2011
cacti (0.8.7g-1+squeeze1) stable-security; urgency=high
* Team upload.
* [SECURITY] Fixes SQL injection vulnerability in auth_login.php that allows
remote attackers to execute arbitrary SQL commands via the login_username
parameter. (Closes: #652371)
- debian/patches/CVE-2011-4824.patch
- CVE-2011-4824
-- Mahyuddin Susanto <udienz@ubuntu.com> Thu, 29 Dec 2011 16:34:51 +0700
2010
cacti (0.8.7g-1) unstable; urgency=low
* New upstream release (Closes: #592465). * Update context in 05_no-adodb.patch to remove fuzz. * Remove "official" patches from previous release. * Remove 563955_undefined_index_local_data_id.patch, incorporated upstream. * Remove CVE-2010-2092.patch, incorporated upstream. * Import new batch of "official" upstream patches. * Update apache configuration to work in FastCGI deployments (Closes: #593203). - thanks to Thijs Kinkhorst <thijs@uvt.nl> (Closes: #578909).
-- Sean Finney <seanius@debian.org> Tue, 17 Aug 2010 22:22:02 +0200
cacti (0.8.7e-4) unstable; urgency=high
* Forward-port fix for CVE-2010-2092 from stable package (Closes: #582691)
-- Sean Finney <seanius@debian.org> Fri, 11 Jun 2010 21:08:02 +0000
cacti (0.8.7e-3) unstable; urgency=high
* Import upstream fix for SQL injection vulnerability (no CVE assigned yet)
- thanks to Thijs Kinkhorst <thijs@uvt.nl> (Closes: #578909).
-- Sean Finney <seanius@debian.org> Sat, 24 Apr 2010 17:54:20 +0200
cacti (0.8.7e-2) unstable; urgency=low
* Import 2 new "official" patches from upstream
* Italian debconf translation
- thanks to Alessandro De Zorzi <lota@nonlontano.it> (Closes: #548447)
* Fix for "Undefined index: local_data_id in graphs_new.php"
- new debian patch 563955_undefined_index_local_data_id.patch
- thanks to Teodor MICU <mteodor@gmail.com> (Closes: #563955)
* Fix for "must not RE-add /etc/apache2/conf.d/cacti.conf link on upgrade"
- thanks to Patrick Schoenfeld <schoenfeld@debian.org> (Closes: #561477)
* Bump debhelper compatibility level to 5
-- Sean Finney <seanius@debian.org> Sun, 24 Jan 2010 21:39:46 +0100
2009
cacti (0.8.7e-1) unstable; urgency=low
* New upstream release (Closes: #541490). [ Sean Finney ] * fix path to global.php in cli scripts (Closes: #525024). - thanks to Jean-François Masure <Jean-Francois.Masure@telindus.fr> * add a watch file to track upstream updates (Closes: #527066). - thanks to Laurent Bigonville <bigon@debian.org> * downgrade Depends on logrotate to a Recommends (Closes: #526997). - thanks to Russ Allbery <rra@debian.org> * updates to (eu,ru,ja) debconf translations - eu: Piarres Beobide <pi@beobide.net> (Closes: #535636). - ru: Yuri Kozlov <yuray@komyakino.ru> (Closes: #535820). - ja: Hideki Yamane (Debian-JP) <henrich@debian.or.jp> (Closes: #546229). [ Sander Klein ] * Change location of docs/text to docs/txt * Removed 'Official' patches for 0.8.7d since they are not needed anymore * Import 'Official' patches for 0.8.7e * Make cli-include-path.patch apply * use ':' with chown instead of deprecated '.' * suggested spelling/grammar changes from lintian for ./debian/control
-- Sean Finney <seanius@debian.org> Mon, 14 Sep 2009 23:42:32 +0200
cacti (0.8.7d-1) unstable; urgency=low
* Imported Upstream version 0.8.7d * update/massage/remove patches for new upstream release * import new "official" patches for 0.8.7d * remove obsolete dependencies on php4 packages (Closes: #514342) * update default apache config php options (Closes: #459594) * add Homepage field to control file (Closes: #494811) * add Suggests: php5-ldap for ldap authentication (Closes: #496854) - thanks to Paul Nijjar <paul_nijjar@yahoo.ca> * call ucf with --debconf-ok in postinst * copy cli directory to /usr/share/cacti (Closes: #483556) * add gbp.conf for git-buildpackage and friends
-- Sean Finney <seanius@debian.org> Sun, 29 Mar 2009 17:51:10 +0200
2008
cacti (0.8.7b-2) unstable; urgency=low
* ack previous NMU, thanks Andreas.
* cacti packaging now in public git repository, updated Vcs-foo headers
in debian/control appropriately.
* update Standards-Version to 3.7.3.
* New upstream "official" patch: official_invalid-upgrade-path.patch
* New upstream "official" patch: official_snmp_auth_none_notice.patch
-- Sean Finney <seanius@debian.org> Sat, 22 Mar 2008 23:58:08 +0100
cacti (0.8.7b-1.1) unstable; urgency=low
* Non-maintainer upload.
