Bug 245198

Summary: net-mgmt/cacti: Update to 1.2.10
Product: Ports & Packages Reporter: Michael Muenz <m.muenz>
Component: Individual Port(s)Assignee: Ben Woods <woodsb02>
Status: Closed FIXED    
Severity: Affects Only Me CC: fernape, freebsd-ports, woodsb02
Priority: --- Keywords: buildisok
Version: LatestFlags: woodsb02: maintainer-feedback+
woodsb02: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://www.cacti.net/changelog.php
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245205
Bug Depends on:    
Bug Blocks: 245205    
Attachments:
Description Flags
Cacti 1.2.10
none
updated 1.2.10 patch none

Description Michael Muenz 2020-03-31 06:52:42 UTC
Created attachment 212884 [details]
Cacti 1.2.10

Update to latest version 1.2.10.
There are several security related CVE's fixed with 1.2.9 and 1.2.10 (CVE-2020-8813, CVE-2020-7106, CVE-2020-7237).

Maybe need quarterly.

I'll add a separate PR for vuxml later today.
Comment 1 Automation User 2020-03-31 12:11:42 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/131308333
Comment 2 Ben Woods freebsd_committer 2020-04-01 22:25:42 UTC
Hi Dan, can I request a quick response from you on this one, given it fixes multiple security vulnerabilities?

Also, I noticed there have been a few maintainer timeouts recently for cacti - are you still interesting in maintaining this port? I know all too well how life takes over and gets in the way of volunteer efforts such as port maintainership.
Comment 3 Ben Woods freebsd_committer 2020-04-05 05:13:08 UTC
Hi Dan, sorry to hassle, but could I please push for a comment on this diff?
Comment 4 Daniel Austin 2020-04-05 12:41:15 UTC
(In reply to Ben Woods from comment #3)
Hi Ben,
Sorry, super busy here :(

Diff looks ok, other than all the occurrences of '%%CACTIUSER%%' in pkg-plist filenames instead of the word 'cacti'... so long as the user IS cacti, it will be ok - but if anyone changes the username it would fail as those files are statically named after the product not the username.

I'm more than happy for anyone to take over maintainership of this port.
I'm really stuck for time lately :(
Comment 5 Michael Muenz 2020-04-06 07:33:29 UTC
The cacti user changes in plist came from poudriere, I'll enclose an updated patch without it.

Today Cacti 1.2.11 is out but no security issues, so we can stick with 1.2.10 and after-merge I'll create a new PR for 1.2.11 and replace the maintainer as you already wished couple of updates ago.
Comment 6 Michael Muenz 2020-04-06 07:34:09 UTC
Created attachment 213117 [details]
updated 1.2.10 patch
Comment 7 commit-hook freebsd_committer 2020-04-07 14:25:30 UTC
A commit references this bug:

Author: woodsb02
Date: Tue Apr  7 14:24:40 UTC 2020
New revision: 530981
URL: https://svnweb.freebsd.org/changeset/ports/530981

Log:
  net-mgmt/cacti: Update to 1.2.10

  Changes this release:
    https://github.com/Cacti/cacti/blob/release/1.2.10/CHANGELOG

  PR:		245198
  Submitted by:	Michael Muenz <m.muenz@gmail.com>
  Approved by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  MFH:		2020Q2
  Security:	https://www.vuxml.org/freebsd/e2b564fc-7462-11ea-af63-38d547003487.html

Changes:
  head/net-mgmt/cacti/Makefile
  head/net-mgmt/cacti/distinfo
  head/net-mgmt/cacti/pkg-plist
Comment 8 Ben Woods freebsd_committer 2020-04-07 14:30:18 UTC
Committed with 1 change (the %%CACTIUSER%% and %%CACTIGROUP%% variables were deliberately used in the owner and group commands within pkg-plist, so I did not commit that part of the diff).

Thanks for the patch Michael, and for your review+approval Dan.

Awaiting approval from ports-secteam to merge this commit to ports quarterly branch to mitigate the security vulnerability there also.
Comment 9 commit-hook freebsd_committer 2020-04-08 14:14:23 UTC
A commit references this bug:

Author: woodsb02
Date: Wed Apr  8 14:13:37 UTC 2020
New revision: 531118
URL: https://svnweb.freebsd.org/changeset/ports/531118

Log:
  MFH: r530981

  net-mgmt/cacti: Update to 1.2.10

  Changes this release:
    https://github.com/Cacti/cacti/blob/release/1.2.10/CHANGELOG

  PR:		245198
  Submitted by:	Michael Muenz <m.muenz@gmail.com>
  Approved by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Security:	https://www.vuxml.org/freebsd/e2b564fc-7462-11ea-af63-38d547003487.html

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/net-mgmt/cacti/Makefile
  branches/2020Q2/net-mgmt/cacti/distinfo
  branches/2020Q2/net-mgmt/cacti/pkg-plist
Comment 10 Ben Woods freebsd_committer 2020-04-08 14:14:55 UTC
Committed to ports quarterly branch. Thanks again team, consider this one closed!