[arch-commits] Commit in cacti/repos (7 files)

David Runge dvzrv at archlinux.org
Sat Feb 27 14:26:10 UTC 2021


    Date: Saturday, February 27, 2021 @ 14:26:10
  Author: dvzrv
Revision: 875113

archrelease: copy trunk to community-testing-any

Added:
  cacti/repos/community-testing-any/
  cacti/repos/community-testing-any/PKGBUILD
    (from rev 875112, cacti/trunk/PKGBUILD)
  cacti/repos/community-testing-any/cacti-1.2.16-CVE-2020-35701.patch
    (from rev 875112, cacti/trunk/cacti-1.2.16-CVE-2020-35701.patch)
  cacti/repos/community-testing-any/cacti.install
    (from rev 875112, cacti/trunk/cacti.install)
  cacti/repos/community-testing-any/cacti.sysusers
    (from rev 875112, cacti/trunk/cacti.sysusers)
  cacti/repos/community-testing-any/cacti.tmpfiles
    (from rev 875112, cacti/trunk/cacti.tmpfiles)
  cacti/repos/community-testing-any/cacti.uwsgi
    (from rev 875112, cacti/trunk/cacti.uwsgi)

-----------------------------------+
 PKGBUILD                          |  171 ++++++++++++++++++++++++++++++++++++
 cacti-1.2.16-CVE-2020-35701.patch |   22 ++++
 cacti.install                     |    9 +
 cacti.sysusers                    |    1 
 cacti.tmpfiles                    |   17 +++
 cacti.uwsgi                       |   36 +++++++
 6 files changed, 256 insertions(+)

