# # spec file for package cacti # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: cacti Version: 1.1.5 Release: 1.1 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0+ Group: System/Monitoring Url: http://www.cacti.net/ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz Source1: %{name}.cron Source2: %{name}-httpd.conf Source3: %{name}.logrotate Source4: %{name}-httpd.conf.default # PATCH-FIX-UPSTREAM cacti-config.patch Patch0: %{name}-config.patch BuildRequires: apache-rpm-macros BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?suse_version} BuildRequires: apache2-devel %else BuildRequires: httpd-devel %endif Requires: httpd Requires: logrotate Requires: net-snmp Requires: php-gmp Requires: php-ldap Requires: php-mbstring Requires: php-openssl Requires: php-posix Requires: php-snmp >= 5.1 Requires: php-zlib Requires: rrdtool %if 0%{?suse_version} Requires: cron Requires: mod_php_any >= 5.1 Requires: php-sockets >= 5.1 %endif %if 0%{?fedora_version} Requires: php-mysqlnd >= 5.1 %else Requires: php-mysql >= 5.1 %endif Provides: cacti-system Obsoletes: cacti-PA Provides: cacti-PA Conflicts: cacti-spine < %{version} Conflicts: cacti-spine > %{version} %if 0%{?suse_version} <= 1210 %define cacti_dir %{_datadir}/cacti %else %define cacti_dir %{apache_datadir}/cacti/cacti %endif %description Cacti is a complete front-end to RRDtool: it stores all necessary information for creating graphs and populates them with data from a MySQL database. The front-end is completely PHP driven. Along with being ableto maintain graphs, data sources, and round robin archives ina database, Cacti also handles data gathering. There exists an SNMP support for those accustomed to creating traffic graphs with MRTG as well. %package doc Summary: Documentation for Cacti Group: Documentation/HTML Requires: %{name} = %{version} %description doc Cacti is a complete front-end to RRDtool: it stores all necessary information for creating graphs and populates them with data from a MySQL database. The front-end is completely PHP driven. Along with being ableto maintain graphs, data sources, and round robin archives ina database, Cacti also handles data gathering. There exists an SNMP support for those accustomed to creating traffic graphs with MRTG as well. This package contains the HTML documentation for Cacti. %prep %setup -q %patch0 -p1 #delete the *.orig files find . -type f -name "*\.orig" -exec rm {} \; %build #nothing to build %install install -d -m 0755 %{buildroot}%{cacti_dir} install -d -m 0755 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name} cp *.php %{buildroot}%{cacti_dir} cp -pr cache %{buildroot}%{cacti_dir} cp -pr cli %{buildroot}%{cacti_dir} cp -pr formats %{buildroot}%{cacti_dir} cp -pr images %{buildroot}%{cacti_dir} cp -pr include %{buildroot}%{cacti_dir} cp -pr install %{buildroot}%{cacti_dir} cp -pr lib %{buildroot}%{cacti_dir} cp -pr locales %{buildroot}%{cacti_dir} cp -pr mibs %{buildroot}%{cacti_dir} cp -pr plugins %{buildroot}%{cacti_dir} cp -pr resource %{buildroot}%{cacti_dir} cp -pr rra %{buildroot}%{cacti_dir} cp -pr scripts %{buildroot}%{cacti_dir} install -d -m 0755 scripts %{buildroot}%{cacti_dir}/scripts install -m 0755 scripts/* %{buildroot}%{cacti_dir}/scripts install -d -m 0755 cli %{buildroot}%{cacti_dir}/cli install -m 0755 cli/* %{buildroot}%{cacti_dir}/cli install -m 0644 *.sql %{buildroot}%{cacti_dir} # cron task install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" -e "s;__APACHEUSER__;%{apache_user};g" \ %{SOURCE1} > %{buildroot}%{_sysconfdir}/cron.d/%{name} # apache2 config %if 0%{?suse_version} %if 0%{?suse_version} > 1210 install -d -m 0755 %{buildroot}%{apache_sysconfdir}/conf.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" %{SOURCE4} > %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf install -d -m 0755 %{buildroot}%{apache_sysconfdir}/vhosts.d/conf.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" -e "s;;;g" \ %{SOURCE4} > %{buildroot}%{apache_sysconfdir}/vhosts.d/conf.d/%{name}.conf %endif %if 0%{?suse_version} <= 1210 install -d -m 0755 %{buildroot}%{apache_sysconfdir}/conf.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" %{SOURCE2} > %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf %endif %else install -d -m 0755 %{buildroot}%{apache_sysconfdir}/../conf.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" %{SOURCE2} > %{buildroot}%{apache_sysconfdir}/../conf.d/%{name}.conf %endif # logrotate config mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ sed -e "s;__APACHEUSER__;%{apache_user};g" -e "s;__APACHEGROUP__;%{apache_group};g" \ %{SOURCE3} > %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Set the correct permissions for pl and sh files #find %%{buildroot}%%{cacti_dir} -type f -name "*.sh" -o -name "*.pl" -exec chmod ugo+x {} \; # compute files list without config file find %{buildroot}%{cacti_dir} -type d | sed -e 's|'%{buildroot}'|%dir |' >> %{name}.list find %{buildroot}%{cacti_dir} -type f ! -name config.php | sed -e 's|'%{buildroot}'||' >> %{name}.list ln -sf %{_localstatedir}/log/%{name} %{buildroot}%{cacti_dir}/log %post chown -R %{apache_user}:%{apache_group} %{cacti_dir}/rra %files -f %{name}.list %defattr(-,root,root) %doc LICENSE README.md docs/txt %attr(-,%{apache_user},%{apache_group}) %dir %{_localstatedir}/lib/%{name} %attr(-,%{apache_user},%{apache_group}) %dir %{_localstatedir}/log/%{name} %attr(-,%{apache_user},%{apache_group}) %{cacti_dir}/log %config(noreplace) %{cacti_dir}/include/config.php %config(noreplace) %{_sysconfdir}/cron.d/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %if 0%{?suse_version} %if 0%{?suse_version} <= 1210 %dir %{apache_sysconfdir}/conf.d %config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf %endif %if 0%{?suse_version} > 1210 %dir %{apache_sysconfdir}/conf.d %config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf %dir %{apache_sysconfdir}/vhosts.d/conf.d %config(noreplace) %{apache_sysconfdir}/vhosts.d/conf.d/%{name}.conf %endif %else %dir %{apache_sysconfdir}/../conf.d %config(noreplace) %{apache_sysconfdir}/../conf.d/%{name}.conf %endif %files doc %defattr(-,root,root) %doc docs/html %changelog * Wed Apr 26 2017 liedke@rz.uni-mannheim.de - Build version 1.1.5 * issue#580: Data collection warnings when using cmd.php * issue#592: Incorrectly formatted HTML * issue#606: Replace in data input methods * issue#607: Allow draw_menu to specify multiple actions for the same URL * issue#608: Spaces adjacent to double quotes are eliminated during data input method import * issue#609: Honor the column setting in graph tree view mode * issue#610: Change Graph Template action not available * issue#611: Cacti Installation Wizard - Spine page incorrect on Windows * issue#612: Uncaught Error: Call to a member function row() on a string * issue#613: Network Automation, now requires a site or your are unable to save rules * issue#615: Data Input field length too short for longer scripts * issue#619: Export logging option in settings no longer used * Mon Apr 24 2017 liedke@rz.uni-mannheim.de - Build version 1.1.4 * issue#524: Reporting not working when Tree branch is device * issue#560: Add 'Duplicate' and 'Convert to Graph Template' back to Graph Management page for Advanced mode * issue#573: Missing Graph Template dropdown items * issue#575: Very large hex strings result in scientific notation that RRDtool rejects * issue#579: Problems logging in using nginx web server * issue#581: session_start() warnings when manually sending reports * issue#584: Issues reporting memory recommendation on utilities page * issue#586: Overrunning pollers can cause system load spikes * issue#587: Data Collector setting under Network Discovery is not being used * issue#588: Devices with blank sysDescr are added to the first Device Template in error * issue#589: Automation discovery does not allow site association * issue#590: Unable to create a plugin based menu * issue#591: Row selection in Device Automation Templates not sane with drag-n-drop enabled * issue#601: Resolving some translation issues * issue#604: Unexpected backtrace on regular expression filters * issue#605: Remove Spikes non-numeric data causes warnings * issue: Ping email does not use a from email address * issue: Automation does not recognize default size or poller * issue: Unable to drag-n-drop on automation templates pages when enabled * issue: Fixed number of hosts in poller stats for first poller * issue: Fixed screenwidth issue in tab PHP-Info of Utilities module * issue: Recovery poller could get stuck in some situations * issue: Fix JavaScript errors when managing Aggregate Graphs * feature: Reorganize defaults to place more on device defaults page * feature: Update jQuery tableDnD to version 0.9 * feature: More tolerant of empty PHP_SELF found with some web servers * Sun Apr 16 2017 liedke@rz.uni-mannheim.de - Build version 1.1.3 * issue#515: Unable to import color CSV file * issue#519: In non-classic themes its not possible to remove Cacti log or reporting tabs * issue#520: SQL error in graph automation * issue#521: Cacti allows removal of Data Query Graph Template associations when they are in use * issue#525: LAST GPRINT type not rendered correctly due to lack of escaping * issue#530: Undefined function get_vdef in lib/rrd.php * issue#531: Issues with TextAlign and Tick graph items * issue#532: Unreliable scroll height causes issues in Chrome * issue#533: User settings not cleared after saving profile * issue#534: Automation issue with AS clause * issue#538: Unable to rename tree folder * issue#541: Issues with mobile graph viewing * issue#555: DSStats SQL insert errors due to data collection issues * issue#563: Division by zero in removespikes.php * issue: Fixed rendering issues with HRULE's on graphs * issue: Update jsTree to 3.3.4 version * feature: Improved responsiveness UI tables, filters, and menus * Mon Apr 3 2017 liedke@rz.uni-mannheim.de - Build version 1.1.2 * issue#492: Error while adding non data query (cg) graphs * issue#494: CLI error while importing template * issue#499: SQL error in graph automation resulting in no graphs on tree * issue#500: Generic SNMP device package damaged - Unix Ping Host * issue#505: Log rotation does not work in some cases * issue#506: Undefined index: cactiStatsDeviceFailedPolls * issue#507: Nextwork discovery 'export' produces no results * issue#509: Minor bug with device ownership selection * feature: Add new legend type that includes Current/Average/ Minimum/Maximum * feature: Update d3.js to latest version 4.7.4 * Tue Mar 28 2017 liedke@rz.uni-mannheim.de - Build version 1.1.1 * issue#457: Continued LDAP issues with initial user creation * issue#461: The function escapeshell arg not appropriate on Windows * issue#462: LDAP authorization issues: group membership check broken for 'Group Member Type' = 'Username' * issue#464: Change default batch spike removal limits for standard deviation and variance * issue#465: Less than sign inside items and labels of graph break graph * issue#466: Call to member function row() on a non-object in lib/snmpagent.php * issue#467: Reduce the number of queries in log function * issue#472: Schema changes to improve performance issue#485: When editing a device, the ping status was not always returned * issue: Back button issues due to syntax problems in JavaScript * issue: Zoom periodically would loose it's crosshairs after zooming * issue: Zoom would zoom out into the future even when disabled * issue: Fixing lite corruption in graph_templates_item table * feature: Make SpikeKill options more consistent * feature#459: Add variable date time option to report mail subject * feature#460: Add external_id to host variables * feature#469: Change re-index method of Data Query from Device edit * feature: Support generalized date format approach in the GUI * feature: Use localStorage over a Cookie for Zoom setting storage * feature: Fully implement 'Remove Orphans' from Package import process * Tue Mar 21 2017 joop.boonen@opensuse.org - Build version 1.1.0 * issue#337: Generic SNMP OID Graph Template damanged * issue#338: Extremely slow new graph/DS creation * issue#353: Broadcast & Multicast Packet counters missing * issue#376: Structured RRD path permission issues * issue#389: Manual template based graph creation not working * issue#407: The RRDfile does not exist message is misleading * issue#410: Select character data was interpreted as hex by cacti_snmp_walk() * issue#422: additional issues with LDAP authentication * issue#424: Automation does not discover devices w/o resolvable hostnames * issue#427: undefined index TotalVisibleMemorySize on FreeBSD * issue#432: SpikeKill menu wonky on Paw Theme * issue#434: password_verify not compatible in php5.4- * issue#435: urlPath missing from paw theme links * issue#436: Restricted user does not see graphs in tree view * issue#443: Allow remote_agent.php through a NAT * issue#446: No local admin when using multiple LDAP configuration * issue#447: Creating another non data query graph from same template reuses first data source * issue#449: exec_poll_php does not flush pipes when using script server * issue#450: Graph list view - No Graphs Found * issue: Improve email test exception errors and change default timeout to 10 seconds * issue: When on links page, breadcrumbs would become corrupted * issue: When upgrading from any version of Cacti to 1.0.5, SQL's relative to poller_reindex might appear * issue: Color page performance poor * issue: The Device dropdown on the Graph View page was unreliable * issue: Aggregate and non-Device Graphs in list view had not Device or Title description * issue: Re-engineer back button design to accomocate ajax and native navigation * issue: Make Graph Template filter wider * issue: Resolve some visual issues in Classic theme * feature: Add page refresh API to make page refreshing in Ajax easier to accomplish * feature: Update fontawesome to version 4.7 * feature: Use fontawesome glyphs for menu items * feature: Support multiple column sort in table library * feature: Add glyphs to main Cacti console menu * Wed Mar 15 2017 liedke@rz.uni-mannheim.de - cacti 1.0.6: * issue#386: Allow special characters in graph title * issue#414: Install Wizard check path for spine * issue#415: SNMP session handling broken * issue#418: LDAP create user from template not working * Mon Mar 13 2017 liedke@rz.uni-mannheim.de - cacti 1.0.5: * issue#296: Poller warning for Non-SNMP device * issue#319: Add default 'High Collection Rate' data source profile to new installs to demonstrate concept of multiple rates * issue#330: Import templates to non-default Data Profile * issue#337: Error when try create new graph - SNMP - Generic OID issue#342: Infinite loop in poller_automation.php with invalid schedule * issue#343: Device discovery cannot handle dots in device name * issue#344: Unable to upgrade to latest Cacti on FreeBSD * issue#353: Legacy broadcast & multicast packet counters missing in interface.xml * issue#354: Place on tree dashes / ordering is not correct * issue#355: Replace table rows with count when using InnoDB tables * issue#357: If recovery mode runs longer than a polling interval, a second is spawned * issue#358: Sending test e-mail results in warning * issue#360: Issue importing cacti.sql with some charsets * issue#364: Moving graph item causes page render issue * issue#365: ss_host_disk.php and ss_host_cpu.php should use return * issue#367: Upgrade chart.js to version 2.5 * issue#368: Issue with device automation ip vs. ip_address * issue#369: Interface bits/second total Bandwidth wrong CDEF * issue#375: Drag and Drop of Devices and Graphs allows dropping onto self * issue#380: Ignores a non-standard SNMP port * issue#382: When using php5.5+ new users unable to change their password * issue#384: graph_view.php backtrace errors * issue#385: Unable to place an aggregate grapn on a subtree * issue#390: Display graphs from this aggregate icon next to graph not displaying * issue#392: cdef.php missing sql where for system cdef's * issue#398: checkbox is not honored when creating tree * issue#399: External link configuration: Order buttons don't work * issue#400: SNMP Engine ID (v3) field too short * issue#401: Graphs -> Apply Automation Rules fails * issue#404: Success even when test mail fails * issue#406: HRULE text format special characters not escaped * issue#408: Suppress SNMP units suffix from cacti_snmp_get() output * issue: Improve is_ipaddress functions * issue: Drag & drop showing when disabled on page