1.2.11 -security#1566: Add SameSite support for cookies -security#1985: Cookie should be properly verified against password -security#3342: CSRF at Admin Email -security#3343: Improper Access Control on disabling a user. -security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1 -issue#2265: When attempting to save Graph field, query_ifSpeed is not properly validated -issue#2400: Allow ability to duplicate site settings -issue#2428: Make plugins non-case sensitive for folder names, whilst allowing nicer display names -issue#2580: When running DSSTATS, system isn't properly detecting that another is already running -issue#2853: Discovered Devices filtering do not include snmp description or name -issue#3231: Allow user to unlock a tree that has been locked for editing by another -issue#3237: Report gets resent every poller cycle -issue#3247: Language source files do not update "PO-Revision-Date" attribute -issue#3261: Automation rules aren't run for new devices on remote data collectors -issue#3296: Bad PHP memory limit values can result in failed upgrades -issue#3299: When using php-snmp and setting SNMPv3, warning is now shown as library does not support it properly -issue#3303: When installing under Windows OS, path expansion is not converted to PHP required format -issue#3310: When using 32-bit OS, automation errors can be seen due to subnet mask calculations -issue#3312: Console menu does not auto-expand for graph item editor page -issue#3313: When installing, multiple issues can be seen due to bad packages -issue#3314: Script Server has invalid debug code left in -issue#3317: Warnings can appear from CSRF Magic library due to multiple token values being found -issue#3319: Errors can occur upgrading from 0.8.x due to incorrectly detected data source profile id -issue#3322: When searching for LDAP accounts, allow recursive searching -issue#3330: Packages that are not properly formatted can cause installation issues -issue#3334: When upgrading from 0.8.x Automation SNMP Options should be populated -issue#3335: Unable to hide Device based Aggregate Graphs on Tree -issue#3336: Plugins need the ability to relax some content security policies in order to work properly -issue#3340: Undefined variable warning can appear when using 95th percentile graphs -issue#3341: MoTranslator does not appear to be handing null values properly -issue#3345: When attempting to refresh datetime picker, unexpected results can appear -issue#3346: When attempting to rewrite octet strings, extra space breaks pattern matching -issue#3348: When attempting to handle Orphans and/or Sync Graphs, results are not as expected -issue#3349: Prevent setting the PHP variable max_input_vars since it is read only -issue#3350: When editing a data source template, inconsistent results can be seen due to database query -issue#3355: When viewing raw graph data via the GUI, values are not always calculated correctly -issue#3357: Tree Search textbox resizes to 0 in some cases -issue#3360: When using guest accounts, after several timeouts result in refreshes, guest becomes logged out -issue#3363: The current user and user group permissions pages are not responsive -issue#3367: When Data Queries timeout, data is removed from the Host SNMP Cache table causing issues -issue#3368: Saving a Graph Template Item fails due to missing includes -issue#3373: When logging in via LDAP, ActiveDirectory would sometimes report insufficient access -issue#3375: When polling more often than default period of collecting data, distribution of collected data was not occurring -issue#3376: Improve speed when recovering from a poller from offline state -issue#3378: When attempting to check whether to include MoTranslator, typo makes it appear unavailable -issue#3380: php error when trigger threshold sendmail -issue#3386: Second data collector shows as running when its has no items to gather -issue#3387: Minor corrections to CSRF Magic -issue#3388: Naming of CLI programs does not always match name used within syntax usage advice -issue#3390: Incorrect breadcrumb bar if current tab is not "Graphs" -issue#3402: Cacti scores low on performance audit on lighthouse audit -issue#3408: CSRF Secret path is not passed properly when attempting to initialize secret -issue#3409: Issues with navigation link activations to other base Cacti pages -issue#3410: Zoom looses focus in advanced mode while crossing chart border -issue#3411: When upgrading a primary server, full synchronization is not happening as expected -issue#3412: When upgrading a primary server, automation templates are removed -issue#3413: When upgrading and choosing to