* Move ucf call in cacti.postinst above db_stop to fix freeze during
installation. (Closes: #470066)
-- Andreas Henriksson <andreas@fatal.se> Mon, 17 Mar 2008 12:52:17 +0100
cacti (0.8.7b-1) unstable; urgency=high
* New upstream release. Fixes multiple security vulnerabilities (no
CVE references yet). Closes: #465567. Thanks to Alessandro Ogier for
the suggestion about the overzealous PHP_SELF checking.
-- Sean Finney <seanius@debian.org> Wed, 13 Feb 2008 23:30:31 +0100
2007
cacti (0.8.7a-2) unstable; urgency=high
* Update errors in copyright information (closes: #457366).
-- Sean Finney <seanius@debian.org> Sun, 30 Dec 2007 22:56:17 +0100
cacti (0.8.7a-1) unstable; urgency=high
* New upstream release, including fixes for bugs and security issues.
Includes fix for CVE-2007-6035 (sql injection vulnerability)
Closes: #452085.
-- Sean Finney <seanius@debian.org> Tue, 20 Nov 2007 18:20:13 +0100
cacti (0.8.7-1) unstable; urgency=low
* New upstream release.
* updated 06_config_settings.php_cactid_path.patch with an extra fix
for the cacti logfile path.
-- sean finney <seanius@debian.org> Wed, 24 Oct 2007 20:15:19 +0200
cacti (0.8.7~beta4-1~pre) experimental; urgency=low
* New upstream (beta) release
* Removed "official" patches incorporated into upstream version:
- 07_official_graph_debug_lockup_fix.patch
- 07_official_ping_php_version4_snmpgetnext.patch
- 07_official_thumbnail_graphs_not_working.patch
- 07_official_tree_console_missing_hosts.patch
* updated 06_config_settings.php_cactid_path.patch to use FHS compatible
locations as default values, removing the need for shipping
compatibility symlinks (closes: #366662).
* updated list of upstream docs and changelog location.
* Package now uses quilt instead of dpatch for add-on patch managment.
-- sean finney <seanius@debian.org> Tue, 09 Oct 2007 19:39:49 +0200
cacti (0.8.6j-1) unstable; urgency=low
* New upstream release. Any further etch-targeted changes will be
handled in a seperate branch.
* The following patches are now obsolete:
- 07_official_poller_output_remainder.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 08_svn_timespan_breakage_fix.dpatch
* The following new "official" patches are added:
- 07_official_graph_debug_lockup_fix.dpatch
- 07_official_ping_php_version4_snmpgetnext.dpatch
- 07_official_thumbnail_graphs_not_working.dpatch
- 07_official_tree_console_missing_hosts.dpatch
-- sean finney <seanius@debian.org> Tue, 06 Mar 2007 19:00:03 +0100
cacti (0.8.6i-4) unstable; urgency=medium
* don't unconditionally source the dbconfig-common helper script
in the cacti config script, which would at least require a
pre-depends, but ultimately isn't necessary (closes: #408550).
-- sean finney <seanius@debian.org> Fri, 26 Jan 2007 23:25:11 +0100
cacti (0.8.6i-3) unstable; urgency=high
* include the list of official patches from upstream which (among other
things) resolves multiple vulnerabilities in the poller and default
scripts (Closes: 404818). thanks to Alex de Oliveira Silva for reporting
this, and Neil McGovern for a bit of consultation.
* security references:
- SA23528, CVE-2006-6799
* also include one extra changeset from svn which fixes a regression
introduced in the security patch.
* new patches:
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 07_official_poller_output_remainder.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 08_svn_timespan_breakage_fix.dpatch
-- sean finney <seanius@debian.org> Mon, 15 Jan 2007 15:36:25 +0100
2006
cacti (0.8.6i-2) unstable; urgency=low
* let cacti know where the cactid binary is, since it doesn't
seem to have a reasonable default an longer.
-- sean finney <seanius@debian.org> Mon, 30 Oct 2006 23:18:55 +0100
cacti (0.8.6i-1) unstable; urgency=low
* new upstream release
* no longer need the following patches:
- 06_official-fix_search_session_clear_issue.dpatch
- 07_official-fix_sql_syntax_related_to_default_rra_id.dpatch
- 08_official-mysql_5x_strict.dpatch
- 09_official-nth_percentile_empty_return_set_issue.dpatch
- 10_official-database_autoincrement_corruption.patch.dpatch
-- sean finney <seanius@debian.org> Sat, 28 Oct 2006 15:05:46 +0200
cacti (0.8.6h-6) unstable; urgency=low
* fix up debian/rules targets to comply with policy (closes: #395584). * change build-depends-indep to build-depends for targets needed in the clean rule. * update standards-version to 3.7.2
-- sean finney <seanius@debian.org> Fri, 22 Sep 2006 21:39:12 +0200
cacti (0.8.6h-5) unstable; urgency=low
* fix for braindead bug in postrm script introduced by yours
truly. fixed a bashism in there while i was at it (closes: #387540).
thanks to Olivier Berger for finding this.
