[gentoo-commits] gentoo-x86 commit in net-analyzer/cacti/files: cacti-r7420.patch - gentoo-commits

From:	"Jorge Manuel B. S. Vicetto (jmbsvicetto)" <jmbsvicetto@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-analyzer/cacti/files: cacti-r7420.patch
Date:	Tue, 27 Aug 2013 02:21:40
Message-Id:	`20130827022133.C7C992004E@flycatcher.gentoo.org`

1

jmbsvicetto    13/08/27 02:21:33

2

3

  Added:                cacti-r7420.patch

4

  Log:

5

  Bring cacti from my overlay.

6

  Do a revision bump to add a patch to address bugs.cacti.net/view.php?id=2383 .

7

  Fixes bug 482424 (CVE-2013-5588, CVE-2013-5589).

8

9

  (Portage version: 2.2.0_alpha196/cvs/Linux x86_64, signed Manifest commit with key BB0E6E98)

10

11

Revision  Changes    Path

12

1.1                  net-analyzer/cacti/files/cacti-r7420.patch

13

14

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&view=markup

15

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&content-type=text/plain

16

17

Index: cacti-r7420.patch

18

===================================================================

19

Index: cacti-0.8.8b/host.php

20

===================================================================

21

--- cacti-0.8.8b/host.php	(revision 7419)

22

+++ cacti-0.8.8b/host.php	(revision 7420)

23

@@ -149,6 +149,9 @@

24

 		if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) {

25

 			raise_message(4);

26

 		}else{

27

+			input_validate_input_number(get_request_var_post("id"));

28

+			input_validate_input_number(get_request_var_post("host_template_id"));

29

+

30

 			$host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"],

31

 				trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"],

32

 				$_POST["snmp_username"], $_POST["snmp_password"],

33

Index: cacti-0.8.8b/lib/api_device.php

34

===================================================================

35

--- cacti-0.8.8b/lib/api_device.php	(revision 7419)

36

+++ cacti-0.8.8b/lib/api_device.php	(revision 7420)

37

@@ -107,7 +107,7 @@

38

 		$_host_template_id = db_fetch_cell("select host_template_id from host where id=$id");

39

}

40

41

-	$save["id"] = $id;

42

+	$save["id"]                   = form_input_validate($id, "id", "^[0-9]+$", false, 3);

43

 	$save["host_template_id"]     = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3);

44

 	$save["description"]          = form_input_validate($description, "description", "", false, 3);

45

 	$save["hostname"]             = form_input_validate(trim($hostname), "hostname", "", false, 3);

46

Index: cacti-0.8.8b/install/index.php

47

===================================================================

48

--- cacti-0.8.8b/install/index.php	(revision 7419)

49

+++ cacti-0.8.8b/install/index.php	(revision 7420)

50

@@ -310,27 +310,28 @@

51

}

52

53

 /* pre-processing that needs to be done for each step */

54

-if (empty($_REQUEST["step"])) {

55

-	$_REQUEST["step"] = 1;

56

-}else{

57

-	if ($_REQUEST["step"] == "1") {

58

-		$_REQUEST["step"] = "2";

59

-	}elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) {

60

-		$_REQUEST["step"] = "3";

61

-	}elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) {

62

-		$_REQUEST["step"] = "8";

63

-	}elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {

64

-		$_REQUEST["step"] = "9";

65

-	}elseif ($_REQUEST["step"] == "8") {

66

-		$_REQUEST["step"] = "3";

67

-	}elseif ($_REQUEST["step"] == "9") {

68

-		$_REQUEST["step"] = "3";

69

-	}elseif ($_REQUEST["step"] == "3") {

70

-		$_REQUEST["step"] = "4";

71

+if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) {

72

+	$step = intval($_REQUEST["step"]);

73

+	if ($step == "1") {

74

+		$step = "2";

75

+	} elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) {

76

+		$step = "3";

77

+	} elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) {

78

+		$step = "8";

79

+	} elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {

80

+		$step = "9";

81

+	} elseif ($step == "8") {

82

+		$step = "3";

83

+	} elseif ($step == "9") {

84

+		$step = "3";

85

+	} elseif ($step == "3") {

86

+		$step = "4";

87

}

88

+} else {

89

+	$step = 1;

