[arch-commits] Commit in cacti/repos (7 files)
David Runge
dvzrv at archlinux.org
Sat Feb 27 14:26:10 UTC 2021
Date: Saturday, February 27, 2021 @ 14:26:10
Author: dvzrv
Revision: 875113
archrelease: copy trunk to community-testing-any
Added:
cacti/repos/community-testing-any/
cacti/repos/community-testing-any/PKGBUILD
(from rev 875112, cacti/trunk/PKGBUILD)
cacti/repos/community-testing-any/cacti-1.2.16-CVE-2020-35701.patch
(from rev 875112, cacti/trunk/cacti-1.2.16-CVE-2020-35701.patch)
cacti/repos/community-testing-any/cacti.install
(from rev 875112, cacti/trunk/cacti.install)
cacti/repos/community-testing-any/cacti.sysusers
(from rev 875112, cacti/trunk/cacti.sysusers)
cacti/repos/community-testing-any/cacti.tmpfiles
(from rev 875112, cacti/trunk/cacti.tmpfiles)
cacti/repos/community-testing-any/cacti.uwsgi
(from rev 875112, cacti/trunk/cacti.uwsgi)
-----------------------------------+
PKGBUILD | 171 ++++++++++++++++++++++++++++++++++++
cacti-1.2.16-CVE-2020-35701.patch | 22 ++++
cacti.install | 9 +
cacti.sysusers | 1
cacti.tmpfiles | 17 +++
cacti.uwsgi | 36 +++++++
6 files changed, 256 insertions(+)
Copied: cacti/repos/community-testing-any/PKGBUILD (from rev 875112, cacti/trunk/PKGBUILD)
===================================================================
--- community-testing-any/PKGBUILD (rev 0)
+++ community-testing-any/PKGBUILD 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,171 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: tuxbubling <tuxbubling at jabber.fr>
+
+pkgname=cacti
+pkgver=1.2.16
+pkgrel=3
+pkgdesc="Network graphing solution using RRDTool"
+arch=('any')
+url="https://www.cacti.net"
+license=('GPL2')
+depends=('php-gd' 'php-snmp' 'rrdtool' 'ttf-dejavu')
+optdepends=('mariadb: use local MySQL server'
+ 'perl: for scripts'
+ 'php-fpm: run in fastCGI process manager'
+ 'uwsgi-plugin-php: run as local application container')
+backup=('etc/webapps/cacti/.htaccess'
+ 'etc/webapps/cacti/config.php')
+source=("https://www.${pkgname}.net/downloads/${pkgname}-${pkgver}.tar.gz"
+ "${pkgname}-1.2.16-CVE-2020-35701.patch"
+ "${pkgname}.uwsgi"
+ "${pkgname}.sysusers"
+ "${pkgname}.tmpfiles")
+install="${pkgname}.install"
+sha512sums=('fe22acf4dea8ab6ec79825d66a84ad4c43fdce2815e7327536d182bc04400ed7b1d268209bbbca8b307c4779ee5bf7369a617ec1f052d8805757c2ca9b30cc35'
+ '8c193f52e5478e12f93152356bce085ed7468b1e19657ae92150bb1eee662020fc4f89d5b7aa507465b82b5224834fd78eaa4389e6007136e1fc7df6e7f115a6'
+ 'ba421785a3a86535dba210b5ac34ad059fac72b809a9027308d047a967de43aa204eda56e129b28f6400859427de123734b338c5d8cd3da1944893fa3ef33e48'
+ '847e2b791de44d0790a2fdb81c77c8af9a66da9d44500f3f8a8d1c0f406d3a20082cc8fef1c6afe4de93ad989d35c79c9809abe14693a9ac6ea74d4696e3b6c1'
+ 'e833e411f74e77773c32589ba83cb1b2f28ca9b35931626480ab7daa63420d47ecfc3061e6703323646b69e1d98536b6f3afdd36faa483fb13aac9b818af0c6e')
+b2sums=('19939d0ff79c895b481aeb7ffec8331d8b9c10a6b7e0dbda6532e06ef0322f21cf02f4bf53a9522e1f672dd04b343f5550e2f34f08b3af2050e1f72465cffc43'
+ 'a64a7ef5de93c2906c9fa5c713bf87e451eeaed297efd67b514fa47fdf11262a39d96f8e1be8bfd7c04fa74d31f830f826bcfd3a71a8230ec7454e360f7540bd'
+ '880cfc1a87abd95a624ffef6f1ae5ac416b4020ae40edc32355314bb33b5003b21ab8ed082b520d70b166739a1b056339cca7b6a6bb82167c14925ae3ca0d34f'
+ '2ec9956b690ab9244e31a58d295ab56b5d0df9fc9586c74edbd55c12d3383430b8a1a8a708d7d747abadb67eee42094562da510ddfc7797978c2683e7b86a252'
+ '0a532bbbd07b21da18ea21eec3f268510740069fb732e3d387f224b93f0539e3e968ba6332bf647ff62f2d98910abc33e35a3e82d335cf7d29a503609e22651f')
+
+prepare() {
+ # adding default .htaccess
+ echo "Require all denied" > "${pkgname}-htaccess"
+ cd "${pkgname}-${pkgver}"
+ # fix CVE-2020-35701: https://bugs.archlinux.org/task/69300
+ patch -Np1 -i "../${pkgname}-1.2.16-CVE-2020-35701.patch"
+ # setting correct install path for spine
