10 files changed, 830 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..ef192d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/cacti-1.2.28.tar.gz
diff --git a/cacti-1.2.x-csrf-secret.patch b/cacti-1.2.x-csrf-secret.patch
new file mode 100644
index 0000000..993ccd5
--- /dev/null
+++ b/cacti-1.2.x-csrf-secret.patch
@@ -0,0 +1,11 @@
+--- cacti-1.2.23/include/config.php.dist.orig	2023-01-02 15:47:02.000000000 +0100
++++ cacti-1.2.23/include/config.php.dist	2023-01-04 10:36:19.834958775 +0100
+@@ -131,7 +131,7 @@ $disable_log_rotation = false;
+  * the CRSF secret file.
+  */
+ 
+-//$path_csrf_secret = '/usr/share/cacti/resource/csrf-secret.php';
++$path_csrf_secret = '/var/lib/cacti/csrf/csrf-secret.php';
+ 
+ /**
+  * The following are optional variables for debugging low level system
diff --git a/cacti-1.2.x-disable_log_rotation.patch b/cacti-1.2.x-disable_log_rotation.patch
new file mode 100644
index 0000000..81ad0d7
--- /dev/null
+++ b/cacti-1.2.x-disable_log_rotation.patch
@@ -0,0 +1,11 @@
+--- cacti-1.2.23/include/config.php.dist.orig	2023-01-02 15:47:02.000000000 +0100
++++ cacti-1.2.23/include/config.php.dist	2023-01-04 10:31:04.844402154 +0100
+@@ -94,7 +94,7 @@ $cacti_db_session = false;
+  * Disable log rotation settings for packagers
+  */
+ 
+-$disable_log_rotation = false;
++$disable_log_rotation = true;
+ 
+ /**
+  * Optional parameters to define scripts and resource paths. These
diff --git a/cacti-httpd.conf b/cacti-httpd.conf
new file mode 100644
index 0000000..c687845
--- /dev/null
+++ b/cacti-httpd.conf
@@ -0,0 +1,57 @@
+#
+# Cacti: An rrd based graphing tool
+#
+
+# For security reasons, the Cacti web interface is accessible only to
+# localhost in the default configuration. If you want to allow other clients
+# to access your Cacti installation, change the httpd ACLs below.
+# For example:
+# On httpd 2.4, change "Require host localhost" to "Require all granted".
+# On httpd 2.2, change "Allow from localhost" to "Allow from all".
+
+Alias /cacti    /usr/share/cacti
+
+<Directory /usr/share/cacti/>
+	<IfModule mod_authz_core.c>
+		# httpd 2.4
+		Require host localhost
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		# httpd 2.2
+		Order deny,allow
+		Deny from all
+		Allow from localhost
+	</IfModule>
+</Directory>
+
+<Directory /usr/share/cacti/install>
+	# mod_security overrides.
+	# Uncomment these if you use mod_security.
+	# allow POST of application/x-www-form-urlencoded during install
+	#SecRuleRemoveById 960010
+	# permit the specification of the rrdtool paths during install
+	#SecRuleRemoveById 900011
+</Directory>
+
+
+# These sections marked "Require all denied" (or "Deny from all")
+# should not be modified.
+# These are in place in order to harden Cacti.
+<Directory /usr/share/cacti/log>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>
+<Directory /usr/share/cacti/rra>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>
diff --git a/cacti.README.fedora b/cacti.README.fedora
new file mode 100644
index 0000000..d36f0f1
--- /dev/null
+++ b/cacti.README.fedora
@@ -0,0 +1,53 @@
+In order for Cacti to function properly, please edit the following files:
+
+/etc/cacti/db.php
+/etc/httpd/conf.d/cacti.conf
+
+If you do not plan to use systemd to run the cacti poller, also edit:
+
+/etc/cron.d/cacti
+
+Important:
+We recommend that you turnoff SELinux with setenforce 0 during the installation of cacti.
+
+The installation procedure, briefly summarized:
+
+1) Create the cacti MySQL database:
+
+   # mysqladmin -u root -p create cacti
+
+2) Import the default cacti database:
+
+   # mysql -u root -p cacti < /usr/share/doc/cacti/cacti.sql
+
+3) Create the cacti database user:
+
+   # mysql -u root -p
+   mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser';
+   mysql> flush privileges;
+
+   (Use a different password in the above GRANT command.)
