Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Ports
cacti
cacti.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cacti.changes of Package cacti
------------------------------------------------------------------- Mon May 9 11:34:41 UTC 2016 - liedke@rz.uni-mannheim.de - Fix the following vulnerabilities: * CVE-2016-3659: SQL injection in lib/functions.php (CVE-2016-3659) (boo#974013) * CVE-2016-3172: SQL injection in tree.php (CVE-2016-3172) (boo#971357) ------------------------------------------------------------------- Tue Feb 9 19:57:17 UTC 2016 - astieger@suse.com - Fix the following vulnerabilities: * CVE-2015-8369: SQL injection in graph.php (boo#958863) * CVE-2015-8604: SQL injection in graphs_new.php (boo#960678) * CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977) * CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930) - adding CVE-2015-8369.patch, CVE-2015-8604-CVE-2015-8377.patch, CVE-2016-2313.patch ------------------------------------------------------------------- Sun Jul 26 19:12:38 UTC 2015 - astieger@suse.com - cacti 0.8.8f: * 0.8.8e Poller Script Parser is Broken * cli/upgrade_database.php is missing releases * Graph managment graphs.php save button does not work * Poller Script Parser is Broken ------------------------------------------------------------------- Mon Jul 20 10:53:24 UTC 2015 - joop.boonen@opensuse.org - Fixed the spec file so the package also builds for el7, Fedora 20 > etc. ------------------------------------------------------------------- Sat Jul 18 17:37:49 UTC 2015 - astieger@suse.com - Update to 0.8.8e: This update contains importand security fixes: [boo#937997] - Multiple XSS and SQL injection vulnerabilities - CVE-2015-4634 - SQL injection in graphs.php Further fixes: - Fixed issue with graph zooming failing to work - Impossible to have a URL pointing directly to a graph - Cannot delete data sources from the GUI - viewing host in new tab - Undefined index: nodeid - status_fail_date and status_rec_date are set incorrectly after host is marked down - Incorrect value in Hosts column on Host Templates page - Incorrect row number in Devices -> (Edit) page ------------------------------------------------------------------- Tue Jun 16 13:21:16 UTC 2015 - joop.boonen@opensuse.org - Update to version 0.8.8d - Fixes [bnc#934187] - CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities - feature: Remove un-needed fonts and javascript files - bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540 - bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors - bug#0002391: Odd Behaviour on ReIndex of Data Query Data - bug#0002393: Broken thumbnail images for graph templates - bug#0002402: Subtree must not have the same header as the parent header - bug#0002474: CLI add_device.php dows not set availability_method correctly - bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag - bug#0002428: Fail to delete all data input items when removing more than 1000 data sources - bug#0002439: Password with special character don't work with LDAP authentication - bug#0002461: invalid bn with ldap and anonymous bind - bug#0002465: Graph Export return empty CSV file - bug#0002484: Incorrect SQL request in cli script repair_database.php - bug#0002485: Broken pagenation on graph viewing - bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time - bug#0002490: Can not select page for multiple datasources per device - bug#0002494: CSV export always shows last day - bug#0002504: Data template search not functional - bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification - bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation - bug#0002544: Duplicate entry in $nav_url during list view - bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342 - bug#0002572: SQL injection in graph templates - Renamed two patch files, to a more generic name: - cacti-0.8.8c-cacti-log-path.patch to cacti-log-path.patch - cacti-0.8.8c-cacti-script.patch to cacti-script.patch ------------------------------------------------------------------- Mon Dec 8 11:25:49 UTC 2014 - aldemir.akpinar@gmail.com - Update to version 0.8.8c - New features - New graph tree view - Updated graph list and graph preview - Refactor graph tree view to remove GPL incompatible code - Updated command line database upgrade utility - Graph zooming now from everywhere - Security fixes - CVE-2013-5588 - XSS issue via installer or device editing - CVE-2013-5589 - SQL injection vulnerability in device editing - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export - CVE-2014-4002 - XSS issues in multiple files - CVE-2014-5025 - XSS issue via data source editing - CVE-2014-5026 - XSS issues in multiple files - Removed cacti-0.8.8b-cacti-log-path.patch as it is incompatible with 0.8.8c. - Removed cacti-0.8.8b-cacti-script.patch as it is incompatible with 0.8.8c. - Removed cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch as this code is incorprated to cacti 0.8.8c - Removed cacti-0.8.8b_security.patch as this code is incorprated to cacti 0.8.8c - Created cacti-0.8.8c-cacti-log-path.patch so that cacti only logs to /var/log/cacti - Created cacti-0.8.8c-cacti-script.patch so that cacti uses /usr/share/cacti/scripts ------------------------------------------------------------------- Sun Apr 13 20:21:53 UTC 2014 - aj@ajaissle.de - Add cacti-0.8.8b_security.patch: - Fixes [bnc#870821]: - CVE-2014-2326: Unspecified HTML Injection Vulnerability - Fixes CVE-2014-2328: - Unspecified Remote Command Execution Vulnerability - Fixes [bnc#872008]: - CVE-2014-2708: Unspecified SQL Injection Vulnerability - CVE-2014-2709: Unspecified Remote Command Execution Vulnerability - Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch: - Fixes [bnc#837440]: - CVE-2013-5588: HTML Injection Vulnerability - CVE-2013-5589: SQL Injection Vulnerability ------------------------------------------------------------------- Sat Apr 12 09:37:55 UTC 2014 - aj@ajaissle.de - Change php requirements to be more general on SUSE systems [bnc#862993] ------------------------------------------------------------------- Thu Aug 8 06:57:12 UTC 2013 - joop.boonen@opensuse.org - Update to version 0.8.8b - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installations - bug: Fix issue with poller not escaping the script query path correctly - bug: Allow snmpv3 priv proto none - bug: Fix issue where host activate may flush the entire poller item cache - security: SQL injection and shell escaping issues ------------------------------------------------------------------- Mon Jun 4 08:57:00 UTC 2012 - aldemir.akpinar@airties.com - Added official cacti 0.8.8a patch ------------------------------------------------------------------- Mon Apr 30 11:09:10 UTC 2012 - aldemir.akpinar@airties.com - New version 0.8.8a - Fixed an rpmlint warning ------------------------------------------------------------------- Mon Apr 16 10:27:23 UTC 2012 - joop.boonen@opensuse.org - Corrected the crontab file for openSUSE >= 12.2 - Some cross distro fixes so plugins will also build for other distros ------------------------------------------------------------------- Tue Apr 10 17:03:29 UTC 2012 - joop.boonen@opensuse.org - Install cacti in /srv/www/cacti/ from openSUSE 12.2 onwards - Passed the spec file through spec-cleaner - Cacti-PA can be removed as cacti includes the Plugin Architure ------------------------------------------------------------------- Tue Apr 10 09:14:52 UTC 2012 - aldemir.akpinar@airties.com - Minor changes in the spec file, updated version to 0.8.8 ------------------------------------------------------------------- Sun Jan 8 12:58:28 UTC 2012 - joop.boonen@boonen.org - Reformated the spec file to the openSUSE standard ------------------------------------------------------------------- Fri Dec 30 14:40:04 UTC 2011 - aldemir.akpinar@airties.com - Added official settings_checkbox patch ------------------------------------------------------------------- Tue Dec 13 22:15:03 UTC 2011 - joop.boonen@opensuse.org - Build version 0.8.7i ------------------------------------------------------------------- Tue Oct 4 13:19:26 UTC 2011 - aldemir.akpinar@airties.com - Upgrade to version 0.8.7h ------------------------------------------------------------------- Fri Jun 10 00:00:00 UTC 2011 aldemir.akpinar@airties.com - added 'Provides' to make cactid installable ------------------------------------------------------------------- Sat Jul 10 00:00:00 UTC 2010 joop.boonen@opensuse.org - update to cacti-0.8.7g ------------------------------------------------------------------- Sat May 22 00:00:00 UTC 2010 joop.boonen@opensuse.org - update to cacti-0.8.7f ------------------------------------------------------------------- Wed Nov 11 00:00:00 UTC 2009 joop.boonen@opensuse.org - Added the missing cli directory ------------------------------------------------------------------- Mon Aug 31 00:00:00 UTC 2009 joop.boonen@opensuse.org - Minor change in the name of the patch file ------------------------------------------------------------------- Fri Aug 28 00:00:00 UTC 2009 puzel@novell.com - update to cacti-0.8.7e.tar.bz2 - bug#0001044: Creating a DS, Output field can't be selected for DT with a DIM when "Use Per-Data Source Value" is on - bug#0001341: SNMP query: add oid_suffix for weird SNMP queries - bug#0001345: Overwriting $snmp_index in query_snmp_host() breaks SNMP Data query if using get method - bug#0001346: Strip out noisy 'No Such Instance currently exists at this OID' - bug#0001404: timeout in "function ping_icmp" (lib/ping.php) - bug#0001405: Spaces in DS when .rrd file is created, so it fails - bug#0001407: Place graph thumbnail into div to lower page length changes on load graphs - bug#0001410: Thumbnail Columns is not honored for host display with snmp index group style - bug#0001411: Graph searching issue - bug#0001413: strip_quotes fails - bug#0001426: multiple form opening due to bug in draw_edit_form() - bug#0001436: CSV Export Start Date and End Date are always 1970-01-01 01:00:00 - bug#0001443: format_snmp_string can return a number with a leading space - bug#0001446: Wrong dates override in CSV export - bug#0001456: oid_uptime is not parsed correctly - bug#0001460: Skiping input parameters in data_query_field_list() may lead to SQL errors - bug#0001464: Typo in install/index.php - bug#0001467: Customisable oid index parse regexp for weird MIBs - bug#0001468: Tree is not expanded correctly - bug#0001469: Tree is not being expanded if user followed link outside of cacti - bug#0001476: Mark stacked columns in rrdtool_function_xport() output - bug#0001477: Spelling error in a variable in html_tree.php - bug#0001478: Combo boxes on Graph Management page produce URLs with leading spaces - bug: Top Graph Header Breaks When Plugins Used - bug: SNMP v3 Password issue caused by Firefox's Password AutoFill - bug: Strip Quotes does not properly handle the value 'U' - bug: Changes to the graph tree would not show up immediately for current user - bzip sources ------------------------------------------------------------------- Mon Jun 15 00:00:00 UTC 2009 prusnak@suse.cz - reverted BuildRequires from libdb-4_5-devel to db-devel ------------------------------------------------------------------- Fri May 22 00:00:00 UTC 2009 joop.boonen@opensuse.org - Working with prefix ------------------------------------------------------------------- Sat Apr 25 00:00:00 UTC 2009 joop_boonen@web.de - Updated BuildRequires to libdb-4_5-devel ------------------------------------------------------------------- Sat Feb 14 00:00:00 UTC 2009 joop_boonen@web.de - cleaned out the spec file - deleted file for the PA platform ------------------------------------------------------------------- Fri Feb 13 00:00:00 UTC 2009 joop_boonen@web.de - build version cacti-0.8.7d ------------------------------------------------------------------- Thu Feb 12 00:00:00 UTC 2009 joop_boonen@web.de - improving the spec file - added multi rpm distro build - Added the plug-in framework ------------------------------------------------------------------- Mon Feb 2 00:00:00 UTC 2009 joop_boonen@web.de - building version 0.8.7c ------------------------------------------------------------------- Mon Apr 14 00:00:00 UTC 2008 crrodriguez@suse.de - add official cacti patches - cleanup buildrequires ------------------------------------------------------------------- Tue Apr 8 00:00:00 UTC 2008 crrodriguez@suse.de - cacti does not really work without cron, but cron is not installed by default in the minimal system ------------------------------------------------------------------- Tue Feb 19 00:00:00 UTC 2008 prusnak@suse.cz - updated to 0.8.7b * security fixes: - Fix several security vulnerabilities * bug fixes: - Unnecessary (and faulty) DEF generation for CF:AVERAGE - Small visual fix for Cacti in "View Cacti Log File" - Graph xport modification to increase default rows output - Poller incorrectly identifies unique hosts - CLI Scripts bring MySQL down on large installations - Filtering broken on Data Sources page - Fix looping poller recache events - ss_fping.php 100%% "Pkt Loss" does not work properly - Graphs with no template and/or no host cause filtering errors on Graph Management page - View Poller Cache does not show Data Sources that have no host - Graph Generation fails if e.g. ifDescr contains some blanks - TCP/UDP ping port ignored - Downed Device Detection: None leads to database errors - update_host_status handles ping_availability incorrectly - "U" not allowed as min/max RRD value - Deleted user causes error on user log viewer - Re-assign duplicate radio button IDs - Add HTML title attributes for certain pages - ALL_DATA_SOURCES_NODUPS includes DUPs? SIMILAR_DATA_SOURCES_DUPS is available again - Cacti does not guarentee RRA consolidation functions exist in RRA's - Alert on changing logarithmic scaling removed - add_hosts.php did not accept privacy protocol * features added: - show basic RRDtool graph options on Graph Template edit - Add additional logging to Graph Xport - Add rows dropdown to devices, graphs and data sources - Add device_id and event count to devices - Add ids to devices, graphs and data sources pages - Add database repair utility ------------------------------------------------------------------- Tue Nov 20 00:00:00 UTC 2007 prusnak@suse.cz - updated to 0.8.7a * "Use Per-Data Source Value (Ignore this Value)" runs only when when checking "Allow Empty Input" * Add --autoscale-min (rrdtool 1.2.x only) and --autoscale-max (using upper AND lower limit) * Allow for --logarithmic scaling without autoscaling * Data sources in RRAs have random order, messing up predefined CDEFs * Graph Templates drop down populates with