* fix for non-essential dependencies (dbconfig-common) in the config
script (closes: #388214).
* updated portuguese brazillian templates, thanks to Andre Luis Lopes
for providing them (closes: #374020).
-- sean finney <seanius@debian.org> Fri, 22 Sep 2006 21:04:19 +0200
cacti (0.8.6h-4) unstable; urgency=low
* updated dependencies to allow any httpd-providing daemon to
satisfy the requirements for cacti. that doesn't necessarily
mean any httpd will work, but i've heard from at least one
report that others do, and i'd like to make it easier for
others to test. closes: #373886.
* updated postrm to handle cases where it's being purged without
its dependencies present.
-- sean finney <seanius@debian.org> Tue, 29 Aug 2006 09:35:34 +0200
cacti (0.8.6h-3) unstable; urgency=low
* official patch from upstream to fix database corruption and display some
users were having as a result of the differing version of adodb
in debian vs. the bundled version in cacti. thanks to the upstream
authors for their help addressing the issue, and to Rene Cunningham
for testing out the initial version of the patch.
(closes: #364391, #351342)
* added note to README.Debian about potential unmet dependencies in
mixed php4/php5 environments (thanks to Uwe Storbeck), and also
about checking the cli configuration for the required modules (thanks
to Troy Poppe), and also about potential problems with the cli
poller and safe_mode (thanks to Birger Brunswiek) (closes: #359964).
* update package description to mention that it's likely that mysql-server
should also be installed unless cacti is to be configured against a
remote database system (closes: #349754).
* added a note to README.Debian about the initial user/pass, at the
suggestion of Jonas Genannt, thanks. (closes: #352724).
* changed package dependencies to list apache2 as the first of the
series of apache-providing packages, and likewise reordered the
php/apache modules (closes: #356843).
* updated version of 08_official-mysql_5x_strict.dpatch which fixes
the breakage in ldap authentication reported by Matt Clauson, thanks.
(closes: #354663)
-- sean finney <seanius@debian.org> Tue, 25 Apr 2006 19:30:50 +0200
cacti (0.8.6h-2) unstable; urgency=low
* incorporated the following official upstream patches:
- 06_official-fix_search_session_clear_issue.dpatch
- 07_official-fix_sql_syntax_related_to_default_rra_id.dpatch
- 08_official-mysql_5x_strict.dpatch
- 09_official-nth_percentile_empty_return_set_issue.dpatch
* updated german debconf translation, thanks to
Mathias Klein (closes: #345786).
* typographical corrections to package description, thanks to
Jens Siedel (closes: #346007).
-- sean finney <seanius@debian.org> Mon, 16 Jan 2006 16:02:44 +0100
cacti (0.8.6h-1) unstable; urgency=low
* new upstream release. * upstream now officially supports mysql-5.0 (closes: #336531). * updated README.Debian with some information about zombie mysql processes that some users have been experiencing when viewing graphs (closes: #344519). * updated 01_config.php.dpatch and 05_no-adodb.dpatch to apply to new upstream version. * removed "official" patches which are now incorporated into the new upstream release: - 06_official-short_open_tag_parse_error.dpatch - 07_official-graph_properties_zoom.dpatch - 08_official-script_server_snmp_auth.dpatch - 09_official-mib_file_loading.dpatch * added a db_stop to the postinst to help prevent hangs when restarting apache2.
-- sean finney <seanius@debian.org> Fri, 06 Jan 2006 08:24:29 +0100
2005
cacti (0.8.6g-3) unstable; urgency=low
* cacti now uses dbconfig-common, and thus once again ships with
automagical database support.
* Portuguese translation for cacti's debconf messages by LuíFerreira
(closes: #336836).
* new Swedish translations from Daniel Nylander (closes: #338668).
-- sean finney <seanius@debian.org> Thu, 01 Dec 2005 14:59:40 +0100
cacti (0.8.6g-2) unstable; urgency=low
* updated dependencies to allow working with the php5 family of packages.
* new spanish debconf translations from César Gómez Martín and the
debian-l10n-spanish mailing list (closes: #334384).
* added a note to README.Debian about possible breakage if rrdtool
is upgraded without changing cacti settings (closes: #335737).
-- sean finney <seanius@debian.org> Sat, 29 Oct 2005 12:58:39 +0200
cacti (0.8.6g-1) unstable; urgency=low
* new upstream release.
* upstream has re-implemented the limited snmpv3 support that previously
existed but was later removed (closes: #301165).
* removed patches that are now incorporated upstream:
- 03_dos2unix_on_scripts
- 06_cmd-snmp-data-sanity-fixes
- 07_snmp_alternate_port
* added the current list of upstream patches:
- 06_official-short_open_tag_parse_error
- 07_official-graph_properties_zoom
- 08_official-script_server_snmp_auth
- 09_official-mib_file_loading
-- sean finney <seanius@debian.org> Sat, 24 Sep 2005 10:10:15 -0400
cacti (0.8.6f-5) unstable; urgency=low
* fix cacti to explicitly depend on versions of libphp-adodb starting
at the version which silently changed the path. thanks to
Mark Sheppard and Javier Fernández-Sanguino Peña for independantly
pointing this out (closes: #322707, #325376).