upgrade your packages, installer finishes without package data in log -feature#1551: Allow system uptime to be a variable for use with graphs -feature#1990: Plugin Realm should have a 'role' to help maintain changes between plugins -feature#2110: Add Refresh Interval to Data Collectors display -feature#2156: Add Location based filtering -feature#2236: Allow for Purging of Data Source Statistics from the GUI -feature#2268: Restore ability to duplicate a data profile -feature#2534: Enhance table navigation bars to support systems with larger number of items -feature#2688: Increase length of Graph Item 'value' field to support pango-markup better -feature#3304: Allow Basic Auth Accounts to be mapped by CSV file -feature#3366: Make form elements under checkbox_groups flow using flex grid style -feature#3374: Set the domain attribute to secure cookies for the 'remember me' option -feature#3403: Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings 1.2.10 -security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813) -issue#3240: When using User Domains, global template user is used instead of the configured domain template user -issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments -issue#3246: When upgrading with remote collectors, sync status does not always return properly -issue#3250: When PHP memory limit is set to -1, recommendation value fails -issue#3253: Upgrade can stall when checking permissions on csrf-secret.php -issue#3254: Installer shows script owner rather than running user for suggested chown command -issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions -issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown -issue#3274: When editing a tree, multiple device drag/drop does not work -issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs -issue#3277: When boost does not find an initial time, numeric errors can be raised -issue#3281: When changing Graph Template options, incorrect image format may be selected -issue#3282: Graph's can be sized incorrectly if image is SVG format -issue#3283: When setting a file path, valid characters not recognised properly -issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen -issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear -issue#3289: When using CMD.PHP, poller id is not always shown properly -issue#3290: When using CMD.PHP, inconsistent device logging levels may occur -issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent -issue#3302: Editing a Graph Template does not show the Data Template name 1.2.9 -security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106) -security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237) -issue#2937: Devices still show in lists despite being deleted -issue#3038: When editing an aggregate on smaller screens, layout may not be correct -issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used -issue#3142: Chrome sets graphs tree navigation view to width 0px -issue#3146: Unable to create aggregate graphs on new installations -issue#3149: After refresh of page, tooltips stop working -issue#3150: When using Time Graph View, Zooming can cause errors -issue#3151: Passing glue string after array is deprecated in PHP 7.4 -issue#3155: Aggregate does not correctly follow color template when reordered -issue#3156: On new installs, gprint_format was missing from table aggregate_graphs -issue#3157: Back button not working properly with Classic theme -issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu -issue#3159: PHP Memory is not correctly identified when value is not in megabytes -issue#3161: When the poller_output_boost table is missing, recreate it before a poller run -issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect -issue#3165: Zoom looses its focus after all graphs on page rendered -issue#3166: When changing zoom level, graphs are resized inappropriately at the end -issue#3167: Installer should initialize the csrf-secret.php file automatically -issue#3168: sqltable_to_php.php script does not pick up row_format -issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues -issue#3178: The change password page is not displaying the rules -issue#3180: Receiving undefined index errors when working with some Data Queries -issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed -issue#3182: When a database connection error occurs, there is no way to report actual error -issue#3184: Improve program path detection by using system path and PHP_BINDIR -issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins -issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines -issue#3200: Unable to mass change