Copied: cacti/repos/community-testing-any/PKGBUILD (from rev 875112, cacti/trunk/PKGBUILD)
===================================================================
--- community-testing-any/PKGBUILD	                        (rev 0)
+++ community-testing-any/PKGBUILD	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,171 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: tuxbubling <tuxbubling at jabber.fr>
+
+pkgname=cacti
+pkgver=1.2.16
+pkgrel=3
+pkgdesc="Network graphing solution using RRDTool"
+arch=('any')
+url="https://www.cacti.net"
+license=('GPL2')
+depends=('php-gd' 'php-snmp' 'rrdtool' 'ttf-dejavu')
+optdepends=('mariadb: use local MySQL server'
+            'perl: for scripts'
+            'php-fpm: run in fastCGI process manager'
+            'uwsgi-plugin-php: run as local application container')
+backup=('etc/webapps/cacti/.htaccess'
+        'etc/webapps/cacti/config.php')
+source=("https://www.${pkgname}.net/downloads/${pkgname}-${pkgver}.tar.gz"
+        "${pkgname}-1.2.16-CVE-2020-35701.patch"
+        "${pkgname}.uwsgi"
+        "${pkgname}.sysusers"
+        "${pkgname}.tmpfiles")
+install="${pkgname}.install"
+sha512sums=('fe22acf4dea8ab6ec79825d66a84ad4c43fdce2815e7327536d182bc04400ed7b1d268209bbbca8b307c4779ee5bf7369a617ec1f052d8805757c2ca9b30cc35'
+            '8c193f52e5478e12f93152356bce085ed7468b1e19657ae92150bb1eee662020fc4f89d5b7aa507465b82b5224834fd78eaa4389e6007136e1fc7df6e7f115a6'
+            'ba421785a3a86535dba210b5ac34ad059fac72b809a9027308d047a967de43aa204eda56e129b28f6400859427de123734b338c5d8cd3da1944893fa3ef33e48'
+            '847e2b791de44d0790a2fdb81c77c8af9a66da9d44500f3f8a8d1c0f406d3a20082cc8fef1c6afe4de93ad989d35c79c9809abe14693a9ac6ea74d4696e3b6c1'
+            'e833e411f74e77773c32589ba83cb1b2f28ca9b35931626480ab7daa63420d47ecfc3061e6703323646b69e1d98536b6f3afdd36faa483fb13aac9b818af0c6e')
+b2sums=('19939d0ff79c895b481aeb7ffec8331d8b9c10a6b7e0dbda6532e06ef0322f21cf02f4bf53a9522e1f672dd04b343f5550e2f34f08b3af2050e1f72465cffc43'
+        'a64a7ef5de93c2906c9fa5c713bf87e451eeaed297efd67b514fa47fdf11262a39d96f8e1be8bfd7c04fa74d31f830f826bcfd3a71a8230ec7454e360f7540bd'
+        '880cfc1a87abd95a624ffef6f1ae5ac416b4020ae40edc32355314bb33b5003b21ab8ed082b520d70b166739a1b056339cca7b6a6bb82167c14925ae3ca0d34f'
+        '2ec9956b690ab9244e31a58d295ab56b5d0df9fc9586c74edbd55c12d3383430b8a1a8a708d7d747abadb67eee42094562da510ddfc7797978c2683e7b86a252'
+        '0a532bbbd07b21da18ea21eec3f268510740069fb732e3d387f224b93f0539e3e968ba6332bf647ff62f2d98910abc33e35a3e82d335cf7d29a503609e22651f')
+
+prepare() {
+  # adding default .htaccess
+  echo "Require all denied" > "${pkgname}-htaccess"
+  cd "${pkgname}-${pkgver}"
+  # fix CVE-2020-35701: https://bugs.archlinux.org/task/69300
+  patch -Np1 -i "../${pkgname}-1.2.16-CVE-2020-35701.patch"
+  # setting correct install path for spine
+  sed -e 's|/usr/local/spine/bin/spine|/usr/bin/spine|g' \
+      -i install/functions.php
+  # setting correct path for dejavu font
+  sed -e 's|/usr/share/fonts/dejavu/|/usr/share/fonts/TTF/|g' -i lib/rrd.php
+  # remove unneeded executable bits
+  find . -executable -type f -and -not -path "*scripts*" -exec chmod -c 644 {} \;
+}
+
+package() {
+  cd "${pkgname}-${pkgver}"
+  # webapp
+  install -vDm 640 include/config.php -t "${pkgdir}/etc/webapps/${pkgname}"
+  rm -v include/config.php
+  install -vDm 644 *.{php,sql} -t "${pkgdir}/usr/share/webapps/${pkgname}"
+  install -vDm 644 cli/{*.php,.htaccess} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/cli"
+  install -vDm 644 docs/*.{css,html,sql} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/docs"
+  install -vDm 644 docs/images/*.png \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/docs/images"
+  install -vDm 644 formats/*.{format,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/formats"
+  install -vDm 644 images/*.{gif,ico,png,svg} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/images"
+  install -vDm 644 include/{*.{php,js},cacti_version} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include"
+  install -vDm 644 include/content/{*.{html,php},README} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/content"
+  install -vDm 644 include/fa/index.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa"
+  install -vDm 644 include/fa/css/*.{css,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/css"
+  install -vDm 644 include/fa/less/*.{less,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/less"
+  install -vDm 644 include/fa/scss/*.{php,scss} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/scss"
+  install -vDm 644 include/fa/webfonts/*.{eot,php,svg,ttf,woff,woff2} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fa/webfonts"