* fix cacti to depend on "virtual-mysql-client" virtual package, to
allow cacti to co-exist with the new mysql-5.0 series of packages.
thanks to Miah Gregory for pointing this out (closes: #326011).
-- sean finney <seanius@debian.org> Fri, 02 Sep 2005 05:55:46 -0400
cacti (0.8.6f-4) unstable; urgency=low
* cacti now properly depends on debconf.
-- sean finney <seanius@debian.org> Mon, 08 Aug 2005 13:23:24 -0400
cacti (0.8.6f-3) unstable; urgency=low
* fix to allow xml based check templates to work for hosts running
snmp on an alternate port. thanks to Justin Hallet for the
patch (closes: #317689).
* for posterity, the security fixes included in 0.8.6e-1 addressed
the following CVE id's:
- CAN-2005-1524 (idefense remote file inclusion)
- CAN-2005-1525 (idefense SQL injection)
- CAN-2005-1526 (idefense remote code execution)
* updated include path for adodb configuration (closes #320782), thanks
to loïc lefort for reporting this.
-- sean finney <seanius@debian.org> Mon, 01 Aug 2005 13:33:05 -0400
cacti (0.8.6f-2) unstable; urgency=high
* new version of the upstream 'sanity checking' patches introduced
in 0.8.6e-2 (closes: #317253).
* the updated Czech debconf translation from Martin SÃÂÃÂn somehow
got mixed up with the debconf translation for mysql. fixed.
(closes: #317137).
* for posterity, the security updates included in the previous
update have the following CAN numbers assigned to them:
- CAN-2005-2148 (hardened-php advisories 032005 and 042005)
- CAN-2005-2149 (hardened-php advisory 052005)
* even though it's been like 5 days, and the previous version's urgency
was set to high, it has not entered testing, so urgency will remain
at this level.
-- sean finney <seanius@debian.org> Thu, 07 Jul 2005 08:05:17 -0400
cacti (0.8.6f-1) unstable; urgency=high
* new upstream release.
* this new version addresses the following security issues reported by the
php-hardened project:
- 032005: Cacti Multiple SQL Injection Vulnerabilities
- 042005: Cacti Remote Command Execution Vulnerability
- 052005: Cacti Authentication/Addslashes Bypass Vulnerability
-- sean finney <seanius@debian.org> Sat, 02 Jul 2005 01:11:18 -0400
cacti (0.8.6e-2) UNRELEASED; urgency=high
* updated standards version to 3.6.2
* patch for sanity checking of some of the cached database information,
which sometimes causes cmd.php based poller checks to hang and
eventually fail.
-- sean finney <seanius@debian.org> Tue, 28 Jun 2005 00:54:57 -0400
cacti (0.8.6e-1) unstable; urgency=high
* new upstream release.
* this release contains fixes for the arbitrary sql injection and input
validation vulnerabilities discovered in 0.8.6d.
* new Vietnamese debian translations from Clytie Siddall (closes: #313190).
* removed obsolete (and poorly written) debconf templates. thanks
to Clytie Siddall for pointing these out (closes: #313191).
* updated Czech debconf translation from Martin SÃÂÃÂn (closes: #314620).
* lintian fixes:
- include debhelper macro in preinst
- changelog converted to UTF-8 format.
- overrides file introduced, to ignore permissions on rra dir.
-- sean finney <seanius@debian.org> Mon, 20 Jun 2005 22:30:05 -0400
cacti (0.8.6d-1) unstable; urgency=low
* new upstream release.
* removed "official patches" patch, as they are now included in this version.
* the adodb code is now removed from the build tree instead of being patched
out of the source, which makes things a bit cleaner in the long run.
* document how to login after installation. thanks to Jari Aalto for
mentioning this omission (closes: #309619).
* initial czech translation for cacti, thanks to Martin Sin (closes: #311095).
* have the cronjob output stderr to a logfile instead of stdout. thanks
to Daniel van Eeden for helping find the best solution to this
(closes: #309425).
-- sean finney <seanius@debian.org> Sat, 28 May 2005 19:42:30 -0400
cacti (0.8.6c-8) unstable; urgency=low
* import of upstream patches was b0rken. should be fixed up in this
release.
* removed the adodb code, as we're allready depending on libphp-adodb,
and should have been using that instead this whole time. i also
updated the include statement in config.php to include adodb from
its new location.
* only change ownership/permissions of debian.php the first time it is
created (which should prevent local ownership/permission changes
later on from being silently overwritten)
* don't mask errors when you can't include debian.php
* don't throw away stderr from cacti's cron.d file, and change MAILTO
to send mail to root (otherwise it'd go to www-data). thanks for
this and the preceding two fixes go to Mark Sheppard <mark@ddf.net>
(closes: #309194).
