220742 – net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

Bug 220742 - net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

Summary: net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Some People
Assignee:	Danilo G. Baio

URL:	https://github.com/Cacti/cacti/issues...
Keywords:	patch, security

Depends on:
Blocks:

Reported:	2017-07-15 09:23 UTC by Daniel Austin
Modified:	2017-07-17 14:36 UTC (History)
CC List:	3 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1470247

Flags:	dbaio: maintainer-feedback+ dbaio: merge-quarterly+

Attachments
Update cacti to 1.1.13 (999 bytes, patch) 2017-07-15 09:23 UTC, Daniel Austin	freebsd-ports: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Austin 2017-07-15 09:23:31 UTC

Created attachment 184370 [details]
Update cacti to 1.1.13

Update cacti to 1.1.13

(Note: ignore portlint warnings about gettext... it's not required for cacti, it has its own internal gettext support if php support is not found)

As this update also addresses CVE-2017-10970, i've requested merge-quarterly

Poudriere testport logs for 10.3/11.0 i386/amd64 at:

https://poudriere.dan.tm/poudriere/data/latest-per-pkg/cacti/1.1.13/

Comment 1 Kubilay Kocak freebsd_committer

2017-07-15 09:31:04 UTC

maintainer-feedback (+) only needed when requested (?) first

Comment 2 Danilo G. Baio freebsd_committer

2017-07-16 02:32:35 UTC

Hi Daniel.
This security issue is only for version 1.1.12?
If yes, it does not affect the quarterly branch.

We need more information, please.

Comment 3 Daniel Austin 2017-07-16 08:07:47 UTC

(In reply to Danilo G. Baio from comment #2)
Hi Danilo,

According to cacti's bug tracker, it affects all versions up to 1.1.12, see the last comment here:

https://github.com/Cacti/cacti/issues/838

Comment 4 Kubilay Kocak freebsd_committer

2017-07-16 10:57:05 UTC

merge-quarter should remain open/requested (?) until complete (merged: +) or denied (-, with comment)

Comment 5 Danilo G. Baio freebsd_committer

2017-07-16 10:58:44 UTC

(In reply to Daniel Austin from comment #3)

"...releases from 1.0.0 up to and including 1.1.12 susceptible."

So, net-mgmt/cacti88 port is not affected, just net-mgmt/cacti.

Comment 6 commit-hook freebsd_committer

2017-07-16 11:59:08 UTC

A commit references this bug:

Author: dbaio
Date: Sun Jul 16 11:58:03 UTC 2017
New revision: 445997
URL: https://svnweb.freebsd.org/changeset/ports/445997

Log:
  net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

  Changes:	https://www.cacti.net/release_notes.php?version=1.1.13

  PR:		220742
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Approved by:	garga (mentor, implicit)
  MFH:		2017Q3

Changes:
  head/net-mgmt/cacti/Makefile
  head/net-mgmt/cacti/distinfo

Comment 7 commit-hook freebsd_committer

2017-07-17 14:35:32 UTC

A commit references this bug:

Author: dbaio
Date: Mon Jul 17 14:34:56 UTC 2017
New revision: 446074
URL: https://svnweb.freebsd.org/changeset/ports/446074

Log:
  MFH: r445115 r445997

  net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

  Changes:	https://www.cacti.net/release_notes.php?version=1.1.13

  PR:		220742
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Approved by:	ports-secteam (miwi, junovitch), garga (mentor, implicit)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/net-mgmt/cacti/Makefile
  branches/2017Q3/net-mgmt/cacti/distinfo
  branches/2017Q3/net-mgmt/cacti/pkg-plist

Comment 8 Danilo G. Baio freebsd_committer

2017-07-17 14:36:42 UTC

Committed, thanks.