Bug 245198 - net-mgmt/cacti: Update to 1.2.10
Summary: net-mgmt/cacti: Update to 1.2.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ben Woods
URL: https://www.cacti.net/changelog.php
Keywords: buildisok
Depends on:
Blocks: 245205
  Show dependency treegraph
Reported: 2020-03-31 06:52 UTC by Michael Muenz
Modified: 2020-04-08 14:14 UTC (History)
3 users (show)

See Also:
woodsb02: maintainer-feedback+
woodsb02: merge-quarterly+

Cacti 1.2.10 (11.36 KB, patch)
2020-03-31 06:52 UTC, Michael Muenz
no flags Details | Diff
updated 1.2.10 patch (2.89 KB, patch)
2020-04-06 07:34 UTC, Michael Muenz
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Muenz 2020-03-31 06:52:42 UTC
Created attachment 212884 [details]
Cacti 1.2.10

Update to latest version 1.2.10.
There are several security related CVE's fixed with 1.2.9 and 1.2.10 (CVE-2020-8813, CVE-2020-7106, CVE-2020-7237).

Maybe need quarterly.

I'll add a separate PR for vuxml later today.
Comment 1 Automation User 2020-03-31 12:11:42 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/131308333
Comment 2 Ben Woods freebsd_committer 2020-04-01 22:25:42 UTC
Hi Dan, can I request a quick response from you on this one, given it fixes multiple security vulnerabilities?

Also, I noticed there have been a few maintainer timeouts recently for cacti - are you still interesting in maintaining this port? I know all too well how life takes over and gets in the way of volunteer efforts such as port maintainership.
Comment 3 Ben Woods freebsd_committer 2020-04-05 05:13:08 UTC
Hi Dan, sorry to hassle, but could I please push for a comment on this diff?
Comment 4 Daniel Austin 2020-04-05 12:41:15 UTC
(In reply to Ben Woods from comment #3)
Hi Ben,
Sorry, super busy here :(

Diff looks ok, other than all the occurrences of '%%CACTIUSER%%' in pkg-plist filenames instead of the word 'cacti'... so long as the user IS cacti, it will be ok - but if anyone changes the username it would fail as those files are statically named after the product not the username.

I'm more than happy for anyone to take over maintainership of this port.
I'm really stuck for time lately :(
Comment 5 Michael Muenz 2020-04-06 07:33:29 UTC
The cacti user changes in plist came from poudriere, I'll enclose an updated patch without it.

Today Cacti 1.2.11 is out but no security issues, so we can stick with 1.2.10 and after-merge I'll create a new PR for 1.2.11 and replace the maintainer as you already wished couple of updates ago.
Comment 6 Michael Muenz 2020-04-06 07:34:09 UTC
Created attachment 213117 [details]
updated 1.2.10 patch
Comment 7 commit-hook freebsd_committer 2020-04-07 14:25:30 UTC
A commit references this bug:

Author: woodsb02
Date: Tue Apr  7 14:24:40 UTC 2020
New revision: 530981
URL: https://svnweb.freebsd.org/changeset/ports/530981

  net-mgmt/cacti: Update to 1.2.10

  Changes this release:

  PR:		245198
  Submitted by:	Michael Muenz <m.muenz@gmail.com>
  Approved by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  MFH:		2020Q2
  Security:	https://www.vuxml.org/freebsd/e2b564fc-7462-11ea-af63-38d547003487.html

Comment 8 Ben Woods freebsd_committer 2020-04-07 14:30:18 UTC
Committed with 1 change (the %%CACTIUSER%% and %%CACTIGROUP%% variables were deliberately used in the owner and group commands within pkg-plist, so I did not commit that part of the diff).

Thanks for the patch Michael, and for your review+approval Dan.

Awaiting approval from ports-secteam to merge this commit to ports quarterly branch to mitigate the security vulnerability there also.
Comment 9 commit-hook freebsd_committer 2020-04-08 14:14:23 UTC
A commit references this bug:

Author: woodsb02
Date: Wed Apr  8 14:13:37 UTC 2020
New revision: 531118
URL: https://svnweb.freebsd.org/changeset/ports/531118

  MFH: r530981

  net-mgmt/cacti: Update to 1.2.10

  Changes this release:

  PR:		245198
  Submitted by:	Michael Muenz <m.muenz@gmail.com>
  Approved by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
  Security:	https://www.vuxml.org/freebsd/e2b564fc-7462-11ea-af63-38d547003487.html

  Approved by:	ports-secteam (joneum)

_U  branches/2020Q2/
Comment 10 Ben Woods freebsd_committer 2020-04-08 14:14:55 UTC
Committed to ports quarterly branch. Thanks again team, consider this one closed!