-- sean finney <seanius@debian.org> Wed, 11 May 2005 17:54:51 -0400
cacti (0.8.6c-7) unstable; urgency=low
* brought in the rest of the patches from the upstream authors.
this should fix the problem with graphing negative numbers, as
reported by Kelly Brown <kbbrown@anonymizerinc.com> (closes: #305561).
* updated dependency on php4-mysql to be versioned, to make dependencies
work better for woody users. thanks to Vittorio R Tracy <vrt@srclab.com>
for mentioning this (closes: #302563).
-- sean finney <seanius@debian.org> Wed, 06 Apr 2005 20:03:27 -0400
cacti (0.8.6c-6) unstable; urgency=low
* updated french debconf translations, thanks for this to
Christian Perrier <bubulle@debian.org> (closes: #299895).
* updated portuguese brazillian templates, thanks to
Tiago Bortoletto Vaz <tiago@debian-ba.org> (closes: #301499).
* include upstream patch to fix tree browsing when authentication
is turned off. thanks to Hannu Teulahti <teu@puv.fi> (closes: #300843).
* strip ^M's from the scripts, as it can mess up execution according
to Fred Blaise <fred.blaise@excilan.com>, thanks (closes: #300845).
* debian.php is now managed via ucf.
* generate_config is now always called in the postinst, so calling
dpkg-reconfigure should regenerate the contents of the config
file. thanks to Mickael Marchand <marchand@kde.org> (closes: #300876).
* correction in README.Debian, thanks to Miah Gregory <mace@darksilence.net>
and all the other people who emailed me about this. (closes: #299834).
* no longer depend on wwwconfig-common, only support the conf.d style
of apache configuration. this should as a side effect resolve the bug
reported by Tiago Bortoletto Vaz <tiago@debian-ba.org> (closes: #289156).
-- sean finney <seanius@debian.org> Tue, 29 Mar 2005 22:00:28 -0500
cacti (0.8.6c-5) unstable; urgency=high
* oops, let's not rm -rf the old scripts directory in the preinst,
instead try to remove the directory or fail gracefully if there
are still things in there. thanks and an apology are due to
GÃÂÃÂÃÂérald GARCIA <gege@gege.org> (closes: #300449). this is a grave
severity bug, so urgency set to high.
* README.Debian updated to mention where custom user scripts should
go, so that they can stay out of my reach :)
-- sean finney <seanius@debian.org> Mon, 21 Mar 2005 06:12:21 -0500
cacti (0.8.6c-4) unstable; urgency=high
* turns out removing the symlink wasn't as easy, need to do a couple
extra things in the preinst otherwise dpkg will keep and follow
the symlink according to debian policy.
* minor fixes in the templates.
-- sean finney <seanius@debian.org> Sun, 06 Mar 2005 12:21:01 -0500
cacti (0.8.6c-3) unstable; urgency=high
* JosÃÂÃÂÃÂé de Paula EufrÃÂÃÂÃÂásio JÃÂÃÂÃÂúnior <jose.junior@cidades.gov.br> found that there's some voodoo with ereg that doesn't work in some locales unless mbstring.func_overload is set to 0. this prevents cacti from installing, which gave the bug a grave severity, thus again the high urgency. sigh. thanks, josÃÂÃÂÃÂé (closes: #298102). * the script dir can't be a symlink after all, because it breaks php scripts. thanks to Bernardo Achirica <Berny@eDonkeyCentral.com> for finding this out (closes: #298032).
-- sean finney <seanius@debian.org> Fri, 04 Mar 2005 23:24:17 -0500
cacti (0.8.6c-2) unstable; urgency=high
* removed unneccesary poller debconf cruft.
* otherwise the same as -1, but to unstable and urgency set to high
as foretold in the previous changelog entry (closes rc bug).
-- sean finney <seanius@debian.org> Thu, 03 Mar 2005 14:21:01 -0500
cacti (0.8.6c-1) experimental; urgency=low
* new upstream release (closes: #271661). * the cacti source package no longer produces cacti-cactid, which is provided by a seperate upstream tarball. * cacti site stuff now in /usr/share/cacti/site, which frees up /usr/share for non-site related stuff. * automagical install/upgrades of the mysql database are disabled for the time being. see README.Debian for the rationale. * start to bring in ucf for managing config files. * no longer have a need for /etc/cacti/default-poller, as this is now handled completely inside the application (closes: #292365). * rrd files are now stored in /var/lib/cacti/rra, as they can not be reconstituted from scratch. this closes an rc bug, so priority on this package will be set to high when it goes into unstable, which will be the next upload (closes: #297470). * documentation provided for what you need to do if you're upgrading from a 0.6.x version of cacti. i can't guarantee that it will work, but it did for me, and this is probably the best you're going to get (closes: #226404). * various README.Debian updates. * cacti online documentation now made online to symlinking to where it already exists in /usr/share/doc.