+  install -vDm 644 include/fonts/*.ttf \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/fonts"
+  install -vDm 644 include/js/*.{js,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/js"
+  install -vDm 644 include/js/LC_MESSAGES/*.{js,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/js/LC_MESSAGES"
+  install -vDm 644 include/themes/index.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes"
+  for theme in {classic,dark,modern,paper-plane,paw,sunrise}; do
+    install -vDm 644 include/themes/${theme}/*.{css,js,php} \
+      -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}"
+    install -vDm 644 include/themes/${theme}/default/*.{css,gif,php,png} \
+      -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/default"
+    install -vDm 644 include/themes/${theme}/images/*.{gif,ico,png,svg} \
+      -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/images"
+    install -vDm 644 include/themes/${theme}/images/128/*.png \
+      -t "${pkgdir}/usr/share/webapps/${pkgname}/include/themes/${theme}/images/128"
+  done
+  cp -av include/vendor "${pkgdir}/usr/share/webapps/${pkgname}/include/"
+  install -vDm 644 install/*.{css,csv,js,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/install"
+  install -vDm 644 install/templates/*.gz \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/install/templates"
+  install -vDm 644 install/upgrades/*.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/install/upgrades"
+  install -vDm 644 lib/*.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/lib"
+  install -vDm 644 locales/index.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/locales"
+  install -vDm 644 locales/LC_MESSAGES/*.{mo,php} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/locales/LC_MESSAGES"
+  install -vDm 644 locales/po/*.{php,po,pot} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/locales/po"
+  install -vDm 644 mibs/{index.php,*-MIB} \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/mibs"
+  install -vDm 644 plugins/index.php \
+    -t "${pkgdir}/usr/share/webapps/${pkgname}/plugins"
+  # config
+  install -vDm 644 "${srcdir}/${pkgname}-htaccess" \
+    "${pkgdir}/etc/webapps/${pkgname}/.htaccess"
+  ln -sv "/etc/webapps/${pkgname}/.htaccess" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/.htaccess"
+  ln -sv "/etc/webapps/${pkgname}/config.php" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/include/config.php"
+  # state
+  install -vdm 750 "${pkgdir}/var/lib/${pkgname}"
+  install -vDm 644 rra/.htaccess -t "${pkgdir}/var/lib/${pkgname}/rra"
+  ln -sv "/var/lib/${pkgname}/rra" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/rra"
+  install -vDm 644 resource/index.php \
+    -t "${pkgdir}/var/lib/${pkgname}/resource"
+  install -vDm 644 resource/snmp_queries/*.{php,xml} \
+    -t "${pkgdir}/var/lib/${pkgname}/resource/snmp_queries/"
+  install -vDm 644 resource/script_server/*.{php,xml} \
+    -t "${pkgdir}/var/lib/${pkgname}/resource/script_server/"
+  install -vDm 644 resource/script_queries/*.{php,xml} \
+    -t "${pkgdir}/var/lib/${pkgname}/resource/script_queries/"
+  ln -sv "/var/lib/${pkgname}/resource" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/resource"
+  install -vDm 644 scripts/*.{php,pl,sh} \
+    -t "${pkgdir}/var/lib/${pkgname}/scripts"
+  ln -sv "/var/lib/${pkgname}/scripts" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/scripts"
+  # cache
+  install -vdm 750 "${pkgdir}/var/cache/${pkgname}"
+  install -vDm 644 cache/boost/index.php \
+    -t "${pkgdir}/var/cache/${pkgname}/boost"
+  install -vDm 644 cache/mibcache/index.php \
+    -t "${pkgdir}/var/cache/${pkgname}/mibcache"
+  install -vDm 644 cache/realtime/index.php \
+    -t "${pkgdir}/var/cache/${pkgname}/realtime"
+  install -vDm 644 cache/spikekill/index.php \
+    -t "${pkgdir}/var/cache/${pkgname}/spikekill"
+  ln -sv "/var/cache/${pkgname}" \
+    "${pkgdir}/usr/share/webapps/${pkgname}/cache"
+  # log
+  install -vdm 750 "${pkgdir}/var/log/${pkgname}"
+  install -vDm 644 log/.htaccess -t "${pkgdir}/var/log/${pkgname}"
+  ln -sv "/var/log/${pkgname}" "${pkgdir}/usr/share/webapps/${pkgname}/log"
+  # docs
+  install -vDm 644 {CHANGELOG,README.md} -t "${pkgdir}/usr/share/doc/${pkgname}"
+  # tmpfiles.d
+  install -vDm 644 "${srcdir}/${pkgname}.tmpfiles" \
+    "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+  # sysusers.d
+  install -vDm 644 "${srcdir}/${pkgname}.sysusers" \
+    "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+  # uwsgi config
+  install -vDm 644 "${srcdir}/${pkgname}.uwsgi" \
+    "${pkgdir}/etc/uwsgi/${pkgname}.ini"
+}