Graph Template image format in mass -issue#3206: Converted aggregate graph cannot be edited -issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template -issue#3216: When editing a Data Source Profile size is shown as 'N/A' -issue#3224: When removing graphs by command line, regex is not properly validated when empty -issue#3225: Unable to Import Templates due to invalid dependency hash -issue#3226: When processing secpass login, failed logins are not recorded -issue#3228: Login page does not remember the last realm used by user -issue#3232: When editing HRULE and VRULE items, color selector was not presented -issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent -issue#3235: Transient errors may occur with table poller_output_boost_arch 1.2.8 -security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible) -security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed -security#3066: When using HTTPS, secure cookie to prevent potential weakness -issue#1228: Any tree or branch with a long name force main content off screen -issue#2133: Long snmp_indexes are being cut off -issue#2888: Long hostnames cause template filter to go off page -issue#2987: Changing Color Template does not update Aggregate -issue#2989: Allow Remote Data Collectors to maintain their own path variables -issue#2991: Cacti Statistics device template can generate unexpected errors -issue#2995: When editing a report, column setting may be ignored incorrectly -issue#2996: When editing a user, graph options do not properly reflect previously saved settings -issue#2998: Session performance issues due to excessive use for database storage -issue#2999: Blank arguments can lead to extra spaces in script arguments -issue#3006: Boost generates undefined variables warning during poller run -issue#3011: i18n logging does not check write permission exists -issue#3012: When viewing realtime graphs, some input variables are not properly checked -issue#3013: Allow legends to be modified for Aggregate Graphs -issue#3017: Automation network range with spaces fails validation -issue#3019: User selected language is not always adhered to -issue#3021: Tree view cuts off at the bottom of page on modern theme -issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly -issue#3027: Aggregate Graph re-ordering does not work -issue#3028: When zooming a graph, unable to reach edge of graph without losing focus -issue#3030: Pace continues to run even after a page is finished rendering -issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present. -issue#3035: When editing a tree, can not remove entries due to CSS bug -issue#3037: When emptying poller output using cli, debug functions are not properly included -issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file -issue#3040: When running automation, discovery can still run even if cancelled -issue#3041: When running automation, scans do not always respond to being cancelled -issue#3042: When running automation, scan can fail when selecting remote pollers -issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur -issue#3047: When saving settings, ignore remote pollers who have not checked in recently -issue#3050: When viewing graph trees, some input variables are not properly checked -issue#3052: When editing CDEF's, slow database performance can occur -issue#3053: When viewing graph thumbnails, some input variables are not properly checked -issue#3055: During install/upgrade, database tests are not performed correctly -issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation -issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic -issue#3061: When running automation, allow SNMP to be used as a ping method -issue#3068: When administrating users, some input variables are not properly checked -issue#3070: Improve database logging when a crashed table is encountered -issue#3073: Automation network range does not always produce the correct start/end values -issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly -issue#3079: Allow domain names to be stripped from a device's long description -issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized -issue#3085: When editing a poller, ensure each listening IP is unique -issue#3081: External Links are not showing a glyph when they appear on the Console menu -issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs -issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its vertical_label -issue#3101: Polling times can be slightly inconsistent due -issue#3104: When viewing graphs, a byref error can be seen in the error logs -issue#3105: When viewing hosts, some input variables