90

}

91

92

-if ($_REQUEST["step"] == "4") {

93

+if ($step == "4") {

94

 	include_once("../lib/data_query.php");

95

 	include_once("../lib/utility.php");

96

97

@@ -366,7 +367,7 @@

98

99

 	header ("Location: ../index.php");

100

 	exit;

101

-}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) {

102

+}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) {

103

 	/* if the version is not found, die */

104

 	if (!is_int($old_version_index)) {

105

 		print "	<p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p>

106

@@ -505,7 +506,7 @@

107

 				</tr>

108

 				<tr>

109

 					<td width="100%" style="font-size: 12px;">

110

-						<?php if ($_REQUEST["step"] == "1") { ?>

111

+						<?php if ($step == "1") { ?>

112

113

 						<p>Thanks for taking the time to download and install cacti, the complete graphing

114

 						solution for your network. Before you can start making cool graphs, there are a few

115

@@ -530,7 +531,7 @@

116

 						MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

117

 						GNU General Public License for more details.</p>

118

119

-						<?php }elseif ($_REQUEST["step"] == "2") { ?>

120

+						<?php }elseif ($step == "2") { ?>

121

122

 						<p>Please select the type of installation</p>

123

124

@@ -551,7 +552,7 @@

125

 							print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?>

126

 						</p>

127

128

-						<?php }elseif ($_REQUEST["step"] == "3") { ?>

129

+						<?php }elseif ($step == "3") { ?>

130

131

 						<p>Make sure all of these values are correct before continuing.</p>

132

 						<?php

133

@@ -609,7 +610,7 @@

134

 						is an upgrade. You can change any of the settings on this screen at a later

135

 						time by going to "Cacti Settings" from within Cacti.</p>

136

137

-						<?php }elseif ($_REQUEST["step"] == "8") { ?>

138

+						<?php }elseif ($step == "8") { ?>

139

140

 						<p>Upgrade results:</p>

141

142

@@ -659,7 +660,7 @@

143

 						print $upgrade_results;