+ sed -e 's|/usr/local/spine/bin/spine|/usr/bin/spine|g' \
+ -i install/functions.php
+ # setting correct path for dejavu font
+ sed -e 's|/usr/share/fonts/dejavu/|/usr/share/fonts/TTF/|g' -i lib/rrd.php
+ # remove unneeded executable bits
+ find . -executable -type f -and -not -path "*scripts*" -exec chmod -c 644 {} \;
+}
+
+package() {
+ cd "${pkgname}-${pkgver}"
+ # webapp
+ install -vDm 640 include/config.php -t "${pkgdir}/etc/webapps/${pkgname}"
+ rm -v include/config.php
+ install -vDm 644 *.{php,sql} -t "${pkgdir}/usr/share/webapps/${pkgname}"
+ install -vDm 644 cli/{*.php,.htaccess} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/cli"
+ install -vDm 644 docs/*.{css,html,sql} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/docs"
+ install -vDm 644 docs/images/*.png \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/docs/images"
+ install -vDm 644 formats/*.{format,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/formats"
+ install -vDm 644 images/*.{gif,ico,png,svg} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/images"
+ install -vDm 644 include/{*.{php,js},cacti_version} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include"
+ install -vDm 644 include/content/{*.{html,php},README} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/content"
+ install -vDm 644 include/fa/index.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa"
+ install -vDm 644 include/fa/css/*.{css,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/css"
+ install -vDm 644 include/fa/less/*.{less,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/less"
+ install -vDm 644 include/fa/scss/*.{php,scss} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/scss"
+ install -vDm 644 include/fa/webfonts/*.{eot,php,svg,ttf,woff,woff2} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/webfonts"
+ install -vDm 644 include/fonts/*.ttf \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fonts"
+ install -vDm 644 include/js/*.{js,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/js"
+ install -vDm 644 include/js/LC_MESSAGES/*.{js,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/js/LC_MESSAGES"
+ install -vDm 644 include/themes/index.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes"
+ for theme in {classic,dark,modern,paper-plane,paw,sunrise}; do
+ install -vDm 644 include/themes/${theme}/*.{css,js,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}"
+ install -vDm 644 include/themes/${theme}/default/*.{css,gif,php,png} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/default"
+ install -vDm 644 include/themes/${theme}/images/*.{gif,ico,png,svg} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/images"
+ install -vDm 644 include/themes/${theme}/images/128/*.png \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/images/128"
+ done
+ cp -av include/vendor "${pkgdir}/usr/share/webapps/${pkgname}/include/"
+ install -vDm 644 install/*.{css,csv,js,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/install"
+ install -vDm 644 install/templates/*.gz \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/install/templates"
+ install -vDm 644 install/upgrades/*.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/install/upgrades"
+ install -vDm 644 lib/*.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/lib"
+ install -vDm 644 locales/index.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/locales"
+ install -vDm 644 locales/LC_MESSAGES/*.{mo,php} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/locales/LC_MESSAGES"
+ install -vDm 644 locales/po/*.{php,po,pot} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/locales/po"
+ install -vDm 644 mibs/{index.php,*-MIB} \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/mibs"
+ install -vDm 644 plugins/index.php \
+ -t "${pkgdir}/usr/share/webapps/${pkgname}/plugins"
+ # config