-- sean finney <seanius@debian.org> Fri, 25 Feb 2005 19:26:57 -0500
cacti (0.8.5a-9) unstable; urgency=low
* new maintainer has adopted the package (closes: #292770) * fixed dependencies against mysql-client, so cacti now depends mysql client or mysql-client-4.1 (i'm hesitant to use virtual-mysql-client since i think mysql-client < 3.23 might not work). thanks to Robert Loomans <bts-cacti@zots.net>, Olaf van der Spek <OvdSpek@LIACS.NL>, and the mysql maintainer Christian Hammers <ch@debian.org> for pointing this out. (closes: #293750, #285002). * no longer use delaycompress in the logrotate script, since there's not much use to leaving it uncompressed by default and it's a lot of data. thanks, Gustavo Franco <stratus@acm.org> (closes: #275045).
-- sean finney <seanius@debian.org> Sat, 19 Feb 2005 19:37:54 -0500
2004
cacti (0.8.5a-8) unstable; urgency=high
* Update pt_BR, nl debconf translations. (Closes: #270277, #270787)
-- Thorsten Sauter <tsauter@debian.org> Sat, 11 Sep 2004 00:18:12 +0200
cacti (0.8.5a-7) unstable; urgency=low
* Update french translation. (Closes: #268801) * Checking for short tags in cacti/debian.php and fix them if needed. (Closes: #269480) * debian/README.Debian: add a new section about php short tags
-- Thorsten Sauter <tsauter@debian.org> Thu, 2 Sep 2004 23:27:27 +0200
cacti (0.8.5a-6) unstable; urgency=high
* Don't know why it was last: change priority from extra to optional
* debian/README.Debian: spell checking, add docu for php4-cli
* ship a new script which check for php4-mysql support and print a
error message to the poller logfile. With the modification of the
readme file I think the bug can be closed. (Closes: #267009)
-- Thorsten Sauter <tsauter@debian.org> Thu, 26 Aug 2004 22:52:38 +0200
cacti (0.8.5a-5) unstable; urgency=high
* debian/control: change priority from extra to optional * replace Brazilian Portuguese translation. (Closes: #264090) * debian/cacti.templates: Add new choice "None" to the webserver question. This gives the user a chance to use his own webserver. (Closes: #255971) * If we search for a local installed mysql-server check for packages which are installed or on hold. (Closes: #263262) * Fix some errors while removing include line from httpd.conf file. Also, print an error message if this doesn't work. New installations should use apache/conf.d anyway. (Closes: #253202) * SECURITY-UPDATE: Fix SQL Injection in CACTI. (Closes: #267758) Original upstream patch: http://cvs.raxnet.net/cgi-bin/viewcvs.cgi/cacti/auth_login.php.diff?r1=1.48&r2=1.49 Full-Disclosure: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0717.html * cacti.apache.conf: Change some php4 settings to make cacti more robust/secure. * /etc/cacti/debian.php: create long php4 tags '<?php' per default. * running debconf2po-update
-- Thorsten Sauter <tsauter@debian.org> Wed, 23 Jun 2004 08:46:37 +0200
cacti (0.8.5a-4) unstable; urgency=low
* Change package priority to extra.
* Change cronjob. The output of the poller job is now appended to the
logfile
* Update french debconf translation: fr.po. (Closes: #253585)
* Add debconf translation: pt_BR.po. Don't know, which language
this is :-) (Closes: #252021, #252017)
* Backport cacti cvs fix (#0000176) into debian version. This will fix
compatiblity problem with the output of the df command and long device
names. (Closes: #254856)
-- Thorsten Sauter <tsauter@debian.org> Tue, 22 Jun 2004 23:26:17 +0200
cacti (0.8.5a-3) unstable; urgency=low
* Fix type in package description. (Closes: #249590) * Update dutch debconf translation. (Closes: #250652)
-- Thorsten Sauter <tsauter@debian.org> Wed, 26 May 2004 11:49:27 +0200
cacti (0.8.5a-2) unstable; urgency=low
* Fix error in the cron script
- poll.sh isn't in the default path, we need ./poll.sh here
- make sure the cacti directory exists, otherwise we will get
a lot of error messages from cron. (Closes: #246982)
* Depend also on apache2. Still depend on php4-cgi, we need both
packages: php4 and php4-cgi. (Closes: #227295)
* Make the package apache2 "safe". Depend on php4 or libapache2-mod-php4
* Include apache2 howto into debian/README.Debian.
