--- cacti-0.8.7b.orig/debian/cacti.preinst +++ cacti-0.8.7b/debian/cacti.preinst @@ -0,0 +1,30 @@ +#!/bin/sh + +set -e + +# this is where rrd's used to go +oldrradir="/var/cache/cacti" +# this is where rrd's should go, according to policy +newrradir="/var/lib/cacti/rra" +# this used to be a symlink, and needs to be removed before unpacking +oldlink="/usr/share/cacti/site/scripts" +# and this is where it used to point +oldlinkdir="/usr/share/cacti/scripts" + +if [ "$1" = "install" -o "$1" = "upgrade" ]; then + # check for pre-existing rrd's in and move them to where they should be + if [ "`ls $oldrradir 2>/dev/null`" ]; then + mkdir -m 755 -p "$newrradir" || true + cp -pR ${oldrradir}/* ${newrradir}/ + rm -rf ${oldrradir} + chown -R www-data:www-data "$newrradir" + fi + if [ -L "$oldlink" ]; then + rm -f "$oldlink" + fi + if [ -d "$oldlinkdir" ]; then + rmdir "$oldlinkdir" || true + fi +fi + +#DEBHELPER# --- cacti-0.8.7b.orig/debian/install.excludes +++ cacti-0.8.7b/debian/install.excludes @@ -0,0 +1,9 @@ +cactid +cacti.sql +docs +LICENSE +log +README +rra +#adodb # we use the debian libphp-adodb package +lib/adodb --- cacti-0.8.7b.orig/debian/docs +++ cacti-0.8.7b/debian/docs @@ -0,0 +1,6 @@ +docs/README +docs/CONTRIB +docs/html/ +docs/text/ +cacti.sql +debian/cacti.apache.conf --- cacti-0.8.7b.orig/debian/cacti.prerm +++ cacti-0.8.7b/debian/cacti.prerm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule +# source dbconfig-common stuff +. /usr/share/dbconfig-common/dpkg/prerm.mysql +dbc_go cacti $@ + +#DEBHELPER# --- cacti-0.8.7b.orig/debian/cacti.logrotate +++ cacti-0.8.7b/debian/cacti.logrotate @@ -0,0 +1,10 @@ +/var/log/cacti/*.log { + weekly + missingok + rotate 52 + compress + notifempty + create 640 www-data www-data + sharedscripts +} + --- cacti-0.8.7b.orig/debian/rules +++ cacti-0.8.7b/debian/rules @@ -0,0 +1,84 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CFLAGS = -Wall -g + +TDIR:=debian/cacti +SHAREDIR:=${TDIR}/usr/share/cacti +SITEDIR:=${SHAREDIR}/site +RRADIR:=${TDIR}/var/lib/cacti/rra + +# include the patch/unpatch rules from quilt +include /usr/share/quilt/quilt.make + + +configure: configure-stamp +configure-stamp: $(QUILT_STAMPFN) + dh_testdir + touch configure-stamp + +build: build-stamp +build-stamp: patch configure-stamp + dh_testdir + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + dh_clean + debconf-updatepo + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + install -p *.php ${SITEDIR}/ + cp -pr scripts images include install lib ${SITEDIR}/ + cp -pr resource ${SHAREDIR}/ + # place the sql script where dbconfig-common wants it + cp cacti.sql ${TDIR}/usr/share/dbconfig-common/data/cacti/install/mysql + # normalize permissions in the site directory + find ${RRADIR} ${SITEDIR}/ -exec chown root:www-data {} \; + find ${SITEDIR}/ -type f -exec chmod 640 {} \; + find ${SITEDIR}/ -type d -exec chmod 750 {} \; + # and then fix the special case files + find ${SITEDIR}/scripts -type f -name '*.php' -exec chmod 640 {} \; + for f in cmd.php poller.php lib/ping.php; do \ + chmod ug+x ${SITEDIR}/$$f; \ + done + chmod 770 ${RRADIR} + # remove all adodb code at build time, as we get this from libphp-adodb + rm -rf ${SITEDIR}/lib/adodb + # plop in our lintian override file + cp debian/cacti.lintian-overrides ${TDIR}/usr/share/lintian/overrides/cacti + + +binary-arch: +# Build architecture-dependent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs docs/CHANGELOG + dh_installdocs + dh_installexamples + dh_installdebconf + dh_installlogrotate + dh_installcron + dh_installman + dh_usrlocal + dh_link + dh_strip + dh_compress + dh_fixperms -X/var/lib/cacti/rra + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep +.PHONY: build clean binary-arch binary-indep binary install configure patch unpatch --- cacti-0.8.7b.orig/debian/cacti.config +++ cacti-0.8.7b/debian/cacti.config @@ -0,0 +1,33 @@ +#!/bin/sh + +action=$1 +version=$2 + +## Source debconf library +. /usr/share/debconf/confmodule +# source dbconfig-common stuff +if [ -f /usr/share/dbconfig-common/dpkg/config.mysql ]; then + . /usr/share/dbconfig-common/dpkg/config.mysql + dbc_first_version="0.8.6g-3" + dbc_load_include="php:/etc/cacti/debian.php" + dbc_load_include_args="--dbname=database_default --dbpass=database_password --dbuser=database_username --dbserver=database_hostname" + dbc_go cacti $@ +fi + +# which web-server should I use? +db_input high cacti/webserver || true + +# +# print a warning, if we're upgrading from 0.6.x versions +# +if [ -n "$version" ]; then + dpkg --compare-versions "$version" lt "0.8.0-1" + if [ $? -eq 0 ]; then + db_input critical cacti/upgrade_warning || true + fi +fi + +db_go || true + +exit 0 + --- cacti-0.8.7b.orig/debian/README.Debian +++ cacti-0.8.7b/debian/README.Debian @@ -0,0 +1,198 @@ +cacti for Debian + +---------------- +originally written by Thorsten Sauter +Fri, 3 Sep 2004 11:25:28 +0200 + +last edited by sean finney +Fri, 06 Jan 2006 08:07:46 +0100 +---------------- + +* viewing graphs causing zombie mysql processes? + + If this happens, take a look at the solutions given in + http://bugs.debian.org/344519. + +* ERROR: Garbage ':33:09 To 2005/10/27 08:33:09\c' after command: + + If you get this, it's probably because you just upgraded rrdtool, + which changed its output format between versions and cacti is still + trying to parse it using the old versions' output. If you go into + your cacti settings, you will see an option to change the version + of rrdtool you have installed, which should solve your problem. + +* installation + + note that cacti now uses automatic configuration via dbconfig-common. + however, if you've chosen to go the manual route, the following + information may be helpful. + + using the username and password you provided in debconf (and stored + in the cacti config file /etc/cacti/debian.php), create a database + and load up the cacti skeleton. assuming you chose a database and + user both named 'cacti': + + mysql -u root -p -e "create database cacti" + mysql -u root -p -e "grant all privileges on cacti.* to cacti@localhost identified by 'yourpasswordhere'; flush privileges" + zcat /usr/share/doc/cacti/cacti.sql.gz | mysql -u cacti -p cacti + + next, go to http://$yourhost/cacti/, and follow the on-screen directions. + the default login is admin/admin. once automagical configuration is + brought back into cacti, this will probably change to something better. + +* Upgrading from recent versions of cacti (>= 0.8.x) + + There is a special directory install/ available, which contains some + basic php scripts to upgrade your current database to the new version + of cacti. + + Normally, this should happen automatically. If not, simply point your + browser to your cacti installation: + + http://$yourhost/cacti/install + + At some point the automatic upgrade feature will return, but not now. + +* Upgrading from old cacti versions (<= 0.6.x) + + The database structure has changed between version 0.6.x and 0.8.x. To make + cacti working again, you must create a new database, and import the cacti + database configuration. You can do this with the following commands. Please + replace "cacti" with your database name. Maybe you must also specify an + host name (-h host). + + # backup the old database + $ mysqldump -u root -p cacti | gzip -9 - >/tmp/cacti-old.gz + + # delete and create the database again + $ mysqladmin -u root -p drop cacti + $ mysqladmin -u root -p create cacti + + # import the database structure + $ zcat /usr/share/doc/cacti/cacti.sql.gz | mysql -u root -p cacti + + optionally, if you have lots and lots of data and it's critically important + to keep it, you can try the following, which i've had work on smaller test + installations: + + - downgrade to the previous 0.6.x version of cacti in woody. + - download version 0.6.8a from the old cacti repository: + http://www.cacti.net/downloads/archive/ + - extract the tarball in /usr/local/cacti, configure config.php. + - change your Alias to point /cacti/ at this directory + - go to http://$yourhost/cacti/install/ and do the 0.6.7->0.6.8a upgrade + - turn off cron (or at least the cronjob for cacti) + - back up your current database, load a copy into a database + called cacti-old. truncate the old database. + - repeat the described upgrade process to go from 0.6.8a to 0.8. + you'll be asked for an "old database" and a "new database". this + is where things will either work or not work. + - remove these two cacti directories in /usr/local + - install the latest version of cacti from sarge/sid + - point your apache config back where it should + - go to http://$yourhost/cacti/install/ and cacti should take you + the rest of the way to the current version. + - turn the cronjob back on + + note that i haven't tried this on a large scale, it takes quite a bit + of effort, and i can't guarantee it will work. sorry :/ + + i would like at some point to offer some automated (or at least cmdline) + programs to help automate this, but my first priority is to get the next + upstream release out the door. i've already done some work on this, if + you're interested in helping out, send me an email. + +* PHP command line scripts: + + If you install the php4-{cli,cgi} package _after_ the php4-mysql package, + there will be no entry for the mysql extension in this file. + To fix this, you can run the following command and select the cgi + interface also: + # dpkg-reconfigure php4-mysql + + You need to enable mysql support for apache, cli and/or cgi. Depending + on your configuration. + +* Apache2 support + + If you would like to use cacti with apache2 you need to install the php4 + package for apache2: libapache2-mod-php4. After this you need to enable + the mysql and snmp extension for php4. + + # cd /etc/php4/apache2/ + # grep -q mysql.so php.ini || echo "extension=mysql.so">>php.ini + # grep -q snmp.so php.ini || echo "extension=snmp.so">>php.ini + + (Please note the two ">>" signs) + +* PHP short tags problem in /etc/cacti/debian.php + + Previous versions of cacti create the debian.php file with short php + tags '/dev/null 2>/var/log/cacti/poller-error.log --- cacti-0.8.7b.orig/debian/dirs +++ cacti-0.8.7b/debian/dirs @@ -0,0 +1,10 @@ +etc/cacti +var/log/cacti +var/lib/cacti/rra +usr/share/cacti/site +usr/share/cacti/site/docs +usr/share/doc/cacti +usr/local/share/cacti/resource +usr/local/share/cacti/scripts +usr/share/lintian/overrides +usr/share/dbconfig-common/data/cacti/install --- cacti-0.8.7b.orig/debian/cacti.templates +++ cacti-0.8.7b/debian/cacti.templates @@ -0,0 +1,8 @@ +Template: cacti/webserver +Type: select +_Choices: Apache, Apache-SSL, Apache2, All, None +Default: Apache +_Description: Webserver type + Which kind of web server should be used by cacti? + . + Select "None" if you would like to configure your webserver by hand. --- cacti-0.8.7b.orig/debian/cacti.postrm +++ cacti-0.8.7b/debian/cacti.postrm @@ -0,0 +1,89 @@ +#!/bin/sh + + +# +# Skip, if we are not in "configure" state +# +if [ "$1" != "remove" ] && [ "$1" != "purge" ]; then + exit 0 +fi + +## Source debconf library +. /usr/share/debconf/confmodule +db_version 2.0 +# source dbconfig-common stuff +if [ -f /usr/share/dbconfig-common/dpkg/postrm.mysql ]; then + . /usr/share/dbconfig-common/dpkg/postrm.mysql + dbc_go cacti $@ +fi + + +# +# retieve various configuration options from debconf +# +db_get cacti/webserver +WWWTYPE="$RET" + +case "$WWWTYPE" in + "Apache") + webservers="apache" ;; + "Apache-SSL") + webservers="apache-ssl" ;; + "Apache2") + webservers="apache2" ;; + "All") + webservers="apache apache-ssl apache2" ;; + *) + webservers="" ;; +esac +includefile=/etc/cacti/apache.conf + +# +# remove or purge the whole package +# +case "$1" in +purge) + # cleanup some unsed directores + [ -d "/var/log/cacti" ] && rm -rf /var/log/cacti + [ -d "/var/cache/cacti" ] && rm -rf /var/cache/cacti + + # get rid of non conffiles generated in /etc + rm -f /etc/cacti/debian.php /etc/cacti/default-poller + + # get rid of ucf entries + if which ucf >/dev/null 2>&1; then + ucf --purge /etc/cacti/apache.conf + ucf --purge /etc/cacti/debian.php + fi + rm -f /etc/cacti/apache.conf + rm -f /etc/cacti/debian.php + + # remove apache config symlinks and restart apache + for server in $webservers; do + if [ -d "/etc/${server}/conf.d" ]; then + if [ -L "/etc/${server}/conf.d/cacti.conf" ]; then + rm "/etc/${server}/conf.d/cacti.conf" + fi + fi + invoke-rc.d $server reload || true + done + + ;; + +remove) + for server in $webservers; do + if [ -d "/etc/${server}/conf.d" ]; then + if [ -L "/etc/${server}/conf.d/cacti.conf" ]; then + rm "/etc/${server}/conf.d/cacti.conf" + fi + fi + invoke-rc.d $server reload || true + done + + ;; + +esac + +#DEBHELPER# +exit 0 + --- cacti-0.8.7b.orig/debian/cacti.apache.conf +++ cacti-0.8.7b/debian/cacti.apache.conf @@ -0,0 +1,23 @@ +Alias /cacti /usr/share/cacti/site + + + Options +FollowSymLinks + AllowOverride None + order allow,deny + allow from all + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag short_open_tag On + php_flag register_globals Off + php_flag register_argc_argv On + php_flag track_vars On + # this setting is necessary for some locales + php_value mbstring.func_overload 0 + php_value include_path . + + DirectoryIndex index.php + + + --- cacti-0.8.7b.orig/debian/copyright +++ cacti-0.8.7b/debian/copyright @@ -0,0 +1,67 @@ +This package was debianized by Igor Genibel on +Wed Apr 3 15:13:41 CEST 2002 + +It was downloaded from http://www.raxnet.net/products/cacti/ + +Author: Ian Berry. + += = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = + +Copyright (C) 2004-2007 The Cacti Group + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + += = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = + +This source package also includes an embedded copy of adodb, which is not +used in the resulting binary packages. adodb is dual licensed BSD-style/LGPL, +the former of which is included below: + +Copyright (c) 2000, 2001, 2002, 2003, 2004 John Lim +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +Neither the name of the John Lim nor the names of its contributors may +be used to endorse or promote products derived from this software +without specific prior written permission. + +DISCLAIMER: +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JOHN LIM OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +alternatively the contents of the LGPL v2.1 can be found in +/usr/share/common-licenses/LGPL-2.1 --- cacti-0.8.7b.orig/debian/compat +++ cacti-0.8.7b/debian/compat @@ -0,0 +1 @@ +4 --- cacti-0.8.7b.orig/debian/cacti.lintian-overrides +++ cacti-0.8.7b/debian/cacti.lintian-overrides @@ -0,0 +1,3 @@ +# the following directory has to be writable by www-data, and also +# may contain privileged/sensative data, hence root:www-data/0770. +cacti binary: non-standard-dir-perm var/lib/cacti/rra/ 0770 != 0755 --- cacti-0.8.7b.orig/debian/TODO +++ cacti-0.8.7b/debian/TODO @@ -0,0 +1,6 @@ +================================================== +sean's todo list +================================================== +- permissions and such in postinst should be in rules +- doc symlink the $site/docs -> /usr/share/doc/html +================================================== --- cacti-0.8.7b.orig/debian/cacti.postinst +++ cacti-0.8.7b/debian/cacti.postinst @@ -0,0 +1,70 @@ +#!/bin/sh + +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule +db_version 2.0 +# source dbconfig-common stuff +. /usr/share/dbconfig-common/dpkg/postinst.mysql +dbc_first_version="0.8.6g-3" +dbc_generate_include="php:/etc/cacti/debian.php" +dbc_generate_include_owner="root:www-data" +dbc_generate_include_perms="0640" +dbc_generate_include_args="--dbname=database_default --dbpass=database_password --dbuser=database_username --dbserver=database_hostname --dbport=database_port" +dbc_go cacti $@ + +# +# Skip, if we are not in "configure" state +# +if [ "$1" != "configure" ]; then + exit 0 +fi +version="$2" + +## Source debconf library + +# +# retieve various configuration options from debconf +# +db_get cacti/webserver +WWWTYPE="$RET" + +ucf /usr/share/doc/cacti/cacti.apache.conf /etc/cacti/apache.conf + +# done with debconf... +db_stop + +# Create common files (logfile) and grant permissions +touch /var/log/cacti/rrd.log /var/log/cacti/cacti.log +chmod 0640 /var/log/cacti/rrd.log /var/log/cacti/cacti.log +chown -R www-data.www-data /var/log/cacti/ + +# update the webserver, if needed +case "$WWWTYPE" in + "Apache") + webservers="apache" ;; + "Apache-SSL") + webservers="apache-ssl" ;; + "Apache2") + webservers="apache2" ;; + "All") + webservers="apache apache-ssl apache2" ;; + *) + webservers="" ;; +esac + +for server in $webservers; do + if [ -d "/etc/${server}/conf.d" ]; then + if [ ! -e "/etc/${server}/conf.d/cacti.conf" ] ; then + ln -s ../../cacti/apache.conf "/etc/${server}/conf.d/cacti.conf" + fi + invoke-rc.d $server reload || true + fi +done + +# remove old unused config file +rm -f /etc/cacti/config.php + +#DEBHELPER# +exit 0 --- cacti-0.8.7b.orig/debian/control +++ cacti-0.8.7b/debian/control @@ -0,0 +1,25 @@ +Source: cacti +Section: web +Priority: extra +Maintainer: Sean Finney +Build-Depends: debhelper (>= 4.2.8), po-debconf, quilt +Vcs-Browser: http://git.debian.org/?p=users/seanius/cacti.git +Vcs-Git: git://git.debian.org/git/users/seanius/cacti.git +Standards-Version: 3.7.3 + +Package: cacti +Architecture: all +Depends: apache2 | apache | apache-ssl | apache-perl | httpd, libapache2-mod-php4 | php4 | libapache2-mod-php5 | php5, php4-mysql (>= 4.3.10-9) | php5-mysql, php4-cli | php5-cli, php4-snmp | php5-snmp, virtual-mysql-client, rrdtool, snmp, logrotate, libphp-adodb (>= 4.50-1), ucf, dbconfig-common (>= 1.8.8), ${misc:Depends} +Recommends: mysql-server, iputils-ping +Description: Frontend to rrdtool for monitoring systems and services + Cacti is a complete frontend to rrdtool, it stores all of the necessary + information to create graphs and populates them with data in a MySQL + database. The frontend is completely PHP driven. Along with being able + to maintain Graphs, Data Sources, and Round Robin Archives in a + database, cacti handles the data gathering also. There is also SNMP + support for those used to creating traffic graphs with MRTG. + . + This package requires a functional MySQL database server on either the + installation host or remotely accessible system. If you do not already + have a database server available, you should also install mysql-server. + --- cacti-0.8.7b.orig/debian/changelog +++ cacti-0.8.7b/debian/changelog @@ -0,0 +1,917 @@ +cacti (0.8.7b-2.1+lenny5) oldstable; urgency=low + + * lib/snmp.php: Add $max_oids parameter to snmp_walk + Closes: #656613 + + -- Luk Claes Sat, 21 Jan 2012 23:41:35 +0100 + +cacti (0.8.7b-2.1+lenny4) lenny-security; urgency=high + + [ Paul Gevers ] + * Patch for CVE-2010-1644: XSS issues in host.php and data_sources.php + Closes: #624516 + * Patch for CVE-2010-1645: which allows execution of arbitrary commands + by admins + * Patch for CVE-2010-2543: XSS issues in include/top_graph_header.php + * Patch for CVE-2010-2545: XSS issues in multiple files + + [ Mahyuddin Susanto ] + * [SECURITY] Fixes SQL injection vulnerability in auth_login.php that allows + remote attackers to execute arbitrary SQL commands via the login_username + parameter. (Closes: #652371) + - debian/patches/CVE-2011-4824.patch + - CVE-2011-4824 + + -- Mahyuddin Susanto Mon, 09 Jan 2012 02:30:39 +0700 + +cacti (0.8.7b-2.1+lenny3) stable-security; urgency=low + + * Patch for CVE-2010-2092/MOPS-2010-023: SQL Injection Vulnerability + Closes: #582691. Thanks: Nico Golde. + * ack previous NMU's, thanks to all involved. + + -- Sean Finney Fri, 11 Jun 2010 01:03:59 +0200 + +cacti (0.8.7b-2.1+lenny2) stable-security; urgency=high + + * Non-maintainer upload by the security team + * Fix SQL injection in template_export with upstream patch + (BONSAI-2010-0104, closes: #578909) + + -- Thijs Kinkhorst Fri, 23 Apr 2010 15:25:57 +0200 + +cacti (0.8.7b-2.1+lenny1) stable-security; urgency=high + + * Non-maintainer upload by the securiy team + * Fix several cross-site scriptings via different vectors + Fixes: CVE-2009-4032 + + -- Steffen Joeris Wed, 16 Dec 2009 11:33:16 +0100 + +cacti (0.8.7b-2.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Basque. Closes: #479538 + - Turkish. Closes: #491497 + - Finnish. Closes: #492395 + - Russian. Closes: #492550 + - Galician. Closes: #493306 + - Japanese. Closes: #493346 + * [Lintian] Properly spell MySQL in package description + * [Lintian] Wrap the debian/copyright file to 80 characters + + -- Christian Perrier Fri, 18 Jul 2008 19:28:34 +0200 + +cacti (0.8.7b-2) unstable; urgency=low + + * ack previous NMU, thanks Andreas. + * cacti packaging now in public git repository, updated Vcs-foo headers + in debian/control appropriately. + * update Standards-Version to 3.7.3. + * New upstream "official" patch: official_invalid-upgrade-path.patch + * New upstream "official" patch: official_snmp_auth_none_notice.patch + + -- Sean Finney Sat, 22 Mar 2008 23:58:08 +0100 + +cacti (0.8.7b-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Move ucf call in cacti.postinst above db_stop to fix freeze during + installation. (Closes: #470066) + + -- Andreas Henriksson Mon, 17 Mar 2008 12:52:17 +0100 + +cacti (0.8.7b-1) unstable; urgency=high + + * New upstream release. Fixes multiple security vulnerabilities (no + CVE references yet). Closes: #465567. Thanks to Alessandro Ogier for + the suggestion about the overzealous PHP_SELF checking. + + -- Sean Finney Wed, 13 Feb 2008 23:30:31 +0100 + +cacti (0.8.7a-2) unstable; urgency=high + + * Update errors in copyright information (closes: #457366). + + -- Sean Finney Sun, 30 Dec 2007 22:56:17 +0100 + +cacti (0.8.7a-1) unstable; urgency=high + + * New upstream release, including fixes for bugs and security issues. + Includes fix for CVE-2007-6035 (sql injection vulnerability) + Closes: #452085. + + -- Sean Finney Tue, 20 Nov 2007 18:20:13 +0100 + +cacti (0.8.7-1) unstable; urgency=low + + * New upstream release. + * updated 06_config_settings.php_cactid_path.patch with an extra fix + for the cacti logfile path. + + -- sean finney Wed, 24 Oct 2007 20:15:19 +0200 + +cacti (0.8.7~beta4-1~pre) experimental; urgency=low + + * New upstream (beta) release + * Removed "official" patches incorporated into upstream version: + - 07_official_graph_debug_lockup_fix.patch + - 07_official_ping_php_version4_snmpgetnext.patch + - 07_official_thumbnail_graphs_not_working.patch + - 07_official_tree_console_missing_hosts.patch + * updated 06_config_settings.php_cactid_path.patch to use FHS compatible + locations as default values, removing the need for shipping + compatibility symlinks (closes: #366662). + * updated list of upstream docs and changelog location. + * Package now uses quilt instead of dpatch for add-on patch managment. + + -- sean finney Tue, 09 Oct 2007 19:39:49 +0200 + +cacti (0.8.6j-1) unstable; urgency=low + + * New upstream release. Any further etch-targeted changes will be + handled in a seperate branch. + * The following patches are now obsolete: + - 07_official_poller_output_remainder.dpatch + - 07_official_import_template_argument_space_removal.dpatch + - 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch + - 07_official_dec06-vulnerability-poller-0.8.6i.dpatch + - 08_svn_timespan_breakage_fix.dpatch + * The following new "official" patches are added: + - 07_official_graph_debug_lockup_fix.dpatch + - 07_official_ping_php_version4_snmpgetnext.dpatch + - 07_official_thumbnail_graphs_not_working.dpatch + - 07_official_tree_console_missing_hosts.dpatch + + -- sean finney Tue, 06 Mar 2007 19:00:03 +0100 + +cacti (0.8.6i-4) unstable; urgency=medium + + * don't unconditionally source the dbconfig-common helper script + in the cacti config script, which would at least require a + pre-depends, but ultimately isn't necessary (closes: #408550). + + -- sean finney Fri, 26 Jan 2007 23:25:11 +0100 + +cacti (0.8.6i-3) unstable; urgency=high + + * include the list of official patches from upstream which (among other + things) resolves multiple vulnerabilities in the poller and default + scripts (Closes: 404818). thanks to Alex de Oliveira Silva for reporting + this, and Neil McGovern for a bit of consultation. + * security references: + - SA23528, CVE-2006-6799 + * also include one extra changeset from svn which fixes a regression + introduced in the security patch. + * new patches: + - 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch + - 07_official_dec06-vulnerability-poller-0.8.6i.dpatch + - 07_official_poller_output_remainder.dpatch + - 07_official_import_template_argument_space_removal.dpatch + - 08_svn_timespan_breakage_fix.dpatch + + -- sean finney Mon, 15 Jan 2007 15:36:25 +0100 + +cacti (0.8.6i-2) unstable; urgency=low + + * let cacti know where the cactid binary is, since it doesn't + seem to have a reasonable default an longer. + + -- sean finney Mon, 30 Oct 2006 23:18:55 +0100 + +cacti (0.8.6i-1) unstable; urgency=low + + * new upstream release + * no longer need the following patches: + - 06_official-fix_search_session_clear_issue.dpatch + - 07_official-fix_sql_syntax_related_to_default_rra_id.dpatch + - 08_official-mysql_5x_strict.dpatch + - 09_official-nth_percentile_empty_return_set_issue.dpatch + - 10_official-database_autoincrement_corruption.patch.dpatch + + + -- sean finney Sat, 28 Oct 2006 15:05:46 +0200 + +cacti (0.8.6h-6) unstable; urgency=low + + * fix up debian/rules targets to comply with policy (closes: #395584). + * change build-depends-indep to build-depends for targets needed + in the clean rule. + * update standards-version to 3.7.2 + + -- sean finney Fri, 22 Sep 2006 21:39:12 +0200 + +cacti (0.8.6h-5) unstable; urgency=low + + * fix for braindead bug in postrm script introduced by yours + truly. fixed a bashism in there while i was at it (closes: #387540). + thanks to Olivier Berger for finding this. + * fix for non-essential dependencies (dbconfig-common) in the config + script (closes: #388214). + * updated portuguese brazillian templates, thanks to Andre Luis Lopes + for providing them (closes: #374020). + + -- sean finney Fri, 22 Sep 2006 21:04:19 +0200 + +cacti (0.8.6h-4) unstable; urgency=low + + * updated dependencies to allow any httpd-providing daemon to + satisfy the requirements for cacti. that doesn't necessarily + mean any httpd will work, but i've heard from at least one + report that others do, and i'd like to make it easier for + others to test. closes: #373886. + * updated postrm to handle cases where it's being purged without + its dependencies present. + + -- sean finney Tue, 29 Aug 2006 09:35:34 +0200 + +cacti (0.8.6h-3) unstable; urgency=low + + * official patch from upstream to fix database corruption and display some + users were having as a result of the differing version of adodb + in debian vs. the bundled version in cacti. thanks to the upstream + authors for their help addressing the issue, and to Rene Cunningham + for testing out the initial version of the patch. + (closes: #364391, #351342) + * added note to README.Debian about potential unmet dependencies in + mixed php4/php5 environments (thanks to Uwe Storbeck), and also + about checking the cli configuration for the required modules (thanks + to Troy Poppe), and also about potential problems with the cli + poller and safe_mode (thanks to Birger Brunswiek) (closes: #359964). + * update package description to mention that it's likely that mysql-server + should also be installed unless cacti is to be configured against a + remote database system (closes: #349754). + * added a note to README.Debian about the initial user/pass, at the + suggestion of Jonas Genannt, thanks. (closes: #352724). + * changed package dependencies to list apache2 as the first of the + series of apache-providing packages, and likewise reordered the + php/apache modules (closes: #356843). + * updated version of 08_official-mysql_5x_strict.dpatch which fixes + the breakage in ldap authentication reported by Matt Clauson, thanks. + (closes: #354663) + + -- sean finney Tue, 25 Apr 2006 19:30:50 +0200 + +cacti (0.8.6h-2) unstable; urgency=low + + * incorporated the following official upstream patches: + - 06_official-fix_search_session_clear_issue.dpatch + - 07_official-fix_sql_syntax_related_to_default_rra_id.dpatch + - 08_official-mysql_5x_strict.dpatch + - 09_official-nth_percentile_empty_return_set_issue.dpatch + * updated german debconf translation, thanks to + Mathias Klein (closes: #345786). + * typographical corrections to package description, thanks to + Jens Siedel (closes: #346007). + + -- sean finney Mon, 16 Jan 2006 16:02:44 +0100 + +cacti (0.8.6h-1) unstable; urgency=low + + * new upstream release. + * upstream now officially supports mysql-5.0 (closes: #336531). + * updated README.Debian with some information about zombie mysql + processes that some users have been experiencing when viewing + graphs (closes: #344519). + * updated 01_config.php.dpatch and 05_no-adodb.dpatch to apply to new + upstream version. + * removed "official" patches which are now incorporated into the + new upstream release: + - 06_official-short_open_tag_parse_error.dpatch + - 07_official-graph_properties_zoom.dpatch + - 08_official-script_server_snmp_auth.dpatch + - 09_official-mib_file_loading.dpatch + * added a db_stop to the postinst to help prevent hangs when + restarting apache2. + + -- sean finney Fri, 06 Jan 2006 08:24:29 +0100 + +cacti (0.8.6g-3) unstable; urgency=low + + * cacti now uses dbconfig-common, and thus once again ships with + automagical database support. + * Portuguese translation for cacti's debconf messages by LuíFerreira + (closes: #336836). + * new Swedish translations from Daniel Nylander (closes: #338668). + + -- sean finney Thu, 01 Dec 2005 14:59:40 +0100 + +cacti (0.8.6g-2) unstable; urgency=low + + * updated dependencies to allow working with the php5 family of packages. + * new spanish debconf translations from César Gómez Martín and the + debian-l10n-spanish mailing list (closes: #334384). + * added a note to README.Debian about possible breakage if rrdtool + is upgraded without changing cacti settings (closes: #335737). + + -- sean finney Sat, 29 Oct 2005 12:58:39 +0200 + +cacti (0.8.6g-1) unstable; urgency=low + + * new upstream release. + * upstream has re-implemented the limited snmpv3 support that previously + existed but was later removed (closes: #301165). + * removed patches that are now incorporated upstream: + - 03_dos2unix_on_scripts + - 06_cmd-snmp-data-sanity-fixes + - 07_snmp_alternate_port + * added the current list of upstream patches: + - 06_official-short_open_tag_parse_error + - 07_official-graph_properties_zoom + - 08_official-script_server_snmp_auth + - 09_official-mib_file_loading + + -- sean finney Sat, 24 Sep 2005 10:10:15 -0400 + +cacti (0.8.6f-5) unstable; urgency=low + + * fix cacti to explicitly depend on versions of libphp-adodb starting + at the version which silently changed the path. thanks to + Mark Sheppard and Javier Fernández-Sanguino Peña for independantly + pointing this out (closes: #322707, #325376). + * fix cacti to depend on "virtual-mysql-client" virtual package, to + allow cacti to co-exist with the new mysql-5.0 series of packages. + thanks to Miah Gregory for pointing this out (closes: #326011). + + -- sean finney Fri, 02 Sep 2005 05:55:46 -0400 + +cacti (0.8.6f-4) unstable; urgency=low + + * cacti now properly depends on debconf. + + -- sean finney Mon, 08 Aug 2005 13:23:24 -0400 + +cacti (0.8.6f-3) unstable; urgency=low + + * fix to allow xml based check templates to work for hosts running + snmp on an alternate port. thanks to Justin Hallet for the + patch (closes: #317689). + * for posterity, the security fixes included in 0.8.6e-1 addressed + the following CVE id's: + - CAN-2005-1524 (idefense remote file inclusion) + - CAN-2005-1525 (idefense SQL injection) + - CAN-2005-1526 (idefense remote code execution) + * updated include path for adodb configuration (closes #320782), thanks + to loïc lefort for reporting this. + + -- sean finney Mon, 01 Aug 2005 13:33:05 -0400 + +cacti (0.8.6f-2) unstable; urgency=high + + * new version of the upstream 'sanity checking' patches introduced + in 0.8.6e-2 (closes: #317253). + * the updated Czech debconf translation from Martin Sín somehow + got mixed up with the debconf translation for mysql. fixed. + (closes: #317137). + * for posterity, the security updates included in the previous + update have the following CAN numbers assigned to them: + - CAN-2005-2148 (hardened-php advisories 032005 and 042005) + - CAN-2005-2149 (hardened-php advisory 052005) + * even though it's been like 5 days, and the previous version's urgency + was set to high, it has not entered testing, so urgency will remain + at this level. + + -- sean finney Thu, 07 Jul 2005 08:05:17 -0400 + +cacti (0.8.6f-1) unstable; urgency=high + + * new upstream release. + * this new version addresses the following security issues reported by the + php-hardened project: + - 032005: Cacti Multiple SQL Injection Vulnerabilities + - 042005: Cacti Remote Command Execution Vulnerability + - 052005: Cacti Authentication/Addslashes Bypass Vulnerability + + -- sean finney Sat, 02 Jul 2005 01:11:18 -0400 + +cacti (0.8.6e-2) UNRELEASED; urgency=high + + * updated standards version to 3.6.2 + * patch for sanity checking of some of the cached database information, + which sometimes causes cmd.php based poller checks to hang and + eventually fail. + + -- sean finney Tue, 28 Jun 2005 00:54:57 -0400 + +cacti (0.8.6e-1) unstable; urgency=high + + * new upstream release. + * this release contains fixes for the arbitrary sql injection and input + validation vulnerabilities discovered in 0.8.6d. + * new Vietnamese debian translations from Clytie Siddall (closes: #313190). + * removed obsolete (and poorly written) debconf templates. thanks + to Clytie Siddall for pointing these out (closes: #313191). + * updated Czech debconf translation from Martin Sín (closes: #314620). + * lintian fixes: + - include debhelper macro in preinst + - changelog converted to UTF-8 format. + - overrides file introduced, to ignore permissions on rra dir. + + -- sean finney Mon, 20 Jun 2005 22:30:05 -0400 + +cacti (0.8.6d-1) unstable; urgency=low + + * new upstream release. + * removed "official patches" patch, as they are now included in this version. + * the adodb code is now removed from the build tree instead of being patched + out of the source, which makes things a bit cleaner in the long run. + * document how to login after installation. thanks to Jari Aalto for + mentioning this omission (closes: #309619). + * initial czech translation for cacti, thanks to Martin Sin (closes: #311095). + * have the cronjob output stderr to a logfile instead of stdout. thanks + to Daniel van Eeden for helping find the best solution to this + (closes: #309425). + + -- sean finney Sat, 28 May 2005 19:42:30 -0400 + +cacti (0.8.6c-8) unstable; urgency=low + + * import of upstream patches was b0rken. should be fixed up in this + release. + * removed the adodb code, as we're allready depending on libphp-adodb, + and should have been using that instead this whole time. i also + updated the include statement in config.php to include adodb from + its new location. + * only change ownership/permissions of debian.php the first time it is + created (which should prevent local ownership/permission changes + later on from being silently overwritten) + * don't mask errors when you can't include debian.php + * don't throw away stderr from cacti's cron.d file, and change MAILTO + to send mail to root (otherwise it'd go to www-data). thanks for + this and the preceding two fixes go to Mark Sheppard + (closes: #309194). + + -- sean finney Wed, 11 May 2005 17:54:51 -0400 + +cacti (0.8.6c-7) unstable; urgency=low + + * brought in the rest of the patches from the upstream authors. + this should fix the problem with graphing negative numbers, as + reported by Kelly Brown (closes: #305561). + * updated dependency on php4-mysql to be versioned, to make dependencies + work better for woody users. thanks to Vittorio R Tracy + for mentioning this (closes: #302563). + + -- sean finney Wed, 06 Apr 2005 20:03:27 -0400 + +cacti (0.8.6c-6) unstable; urgency=low + + * updated french debconf translations, thanks for this to + Christian Perrier (closes: #299895). + * updated portuguese brazillian templates, thanks to + Tiago Bortoletto Vaz (closes: #301499). + * include upstream patch to fix tree browsing when authentication + is turned off. thanks to Hannu Teulahti (closes: #300843). + * strip ^M's from the scripts, as it can mess up execution according + to Fred Blaise , thanks (closes: #300845). + * debian.php is now managed via ucf. + * generate_config is now always called in the postinst, so calling + dpkg-reconfigure should regenerate the contents of the config + file. thanks to Mickael Marchand (closes: #300876). + * correction in README.Debian, thanks to Miah Gregory + and all the other people who emailed me about this. (closes: #299834). + * no longer depend on wwwconfig-common, only support the conf.d style + of apache configuration. this should as a side effect resolve the bug + reported by Tiago Bortoletto Vaz (closes: #289156). + + -- sean finney Tue, 29 Mar 2005 22:00:28 -0500 + +cacti (0.8.6c-5) unstable; urgency=high + + * oops, let's not rm -rf the old scripts directory in the preinst, + instead try to remove the directory or fail gracefully if there + are still things in there. thanks and an apology are due to + Gérald GARCIA (closes: #300449). this is a grave + severity bug, so urgency set to high. + * README.Debian updated to mention where custom user scripts should + go, so that they can stay out of my reach :) + + -- sean finney Mon, 21 Mar 2005 06:12:21 -0500 + +cacti (0.8.6c-4) unstable; urgency=high + + * turns out removing the symlink wasn't as easy, need to do a couple + extra things in the preinst otherwise dpkg will keep and follow + the symlink according to debian policy. + * minor fixes in the templates. + + -- sean finney Sun, 06 Mar 2005 12:21:01 -0500 + +cacti (0.8.6c-3) unstable; urgency=high + + * José de Paula Eufrásio Júnior found + that there's some voodoo with ereg that doesn't work in some + locales unless mbstring.func_overload is set to 0. this + prevents cacti from installing, which gave the bug a grave + severity, thus again the high urgency. sigh. thanks, josé + (closes: #298102). + * the script dir can't be a symlink after all, because it + breaks php scripts. thanks to Bernardo Achirica + for finding this out (closes: #298032). + + -- sean finney Fri, 04 Mar 2005 23:24:17 -0500 + +cacti (0.8.6c-2) unstable; urgency=high + + * removed unneccesary poller debconf cruft. + * otherwise the same as -1, but to unstable and urgency set to high + as foretold in the previous changelog entry (closes rc bug). + + -- sean finney Thu, 03 Mar 2005 14:21:01 -0500 + +cacti (0.8.6c-1) experimental; urgency=low + + * new upstream release (closes: #271661). + * the cacti source package no longer produces cacti-cactid, which is + provided by a seperate upstream tarball. + * cacti site stuff now in /usr/share/cacti/site, which frees + up /usr/share for non-site related stuff. + * automagical install/upgrades of the mysql database are disabled + for the time being. see README.Debian for the rationale. + * start to bring in ucf for managing config files. + * no longer have a need for /etc/cacti/default-poller, as this is + now handled completely inside the application (closes: #292365). + * rrd files are now stored in /var/lib/cacti/rra, as they can + not be reconstituted from scratch. this closes an rc bug, so priority + on this package will be set to high when it goes into unstable, which + will be the next upload (closes: #297470). + * documentation provided for what you need to do if you're upgrading + from a 0.6.x version of cacti. i can't guarantee that it will + work, but it did for me, and this is probably the best you're + going to get (closes: #226404). + * various README.Debian updates. + * cacti online documentation now made online to symlinking to where + it already exists in /usr/share/doc. + + -- sean finney Fri, 25 Feb 2005 19:26:57 -0500 + +cacti (0.8.5a-9) unstable; urgency=low + + * new maintainer has adopted the package (closes: #292770) + * fixed dependencies against mysql-client, so cacti now depends + mysql client or mysql-client-4.1 (i'm hesitant to use + virtual-mysql-client since i think mysql-client < 3.23 might + not work). thanks to Robert Loomans , + Olaf van der Spek , and the mysql maintainer + Christian Hammers for pointing this out. + (closes: #293750, #285002). + * no longer use delaycompress in the logrotate script, since + there's not much use to leaving it uncompressed by default + and it's a lot of data. thanks, Gustavo Franco + (closes: #275045). + + -- sean finney Sat, 19 Feb 2005 19:37:54 -0500 + +cacti (0.8.5a-8) unstable; urgency=high + + * Update pt_BR, nl debconf translations. (Closes: #270277, #270787) + + -- Thorsten Sauter Sat, 11 Sep 2004 00:18:12 +0200 + +cacti (0.8.5a-7) unstable; urgency=low + + * Update french translation. (Closes: #268801) + * Checking for short tags in cacti/debian.php and fix them if needed. (Closes: #269480) + * debian/README.Debian: add a new section about php short tags + + -- Thorsten Sauter Thu, 2 Sep 2004 23:27:27 +0200 + +cacti (0.8.5a-6) unstable; urgency=high + + * Don't know why it was last: change priority from extra to optional + * debian/README.Debian: spell checking, add docu for php4-cli + * ship a new script which check for php4-mysql support and print a + error message to the poller logfile. With the modification of the + readme file I think the bug can be closed. (Closes: #267009) + + -- Thorsten Sauter Thu, 26 Aug 2004 22:52:38 +0200 + +cacti (0.8.5a-5) unstable; urgency=high + + * debian/control: change priority from extra to optional + * replace Brazilian Portuguese translation. (Closes: #264090) + * debian/cacti.templates: Add new choice "None" to the webserver question. + This gives the user a chance to use his own webserver. (Closes: #255971) + * If we search for a local installed mysql-server check for packages + which are installed or on hold. (Closes: #263262) + * Fix some errors while removing include line from httpd.conf file. Also, + print an error message if this doesn't work. New installations should + use apache/conf.d anyway. (Closes: #253202) + * SECURITY-UPDATE: Fix SQL Injection in CACTI. (Closes: #267758) + Original upstream patch: + http://cvs.raxnet.net/cgi-bin/viewcvs.cgi/cacti/auth_login.php.diff?r1=1.48&r2=1.49 + Full-Disclosure: + http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0717.html + * cacti.apache.conf: Change some php4 settings to make cacti more robust/secure. + * /etc/cacti/debian.php: create long php4 tags ' Wed, 23 Jun 2004 08:46:37 +0200 + +cacti (0.8.5a-4) unstable; urgency=low + + * Change package priority to extra. + * Change cronjob. The output of the poller job is now appended to the + logfile + * Update french debconf translation: fr.po. (Closes: #253585) + * Add debconf translation: pt_BR.po. Don't know, which language + this is :-) (Closes: #252021, #252017) + * Backport cacti cvs fix (#0000176) into debian version. This will fix + compatiblity problem with the output of the df command and long device + names. (Closes: #254856) + + -- Thorsten Sauter Tue, 22 Jun 2004 23:26:17 +0200 + +cacti (0.8.5a-3) unstable; urgency=low + + * Fix type in package description. (Closes: #249590) + * Update dutch debconf translation. (Closes: #250652) + + -- Thorsten Sauter Wed, 26 May 2004 11:49:27 +0200 + +cacti (0.8.5a-2) unstable; urgency=low + + * Fix error in the cron script + - poll.sh isn't in the default path, we need ./poll.sh here + - make sure the cacti directory exists, otherwise we will get + a lot of error messages from cron. (Closes: #246982) + * Depend also on apache2. Still depend on php4-cgi, we need both + packages: php4 and php4-cgi. (Closes: #227295) + * Make the package apache2 "safe". Depend on php4 or libapache2-mod-php4 + * Include apache2 howto into debian/README.Debian. + * Update templates, maintainer scripts to install config files for apache2 + too. Update german translation + * cactid: remove upstream installation docu + + -- Thorsten Sauter Mon, 17 May 2004 11:12:05 +0200 + +cacti (0.8.5a-1) unstable; urgency=low + + * New upstream version. + * Include new dutch debconf translation: nl.po. (Closes: #245916) + * Insert new dependency on php4-snmp which removes a lot of extra cpu usage. + Thanks Rafael D'Halleweyn. (Closes: #228948) + * Update debconf template and german/french translations. + Thanks Christian Perrier. (Closes: #225890) + * Including the new multi-threading poller (cactid). This binary can collect + multiple datasources at the same time. (Closes: #186013, #237055) + The program is not in the core release and not marked as stable, that's + why I include it in an extra debian package. + * The MySQL admin password is now removed from debconf database, if the user + decide to not store it. (Closes: #224214) + * The new poll.sh script report the output from the poller into a logfile. + Maybe not the best solution, but so we don't loose any output. (Closes: #234726) + * The new package containts the install/ directory also. This is useful, + if we're not upgrading from 0.8.4 but from an other version. (Closes: #227737) + * Insert an upgrade path from 0.8.4 and 0.8.5, this is done via sql scripts + in updscripts/ + * A new poll.sh script is used for cronjobs. This script use either cacti + or the new cactid poller (depends on the default-poller file). + * During upgrade the databases are dumped/backuped. + * Update build system. Change to cdbs system. + * Update README.Debian file. + * Update Build-Depends/Depends + + -- Thorsten Sauter Mon, 26 Apr 2004 10:48:58 +0200 + +cacti (0.8.4-2) unstable; urgency=low + + * Print a warning message, if cacti is upgraded from an old version + * extend debian/README.Debian with upgrade database instructions + + -- Thorsten Sauter Tue, 30 Dec 2003 13:44:55 +0100 + +cacti (0.8.4-1) unstable; urgency=low + + * New maintainer. (Closes: #196199) + * New upstream version. (Closes: #198777) + * debian/changelog: + - convert to UTF-8 + * debian/control: + - update standards version + - update build dependencies + - insert new logrotate dependency + - depend on libphp-adodb, which is also in the archive + - add apache-perl to apache dependency list. (Closes: #204290) + * debian/rules: rewrite the way to install the files into the package + * debian/cacti.cron.d: + - make the script a little bit more robust. (Closes: #211249) + * debian/README.Debian: + - replace most parts of the text. + * debian/cacti.apache.conf: + - reformat the file a little bit + - remove unused phtml extension + * debian/cacti.logrotate: + - reformat the file + + -- Thorsten Sauter Tue, 2 Dec 2003 11:24:49 +0100 + +cacti (0.6.8a-13.1) unstable; urgency=low + + * NMU + * Rewrote debconf templates to more standard english with the help of + debian-l10n-english. Former templates have been left for future reference + Closes: #189401 + * French debconf templates update. Closes: #197119 + * More secure temp file handling in postrm. Thanks lintian. + + -- Christian Perrier Mon, 16 Jun 2003 22:54:11 +0200 + +cacti (0.6.8a-13) unstable; urgency=low + + * Orphan this package + + -- Igor Genibel Thu, 5 Jun 2003 11:58:50 +0200 + +cacti (0.6.8a-12) unstable; urgency=low + + * Missed to close bug #183287 (Closes: #183287) + + -- Igor Genibel Wed, 19 Mar 2003 09:32:25 +0100 + +cacti (0.6.8a-11) unstable; urgency=low + + * remove quote in cron.php in order to be run in safe_mode + and /var/log/httpd/access_log -> /var/log/apache/access_log in + scripts/webhits (Closes: #177791) + * fix non installation when no mysql server is present when localhost + installation (Closes: #183288, #184324) + * fix non removal when no mysql server found (in localhost installation) + (Closes: #183288) + * fix loop when upgrading and mysql-server != localhost (Closes: #179561) + * use po-debconf + + -- Igor Genibel Mon, 17 Mar 2003 15:00:55 +0100 + +cacti (0.6.8a-10) unstable; urgency=low + + * Fix various packaging mistakes + - Mention that mysql is not installed on local systems (complement to the + #172414) + - Provide a good cacti.sql (Closes: #166296) + - config.php is only store in /etc/cacti (Closes: #172410) + - Provide somes explanations for scripts provided in the package + (see the README.Debian file) (Closes: #167814) + * Standards-Version: 3.5.8 + + -- Igor Genibel Sun, 5 Jan 2003 21:15:49 +0100 + +cacti (0.6.8a-9) unstable; urgency=low + + * Fix extra OID in parameter. Thanks to Roberto Moreda + (Closes: #162873) + + -- Igor Genibel Mon, 30 Sep 2002 16:51:36 +0200 + +cacti (0.6.8a-8) unstable; urgency=low + + * Fix typo in postinst file (Closes: #162574) + + -- Igor Genibel Fri, 27 Sep 2002 12:20:28 +0200 + +cacti (0.6.8a-7) unstable; urgency=low + + * fix broken regexp in include/snmp_functions.php + * force the use of external snmp functions + + -- Igor Genibel Thu, 26 Sep 2002 17:39:03 +0200 + +cacti (0.6.8a-6) unstable; urgency=low + + * apply a patch provided by Blaine Kahle in order to + cleanly use net-snmp5 + + -- Igor Genibel Thu, 26 Sep 2002 16:50:24 +0200 + +cacti (0.6.8a-5) unstable; urgency=low + + * re-add lost patch provided by Adam Conrad in order to bypass the php4-cgi + installation bug (related bugs: #147385, #147261, #129883 and #145465) + (Closes: #154822) + + -- Igor Genibel Thu, 26 Sep 2002 16:10:05 +0200 + +cacti (0.6.8a-4) unstable; urgency=low + + * New recommends on iputils-ping (because of the "-w" ping option) + (Closes: #161278, #161279) + * New Standards (3.5.7.0) + * DH_COMPAT 4 + + -- Igor Genibel Thu, 26 Sep 2002 12:35:46 +0200 + +cacti (0.6.8a-3) unstable; urgency=low + + * Fix type in postinst file (Closes: #160694) + * Add missing ; in include/rrd_functions.php file (Closes: #160703) + + -- Igor Genibel Tue, 17 Sep 2002 17:51:09 +0200 + +cacti (0.6.8a-2) unstable; urgency=high + + * Security upload: + really fix the arbitrary program code execution. + + -- Igor Genibel Tue, 10 Sep 2002 09:57:00 +0200 + +cacti (0.6.8a-1) unstable; urgency=high + + * Security Upload: + prevent executing arbitrary program code under the user id of the web + server. + + -- Igor Genibel Mon, 9 Sep 2002 14:39:37 +0200 + +cacti (0.6.8-10) unstable; urgency=high + + * fix the wrong setcookie() call (Closes: #157740) + * force the use of net-snmp tool instead of using native broken php-snmp + functions (Closes: #157383,#157381) + * urgency=high because cacti is not usable with the php-snmp functions + + -- Igor Genibel Thu, 22 Aug 2002 17:20:32 +0200 + +cacti (0.6.8-9) unstable; urgency=low + + * The «I'm too lame and stupid» version + * really add the «if exists» statement + + -- Igor Genibel Mon, 19 Aug 2002 16:03:44 +0200 + +cacti (0.6.8-8) unstable; urgency=low + + * add a «if exists» when dropping the database (for partial installation) + + -- Igor Genibel Mon, 19 Aug 2002 15:46:58 +0200 + +cacti (0.6.8-7) unstable; urgency=low + + * Fix uninstallable package with calling mysql differently (Closes: #156951) + + -- Igor Genibel Mon, 19 Aug 2002 14:41:08 +0200 + +cacti (0.6.8-6) unstable; urgency=low + + * move php-cgi bug workaround from include/database.php to + include/config.php in order to fix the html export bug + * put strict dependency on mysql-client (because of SQL query) + (Closes: #149787) + + -- Igor Genibel Wed, 12 Jun 2002 19:40:29 +0200 + +cacti (0.6.8-5) unstable; urgency=low + + * ask for password confirmation. + * Test if provided password for mysql is Ok. (Closes: #148862) + * add two scripts + + -- Igor Genibel Mon, 3 Jun 2002 14:11:28 +0200 + +cacti (0.6.8-4) unstable; urgency=low + + * put php_flag short_open_tag On in apache.conf file (Closes: #147283) + * fix SQL entry for webhits script + + -- Igor Genibel Fri, 17 May 2002 18:45:17 +0200 + +cacti (0.6.8-3) unstable; urgency=low + + * provide the get_stat_for_interface.pl script (I'm too lame) + + -- Igor Genibel Fri, 17 May 2002 18:36:44 +0200 + +cacti (0.6.8-2) unstable; urgency=low + + * Suppress and fix wrong SQL inserts. (Closes: #147259,#147262) + Thanks to Guillaume + * Applied a patch provided by Adam Conrad in order to bypass php4-cgi + installation bug + + -- Igor Genibel Fri, 17 May 2002 16:19:14 +0200 + +cacti (0.6.8-1) unstable; urgency=low + + * New upstream version (Closes: #146799) + * add new script that fetches informations directly from /proc (Luc + Saillard) + * patch auth_login.php in order to move php4 dependency from Depends to + Recommends. Now only php4-cgi package is mandatory. (Luc Saillard) + * Standards-Version: 3.5.6.0 + + -- Igor Genibel Mon, 13 May 2002 16:03:13 +0200 + +cacti (0.6.7-2) unstable; urgency=low + + * add snmp to dependencies + * fix logrotate broken file + * add a note in README.Debian concerning php4-cgi installation + + -- Igor Genibel Fri, 5 Apr 2002 12:59:51 +0200 + +cacti (0.6.7-1) unstable; urgency=low + + * Initial Release. (Closes: #140461) + + -- Igor Genibel Wed, 3 Apr 2002 15:04:11 +0200 + --- cacti-0.8.7b.orig/debian/cacti.links +++ cacti-0.8.7b/debian/cacti.links @@ -0,0 +1,2 @@ +/usr/share/cacti/resource /usr/share/cacti/site/resource +/usr/share/doc/cacti/html /usr/share/cacti/site/docs/html --- cacti-0.8.7b.orig/debian/patches/official_sql_injection_template_export.patch +++ cacti-0.8.7b/debian/patches/official_sql_injection_template_export.patch @@ -0,0 +1,13 @@ +--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400 +@@ -49,6 +49,10 @@ + function form_save() { + global $export_types; + ++ /* ================= input validation ================= */ ++ input_validate_input_number(get_request_var_post("export_item_id")); ++ /* ==================================================== */ ++ + if (isset($_POST["save_component_export"])) { + $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true)); + --- cacti-0.8.7b.orig/debian/patches/07_php_self_nonstandard_dir.patch +++ cacti-0.8.7b/debian/patches/07_php_self_nonstandard_dir.patch @@ -0,0 +1,13 @@ +Index: cacti/include/global.php +=================================================================== +--- cacti.orig/include/global.php 2008-02-14 00:03:06.000000000 +0100 ++++ cacti/include/global.php 2008-02-14 00:03:27.000000000 +0100 +@@ -110,7 +110,7 @@ + /* Sanity Check on "Corrupt" PHP_SELF */ + if ((!is_file($_SERVER["PHP_SELF"])) && (!is_file($config["base_path"] . '/' . $_SERVER["PHP_SELF"]))) { + if (!is_file($_SERVER["DOCUMENT_ROOT"] . $_SERVER["PHP_SELF"])) { +- if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], $_SERVER["PHP_SELF"])))) { ++ if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], basename($_SERVER["PHP_SELF"]))))) { + echo "\nInvalid PHP_SELF Path\n"; + exit; + } --- cacti-0.8.7b.orig/debian/patches/05_no-adodb.patch +++ cacti-0.8.7b/debian/patches/05_no-adodb.patch @@ -0,0 +1,13 @@ +Index: cacti/include/global.php +=================================================================== +--- cacti.orig/include/global.php 2008-02-13 23:30:52.000000000 +0100 ++++ cacti/include/global.php 2008-02-13 23:30:58.000000000 +0100 +@@ -180,7 +180,7 @@ + error_reporting(E_ALL); + + /* include base modules */ +-include($config["library_path"] . "/adodb/adodb.inc.php"); ++include("/usr/share/php/adodb/adodb.inc.php"); + include($config["library_path"] . "/database.php"); + include_once($config["library_path"] . "/functions.php"); + include_once($config["include_path"] . "/global_constants.php"); --- cacti-0.8.7b.orig/debian/patches/CVE-2010-1644.patch +++ cacti-0.8.7b/debian/patches/CVE-2010-1644.patch @@ -0,0 +1,47 @@ +Author: Paul Gevers +Subject: [PATCH] Fix CVE-2010-1644 XSS issues in host.php and data_sources.php + +Multiple cross-site scripting (XSS) vulnerabilities in Cacti before +0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and +other products, allow remote attackers to inject arbitrary web script or +HTML via the (1) hostname or (2) description parameter to host.php, or +(3) the host_id parameter to data_sources.php. + +Origin: http://svn.cacti.net/viewvc?view=rev&revision=5901 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624516 +Last-Update: 2011-07-01 +--- + data_sources.php | 1 + + host.php | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/data_sources.php b/data_sources.php +index c4ee99f..f172f44 100644 +--- a/data_sources.php ++++ b/data_sources.php +@@ -656,6 +656,7 @@ function ds_edit() { + + /* ================= input validation ================= */ + input_validate_input_number(get_request_var("id")); ++ input_validate_input_number(get_request_var("host_id")); + /* ==================================================== */ + + $use_data_template = true; +diff --git a/host.php b/host.php +index a82ddbf..045b661 100644 +--- a/host.php ++++ b/host.php +@@ -146,8 +146,8 @@ function form_save() { + if ($_POST["snmp_password"] != $_POST["snmp_password_confirm"]) { + raise_message(4); + }else{ +- $host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"], +- $_POST["hostname"], $_POST["snmp_community"], $_POST["snmp_version"], ++ $host_id = api_device_save($_POST["id"], $_POST["host_template_id"], htmlentities($_POST["description"]), ++ htmlentities(trim($_POST["hostname"])), $_POST["snmp_community"], $_POST["snmp_version"], + $_POST["snmp_username"], $_POST["snmp_password"], + $_POST["snmp_port"], $_POST["snmp_timeout"], + (isset($_POST["disabled"]) ? $_POST["disabled"] : ""), +-- +1.7.4.1 + --- cacti-0.8.7b.orig/debian/patches/CVE-2010-2092.patch +++ cacti-0.8.7b/debian/patches/CVE-2010-2092.patch @@ -0,0 +1,11 @@ +--- cacti.orig/graph.php ++++ cacti/graph.php +@@ -33,7 +33,7 @@ include("./lib/html_tree.php"); + include("./include/top_graph_header.php"); + + /* ================= input validation ================= */ +-input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); ++input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$"); + input_validate_input_number(get_request_var("local_graph_id")); + input_validate_input_number(get_request_var("graph_end")); + input_validate_input_number(get_request_var("graph_start")); --- cacti-0.8.7b.orig/debian/patches/CVE-2010-1645.patch +++ cacti-0.8.7b/debian/patches/CVE-2010-1645.patch @@ -0,0 +1,211 @@ +Author: Paul Gevers +Subject: [PATCH] Fix CVE-2010-1645 which allows execution of arbitrary commands by admins + +Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) +Solution and other products, allows remote authenticated administrators +to execute arbitrary commands via shell metacharacters in (1) the FQDN +field of a Device or (2) the Vertical Label field of a Graph Template. + +Origin: http://svn.cacti.net/viewvc?view=rev&revision=5777 +Origin: http://svn.cacti.net/viewvc?view=rev&revision=5782 +Origin: http://svn.cacti.net/viewvc?view=rev&revision=5784 +Last-Update: 2011-09-06 +--- + lib/rrd.php | 20 ++++++++++---------- + lib/snmp.php | 48 ++++++++++++++++++++++++++++++++++++++++-------- + utilities.php | 2 +- + 3 files changed, 51 insertions(+), 19 deletions(-) + +Index: cacti-0.8.7b/lib/rrd.php +=================================================================== +--- cacti-0.8.7b.orig/lib/rrd.php 2008-02-13 23:07:53.000000000 +0100 ++++ cacti-0.8.7b/lib/rrd.php 2011-09-25 11:25:05.574771235 +0200 +@@ -26,7 +26,7 @@ + define("MAX_FETCH_CACHE_SIZE", 5); + + function escape_command($command) { +- return ereg_replace("(\\\$|`)", "", $command); ++ return preg_replace("/(\\\$|`)/", "", $command); # current cacti code + } + + function rrd_init($output_to_term = TRUE) { +@@ -628,8 +628,8 @@ + break; + } + }else{ +- $scale = "--upper-limit=" . $graph["upper_limit"] . RRD_NL; +- $scale .= "--lower-limit=" . $graph["lower_limit"] . RRD_NL; ++ $scale = "--upper-limit=" . escapeshellarg($graph["upper_limit"]) . RRD_NL; ++ $scale .= "--lower-limit=" . escapeshellarg($graph["lower_limit"]) . RRD_NL; + } + + if ($graph["auto_scale_log"] == "on") { +@@ -648,14 +648,14 @@ + + if (!empty($graph["unit_value"])) { + if (read_config_option("rrdtool_version") == "rrd-1.2.x") { +- $unit_value = "--y-grid=" . $graph["unit_value"] . RRD_NL; ++ $unit_value = "--y-grid=" . escapeshellarg($graph["unit_value"]) . RRD_NL; + }else{ +- $unit_value = "--unit=" . $graph["unit_value"] . RRD_NL; ++ $unit_value = "--unit=" . escapeshellarg($graph["unit_value"]) . RRD_NL; + } + } + + if (ereg("^[0-9]+$", $graph["unit_exponent_value"])) { +- $unit_exponent_value = "--units-exponent=" . $graph["unit_exponent_value"] . RRD_NL; ++ $unit_exponent_value = "--units-exponent=" . escapeshellarg($graph["unit_exponent_value"]) . RRD_NL; + } + + /* +@@ -762,7 +762,7 @@ + "--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL . + "--start=$graph_start" . RRD_NL . + "--end=$graph_end" . RRD_NL . +- "--title=\"" . str_replace("\"", "\\\"", $graph["title_cache"]) . "\"" . RRD_NL . ++ "--title=" . escapeshellarg($graph["title_cache"]) . RRD_NL . + "$rigid" . + "--base=" . $graph["base_value"] . RRD_NL . + "--height=$graph_height" . RRD_NL . +@@ -771,7 +771,7 @@ + "$unit_value" . + "$unit_exponent_value" . + "$graph_legend" . +- "--vertical-label=\"" . $graph["vertical_label"] . "\"" . RRD_NL; ++ "--vertical-label=" . escapeshellarg($graph["vertical_label"]) . RRD_NL; + + /* rrdtool 1.2.x does not provide smooth lines, let's force it */ + if (read_config_option("rrdtool_version") == "rrd-1.2.x") { +@@ -1648,8 +1648,8 @@ + $xport_array = rrdxport2array(rrdtool_execute("xport $xport_opts$xport_defs$txt_xport_items", false, $output_flag, $rrd_struc)); + + /* add host and graph information */ +- $xport_array["meta"]["title_cache"] = $graph["title_cache"]; +- $xport_array["meta"]["vertical_label"] = $graph["vertical_label"]; ++ $xport_array["meta"]["title_cache"] = escapeshellarg($graph["title_cache"]); ++ $xport_array["meta"]["vertical_label"] = escapeshellarg($graph["vertical_label"]); + $xport_array["meta"]["local_graph_id"] = $local_graph_id; + $xport_array["meta"]["host_id"] = $graph["host_id"]; + +Index: cacti-0.8.7b/lib/snmp.php +=================================================================== +--- cacti-0.8.7b.orig/lib/snmp.php 2011-09-25 11:10:10.122330928 +0200 ++++ cacti-0.8.7b/lib/snmp.php 2011-09-25 11:25:45.374968559 +0200 +@@ -46,7 +46,12 @@ + } + + /* do not attempt to poll invalid combinations */ +- if (($version == 0) || (($community == "") && ($version != 3))) { ++ if (($version == 0) || (!is_numeric($version)) || ++ (!is_numeric($port)) || ++ (!is_numeric($retries)) || ++ (!is_numeric($timeout)) || ++ (($community == "") && ($version != 3)) ++ ) { + return "U"; + } + +@@ -110,9 +115,13 @@ + if (empty($snmp_auth)) { return; } + + if (read_config_option("snmp_version") == "ucd-snmp") { +- exec(read_config_option("path_snmpget") . " -O vt -v$version -t $timeout -r $retries $hostname:$port $snmp_auth $oid", $snmp_value); ++ /* escape the command to be executed and vulnerable parameters ++ * numeric parameters are not subject to command injection ++ * snmp_auth is treated seperately, see above */ ++ exec(escapeshellcmd(read_config_option("path_snmpget")) . " -O vt -v$version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port $snmp_auth " . escapeshellarg($oid), $snmp_value); + }else { +- exec(read_config_option("path_snmpget") . " -O fntev $snmp_auth -v $version -t $timeout -r $retries $hostname:$port $oid", $snmp_value); ++cacti_log(escapeshellcmd(read_config_option("path_snmpget")) . " -O fntev " . $snmp_auth . " -v $version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port " . escapeshellarg($oid), false, "TEST"); ++ exec(escapeshellcmd(read_config_option("path_snmpget")) . " -O fntev " . $snmp_auth . " -v $version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port " . escapeshellarg($oid), $snmp_value); + } + } + +@@ -139,7 +148,12 @@ + } + + /* do not attempt to poll invalid combinations */ +- if (($version == 0) || (($community == "") && ($version != 3))) { ++ if (($version == 0) || (!is_numeric($version)) || ++ (!is_numeric($port)) || ++ (!is_numeric($retries)) || ++ (!is_numeric($timeout)) || ++ (($community == "") && ($version != 3)) ++ ) { + return "U"; + } + +@@ -203,9 +217,12 @@ + if (empty($snmp_auth)) { return; } + + if (read_config_option("snmp_version") == "ucd-snmp") { +- exec(read_config_option("path_snmpgetnext") . " -O vt -v$version -t $timeout -r $retries $hostname:$port $snmp_auth $oid", $snmp_value); ++ /* escape the command to be executed and vulnerable parameters ++ * numeric parameters are not subject to command injection ++ * snmp_auth is treated seperately, see above */ ++ exec(escapeshellcmd(read_config_option("path_snmpgetnext")) . " -O vt -v$version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port $snmp_auth " . escapeshellarg($oid), $snmp_value); + }else { +- exec(read_config_option("path_snmpgetnext") . " -O fntev $snmp_auth -v $version -t $timeout -r $retries $hostname:$port $oid", $snmp_value); ++ exec(escapeshellcmd(read_config_option("path_snmpgetnext")) . " -O fntev $snmp_auth -v $version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port " . escapeshellarg($oid), $snmp_value); + } + } + +@@ -222,7 +239,7 @@ + return $snmp_value; + } + +-function cacti_snmp_walk($hostname, $community, $oid, $version, $username, $password, $auth_proto, $priv_pass, $priv_proto, $context, $port = 161, $timeout = 500, $retries = 0, $environ = SNMP_POLLER) { ++function cacti_snmp_walk($hostname, $community, $oid, $version, $username, $password, $auth_proto, $priv_pass, $priv_proto, $context, $port = 161, $timeout = 500, $retries = 0, $environ = SNMP_POLLER, $max_oids = 50) { + global $config; + + $snmp_auth = ''; +@@ -235,6 +252,17 @@ + if ($retries == "") $retries = 3; + } + ++ /* do not attempt to poll invalid combinations */ ++ if (($version == 0) || (!is_numeric($version)) || ++ (!is_numeric($max_oids)) || ++ (!is_numeric($port)) || ++ (!is_numeric($retries)) || ++ (!is_numeric($timeout)) || ++ (($community == "") && ($version != 3)) ++ ) { ++ return "U"; ++ } ++ + $path_snmpbulkwalk = read_config_option("path_snmpbulkwalk"); + + if ((snmp_get_method($version) == SNMP_METHOD_PHP) && +@@ -310,12 +338,15 @@ + } + + if (read_config_option("snmp_version") == "ucd-snmp") { +- $temp_array = exec_into_array(read_config_option("path_snmpwalk") . " -v$version -t $timeout -r $retries $hostname:$port $snmp_auth $oid"); ++ /* escape the command to be executed and vulnerable parameters ++ * numeric parameters are not subject to command injection ++ * snmp_auth is treated seperately, see above */ ++ $temp_array = exec_into_array(escapeshellcmd(read_config_option("path_snmpwalk")) . " -v$version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port $snmp_auth " . escapeshellarg($oid)); + }else { + if (file_exists($path_snmpbulkwalk) && ($version > 1)) { +- $temp_array = exec_into_array($path_snmpbulkwalk . " -O Qn $snmp_auth -v $version -t $timeout -r $retries -Cr50 $hostname:$port $oid"); ++ $temp_array = exec_into_array(escapeshellcmd($path_snmpbulkwalk) . " -O Qn $snmp_auth -v $version -t $timeout -r $retries -Cr$max_oids " . escapeshellarg($hostname) . ":$port " . escapeshellarg($oid)); + }else{ +- $temp_array = exec_into_array(read_config_option("path_snmpwalk") . " -O Qn $snmp_auth -v $version -t $timeout -r $retries $hostname:$port $oid"); ++ $temp_array = exec_into_array(escapeshellcmd(read_config_option("path_snmpwalk")) . " -O Qn $snmp_auth -v $version -t $timeout -r $retries " . escapeshellarg($hostname) . ":$port " . escapeshellarg($oid)); + } + } + +Index: cacti-0.8.7b/utilities.php +=================================================================== +--- cacti-0.8.7b.orig/utilities.php 2008-02-13 23:07:53.000000000 +0100 ++++ cacti-0.8.7b/utilities.php 2011-09-25 11:10:10.390332256 +0200 +@@ -222,7 +222,7 @@ + if ((file_exists(read_config_option("path_rrdtool"))) && (($config["cacti_server_os"] == "win32") || (is_executable(read_config_option("path_rrdtool"))))) { + + $out_array = array(); +- exec(read_config_option("path_rrdtool"), $out_array); ++ exec(escapeshellcmd(read_config_option("path_rrdtool")), $out_array); + + if (sizeof($out_array) > 0) { + if (ereg("^RRDtool 1\.2", $out_array[0])) { --- cacti-0.8.7b.orig/debian/patches/CVE-2010-2545.patch +++ cacti-0.8.7b/debian/patches/CVE-2010-2545.patch @@ -0,0 +1,1083 @@ +From: Paul Gevers +Subject: [PATCH] Fix CVE-2010-2545 XSS issues in multiple files + +Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, +allow remote attackers to inject arbitrary web script or HTML via (1) the +name element in an XML template to templates_import.php; and allow remote +authenticated administrators to inject arbitrary web script or HTML via +vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, +(5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, +(8) graph.php, (9) graphs_new.php, (10) graphs.php, +(11) graph_templates_inputs.php, (12) graph_templates_items.php, +(13) graph_templates.php, (14) graph_view.php, (15) host.php, +(16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, +(19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, +(22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php. + +Origin: http://svn.cacti.net/viewvc?view=rev&revision=6037 +Origin: http://svn.cacti.net/viewvc?view=rev&revision=6038 +Origin: http://svn.cacti.net/viewvc?view=rev&revision=6041 +Origin: http://svn.cacti.net/viewvc?view=rev&revision=6042 +Last-Update: 2011-09-22 +--- + cdef.php | 8 ++++---- + data_input.php | 16 ++++++++-------- + data_queries.php | 27 ++++++++++++++------------- + data_sources.php | 18 +++++++++--------- + data_templates.php | 12 ++++++------ + gprint_presets.php | 6 +++--- + graph.php | 16 ++++++++-------- + graph_templates.php | 8 ++++---- + graph_templates_inputs.php | 2 +- + graph_templates_items.php | 2 +- + graph_view.php | 4 ++-- + graphs.php | 10 +++++----- + graphs_new.php | 8 ++++---- + host.php | 30 +++++++++++++++--------------- + host_templates.php | 12 ++++++------ + lib/functions.php | 6 +++--- + lib/html.php | 14 +++++++------- + lib/html_form.php | 4 ++-- + lib/html_tree.php | 20 ++++++++++---------- + lib/rrd.php | 2 +- + rra.php | 6 +++--- + tree.php | 6 +++--- + user_admin.php | 4 ++-- + 23 files changed, 121 insertions(+), 120 deletions(-) + +Index: cacti-0.8.7b/cdef.php +=================================================================== +--- cacti-0.8.7b.orig/cdef.php 2011-09-25 11:25:05.842772569 +0200 ++++ cacti-0.8.7b/cdef.php 2011-09-25 11:30:17.728319121 +0200 +@@ -192,7 +192,7 @@ + draw_cdef_preview($_GET["cdef_id"]); + html_end_box(); + +- html_start_box("CDEF Items [edit: " . db_fetch_cell("select name from cdef where id=" . $_GET["cdef_id"]) . "]", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("CDEF Items [edit: " . htmlspecialchars(db_fetch_cell("select name from cdef where id=" . $_GET["cdef_id"])) . "]", "100%", $colors["header"], "3", "center", ""); + + if (isset($_GET["type_select"])) { + $current_type = $_GET["type_select"]; +@@ -269,7 +269,7 @@ + + if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the CDEF '" . db_fetch_cell("select name from cdef where id=" . $_GET["id"]) . "'?", "cdef.php", "cdef.php?action=remove&id=" . $_GET["id"]); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the CDEF '" . htmlspecialchars(db_fetch_cell("select name from cdef where id=" . $_GET["id"])) . "'?", htmlspecialchars("cdef.php"), htmlspecialchars("cdef.php?action=remove&id=" . $_GET["id"])); + include("./include/bottom_footer.php"); + exit; + } +@@ -289,7 +289,7 @@ + + if (!empty($_GET["id"])) { + $cdef = db_fetch_row("select * from cdef where id=" . $_GET["id"]); +- $header_label = "[edit: " . $cdef["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($cdef["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -324,7 +324,7 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); $i++; + ?> + +- &cdef_id=">Item # ++ ">Item # + + + : +Index: cacti-0.8.7b/data_input.php +=================================================================== +--- cacti-0.8.7b.orig/data_input.php 2011-09-25 11:25:06.186774268 +0200 ++++ cacti-0.8.7b/data_input.php 2011-09-25 11:30:17.732319145 +0200 +@@ -311,7 +311,7 @@ + return; + } + +- html_start_box("$header_name Fields [edit: " . $data_input["name"] . "]", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("$header_name Fields [edit: " . htmlspecialchars($data_input["name"]) . "]", "100%", $colors["header"], "3", "center", ""); + + $form_array = array(); + +@@ -373,7 +373,7 @@ + + if (!empty($_GET["id"])) { + $data_input = db_fetch_row("select * from data_input where id=" . $_GET["id"]); +- $header_label = "[edit: " . $data_input["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($data_input["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -403,16 +403,16 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); $i++; + ?> + +- &data_input_id="> ++ "> + + + + + +- ++ + + +- &data_input_id=">Delete ++ ">Delete + + + + +- &data_input_id="> ++ "> + + + + + +- ++ + + + +@@ -562,7 +562,7 @@ + foreach ($data_inputs as $data_input) { + /* hide system types */ + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $data_input["id"]); $i++; +- form_selectable_cell("" . (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $data_input["name"]) : $data_input["name"]) . "", $data_input["id"]); ++ form_selectable_cell("" . (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($data_input["name"])) : htmlspecialchars($data_input["name"])) . "", $data_input["id"]); + form_selectable_cell($input_types{$data_input["type_id"]}, $data_input["id"]); + form_checkbox_cell($data_input["name"], $data_input["id"]); + form_end_row(); +Index: cacti-0.8.7b/data_queries.php +=================================================================== +--- cacti-0.8.7b.orig/data_queries.php 2011-09-25 11:25:06.146774072 +0200 ++++ cacti-0.8.7b/data_queries.php 2011-09-25 11:30:17.744319204 +0200 +@@ -231,7 +231,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $dq_list .= "
  • " . db_fetch_cell("SELECT snmp_query.name FROM snmp_query WHERE id='" . $matches[1] . "'") . "
    "; ++ $dq_list .= "
  • " . htmlspecialchars(db_fetch_cell("SELECT snmp_query.name FROM snmp_query WHERE id='" . $matches[1] . "'")) . "
    "; + $dq_array[$i] = $matches[1]; + } + +@@ -371,7 +371,7 @@ + } + + $snmp_query = db_fetch_row("select name,xml_path from snmp_query where id=" . $_GET["snmp_query_id"]); +- $header_label = "[edit: " . $snmp_query["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($snmp_query["name"]) . "]"; + + html_start_box("Associated Graph/Data Templates $header_label", "100%", $colors["header"], "3", "center", ""); + +@@ -401,7 +401,7 @@ + if (sizeof($data_templates) > 0) { + foreach ($data_templates as $data_template) { + print " +- Data Template - " . $data_template["name"] . " ++ Data Template - " . htmlspecialchars($data_template["name"]) . " + "; + + $data_template_rrds = db_fetch_assoc("select +@@ -491,10 +491,10 @@ + form_alternate_row_color($colors["form_alternate1"],$colors["form_alternate2"],$i); $i++; + ?> + +- ++ + + +- ++ + + + &id=&snmp_query_id=&data_template_id=&field_name=">Move Down +@@ -542,7 +542,7 @@ + order by field_name,sequence"); + + print " +- Graph Template - " . db_fetch_cell("select name from graph_templates where id=" . $snmp_query_item["graph_template_id"]) . " ++ Graph Template - " . htmlspecialchars(db_fetch_cell("select name from graph_templates where id=" . $snmp_query_item["graph_template_id"])) . " + "; + + $i = 0; +@@ -553,10 +553,10 @@ + form_alternate_row_color($colors["form_alternate1"],$colors["form_alternate2"],$i); $i++; + ?> + +- ++ + + +- ++ + + + &id=&snmp_query_id=&field_name=">Move Down +@@ -627,7 +627,7 @@ + + if (!empty($_GET["id"])) { + $snmp_query = db_fetch_row("select * from snmp_query where id=" . $_GET["id"]); +- $header_label = "[edit: " . $snmp_query["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($snmp_query["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -680,13 +680,14 @@ + form_alternate_row_color($colors["form_alternate1"],$colors["form_alternate2"],$i); $i++; + ?> + +- &snmp_query_id="> ++ "> + + +- ++ + + +- &snmp_query_id=">Delete ++ ++ ">Delete + + + 0) { + foreach ($snmp_queries as $snmp_query) { + form_alternate_row_color($colors["alternate"],$colors["light"],$i, 'line' . $snmp_query["id"]); $i++; +- form_selectable_cell("" . (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $snmp_query["name"]) : $snmp_query["name"]) . "", $snmp_query["id"]); ++ form_selectable_cell("" . (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($snmp_query["name"])) : htmlspecialchars($snmp_query["name"])) . "", $snmp_query["id"]); + form_selectable_cell((strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $snmp_query["data_input_method"]) : $snmp_query["data_input_method"]), $snmp_query["id"]); + form_checkbox_cell($snmp_query["name"], $snmp_query["id"]); + form_end_row(); +Index: cacti-0.8.7b/data_sources.php +=================================================================== +--- cacti-0.8.7b.orig/data_sources.php 2011-09-25 11:25:06.098773834 +0200 ++++ cacti-0.8.7b/data_sources.php 2011-09-25 11:30:17.748319220 +0200 +@@ -559,7 +559,7 @@ + + $host = db_fetch_row("select host.id,host.hostname from (data_local,host) where data_local.host_id=host.id and data_local.id=" . $_GET["id"]); + +- $header_label = "[edit: " . $data["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($data["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -571,7 +571,7 @@ + /* get each INPUT field for this data input source */ + $fields = db_fetch_assoc("select * from data_input_fields where data_input_id=" . $data["data_input_id"] . " and input_output='in' order by sequence"); + +- html_start_box("Custom Data [data input: " . db_fetch_cell("select name from data_input where id=" . $data["data_input_id"]) . "]", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Custom Data [data input: " . htmlspecialchars(db_fetch_cell("select name from data_input where id=" . $data["data_input_id"])) . "]", "100%", $colors["header"], "3", "center", ""); + + /* loop through each field found */ + if (sizeof($fields) > 0) { +@@ -675,7 +675,7 @@ + exit; + } + +- $header_label = "[edit: " . get_data_source_title($_GET["id"]) . "]"; ++ $header_label = "[edit: " . htmlspecialchars(get_data_source_title($_GET["id"])) . "]"; + + if (empty($data_local["data_template_id"])) { + $use_data_template = false; +@@ -702,7 +702,7 @@ + + + + \n + \n"; + } +@@ -1040,7 +1040,7 @@ + + Data Sources [host: " . (empty($host["hostname"]) ? "No Host" : $host["hostname"]) . "]", "100%", $colors["header"], "3", "center", "data_sources.php?action=ds_edit&host_id=" . $_REQUEST["host_id"]); ++ html_start_box("Data Sources [host: " . (empty($host["hostname"]) ? "No Host" : htmlspecialchars($host["hostname"])) . "]", "100%", $colors["header"], "3", "center", "data_sources.php?action=ds_edit&host_id=" . get_request_var_request("host_id")); + + include("./include/html/inc_data_source_filter_table.php"); + +@@ -1169,12 +1169,12 @@ + $data_input_name = ((empty($data_source["data_input_name"])) ? "External" : $data_source["data_input_name"]); + $poller_interval = ((isset($poller_intervals[$data_source["local_data_id"]])) ? $poller_intervals[$data_source["local_data_id"]] : 0); + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $data_source["local_data_id"]); $i++; +- form_selectable_cell("" . (($_REQUEST["filter"] != "") ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", title_trim(htmlentities($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlentities($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "", $data_source["local_data_id"]); ++ form_selectable_cell("" . ((get_request_var_request("filter") != "") ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "", $data_source["local_data_id"]); + form_selectable_cell($data_source['local_data_id'], $data_source['local_data_id']); +- form_selectable_cell((($_REQUEST["filter"] != "") ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $data_input_name) : $data_input_name) . "", $data_source["local_data_id"]); ++ form_selectable_cell(((get_request_var_request("filter") != "") ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($data_input_name)) : htmlspecialchars($data_input_name)), $data_source["local_data_id"]); + form_selectable_cell(get_poller_interval($poller_interval), $data_source["local_data_id"]); + form_selectable_cell(($data_source['active'] == "on" ? "Yes" : "No"), $data_source["local_data_id"]); +- form_selectable_cell((($_REQUEST["filter"] != "") ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $data_source['data_template_name']) : $data_source['data_template_name']) . "", $data_source["local_data_id"]); ++ form_selectable_cell(((get_request_var_request("filter") != "") ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($data_source['data_template_name'])) : htmlspecialchars($data_source['data_template_name'])), $data_source["local_data_id"]); + form_checkbox_cell($data_source["name_cache"], $data_source["local_data_id"]); + form_end_row(); + } +Index: cacti-0.8.7b/data_templates.php +=================================================================== +--- cacti-0.8.7b.orig/data_templates.php 2011-09-25 11:25:05.922772959 +0200 ++++ cacti-0.8.7b/data_templates.php 2011-09-25 11:30:17.760319286 +0200 +@@ -427,7 +427,7 @@ + $header_label = "[new]"; + } + +- html_start_box("Data Templates $header_label", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Data Templates " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", ""); + + draw_edit_form(array( + "config" => array(), +@@ -497,7 +497,7 @@ + foreach ($template_data_rrds as $template_data_rrd) { + $i++; + print " \n + \n"; + } +@@ -516,7 +516,7 @@ + + print " + + + + + +
    +@@ -209,7 +209,7 @@ +
    +- ++ + + *Turn Data Source Debug Mode. +@@ -846,7 +846,7 @@ + foreach ($template_data_rrds as $template_data_rrd) { + $i++; + print " +- $i: " . $template_data_rrd["data_source_name"] . "" . (($use_data_template == false) ? " Delete" : "") . " ++ $i: " . htmlspecialchars($template_data_rrd["data_source_name"]) . "" . (($use_data_template == false) ? " Delete" : "") . " + +- $i: " . $template_data_rrd["data_source_name"] . " Delete ++ $i: " . htmlspecialchars($template_data_rrd["data_source_name"]) . " Delete +
    +- Data Source Item [" . (isset($template_rrd) ? $template_rrd["data_source_name"] : "") . "] ++ Data Source Item [" . (isset($template_rrd) ? htmlspecialchars($template_rrd["data_source_name"]) : "") . "] + + " . (!empty($_GET["id"]) ? "New " : "") . " +@@ -567,7 +567,7 @@ + /* get each INPUT field for this data input source */ + $fields = db_fetch_assoc("select * from data_input_fields where data_input_id=" . $template_data["data_input_id"] . " and input_output='in' order by sequence"); + +- html_start_box("Custom Data [data input: " . db_fetch_cell("select name from data_input where id=" . $template_data["data_input_id"]) . "]", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Custom Data [data input: " . htmlspecialchars(db_fetch_cell("select name from data_input where id=" . $template_data["data_input_id"])) . "]", "100%", $colors["header"], "3", "center", ""); + + /* loop through each field found */ + if (sizeof($fields) > 0) { +@@ -709,8 +709,8 @@ + if (sizeof($template_list) > 0) { + foreach ($template_list as $template) { + form_alternate_row_color($colors["alternate"],$colors["light"],$i, 'line' . $template["id"]); +- form_selectable_cell("" . (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $template["name"]) : $template["name"]) . "", $template["id"]); +- form_selectable_cell((empty($template["data_input_method"]) ? "None": $template["data_input_method"]), $template["id"]); ++ form_selectable_cell("" . (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($template["name"])) : htmlspecialchars($template["name"])) . "", $template["id"]); ++ form_selectable_cell((empty($template["data_input_method"]) ? "None": htmlspecialchars($template["data_input_method"])), $template["id"]); + form_selectable_cell((($template["active"] == "on") ? "Active" : "Disabled"), $template["id"]); + form_checkbox_cell($template["name"], $template["id"]); + form_end_row(); +Index: cacti-0.8.7b/gprint_presets.php +=================================================================== +--- cacti-0.8.7b.orig/gprint_presets.php 2011-09-25 11:25:05.798772343 +0200 ++++ cacti-0.8.7b/gprint_presets.php 2011-09-25 11:30:17.764319302 +0200 +@@ -95,7 +95,7 @@ + + if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) { + include_once("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the GPRINT preset '" . db_fetch_cell("select name from graph_templates_gprint where id=" . $_GET["id"]) . "'? This could affect every graph that uses this preset, make sure you know what you are doing first!", "gprint_presets.php", "gprint_presets.php?action=remove&id=" . $_GET["id"]); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the GPRINT preset '" . htmlspecialchars(db_fetch_cell("select name from graph_templates_gprint where id=" . $_GET["id"])) . "'? This could affect every graph that uses this preset, make sure you know what you are doing first!", htmlspecialchars("gprint_presets.php"), htmlspecialchars("gprint_presets.php?action=remove&id=" . $_GET["id"])); + exit; + } + +@@ -113,7 +113,7 @@ + + if (!empty($_GET["id"])) { + $gprint_preset = db_fetch_row("select * from graph_templates_gprint where id=" . $_GET["id"]); +- $header_label = "[edit: " . $gprint_preset["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($gprint_preset["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -150,7 +150,7 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); + ?> + +- "> ++ "> + + ">Delete +Index: cacti-0.8.7b/graph.php +=================================================================== +--- cacti-0.8.7b.orig/graph.php 2011-09-25 11:25:06.050773596 +0200 ++++ cacti-0.8.7b/graph.php 2011-09-25 11:30:17.768319322 +0200 +@@ -94,7 +94,7 @@ + + + + + + + +
    +- <?php print $graph_title;?> ++ <?php print htmlspecialchars($graph_title);?> + + Zoom Graph
    +@@ -104,7 +104,7 @@ +
    +- ++ +
    +@@ -193,7 +193,7 @@ + ?> +
    +- Zooming Graph '' ++ Zooming Graph '' +
    + + + + + + +
    +- <?php print $graph_title;?> ++ <?php print htmlspecialchars($graph_title);?> + + Graph Source/Properties +@@ -218,7 +218,7 @@ +
    +- ++ +
    +@@ -233,7 +233,7 @@ + ?> + + +- Viewing Graph Properties '' ++ Viewing Graph Properties '' + + + +@@ -241,7 +241,7 @@ + + + + + + + +
    +- <?php print $graph_title;?> ++ <?php print htmlspecialchars($graph_title);?> + + Zoom Graph
    +@@ -250,7 +250,7 @@ +
    +- ++ +
    +Index: cacti-0.8.7b/graph_templates.php +=================================================================== +--- cacti-0.8.7b.orig/graph_templates.php 2011-09-25 11:25:05.370770222 +0200 ++++ cacti-0.8.7b/graph_templates.php 2011-09-25 11:30:17.780319376 +0200 +@@ -308,7 +308,7 @@ + $header_label = "[edit: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["id"]) . "]"; + } + +- html_start_box("Graph Template Items $header_label", "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . $_GET["id"]); ++ html_start_box("Graph Template Items " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . $_GET["id"]); + draw_graph_items_list($template_item_list, "graph_templates_items.php", "graph_template_id=" . $_GET["id"], false); + html_end_box(); + +@@ -326,7 +326,7 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); + ?> + +- &graph_template_id="> ++ "> + + + &graph_template_id=">Delete +@@ -367,7 +367,7 @@ + $header_label = "[new]"; + } + +- html_start_box("Template $header_label", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Template " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", ""); + + draw_edit_form(array( + "config" => array(), +@@ -536,7 +536,7 @@ + if (sizeof($template_list) > 0) { + foreach ($template_list as $template) { + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $template["id"]);$i++; +- form_selectable_cell("" . (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $template["name"]) : $template["name"]) . "", $template["id"]); ++ form_selectable_cell("" . (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($template["name"])) : htmlspecialchars($template["name"])) . "", $template["id"]); + form_checkbox_cell($template["name"], $template["id"]); + form_end_row(); + } +Index: cacti-0.8.7b/graph_templates_inputs.php +=================================================================== +--- cacti-0.8.7b.orig/graph_templates_inputs.php 2011-09-25 11:25:06.010773402 +0200 ++++ cacti-0.8.7b/graph_templates_inputs.php 2011-09-25 11:30:17.788319412 +0200 +@@ -161,7 +161,7 @@ + $graph_template_input = db_fetch_row("select * from graph_template_input where id=" . $_GET["id"]); + } + +- html_start_box("Graph Item Inputs $header_label", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Graph Item Inputs " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", ""); + + draw_edit_form(array( + "config" => array(), +Index: cacti-0.8.7b/graph_templates_items.php +=================================================================== +--- cacti-0.8.7b.orig/graph_templates_items.php 2011-09-25 11:25:05.878772748 +0200 ++++ cacti-0.8.7b/graph_templates_items.php 2011-09-25 11:30:17.792319436 +0200 +@@ -299,7 +299,7 @@ + + $header_label = "[edit graph: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["graph_template_id"]) . "]"; + +- html_start_box("Graph Template Items $header_label", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Graph Template Items " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", ""); + + if (!empty($_GET["id"])) { + $template_item = db_fetch_row("select * from graph_templates_item where id=" . $_GET["id"]); +Index: cacti-0.8.7b/graph_view.php +=================================================================== +--- cacti-0.8.7b.orig/graph_view.php 2011-09-25 11:25:05.494770844 +0200 ++++ cacti-0.8.7b/graph_view.php 2011-09-25 11:30:17.804319502 +0200 +@@ -442,7 +442,7 @@ + + if (sizeof($hosts) > 0) { + foreach ($hosts as $host) { +- print "\n"; ++ print "\n"; + } + } + ?> +@@ -472,7 +472,7 @@ + + if (sizeof($graph_templates) > 0) { + foreach ($graph_templates as $template) { +- print "\n"; ++ print "\n"; + } + } + ?> +Index: cacti-0.8.7b/graphs.php +=================================================================== +--- cacti-0.8.7b.orig/graphs.php 2011-09-25 11:25:06.238774533 +0200 ++++ cacti-0.8.7b/graphs.php 2011-09-25 11:30:17.820319590 +0200 +@@ -560,7 +560,7 @@ + order by graph_templates_item.sequence"); + + $host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["id"]); +- $header_label = "[edit: " . get_graph_title($_GET["id"]) . "]"; ++ $header_label = "[edit: " . htmlspecialchars(get_graph_title($_GET["id"])) . "]"; + } + + $graph_template_id = db_fetch_cell("select graph_template_id from graph_local where id=" . $_GET["id"]); +@@ -823,7 +823,7 @@ + $graphs_template = db_fetch_row("select * from graph_templates_graph where id=$local_graph_template_graph_id"); + + $host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["id"]); +- $header_label = "[edit: " . get_graph_title($_GET["id"]) . "]"; ++ $header_label = "[edit: " . htmlspecialchars(get_graph_title($_GET["id"])) . "]"; + + if ($graphs["graph_template_id"] == "0") { + $use_graph_template = false; +@@ -847,7 +847,7 @@ + + + +
    +- ++ + + *Turn Graph Debug Mode. +@@ -1185,9 +1185,9 @@ + foreach ($graph_list as $graph) { + $template_name = ((empty($graph["name"])) ? "None" : $graph["name"]); + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $graph["local_graph_id"]); $i++; +- form_selectable_cell("" . (($_REQUEST["filter"] != "") ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", title_trim($graph["title_cache"], read_config_option("max_title_graph"))) : title_trim($graph["title_cache"], read_config_option("max_title_graph"))) . "", $graph["local_graph_id"]); ++ form_selectable_cell("" . ((get_request_var_request("filter") != "") ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", title_trim(htmlspecialchars($graph["title_cache"]), read_config_option("max_title_graph"))) : title_trim(htmlspecialchars($graph["title_cache"]), read_config_option("max_title_graph"))) . "", $graph["local_graph_id"]); + form_selectable_cell($graph["local_graph_id"], $graph["local_graph_id"]); +- form_selectable_cell((($_REQUEST["filter"] != "") ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $template_name) : $template_name) . "", $graph["local_graph_id"]); ++ form_selectable_cell(((get_request_var_request("filter") != "") ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($template_name)) : htmlspecialchars($template_name)), $graph["local_graph_id"]); + form_selectable_cell($graph["height"] . "x" . $graph["width"], $graph["local_graph_id"]); + form_checkbox_cell($graph["title_cache"], $graph["local_graph_id"]); + form_end_row(); +Index: cacti-0.8.7b/graphs_new.php +=================================================================== +--- cacti-0.8.7b.orig/graphs_new.php 2011-09-25 11:25:06.350775083 +0200 ++++ cacti-0.8.7b/graphs_new.php 2011-09-25 11:30:17.824319597 +0200 +@@ -416,12 +416,12 @@ + + + + +@@ -439,7 +439,7 @@ + + if (sizeof($hosts) > 0) { + foreach ($hosts as $item) { +- print "\n"; ++ print "\n"; + } + } + ?> +@@ -560,7 +560,7 @@ + print ""; $i++; + + print " + + + "; + }elseif ($_POST["drp_action"] == "3") { /* Disable Devices */ + print " + + "; + }elseif ($_POST["drp_action"] == "4") { /* change snmp options */ +@@ -360,7 +360,7 @@ + + "; + $form_array = array(); +@@ -391,7 +391,7 @@ + + "; + $form_array = array(); +@@ -420,14 +420,14 @@ + print " + + "; + }elseif ($_POST["drp_action"] == "1") { /* delete */ + print " + +@@ -439,7 +439,7 @@ + + \n +@@ -514,7 +514,7 @@ + + if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the host '" . db_fetch_cell("select description from host where id=" . $_GET["id"]) . "'?", "host.php", "host.php?action=remove&id=" . $_GET["id"]); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the host '" . htmlspecialchars(db_fetch_cell("select description from host where id=" . $_GET["id"])) . "'?", htmlspecialchars("host.php"), htmlspecialchars("host.php?action=remove&id=" . $_GET["id"])); + include("./include/bottom_footer.php"); + exit; + } +@@ -535,7 +535,7 @@ + + if (!empty($_GET["id"])) { + $host = db_fetch_row("select * from host where id=" . $_GET["id"]); +- $header_label = "[edit: " . $host["description"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($host["description"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -545,7 +545,7 @@ +
    +- () ++ () + + +
    +- Create: " . $graph_template["graph_template_name"] . " ++ Create: " . htmlspecialchars($graph_template["graph_template_name"]) . " + + +Index: cacti-0.8.7b/host.php +=================================================================== +--- cacti-0.8.7b.orig/host.php 2011-09-25 11:25:05.458770665 +0200 ++++ cacti-0.8.7b/host.php 2011-09-25 11:30:17.824319597 +0200 +@@ -325,7 +325,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $host_list .= "
  • " . db_fetch_cell("select description from host where id=" . $matches[1]) . "
    "; ++ $host_list .= "
  • " . htmlspecialchars(db_fetch_cell("select description from host where id=" . $matches[1])) . "
    "; + $host_array[$i] = $matches[1]; + } + +@@ -345,14 +345,14 @@ + print "
    • +

    To enable the following devices, press the \"yes\" button below.

    +-

    $host_list

    ++

    " . $host_list . "

    +
    +

    To disable the following devices, press the \"yes\" button below.

    +-

    $host_list

    ++

    " . $host_list . "

    +
    +

    To change SNMP parameters for the following devices, check the box next to the fields + you want to update, fill in the new value, and click Save.

    +-

    $host_list

    ++

    " . $host_list . "

    +
    +

    To change SNMP parameters for the following devices, check the box next to the fields + you want to update, fill in the new value, and click Save.

    +-

    $host_list

    ++

    " . $host_list . "

    +
    +

    To clear the counters for the following devices, press the \"yes\" button below.

    +-

    $host_list

    ++

    " . $host_list . "

    +
    +

    Are you sure you want to delete the following devices?

    +-

    $host_list

    "; ++

    " . $host_list . "

    "; + form_radio_button("delete_type", "2", "1", "Leave all graphs and data sources untouched. Data sources will be disabled however.", "1"); print "
    "; + form_radio_button("delete_type", "2", "2", "Delete all associated graphs and data sources.", "1"); print "
    "; + print "
    +

    When you click save, the following hosts will be placed under the branch selected + below.

    +-

    $host_list

    ++

    " . $host_list . "

    +

    Destination Branch:
    "; grow_dropdown_tree($matches[1], "tree_item_id", "0"); print "

    +
    + + + + +@@ -963,7 +963,7 @@ + ?> + + + + + + + + + + + + + + 0) { + foreach ($template_list as $template) { + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $template["id"]);$i++; +- form_selectable_cell("" . (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $template["name"]) : $template["name"]) . "", $template["id"]); ++ form_selectable_cell("" . (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($template["name"])) : htmlspecialchars($template["name"])) . "", $template["id"]); + form_checkbox_cell($template["name"], $template["id"]); + form_end_row(); + } +Index: cacti-0.8.7b/lib/functions.php +=================================================================== +--- cacti-0.8.7b.orig/lib/functions.php 2011-09-25 11:25:05.718771949 +0200 ++++ cacti-0.8.7b/lib/functions.php 2011-09-25 11:30:17.856319756 +0200 +@@ -1653,15 +1653,15 @@ + if ($current_mappings[$i] == "?") { + /* '?' tells us to pull title from the cache at this level */ + if (isset($nav_level_cache{$i})) { +- $current_nav .= (empty($url) ? "" : "") . resolve_navigation_variables($nav{$nav_level_cache{$i}["id"]}["title"]) . (empty($url) ? "" : "") . " -> "; ++ $current_nav .= (empty($url) ? "" : "") . htmlspecialchars(resolve_navigation_variables($nav{$nav_level_cache{$i}["id"]}["title"])) . (empty($url) ? "" : "") . " -> "; + } + }else{ + /* there is no '?' - pull from the above array */ +- $current_nav .= (empty($url) ? "" : "") . resolve_navigation_variables($nav{$current_mappings[$i]}["title"]) . (empty($url) ? "" : "") . " -> "; ++ $current_nav .= (empty($url) ? "" : "") . htmlspecialchars(resolve_navigation_variables($nav{$current_mappings[$i]}["title"])) . (empty($url) ? "" : "") . " -> "; + } + } + +- $current_nav .= resolve_navigation_variables($current_array["title"]); ++ $current_nav .= htmlspecialchars(resolve_navigation_variables($current_array["title"])); + + /* keep a cache for each level we encounter */ + $nav_level_cache{$current_array["level"]} = array("id" => $current_page . ":" . $current_action, "url" => get_browser_query_string()); +Index: cacti-0.8.7b/lib/html.php +=================================================================== +--- cacti-0.8.7b.orig/lib/html.php 2011-09-25 11:25:05.534771034 +0200 ++++ cacti-0.8.7b/lib/html.php 2011-09-25 11:30:17.872319837 +0200 +@@ -99,7 +99,7 @@ +
    +- () ++ () +
    +- ) ++ ) + + Is Being Graphed (Edit)" : "Not Being Graphed");?> +@@ -1039,7 +1039,7 @@ + ?> +
    +- ) ++ ) + + (&host_id=">Verbose Query) +@@ -1263,13 +1263,13 @@ + foreach ($hosts as $host) { + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $host["id"]); $i++; + form_selectable_cell("" . +- (strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $host["description"]) : $host["description"]) . "", $host["id"], 250); ++ (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($host["description"])) : htmlspecialchars($host["description"])) . "", $host["id"], 250); + form_selectable_cell(round(($host["id"]), 2), $host["id"]); + form_selectable_cell((isset($host_graphs[$host["id"]]) ? $host_graphs[$host["id"]] : 0), $host["id"]); + form_selectable_cell((isset($host_data_sources[$host["id"]]) ? $host_data_sources[$host["id"]] : 0), $host["id"]); + form_selectable_cell(get_colored_device_status(($host["disabled"] == "on" ? true : false), $host["status"]), $host["id"]); + form_selectable_cell(round(($host["status_event_count"]), 2), $host["id"]); +- form_selectable_cell((strlen($_REQUEST["filter"]) ? eregi_replace("(" . preg_quote($_REQUEST["filter"]) . ")", "\\1", $host["hostname"]) : $host["hostname"]), $host["id"]); ++ form_selectable_cell((strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($host["hostname"])) : htmlspecialchars($host["hostname"])), $host["id"]); + form_selectable_cell(round(($host["cur_time"]), 2), $host["id"]); + form_selectable_cell(round(($host["avg_time"]), 2), $host["id"]); + form_selectable_cell(round($host["availability"], 2), $host["id"]); +Index: cacti-0.8.7b/host_templates.php +=================================================================== +--- cacti-0.8.7b.orig/host_templates.php 2011-09-25 11:25:05.754772126 +0200 ++++ cacti-0.8.7b/host_templates.php 2011-09-25 11:30:17.840319681 +0200 +@@ -246,7 +246,7 @@ + $_GET["id"] = 0; + } + +- html_start_box("Host Templates $header_label", "100%", $colors["header"], "3", "center", ""); ++ html_start_box("Host Templates " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", ""); + + draw_edit_form(array( + "config" => array(), +@@ -273,10 +273,10 @@ + ?> +
    +- ) ++ ) + +- Delete ++ Delete +
    +- ) ++ ) + +- Delete ++ Delete +
    + + +
    +- <?php print $graph["title_cache"];?> ++ <?php print htmlspecialchars($graph["title_cache"]);?> + + Zoom Graph
    +@@ -144,7 +144,7 @@ + + + + \n"; ++ print "\n"; + print ""; + } + }elseif ($leaf["host_id"] > 0) { + if ($visible) { +- print "\n"; ++ print "\n"; + print ""; + } + } +@@ -632,9 +632,9 @@ + $data_query_index = $host_group_data_array[2]; + } + +- if (!empty($tree_name)) { $title .= $title_delimeter . "Tree: $tree_name"; $title_delimeter = "-> "; } +- if (!empty($leaf_name)) { $title .= $title_delimeter . "Leaf: $leaf_name"; $title_delimeter = "-> "; } +- if (!empty($host_name)) { $title .= $title_delimeter . "Host: $host_name"; $title_delimeter = "-> "; } ++ if (!empty($tree_name)) { $title .= $title_delimeter . "Tree:" . htmlspecialchars($tree_name); $title_delimeter = "-> "; } ++ if (!empty($leaf_name)) { $title .= $title_delimeter . "Leaf:" . htmlspecialchars($leaf_name); $title_delimeter = "-> "; } ++ if (!empty($host_name)) { $title .= $title_delimeter . "Host:" . htmlspecialchars($host_name); $title_delimeter = "-> "; } + if (!empty($host_group_data_name)) { $title .= $title_delimeter . " $host_group_data_name"; $title_delimeter = "-> "; } + + print "
    +- <?php print $graph["title_cache"];?> ++ <?php print htmlspecialchars($graph["title_cache"]);?> + + Zoom Graph
    +@@ -350,27 +350,27 @@ + function html_create_list($form_data, $column_display, $column_id, $form_previous_value) { + if (empty($column_display)) { + foreach (array_keys($form_data) as $id) { +- print '\n"; ++ print ">" . title_trim(null_out_substitutions(htmlspecialchars($form_data[$id])), 75) . "\n"; + } + }else{ + if (sizeof($form_data) > 0) { + foreach ($form_data as $row) { +- print "\n"; ++ print ">" . title_trim(htmlspecialchars($row[$column_display]), 75) . "\n"; + }else{ +- print ">" . title_trim(null_out_substitutions($row[$column_display]), 75) . "\n"; ++ print ">" . title_trim(null_out_substitutions(htmlspecialchars($row[$column_display])), 75) . "\n"; + } + } + } +Index: cacti-0.8.7b/lib/html_form.php +=================================================================== +--- cacti-0.8.7b.orig/lib/html_form.php 2011-09-25 11:25:05.670771711 +0200 ++++ cacti-0.8.7b/lib/html_form.php 2011-09-25 11:30:17.872319837 +0200 +@@ -67,7 +67,7 @@ + form_alternate_row_color($colors["form_alternate1"], $colors["form_alternate2"], $i, 'row_' . $field_name); + } + +- print "    		\n" . $field_array["friendly_name"] . "
    \n"; ++ print "    		\n" . htmlspecialchars($field_array["friendly_name"]) . "
    \n"; + + if (isset($field_array["sub_checkbox"])) { + form_checkbox($field_array["sub_checkbox"]["name"], $field_array["sub_checkbox"]["value"], +@@ -430,7 +430,7 @@ + $on_change = " onChange='$on_change' "; + } + +- print ""; + + if (!empty($form_none_entry)) { + print "\n"; +Index: cacti-0.8.7b/lib/html_tree.php +=================================================================== +--- cacti-0.8.7b.orig/lib/html_tree.php 2011-09-25 11:25:05.626771498 +0200 ++++ cacti-0.8.7b/lib/html_tree.php 2011-09-25 11:31:15.036603291 +0200 +@@ -231,12 +231,12 @@ + }elseif ($leaf["title"] != "") { + $icon = get_icon($leaf["graph_tree_id"], $leaf["order_key"]); + if ($visible) { +- print "    		$transparent_indent " . $leaf["title"] . " (Add)$transparent_indent " . htmlspecialchars($leaf["title"]) . " (Add)Heading$transparent_indentHost: " . $leaf["hostname"] . " (Edit host)$transparent_indentHost: " . htmlspecialchars($leaf["hostname"]) . " (Edit host)Host
    "; +@@ -889,9 +889,9 @@ + /* print out the actual graph html */ + if (read_graph_config_option("thumbnail_section_tree_1") == "on") { + if (read_graph_config_option("timespan_sel") == "on") { +- print "\n"; ++ print "\n"; + + /* if we are at the end of a row, start a new one */ + if ($graph_counter % read_graph_config_option("num_columns") == 0) { +@@ -909,10 +909,10 @@ + } + }else{ + if (read_graph_config_option("timespan_sel") == "on") { +- print ""; ++ print ""; + print "\n"; + }else{ +- print ""; ++ print ""; + print "\n"; + } + } +Index: cacti-0.8.7b/lib/rrd.php +=================================================================== +--- cacti-0.8.7b.orig/lib/rrd.php 2011-09-25 11:25:05.574771235 +0200 ++++ cacti-0.8.7b/lib/rrd.php 2011-09-25 11:30:17.876319856 +0200 +@@ -1188,7 +1188,7 @@ + + /* either print out the source or pass the source onto rrdtool to get us a nice PNG */ + if (isset($graph_data_array["print_source"])) { +- print "
    " . read_config_option("path_rrdtool") . " graph $graph_opts$graph_defs$txt_graph_items
    "; ++ print "
    " . htmlspecialchars(read_config_option("path_rrdtool") . " graph " . $graph_opts . $graph_defs . $txt_graph_items) . "
    "; + }else{ + if (isset($graph_data_array["export"])) { + rrdtool_execute("graph $graph_opts$graph_defs$txt_graph_items", false, RRDTOOL_OUTPUT_NULL, $rrd_struc); +Index: cacti-0.8.7b/rra.php +=================================================================== +--- cacti-0.8.7b.orig/rra.php 2011-09-25 11:25:06.286774763 +0200 ++++ cacti-0.8.7b/rra.php 2011-09-25 11:30:17.884319899 +0200 +@@ -109,7 +109,7 @@ + + if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) { + include_once("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the round robin archive '" . db_fetch_cell("select name from rra where id=" . $_GET["id"]) . "'?", "rra.php", "rra.php?action=remove&id=" . $_GET["id"]); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the round robin archive '" . htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["id"])) . "'?", htmlspecialchars("rra.php"), htmlspecialchars("rra.php?action=remove&id=" . $_GET["id"])); + exit; + } + +@@ -128,7 +128,7 @@ + + if (!empty($_GET["id"])) { + $rra = db_fetch_row("select * from rra where id=" . $_GET["id"]); +- $header_label = "[edit: " . $rra["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($rra["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -187,7 +187,7 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); $i++; + ?> + + + + + " . +- (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", $user["username"]) : $user["username"]) ++ (strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($user["username"])) : htmlspecialchars($user["username"])) + , $user["id"]); +- form_selectable_cell((strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", $user["full_name"]) : $user["full_name"]), $user["id"]); ++ form_selectable_cell((strlen(get_request_var_request("filter")) ? eregi_replace("(" . preg_quote(get_request_var_request("filter")) . ")", "\\1", htmlspecialchars($user["full_name"])) : htmlspecialchars($user["full_name"])), $user["id"]); + form_selectable_cell($enabled, $user["id"]); + form_selectable_cell($auth_realms[$user["realm"]], $user["id"]); + if ($user["policy_graphs"] == "1") { --- cacti-0.8.7b.orig/debian/patches/official_snmp_auth_none_notice.patch +++ cacti-0.8.7b/debian/patches/official_snmp_auth_none_notice.patch @@ -0,0 +1,11 @@ +diff -ruBbd cacti-0.8.7b/lib/snmp.php cacti-0.8.7b-patched/lib/snmp.php +--- cacti-0.8.7b/lib/snmp.php 2008-02-11 19:57:48.000000000 -0500 ++++ cacti-0.8.7b-patched/lib/snmp.php 2008-02-29 20:53:00.000000000 -0500 +@@ -225,6 +225,7 @@ + function cacti_snmp_walk($hostname, $community, $oid, $version, $username, $password, $auth_proto, $priv_pass, $priv_proto, $context, $port = 161, $timeout = 500, $retries = 0, $environ = SNMP_POLLER) { + global $config; + ++ $snmp_auth = ''; + $snmp_array = array(); + $temp_array = array(); + --- cacti-0.8.7b.orig/debian/patches/01_config.php.patch +++ cacti-0.8.7b/debian/patches/01_config.php.patch @@ -0,0 +1,24 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_config.php.dpatch by +## +## DP: modify the default config.php to include authentication info from +## DP: debian.php, which can be managed by debconf/ucf + +@DPATCH@ +Index: cacti-0.8.7~beta4/include/config.php +=================================================================== +--- cacti-0.8.7~beta4.orig/include/config.php 2007-10-09 20:01:12.000000000 +0200 ++++ cacti-0.8.7~beta4/include/config.php 2007-10-09 20:02:48.000000000 +0200 +@@ -24,11 +24,7 @@ + + /* make sure these values refect your actual database/host/user/password */ + $database_type = "mysql"; +-$database_default = "cacti"; +-$database_hostname = "localhost"; +-$database_username = "cactiuser"; +-$database_password = "cactiuser"; +-$database_port = "3306"; ++require('/etc/cacti/debian.php'); + + /* Default session name - Session name must contain alpha characters */ + #$cacti_session_name = "Cacti"; --- cacti-0.8.7b.orig/debian/patches/08_CVE-2009-4032.patch +++ cacti-0.8.7b/debian/patches/08_CVE-2009-4032.patch @@ -0,0 +1,101 @@ +--- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7b/graph.php 2009-11-21 23:10:16.000000000 -0500 +@@ -35,6 +35,8 @@ + /* ================= input validation ================= */ + input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); + input_validate_input_number(get_request_var("local_graph_id")); ++input_validate_input_number(get_request_var("graph_end")); ++input_validate_input_number(get_request_var("graph_start")); + input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); + /* ==================================================== */ + +--- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7b/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500 +@@ -58,7 +58,7 @@ + if ($_SESSION["custom"]) { + print "\r\n"; + }else{ +- print "\r\n"; ++ print "\r\n"; + } + } + ?> +@@ -113,7 +113,7 @@ + + + + + +- + --- cacti-0.8.7b.orig/debian/patches/series +++ cacti-0.8.7b/debian/patches/series @@ -0,0 +1,14 @@ +01_config.php.patch +05_no-adodb.patch +06_config_settings.php_cactid_path.patch +07_php_self_nonstandard_dir.patch +official_invalid-upgrade-path.patch +official_snmp_auth_none_notice.patch +08_CVE-2009-4032.patch +official_sql_injection_template_export.patch +CVE-2010-2092.patch +CVE-2010-1644.patch +CVE-2010-1645.patch +CVE-2010-2543.patch +CVE-2010-2545.patch +CVE-2011-4824.patch --- cacti-0.8.7b.orig/debian/patches/official_invalid-upgrade-path.patch +++ cacti-0.8.7b/debian/patches/official_invalid-upgrade-path.patch @@ -0,0 +1,12 @@ +--- cacti-0.8.7b/install/index.php 2008-02-11 18:57:48.000000000 -0600 ++++ cacti-0.8.7b-patched/install/index.php 2008-03-03 20:45:43.000000000 -0600 +@@ -27,7 +27,8 @@ + /* allow the upgrade script to run for as long as it needs to */ + ini_set("max_execution_time", "0"); + +-$cacti_versions = array("0.8", "0.8.1", "0.8.2", "0.8.2a", "0.8.3", "0.8.3a", "0.8.4", "0.8.5", "0.8.5a", "0.8.6", "0.8.6a", "0.8.6b", "0.8.6c", "0.8.6d", "0.8.6e", "0.8.6f", "0.8.6g", "0.8.6h", "0.8.6i", "0.8.6j", "0.8.7", "0.8.7a", "0.8.7b"); ++$cacti_versions = array("0.8", "0.8.1", "0.8.2", "0.8.2a", "0.8.3", "0.8.3a", "0.8.4", "0.8.5", "0.8.5a", "0.8.6", "0.8.6a", "0.8.6b", "0.8.6c", "0.8.6d", "0.8.6e", "0.8.6f", "0.8.6g", "0.8.6h", "0.8.6i", "0.8.6j", "0.8.6k", "0.8.7", "0.8.7a", "0.8.7b"); ++ + + $old_cacti_version = db_fetch_cell("select cacti from version"); + --- cacti-0.8.7b.orig/debian/patches/CVE-2011-4824.patch +++ cacti-0.8.7b/debian/patches/CVE-2011-4824.patch @@ -0,0 +1,55 @@ +Description: Fixes SQL injection vulnerability in auth_login.php that allows + remote attackers to execute arbitrary SQL commands via the login_username + parameter. +Origin: http://svn.cacti.net/viewvc/cacti/branches/0.8.7/auth_login.php?r1=6807&r2=6806&pathrev=6807 +Bug-Debian: http://bugs.debian.org/652371 + +Index: cacti/auth_login.php +=================================================================== +--- cacti.orig/auth_login.php 2011-12-18 13:15:51.073570988 +0700 ++++ cacti/auth_login.php 2011-12-18 13:15:39.029511261 +0700 +@@ -74,7 +74,7 @@ + $user_auth = true; + $realm = 2; + /* Locate user in database */ +- $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND realm = 2"); ++ $user = db_fetch_row("SELECT * FROM user_auth WHERE username = " . $cnn_id->qstr($username) . " AND realm = 2"); + break; + + case "3": +@@ -108,7 +108,7 @@ + $realm = 1; + /* Locate user in database */ + cacti_log("LOGIN: LDAP User '" . $username . "' Authenticated", false, "AUTH"); +- $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND realm = 1"); ++ $user = db_fetch_row("SELECT * FROM user_auth WHERE username = " . $cnn_id->qstr($username) . " AND realm = 1"); + }else{ + /* error */ + cacti_log("LOGIN: LDAP Error: " . $ldap_auth_response["error_text"], false, "AUTH"); +@@ -125,7 +125,7 @@ + /* Builtin Auth */ + if ((!$user_auth) && (!$ldap_error)) { + /* if auth has not occured process for builtin - AKA Ldap fall through */ +- $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND password = md5('" . get_request_var_post("login_password") . "') AND realm = 0"); ++ $user = db_fetch_row("SELECT * FROM user_auth WHERE username = " . $cnn_id->qstr($username) . " AND password = '" . md5(get_request_var_post("login_password")) . "' AND realm = 0"); + } + } + /* end of switch */ +@@ -138,7 +138,7 @@ + /* template user found */ + user_copy(read_config_option("user_template"), $username, 0, $realm); + /* requery newly created user */ +- $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND realm = " . $realm); ++ $user = db_fetch_row("SELECT * FROM user_auth WHERE username = " . $cnn_id->qstr($username) . " AND realm = " . $realm); + }else{ + /* error */ + cacti_log("LOGIN: Template user '" . read_config_option("user_template") . "' does not exist.", false, "AUTH"); +@@ -166,7 +166,7 @@ + /* Process the user */ + if (sizeof($user) > 0) { + cacti_log("LOGIN: User '" . $user["username"] . "' Authenticated", false, "AUTH"); +- db_execute("INSERT INTO user_log (username,user_id,result,ip,time) VALUES ('" . $username ."'," . $user["id"] . ",1,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())"); ++ db_execute("INSERT INTO user_log (username,user_id,result,ip,time) VALUES (" . $cnn_id->qstr($username) ."," . $user["id"] . ",1,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())"); + /* is user enabled */ + $user_enabled = $user["enabled"]; + if ($user_enabled != "on") { --- cacti-0.8.7b.orig/debian/patches/06_config_settings.php_cactid_path.patch +++ cacti-0.8.7b/debian/patches/06_config_settings.php_cactid_path.patch @@ -0,0 +1,53 @@ +Index: cacti-0.8.7/include/global_settings.php +=================================================================== +--- cacti-0.8.7.orig/include/global_settings.php 2007-10-24 00:43:09.000000000 +0200 ++++ cacti-0.8.7/include/global_settings.php 2007-10-24 20:36:59.000000000 +0200 +@@ -94,9 +94,9 @@ + ), + "path_cactilog" => array( + "friendly_name" => "Cacti Log File Path", +- "description" => "The path to your Cacti log file (if blank, defaults to /log/cacti.log)", ++ "description" => "The path to your Cacti log file (if blank, defaults to /var/log/cacti/cacti.log)", + "method" => "filepath", +- "default" => $config["base_path"] . "/log/cacti.log", ++ "default" => "/var/log/cacti/cacti.log", + "max_length" => "255" + ), + "pollerpaths_header" => array( +@@ -105,8 +105,9 @@ + ), + "path_spine" => array( + "friendly_name" => "Spine Poller File Path", +- "description" => "The path to Spine binary.", ++ "description" => "The path to Spine binary (if blank, defaults to /usr/sbin/spine).", + "method" => "filepath", ++ "default" => "/usr/sbin/spine", + "max_length" => "255" + ) + ), +Index: cacti-0.8.7/include/global.php +=================================================================== +--- cacti-0.8.7.orig/include/global.php 2007-10-24 20:36:59.000000000 +0200 ++++ cacti-0.8.7/include/global.php 2007-10-24 20:36:59.000000000 +0200 +@@ -86,7 +86,7 @@ + $config["base_path"] = strtr(ereg_replace("(.*)[\/\\]include", "\\1", dirname(__FILE__)), "\\", "/"); + $config["library_path"] = ereg_replace("(.*[\/\\])include", "\\1lib", dirname(__FILE__)); + $config["include_path"] = dirname(__FILE__); +-$config["rra_path"] = $config["base_path"] . '/rra'; ++$config["rra_path"] = '/var/lib/cacti/rra'; + + /* colors */ + $colors["dark_outline"] = "454E53"; +Index: cacti-0.8.7/install/index.php +=================================================================== +--- cacti-0.8.7.orig/install/index.php 2007-10-24 20:39:15.000000000 +0200 ++++ cacti-0.8.7/install/index.php 2007-10-24 20:39:42.000000000 +0200 +@@ -244,7 +244,7 @@ + if (config_value_exists("path_cactilog")) { + $input["path_cactilog"]["default"] = read_config_option("path_cactilog"); + } else { +- $input["path_cactilog"]["default"] = $config["base_path"] . "/log/cacti.log"; ++ $input["path_cactilog"]["default"] = "/var/log/cacti/cacti.log"; + } + + /* SNMP Version */ --- cacti-0.8.7b.orig/debian/po/fi.po +++ cacti-0.8.7b/debian/po/fi.po @@ -0,0 +1,38 @@ +msgid "" +msgstr "" +"Project-Id-Version: cacti\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-07-25 21:48+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fi\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Kaikki, Muu" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Verkkopalvelimen tyyppi:" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Valitse verkkopalvelin, jota cactin tulisi käyttää." + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Valitse ”Muu”, jos verkkopalvelimen asetukset halutaan tehdä käsin." --- cacti-0.8.7b.orig/debian/po/pt_BR.po +++ cacti-0.8.7b/debian/po/pt_BR.po @@ -0,0 +1,270 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-03-25 21:33-0300\n" +"Last-Translator: André Luís Lopes \n" +"Language-Team: Debian-BR Project\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Todos, Nenhum" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Tipo do servidor Web" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Que tipo de servidor Web deve ser utilizado pelo cacti ?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "" +"Selecione \"Nenhum\" caso você queira configurar seu servidor Web " +"manualmente." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "A instalação e atualização do MySQL deve ser feita manualmente!" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "No momento o suporte para atualização automática da base de dados mysql " +#~ "do cacti está desabilitado. Por favor veja o motivo e o que você " +#~ "necessitará fazer para instalar ou atualizar o cacti em /usr/share/doc/" +#~ "cacti/README.Debian.gz." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Note que você ainda será perguntado sobre informações relevantes, que " +#~ "serão usadas para gerar os arquivos de configuração corretamente." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "Mudanças na estrutura de base de dados na configuração do cacti" + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Você está atualizando a partir de uma versão pré 0.8.x. Infelizmente, sua " +#~ "base de dados antiga não funcionará com a última versão do cacti. Por " +#~ "favor veja /usr/share/doc/cacti/README.Debian.gz para ver quais são suas " +#~ "opções." + +#~ msgid "MySQL server host name" +#~ msgstr "Nome do host MySQL" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "" +#~ "Por favor, informe o nome da máquina que hospeda o banco de dados do " +#~ "cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Nome do banco de dados para o cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Por favor, informe o nome da base de dados do cacti. O cacti irá gravar e " +#~ "ler os dados nessa base." + +#~ msgid "MySQL administrator username" +#~ msgstr "Nome do usuário administrador do MySQL" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Por favor, informe o nome do usuário administrador do MySQL (necessário " +#~ "para a criação da base de dados)." + +#~ msgid "MySQL administrator password" +#~ msgstr "Senha do administrador do MySQL" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "" +#~ "Informe \"none\" caso não exista uma senha para administração do MySQL." + +#~ msgid "Cacti database username" +#~ msgstr "Nome do usuário da base de dados do cacti" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Por favor, informe o nome que será usado para conexão com a base de dados " +#~ "do cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Senha do usuário cacti" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Por favor, informe uma senha para o usuário da base de dados do Cacti (a " +#~ "senha padrão é \"cacti\")." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Você deseja remover a base de dados quando o pacote for removido ?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Aceite esta opção caso você queira que a base de dados e o usuário " +#~ "correspondente sejam removidos quando o pacote for removido." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Confirmação da senha do administrador do MySQL" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Por favor, confirme a senha do administrador do MySQL." + +#~ msgid "Error" +#~ msgstr "Erro" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "As senhas não conferem. Por favor, informe a senha novamente !" + +#~ msgid "Store the MySQL admin password" +#~ msgstr "Gravar a senha do administrador do MySQL" + +#~ msgid "" +#~ "To update the cacti database automaticlly during a package upgrade the " +#~ "MySQL admin password must be safed in the debconf database. This is a " +#~ "security risk!!!" +#~ msgstr "" +#~ "Para atualizar a base de dados do cacti automaticamente durante a " +#~ "atualização do pacote, a senha do administrador do MySQL deve ser " +#~ "armazenada na base de dados do debconf. Isso é um risco de segurança !!!" + +#~ msgid "" +#~ "If the password is not stored in the database it will asked everytime!" +#~ msgstr "" +#~ "Caso a senha não seja armazenada na base de dados, a mesma será " +#~ "requisitada novamente a toda hora !" + +#~ msgid "MySQL server not found" +#~ msgstr "Servidor MySQL não encontrado" + +#~ msgid "" +#~ "You entered \"localhost\" as MySQL server but I can't find any server " +#~ "installed on localhost. Either install the mysql-server package or run " +#~ "\"dpkg-reconfigure cacti\" in order to change the MySQL server host." +#~ msgstr "" +#~ "Você informou \"localhost\" como servidor MySQL mas nenhum servidor foi " +#~ "encontrado instalado localmente. Instale o pacote mysql-server ou execute " +#~ "o comando \"dpkg-reconfigure cacti\" para modificar o host onde o MySQL " +#~ "se encontra." + +#~ msgid "No MySQL server on localhost" +#~ msgstr "Não existe um servidor MySQL na máquina local" + +#~ msgid "No MySQL server has been found on localhost." +#~ msgstr "Nenhum servidor MySQL foi encontrado na máquina local." + +#~ msgid "/var/cache/cacti/dumps" +#~ msgstr "/var/cache/cacti/dumps" + +#~ msgid "Where should the existing database be saved during an upgrade?" +#~ msgstr "" +#~ "Onde as base de dados existentes devem ser salvas durante uma " +#~ "atualização ?" + +#~ msgid "" +#~ "During a database upgrade, the existing database will first be copied to " +#~ "a separate directory location so that you are able to go back to the " +#~ "previous version of Cacti in case of upgrade problems." +#~ msgstr "" +#~ "Durante uma atualização de base de dados, a base de dados existente será " +#~ "primeiro copiada para um diretório separado de forma que você possa " +#~ "voltar a versão anterior do Cacti em caso de problemas durante a " +#~ "atualização." + +#~ msgid "" +#~ "You must specify the pathname of a directory which will have the capacity " +#~ "to receive this dump file. The dump will be created in that directory as " +#~ "a file called cacti-${DATE}.dump." +#~ msgstr "" +#~ "Você deve especificar o caminho do diretório que possui a capacidade de " +#~ "receber este arquivo de dump da base de dados. O dump será criado nesse " +#~ "diretório como um arquivo de nome cacti-${DATE}.dump." + +#~ msgid "Select the desired default poller." +#~ msgstr "Selecione o poller padrão desejado." + +#~ msgid "" +#~ "A poller is a program that collect all datas for the cacti database and " +#~ "graphics." +#~ msgstr "" +#~ "Um poller é um programa que coleta todos os dados para a base de dados do " +#~ "cacti e para os gráficos." + +#~ msgid "" +#~ "Only on poller can collect informations, but multiple poller packages are " +#~ "installed. Please select which poller should run by default." +#~ msgstr "" +#~ "Somente um poller pode coletar informações, mas diversos pacotes de " +#~ "pollers estão instalados. Por favor, selecione qual poller deverá ser " +#~ "executado por padrão." + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. You must backup your current " +#~ "cacti database, and replace it with the new database structure. Please " +#~ "read the available documentation and change your database accordingly." +#~ msgstr "" +#~ "Você está atualizando a partir de uma versão anterior à versão 0.8.x. " +#~ "Você deve fazer o backup de sua base de dados cacti atual e substituí-la " +#~ "pela nova estrutura de base de dados. Por favor, leia a documentação " +#~ "disponível e mude sua base de dados de acordo com a mesma." + +#~ msgid "" +#~ "Automatically converting your setup is unfortunately impossible. You will " +#~ "have to do it yourself." +#~ msgstr "" +#~ "Infelizmente, é impossível converter sua configuração automaticamente. " +#~ "Você deverá fazê-lo manualmente." + +#~ msgid "" +#~ "Cacti will probably be unable to use the existing database and restart " +#~ "collecting your systems." +#~ msgstr "" +#~ "O cacti não será capaz de utilizar a base de dados existente e reiniciar " +#~ "a coletagem de seus sistemas." --- cacti-0.8.7b.orig/debian/po/vi.po +++ cacti-0.8.7b/debian/po/vi.po @@ -0,0 +1,163 @@ +# Vietnamese translation for cacti. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.6d-1\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-06-12 20:42+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: vi\n" +"Plural-Forms: nplurals=1; plural=0\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Tất cả, Không có" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Loại trình phục vụ Mạng" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Trình cacti sẽ dùng trình phục vụ Mạng loại nào?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Hãy chọn «Không có» nếu bạn muốn tự cấu hình trình phục vụ Mạng." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "• Cần phải tự cài đặt và nâng cập MySQL. •" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "Hiện thời, tính năng tự động nâng cấp cơ sở dữ liệu MySQL cacti bị tắt. " +#~ "Hãy xem lý do căn bản, và phương pháp cài đặt hay nâng cấp trình cacti, " +#~ "trong tập tin «/usr/share/doc/cacti/README.Debian.gz»." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Hãy ghi chú: trình này sẽ còn nhắc bạn nhập thông tin liên quan, mà sẽ " +#~ "được dùng để tạo ra những tập tin cấu hình thích hợp." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "Thay đổi cấu trúc cơ sở dữ liệu trong cấu hình cacti" + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Lúc này bạn nâng cấp từ một phiên bản trước 0.8.x. Tiếc là cơ sở dữ liệu " +#~ "cũ của bạn sẽ không hoạt động với phiên bản cacti mới nhất. Hãy xem tập " +#~ "tin «/usr/share/doc/cacti/README.Debian.gz» để tìm tùy chọn." + +#~ msgid "MySQL server host name" +#~ msgstr "Tên máy của máy phục vụ MySQL" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "Hãy nhập tên máy của máy hỗ trợ cơ sở dữ liệu cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Tên cơ sở dữ liệu cho cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Hãy nhập tên cơ sở dữ liệu cacti. Trình cacti sẽ lưu dữ liệu vào đó, và " +#~ "gọi dữ liệu từ đó." + +#~ msgid "MySQL administrator username" +#~ msgstr "Tên người dùng của quản trị MySQL" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "Hãy nhập tên quản trị MySQL (cần thiết để tạo cơ sở dữ liệu cacti)." + +#~ msgid "MySQL administrator password" +#~ msgstr "Mật khẩu quản trị MySQL" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "Hãy nhập «none» (không có) nếu không dùng mật khẩu để quản lý MySQL." + +#~ msgid "Cacti database username" +#~ msgstr "Tên người dùng cơ sở dữ liệu cacti" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "Hãy nhập tên sẽ được dùng để kết nối đến cơ sở dữ liệu cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Mật khẩu người dùng cacti" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Hãy nhập một mật khẩu cho người dùng cơ sở dữ liệu cacti (mặc định là " +#~ "«cacti»)." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Bạn có muốn xóa bỏ cơ sở dữ liệu khi tẩy gói tin này không?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Hãy chấp nhận tùy chọn này, nếu bạn muốn xóa bỏ cơ sở dữ liệu và người " +#~ "dùng tương ứng, khi tẩy gói tin này." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Xác nhận mật khẩu quản trị MySQL" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Hãy xác nhận mật khẩu cho quản trị MySQL." + +#~ msgid "Error" +#~ msgstr "Lỗi" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "Hai mật khẩu không khớp được. Hãy nhập lại." + +#~ msgid "Store the MySQL admin password" +#~ msgstr "Lưu mật khẩu quản trị MySQL" + +#~ msgid "" +#~ "To update the cacti database automaticlly during a package upgrade the " +#~ "MySQL admin password must be safed in the debconf database. This is a " +#~ "security risk!!!" +#~ msgstr "" +#~ "Để tự động cập nhật cơ sở dữ liệu cacti trong khi nâng cấp gói tin, cần " +#~ "phải lưu mật khẩu quản trị MySQL vào cơ sở dữ liệu debconf. • Làm như thế " +#~ "rủi ro bảo mật. •" + +#~ msgid "" +#~ "If the password is not stored in the database it will asked everytime!" +#~ msgstr "" +#~ "Tuy nhiên, nếu mật khẩu ấy không được lưu trong cơ sở dữ liệu, trình cấu " +#~ "hình sẽ nhắc bạn nhập nó mỗi lúc cần thiết." --- cacti-0.8.7b.orig/debian/po/sv.po +++ cacti-0.8.7b/debian/po/sv.po @@ -0,0 +1,161 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.6g-1\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-11-12 00:07+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sv\n" +"X-Poedit-Language: swe\n" +"X-Poedit-Country: swe\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Alla, Ingen" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Webbserver-typ" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Vilken typ av webbserver ska användas för cacti?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Välj \"Ingen\" om du vill konfigurera din webbserver på egen hand." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "MySQL-installationer och uppgraderingar måste göras manuellt!" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "För närvarande är stöd för automatisk uppgradering av cactis MySQL-" +#~ "databas avstängd. Vänligen se rationale och vad du behöver göra för att " +#~ "antingen installera eller uppgradera cacti i /usr/share/doc/cacti/README." +#~ "Debian.gz." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Notera att du kommer fortfarande att frågas efter relevant information " +#~ "som kommer att användas för att generera passande konfigurationsfiler." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "Ändringar i databasstrukturen i cacti-konfigurationen" + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Du uppgraderar från en version före 0.8.x. Tyvärr kommer din gamla " +#~ "databas inte att fungera med den senaste versionen av cacti. Vänligen se /" +#~ "usr/share/doc/cacti/README.Debian.gz för information vad du kan göra." + +#~ msgid "MySQL server host name" +#~ msgstr "Värdnamnet för MySQL-servern" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "Ange namnet på den maskin som är värd för cacti-databasen." + +#~ msgid "Database name for cacti" +#~ msgstr "Databasnamn för cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Ange namnet för cacti-databasen. Cacti kommer att lagra och hämta data " +#~ "där." + +#~ msgid "MySQL administrator username" +#~ msgstr "MySQL-administratörens användarnamn" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Ange MySQL-administratörens namn (behövs för att skapa cacti-databasen)." + +#~ msgid "MySQL administrator password" +#~ msgstr "MySQL-administratörens lösenord" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "" +#~ "Ange \"none\" om det inte finns något lösenord för MySQL-administration." + +#~ msgid "Cacti database username" +#~ msgstr "Användarnamn för Cacti-databasen" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Vänligen ange namnet som ska användas för att ansluta till cacti-" +#~ "databasen." + +#~ msgid "Cacti user password" +#~ msgstr "Lösenord för Cacti-användaren" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Ange ett lösenord för databasanvändaren för Cacti (standard är \"cacti\")." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Vill du rensa databasen när paketet rensas (avinstalleras)?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Acceptera här om du vill tömma databasen och dess respektive användare " +#~ "när paketet rensas." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Bekräfta MySQL-administratörens lösenord" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Vänligen bekräfta lösenordet för MySQL-administratören." + +#~ msgid "Error" +#~ msgstr "Fel" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "" +#~ "Lösenordet och dess bekräftelse stämde inte överens. Vänligen ange " +#~ "lösenordet igen!" --- cacti-0.8.7b.orig/debian/po/cs.po +++ cacti-0.8.7b/debian/po/cs.po @@ -0,0 +1,158 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.6f-1\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-07-06 16:30+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: cs\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Všechny, Žádný" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Typ webového serveru" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Jaký typ webového serveru použít pro cacti?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Pokud chcete nastavit webový server ručně, vyberte \"Žádný\"." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "Instalace a aktualizace serveru MySQL musí být provedeny ručně!" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "Prozatím bude podpora pro automatické aktualizace MySQL databáze cacti " +#~ "zakázána. Důvody tohoto rozhodnutí a návod, jak instalovat či " +#~ "aktualizovat cacti, jsou uloženy v souboru /usr/share/doc/cacti/README." +#~ "Debian.gz." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Poznámka: budete dotázáni na podstatné informace, které se použijí pro " +#~ "vytvoření odpovídajících konfiguračních souborů." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "Změny databázové struktury v konfiguraci cacti" + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Aktualizujete z dřívější verze než 0.8.x. Bohužel, vaše současná databáze " +#~ "nebude pracovat s poslední verzí programu cacti. Vaše dostupné možnosti " +#~ "naleznete v souboru /usr/share/doc/cacti/README.Debian.gz." + +#~ msgid "MySQL server host name" +#~ msgstr "Jméno počítače s MySQL serverem" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "" +#~ "Zadejte prosím jméno počítače, na kterém bude umístěna databáze cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Jméno databáze programu cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Zadejte prosím jméno databáze programu cacti. Cacti zde bude ukládat a " +#~ "poté načítat svá data." + +#~ msgid "MySQL administrator username" +#~ msgstr "Uživatelské jméno administrátora MySQL" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Zadejte prosím jméno administrátora databáze MySQL (nutné pro vytvoření " +#~ "databáze cacti)." + +#~ msgid "MySQL administrator password" +#~ msgstr "Heslo administrátora MySQL" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "Pokud heslo pro správu MySQL nepoužíváte, zadejte \"none\"." + +#~ msgid "Cacti database username" +#~ msgstr "Uživatelské jméno databáze Cacti" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Zadejte prosím jméno, které se použije pro připojení k databázi cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Heslo uživatele Cacti" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Zadejte prosím heslo pro databázového uživatele Cacti (výchozí je \"cacti" +#~ "\")." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Přejete si odstranit databázi při smazání balíčku?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Budete-li zde souhlasit, bude při odstranění balíčku smazána databáze a " +#~ "odpovídající uživatel." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Potvrzení hesla administrátora MySQL" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Zadejte prosím pro potvrzení heslo administrátora MySQL." + +#~ msgid "Error" +#~ msgstr "Chyba" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "Hesla nesouhlasí. Zadejte je prosím znovu!" --- cacti-0.8.7b.orig/debian/po/ru.po +++ cacti-0.8.7b/debian/po/ru.po @@ -0,0 +1,44 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2008. +msgid "" +msgstr "" +"Project-Id-Version: ru\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-07-27 10:06+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ru\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" +"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, все, не нужно" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Веб-сервер:" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Какой веб-сервер нужно использовать для cacti?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Выберите \"не нужно\", если хотите настроить веб-сервер вручную." --- cacti-0.8.7b.orig/debian/po/es.po +++ cacti-0.8.7b/debian/po/es.po @@ -0,0 +1,184 @@ +# cacti po-debconf translation to Spanish +# Copyright (C) 2005 Software in the Public Interest +# This file is distributed under the same license as the cacti package. +# +# Changes: +# - Initial translation +# César Gómez Martín +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: cacti\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-08-29 18:36+0100\n" +"Last-Translator: César Gómez Martín \n" +"Language-Team: Debian l10n spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" +"X-Poedit-Language: Spanish\n" +"X-Poedit-Country: SPAIN\n" +"X-Poedit-SourceCharset: utf-8\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Todos, Ninguno" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Tipo de servidor web" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "¿Qué tipo de servidor web quiere usar con cacti?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Seleccione «Ninguno» si quiere configurar su servidor web manualmente." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "" +#~ "¡Las instalaciones y actualizaciones de MySQL se deben hacer de forma " +#~ "manual!" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "Por ahora el soporte para la actualización automática de la base de datos " +#~ "MySQL de Cacti se ha deshabilitado. Por favor, consulte en /usr/share/doc/" +#~ "cacti/README.Debian.gz los motivos y lo que necesita para instalar o " +#~ "actualizar Cacti." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Tenga en cuenta que todavía se le preguntará sobre la información " +#~ "relevante que se usará para generar los ficheros de configuración " +#~ "apropiados. " + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "" +#~ "Cambios de la estructura de la base de datos en la configuración de cacti." + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Está actualizando desde una versión previa a 0.8.x. Desafortunadamente su " +#~ "vieja base de datos no funcionará con la última versión de Cacti. Por " +#~ "favor, lea /usr/share/doc/cacti/README.Debian.gz para ver las distintas " +#~ "opciones de las que dispone." + +#~ msgid "MySQL server host name" +#~ msgstr "Nombre de máquina del servidor MySQL" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "" +#~ "Por favor, introduzca el nombre de la máquina en la que está la base de " +#~ "datos de Cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Nombre de la base de datos para cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Por favor, introduzca el nombre de la base de datos de Cacti. Cacti " +#~ "almacenará y obtendrá datos de ella." + +#~ msgid "MySQL administrator username" +#~ msgstr "Nombre de usuario del administrador de MySQL" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Por favor, introduzca el nombre del administrador de MySQL (se necesita " +#~ "para la creación de la base de datos de Cacti)." + +#~ msgid "MySQL administrator password" +#~ msgstr "Contraseña del administrador de MySQL" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "" +#~ "Introduzca «none» si no hay ninguna contraseña para la administración de " +#~ "MySQL." + +#~ msgid "Cacti database username" +#~ msgstr "Nombre de usuario de la base de datos de Cacti" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Por favor, introduzca el nombre que se usará para conectar a la base de " +#~ "datos de Cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Contraseña del usuario de Cacti" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Por favor, introduzca una contraseña para el usuario de la base de datos " +#~ "de Cacti (por omisión «cacti»)." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "¿Quiere purgar la base de datos cuando se purge el paquete?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Responda afirmativamente si quiere eliminar la base de datos y el usuario " +#~ "correspondiente cuando se purge el paquete." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Confirmación de la contraseña del administrador de MySQL" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Por favor, confirme la contraseña para el administrador de MySQL." + +#~ msgid "Error" +#~ msgstr "Error" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "" +#~ "La contraseña y su confirmación no coinciden. ¡Por favor, introdúzcala " +#~ "nuevamente!" --- cacti-0.8.7b.orig/debian/po/gl.po +++ cacti-0.8.7b/debian/po/gl.po @@ -0,0 +1,40 @@ +# Galician translation of cacti's debconf templates +# This file is distributed under the same license as the cacti package. +# Jacobo Tarrio , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-08-01 23:26+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: gl\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Todos, Ningún" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Tipo de servidor web" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "¿Que tipo de servidor web debe empregar cacti?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Escolla \"Ningún\" se quere configurar o servidor web á man." --- cacti-0.8.7b.orig/debian/po/pt.po +++ cacti-0.8.7b/debian/po/pt.po @@ -0,0 +1,158 @@ +# Portuguese translation of cacti's debconf messages. +# 2005, Luís Ferreira +# +# 01-11-2005 - Luís Ferreira - Initial translation +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.6g-2\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-11-01 12:08+0100\n" +"Last-Translator: Luís Ferreira \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pt\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Todos, Nenhum" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Tipo de servidor web" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Que tipo de servidor web deve o cacti usar?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Selecione \"Nenhum\" se desejar configurar o seu servidor web á mão." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "" +#~ "As instalações e actualizações de MySQL devem ser feitas manualmente!" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ "Por enquanto o suporte para a actualização automática da base de dados " +#~ "MySQL do cacti foi desactivado. Por favor veja o que precisa de fazer " +#~ "para instalar ou actualizar o cacti em /usr/share/doc/cacti/README.Debian." +#~ "gz." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Note que ainda lhe vai ser pedida a informação relevante, que será usada " +#~ "para gerar ficheiros de configuração apropriados." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "A estrutura da base de dados foi alterada na configuração do cacti." + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Você está a actualizar de uma versão anterior a 0.8.x. Infelizmente a sua " +#~ "base de dados antiga não vai funcionar com a última versão do cacti. Veja " +#~ "quais as suas opções em /usr/share/doc/cacti/README.Debian.gz." + +#~ msgid "MySQL server host name" +#~ msgstr "Nome do servidor anfitrião do MySQL." + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "" +#~ "Por favor introduza o nome da máquina que está a hospedar a base de dados " +#~ "do cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Nome da base de dados para o cacti" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Por favor introduza o nome da base de dados do cacti. O cacti vai guardar " +#~ "e buscar dados daí." + +#~ msgid "MySQL administrator username" +#~ msgstr "Nome de utilizador do administrador de MySQL" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Por favor introduza o nome de utilizador do administrador de MySQL " +#~ "(necessário para a criação da base de dados do cacti)." + +#~ msgid "MySQL administrator password" +#~ msgstr "Palavra chave do administrador de MySQL." + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "" +#~ "Introduza \"none\" se não existir palavra chave para a administração de " +#~ "MySQL." + +#~ msgid "Cacti database username" +#~ msgstr "Utilizador da base de dados do cacti" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Por favor introduza o nome que será usado para ligar à base de dados do " +#~ "cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Palavra chave do utilizador de Cacti" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Por favor introduza uma palavra chave para o utilizador da base de dados " +#~ "do Cacti (por omissão é \"cacti\")." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "" +#~ "Deseja remover a base de dados quando remover as configurações do pacote?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Aceite aqui se desejar perder a base de dados e o utilizador " +#~ "correspondente quando remover as configurações do pacote." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Confirmação da palavra chave do administrador de MySQL" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Por favor confirme a palavra chave do administrador de MySQL." + +#~ msgid "Error" +#~ msgstr "Erro" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "" +#~ "A palavra chave e a sua confirmação não coincidem. Por favor reintroduza " +#~ "a palavra chave." --- cacti-0.8.7b.orig/debian/po/eu.po +++ cacti-0.8.7b/debian/po/eu.po @@ -0,0 +1,42 @@ +# translation of cacti-eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2008. +msgid "" +msgstr "" +"Project-Id-Version: cacti-eu\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-05-05 13:43+0200\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Denak, Batez" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Webzerbitzari mota" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Zein web zerbitzari mota erabili behar du cactik?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "\"Batez\" hautatu web zerbitzaria eskuz konfiguratu nahi baduzu." --- cacti-0.8.7b.orig/debian/po/de.po +++ cacti-0.8.7b/debian/po/de.po @@ -0,0 +1,46 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.6g\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-12-29 14:02+0100\n" +"Last-Translator: Mathias Klein \n" +"Language-Team: Deutsch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, alle, keiner" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Webserver" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Welche Art von Webserver soll von Cacti verwendet werden?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "" +"Wählen Sie »keiner«, wenn Sie den Webserver von Hand konfigurieren wollen." --- cacti-0.8.7b.orig/debian/po/tr.po +++ cacti-0.8.7b/debian/po/tr.po @@ -0,0 +1,42 @@ +# Turkish translation of cacti debconf template. +# Copyright (C) 2008 +# This file is distributed under the same license as the cacti package. +# Mert Dirik , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.7b-2\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-07-18 23:27+0200\n" +"Last-Translator: Mert Dirik \n" +"Language-Team: Debian L10n Turkish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Hepsi, Hiçbiri" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Web sunucusunun türü" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Cacti hangi tür bir web sunucusu kullanmalı?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "" +"Eğer web sunucunuzu elinizle yapılandırmak istiyorsanız \"Hiçbiri\"ni seçin." --- cacti-0.8.7b.orig/debian/po/POTFILES.in +++ cacti-0.8.7b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] cacti.templates --- cacti-0.8.7b.orig/debian/po/ja.po +++ cacti-0.8.7b/debian/po/ja.po @@ -0,0 +1,41 @@ +# Copyright (C) 2008 Sean Finney +# as cacti Debian package's copyright holder. +# This file is distributed under the same license as the cacti package. +# Hideki Yamane (Debian-JP) , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.7b-2\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2008-07-31 11:21+0200\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ja\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, すべて, どれでもない" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "ウェブサーバの種類" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "どのウェブサーバで cacti を使いますか?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "ウェブサーバを手動で設定したい場合は「どれでもない」を選んでください。" --- cacti-0.8.7b.orig/debian/po/templates.pot +++ cacti-0.8.7b/debian/po/templates.pot @@ -0,0 +1,41 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "" --- cacti-0.8.7b.orig/debian/po/fr.po +++ cacti-0.8.7b/debian/po/fr.po @@ -0,0 +1,284 @@ +# translation of fr.po to French +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# Christian Perrier , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.6.8a-13\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2005-03-07 08:06+0100\n" +"Last-Translator: Christian Perrier \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fr\n" +"X-Generator: KBabel 1.9.1\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Tous, Aucun" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Type de serveur web:" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Veuillez choisir le type de serveur web qu'utilisera Cacti." + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "" +"Choisissez Aucun si vous prfrez configurer vous-mme votre serveur web." + +#~ msgid "MySQL installs and upgrades must be performed manually!" +#~ msgstr "" +#~ "Pas d'installations ou mises jour automatises pour les bases MySQL de " +#~ "Cacti" + +#~ msgid "" +#~ "For the time being, support for automatic upgrading of the cacti mysql " +#~ "database has been disabled. Please see the rationale and what you will " +#~ "need to do for either installing or upgrading cacti in /usr/share/doc/" +#~ "cacti/README.Debian.gz." +#~ msgstr "" +#~ " l'heure actuelle, la gestion des mises jour automatises de la base " +#~ "de donnes MySQL de Cacti a t dsactive. Veuillez consulter les " +#~ "justifications de ce choix et les instructions d'installation ou de mise " +#~ " jour de Cacti dans le fichier /usr/share/doc/cacti/README.Debian.gz." + +#~ msgid "" +#~ "Note that you will still be prompted for the relevant information, which " +#~ "will be used to generate the appropriate configuration files." +#~ msgstr "" +#~ "Veuillez noter que certaines informations vous seront malgr tout " +#~ "demandes parce qu'elles sont requises lors de la cration des fichiers " +#~ "de configuration." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "" +#~ "Changement de la structure de base de donnes dans la configuration de " +#~ "Cacti" + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. Unfortunately, your old " +#~ "database will not work with the latest version of cacti. Please see /usr/" +#~ "share/doc/cacti/README.Debian.gz to see what your options are." +#~ msgstr "" +#~ "Vous mettez actuellement Cacti niveau depuis une version antrieure " +#~ "0.8.x. Malheureusement, l'ancienne base de donnes ne fonctionnera pas " +#~ "avec la nouvelle version de Cacti. Veuillez consulter le fichier /usr/" +#~ "share/doc/cacti/README.Debian pour connatre les possibilits qui " +#~ "s'offrent vous." + +#~ msgid "MySQL server host name" +#~ msgstr "Serveur MySQL:" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "" +#~ "Veuillez indiquer le nom d'hte du serveur qui accueillera la base de " +#~ "donnes de Cacti." + +#~ msgid "Database name for cacti" +#~ msgstr "Nom de la base de donnes de Cacti:" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Veuillez indiquer le nom de la base de donnes o Cacti conservera ses " +#~ "informations." + +#~ msgid "MySQL administrator username" +#~ msgstr "Nom de l'administrateur de MySQL:" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Veuillez indiquer le nom de l'administrateur de MySQL. Il sera utilis " +#~ "pour la cration de la base de donnes de Cacti." + +#~ msgid "MySQL administrator password" +#~ msgstr "Mot de passe de l'administrateur de MySQL:" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "" +#~ "Indiquez none s'il n'y a pas de mot de passe pour l'administration de " +#~ "MySQL." + +#~ msgid "Cacti database username" +#~ msgstr "Utilisateur de la base de donnes de Cacti:" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Veuillez indiquer l'identifiant qui servira pour la connexion la base " +#~ "de donnes de Cacti." + +#~ msgid "Cacti user password" +#~ msgstr "Mot de passe de l'utilisateur Cacti:" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Veuillez donner un mot de passe pour l'utilisateur de la base de donnes " +#~ "de Cacti (la valeur par dfaut est cacti)." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Faut-il supprimer la base de donnes la purge du paquet?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Choisissez cette option si vous souhaitez que la base de donnes et " +#~ "l'utilisateur associ soient supprims lorsque le paquet est entirement " +#~ "supprim (purge du paquet)." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Confirmation du mot de passe de l'administrateur de MySQL:" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Veuillez confirmer le mot de passe de l'administrateur de MySQL." + +#~ msgid "Error" +#~ msgstr "Erreur" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "" +#~ "Le mot de passe et sa confirmation sont diffrents. Veuillez indiquer " +#~ "nouveau le mot de passe." + +#~ msgid "Store the MySQL admin password" +#~ msgstr "Faut-il conserver le mot de passe de l'administrateur de MySQL?" + +#~ msgid "" +#~ "To update the cacti database automaticlly during a package upgrade the " +#~ "MySQL admin password must be safed in the debconf database. This is a " +#~ "security risk!!!" +#~ msgstr "" +#~ "Afin de permettre la mise jour automatique de la base de donnes de " +#~ "Cacti lors des mises niveau, le mot de passe de l'administrateur de " +#~ "MySQL doit tre conserv dans la base de donnes de debconf. Cela " +#~ "comporte un risque pour la scurit du systme." + +#~ msgid "" +#~ "If the password is not stored in the database it will asked everytime!" +#~ msgstr "" +#~ "Si le mot de passe n'est pas conserv dans la base de donnes, il vous " +#~ "sera demand chaque fois." + +#~ msgid "MySQL server not found" +#~ msgstr "Aucun serveur MySQL trouv" + +#~ msgid "" +#~ "You entered \"localhost\" as MySQL server but I can't find any server " +#~ "installed on localhost. Either install the mysql-server package or run " +#~ "\"dpkg-reconfigure cacti\" in order to change the MySQL server host." +#~ msgstr "" +#~ "Vous avez indiqu localhost pour le serveur de bases de donnes MySQL " +#~ "mais je n'ai pas trouv de serveur sur l'hte local. Vous pouvez " +#~ "installer le paquet mysql-server ou lancer dpkg-reconfigure cacti afin " +#~ "de modifier l'emplacement du serveur MySQL." + +#~ msgid "No MySQL server on localhost" +#~ msgstr "Pas de serveur MySQL sur l'hte local" + +#~ msgid "No MySQL server has been found on localhost." +#~ msgstr "Aucun serveur MySQL n'a t trouv sur l'hte local." + +#~ msgid "/var/cache/cacti/dumps" +#~ msgstr "/var/cache/cacti/dumps" + +#~ msgid "Where should the existing database be saved during an upgrade?" +#~ msgstr "" +#~ "Emplacement de sauvegarde de la base de donnes lors des mises jour:" + +#~ msgid "" +#~ "During a database upgrade, the existing database will first be copied to " +#~ "a separate directory location so that you are able to go back to the " +#~ "previous version of Cacti in case of upgrade problems." +#~ msgstr "" +#~ "Pendant les mises jour, la base de donnes existante sera pralablement " +#~ "copie dans un autre rpertoire afin de vous permettre de revenir la " +#~ "version prcdente de Cacti si des difficults de mise jour " +#~ "apparaissaient." + +#~ msgid "" +#~ "You must specify the pathname of a directory which will have the capacity " +#~ "to receive this dump file. The dump will be created in that directory as " +#~ "a file called cacti-${DATE}.dump." +#~ msgstr "" +#~ "Veuillez indiquer le rpertoire qui disposera de la place suffisante pour " +#~ "hberger le fichier d'export. Ce fichier (dump) sera cr dans ce " +#~ "rpertoire avec le nom cacti-${DATE}.dump." + +#~ msgid "Select the desired default poller." +#~ msgstr "Programme de rcupration (poller) par dfaut:" + +#~ msgid "" +#~ "A poller is a program that collect all datas for the cacti database and " +#~ "graphics." +#~ msgstr "" +#~ "Un programme de rcupration (poller) permet de rcuprer toutes les " +#~ "donnes destines la base de donnes de Cacti et aux graphiques." + +#~ msgid "" +#~ "Only on poller can collect informations, but multiple poller packages are " +#~ "installed. Please select which poller should run by default." +#~ msgstr "" +#~ "Un seul programme de rcupration peut rcuprer des informations, mais " +#~ "plusieurs tels programmes sont installs. Veuillez choisir celui qui sera " +#~ "utilis par dfaut." + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. You must backup your current " +#~ "cacti database, and replace it with the new database structure. Please " +#~ "read the available documentation and change your database accordingly." +#~ msgstr "" +#~ "Vous mettez niveau une version antrieure 0.8.x. Vous devez " +#~ "sauvegarder votre base de donnes actuelle puis la remplacer avec la " +#~ "nouvelle structure de base de donnes. Veuillez consulter la " +#~ "documentation disponible et modifier votre base de donnes." + +#~ msgid "" +#~ "Automatically converting your setup is unfortunately impossible. You will " +#~ "have to do it yourself." +#~ msgstr "" +#~ "Il est malheureusement impossible de convertir automatiquement votre " +#~ "configuration. Vous devrez le faire vous-mme." + +#~ msgid "" +#~ "Cacti will probably be unable to use the existing database and restart " +#~ "collecting your systems." +#~ msgstr "" +#~ "ll est galement possible que Cacti ne puisse pas utiliser la base de " +#~ "donnes actuelle et qu'il ne relance pas la collecte automatique de vos " +#~ "systmes." --- cacti-0.8.7b.orig/debian/po/nl.po +++ cacti-0.8.7b/debian/po/nl.po @@ -0,0 +1,230 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: cacti 0.8.4-2\n" +"Report-Msgid-Bugs-To: seanius@debian.org\n" +"POT-Creation-Date: 2007-10-09 20:13+0200\n" +"PO-Revision-Date: 2004-09-09 11:57+0100\n" +"Last-Translator: Luk Claes \n" +"Language-Team: Debian l10n Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: \n" + +#. Type: select +#. Choices +#: ../cacti.templates:1001 +msgid "Apache, Apache-SSL, Apache2, All, None" +msgstr "Apache, Apache-SSL, Apache2, Allemaal, Geen" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Webserver type" +msgstr "Type webserver" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Which kind of web server should be used by cacti?" +msgstr "Welk soort webserver moet door cacti worden gebruikt?" + +#. Type: select +#. Description +#: ../cacti.templates:1002 +msgid "Select \"None\" if you would like to configure your webserver by hand." +msgstr "Selecteer \"Geen\" als u uw webserver handmatig wilt configureren." + +#~ msgid "Database structure changes in cacti configuration" +#~ msgstr "Wijzigingen in de databankstructuur van de cacti-configuratie" + +#~ msgid "MySQL server host name" +#~ msgstr "De computernaam van de MySQL-server" + +#~ msgid "Please enter the name of the machine hosting the cacti database." +#~ msgstr "Geef de naam van de machine die de cacti-databank aanbiedt." + +#~ msgid "Database name for cacti" +#~ msgstr "De naam van de cacti-databank" + +#~ msgid "" +#~ "Please enter the cacti database name. Cacti will store and fetch data " +#~ "there." +#~ msgstr "" +#~ "Geef de naam van de cacti-databank. Cacti zal daar zijn data bewaren en " +#~ "ophalen." + +#~ msgid "MySQL administrator username" +#~ msgstr "De gebruikersnaam van de MySQL-beheerder" + +#~ msgid "" +#~ "Please enter the MySQL administrator name (needed for cacti database " +#~ "creation)." +#~ msgstr "" +#~ "Geef de gebruikersnaam van de MySQL-beheerder (nodig voor de aanmaak van " +#~ "de cacti-databank)" + +#~ msgid "MySQL administrator password" +#~ msgstr "Het wachtwoord van de MySQL-beheerder" + +#~ msgid "Enter \"none\" if there is no password for MySQL administration." +#~ msgstr "Voer \"none\" in als er geen wachtwoord is voor het MySQL-beheer." + +#~ msgid "Cacti database username" +#~ msgstr "De gebruikersnaam van de cacti-databank" + +#~ msgid "" +#~ "Please enter the name which will be used for connecting to the cacti " +#~ "database." +#~ msgstr "" +#~ "Geef de gebruikersnaam die gebruikt wordt om verbinding te maken met de " +#~ "cacti-databank." + +#~ msgid "Cacti user password" +#~ msgstr "Wachtwoord van de cacti-gebruiker" + +#~ msgid "" +#~ "Please enter a password for the Cacti database user (default is \"cacti" +#~ "\")." +#~ msgstr "" +#~ "Geef het wachtwoord voor de cacti-databankgebruiker (standaard is dit " +#~ "\"cacti\")." + +#~ msgid "Do you want to purge the database when purging the package?" +#~ msgstr "Wilt u de databank wissen als het pakket wordt gewist (purged)?" + +#~ msgid "" +#~ "Accept here if you want to drop the database and the corresponding user " +#~ "when purging the package." +#~ msgstr "" +#~ "Aanvaard dit als u de databank en de corresponderende gebruikersnaam wilt " +#~ "verwijderen bij het wissen (purge) van het pakket." + +#~ msgid "MySQL administrator password confirmation" +#~ msgstr "Bevestiging van het wachtwoord van de MySQL-beheerder" + +#~ msgid "Please confirm the password for the MySQL administrator." +#~ msgstr "Geef het wachtwoord van de MySQL-beheerder opnieuw in ter controle" + +#~ msgid "Error" +#~ msgstr "Fout" + +#~ msgid "" +#~ "The password and its confirmation do not match. Please re-enter the " +#~ "password!" +#~ msgstr "Het wachtwoord is niet hetzelfde. Geef het wachtwoord nog eens in!" + +#~ msgid "Store the MySQL admin password" +#~ msgstr "Bewaar het wachtwoord van de MySQL-beheerder" + +#~ msgid "" +#~ "To update the cacti database automaticlly during a package upgrade the " +#~ "MySQL admin password must be safed in the debconf database. This is a " +#~ "security risk!!!" +#~ msgstr "" +#~ "Om de cacti-databank automatisch bij te werken bij een pakketopwaardering " +#~ "moet het MySQL-adminwachtwoord bewaard worden in de debconf-databank. Dit " +#~ "is een veiligheidsrisico!!!" + +#~ msgid "" +#~ "If the password is not stored in the database it will asked everytime!" +#~ msgstr "" +#~ "Als het wachtwoord niet wordt bewaard in de databank zal het telkens " +#~ "opnieuw gevraagd worden!" + +#~ msgid "MySQL server not found" +#~ msgstr "De MySQL-server is niet gevonden" + +#~ msgid "" +#~ "You entered \"localhost\" as MySQL server but I can't find any server " +#~ "installed on localhost. Either install the mysql-server package or run " +#~ "\"dpkg-reconfigure cacti\" in order to change the MySQL server host." +#~ msgstr "" +#~ "U voerde \"localhost\" in als MySQL-server maar ik kan geen lokale server " +#~ "vinden. Ofwel installeer het mysql-server-pakket ofwel voer \"dpkg-" +#~ "reconfigure cacti\" uit om de MySQL-server te wijzigen." + +#~ msgid "No MySQL server on localhost" +#~ msgstr "Er is geen lokale (localhost) MySQL-server" + +#~ msgid "No MySQL server has been found on localhost." +#~ msgstr "Er is geen lokale (localhost) MySQL-server gevonden." + +#~ msgid "/var/cache/cacti/dumps" +#~ msgstr "/var/cache/cacti/dumps" + +#~ msgid "Where should the existing database be saved during an upgrade?" +#~ msgstr "" +#~ "Waar moet de bestaande databank worden bewaard tijdens een opwaardering?" + +#~ msgid "" +#~ "During a database upgrade, the existing database will first be copied to " +#~ "a separate directory location so that you are able to go back to the " +#~ "previous version of Cacti in case of upgrade problems." +#~ msgstr "" +#~ "Tijdens een databankopwaardering zal de bestaande databank eerst worden " +#~ "gekopieerd naar een afzonderlijke map zodat u kunt terugkeren naar de " +#~ "vorige versie van Cacti in geval van opwaarderingsproblemen." + +#~ msgid "" +#~ "You must specify the pathname of a directory which will have the capacity " +#~ "to receive this dump file. The dump will be created in that directory as " +#~ "a file called cacti-${DATE}.dump." +#~ msgstr "" +#~ "U moet het padnaam of een map aangeven die de capaciteit zal hebben om " +#~ "dit dump-bestand te ontvangen. De dump zal in deze map worden aangemaakt " +#~ "als een bestand met de naam cacti-${DATE}.dump." + +#~ msgid "Select the desired default poller." +#~ msgstr "Selecteer de gewenste standaard poller." + +#~ msgid "" +#~ "A poller is a program that collect all datas for the cacti database and " +#~ "graphics." +#~ msgstr "" +#~ "Een poller is een programma dat alle data voor de cacti-databank en " +#~ "grafieken verzamelt." + +#~ msgid "" +#~ "Only on poller can collect informations, but multiple poller packages are " +#~ "installed. Please select which poller should run by default." +#~ msgstr "" +#~ "Er kan maar n poller informatie verzamelen, maar er zijn meer poller-" +#~ "pakketten genstalleerd. Selecteer welke poller standaard moet draaien." + +#~ msgid "" +#~ "You are upgrading from a pre 0.8.x version. You must backup your current " +#~ "cacti database, and replace it with the new database structure. Please " +#~ "read the available documentation and change your database accordingly." +#~ msgstr "" +#~ "U ben aan het opwaarderen van een versie voor 0.8.X. U moet een " +#~ "veiligheidskopie nemen van uw huidige cacti-databank, en vervangen door " +#~ "de nieuwe databankstructuur. Kijk in de aanwezige documentatie en wijzig " +#~ "uw databank zonodig." + +#~ msgid "" +#~ "Automatically converting your setup is unfortunately impossible. You will " +#~ "have to do it yourself." +#~ msgstr "" +#~ "Uw configuratie automatisch converteren is helaas onmogelijk. U zult dit " +#~ "zelf moeten doen." + +#~ msgid "" +#~ "Cacti will probably be unable to use the existing database and restart " +#~ "collecting your systems." +#~ msgstr "" +#~ "Cacti zal waarschijnlijk de bestaande databank niet kunnen gebruiken en " +#~ "opnieuw starten met het verzamelen van uw systemen."
    $graph_title" . htmlspecialchars($graph_title) . "$graph_title" . htmlspecialchars($graph_title) . "
    $graph_title" . htmlspecialchars($graph_title) ."
    +- "> ++ "> + + +Index: cacti-0.8.7b/tree.php +=================================================================== +--- cacti-0.8.7b.orig/tree.php 2011-09-25 11:25:05.414770439 +0200 ++++ cacti-0.8.7b/tree.php 2011-09-25 11:30:17.884319899 +0200 +@@ -380,7 +380,7 @@ + + if (!empty($_GET["id"])) { + $tree = db_fetch_row("select * from graph_tree where id=" . $_GET["id"]); +- $header_label = "[edit: " . $tree["name"] . "]"; ++ $header_label = "[edit: " . htmlspecialchars($tree["name"]) . "]"; + }else{ + $header_label = "[new]"; + } +@@ -435,10 +435,10 @@ + form_alternate_row_color($colors["alternate"],$colors["light"],$i); $i++; + ?> + +- "> ++ "> + +- ">Delete ++ ">Delete +
    +- " height="2" border="0">
    ++ " height="2" border="0">
    +     		+ +@@ -144,7 +144,7 @@ + +
    ++ +
    + + +--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7b/include/html/inc_timespan_settings.php 2009-11-21 23:15:49.000000000 -0500 +@@ -125,9 +125,9 @@ + if (isset($_POST["date1"])) { + /* the dates have changed, therefore, I am now custom */ + if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) { +- $timespan["current_value_date1"] = $_POST["date1"]; ++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); + $timespan["begin_now"] =strtotime($timespan["current_value_date1"]); +- $timespan["current_value_date2"] = $_POST["date2"]; ++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); + $timespan["end_now"]=strtotime($timespan["current_value_date2"]); + $_SESSION["sess_current_timespan"] = GT_CUSTOM; + $_SESSION["custom"] = 1; +@@ -135,8 +135,8 @@ + }else { + /* the default button wasn't pushed */ + if (!isset($_POST["button_clear_x"])) { +- $timespan["current_value_date1"] = $_POST["date1"]; +- $timespan["current_value_date2"] = $_POST["date2"]; ++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); ++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); + $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"]; + $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"]; + +--- ../old/cacti-0.8.7b/lib/html_form.php 2008-02-13 22:07:53.000000000 +0000 ++++ cacti-0.8.7b/lib/html_form.php 2009-12-07 16:38:16.000000000 +0000 +@@ -241,13 +241,13 @@ + + if (sizeof($items) > 0) { + foreach ($items as $item) { +- print $item["name"] . "
    "; ++ print htmlspecialchars($item["name"],ENT_QUOTES) . "
    "; + } + } + + break; + default: +- print "" . $field_array["value"] . ""; ++ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . ""; + + form_hidden_box($field_name, $field_array["value"], ""); + +@@ -390,7 +390,7 @@ + $form_previous_value = $form_default_value; + } + +- print "\n"; ++ print "\n"; + } + + /* form_dropdown - draws a standard html dropdown box +@@ -574,7 +574,7 @@ + } + } + +- print ">". $array_display[$id]; ++ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES); + print "\n"; + } + --- cacti-0.8.7b.orig/debian/patches/CVE-2010-2543.patch +++ cacti-0.8.7b/debian/patches/CVE-2010-2543.patch @@ -0,0 +1,47 @@ +Author: Paul Gevers +Subject: [PATCH] Fix CVE-2010-2543 XSS issues in include/top_graph_header.php + +Cross-site scripting (XSS) vulnerability in include/top_graph_header.php +in Cacti before 0.8.7g allows remote attackers to inject arbitrary web +script or HTML via the graph_start parameter to graph.php. +NOTE: this vulnerability exists because of an incorrect fix for +CVE-2009-4032.2.b. + +Origin: http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024 +Last-Update: 2011-09-06 +--- + include/top_graph_header.php | 8 +++++--- + 1 files changed, 5 insertions(+), 3 deletions(-) + +Index: cacti-0.8.7b/include/top_graph_header.php +=================================================================== +--- cacti-0.8.7b.orig/include/top_graph_header.php 2011-09-25 11:25:12.418805172 +0200 ++++ cacti-0.8.7b/include/top_graph_header.php 2011-09-25 11:25:20.706846273 +0200 +@@ -27,6 +27,8 @@ + + /* ================= input validation ================= */ + input_validate_input_number(get_request_var_request("local_graph_id")); ++input_validate_input_number(get_request_var_request("graph_start")); ++input_validate_input_number(get_request_var_request("graph_end")); + /* ==================================================== */ + + if (read_config_option("auth_method") != 0) { +@@ -173,15 +175,15 @@ + + /* override: graph start time (unix time) */ + if (!empty($_GET["graph_start"])) { +- $graph_data_array["graph_start"] = $_GET["graph_start"]; ++ $graph_data_array["graph_start"] = get_request_var_request("graph_start"); + } + + /* override: graph end time (unix time) */ + if (!empty($_GET["graph_end"])) { +- $graph_data_array["graph_end"] = $_GET["graph_end"]; ++ $graph_data_array["graph_end"] = get_request_var_request("graph_end"); + } + +- print trim(rrdtool_function_graph($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array)); ++ print trim(@rrdtool_function_graph(get_request_var_request("local_graph_id"), get_request_var_request("rra_id"), $graph_data_array)); + ?> +