144

?>

145

146

-						<?php }elseif ($_REQUEST["step"] == "9") { ?>

147

+						<?php }elseif ($step == "9") { ?>

148

149

 						<p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p>

150

151

@@ -673,7 +674,7 @@

152

153

 						<?php }?>

154

155

-						<p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>

156

+						<p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>

157

 					</td>

158

 				</tr>

159

 			</table>

160

@@ -681,7 +682,7 @@

161

 	</tr>

162

 </table>

163

164

-<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>">

165

+<input type="hidden" name="step" value="<?php print $step;?>">

166

167

 </form>

1	jmbsvicetto 13/08/27 02:21:33
2
3	Added: cacti-r7420.patch
4	Log:
5	Bring cacti from my overlay.
6	Do a revision bump to add a patch to address bugs.cacti.net/view.php?id=2383 .
7	Fixes bug 482424 (CVE-2013-5588, CVE-2013-5589).
8
9	(Portage version: 2.2.0_alpha196/cvs/Linux x86_64, signed Manifest commit with key BB0E6E98)
10
11	Revision Changes Path
12	1.1 net-analyzer/cacti/files/cacti-r7420.patch
13
14	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&view=markup
15	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&content-type=text/plain
16
17	Index: cacti-r7420.patch
18	===================================================================
19	Index: cacti-0.8.8b/host.php
20	===================================================================
21	--- cacti-0.8.8b/host.php (revision 7419)
22	+++ cacti-0.8.8b/host.php (revision 7420)
23	@@ -149,6 +149,9 @@
24	if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) {
25	raise_message(4);
26	}else{
27	+ input_validate_input_number(get_request_var_post("id"));
28	+ input_validate_input_number(get_request_var_post("host_template_id"));
29	+
30	$host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"],
31	trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"],
32	$_POST["snmp_username"], $_POST["snmp_password"],
33	Index: cacti-0.8.8b/lib/api_device.php
34	===================================================================
35	--- cacti-0.8.8b/lib/api_device.php (revision 7419)
36	+++ cacti-0.8.8b/lib/api_device.php (revision 7420)
37	@@ -107,7 +107,7 @@
38	$_host_template_id = db_fetch_cell("select host_template_id from host where id=$id");
39	}
40
41	- $save["id"] = $id;
42	+ $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3);
43	$save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3);
44	$save["description"] = form_input_validate($description, "description", "", false, 3);
45	$save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3);
46	Index: cacti-0.8.8b/install/index.php
47	===================================================================
48	--- cacti-0.8.8b/install/index.php (revision 7419)
49	+++ cacti-0.8.8b/install/index.php (revision 7420)
50	@@ -310,27 +310,28 @@
51	}
52
53	/* pre-processing that needs to be done for each step */
54	-if (empty($_REQUEST["step"])) {
55	- $_REQUEST["step"] = 1;
56	-}else{
57	- if ($_REQUEST["step"] == "1") {
58	- $_REQUEST["step"] = "2";
59	- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) {
60	- $_REQUEST["step"] = "3";
61	- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) {
62	- $_REQUEST["step"] = "8";
63	- }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
64	- $_REQUEST["step"] = "9";
65	- }elseif ($_REQUEST["step"] == "8") {
66	- $_REQUEST["step"] = "3";
67	- }elseif ($_REQUEST["step"] == "9") {
68	- $_REQUEST["step"] = "3";
69	- }elseif ($_REQUEST["step"] == "3") {
70	- $_REQUEST["step"] = "4";
71	+if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) {
72	+ $step = intval($_REQUEST["step"]);
73	+ if ($step == "1") {
74	+ $step = "2";
75	+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) {
76	+ $step = "3";
77	+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) {
78	+ $step = "8";
79	+ } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
80	+ $step = "9";
81	+ } elseif ($step == "8") {
82	+ $step = "3";
83	+ } elseif ($step == "9") {
84	+ $step = "3";
85	+ } elseif ($step == "3") {
86	+ $step = "4";
87	}
88	+} else {
89	+ $step = 1;
90	}
91
92	-if ($_REQUEST["step"] == "4") {
93	+if ($step == "4") {
94	include_once("../lib/data_query.php");
95	include_once("../lib/utility.php");
96
97	@@ -366,7 +367,7 @@
98
99	header ("Location: ../index.php");
100	exit;
101	-}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) {
102	+}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) {
103	/* if the version is not found, die */
104	if (!is_int($old_version_index)) {
105	print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p>
106	@@ -505,7 +506,7 @@
107	</tr>
108	<tr>
109	<td width="100%" style="font-size: 12px;">
110	- <?php if ($_REQUEST["step"] == "1") { ?>
111	+ <?php if ($step == "1") { ?>
112
113	<p>Thanks for taking the time to download and install cacti, the complete graphing
114	solution for your network. Before you can start making cool graphs, there are a few
115	@@ -530,7 +531,7 @@
116	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
117	GNU General Public License for more details.</p>
118
119	- <?php }elseif ($_REQUEST["step"] == "2") { ?>
120	+ <?php }elseif ($step == "2") { ?>
121
122	<p>Please select the type of installation</p>
123
124	@@ -551,7 +552,7 @@
125	print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?>
126	</p>
127
128	- <?php }elseif ($_REQUEST["step"] == "3") { ?>
129	+ <?php }elseif ($step == "3") { ?>
130
131	<p>Make sure all of these values are correct before continuing.</p>
132	<?php
133	@@ -609,7 +610,7 @@
134	is an upgrade. You can change any of the settings on this screen at a later
135	time by going to "Cacti Settings" from within Cacti.</p>
136
137	- <?php }elseif ($_REQUEST["step"] == "8") { ?>
138	+ <?php }elseif ($step == "8") { ?>
139
140	<p>Upgrade results:</p>
141
142	@@ -659,7 +660,7 @@
143	print $upgrade_results;
144	?>
145
146	- <?php }elseif ($_REQUEST["step"] == "9") { ?>
147	+ <?php }elseif ($step == "9") { ?>
148
149	<p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p>
150
151	@@ -673,7 +674,7 @@
152
153	<?php }?>
154
155	- <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
156	+ <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
157	</td>
158	</tr>
159	</table>
160	@@ -681,7 +682,7 @@
161	</tr>
162	</table>
163
164	-<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>">
165	+<input type="hidden" name="step" value="<?php print $step;?>">
166
167	</form>

Gentoo Archives: gentoo-commits