Copied: cacti/repos/community-testing-any/cacti-1.2.16-CVE-2020-35701.patch (from rev 875112, cacti/trunk/cacti-1.2.16-CVE-2020-35701.patch)
===================================================================
--- community-testing-any/cacti-1.2.16-CVE-2020-35701.patch	                        (rev 0)
+++ community-testing-any/cacti-1.2.16-CVE-2020-35701.patch	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,22 @@
+diff --git a/data_debug.php b/data_debug.php
+index 1bbed6a0a..a7ffe0829 100644
+--- a/data_debug.php
++++ b/data_debug.php
+@@ -35,6 +35,8 @@
+ 
+ set_default_action();
+ 
++validate_request_vars();
++
+ switch (get_request_var('action')) {
+ 	case 'actions':
+ 		form_actions();
+@@ -123,8 +125,6 @@
+ 
+ 		break;
+ 	default:
+-		validate_request_vars();
+-
+ 		$refresh = array(
+ 			'seconds' => get_request_var('refresh'),
+ 			'page'    => 'data_debug.php?header=false',

Copied: cacti/repos/community-testing-any/cacti.install (from rev 875112, cacti/trunk/cacti.install)
===================================================================
--- community-testing-any/cacti.install	                        (rev 0)
+++ community-testing-any/cacti.install	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,9 @@
+post_upgrade() {
+  local new_package_version="$1"
+  local old_package_version="$2"
+  if [ $(vercmp "${old_package_version}" "1.2.2") -le 0 ]; then
+cat <<EOF
+The webapp now needs to be run as its own user/group: cacti/cacti.
+EOF
+  fi
+}

Copied: cacti/repos/community-testing-any/cacti.sysusers (from rev 875112, cacti/trunk/cacti.sysusers)
===================================================================
--- community-testing-any/cacti.sysusers	                        (rev 0)
+++ community-testing-any/cacti.sysusers	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1 @@
+u cacti - "Cacti user" -

Copied: cacti/repos/community-testing-any/cacti.tmpfiles (from rev 875112, cacti/trunk/cacti.tmpfiles)
===================================================================
--- community-testing-any/cacti.tmpfiles	                        (rev 0)
+++ community-testing-any/cacti.tmpfiles	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,17 @@
+z /etc/webapps/cacti/*.php 0640 cacti cacti
+d %L/cacti 0750 cacti cacti
+z %L/cacti/*.log - cacti cacti
+d %S/cacti 0750 cacti cacti
+d %S/cacti/rra - cacti cacti
+z %S/cacti/rra/*.rrd - cacti cacti
+d %S/cacti/resource 755 cacti cacti
+d %S/cacti/resource/snmp_queries 755 cacti cacti
+d %S/cacti/resource/script_server 755 cacti cacti
+d %S/cacti/resource/script_queries 755 cacti cacti
+d %S/cacti/scripts 755 cacti cacti
+d %t/cacti 755 cacti cacti
+d %C/cacti 750 cacti cacti
+d %C/cacti/boost 755 cacti cacti
+d %C/cacti/mibcache 755 cacti cacti
+d %C/cacti/realtime 755 cacti cacti
+d %C/cacti/spikekill 755 cacti cacti

Copied: cacti/repos/community-testing-any/cacti.uwsgi (from rev 875112, cacti/trunk/cacti.uwsgi)
===================================================================
--- community-testing-any/cacti.uwsgi	                        (rev 0)
+++ community-testing-any/cacti.uwsgi	2021-02-27 14:26:10 UTC (rev 875113)
@@ -0,0 +1,36 @@
+[uwsgi]
+procname-master = %n
+plugins = php
+master = true
+socket = /run/%n/%n.sock
+stats = /run/%n/%n-stats.sock
+uid = %n
+gid = %n
+processes = 10
+cheaper = 2
+cheaper-step = 1
+idle = 600
+die-on-idle = true
+touch-reload = %p
+php-allowed-ext = .php
+php-docroot = /usr/share/webapps/%n
+php-index = index.php
+php-set = date.timezone=Europe/Berlin
+php-set = open_basedir=/tmp/:/usr/share/webapps/%n:/etc/webapps/%n:/var/cache/%n:/var/lib/%n:/var/log/%n:/proc/meminfo:/usr/bin/rrdtool:/usr/bin/snmpget:/usr/bin/snmpwalk:/usr/bin/snmpbulkwalk:/usr/bin/snmpgetnext:/usr/bin/snmptrap:/usr/bin/sendmail:/usr/bin/php:/usr/bin/spine:/usr/share/fonts/TTF/
+php-set = memory_limit = 512M
+php-set = max_execution_time = 60
+php-set = session.save_path=/tmp
+php-set = session.gc_maxlifetime  21600
+php-set = session.gc_divisor  500
+php-set = session.gc_probability  1
+php-set = post_max_size=64M
+php-set = upload_max_filesize=64M
+php-set = extension=gd.so
+php-set = extension=gettext.so
+php-set = extension=gmp.so
+php-set = extension=pdo_mysql.so
+php-set = extension=ldap.so
+php-set = extension=snmp
+php-set = extension=sockets.so
+# enable cron after configuring it
+# cron = -5 -1 -1 -1 -1 /usr/bin/php -d date.timezone=Europe/Berlin -d memory_limit=512M -d max_execution_time=60 -d extension=gd -d extension=gettext -d extension=gmp -d extension=pdo_mysql -d extension=ldap -d extension=snmp -d extension=sockets /usr/share/webapps/cacti/poller.php


More information about the arch-commits mailing list