+  
+4) Import mysql_tzinfo_to_sql to MySQL
+
+   # mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
+  
+5) Set SELECT permission for cactiuser to mysql.time_zone_name
+
+   # mysql -u root -p
+   mysql> use mysql;
+   mysql> GRANT SELECT ON mysql.time_zone_name TO cactiuser@localhost;
+   mysql> flush privileges;
+
+6) Enable the systemd service unit for the cactid poller (if not using
+   the crontab file in /etc/cron.d/cacti):
+
+   # systemctl enable --now cactid.service
+
+7) Then visit http://localhost/cacti/ to complete the installation.
+
+Cacti's install procedure is not fully compatible with mod_security. If you use
+mod_security, please uncomment the SecRuleRemoveById lines in
+/etc/http/conf.d/cacti.conf.
+
+Cacti should work with SELinux. If you cannot get it to work, please file a bug.
diff --git a/cacti.cron b/cacti.cron
new file mode 100644
index 0000000..0aebaee
--- /dev/null
+++ b/cacti.cron
@@ -0,0 +1 @@
+#*/5 * * * *	apache	/usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
diff --git a/cacti.logrotate b/cacti.logrotate
new file mode 100644
index 0000000..754a051
--- /dev/null
+++ b/cacti.logrotate
@@ -0,0 +1,8 @@
+/var/log/cacti/cacti.log {
+	weekly
+	rotate 7
+	missingok
+	notifempty
+	compress
+	su apache apache
+}
diff --git a/cacti.nginx b/cacti.nginx
new file mode 100644
index 0000000..ce732b5
--- /dev/null
+++ b/cacti.nginx
@@ -0,0 +1,19 @@
+# cacti nginx configuration
+
+location = /cacti {
+    alias /usr/share/cacti/;
+}
+
+location /cacti/ {
+     root /usr/share;
+     index index.php index.html;
+
+     location ~ ^/cacti/(.+\.php)$
+     {
+         try_files $uri =404;
+         fastcgi_intercept_errors on;
+         include        fastcgi_params;
+         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+         fastcgi_pass   php-fpm;
+     }
+}
diff --git a/cacti.spec b/cacti.spec
new file mode 100644
index 0000000..58471f9
--- /dev/null
+++ b/cacti.spec
@@ -0,0 +1,668 @@
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
+
+Name: cacti
+Version: 1.2.28
+Release: 1%{?dist}
+Summary: An rrd based graphing tool
+License: GPLv2+
+URL: https://www.cacti.net/
+Source0: https://www.cacti.net/downloads/%{name}-%{version}.tar.gz
+Source1: cacti-httpd.conf
+Source2: cacti.logrotate
+Source3: cacti.README.fedora
+Source4: %{name}.cron
+Source5: cacti.nginx
+Patch0: cacti-1.2.x-disable_log_rotation.patch
+Patch1: cacti-1.2.x-csrf-secret.patch
+
+BuildArch: noarch
+
+BuildRequires: systemd
+
+Requires: httpd-filesystem
+Requires: nginx-filesystem
+Requires: php(httpd)
+Suggests: httpd
+
+# Requires PHP 5.4+
+Requires: php(language) >= 5.4
+
+# DB access is managed via pdo_mysql
+Requires: php-pdo_mysql
+
+# Core PHP libs/extensions required by Cacti
+Requires: php-pdo
+Requires: php-reflection
+Requires: php-simplexml
+Requires: php-ctype
+Requires: php-date
+Requires: php-dom
+Requires: php-gettext
+Requires: php-filter
+Requires: php-gd
+Requires: php-gmp
+Requires: php-hash
+Requires: php-iconv
+Requires: php-intl
+Requires: php-json
+Requires: php-ldap
+Requires: php-mbstring
+Requires: php-openssl
+Requires: php-pcntl
+Requires: php-pcre
+Requires: php-posix
+Requires: php-session
+Requires: php-snmp
+Requires: php-sockets
+Requires: php-spl
+Requires: php-xml
+Requires: php-zlib
+
+# Cacti Requirements
+Requires: mariadb
+Requires: httpd
+Requires: rrdtool
+Requires: net-snmp
+Requires: net-snmp-utils
+Requires: crontabs
+
+# Bundled JS library
+Provides: bundled(js-jquery) = 3.4.1
+Provides: bundled(js-storage) = 1.0.4
+Provides: bundled(js-tree) = 3.3.8
+
+%description
+Cacti is a complete frontend to RRDTool. It stores all of the
+necessary information to create graphs and populate them with
+data in a MySQL database. The frontend is completely PHP
+driven.
