Bug 220742 - net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)
Summary: net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: Danilo G. Baio
URL: https://github.com/Cacti/cacti/issues...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2017-07-15 09:23 UTC by Daniel Austin
Modified: 2017-07-17 14:36 UTC (History)
3 users (show)

See Also:
dbaio: maintainer-feedback+
dbaio: merge-quarterly+


Attachments
Update cacti to 1.1.13 (999 bytes, patch)
2017-07-15 09:23 UTC, Daniel Austin
freebsd-ports: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Austin 2017-07-15 09:23:31 UTC
Created attachment 184370 [details]
Update cacti to 1.1.13

Update cacti to 1.1.13

(Note: ignore portlint warnings about gettext... it's not required for cacti, it has its own internal gettext support if php support is not found)

As this update also addresses CVE-2017-10970, i've requested merge-quarterly

Poudriere testport logs for 10.3/11.0 i386/amd64 at:

https://poudriere.dan.tm/poudriere/data/latest-per-pkg/cacti/1.1.13/
Comment 1 Kubilay Kocak freebsd_committer 2017-07-15 09:31:04 UTC
maintainer-feedback (+) only needed when requested (?) first
Comment 2 Danilo G. Baio freebsd_committer 2017-07-16 02:32:35 UTC
Hi Daniel.
This security issue is only for version 1.1.12?
If yes, it does not affect the quarterly branch.

We need more information, please.
Comment 3 Daniel Austin 2017-07-16 08:07:47 UTC
(In reply to Danilo G. Baio from comment #2)
Hi Danilo,

According to cacti's bug tracker, it affects all versions up to 1.1.12, see the last comment here:

https://github.com/Cacti/cacti/issues/838
Comment 4 Kubilay Kocak freebsd_committer 2017-07-16 10:57:05 UTC
merge-quarter should remain open/requested (?) until complete (merged: +) or denied (-, with comment)
Comment 5 Danilo G. Baio freebsd_committer 2017-07-16 10:58:44 UTC
(In reply to Daniel Austin from comment #3)

"...releases from 1.0.0 up to and including 1.1.12 susceptible."

So, net-mgmt/cacti88 port is not affected, just net-mgmt/cacti.
Comment 6 commit-hook freebsd_committer 2017-07-16 11:59:08 UTC
A commit references this bug:

Author: dbaio
Date: Sun Jul 16 11:58:03 UTC 2017
New revision: 445997
URL: https://svnweb.freebsd.org/changeset/ports/445997

Log:
  net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

  Changes:	https://www.cacti.net/release_notes.php?version=1.1.13

  PR:		220742
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Approved by:	garga (mentor, implicit)
  MFH:		2017Q3

Changes:
  head/net-mgmt/cacti/Makefile
  head/net-mgmt/cacti/distinfo
Comment 7 commit-hook freebsd_committer 2017-07-17 14:35:32 UTC
A commit references this bug:

Author: dbaio
Date: Mon Jul 17 14:34:56 UTC 2017
New revision: 446074
URL: https://svnweb.freebsd.org/changeset/ports/446074

Log:
  MFH: r445115 r445997

  net-mgmt/cacti: Update to 1.1.13 (Fixes security vulnerability)

  Changes:	https://www.cacti.net/release_notes.php?version=1.1.13

  PR:		220742
  Submitted by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Approved by:	ports-secteam (miwi, junovitch), garga (mentor, implicit)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/net-mgmt/cacti/Makefile
  branches/2017Q3/net-mgmt/cacti/distinfo
  branches/2017Q3/net-mgmt/cacti/pkg-plist
Comment 8 Danilo G. Baio freebsd_committer 2017-07-17 14:36:42 UTC
Committed, thanks.