChangeLog index c6734499fa7a..ab7a116e3e12 100644 --- a/net-analyzer/cacti/ChangeLog +++ b/net-analyzer/cacti/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-analyzer/cacti # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.153 2009/11/21 18:11:45 nixnut Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.154 2009/11/25 11:14:41 pva Exp $ + +*cacti-0.8.7e-r1 (25 Nov 2009) + + 25 Nov 2009; Peter Volkov <pva@gentoo.org> -cacti-0.8.6j-r8.ebuild, + -files/cacti-0.8.6j-dos-large-values.patch, -cacti-0.8.7d.ebuild, + +cacti-0.8.7e-r1.ebuild: + Added patch to fix HTML injection vulnerabilities, thank Vadim Efimov for + report, bug #294573. Removed old. 21 Nov 2009; nixnut <nixnut@gentoo.org> cacti-0.8.7e.ebuild: ppc stable #293268 diff --git a/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild b/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild deleted file mode 100644 index 028673604f05..000000000000 --- a/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.6j-r8.ebuild,v 1.7 2009/05/26 17:04:42 arfrever Exp $ - -inherit eutils webapp depend.apache depend.php - -# Support for _p* in version. -MY_P=${P/_p*/} -HAS_PATCHES=1 - -DESCRIPTION="Cacti is a complete frontend to rrdtool" -HOMEPAGE="http://www.cacti.net/" -SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz" - -# patches -if [ $HAS_PATCHES == 1 ] ; then - UPSTREAM_PATCHES="ping_php_version4_snmpgetnext - tree_console_missing_hosts - thumbnail_graphs_not_working - graph_debug_lockup_fix - snmpwalk_fix - sec_sql_injection-0.8.6j - multiple_vulnerabilities-0.8.6j" - for i in $UPSTREAM_PATCHES ; do - SRC_URI="${SRC_URI} http://www.cacti.net/downloads/patches/${PV/_p*}/${i}.patch" - done -fi - -LICENSE="GPL-2" -KEYWORDS="alpha amd64 ~hppa ppc ppc64 sparc x86" -IUSE="snmp bundled-adodb" - -DEPEND="" - -want_apache -need_php_cli -need_php_httpd - -RDEPEND="!apache2? ( www-servers/lighttpd ) - snmp? ( net-analyzer/net-snmp ) - net-analyzer/rrdtool - !bundled-adodb? ( dev-php/adodb ) - virtual/mysql - virtual/cron" - -src_unpack() { - if [ $HAS_PATCHES == 1 ] ; then - unpack ${MY_P}.tar.gz - [ ! ${MY_P} == ${P} ] && mv ${MY_P} ${P} - # patches - for i in ${UPSTREAM_PATCHES} ; do - EPATCH_OPTS="-p1 -d ${S} -N" epatch "${DISTDIR}"/${i}.patch - done ; - else - unpack ${MY_P}.tar.gz - fi - - epatch "${FILESDIR}/${P}"-dos-large-values.patch - - use bundled-adodb || sed -i -e \ - 's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \ - "${S}"/include/config.php -} - -pkg_setup() { - depend.apache_pkg_setup - webapp_pkg_setup - has_php - if [ $PHP_VERSION = 5 ] ; then - phpUseFlags="cli mysql xml session pcre" - elif [ $PHP_VERSION = 4 ] ; then - phpUseFlags="cli mysql xml session pcre expat" - fi - use bundled-adodb || phpUseFlags="${phpUseFlags} sockets" - require_php_with_use ${phpUseFlags} -} - -src_compile() { - einfo "Nothing to compile." -} - -src_install() { - webapp_src_preinst - - rm LICENSE README - dodoc docs/{CHANGELOG,CONTRIB,INSTALL,README,REQUIREMENTS,UPGRADE} - rm -rf docs - use bundled-adodb || rm -rf lib/adodb - - edos2unix `find -type f -name '*.php'` - - dodir ${MY_HTDOCSDIR} - cp -r . "${D}"${MY_HTDOCSDIR} - - webapp_serverowned ${MY_HTDOCSDIR}/rra - webapp_serverowned ${MY_HTDOCSDIR}/log/cacti.log - webapp_configfile ${MY_HTDOCSDIR}/include/config.php - webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt - - webapp_src_install -} diff --git a/net-analyzer/cacti/cacti-0.8.7d.ebuild b/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild index 15d672fb486f..6e73139e3223 100644 --- a/net-analyzer/cacti/cacti-0.8.7d.ebuild +++ b/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.7d.ebuild,v 1.1 2009/03/08 11:26:58 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.7e-r1.ebuild,v 1.1 2009/11/25 11:14:41 pva Exp $ inherit eutils webapp depend.php @@ -14,10 +14,11 @@ SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz" # patches if [ "${HAS_PATCHES}" == "1" ] ; then - UPSTREAM_PATCHES="ping_timeout - graph_search - page_length_graph_view - snmp_string_issue_with_rrdtool_creation" + UPSTREAM_PATCHES="cli_add_graph + snmp_invalid_response + template_duplication + fix_icmp_on_windows_iis_servers + cross_site_fix" for i in ${UPSTREAM_PATCHES} ; do SRC_URI="${SRC_URI} http://www.cacti.net/downloads/patches/${PV/_p*}/${i}.patch" done @@ -54,6 +55,8 @@ src_unpack() { sed -i -e \ 's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \ "${S}"/include/global.php + + rm -rf lib/adodb # don't use bundled adodb } pkg_setup() { @@ -68,10 +71,9 @@ src_install() { webapp_src_preinst rm LICENSE README - dodoc docs/{CHANGELOG,CONTRIB,INSTALL,README,REQUIREMENTS,UPGRADE,text/manual.txt} + dodoc docs/{CHANGELOG,CONTRIB,README,txt/manual.txt} || die use doc && dohtml -r docs/html/ rm -rf docs - rm -rf lib/adodb edos2unix `find -type f -name '*.php'` diff --git a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch b/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch deleted file mode 100644 index 7398e962151b..000000000000 --- a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -uNr -r cacti-0.8.6j-orig/graph_image.php cacti-0.8.6j/graph_image.php ---- cacti-0.8.6j-orig/graph_image.php 2007-01-18 01:23:10.000000000 +0100 -+++ cacti-0.8.6j/graph_image.php 2007-06-06 21:00:17.278210000 +0200 -@@ -51,22 +51,22 @@ - $graph_data_array = array(); - - /* override: graph start time (unix time) */ --if (!empty($_GET["graph_start"])) { -+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) { - $graph_data_array["graph_start"] = $_GET["graph_start"]; - } - - /* override: graph end time (unix time) */ --if (!empty($_GET["graph_end"])) { -+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { - $graph_data_array["graph_end"] = $_GET["graph_end"]; - } - - /* override: graph height (in pixels) */ --if (!empty($_GET["graph_height"])) { -+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { - $graph_data_array["graph_height"] = $_GET["graph_height"]; - } - - /* override: graph width (in pixels) */ --if (!empty($_GET["graph_width"])) { -+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { - $graph_data_array["graph_width"] = $_GET["graph_width"]; - } - |