Bug 284037
| Summary: | net-mgmt/cacti: Update 1.2.26 → 1.2.28 (contains fixes for PHP 8.3 compatibility) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Doug White <dwhite-freebsd-bugs> | ||||
| Component: | Individual Port(s) | Assignee: | Vladimir Druzenko <vvd> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | m.muenz, vvd | ||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(m.muenz) vvd: merge-quarterly+ |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Doug White
2025-01-13 17:03:47 UTC
1. What about add php:flavors? To be able to use package with all PHP versions. 2. I see a lot of security fixes: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 3. Patch is trivial: --- net-mgmt/cacti.orig/Makefile +++ net-mgmt/cacti/Makefile @@ -1,5 +1,5 @@ PORTNAME= cacti PORTNAME= cacti -DISTVERSION= 1.2.26 +DISTVERSION= 1.2.28 CATEGORIES= net-mgmt www MASTER_SITES= http://www.cacti.net/downloads/ \ ftp://ftpmirror.uk/freebsd-ports/cacti/ --- net-mgmt/cacti.orig/distinfo +++ net-mgmt/cacti/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1708196412 -SHA256 (cacti-1.2.26.tar.gz) = 1d2ed4479588540b63c77a662b3b7e841e23e63e786c47de9e7a8b558a395db0 -SIZE (cacti-1.2.26.tar.gz) = 43637358 +TIMESTAMP = 1737039609 +SHA256 (cacti-1.2.28.tar.gz) = 4a095821a9435e1b9c8294e709365f67e59dd7696c3f3feffa9cd9ace1d8cea7 +SIZE (cacti-1.2.28.tar.gz) = 46785888 Waiting maintainer… Created attachment 256733 [details]
Update 1.2.26 → 1.2.28
3. Trivial patch doesn't work, fixed patch attached.
Flavorize PHP:
+PKGNAMESUFFIX= ${PHP_PKGNAMESUFFIX}
-USES= cpe mysql php:web shebangfix
+USES= cpe mysql php:flavors,web shebangfix
Tested build on 14.2 amd64 in poudriere and on live system.
Comment on attachment 256733 [details]
Update 1.2.26 → 1.2.28
Looks beautiful, thank you!
(In reply to Michael Muenz from comment #4) Flavorization too? TBH, my time is quite limited the last months and I'm afraid I can't test everything around flavors, if you tested successful I'm ok with this. (In reply to Michael Muenz from comment #6) I tested flavors only build with default php 8.3. I'll commit update version with merge-quarterly and flavorization in separate commit without merge-quarterly. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3b783d4ddded795cdd3f5d9aa107f0ffbabbf803 commit 3b783d4ddded795cdd3f5d9aa107f0ffbabbf803 Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:42:39 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:42:39 +0000 net-mgmt/cacti: Flavorize PHP Add PHP flavor to be able to use package with all PHP versions. PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) net-mgmt/cacti/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=75e2ca30e765f24d07c12dc8744a40b0b90f783e commit 75e2ca30e765f24d07c12dc8744a40b0b90f783e Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:31:59 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:31:59 +0000 net-mgmt/cacti: Update 1.2.26 → 1.2.28 (PHP 8.3 support and security fixes) Security fixes in 1.2.27: GHSA-37x7-mfjv-mm7m Authentication Bypass when using using older password hashes GHSA-7cmj-g5qc-pj88 RCE vulnerability when importing packages GHSA-cx8g-hvq8-p2rv RCE vulnerability when plugins include files GHSA-gj3f-p326-gh8r SQL Injection vulnerability when using tree rules through Automation API GHSA-grj5-8fcj-34gh XSS vulnerability when using JavaScript based messaging API GHSA-jrxg-8wh8-943x SQL Injection vulnerability when using form templates GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API GHSA-rqc8-78cm-85j3 XSS vulnerability when managing data queries GHSA-vjph-r677-6pcc SQL Injection vulnerability when retrieving graphs using Automation API Security fixes in 1.2.28: GHSA-49f2-hwx9-qffr XSS vulnerability when creating external links with the consolenewsection parameter GHSA-fgc6-g8gc-wcg5 XSS vulnerability when creating external links with the title parameter GHSA-gxq4-mv8h-6qj4 RCE vulnerability can be executed via Log Poisoning GHSA-wh9c-v56x-v77c XSS vulnerability when creating external links with the fileurl parameter Also 1.2.27 contains fixes for PHP 8.3 compatibility which is default in ports now. Changelogs: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) MFH: 2025Q1 net-mgmt/cacti/Makefile | 4 ++-- net-mgmt/cacti/distinfo | 6 +++--- net-mgmt/cacti/pkg-plist | 14 +++++++++++++- 3 files changed, 18 insertions(+), 6 deletions(-) A commit in branch 2025Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a3784b152ccd7ff13d78bb30bbe75e3364f2a2c1 commit a3784b152ccd7ff13d78bb30bbe75e3364f2a2c1 Author: Vladimir Druzenko <vvd@FreeBSD.org> AuthorDate: 2025-01-17 16:31:59 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-01-17 16:47:51 +0000 net-mgmt/cacti: Update 1.2.26 → 1.2.28 (PHP 8.3 support and security fixes) Security fixes in 1.2.27: GHSA-37x7-mfjv-mm7m Authentication Bypass when using using older password hashes GHSA-7cmj-g5qc-pj88 RCE vulnerability when importing packages GHSA-cx8g-hvq8-p2rv RCE vulnerability when plugins include files GHSA-gj3f-p326-gh8r SQL Injection vulnerability when using tree rules through Automation API GHSA-grj5-8fcj-34gh XSS vulnerability when using JavaScript based messaging API GHSA-jrxg-8wh8-943x SQL Injection vulnerability when using form templates GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API GHSA-rqc8-78cm-85j3 XSS vulnerability when managing data queries GHSA-vjph-r677-6pcc SQL Injection vulnerability when retrieving graphs using Automation API Security fixes in 1.2.28: GHSA-49f2-hwx9-qffr XSS vulnerability when creating external links with the consolenewsection parameter GHSA-fgc6-g8gc-wcg5 XSS vulnerability when creating external links with the title parameter GHSA-gxq4-mv8h-6qj4 RCE vulnerability can be executed via Log Poisoning GHSA-wh9c-v56x-v77c XSS vulnerability when creating external links with the fileurl parameter Also 1.2.27 contains fixes for PHP 8.3 compatibility which is default in ports now. Changelogs: http://www.cacti.net/info/changelog/1.2.27 http://www.cacti.net/info/changelog/1.2.28 PR: 284037 Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer) MFH: 2025Q1 (cherry picked from commit 75e2ca30e765f24d07c12dc8744a40b0b90f783e) net-mgmt/cacti/Makefile | 4 ++-- net-mgmt/cacti/distinfo | 6 +++--- net-mgmt/cacti/pkg-plist | 14 +++++++++++++- 3 files changed, 18 insertions(+), 6 deletions(-) Thank you for your assistance! I appreciate the quick response. Flavor in main branch only. (In reply to Doug White from comment #11) Test please new flavored version and write feedback. Flavored versions checked out on php82 and php83, thanks! Is an UPDATING entry required as the package names changed (cacti -> cacti-php8x)? (In reply to Doug White from comment #14) > Flavored versions checked out on php82 and php83, thanks! Nice! You are welcome! > Is an UPDATING entry required as the package names changed (cacti -> cacti-php8x)? AFAIK no. Origin isn't changed: net-mgmt/cacti. |