+ install -vDm 644 "${srcdir}/${pkgname}-htaccess" \
+ "${pkgdir}/etc/webapps/${pkgname}/.htaccess"
+ ln -sv "/etc/webapps/${pkgname}/.htaccess" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/.htaccess"
+ ln -sv "/etc/webapps/${pkgname}/config.php" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/include/config.php"
+ # state
+ install -vdm 750 "${pkgdir}/var/lib/${pkgname}"
+ install -vDm 644 rra/.htaccess -t "${pkgdir}/var/lib/${pkgname}/rra"
+ ln -sv "/var/lib/${pkgname}/rra" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/rra"
+ install -vDm 644 resource/index.php \
+ -t "${pkgdir}/var/lib/${pkgname}/resource"
+ install -vDm 644 resource/snmp_queries/*.{php,xml} \
+ -t "${pkgdir}/var/lib/${pkgname}/resource/snmp_queries/"
+ install -vDm 644 resource/script_server/*.{php,xml} \
+ -t "${pkgdir}/var/lib/${pkgname}/resource/script_server/"
+ install -vDm 644 resource/script_queries/*.{php,xml} \
+ -t "${pkgdir}/var/lib/${pkgname}/resource/script_queries/"
+ ln -sv "/var/lib/${pkgname}/resource" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/resource"
+ install -vDm 644 scripts/*.{php,pl,sh} \
+ -t "${pkgdir}/var/lib/${pkgname}/scripts"
+ ln -sv "/var/lib/${pkgname}/scripts" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/scripts"
+ # cache
+ install -vdm 750 "${pkgdir}/var/cache/${pkgname}"
+ install -vDm 644 cache/boost/index.php \
+ -t "${pkgdir}/var/cache/${pkgname}/boost"
+ install -vDm 644 cache/mibcache/index.php \
+ -t "${pkgdir}/var/cache/${pkgname}/mibcache"
+ install -vDm 644 cache/realtime/index.php \
+ -t "${pkgdir}/var/cache/${pkgname}/realtime"
+ install -vDm 644 cache/spikekill/index.php \
+ -t "${pkgdir}/var/cache/${pkgname}/spikekill"
+ ln -sv "/var/cache/${pkgname}" \
+ "${pkgdir}/usr/share/webapps/${pkgname}/cache"
+ # log
+ install -vdm 750 "${pkgdir}/var/log/${pkgname}"
+ install -vDm 644 log/.htaccess -t "${pkgdir}/var/log/${pkgname}"
+ ln -sv "/var/log/${pkgname}" "${pkgdir}/usr/share/webapps/${pkgname}/log"
+ # docs
+ install -vDm 644 {CHANGELOG,README.md} -t "${pkgdir}/usr/share/doc/${pkgname}"
+ # tmpfiles.d
+ install -vDm 644 "${srcdir}/${pkgname}.tmpfiles" \
+ "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+ # sysusers.d
+ install -vDm 644 "${srcdir}/${pkgname}.sysusers" \
+ "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+ # uwsgi config
+ install -vDm 644 "${srcdir}/${pkgname}.uwsgi" \
+ "${pkgdir}/etc/uwsgi/${pkgname}.ini"
+}
Copied: cacti/repos/community-testing-any/cacti-1.2.16-CVE-2020-35701.patch (from rev 875112, cacti/trunk/cacti-1.2.16-CVE-2020-35701.patch)
===================================================================
--- community-testing-any/cacti-1.2.16-CVE-2020-35701.patch (rev 0)
+++ community-testing-any/cacti-1.2.16-CVE-2020-35701.patch 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,22 @@
+diff --git a/data_debug.php b/data_debug.php
+index 1bbed6a0a..a7ffe0829 100644
+--- a/data_debug.php
++++ b/data_debug.php
+@@ -35,6 +35,8 @@
+
+ set_default_action();
+
++validate_request_vars();
++
+ switch (get_request_var('action')) {
+ case 'actions':
+ form_actions();
+@@ -123,8 +125,6 @@
+
+ break;
+ default:
+- validate_request_vars();
+-
+ $refresh = array(
+ 'seconds' => get_request_var('refresh'),
+ 'page' => 'data_debug.php?header=false',
Copied: cacti/repos/community-testing-any/cacti.install (from rev 875112, cacti/trunk/cacti.install)
===================================================================
--- community-testing-any/cacti.install (rev 0)
+++ community-testing-any/cacti.install 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,9 @@
+post_upgrade() {
+ local new_package_version="$1"
+ local old_package_version="$2"
+ if [ $(vercmp "${old_package_version}" "1.2.2") -le 0 ]; then
+cat <<EOF
+The webapp now needs to be run as its own user/group: cacti/cacti.
