diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 08:48:39 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:07:24 +0000 |
| commit | 1121624a15f3ce64e6ee58bcc0868c22ada5b14c (patch) | |
| tree | 95873babd94568e82246443dc3ae786c4c44beb3 | |
| parent | 4eef8e02314c0d71f0e4708db40671f93c4c41c1 (diff) | |
| download | aports-1121624a15f3ce64e6ee58bcc0868c22ada5b14c.tar.bz2 aports-1121624a15f3ce64e6ee58bcc0868c22ada5b14c.tar.xz | |
main/cacti: fix from upstream for incomplete and incorrect input parsing
| -rw-r--r-- | main/cacti/APKBUILD | 6 | ||||
| -rw-r--r-- | main/cacti/bug-0002455.patch | 28 |
2 files changed, 32 insertions, 2 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index cb0b159189..6bb29c513b 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti pkgver=0.8.8b -pkgrel=2 +pkgrel=3 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" @@ -11,6 +11,7 @@ makedepends="" source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz security.patch CVE-2014-5025,5026.patch + bug-0002455.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -36,4 +37,5 @@ package() { } md5sums="acb40deae073ca22e5c01a8e3ba389fb cacti-0.8.8b.tar.gz bd18f265cca1f9713f88296f0be1ef56 security.patch -04770edd7e55021e10ad7d50b0ffa2e9 CVE-2014-5025,5026.patch" +04770edd7e55021e10ad7d50b0ffa2e9 CVE-2014-5025,5026.patch +aa6d50a78b32e7f3e1a71f93c40c6697 bug-0002455.patch" diff --git a/main/cacti/bug-0002455.patch b/main/cacti/bug-0002455.patch new file mode 100644 index 0000000000..bf65d6d474 --- /dev/null +++ b/main/cacti/bug-0002455.patch @@ -0,0 +1,28 @@ +Index: 0.8.8/lib/rrd.php +=================================================================== +--- 0.8.8/lib/rrd.php (revision 7453) ++++ 0.8.8/lib/rrd.php (revision 7454) +@@ -2060,7 +2060,7 @@ + $size = 8; + } + +- return "--font " . strtoupper($type) . ":" . $size . ":" . $font . RRD_NL; ++ return "--font " . strtoupper($type) . ":" . floatval($size) . ":" . $font . RRD_NL; + } + + function rrd_substitute_host_query_data($txt_graph_item, $graph, $graph_item) { +Index: 0.8.8/graph_settings.php +=================================================================== +--- 0.8.8/graph_settings.php (revision 7453) ++++ 0.8.8/graph_settings.php (revision 7454) +@@ -54,6 +54,10 @@ + + while (list($tab_short_name, $tab_fields) = each($settings_graphs)) { + while (list($field_name, $field_array) = each($tab_fields)) { ++ /* Check every field with a numeric default value and reset it to default if the inputted value is not numeric */ ++ if (isset($field_array["default"]) && is_numeric($field_array["default"]) && !is_numeric(get_request_var_post($field_name))) { ++ $_POST[$field_name] = $field_array["default"]; ++ } + if ($field_array["method"] == "checkbox") { + if (isset($_POST[$field_name])) { + db_execute("REPLACE INTO settings_graphs (user_id,name,value) VALUES (" . $_SESSION["sess_user_id"] . ",'$field_name', 'on')"); |