automation_templates.php * issue: Output messages displayed incorrectly in automation_templates.php and automation_snmp.php * issue: Importing template from old Cacti would not show data templates * issue: Handle snmp error exceptions better * issue: Update Apache .htaccess files to support multiple version * issue: When executing a full sync, if the table structured has changed, recreate the remote table * issue: Multiple domains not working as expected * feature#197: Add external_id to Cacti for linking Cacti to other monitoring systems * feature#332: Support copy user groups * feature: Log proper IP address if logging in behind a NAT * feature: New qquery parsing rules: VALUE/TEST, VALUE/TABLE, VALUE/HEX2IP * Tue Feb 28 2017 joop.boonen@opensuse.org - Only allow to use the same spine version as the cacti version * Mon Feb 27 2017 liedke@rz.uni-mannheim.de - cacti 1.0.4: * feature: Javascript: make menu movement smooth and use localStorage * feature: Added cacti_snmp_get_raw() for plugin developers * issue#288: Function cacti_snmp_get bad handling of wierd value into snmp_value * issue#298: Graph generation issue with SNMP - Bits/Sec + Total Bandwith * issue#301: Unresolvable DNS hostname causing backtraces * issue#302: spikekill memory leak * issue#303: Error when creating tree items with "&" in the name * issue#307: Aggregate graph gives CMDPHP errors * issue#308: UI resize issue * issue#309: Show "Save Successful" notification permanently * issue#311: Graph thumbnail settings in profile setting does not work * issue#320: Users can not change their own password * issue#324: Aggregate template graph template JavaScript error * issue#352: Add configurable auto-logout and page-reload options * issue#329: Customize the favicon * issue#334: primary key on poller output boost table not efficient/not being used correctly * issue: Fixed issues with Dark theme * issue: Fixed issues with Paw theme * issue: Fix timespan calculation * issue: Added misplaced join condition when generating RRDTool graphs * issue: Fix the selection of timestan based on local_graph_id and rra_id * issue: Correct error in discovery not adding devices * issue: Action message did not always display * issue: fix regex to use Domains like www.t-online.de * issue: Properly align Order columns. * issue: address renaming issues with tree items. * issue: Add device snmp --version is ambiguous * issue: SNMP Availability failed to report down devices - This only was occuring for cmd.php collector. * issue: i18n remove embedded HTML syntax * issue: Wrap menu items to avoid scrolling * Sun Feb 19 2017 astieger@suse.com - cacti 1.0.3: * Upgrade 0.8.8h to 1.0.0 fails to create poller_output_boost table * Added missing template import hash for 1.0.2 * Mon Feb 13 2017 joop.boonen@opensuse.org - Build version 1.0.2 * Changelog - issue#278: Correct Boost Status display issue - issue#275: Permission View issue and Device Dropdown when in Classic Theme - issue#270: Major Mib Cache corruption. Rebuild your MIB Cache after upgrading - issue: Resolve Cacti logo on Graphs page in Classic Theme - Created a config.php fix patch, cacti-config.patch * Wed Feb 8 2017 joop.boonen@opensuse.org - Build version 1.0.1 * Fixes CVE-2014-4000 bnc#022564 * Deleted cacti-log-path.patch is now handled via a symblink from /srv/www/cacti/log to /var/log/cacti * 1.0.1 - feature: SpikeKill allows filling range to last known good value - issue#261: Add IPv4 and IPv6 Specific Counters to interfaces.xml - issue#257: Poller Output Table not Empty WARNING messages in cacti.log - issue#256: New Graph - Add Graph Items Fails (Data Sources shows None) - issue#255: Errors Creating new Graphs - Undefined Index Errors - issue#254: Unable to Properly add Data Source - issue#251: Remote Data Collector stuck on upgrade page - issue#247: Devices missing from tree device list - issue#245: Drag and Drop in Tree Edit Erratic - issue#243: SMTP Ping Failure with not SNMP Authentication - issue#241: Authentication Method: None not functional - issue#240: SQL error when install plugin - issue#238: Duplicate color id's cause error during Upgrade - issue#231: SNMPv3 - PHP ERROR WARNING: Fatal error: Unknown user name in file - issue: Resolving visual issues with row counts. - issue: When deleting Graphs prevent the removal of Data Sources that are still in use - issue: Improve SNMP agent performance through SQL optimizations * 1.0.0 - feature: Support for remote data collectors - feature: Support Internationalization (i18n) for the main Cacti site, and supported plugins - feature: Data Source Profiles replace RRA settings allowing a single system to have multiple polling intervals - feature: Redesigned Tree page including Drag & Drop functionality - feature: New Graph Permissions system designed to make permissions simple to manage - feature: Add Themes 'Classic', 'Modern', 'Dark', and 'Paw' - feature: Debug Data Sources by comparing them to the Data Template - feature: New special Data Source type to detect the poller interval - feature: Bulk inserts in PHP poller to address latency issues - feature: Optimize data collection through in memory caching giving a 50%% reduction in polling times when dealing with large sites - feature: Support RRDtool VDEFs - feature: Support new Graph Items: AREA:STACK, GPRINT:AVERAGE, GPRINT:LAST, GPRINT:MAX, GPRINT:MIN, LINE:STACK, TEXTALIGN, TICK - feature: Support RRDtool features: Right Axis Support, Dynamic Labels, Tab Width, Legend Position, Legend Direction - feature; Resizeable table columns - feature: Deprecated Single Pane Tree View - feature: Role Based Access Control (RBAC) - feature: Support User Group Permissions - feature: Show number of in use Graphs, Data Sources, and Devices for a given Template - feature: Support bulk re-sync of graphs to assigned Graph Template - feature: Bulk Device Settings changes - feature: CDEFs, Colors, GPrint Presets consolidated to Presets menu - feature: Authentication cookies for 'remember me' functionality - feature: Automatic logout after session inactivity - feature: Replace Boost server in favor of RRDtool Proxy - feature: Graph Details include CSV output, zoom, debug, and download links - feature: Graph Export moved to a plugin - feature: User change password functionality - feature: Automation added to core functionality through the merge of the Discovery and AutoM8 plugins - feature: Change interface graphs from 32 bit to 64 bit with ease - feature: Plugins now have hooks in device templates and automation - feature: Allow users to preview template imports to determine if there will be issues from importing - feature: Automatic removal of orphaned graph items when importing newer versions of graph templates - feature: Support for MySQL 5.7 - feature: Support for PHP 7.0 - feature: Merge Aggregate Plugin - Aggregate graph creation - feature: Merge AutoM8 Plugin - Automation of graph creation - feature: Merge Boost Plugin - Faster polling, result caching, on-demand RRDtool file updates - feature: Merge CLog Plugin - View Cacti logs - feature: Merge Discovery Plugin - Device discovery - feature: Merge Domains Plugin - Support for domain (ADS/LDAP) specific user templates - feature: Merge DSStats Plugin - Cache Data Source values for easy retrieval - feature: Merge Logrotate Plugin - Rotate Cacti logs - feature: Merge Realtime Plugin - Realtime graph viewing - feature: Merge Reporting (Nectar) Plugin - Reporting - feature: Merge RRDclean Plugin - RRD file cleanup and management - feature: Merge Secpass Plugin - User password policy enforcement - feature: Merge Settings Plugin - Shared settings for plugins - feature: Merge SNMP Agent Plugin - SNMP Agent for Cacti providing system statistics - feature: Merge SpikeKill Plugin - Remove unwanted spikes from graphs - feature: Merge SSL Plugin - Force https - feature: Merge SuperLinks Plugin - Add external links within Cacti - feature: Merge UGroup Plugin - User groups with permissions - feature: Merge Watermark Plugin - Watermark your Cacti graphs - bug: Fixed issue where old graph templates (0.8.6-), could import bogus data causing issues with Data Input Methods - bug#0000168: Duplicate data sources should be avoided when creating new graphs - bug#0000851: Review an imported template - bug#0001155: When viewing graph tree do not show empty nodes - bug#0001337: Form to filter for graphs in host view mode - bug#0001552: Date ranges not shown on graphs in the view with Daily, Weekly, Monthly & Yearly graphs - bug#0001573: RRA templates/grouping - bug#0001577: Override session handling and store session in Database - bug#0001790: Allow for XML delimiter in fields of a script query - bug#0001820: Unable to use a Data Input Method Output Field in more than one Data Source Item - bug#0001827: Changing the graph template messes up the graph item fields - bug#0001836: Add mysql error message to log - bug#0001877: Cookies path is not properly set - bug#0001966: Expand Devices in tree view not honored - bug#0001970: Data query index order cache should be populated on re-index - bug#0001981: Cacti is not full UTF-8 - bug#0001986: CLI allow add_graphs.php to have multiples --snmp-field and --snmp-value options - bug#0001996: Allow using data input field in graph title - bug#0002096: Enumerated SNMP values not parsed correctly - bug#0002112: CLI add configurable parameters for device_add.php - bug#0002133: Restrict User to only manage specific device(s) - bug#0002135: Regular expression support for filter - bug#0002137: Data query oid_suffix parameter does not function - bug#0002159: Database creation file not fully compliant with strict SQL mode - bug#0002162: Unable to authenticate user with password containing UTF-8 - bug#0002196: Incorrect script server instance number in log - bug#0002225: Make -Cc SNMP option configurable - bug#0002255: Script query_unix_partitions.pl should only query local mounts - bug#0002336: Implement php-snmp class library - bug#0002340: Data query script execution should be escaped - bug#0002350: SNMP Data Query index_order ignored - bug#0002351: Ping does not work with non-English locale - bug#0002361: Spine does not log unknowns the same way cmd.php - bug#0002362: Poller cmd.php makes wrong hex-string to decimal conversion - bug#0002370: Cacti prints wrong date formats, does not honor a systems locale - bug#0002403: Typo in DELETE statement leading to poor graphing performance - bug#0002412: Graph Template duplication causes to be converted to TAB char - bug#0002418: Data Source Items named 'ds' break UI ability to add more items - bug#0002419: SNMP enum results not parsed correctly by cmd.php poller - bug#0002452: CVE-2014-4000 PHP Object Injection Vulnerabilities - bug#0002454: OS Command Injection - bug#0002468: Changing graph format to anything but PNG causes no output - bug#0002476: Add support for SNMP v3 EngineID - bug#0002483: Cisco ASA using Re-index method of verify all causes recache event every time - bug#0002484: Incorrect SQL request in cli script repair_database.php - bug#0002521: Unable to create two devices via CLI with the same IP-Address - bug#0002522: Zero padded hex strings are parsed incorrectly - bug#0002535: Graph Template Changes not updating RRDTool command - bug#0002636: Creating Data Template with "U" for min and max saves field data_input_field_id as 0 for first item - bug#0002697: CVE-2016-2313 allows remote authenticated users who use web authentication to bypass intended access - bug#0002698: When the host is down the wrong data type are used for some columns in the host table - bug#0002723: Renaming a disabled device still attempts to connect and get SNMP host information - bug#0002724: Multipage graphs the menu can disappear - bug#0002725: Changing graph template does not mark correct interfaces disabled on data query generated list * Mon May 9 2016 liedke@rz.uni-mannheim.de - cacti 0.8.8h: * Authentication using web authentication as a user not in the cacti database allows complete access (regression) * Cacti SQL Injection Vulnerability (CVE-2016-3172) (boo#971357) * When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck * Cacti graph_view.php SQL Injection Vulnerability (CVE-2016-3659) (boo#974013) * Outdated MIBs for non-unicast packets * Index is a MySQL 5.6 reserved word * generate_graph_def_name() generates reserved word "cf" * Mon Feb 22 2016 astieger@suse.com - cacti 0.8.8g: * various graphing, PHP, HTML, output and monitoring fixes * Drop CVE-2015-8369.patch, CVE-2015-8604-CVE-2015-8377.patch, CVE-2016-2313.patch * Tue Feb 9 2016 astieger@suse.com - Fix the following vulnerabilities: * CVE-2015-8369: SQL injection in graph.php (boo#958863) * CVE-2015-8604: SQL injection in graphs_new.php (boo#960678) * CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977) * CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930) - adding CVE-2015-8369.patch, CVE-2015-8604-CVE-2015-8377.patch, CVE-2016-2313.patch * Mon Nov 16 2015 aj@ajaissle.de - Spec cleanup, split -doc package - Universal "Requires:" for httpd and mod_php_any [boo#867607] - Dropped cacti.cron.new - Updated cacti.cron - Dropped cacti-httpd.conf.vhost - Dropped cacti-httpd.conf.nonsuse - Updated cacti-httpd.conf (for openSUSE <= 1210 and other) - Updated cacti-httpd.conf.default (for openSUSE > 1210) - Dropped cacti-script.patch (applies to a non-packaged file) - Updated cacti.logrotate * Sun Jul 26 2015 astieger@suse.com - cacti 0.8.8f: * 0.8.8e Poller Script Parser is Broken * cli/upgrade_database.php is missing releases * Graph managment graphs.php save button does not work * Poller Script Parser is Broken * Mon Jul 20 2015 joop.boonen@opensuse.org - Fixed the spec file so the package also builds for el7, Fedora 20 > etc. * Sat Jul 18 2015 astieger@suse.com - Update to 0.8.8e: This update contains importand security fixes: [boo#937997] - Multiple XSS and SQL injection vulnerabilities - CVE-2015-4634 - SQL injection in graphs.php Further fixes: - Fixed issue with graph zooming failing to work - Impossible to have a URL pointing directly to a graph - Cannot delete data sources from the GUI - viewing host in new tab - Undefined index: nodeid - status_fail_date and status_rec_date are set incorrectly after host is marked down - Incorrect value in Hosts column on Host Templates page - Incorrect row number in Devices -> (Edit) page * Tue Jun 16 2015 joop.boonen@opensuse.org - Update to version 0.8.8d - Fixes [bnc#934187] - CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities - feature: Remove un-needed fonts and javascript files - bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540 - bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors - bug#0002391: Odd Behaviour on ReIndex of Data Query Data - bug#0002393: Broken thumbnail images for graph templates - bug#0002402: Subtree must not have the same header as the parent header - bug#0002474: CLI add_device.php dows not set availability_method correctly - bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag - bug#0002428: Fail to delete all data input items when removing more than 1000 data sources - bug#0002439: Password with special character don't work with LDAP authentication - bug#0002461: invalid bn with ldap and anonymous bind - bug#0002465: Graph Export return empty CSV file - bug#0002484: Incorrect SQL request in cli script repair_database.php - bug#0002485: Broken pagenation on graph viewing - bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time - bug#0002490: Can not select page for multiple datasources per device - bug#0002494: CSV export always shows last day - bug#0002504: Data template search not functional - bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification - bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation - bug#0002544: Duplicate entry in $nav_url during list view - bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342 - bug#0002572: SQL injection in graph templates - Renamed two patch files, to a more generic name: - cacti-0.8.8c-cacti-log-path.patch to cacti-log-path.patch - cacti-0.8.8c-cacti-script.patch to cacti-script.patch * Mon Dec 8 2014 aldemir.akpinar@gmail.com - Update to version 0.8.8c - New features - New graph tree view - Updated graph list and graph preview - Refactor graph tree view to remove GPL incompatible code - Updated command line database upgrade utility - Graph zooming now from everywhere - Security fixes - CVE-2013-5588 - XSS issue via installer or device editing - CVE-2013-5589 - SQL injection vulnerability in device editing - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export - CVE-2014-4002 - XSS issues in multiple files - CVE-2014-5025 - XSS issue via data source editing - CVE-2014-5026 - XSS issues in multiple files - Removed cacti-0.8.8b-cacti-log-path.patch as it is incompatible with 0.8.8c. - Removed cacti-0.8.8b-cacti-script.patch as it is incompatible with 0.8.8c. - Removed cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch as this code is incorprated to cacti 0.8.8c - Removed cacti-0.8.8b_security.patch as this code is incorprated to cacti 0.8.8c - Created cacti-0.8.8c-cacti-log-path.patch so that cacti only logs to /var/log/cacti - Created cacti-0.8.8c-cacti-script.patch so that cacti uses /usr/share/cacti/scripts * Sun Apr 13 2014 aj@ajaissle.de - Add cacti-0.8.8b_security.patch: - Fixes [bnc#870821]: - CVE-2014-2326: Unspecified HTML Injection Vulnerability - Fixes CVE-2014-2328: - Unspecified Remote Command Execution Vulnerability - Fixes [bnc#872008]: - CVE-2014-2708: Unspecified SQL Injection Vulnerability - CVE-2014-2709: Unspecified Remote Command Execution Vulnerability - Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch: - Fixes [bnc#837440]: - CVE-2013-5588: HTML Injection Vulnerability - CVE-2013-5589: SQL Injection Vulnerability * Sat Apr 12 2014 aj@ajaissle.de - Change php requirements to be more general on SUSE systems [bnc#862993] * Thu Aug 8 2013 joop.boonen@opensuse.org - Update to version 0.8.8b - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installations - bug: Fix issue with poller not escaping the script query path correctly - bug: Allow snmpv3 priv proto none - bug: Fix issue where host activate may flush the entire poller item cache - security: SQL injection and shell escaping issues * Mon Jun 4 2012 aldemir.akpinar@airties.com - Added official cacti 0.8.8a patch * Mon Apr 30 2012 aldemir.akpinar@airties.com - New version 0.8.8a - Fixed an rpmlint warning * Mon Apr 16 2012 joop.boonen@opensuse.org - Corrected the crontab file for openSUSE >= 12.2 - Some cross distro fixes so plugins will also build for other distros * Tue Apr 10 2012 joop.boonen@opensuse.org - Install cacti in /srv/www/cacti/ from openSUSE 12.2 onwards - Passed the spec file through spec-cleaner - Cacti-PA can be removed as cacti includes the Plugin Architure * Tue Apr 10 2012 aldemir.akpinar@airties.com - Minor changes in the spec file, updated version to 0.8.8 * Sun Jan 8 2012 joop.boonen@boonen.org - Reformated the spec file to the openSUSE standard * Fri Dec 30 2011 aldemir.akpinar@airties.com - Added official settings_checkbox patch * Tue Dec 13 2011 joop.boonen@opensuse.org - Build version 0.8.7i * Tue Oct 4 2011 aldemir.akpinar@airties.com - Upgrade to version 0.8.7h * Fri Jun 10 2011 aldemir.akpinar@airties.com - added 'Provides' to make cactid installable * Sat Jul 10 2010 joop.boonen@opensuse.org - update to cacti-0.8.7g * Sat May 22 2010 joop.boonen@opensuse.org - update to cacti-0.8.7f * Wed Nov 11 2009 joop.boonen@opensuse.org - Added the missing cli directory * Mon Aug 31 2009 joop.boonen@opensuse.org - Minor change in the name of the patch file * Fri Aug 28 2009 puzel@novell.com - update to cacti-0.8.7e.tar.bz2 - bug#0001044: Creating a DS, Output field can't be selected for DT with a DIM when "Use Per-Data Source Value" is on - bug#0001341: SNMP query: add oid_suffix for weird SNMP queries - bug#0001345: Overwriting $snmp_index in query_snmp_host() breaks SNMP Data query if using get method - bug#0001346: Strip out noisy 'No Such Instance currently exists at this OID' - bug#0001404: timeout in "function ping_icmp" (lib/ping.php) - bug#0001405: Spaces in DS when .rrd file is created, so it fails - bug#0001407: Place graph thumbnail into div to lower page length changes on load graphs - bug#0001410: Thumbnail Columns is not honored for host display with snmp index group style - bug#0001411: Graph searching issue - bug#0001413: strip_quotes fails - bug#0001426: multiple form opening due to bug in draw_edit_form() - bug#0001436: CSV Export Start Date and End Date are always 1970-01-01 01:00:00 - bug#0001443: format_snmp_string can return a number with a leading space - bug#0001446: Wrong dates override in CSV export - bug#0001456: oid_uptime is not parsed correctly - bug#0001460: Skiping input parameters in data_query_field_list() may lead to SQL errors - bug#0001464: Typo in install/index.php - bug#0001467: Customisable oid index parse regexp for weird MIBs - bug#0001468: Tree is not expanded correctly - bug#0001469: Tree is not being expanded if user followed link outside of cacti - bug#0001476: Mark stacked columns in rrdtool_function_xport() output - bug#0001477: Spelling error in a variable in html_tree.php - bug#0001478: Combo boxes on Graph Management page produce URLs with leading spaces - bug: Top Graph Header Breaks When Plugins Used - bug: SNMP v3 Password issue caused by Firefox's Password AutoFill - bug: Strip Quotes does not properly handle the value 'U' - bug: Changes to the graph tree would not show up immediately for current user - bzip sources * Mon Jun 15 2009 prusnak@suse.cz - reverted BuildRequires from libdb-4_5-devel to db-devel * Fri May 22 2009 joop.boonen@opensuse.org - Working with prefix * Sat Apr 25 2009 joop_boonen@web.de - Updated BuildRequires to libdb-4_5-devel * Sat Feb 14 2009 joop_boonen@web.de - cleaned out the spec file - deleted file for the PA platform * Fri Feb 13 2009 joop_boonen@web.de - build version cacti-0.8.7d * Thu Feb 12 2009 joop_boonen@web.de - improving the spec file - added multi