* Update templates, maintainer scripts to install config files for apache2
too. Update german translation
* cactid: remove upstream installation docu
-- Thorsten Sauter <tsauter@debian.org> Mon, 17 May 2004 11:12:05 +0200
cacti (0.8.5a-1) unstable; urgency=low
* New upstream version. * Include new dutch debconf translation: nl.po. (Closes: #245916) * Insert new dependency on php4-snmp which removes a lot of extra cpu usage. Thanks Rafael D'Halleweyn. (Closes: #228948) * Update debconf template and german/french translations. Thanks Christian Perrier. (Closes: #225890) * Including the new multi-threading poller (cactid). This binary can collect multiple datasources at the same time. (Closes: #186013, #237055) The program is not in the core release and not marked as stable, that's why I include it in an extra debian package. * The MySQL admin password is now removed from debconf database, if the user decide to not store it. (Closes: #224214) * The new poll.sh script report the output from the poller into a logfile. Maybe not the best solution, but so we don't loose any output. (Closes: #234726) * The new package containts the install/ directory also. This is useful, if we're not upgrading from 0.8.4 but from an other version. (Closes: #227737) * Insert an upgrade path from 0.8.4 and 0.8.5, this is done via sql scripts in updscripts/ * A new poll.sh script is used for cronjobs. This script use either cacti or the new cactid poller (depends on the default-poller file). * During upgrade the databases are dumped/backuped. * Update build system. Change to cdbs system. * Update README.Debian file. * Update Build-Depends/Depends
-- Thorsten Sauter <tsauter@debian.org> Mon, 26 Apr 2004 10:48:58 +0200
2003
cacti (0.8.4-2) unstable; urgency=low
* Print a warning message, if cacti is upgraded from an old version * extend debian/README.Debian with upgrade database instructions
-- Thorsten Sauter <tsauter@debian.org> Tue, 30 Dec 2003 13:44:55 +0100
cacti (0.8.4-1) unstable; urgency=low
* New maintainer. (Closes: #196199) * New upstream version. (Closes: #198777) * debian/changelog: - convert to UTF-8 * debian/control: - update standards version - update build dependencies - insert new logrotate dependency - depend on libphp-adodb, which is also in the archive - add apache-perl to apache dependency list. (Closes: #204290) * debian/rules: rewrite the way to install the files into the package * debian/cacti.cron.d: - make the script a little bit more robust. (Closes: #211249) * debian/README.Debian: - replace most parts of the text. * debian/cacti.apache.conf: - reformat the file a little bit - remove unused phtml extension * debian/cacti.logrotate: - reformat the file
-- Thorsten Sauter <tsauter@debian.org> Tue, 2 Dec 2003 11:24:49 +0100
cacti (0.6.8a-13.1) unstable; urgency=low
* NMU
* Rewrote debconf templates to more standard english with the help of
debian-l10n-english. Former templates have been left for future reference
Closes: #189401
* French debconf templates update. Closes: #197119
* More secure temp file handling in postrm. Thanks lintian.
-- Christian Perrier <bubulle@debian.org> Mon, 16 Jun 2003 22:54:11 +0200
cacti (0.6.8a-13) unstable; urgency=low
* Orphan this package
-- Igor Genibel <igenibel@debian.org> Thu, 5 Jun 2003 11:58:50 +0200
cacti (0.6.8a-12) unstable; urgency=low
* Missed to close bug #183287 (Closes: #183287)
-- Igor Genibel <igenibel@debian.org> Wed, 19 Mar 2003 09:32:25 +0100
cacti (0.6.8a-11) unstable; urgency=low
* remove quote in cron.php in order to be run in safe_mode
and /var/log/httpd/access_log -> /var/log/apache/access_log in
scripts/webhits (Closes: #177791)
* fix non installation when no mysql server is present when localhost
installation (Closes: #183288, #184324)
* fix non removal when no mysql server found (in localhost installation)
(Closes: #183288)
* fix loop when upgrading and mysql-server != localhost (Closes: #179561)
* use po-debconf
-- Igor Genibel <igenibel@debian.org> Mon, 17 Mar 2003 15:00:55 +0100
cacti (0.6.8a-10) unstable; urgency=low
* Fix various packaging mistakes
- Mention that mysql is not installed on local systems (complement to the
#172414)
- Provide a good cacti.sql (Closes: #166296)
- config.php is only store in /etc/cacti (Closes: #172410)
- Provide somes explanations for scripts provided in the package
(see the README.Debian file) (Closes: #167814)
* Standards-Version: 3.5.8
-- Igor Genibel <igenibel@debian.org> Sun, 5 Jan 2003 21:15:49 +0100
2002
cacti (0.6.8a-9) unstable; urgency=low
* Fix extra OID in parameter. Thanks to Roberto Moreda <moreda@alfa21.com> (Closes: #162873)
-- Igor Genibel <igenibel@debian.org> Mon, 30 Sep 2002 16:51:36 +0200
cacti (0.6.8a-8) unstable; urgency=low
* Fix typo in postinst file (Closes: #162574)
-- Igor Genibel <igenibel@debian.org> Fri, 27 Sep 2002 12:20:28 +0200
cacti (0.6.8a-7) unstable; urgency=low
* fix broken regexp in include/snmp_functions.php * force the use of external snmp functions
-- Igor Genibel <igenibel@debian.org> Thu, 26 Sep 2002 17:39:03 +0200
cacti (0.6.8a-6) unstable; urgency=low
* apply a patch provided by Blaine Kahle <blaine@binary.net> in order to cleanly use net-snmp5
-- Igor Genibel <igenibel@debian.org> Thu, 26 Sep 2002 16:50:24 +0200
cacti (0.6.8a-5) unstable; urgency=low
* re-add lost patch provided by Adam Conrad in order to bypass the php4-cgi
installation bug (related bugs: #147385, #147261, #129883 and #145465)
(Closes: #154822)
-- Igor Genibel <igenibel@debian.org> Thu, 26 Sep 2002 16:10:05 +0200
cacti (0.6.8a-4) unstable; urgency=low
* New recommends on iputils-ping (because of the "-w" ping option)
(Closes: #161278, #161279)
* New Standards (3.5.7.0)
* DH_COMPAT 4
-- Igor Genibel <igenibel@debian.org> Thu, 26 Sep 2002 12:35:46 +0200
cacti (0.6.8a-3) unstable; urgency=low
* Fix type in postinst file (Closes: #160694) * Add missing ; in include/rrd_functions.php file (Closes: #160703)
-- Igor Genibel <igenibel@debian.org> Tue, 17 Sep 2002 17:51:09 +0200
cacti (0.6.8a-2) unstable; urgency=high
* Security upload:
really fix the arbitrary program code execution.
