From: Arkadiusz Miśkiewicz <arekm@maven.pl>
Date: Wed, 12 Feb 2020 10:22:56 +0000 (+0100)
Subject: - up to 1.2.9; fixes CVE-2020-7106, CVE-2020-7237
X-Git-Tag: auto/th/cacti-1.2.9-1
X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=7a13808f24fa60940d143ee090ec615e50575b41;p=packages%2Fcacti.git

- up to 1.2.9; fixes CVE-2020-7106, CVE-2020-7237
---

diff --git a/cacti-config.patch b/cacti-config.patch
index 49feed2..791d897 100644
--- a/cacti-config.patch
+++ b/cacti-config.patch
@@ -1,17 +1,20 @@
 --- cacti-0.8.7b/include/global.php	2008-10-05 04:38:29.740276226 +0300
 +++ cacti-0.8.7g/include/global.php	2010-12-13 12:10:44.312310245 +0200
-@@ -64,10 +64,7 @@ $url_path = '/cacti/';
- /* allow upto 5000 items to be selected */
+@@ -83,13 +83,7 @@ $disable_log_rotation = false;
  ini_set('max_input_vars', '5000');
+ $config = array();
  
 -/* Include configuration, or use the defaults */
 -if (file_exists(dirname(__FILE__) . '/config.php')) {
+-	if (!is_readable(dirname(__FILE__) . '/config.php')) {
+-		die('Configuration file include/config.php is present, but unreadable.' . PHP_EOL);
+-	}
 -	include(dirname(__FILE__) . '/config.php');
 -}
 +require '/etc/webapps/cacti/config.php';
  
  if (isset($config['cacti_version'])) {
- 	die('Invalid include/config.php file detected.');
+ 	die('Invalid include/config.php file detected.' . PHP_EOL);
 @@ -139,7 +139,8 @@ if ($config['cacti_server_os'] == 'win32
  	$config['library_path'] = preg_replace("/(.*[\/])include/", "\\1lib", dirname(__FILE__));
  }
diff --git a/cacti.spec b/cacti.spec
index 6c1ef5c..ea84a15 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -3,12 +3,12 @@
 Summary:	Cacti is a PHP frontend for rrdtool
 Summary(pl.UTF-8):	Cacti - frontend w PHP do rrdtoola
 Name:		cacti
-Version:	1.2.8
+Version:	1.2.9
 Release:	1
 License:	GPL v2
 Group:		Applications/WWW
 Source0:	http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
-# Source0-md5:	822e317918956246398cfc891dff66bc
+# Source0-md5:	1561dac3fddc4385389fe64b5a7c7067
 Source2:	%{name}.crontab
 Source3:	%{name}-apache.conf
 Source4:	%{name}-lighttpd.conf
@@ -171,6 +171,8 @@ cp -p %{SOURCE5} sql
     /bin.php/!i#!%{_bindir}/php
 }' scripts/*.php  cli/*.php
 
+%{__sed} -i -e 's,#!/usr/bin/env php,#!/usr/bin/php,' include/vendor/cldr-to-gettext-plural-rules/bin/export-plural-rules
+
 chmod a+rx scripts/*.php cli/*.php
 
 find '(' -name '*~' -o -name '*.orig' ')' -print0 | xargs -0 -r -l512 rm -f