2004-08-17
committerEldad Zack <>2004-08-17 09:55:11 +0000
commit9da50f7666ab8a85b021abb65f40e014962b1a5c (patch)
parentremoved older version (Manifest recommit) (diff)
security update: sql injection patch
5 files changed, 156 insertions, 1 deletions
# ChangeLog for net-analyzer/cacti
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.27 2004/08/07 23:52:22 slarti Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.28 2004/08/17 09:55:11 eldad Exp $
*cacti-0.8.5a-r1 (17 Aug 2004)
17 Aug 2004; Eldad Zack <>
+ +files/cacti-0.8.5a-sql-injection.patch, +cacti-0.8.5a-r1.ebuild:
Security patch (SQL Injection): bumping to -r1 with x86 stable.
08 Aug 2004; Tom Martin <> cacti-0.8.5a.ebuild:
Typo in DESCRIPTION: frondend -> frontend. Bug 59717.
+MD5 20fa3a06ca2b93ca3c13cd149cfcb4f1 cacti-0.8.5a-r1.ebuild 4534
MD5 37f166bdab6b6aea120532c1f9fb87c4 cacti-0.8.5a.ebuild 4440
MD5 0fcd46fbbf041e37678c5a6b4b1bd3b1 ChangeLog 3345
MD5 9683bb7323c40d69b48d54ad0eb169ed metadata.xml 221
MD5 44637d48edf68b76a472c70817449cd6 files/digest-cacti-0.8.5a 64
+MD5 9921205d0e13d5948104d5de2e58d3ee files/cacti-0.8.5a-sql-injection.patch 625
+MD5 44637d48edf68b76a472c70817449cd6 files/digest-cacti-0.8.5a-r1 64
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.5a-r1.ebuild,v 1.1 2004/08/17 09:55:11 eldad Exp $
+inherit eutils webapp-apache
+DESCRIPTION="Cacti is a complete frontend to rrdtool"
+KEYWORDS="x86 ~ppc sparc ~alpha ~amd64"
+IUSE="snmp mysql"
+ snmp? ( virtual/snmp )
+ net-analyzer/rrdtool
+ mysql? ( dev-db/mysql )
+ dev-php/php
+ dev-php/mod_php"
+pkg_setup() {
+ webapp-detect || NO_WEBSERVER=1
+ webapp-pkg_setup "${NO_WEBSERVER}"
+ einfo "Installing into ${ROOT}${HTTPD_ROOT}."
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/cacti-0.8.5a-sql-injection.patch
+src_install() {
+ webapp-mkdirs
+ local DocumentRoot=${HTTPD_ROOT}
+ local destdir=${DocumentRoot}/${PN}
+ dodir ${destdir}
+ dohtml docs/{INSTALL,UPGRADE}.htm
+ dodoc docs/{CHANGELOG,CONTRIB}
+ dodoc LICENSE
+ #mv docs/manual .
+ rm -rf docs
+ rm -rf cactid
+ edos2unix `find -type f -name '*.php'`
+ #chown -R ${HTTPD_USER}.${HTTPD_GROUP} *
+ cp -r . ${D}/${HTTPD_ROOT}/${PN}
+ cd ${D}/${HTTPD_ROOT}
+ chown -R ${HTTPD_USER}:${HTTPD_GROUP} ${PN}
+pkg_postinst() {
+ # check to see if we have a previous version installed
+ ver_installed="$(ls -d /var/db/pkg/net-analyzer/cacti* | sed 's:.*cacti-::')"
+ if [[ ${ver_installed} != ${PV} ]]
+ then
+ einfo
+ einfo "The cacti has been installed to ${INSTALL_DEST}"
+ einfo
+ einfo "Before cacti works you must upgrade the cacti database:"
+ einfo "1. Backup the old cacti database:"
+ einfo " shell> mysqlhotcopy --suffix=_old cacti"
+ einfo "2. Drop the old cacti database:"
+ einfo " shell> mysqladmin -p drop cacti"
+ einfo "3. Create the new cacti database"
+ einfo " shell> mysqladmin --user=root create cacti"
+ einfo "4. Import the default cacti database:"
+ einfo " shell> mysql cacti < ${INSTALL_DEST}/cacti.sql"
+ einfo "5. Edit ${INSTALL_DEST}/include/config.php."
