Please update Cacti to 1.2.28. 1.2.27 contains fixes for PHP 8.3 compatibility which is holding me back from upgrading PHP. In addition there are security fixes. Thanks!
1. What about add php:flavors? To be able to use package with all PHP versions. 2. I see a lot of security fixes: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 3. Patch is trivial: --- net-mgmt/cacti.orig/Makefile +++ net-mgmt/cacti/Makefile @@ -1,5 +1,5 @@ PORTNAME= cacti PORTNAME= cacti -DISTVERSION= 1.2.26 +DISTVERSION= 1.2.28 CATEGORIES= net-mgmt www MASTER_SITES= http://www.cacti.net/downloads/ \ ftp://ftpmirror.uk/freebsd-ports/cacti/ --- net-mgmt/cacti.orig/distinfo +++ net-mgmt/cacti/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1708196412 -SHA256 (cacti-1.2.26.tar.gz) = 1d2ed4479588540b63c77a662b3b7e841e23e63e786c47de9e7a8b558a395db0 -SIZE (cacti-1.2.26.tar.gz) = 43637358 +TIMESTAMP = 1737039609 +SHA256 (cacti-1.2.28.tar.gz) = 4a095821a9435e1b9c8294e709365f67e59dd7696c3f3feffa9cd9ace1d8cea7 +SIZE (cacti-1.2.28.tar.gz) = 46785888 Waiting maintainer…
Created attachment 256733 [details] Update 1.2.26 → 1.2.28 3. Trivial patch doesn't work, fixed patch attached.
Flavorize PHP: +PKGNAMESUFFIX= ${PHP_PKGNAMESUFFIX} -USES= cpe mysql php:web shebangfix +USES= cpe mysql php:flavors,web shebangfix Tested build on 14.2 amd64 in poudriere and on live system.
Comment on attachment 256733 [details] Update 1.2.26 → 1.2.28 Looks beautiful, thank you!
(In reply to Michael Muenz from comment #4) Flavorization too?
TBH, my time is quite limited the last months and I'm afraid I can't test everything around flavors, if you tested successful I'm ok with this.
(In reply to Michael Muenz from comment #6) I tested flavors only build with default php 8.3. I'll commit update version with merge-quarterly and flavorization in separate commit without merge-quarterly.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3b783d4ddded795cdd3f5d9aa107f0ffbabbf803 commit 3b783d4ddded795cdd3f5d9aa107f0ffbabbf803 Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:42:39 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:42:39 +0000 net-mgmt/cacti: Flavorize PHP Add PHP flavor to be able to use package with all PHP versions. PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) net-mgmt/cacti/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=75e2ca30e765f24d07c12dc8744a40b0b90f783e commit 75e2ca30e765f24d07c12dc8744a40b0b90f783e Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:31:59 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:31:59 +0000 net-mgmt/cacti: Update 1.2.26 → 1.2.28 (PHP 8.3 support and security fixes) Security fixes in 1.2.27: GHSA-37x7-mfjv-mm7m Authentication Bypass when using using older password hashes GHSA-7cmj-g5qc-pj88 RCE vulnerability when importing packages GHSA-cx8g-hvq8-p2rv RCE vulnerability when plugins include files GHSA-gj3f-p326-gh8r SQL Injection vulnerability when using tree rules through Automation API GHSA-grj5-8fcj-34gh XSS vulnerability when using JavaScript based messaging API GHSA-jrxg-8wh8-943x SQL Injection vulnerability when using form templates GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API GHSA-rqc8-78cm-85j3 XSS vulnerability when managing data queries GHSA-vjph-r677-6pcc SQL Injection vulnerability when retrieving graphs using Automation API Security fixes in 1.2.28: GHSA-49f2-hwx9-qffr XSS vulnerability when creating external links with the consolenewsection parameter GHSA-fgc6-g8gc-wcg5 XSS vulnerability when creating external links with the title parameter GHSA-gxq4-mv8h-6qj4 RCE vulnerability can be executed via Log Poisoning GHSA-wh9c-v56x-v77c XSS vulnerability when creating external links with the fileurl parameter Also 1.2.27 contains fixes for PHP 8.3 compatibility which is default in ports now. Changelogs: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) MFH: 2025Q1 net-mgmt/cacti/Makefile | 4 ++-- net-mgmt/cacti/distinfo | 6 +++--- net-mgmt/cacti/pkg-plist | 14 +++++++++++++- 3 files changed, 18 insertions(+), 6 deletions(-)
A commit in branch 2025Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a3784b152ccd7ff13d78bb30bbe75e3364f2a2c1 commit a3784b152ccd7ff13d78bb30bbe75e3364f2a2c1 Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:31:59 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:47:51 +0000 net-mgmt/cacti: Update 1.2.26 → 1.2.28 (PHP 8.3 support and security fixes) Security fixes in 1.2.27: GHSA-37x7-mfjv-mm7m Authentication Bypass when using using older password hashes GHSA-7cmj-g5qc-pj88 RCE vulnerability when importing packages GHSA-cx8g-hvq8-p2rv RCE vulnerability when plugins include files GHSA-gj3f-p326-gh8r SQL Injection vulnerability when using tree rules through Automation API GHSA-grj5-8fcj-34gh XSS vulnerability when using JavaScript based messaging API GHSA-jrxg-8wh8-943x SQL Injection vulnerability when using form templates GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API GHSA-rqc8-78cm-85j3 XSS vulnerability when managing data queries GHSA-vjph-r677-6pcc SQL Injection vulnerability when retrieving graphs using Automation API Security fixes in 1.2.28: GHSA-49f2-hwx9-qffr XSS vulnerability when creating external links with the consolenewsection parameter GHSA-fgc6-g8gc-wcg5 XSS vulnerability when creating external links with the title parameter GHSA-gxq4-mv8h-6qj4 RCE vulnerability can be executed via Log Poisoning GHSA-wh9c-v56x-v77c XSS vulnerability when creating external links with the fileurl parameter Also 1.2.27 contains fixes for PHP 8.3 compatibility which is default in ports now. Changelogs: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) MFH: 2025Q1 (cherry picked from commit 75e2ca30e765f24d07c12dc8744a40b0b90f783e) net-mgmt/cacti/Makefile | 4 ++-- net-mgmt/cacti/distinfo | 6 +++--- net-mgmt/cacti/pkg-plist | 14 +++++++++++++- 3 files changed, 18 insertions(+), 6 deletions(-)
Thank you for your assistance! I appreciate the quick response.
Flavor in main branch only.
(In reply to Doug White from comment #11) Test please new flavored version and write feedback.
Flavored versions checked out on php82 and php83, thanks! Is an UPDATING entry required as the package names changed (cacti -> cacti-php8x)?
(In reply to Doug White from comment #14) > Flavored versions checked out on php82 and php83, thanks! Nice! You are welcome! > Is an UPDATING entry required as the package names changed (cacti -> cacti-php8x)? AFAIK no. Origin isn't changed: net-mgmt/cacti.