are not properly checked -issue#3111: When adding devices via command line, bad SNMP versions are not reported -issue#3112: When zooming on Graphs, too many requests are being made causing slowness -issue#3114: Support for USB devices that change name due to their hosts restarting -issue#3118: When converting tables, the dynamic row format should be selected -issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded -issue#3120: Correct issues causing incompatibility with PHP 7.4 -issue#3121: When converting tables during install, show what will be changed -issue#3123: Named colors table is not properly imported/upgraded -issue#3124: When a second data collector is added, boost is not enabled automatically -issue#3128: i18n handler checks for existence of wrong mo file -issue#3129: Logout repeated occurs even when already logged out -issue#3132: Installer fails to continue if automation range is array of networks -issue#3098: Support percent sign(%) in graph gprint item like legend area. -feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing
134 lines
5.3 KiB
134 lines
5.3 KiB
# $NetBSD: Makefile,v 1.47 2020/04/21 13:55:21 mef Exp $
DISTNAME= cacti-1.2.11
MASTER_SITES= https://www.cacti.net/downloads/
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= https://www.cacti.net/
COMMENT= Web frontend to rrdtool for monitoring systems and services
LICENSE= gnu-gpl-v2
#DEPENDS+= ${PHP_PKG_PREFIX}-gd-[0-9]*:../../graphics/php-gd
DEPENDS+= ${PHP_PKG_PREFIX}-json-[0-9]*:../../textproc/php-json
DEPENDS+= ${PHP_PKG_PREFIX}-zlib-[0-9]*:../../archivers/php-zlib
DEPENDS+= ${PHP_PKG_PREFIX}-mbstring-[0-9]*:../../converters/php-mbstring
DEPENDS+= ${PHP_PKG_PREFIX}-pdo_mysql-[0-9]*:../../databases/php-pdo_mysql
DEPENDS+= ${PHP_PKG_PREFIX}-snmp-[0-9]*:../../net/php-snmp
DEPENDS+= ${PHP_PKG_PREFIX}-sockets-[0-9]*:../../net/php-sockets
DEPENDS+= ${PHP_PKG_PREFIX}-gmp-[0-9]*:../../devel/php-gmp
DEPENDS+= ${PHP_PKG_PREFIX}-posix-[0-9]*:../../devel/php-posix
DEPENDS+= ${PHP_PKG_PREFIX}-ldap-[0-9]*:../../databases/php-ldap
DEPENDS+= ${PHP_PKG_PREFIX}-gettext-[0-9]*:../../devel/php-gettext
DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}-[0-9]*:../../www/ap-php
.include "../../mk/bsd.prefs.mk"
.include "../../lang/php/phpversion.mk"
.include "../../mk/apache.mk"
EGDIR= ${PREFIX}/share/examples/cacti
CONF_FILES+= ${EGDIR}/httpd-cacti.conf ${PKG_SYSCONFDIR}/httpd-cacti.conf
CONF_FILES+= ${EGDIR}/config.php ${CACTIDIR}/include/config.php
CACTIDIR= ${PREFIX}/share/cacti
CACTI_RRADIR?= ${VARBASE}/db/cacti-rra
REPLACE.php.old= .*php[^ ]*
REPLACE.php.new= ${PREFIX}/bin/php
REPLACE_FILES.php= include/vendor/cldr-to-gettext-plural-rules/bin/export-plural-rules
REPLACE_PERL+= scripts/*.pl
SUBST_STAGE.paths= pre-configure
SUBST_FILES.paths= ${WRKDIR}/httpd-cacti.conf
SUBST_FILES.paths+= ${WRKDIR}/cacti-poller
SUBST_FILES.paths+= poller_maintenance.php utilities.php
SUBST_FILES.paths+= cli/install_cacti.php install/functions.php
SUBST_FILES.paths+= include/global.php include/global_settings.php
SUBST_FILES.paths+= lib/clog_webapi.php lib/installer.php lib/functions.php
SUBST_CLASSES+= perl-xml
SUBST_STAGE.perl-xml= pre-configure
SUBST_FILES.perl-xml= resource/script_queries/unix_disk.xml
SUBST_SED.perl-xml= -e 's,>perl,>${PERL5},'
OWN_DIRS_PERMS+= ${CACTIDIR}/resource/snmp_queries ${CACTI_USER} ${APACHE_GROUP} 775
OWN_DIRS_PERMS+= ${CACTIDIR}/resource/script_server ${CACTI_USER} ${APACHE_GROUP} 775
OWN_DIRS_PERMS+= ${CACTIDIR}/resource/script_queries ${CACTI_USER} ${APACHE_GROUP} 775
REQD_FILES_PERMS+= ${CACTIDIR}/log/.htaccess ${CACTI_LOGDIR}/.htaccess \
REQD_FILES_PERMS+= ${CACTIDIR}/rra/.htaccess ${CACTI_RRADIR}/.htaccess \
INSTALLATION_DIRS+= share/examples/cacti
PLIST_VARS+= localmemory
.if ${OPSYS} == "FreeBSD" || ${OPSYS} == "Linux" || \
${OPSYS} == "NetBSD" || ${OPSYS} == "SunOS"
PLIST.localmemory= yes
${CP} ${FILESDIR}/httpd-cacti.conf ${WRKDIR}/
${CP} ${FILESDIR}/cacti-poller ${WRKDIR}/
${CP} ${FILESDIR}/freebsd_memory.pl ${WRKSRC}/scripts/
${CP} ${FILESDIR}/netbsd_memory.pl ${WRKSRC}/scripts/
${CP} ${FILESDIR}/solaris_memory.pl ${WRKSRC}/scripts/
${CHMOD} 644 ${WRKSRC}/rra/.htaccess
cd ${WRKSRC}/scripts; \
if [ -f ${LOWER_OPSYS}_memory.pl ]; then \
${LN} -fs ${LOWER_OPSYS}_memory.pl local_memory.pl; \
${INSTALL_DATA} ${WRKDIR}/httpd-cacti.conf \
${INSTALL_DATA} ${WRKSRC}/include/config.php \
${FIND} ${WRKSRC} -type f -name '*.orig' -exec ${RM} -f {} \;
cd ${WRKSRC} && ${PAX} -rw -s ',\./include/config\.php,,' \
${INSTALL_SCRIPT} ${WRKDIR}/cacti-poller ${DESTDIR}${PREFIX}/bin
.include "../../databases/rrdtool/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"