duplicates * Upgrade from 0.8.6j to 0.8.7 defaults to Authentication Method NONE * Graph template - GRINT creates CF function DEF * Invalid date format - "half hour" not the GNU Date format * SQL error when using 'Auth Method' None when no 'guest' user exists * Graph Filter dropdowns do not respect user graph permissions * Potential SQL injection vulnerability * RRDtool 1.2.15 complain for garbage characters when rrdtool_function_xport is used * cmd.php: potential call to invalid "availability_method" key on wrong hash * Log file viewer inefficient filtering uses excess memory * doc change for using COUNTERs as integers only * Fixed extra spaces in GPRINT. Better Alignment for Autopadding * doc change for patching cacti when running SELinux * Cron interval detection causes multiple pollers to run * Max OIDS is not saved in device view * Undefined variable: rra in graph.php on line 241 * Dates are not stored in host table using correct format * Graph Export Generates SQL Errors * Usernames with spaces and dashes are not able to save * Allow for --units=si on logarithmic scaled graphs (rrdtool-1.2.x only). * add opacity/alpha channel to graph items (rrdtool-1.2.x only). * Move to Top for List and Tree View. Omit boring scrolling * add availability pings to host interface ------------------------------------------------------------------- Tue Oct 30 00:00:00 UTC 2007 prusnak@suse.cz - update to 0.8.7 * changes are too numerous to list * see CHANGELOG - dropped obsolete patches: * graph-image.patch (included in update) ------------------------------------------------------------------- Wed Sep 19 00:00:00 UTC 2007 prusnak@suse.cz - fix CVE-2007-3112 and CVE-2007-3113 (graph-image.patch) [#326228] ------------------------------------------------------------------- Mon Jun 25 00:00:00 UTC 2007 dmueller@suse.de - fix last checkin ------------------------------------------------------------------- Thu Jun 21 00:00:00 UTC 2007 dmueller@suse.de - update buildrequires ------------------------------------------------------------------- Thu Feb 8 00:00:00 UTC 2007 prusnak@suse.cz - updated to 0.8.6j: * fixed CVE-2006-6799 * fixed hostname sorting on the devices page * fixed poller.php does not giving any output with MySQL disabled * added bottom navigation bar to graph viewing * added "collapsible" branches to the graph tree editor * added natural sort to graph items in the tree - dropped obsoleted patches: * cacti-0.8.6h-CVE-2006-6799.patch (included in update) - fixed spec file for #norootforbuild ------------------------------------------------------------------- Tue Jan 9 00:00:00 UTC 2007 prusnak@suse.cz - fixed CVE-2006-6799 [#231082] ------------------------------------------------------------------- Fri Mar 17 00:00:00 UTC 2006 stark@suse.de - fix path settings ------------------------------------------------------------------- Wed Jan 25 00:00:00 UTC 2006 mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Wed Jan 18 00:00:00 UTC 2006 mrueckert@suse.de - dont require php4 directly use the php abstraction ------------------------------------------------------------------- Fri Jan 6 00:00:00 UTC 2006 stark@suse.de - update to 0.8.6h - fixed logrotate setting ------------------------------------------------------------------- Tue Jan 3 00:00:00 UTC 2006 stark@suse.de - update to 0.8.6g ------------------------------------------------------------------- Tue Oct 25 00:00:00 UTC 2005 stark@suse.de - added php4-session to required packages (#130282) ------------------------------------------------------------------- Sat Jul 2 00:00:00 UTC 2005 stark@suse.de - update to 0.8.6f ------------------------------------------------------------------- Sat Jun 18 00:00:00 UTC 2005 stark@suse.de - update to 0.8.6e final ------------------------------------------------------------------- Thu Jun 16 00:00:00 UTC 2005 stark@suse.de - update to 0.8.6e ------------------------------------------------------------------- Fri Jan 21 00:00:00 UTC 2005 stark@suse.de - update to 0.8.6c ------------------------------------------------------------------- Fri Nov 19 00:00:00 UTC 2004 stark@suse.de - update to 0.8.6b - added logrotate config ------------------------------------------------------------------- Mon Sep 20 00:00:00 UTC 2004 stark@suse.de - fix sql injection bug (#43908) ------------------------------------------------------------------- Mon Aug 30 00:00:00 UTC 2004 ro@suse.de - remove apache1 traces ------------------------------------------------------------------- Wed Apr 28 00:00:00 UTC 2004 stark@suse.de - update to 0.8.5a ------------------------------------------------------------------- Mon Feb 16 00:00:00 UTC 2004 stark@suse.de - update to 0.8.5 ------------------------------------------------------------------- Mon Dec 29 00:00:00 UTC 2003 stark@suse.de - initial SUSE package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor