Change log for cacti package in Debian
| 76 → 144 of 144 results | First • Previous • Next • Last |
| Superseded in experimental-release |
cacti (1.1.10+ds1-1) experimental; urgency=medium
* New upstream release
* Upstream uses a newer jquery-tablesorter then in Debian so some links
are not working (newer version is waiting in NEW) and once available
should be used as minimal required version
* Add cacti-spine and snmpd to suggests
* Use soft-links in for site/log and site/rra instead of patches
* Add missing depends (php-gd, php-json, php-ldap)
* Debian dropped suhosin long time ago, so stop patching for it
* Add select grant on mysql.time_zone_name
* Add default templates during install (got dropped upstream since
1.0.0)
* Add some paths to cacti settings during install to accommodate for the
by-pass of cacti/install web-page.
* Add note about time zones and the suggested manual action in NEWS and
README
-- Paul Gevers <email address hidden> Tue, 13 Jun 2017 06:47:18 +0200
cacti (0.8.8h+ds1-10) unstable; urgency=medium
* Fix upgrades from before 0.8.8h+ds1-8; that version started to ship
symlinks to directories in libjs-jquery-jstree without making sure
dpkg handled that properly during upgrades (Closes: #861858)
-- Paul Gevers <email address hidden> Fri, 05 May 2017 13:55:33 +0200
Available diffs
- diff from 0.8.8h+ds1-9 to 0.8.8h+ds1-10 (591 bytes)
| Superseded in experimental-release |
cacti (1.1.5+ds1-2) experimental; urgency=medium
* Upload with fix from 0.8.8h+ds1-10:
Fix upgrades from before 0.8.8h+ds1-8; that version started to ship
symlinks to directories in libjs-jquery-jstree without making sure
dpkg handled that properly during upgrades (Closes: #861858)
-- Paul Gevers <email address hidden> Fri, 05 May 2017 21:23:09 +0200
| Superseded in experimental-release |
cacti (1.1.5+ds1-1) experimental; urgency=medium
* New upstream release
* Generate translations from source
* Bump compat level to 10
* Build documentation from source (requires second tar ball generated
from upstream git)
* Generate jQueryUI datepicker links instead of hardcoding them
* Don't install *.po files, they aren't used
* Add lintian overrides for script-non-executable to avoid carrying a
patch forever, while they shouldn't need to be executable in Debian
* Don't install useless examples (outside of doc tree even)
* Handle the new paper-plane theme as the other themes
* Clean up d/TODO a bit
-- Paul Gevers <email address hidden> Wed, 03 May 2017 20:47:08 +0200
| Superseded in experimental-release |
cacti (1.1.3+ds1-1) experimental; urgency=medium
* New upstream release
- Drop loads of obsoleted patches
- Refresh or rework remaining patches
* Strip loads of embedded javascript projects and build and/or depend on
the proper Debian package
* Drop dependency on libadodb as upstream moved away from it
* Prepare to buid documentation
* Add patches to move adaptations in the embedded jquery-ui css file to
the cacti main.css file as upstream intents to support that
* Update d/TODO as not everything is done as I want it
-- Paul Gevers <email address hidden> Mon, 17 Apr 2017 19:50:52 +0200
cacti (0.8.8h+ds1-9) unstable; urgency=medium
* Add enable_faster_polling_than_cron.patch to replace the use of the
deprecated split() function (Closes: #860271)
-- Paul Gevers <email address hidden> Thu, 13 Apr 2017 22:05:30 +0200
Available diffs
cacti (0.8.8h+ds1-8) unstable; urgency=medium
* Depend on libjs-jquery-jstree instead of using embedded version
* Replace use_debian_javascript_packages.patch with links to the Debian
packages instead (more transparent)
* Add fix_export_for_debian_packages.patch to avoid export failure
-- Paul Gevers <email address hidden> Wed, 14 Dec 2016 21:20:24 +0100
Available diffs
- diff from 0.8.8h+ds1-7 to 0.8.8h+ds1-8 (2.6 KiB)
| Superseded in sid-release |
cacti (0.8.8h+ds1-7) unstable; urgency=medium * Previous upload was screwed up. Doing it better this time I hope. -- Paul Gevers <email address hidden> Sat, 10 Dec 2016 07:47:07 +0100
Available diffs
- diff from 0.8.8h+ds1-5 to 0.8.8h+ds1-7 (904 bytes)
- diff from 0.8.8h+ds1-6 to 0.8.8h+ds1-7 (811 bytes)
| Superseded in sid-release |
cacti (0.8.8h+ds1-6) unstable; urgency=medium
* Fix links for path change in libjs-jquery-ui-theme-ui-lightness,
hopefully bug #846515 will not get fixed
-- Paul Gevers <email address hidden> Wed, 07 Dec 2016 21:44:51 +0100
| Published in jessie-release |
cacti (0.8.8b+dfsg-8+deb8u6) jessie-proposed-updates; urgency=medium
[ Emilio Pozuelo Monfort ]
* CVE-2016-2313-guest-auth.patch:
+ Fix regression in the fix for CVE-2016-2313 that broke guest user
logins. Thanks to Matus Uhlar for the report.
-- Paul Gevers <email address hidden> Sun, 04 Sep 2016 21:37:36 +0200
cacti (0.8.8h+ds1-5) unstable; urgency=medium
[ Emilio Pozuelo Monfort ]
* CVE-2016-2313-guest-auth.patch:
+ Fix regression in the fix for CVE-2016-2313 that broke guest user
logins. Thanks to Matus Uhlar for the report. (Closes: #833420)
[ Paul Gevers ]
* Recommend default-mysql-server instead of MariaDB and MySQL
-- Paul Gevers <email address hidden> Mon, 05 Sep 2016 21:10:12 +0200
Available diffs
- diff from 0.8.8h+ds1-4 to 0.8.8h+ds1-5 (1.4 KiB)
cacti (0.8.8h+ds1-4) unstable; urgency=medium * Improve autopkgtest situation and avoid failure when it is not needed -- Paul Gevers <email address hidden> Thu, 16 Jun 2016 22:11:20 +0200
Available diffs
| Superseded in sid-release |
cacti (0.8.8h+ds1-3) unstable; urgency=medium * Save more log files during autopkgtesting * Add check on errors during testing (Closes: #825644) * Add javascript-common to Depends to ensure jquery is usable -- Paul Gevers <email address hidden> Fri, 10 Jun 2016 20:20:04 +0200
Available diffs
- diff from 0.8.8h+ds1-2 to 0.8.8h+ds1-3 (1.6 KiB)
cacti (0.8.8h+ds1-2) unstable; urgency=medium
* Update make_cacti_sql_mode-strict_compatible.patch to also drop
ONLY_FULL_GROUP_BY (Follow-up for LP: #1578144)
* Lower versioned dependency on libphp-adodb to be Ubuntu compatible
-- Paul Gevers <email address hidden> Thu, 02 Jun 2016 22:06:59 +0200
Available diffs
cacti (0.8.8h+ds1-1) unstable; urgency=medium
* New upstream release
- CVE-2016-3659 SQL Injection Vulnerability in graph_view.php (Closes:
#820521)
* Drop obsolete patches (applied upstream)
* Update tests to depend on javascript-common
* Don't test lighttpd for now
* Drop jquery.js from the source (wasn't used anyways in Debian), so no
need to document it in d/copyright
* Add make_cacti_sql_mode-strict_compatible.patch to enable cacti to
work with the default settings of MySQL 5.7 (LP: #1578144)
-- Paul Gevers <email address hidden> Sat, 14 May 2016 22:26:35 +0200
cacti (0.8.8g+ds1-3) unstable; urgency=medium
* Bump standards (no changes)
* Fix noninteractive install failure
* Reorder test Depends in the hope that MySQL|MariaDB-server get setup
before cacti
* Refresh all patches
* Take over patch 11_1571432_mysqli.patch from Ubuntu (although not
really needed anymore) to fix mysqli extension in the install script
(LP: #1571432)
-- Paul Gevers <email address hidden> Fri, 29 Apr 2016 14:08:05 +0200
cacti (0.8.8g+ds1-2) unstable; urgency=medium
[ Paul Gevers ]
* Next upstream version, strip include/js/jquery.js from source
* Make sure the web-interface doesn't ask unnecessary questions after
install (Closes: #783447)
* Use the MySQL connection password as initial password for the admin
user (Closes: #783446) and mention this in the NEWS.Debian file
* Improve fix for CVE-2016-2313 such that it doesn't cause a regression
for setups that rely on http authentication of users unknown to cacti.
- Add improve_fix_for_CVE-2016-2313.patch
* Full update of README.Debian
* CVE-2016-3172
- Add CVE-2016-3172_sql-injection-in-tree.php.patch (Closes: #818647)
* Update Brazilian Portuguese, thanks to Diego Neves (Closes: #816962)
* Drop old code in postinst to (re)move old configuration files this is
already fixed in jessie
* Bump version for libphp-adodb as mysqli doesn't work otherwise
* Add new php-xml & php-mbstring to Depends for php7.0
* Add add_rrdtool-1.5_to_utilities.php.patch to prevent error in
utilities.php with rrdtool version 1.5
* Remove Mahyuddin from uploaders (thanks for the fish)
[ Nishanth Aravamudan ]
* Update to PHP7.0 dependencies (LP: #1544352)
* Default to mysqli driver for database connection, as the mysql driver
has been removed in PHP7.0 (LP: #1544352) (Closes: #815987)
-- Paul Gevers <email address hidden> Sun, 17 Apr 2016 19:55:43 +0200
| Published in wheezy-release |
cacti (0.8.8a+dfsg-5+deb7u8) wheezy-security; urgency=high * CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php * CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php -- Paul Gevers <email address hidden> Tue, 23 Feb 2016 21:41:22 +0100
| Superseded in jessie-release |
cacti (0.8.8b+dfsg-8+deb8u4) jessie-security; urgency=high * CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php * CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php -- Paul Gevers <email address hidden> Tue, 23 Feb 2016 21:30:13 +0100
cacti (0.8.8g+ds1-1) unstable; urgency=medium
* New upstream release
- CVE-2016-2313 (closes: #814353)
- Drop included patches
* Update d/copyright with new years
* Enable installation on MariaDB by forcing the collation to latin1
* Add mariadb-server to list of recommends
* Update Vcs-* fields to https
-- Paul Gevers <email address hidden> Fri, 26 Feb 2016 13:50:34 +0100
| Superseded in jessie-release |
cacti (0.8.8b+dfsg-8+deb8u3) jessie-security; urgency=high
* Add upstream patch to fix (Closes: #807599)
- CVE-2015-8369 SQL Injection vulnerability in graph.php
-- Paul Gevers <email address hidden> Sat, 12 Dec 2015 21:08:55 +0100
cacti (0.8.8f+ds1-4) unstable; urgency=medium
* CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
* CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
* Depend on dbconfig-mysql or dbconfig-no-thanks instead of
dbconfig-common and mysql-client
* Bump compat level to 9
* Drop useless CFLAGS declaration in d/rules
* Drop cacti.sql_drop_tables_to_begin.patch as dbconfig-common now does
that.
* Add dependency on libjs-jquery now that version is high enough and
update use_debian_javascript_packages.patch to use it.
-- Paul Gevers <email address hidden> Sat, 09 Jan 2016 13:16:04 +0100
Available diffs
- diff from 0.8.8f+ds1-3 to 0.8.8f+ds1-4 (3.3 KiB)
cacti (0.8.8f+ds1-3) unstable; urgency=high
* Add upstream patch to fix
- CVE-2015-8369 SQL Injection vulnerability in graph.php
-- Paul Gevers <email address hidden> Sat, 12 Dec 2015 14:03:40 +0100
Available diffs
- diff from 0.8.8f+ds1-2 to 0.8.8f+ds1-3 (3.4 KiB)
| Superseded in wheezy-release |
cacti (0.8.8a+dfsg-5+deb7u6) wheezy-security; urgency=high
* Security update
- CVE-2015-4634 SQL injection in graphs.php
- Multiple other SQL injection vulnerabilities
-- Paul Gevers <email address hidden> Sun, 19 Jul 2015 21:57:27 +0200
| Superseded in jessie-release |
cacti (0.8.8b+dfsg-8+deb8u2) jessie-security; urgency=high
* Security update
- CVE-2015-4634 SQL injection in graphs.php
- Multiple other SQL injection vulnerabilities
-- Paul Gevers <email address hidden> Sun, 19 Jul 2015 21:57:27 +0200
cacti (0.8.8f+ds1-2) unstable; urgency=medium
* Update loadavg_multi_locale_friendly.patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
althought that wasn't too bad until now)
-- Paul Gevers <email address hidden> Mon, 03 Aug 2015 19:58:53 +0200
Available diffs
- diff from 0.8.8f+ds1-1 to 0.8.8f+ds1-2 (2.7 KiB)
cacti (0.8.8f+ds1-1) unstable; urgency=medium * New upstream release fixing some regressions in 0.8.8e -- Paul Gevers <email address hidden> Tue, 21 Jul 2015 21:59:40 +0200
Available diffs
- diff from 0.8.8e+ds1-1 to 0.8.8f+ds1-1 (2.5 KiB)
cacti (0.8.8e+ds1-1) unstable; urgency=high
* Imported Upstream version 0.8.8e
- CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 15 Jul 2015 19:47:00 +0200
Available diffs
- diff from 0.8.8d+ds1-1 to 0.8.8e+ds1-1 (16.4 KiB)
cacti (0.8.8d+ds1-1) unstable; urgency=high
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c
-- Paul Gevers <email address hidden> Mon, 22 Jun 2015 19:59:13 +0200
Available diffs
- diff from 0.8.8b+dfsg-8 to 0.8.8d+ds1-1 (538.3 KiB)
| Deleted in experimental-release (Reason: None provided.) |
cacti (0.8.8c+ds1-1) experimental; urgency=medium
* New upstream release
* Strip several parts from the upstream source
- convenience copies (javascript and adodb) that have a corresponding
package in Debian
- other unused javascript files (some lacking source)
- font files without source
* Drop patches now applied upstream
* Upstream now has a DFSG treeview, drop Debian patches
* Drop recommends on jquery (too old for this treeview, use
convenience copy in source)
* Add patch to use system versions of javascripts
* Update d/copyright
* Update standards to 3.9.6 (no changes)
* Update d/watch, d/rules and d/copyright to download and strip source
-- Paul Gevers <email address hidden> Mon, 08 Dec 2014 21:28:05 +0100
| Superseded in wheezy-release |
cacti (0.8.8a+dfsg-5+deb7u4) wheezy-security; urgency=high
* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
was unusable (Closes: #755032)
* Security update
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
- CVE-2014-5261 Remote Code Execution
- CVE-2014-5262 SQL injection
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 20:29:12 +0200
cacti (0.8.8b+dfsg-8) unstable; urgency=high
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 19:57:43 +0200
Available diffs
- diff from 0.8.8b+dfsg-7 to 0.8.8b+dfsg-8 (2.2 KiB)
cacti (0.8.8b+dfsg-7) unstable; urgency=medium
* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
was unusable (Closes: #755032)
* Security update
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Thu, 24 Jul 2014 21:56:48 +0200
Available diffs
- diff from 0.8.8b+dfsg-6 to 0.8.8b+dfsg-7 (2.7 KiB)
| Superseded in wheezy-release |
cacti (0.8.8a+dfsg-5+deb7u3) wheezy-security; urgency=high
* Security upload (Closes: #742768, #743565, #752573)
- CVE-2014-2326 Cross-site scripting (XSS) vulnerability
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
- CVE-2014-2708 SQL injection
- CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Thu, 26 Jun 2014 21:01:50 +0200
cacti (0.8.8b+dfsg-6) unstable; urgency=high
* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Wed, 25 Jun 2014 22:33:53 +0200
Available diffs
- diff from 0.8.8b+dfsg-5 to 0.8.8b+dfsg-6 (9.3 KiB)
cacti (0.8.8b+dfsg-5) unstable; urgency=high
* Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)
-- Paul Gevers <email address hidden> Sun, 06 Apr 2014 19:59:12 +0200
Available diffs
- diff from 0.8.8b+dfsg-3 to 0.8.8b+dfsg-5 (3.3 KiB)
| Superseded in sid-release |
cacti (0.8.8b+dfsg-4) unstable; urgency=high
* Security update (Closes: 743565)
- CVE-2014-2326 Cross-site scripting (XSS) vulnerability
- CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
- CVE-2014-2708 SQL injection
- CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
* Bump standards (no changes needed)
* Fix VCS-Browser field
* Fix license paragraph of jstree (Thanks lintian)
-- Paul Gevers <email address hidden> Sat, 05 Apr 2014 13:03:22 +0200
| Published in squeeze-release |
cacti (0.8.7g-1+squeeze3) squeeze-security; urgency=high
* Security upload
* Fix Cross site scripting in host.php and install/index.php (upstream
bug 2383) CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
-- Paul Gevers <email address hidden> Wed, 28 Aug 2013 20:52:20 +0200
| Superseded in wheezy-release |
cacti (0.8.8a+dfsg-5+deb7u2) wheezy-security; urgency=high
* Security upload
* Fix Cross site scripting in host.php and install/index.php (upstream
bug 2383) CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
-- Paul Gevers <email address hidden> Wed, 28 Aug 2013 21:12:50 +0200
cacti (0.8.8b+dfsg-3) unstable; urgency=low
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken
-- Paul Gevers <email address hidden> Tue, 27 Aug 2013 20:43:21 +0200
Available diffs
- diff from 0.8.8b+dfsg-2 to 0.8.8b+dfsg-3 (3.3 KiB)
cacti (0.8.8b+dfsg-2) unstable; urgency=low
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color
-- Paul Gevers <email address hidden> Fri, 09 Aug 2013 22:34:26 +0200
Available diffs
- diff from 0.8.8a+dfsg-7 to 0.8.8b+dfsg-2 (26.3 KiB)
| Superseded in sid-release |
cacti (0.8.8b+dfsg-1) unstable; urgency=low
* New upstream release
- Fixes SQL or command line injection via snmp settings or
graph creation or edition that allows privileged users to execute
arbitrary SQL commands or command line commands. CVE-2013-1434 and
CVE-2013-1435
- poller_cache_rebuild_on_install.patch included
* Add d/rules get-orig-source target and accompanying script
* Update japanese translation, thank victory (Closes: #717203)
* Update vcs-* fields (thanks lintian)
* Update standards (no changes needed)
* Update years and my address in d/copyright
* Allow any php5 SAPI provider to satify cacti dependency, thanks
Ondřej Surý (php5 maintainer). Thus reverting the solution to bug
#654843 as the original report was not a bug but a reporter mistake.
libapache2-mod-fcgid does not provide php5 SAPI.
-- Paul Gevers <email address hidden> Wed, 07 Aug 2013 20:46:58 +0200
cacti (0.8.8a+dfsg-7) unstable; urgency=low
* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian.patch to not load jquery-cookie if it is
not installed on the system (Closes: #708001)
-- Paul Gevers <email address hidden> Sat, 18 May 2013 12:14:02 +0200
Available diffs
- diff from 0.8.8a+dfsg-6 to 0.8.8a+dfsg-7 (1.4 KiB)
cacti (0.8.8a+dfsg-6) unstable; urgency=low
* Improve maintenance scripts
- Prepare cacti configuration for Apache2.4 according to
http://wiki.debian.org/Apache/PackagingFor24
- Improve cacti.config to fix dpkg-reconfigure behavior for httpd's.
- Restart lighttpd if needed (LP: #1132415)
- Remove obsolete (Sarge) preinst code
* Fix the lighttpd config template for absolute path (see LP: #1132415)
* Lintian triggered improvements:
- Update watch file for +dfsg in the version
- Add dependency on mysql-client (next to virtual-mysql-client)
* Bug fixes:
- Add patch loadavg_multi_locale_friendly.patch to allow uptime script to
work independent of the local locale (Closes: #704057)
- Add patch fix_php_strict_warning_in_ping.patch to fix php 5.4 warnings
(Closes: #694159)
- Add patch poller_cache_rebuild_on_install.patch to start filling the
auto-generated graphs upon installation (Upstream: 2229)
* Move configuration files away from /usr/share/doc/cacti (policy 12.3)
* Remove obsolete RM-Upload-Allowed from d/control
* Revisited README.Debian
-- Paul Gevers <email address hidden> Sun, 05 May 2013 16:41:13 +0200
Available diffs
- diff from 0.8.8a+dfsg-5 to 0.8.8a+dfsg-6 (10.9 KiB)
cacti (0.8.8a+dfsg-5) unstable; urgency=low
* Update debian/NEWS.Debian to explain the recommended packages for the tree,
which seem to be not installed by default upon upgrade, and make sure it is
actually installed.
-- Paul Gevers <email address hidden> Thu, 11 Apr 2013 19:57:35 +0200
Available diffs
- diff from 0.8.8a+dfsg-4 to 0.8.8a+dfsg-5 (814 bytes)
| Superseded in sid-release |
cacti (0.8.8a+dfsg-4) unstable; urgency=low * Improve jquery tree patch to show trees multilevel (Closes: #702690) -- Paul Gevers <email address hidden> Mon, 01 Apr 2013 08:03:11 +0200
Available diffs
- diff from 0.8.8a+dfsg-3 to 0.8.8a+dfsg-4 (5.3 KiB)
cacti (0.8.8a+dfsg-3) unstable; urgency=low * Fixed typo in recommends libjs-jquery* i.s.o. libjs-query (Closes: #700999) -- Paul Gevers <email address hidden> Tue, 19 Feb 2013 20:33:20 +0100
Available diffs
- diff from 0.8.8a+dfsg-2 to 0.8.8a+dfsg-3 (544 bytes)
cacti (0.8.8a+dfsg-2) unstable; urgency=low * Upload to unstable after acknowledge by the RT, see #694850. -- Paul Gevers <email address hidden> Tue, 29 Jan 2013 20:41:05 +0100
Available diffs
- diff from 0.8.8a+dfsg-1 to 0.8.8a+dfsg-2 (379 bytes)
| Deleted in experimental-release (Reason: None provided.) |
cacti (0.8.8a+dfsg-1) experimental; urgency=low
* Removed non-dfsg-free treeview code from the upstream source (Closes:
#679980)
* Add jquery.jstree.js and four jstree theme files to the package to replace
the treeview functionality
* Update d/copyright to reflect above changes
* Add patches to use the jstree code
- replace_treeview_by_jquery.jstree.patch
- use_jquery_for_debian.patch
* Add libjs-jquery and libjs-jquery-cookie to recommends as they are needed by
jstree.
* Remove the logic to install plugins in /usr/local/share/cacti/plugins as the
implementation of chdir in php resolves symlinks (Closes: #681558).
- Update README.Debian and add NEWS.Debian and README.Plugins
- Update d/cacti.links and d/cacti.install
* Update my e-mail address to <email address hidden>
-- Paul Gevers <email address hidden> Mon, 10 Dec 2012 22:48:48 +0100
Available diffs
- diff from 0.8.8a-3 to 0.8.8a+dfsg-1 (59.3 KiB)
cacti (0.8.8a-3) unstable; urgency=low * Update postrm with new debconf answers (Closes: #673764) -- Paul Gevers <email address hidden> Mon, 21 May 2012 20:22:18 +0200
Available diffs
- diff from 0.8.8a-2 to 0.8.8a-3 (510 bytes)
cacti (0.8.8a-2) unstable; urgency=low
* Use ts to timestamp poller errors in cron when available and add moreutils
to suggests.
* Add suhosin.memory_limit to cron and poller (Closes: #566609)
* Add dependency on ${perl:Depends} as the dependency on perl was missing
* Use a template based on config.php for debian.php creation to include
non-database options and get rid of 01_config.php.patch by creating link
to debian.php instead. Update two dependent patches.
* Add different sub folders to local resource in d/dirs
* Add cacti.sql_ensure_cron_works.patch to prevent failure of crontab after
install as the paths to rrdtool and php are not set.
* Add cacti.sql_drop_tables_to_begin.patch patch to work around bug 665742
where dbconfig-common does not drop the tables during reconfigure so we have
to do it on population of the database to prevent errors.
* Update d/copyright to include proper license info for jscalendar and
treeview (this last one needs action). Also update Cacti's license as it
has been GPL-2+ all along.
* Readded debconf question option for lighttpd lost in commit 98fed9b while
preventing the need to call for new translations. Use lower-case apache2 and
lighttpd as package names at the same time.
* Update 08_563955_local_data_id.patch with upstream bug number
* Improve rra removal on purge (one higher level directory) in postrm
-- Paul Gevers <email address hidden> Sat, 19 May 2012 07:56:04 +0200
Available diffs
cacti (0.8.8a-1) unstable; urgency=low
* New upstream release.
- Now includes plugin architecture (Closes: #406766)
- Don't use define_syslog_variables() (Closes: #668261)
- Allow external auth behind proxy (Closes: #660853)
* Update patches, remove last two now applied upstream
* Update d/watch to prevent selection of PIA tar ball
* Repaired old entries in d/changelog where non-ascii characters got mangled
* Remove d/s/local-options as they are for, well, local options
* Make link to cacti.sql instead of copying data again
* Remove unnecessary directories from dirs as they are generated as needed
* Clean up of debian rules for short-hand dh
- Moved permission and ownership fixes to override_dh_fixperms
- Use 644 and 755 instead of 640 and 750 as per policy (except for rra)
- Remove lib/adodb on clean (instead of build)
- Use debian/cacti.install to define which files to install where
* d/post(rm|inst) now also (un)registers with ufcr and clean-up of long
obsolete /etc/cacti/default-poller
* Append error output of poller to poller-error.log i.s.o overwriting
(Closes: #669339) and make sure the ownership/permissions are right
* Update README.Debian with info about plugin architecture
-- Paul Gevers <email address hidden> Tue, 01 May 2012 09:57:18 +0200
cacti (0.8.7i-3) unstable; urgency=low
[ Mahyuddin Susanto ]
* debian/patches/01_config.php.patch: refreshed to fix error
on upgrade because /etc/cacti/debian.php has been rewrite
during installation. (Closes: #654352), Thanks to Michael Reincke.
* debian/control: Move apache to recommends to allow other web-server to
be installed. (Closes: #654843)
* debian/cacti.templates: Updated debconf template and package description,
suggested by debian-l10n-english. (Closes: #653897)
* Update debconf translations:
- Spanish by Javier Fernández-Sanguino Peña (Closes: #656405)
- French by Christian Perrier (Closes: #657280)
- Polish by Michał Kułach. (Closes: #657294)
- Danish by Joe Hansen. (Closes: #657339)
- Dutch by Jeroen Schot. (Closes: #657468)
- Swedish by Martin Bagge. (Closes: #657546)
- Indonesian by Mahyuddin Susanto. (Closes: #657609)
- Russian by Yuri Kozlov. (Closes: #657705)
[ Sean Finney ]
* Remove lighttpd.conf at postrm purge time
* Add Paul Gevers to Uploaders field
[ Paul Gevers ]
* More updated debconf translations, thanks to Christian Perrier.
- German (Chris Leick). (Closes: #658396)
- Czech (Miroslav Kure). (Closes: #658752)
- Portuguese (Rui Branco). (Closes: #659167)
- Italian (Beatrice Torracca). (Closes: #659401)
- Basque (Iñaki Larrañaga Murgoitio). (Closes: #660641)
* Bump Standard-Version to 3.9.3 (no changes).
* session_unregister was removed in php 5.4, add patch
11_remove_deprecated_session_unregister (Closes: #665280)
* Update d/rules to fix changed output from /usr/bin/file for PHP executable
files (Closes: #665243)
-- Paul Gevers <email address hidden> Thu, 29 Mar 2012 20:55:17 +0200
| Published in lenny-release |
cacti (0.8.7b-2.1+lenny5) oldstable; urgency=low
* lib/snmp.php: Add $max_oids parameter to snmp_walk
Closes: #656613
-- Luk Claes <email address hidden> Sat, 21 Jan 2012 23:41:35 +0100
| Superseded in squeeze-release |
cacti (0.8.7g-1+squeeze1) stable-security; urgency=high
* Team upload.
* [SECURITY] Fixes SQL injection vulnerability in auth_login.php that allows
remote attackers to execute arbitrary SQL commands via the login_username
parameter. (Closes: #652371)
- debian/patches/CVE-2011-4824.patch
- CVE-2011-4824
-- Mahyuddin Susanto <email address hidden> Thu, 29 Dec 2011 16:34:51 +0700
cacti (0.8.7i-2) unstable; urgency=low
* Cherry-pick upstream patches
- debian/patches/10_settings_checkbox.patch
* debian/patches/05_no-adodb.patch: Updates, add semicolon at line 190.
(Closes: #653863)
* Updated last changelog to mention security bug.
-- Mahyuddin Susanto <email address hidden> Mon, 02 Jan 2012 14:11:15 +0700
Available diffs
- diff from 0.8.7g-2.1 to 0.8.7i-2 (150.1 KiB)
cacti (0.8.7i-1) unstable; urgency=low
* New upstream release. (Closes: #642971)
- Fix Ping query. (Closes: #616320, #561488)
* debian/control:
- Bump Standard-Version to 3.9.2, no source changes.
- Change Maintainer to pkg-cacti. (Closes: #613857)
- Add Sean and myself as uploaders.
- Change Vcs-* to pkg-cacti.
* debian/copyright: Rewriting as per dep5 format.
* debian/source: Added to mentioning quilt patch system.
* debian/README.source: Deleted, not needed anymore
* debian/patches/09_use-utf8.patch: Use UTF-8 while creating database and
producing RRD, Thanks to Slavko <email address hidden>. (Closes: #604395)
* Refreshed pathces:
- debian/patches/01_config.php.patch
- debian/patches/05_no-adodb.patch
- debian/patches/06_config_settings.php_cactid_path.patch
- debian/patches/07_cli-include-path.patch (Closes: #604396)
- debian/patches/08_563955_local_data_id.patch (Closes: #563955)
* Drop patches apllied upstream:
- 606062_ping.pl.patch
- data_source_deactivate.patch
- graph_list_view.patch
- html_output.patch
- ldap_group_authenication.patch
- ping.patch
- poller_interval.patch
- script_server_command_line_parse.patch
* Add Lighttpd support:
- debian/docs: updated
- debian/cacti.lighttpd.conf: added
- debian/cacti.{postinst|postrm|templates}: updated
-- Mahyuddin Susanto <email address hidden> Fri, 30 Dec 2011 16:47:42 +0700
cacti (0.8.7g-2.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - French (Christian Perrier). Closes: #614903 - German (Chris Leick). Closes: #619663 - Russian (Yuri Kozlov). Closes: #623795 - Indonesian (Mahyuddin Susanto). Closes: #623886 - Japanese (Hideki Yamane). Closes: #624821 - Danish (Joe Hansen). Closes: #625482 - Dutch; (Luk Claes). Closes: #625529 - Spanish; (Francisco Javier Cuadrado). Closes: #627032 - Swedish (Martin Bagge / brother). Closes: #628928 - Czech (Miroslav Kure). Closes: #631596 - Basque (Ander Goñi). Closes: #631900 - Portuguese (Rui Branco). Closes: #631982 -- Christian Perrier <email address hidden> Wed, 29 Jun 2011 06:57:56 +0200
Available diffs
- diff from 0.8.7g-2 to 0.8.7g-2.1 (11.4 KiB)
cacti (0.8.7g-2) unstable; urgency=low * import 2 new "official" upstream patches * Cherry-pick upstream fix for ping output parsing (Closes: #606062). * Lintian: - Update Standards-Version to 3.9.1 (no changes necessary) - Bump versioned Build-Dep on debhelper to >= 5 - Update config and postrm maintainer scripts to run with set -e - Remove un-needed chmodding of php files in debian/rules - Ensure the non-php files in the scripts dir are executable - Update debconf template description to remove question from text. - Selectively fix executable permissions on some files in the cli dir - Include a README.source mentioning quilt * Update debconf choices and default value for webserver configuration * Update all debian/po files after changing debconf template -- Sean Finney <email address hidden> Sun, 20 Feb 2011 15:33:58 +0100
cacti (0.8.7g-1) unstable; urgency=low
* New upstream release (Closes: #592465).
* Update context in 05_no-adodb.patch to remove fuzz.
* Remove "official" patches from previous release.
* Remove 563955_undefined_index_local_data_id.patch, incorporated upstream.
* Remove CVE-2010-2092.patch, incorporated upstream.
* Import new batch of "official" upstream patches.
* Update apache configuration to work in FastCGI deployments (Closes: #593203).
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Sean Finney <email address hidden> Tue, 17 Aug 2010 22:22:02 +0200
| Superseded in lenny-release |
cacti (0.8.7b-2.1+lenny3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix unauthenticated sql injection vulnerability due to validating
$_REQUEST rather than $_GET (CVE-2010-2092; Closes: #582691).
-- Nico Golde <email address hidden> Thu, 10 Jun 2010 17:08:56 +0000
cacti (0.8.7e-4) unstable; urgency=high * Forward-port fix for CVE-2010-2092 from stable package (Closes: #582691) -- Sean Finney <email address hidden> Fri, 11 Jun 2010 21:08:02 +0000
cacti (0.8.7e-3) unstable; urgency=high
* Import upstream fix for SQL injection vulnerability (no CVE assigned yet)
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Sean Finney <email address hidden> Sat, 24 Apr 2010 17:54:20 +0200
| Superseded in lenny-release |
cacti (0.8.7b-2.1+lenny1) stable-security; urgency=high
* Non-maintainer upload by the securiy team
* Fix several cross-site scriptings via different vectors
Fixes: CVE-2009-4032
-- Steffen Joeris <email address hidden> Wed, 16 Dec 2009 11:33:16 +0100
cacti (0.8.7e-2) unstable; urgency=low
* Import 2 new "official" patches from upstream
* Italian debconf translation
- thanks to Alessandro De Zorzi <email address hidden> (Closes: #548447)
* Fix for "Undefined index: local_data_id in graphs_new.php"
- new debian patch 563955_undefined_index_local_data_id.patch
- thanks to Teodor MICU <email address hidden> (Closes: #563955)
* Fix for "must not RE-add /etc/apache2/conf.d/cacti.conf link on upgrade"
- thanks to Patrick Schoenfeld <email address hidden> (Closes: #561477)
* Bump debhelper compatibility level to 5
-- Sean Finney <email address hidden> Sun, 24 Jan 2010 21:39:46 +0100
cacti (0.8.7e-1.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Fix several cross-site scriptings via different vectors
Fixes: CVE-2009-4032
-- Steffen Joeris <email address hidden> Wed, 16 Dec 2009 12:06:20 +0100
cacti (0.8.7e-1) unstable; urgency=low
* New upstream release (Closes: #541490).
[ Sean Finney ]
* fix path to global.php in cli scripts (Closes: #525024).
- thanks to Jean-François Masure <email address hidden>
* add a watch file to track upstream updates (Closes: #527066).
- thanks to Laurent Bigonville <email address hidden>
* downgrade Depends on logrotate to a Recommends (Closes: #526997).
- thanks to Russ Allbery <email address hidden>
* updates to (eu,ru,ja) debconf translations
- eu: Piarres Beobide <email address hidden> (Closes: #535636).
- ru: Yuri Kozlov <email address hidden> (Closes: #535820).
- ja: Hideki Yamane (Debian-JP) <email address hidden> (Closes: #546229).
[ Sander Klein ]
* Change location of docs/text to docs/txt
* Removed 'Official' patches for 0.8.7d since they are not needed anymore
* Import 'Official' patches for 0.8.7e
* Make cli-include-path.patch apply
* use ':' with chown instead of deprecated '.'
* suggested spelling/grammar changes from lintian for ./debian/control
-- Sean Finney <email address hidden> Mon, 14 Sep 2009 23:42:32 +0200
cacti (0.8.7d-1) unstable; urgency=low
* Imported Upstream version 0.8.7d
* update/massage/remove patches for new upstream release
* import new "official" patches for 0.8.7d
* remove obsolete dependencies on php4 packages (Closes: #514342)
* update default apache config php options (Closes: #459594)
* add Homepage field to control file (Closes: #494811)
* add Suggests: php5-ldap for ldap authentication (Closes: #496854) -
thanks to Paul Nijjar <email address hidden>
* call ucf with --debconf-ok in postinst
* copy cli directory to /usr/share/cacti (Closes: #483556)
* add gbp.conf for git-buildpackage and friends
-- Sean Finney <email address hidden> Sun, 29 Mar 2009 17:51:10 +0200
cacti (0.8.7b-2.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- Basque. Closes: #479538
- Turkish. Closes: #491497
- Finnish. Closes: #492395
- Russian. Closes: #492550
- Galician. Closes: #493306
- Japanese. Closes: #493346
* [Lintian] Properly spell MySQL in package description
* [Lintian] Wrap the debian/copyright file to 80 characters
-- Christian Perrier <email address hidden> Fri, 18 Jul 2008 19:28:34 +0200
| 76 → 144 of 144 results | First • Previous • Next • Last |