rpm distro build - Added the plug-in framework * Mon Feb 2 2009 joop_boonen@web.de - building version 0.8.7c * Mon Apr 14 2008 crrodriguez@suse.de - add official cacti patches - cleanup buildrequires * Tue Apr 8 2008 crrodriguez@suse.de - cacti does not really work without cron, but cron is not installed by default in the minimal system * Tue Feb 19 2008 prusnak@suse.cz - updated to 0.8.7b * security fixes: - Fix several security vulnerabilities * bug fixes: - Unnecessary (and faulty) DEF generation for CF:AVERAGE - Small visual fix for Cacti in "View Cacti Log File" - Graph xport modification to increase default rows output - Poller incorrectly identifies unique hosts - CLI Scripts bring MySQL down on large installations - Filtering broken on Data Sources page - Fix looping poller recache events - ss_fping.php 100%%%% "Pkt Loss" does not work properly - Graphs with no template and/or no host cause filtering errors on Graph Management page - View Poller Cache does not show Data Sources that have no host - Graph Generation fails if e.g. ifDescr contains some blanks - TCP/UDP ping port ignored - Downed Device Detection: None leads to database errors - update_host_status handles ping_availability incorrectly - "U" not allowed as min/max RRD value - Deleted user causes error on user log viewer - Re-assign duplicate radio button IDs - Add HTML title attributes for certain pages - ALL_DATA_SOURCES_NODUPS includes DUPs? SIMILAR_DATA_SOURCES_DUPS is available again - Cacti does not guarentee RRA consolidation functions exist in RRA's - Alert on changing logarithmic scaling removed - add_hosts.php did not accept privacy protocol * features added: - show basic RRDtool graph options on Graph Template edit - Add additional logging to Graph Xport - Add rows dropdown to devices, graphs and data sources - Add device_id and event count to devices - Add ids to devices, graphs and data sources pages - Add database repair utility * Tue Nov 20 2007 prusnak@suse.cz - updated to 0.8.7a * "Use Per-Data Source Value (Ignore this Value)" runs only when when checking "Allow Empty Input" * Add --autoscale-min (rrdtool 1.2.x only) and --autoscale-max (using upper AND lower limit) * Allow for --logarithmic scaling without autoscaling * Data sources in RRAs have random order, messing up predefined CDEFs * Graph Templates drop down populates with duplicates * Upgrade from 0.8.6j to 0.8.7 defaults to Authentication Method NONE * Graph template - GRINT creates CF function DEF * Invalid date format - "half hour" not the GNU Date format * SQL error when using 'Auth Method' None when no 'guest' user exists * Graph Filter dropdowns do not respect user graph permissions * Potential SQL injection vulnerability * RRDtool 1.2.15 complain for garbage characters when rrdtool_function_xport is used * cmd.php: potential call to invalid "availability_method" key on wrong hash * Log file viewer inefficient filtering uses excess memory * doc change for using COUNTERs as integers only * Fixed extra spaces in GPRINT. Better Alignment for Autopadding * doc change for patching cacti when running SELinux * Cron interval detection causes multiple pollers to run * Max OIDS is not saved in device view * Undefined variable: rra in graph.php on line 241 * Dates are not stored in host table using correct format * Graph Export Generates SQL Errors * Usernames with spaces and dashes are not able to save * Allow for --units=si on logarithmic scaled graphs (rrdtool-1.2.x only). * add opacity/alpha channel to graph items (rrdtool-1.2.x only). * Move to Top for List and Tree View. Omit boring scrolling * add availability pings to host interface * Tue Oct 30 2007 prusnak@suse.cz - update to 0.8.7 * changes are too numerous to list * see CHANGELOG - dropped obsolete patches: * graph-image.patch (included in update) * Wed Sep 19 2007 prusnak@suse.cz - fix CVE-2007-3112 and CVE-2007-3113 (graph-image.patch) [#326228] * Mon Jun 25 2007 dmueller@suse.de - fix last checkin * Thu Jun 21 2007 dmueller@suse.de - update buildrequires * Thu Feb 8 2007 prusnak@suse.cz - updated to 0.8.6j: * fixed CVE-2006-6799 * fixed hostname sorting on the devices page * fixed poller.php does not giving any output with MySQL disabled * added bottom navigation bar to graph viewing * added "collapsible" branches to the graph tree editor * added natural sort to graph items in the tree - dropped obsoleted patches: * cacti-0.8.6h-CVE-2006-6799.patch (included in update) - fixed spec file for #norootforbuild * Tue Jan 9 2007 prusnak@suse.cz - fixed CVE-2006-6799 [#231082] * Fri Mar 17 2006 stark@suse.de - fix path settings * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Wed Jan 18 2006 mrueckert@suse.de - dont require php4 directly use the php abstraction * Fri Jan 6 2006 stark@suse.de - update to 0.8.6h - fixed logrotate setting * Tue Jan 3 2006 stark@suse.de - update to 0.8.6g * Tue Oct 25 2005 stark@suse.de - added php4-session to required packages (#130282) * Sat Jul 2 2005 stark@suse.de - update to 0.8.6f * Sat Jun 18 2005 stark@suse.de - update to 0.8.6e final * Thu Jun 16 2005 stark@suse.de - update to 0.8.6e * Fri Jan 21 2005 stark@suse.de - update to 0.8.6c * Fri Nov 19 2004 stark@suse.de - update to 0.8.6b - added logrotate config * Mon Sep 20 2004 stark@suse.de - fix sql injection bug (#43908) * Mon Aug 30 2004 ro@suse.de - remove apache1 traces * Wed Apr 28 2004 stark@suse.de - update to 0.8.5a * Mon Feb 16 2004 stark@suse.de - update to 0.8.5 * Mon Dec 29 2003 stark@suse.de - initial SUSE package