-- Igor Genibel <igenibel@debian.org> Tue, 10 Sep 2002 09:57:00 +0200
cacti (0.6.8a-1) unstable; urgency=high
* Security Upload:
prevent executing arbitrary program code under the user id of the web
server.
-- Igor Genibel <igenibel@debian.org> Mon, 9 Sep 2002 14:39:37 +0200
cacti (0.6.8-10) unstable; urgency=high
* fix the wrong setcookie() call (Closes: #157740) * force the use of net-snmp tool instead of using native broken php-snmp functions (Closes: #157383,#157381) * urgency=high because cacti is not usable with the php-snmp functions
-- Igor Genibel <igor@genibel.org> Thu, 22 Aug 2002 17:20:32 +0200
cacti (0.6.8-9) unstable; urgency=low
* The ÃÂÃÂÃÂÃÂÃÂÃÂÃÂëI'm too lame and stupidÃÂÃÂÃÂÃÂÃÂÃÂÃÂû version * really add the ÃÂÃÂÃÂÃÂÃÂÃÂÃÂëif existsÃÂÃÂÃÂÃÂÃÂÃÂÃÂû statement
-- Igor Genibel <igenibel@debian.org> Mon, 19 Aug 2002 16:03:44 +0200
cacti (0.6.8-8) unstable; urgency=low
* add a ÃÂÃÂÃÂÃÂÃÂÃÂÃÂëif existsÃÂÃÂÃÂÃÂÃÂÃÂÃÂû when dropping the database (for partial installation)
-- Igor Genibel <igenibel@debian.org> Mon, 19 Aug 2002 15:46:58 +0200
cacti (0.6.8-7) unstable; urgency=low
* Fix uninstallable package with calling mysql differently (Closes: #156951)
-- Igor Genibel <igenibel@debian.org> Mon, 19 Aug 2002 14:41:08 +0200
cacti (0.6.8-6) unstable; urgency=low
* move php-cgi bug workaround from include/database.php to
include/config.php in order to fix the html export bug
* put strict dependency on mysql-client (because of SQL query)
(Closes: #149787)
-- Igor Genibel <igenibel@debian.org> Wed, 12 Jun 2002 19:40:29 +0200
cacti (0.6.8-5) unstable; urgency=low
* ask for password confirmation. * Test if provided password for mysql is Ok. (Closes: #148862) * add two scripts
-- Igor Genibel <igenibel@debian.org> Mon, 3 Jun 2002 14:11:28 +0200
cacti (0.6.8-4) unstable; urgency=low
* put php_flag short_open_tag On in apache.conf file (Closes: #147283) * fix SQL entry for webhits script
-- Igor Genibel <igenibel@debian.org> Fri, 17 May 2002 18:45:17 +0200
cacti (0.6.8-3) unstable; urgency=low
* provide the get_stat_for_interface.pl script (I'm too lame)
-- Igor Genibel <igenibel@debian.org> Fri, 17 May 2002 18:36:44 +0200
cacti (0.6.8-2) unstable; urgency=low
* Suppress and fix wrong SQL inserts. (Closes: #147259,#147262) Thanks to Guillaume <mail@stereo.lu> * Applied a patch provided by Adam Conrad in order to bypass php4-cgi installation bug
-- Igor Genibel <igenibel@debian.org> Fri, 17 May 2002 16:19:14 +0200
cacti (0.6.8-1) unstable; urgency=low
* New upstream version (Closes: #146799) * add new script that fetches informations directly from /proc (Luc Saillard) * patch auth_login.php in order to move php4 dependency from Depends to Recommends. Now only php4-cgi package is mandatory. (Luc Saillard) * Standards-Version: 3.5.6.0
-- Igor Genibel <igenibel@debian.org> Mon, 13 May 2002 16:03:13 +0200
cacti (0.6.7-2) unstable; urgency=low
* add snmp to dependencies * fix logrotate broken file * add a note in README.Debian concerning php4-cgi installation
-- Igor Genibel <igor@genibel.org> Fri, 5 Apr 2002 12:59:51 +0200
cacti (0.6.7-1) unstable; urgency=low
* Initial Release. (Closes: #140461)
-- Igor Genibel <igor@genibel.org> Wed, 3 Apr 2002 15:04:11 +0200