+EOF
+ fi
+}
Copied: cacti/repos/community-testing-any/cacti.sysusers (from rev 875112, cacti/trunk/cacti.sysusers)
===================================================================
--- community-testing-any/cacti.sysusers (rev 0)
+++ community-testing-any/cacti.sysusers 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1 @@
+u cacti - "Cacti user" -
Copied: cacti/repos/community-testing-any/cacti.tmpfiles (from rev 875112, cacti/trunk/cacti.tmpfiles)
===================================================================
--- community-testing-any/cacti.tmpfiles (rev 0)
+++ community-testing-any/cacti.tmpfiles 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,17 @@
+z /etc/webapps/cacti/*.php 0640 cacti cacti
+d %L/cacti 0750 cacti cacti
+z %L/cacti/*.log - cacti cacti
+d %S/cacti 0750 cacti cacti
+d %S/cacti/rra - cacti cacti
+z %S/cacti/rra/*.rrd - cacti cacti
+d %S/cacti/resource 755 cacti cacti
+d %S/cacti/resource/snmp_queries 755 cacti cacti
+d %S/cacti/resource/script_server 755 cacti cacti
+d %S/cacti/resource/script_queries 755 cacti cacti
+d %S/cacti/scripts 755 cacti cacti
+d %t/cacti 755 cacti cacti
+d %C/cacti 750 cacti cacti
+d %C/cacti/boost 755 cacti cacti
+d %C/cacti/mibcache 755 cacti cacti
+d %C/cacti/realtime 755 cacti cacti
+d %C/cacti/spikekill 755 cacti cacti
Copied: cacti/repos/community-testing-any/cacti.uwsgi (from rev 875112, cacti/trunk/cacti.uwsgi)
===================================================================
--- community-testing-any/cacti.uwsgi (rev 0)
+++ community-testing-any/cacti.uwsgi 2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,36 @@
+[uwsgi]
+procname-master = %n
+plugins = php
+master = true
+socket = /run/%n/%n.sock
+stats = /run/%n/%n-stats.sock
+uid = %n
+gid = %n
+processes = 10
+cheaper = 2
+cheaper-step = 1
+idle = 600
+die-on-idle = true
+touch-reload = %p
+php-allowed-ext = .php
+php-docroot = /usr/share/webapps/%n
+php-index = index.php
+php-set = date.timezone=Europe/Berlin
+php-set = open_basedir=/tmp/:/usr/share/webapps/%n:/etc/webapps/%n:/var/cache/%n:/var/lib/%n:/var/log/%n:/proc/meminfo:/usr/bin/rrdtool:/usr/bin/snmpget:/usr/bin/snmpwalk:/usr/bin/snmpbulkwalk:/usr/bin/snmpgetnext:/usr/bin/snmptrap:/usr/bin/sendmail:/usr/bin/php:/usr/bin/spine:/usr/share/fonts/TTF/
+php-set = memory_limit = 512M
+php-set = max_execution_time = 60
+php-set = session.save_path=/tmp
+php-set = session.gc_maxlifetime 21600
+php-set = session.gc_divisor 500
+php-set = session.gc_probability 1
+php-set = post_max_size=64M
+php-set = upload_max_filesize=64M
+php-set = extension=gd.so
+php-set = extension=gettext.so
+php-set = extension=gmp.so
+php-set = extension=pdo_mysql.so
+php-set = extension=ldap.so
+php-set = extension=snmp
+php-set = extension=sockets.so
+# enable cron after configuring it
+# cron = -5 -1 -1 -1 -1 /usr/bin/php -d date.timezone=Europe/Berlin -d memory_limit=512M -d max_execution_time=60 -d extension=gd -d extension=gettext -d extension=gmp -d extension=pdo_mysql -d extension=ldap -d extension=snmp -d extension=sockets /usr/share/webapps/cacti/poller.php
More information about the arch-commits
mailing list