Bug 209809

Summary: net-mgmt/cacti: upgrade to 0.8.8h - fix sql vulns
Product: Ports & Packages Reporter: Daniel Austin <freebsd-ports>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Many People CC: pi
Priority: --- Keywords: patch, patch-ready, security
Version: LatestFlags: freebsd-ports: maintainer-feedback+
pi: merge-quarterly+
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 209022, 209456    
Attachments:
Description Flags
update to 0.8.8h
freebsd-ports: maintainer-approval+
vuxml entry for cacti freebsd-ports: maintainer-approval+

Description Daniel Austin 2016-05-28 13:00:26 UTC 
Created attachment 170749 [details]
update to 0.8.8h

This is a security update for cacti to resolve SQL exploits.

Overview:
 * upgrade to 0.8.8h codebase from vendor
 * fix SQL vulnerabilities including CVE-2016-3659
 * fix USE_MYSQL -> USES:mysql
 * fix deprecated mysql php module requirement (use mysqli instead)
 * fix overwriting of failure/recovery dates after outages

Files added:
 files/patch-lib__functions.php

Files modified:
 Makefile
 distinfo
 pkg-plist
 files/patch-install__index.php


Poudriere testport logs:
https://poudriere.dan.tm/poudriere/data/latest-per-pkg/cacti/0.8.8h/


Please merge-quarterly due to SQL vulns patched.
Comment 1 Daniel Austin 2016-05-28 19:45:56 UTC 
Created attachment 170762 [details]
vuxml entry for cacti

sorry - missed the vuxml entry earlier
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-05-28 20:10:14 UTC 
A commit references this bug:

Author: pi
Date: Sat May 28 20:09:26 UTC 2016
New revision: 416066
URL: https://svnweb.freebsd.org/changeset/ports/416066

Log:
  net-mgmt/cacti: 0.8.8g -> 0.8.8h

  This is a security update for cacti to resolve SQL exploits.
  - upgrade to 0.8.8h codebase from vendor
  - fix SQL vulnerabilities including CVE-2016-3659
  - fix USE_MYSQL -> USES:mysql
  - fix deprecated mysql php module requirement (use mysqli instead)
  - fix overwriting of failure/recovery dates after outages

  PR:		209809
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Security:	CVE-2016-3659
  MFH:		2016Q2

Changes:
  head/net-mgmt/cacti/Makefile
  head/net-mgmt/cacti/distinfo
  head/net-mgmt/cacti/files/patch-install__index.php
  head/net-mgmt/cacti/files/patch-lib__functions.php
  head/net-mgmt/cacti/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-05-29 19:01:29 UTC 
A commit references this bug:

Author: pi
Date: Sun May 29 19:01:24 UTC 2016
New revision: 416120
URL: https://svnweb.freebsd.org/changeset/ports/416120

Log:
  Document security issues fixed in cacti 0.8.8h

  PR:		209809
  Reported by:	Daniel Austin <freebsd-ports@dan.me.uk>
  Security:	CVE-2016-3659
  Security:	https://vuxml.FreeBSD.org/freebsd/6167b341-250c-11e6-a6fb-003048f2e514.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-05-29 19:12:31 UTC 
A commit references this bug:

Author: pi
Date: Sun May 29 19:12:22 UTC 2016
New revision: 416121
URL: https://svnweb.freebsd.org/changeset/ports/416121

Log:
  MFH: r416066

  net-mgmt/cacti: 0.8.8g -> 0.8.8h

  This is a security update for cacti to resolve SQL exploits.
  - upgrade to 0.8.8h codebase from vendor
  - fix SQL vulnerabilities including CVE-2016-3659
  - fix USE_MYSQL -> USES:mysql
  - fix deprecated mysql php module requirement (use mysqli instead)
  - fix overwriting of failure/recovery dates after outages

  PR:		209809
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Security:	CVE-2016-3659
  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/net-mgmt/cacti/Makefile
  branches/2016Q2/net-mgmt/cacti/distinfo
  branches/2016Q2/net-mgmt/cacti/files/patch-install__index.php
  branches/2016Q2/net-mgmt/cacti/files/patch-lib__functions.php
  branches/2016Q2/net-mgmt/cacti/pkg-plist
Comment 5 Kurt Jaeger freebsd_committer freebsd_triage 2016-05-29 19:13:45 UTC 
MFH done, vuxml done, thanks very much!
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-05-31 16:13:47 UTC 
A commit references this bug:

Author: pi
Date: Tue May 31 16:12:59 UTC 2016
New revision: 416207
URL: https://svnweb.freebsd.org/changeset/ports/416207

Log:
  net-mgmt/cacti: fix INDEX in quarterly branch

  - no USES=mysql allowed in the quarterly branch

  PR:		209809
  Submitted by:	antoine
  Approved by:	ports-secteam (feld)

Changes:
  branches/2016Q2/net-mgmt/cacti/Makefile
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-06-06 18:29:25 UTC 
A commit references this bug:

Author: pi
Date: Mon Jun  6 18:29:15 UTC 2016
New revision: 416481
URL: https://svnweb.freebsd.org/changeset/ports/416481

Log:
  net-mgmt/cacti: fix version number in Makefile

  PR:		209809
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Approved by:	ports-secteam (junovitch)
  MFH:		2016Q2

Changes:
  branches/2016Q2/net-mgmt/cacti/Makefile