+ einfo " + Modify the MySQL user, password and database for your"
+ einfo " cacti configuration."
+ einfo " \$database_default = \"cacti\";"
+ einfo " \$database_hostname = \"localhost\";"
+ einfo " \$database_username = \"cactiuser\";"
+ einfo " \$database_password = \"cacti\";"
+ einfo "6. Add this line to your /etc/crontab file:"
+ einfo " */5 * * * * ${HTTPD_USER} php ${HTTPD_ROOT}${PN}/cmd.php > /dev/null 2>&1"
+ einfo "7. Point your web browser to: http://your-server/cacti/"
+ einfo " Select \"Upgrade\"."
+ einfo " Make sure to fill in all of the path variables carefully and"
+ einfo " correctly on the following screen."
+ einfo
+ einfo "FINALLY, you must have these settings in your php.ini:"
+ einfo " register_globals = On"
+ einfo " register_argc_argv = On"
+ einfo
+ einfo "Test your upgraded installation. When all is fine you can"
+ einfo "drop the cacti_old database like so:"
+ einfo " shell> mysqladmin -p drop cacti_old"
+ einfo
+ else
+ einfo
+ einfo "The cacti has been copied to ${INSTALL_DEST}"
+ einfo
+ einfo "Before cacti works you must:"
+ einfo "1. Create the new cacti database"
+ einfo " shell> mysqladmin --user=root create cacti"
+ einfo "2. Import the default cacti database:"
+ einfo " shell> mysql cacti < ${INSTALL_DEST}/cacti.sql"
+ einfo "3. Optional: Create a MySQL username and password for cacti."
+ einfo " shell> mysql --user=root mysql"
+ einfo " mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';"
+ einfo " mysql> flush privileges;"
+ einfo "4. Edit ${INSTALL_DEST}/include/config.php."
+ einfo " + Modify the MySQL user, password and database for your"
+ einfo " cacti configuration."
+ einfo " \$database_default = \"cacti\";"
+ einfo " \$database_hostname = \"localhost\";"
+ einfo " \$database_username = \"cactiuser\";"
+ einfo " \$database_password = \"cacti\";"
+ einfo "5. Add this line to your /etc/crontab file:"
+ einfo " */5 * * * * ${HTTPD_USER} php ${HTTPD_ROOT}${PN}/cmd.php > /dev/null 2>&1"
+ einfo "6. Point your web browser to: http://your-server/cacti/"
+ einfo " Make sure to fill in all of the path variables carefully and"
+ einfo " correctly on the following screen."
+ einfo
+ einfo "FINALLY, you must have these settings in your php.ini:"
+ einfo " register_globals = On"
+ einfo " register_argc_argv = On"
+ einfo
+ fi
+--- /var/www/localhost/htdocs/cacti/auth_login.php 2004-08-17 11:24:40.000000000 +0300
++++ auth_login.php 2004-08-17 12:33:52.271029872 +0300
+@@ -29,9 +29,6 @@
+ switch ($_REQUEST["action"]) {
+ case 'login':
+- /* --- UPDATE old password with new md5 password value */
+- db_execute("update user_auth set password = '" . md5($_POST["password"]) . "' where username='" . $_POST["username"] . "' and password = PASSWORD('" . $_POST["password"] . "')");
+ /* --- start ldap section --- */
+ $ldap_auth = false;
+ if ((read_config_option("ldap_enabled") == "on") && ($_POST["realm"] == "ldap") && (strlen($_POST["password"]))){
+MD5 2b9ef4194664d65b86cdcc9a0f126609 cacti-0.8.5a.tar.gz 986785