+
+%prep
+%autosetup -p1
+
+%build
+# Nothing to build
+
+%install
+%{__mkdir} -p %{buildroot}/%{_sysconfdir}/%{name}
+%{__install} -d -m 0755 %{buildroot}/%{_pkgdocdir}
+%{__install} -d -m 0755 %{buildroot}/%{_datadir}/%{name}/
+%{__install} -d -m 0755 cache/ %{buildroot}/%{_localstatedir}/lib/%{name}/cache
+%{__install} -d -m 0755 cli/ %{buildroot}/%{_localstatedir}/lib/%{name}/cli
+%{__install} -d -m 0775 log/ %{buildroot}/%{_localstatedir}/log/%{name}/
+%{__install} -d -m 0755 resource/ %{buildroot}/%{_localstatedir}/lib/%{name}/resource
+%{__install} -d -m 0755 rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/rra/
+%{__install} -d -m 0755 scripts/ %{buildroot}/%{_localstatedir}/lib/%{name}/scripts/
+%{__install} -d -m 0755 csrf/ %{buildroot}/%{_localstatedir}/lib/%{name}/csrf/
+%{__mv} *.php %{buildroot}/%{_datadir}/%{name}/
+%{__mv} cache/ %{buildroot}/%{_localstatedir}/lib/%{name}/
+%{__mv} cli/ %{buildroot}/%{_localstatedir}/lib/%{name}/
+%{__mv} resource/ %{buildroot}/%{_localstatedir}/lib/%{name}/
+%{__mv} rra/ %{buildroot}/%{_localstatedir}/lib/%{name}/
+%{__mv} scripts/ %{buildroot}/%{_localstatedir}/lib/%{name}/
+%{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/cron.d/%{name}
+%{__install} -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/%{name}.conf
+%{__install} -D -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/nginx/default.d/%{name}.conf
+%{__install} -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/logrotate.d/cacti
+%{__cp} -ar formats/ images/ include/ install/ lib/ locales/ mibs/ plugins/ %{buildroot}%{_datadir}/%{name}
+%{__cp} %{SOURCE3} %{buildroot}/%{_pkgdocdir}
+%{__cp} -a docs/ %{buildroot}/%{_pkgdocdir}
+%{__mv} %{buildroot}/%{_datadir}/%{name}/include/config.php.dist %{buildroot}/%{_sysconfdir}/%{name}/db.php
+%{__chmod} +x %{buildroot}/%{_datadir}/%{name}/cmd.php %{buildroot}/%{_datadir}/%{name}/poller.php
+ln -s %{_localstatedir}/lib/%{name}/cache %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/lib/%{name}/cli %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_sysconfdir}/%{name}/db.php %{buildroot}/%{_datadir}/%{name}/include/config.php
+ln -s %{_localstatedir}/lib/%{name}/resource %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/lib/%{name}/rra %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/lib/%{name}/scripts %{buildroot}/%{_datadir}/%{name}/
+ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{_datadir}/%{name}/log
+ln -s %{_datadir}/%{name}/lib %{buildroot}/%{_localstatedir}/lib/%{name}/
+ln -s %{_datadir}/%{name}/include %{buildroot}/%{_localstatedir}/lib/%{name}/
+# Create logfiles
+touch %{buildroot}/%{_localstatedir}/log/%{name}/%{name}.log
+touch %{buildroot}/%{_localstatedir}/log/%{name}/%{name}_stderr.log
+# Create csrf-secret.php
+touch %{buildroot}/%{_localstatedir}/lib/%{name}/csrf/csrf-secret.php
+
+# Install systemd unit file with correct cacti installation path
+sed -i -e 's,ExecStart=/var/www/html/cacti,ExecStart=%{_datadir}/%{name},' service/cactid.service
+%{__mkdir} -p %{buildroot}/%{_unitdir}
+%{__cp} service/cactid.service %{buildroot}/%{_unitdir}/cactid.service
+# Create empty environment file
+%{__mkdir} -p %{buildroot}/%{_sysconfdir}/sysconfig
+touch %{buildroot}/%{_sysconfdir}/sysconfig/cactid
+
+# Migrate /usr/share/cacti/resource to /var/cacti/resource
+%pretrans -p <lua>
+path = "/usr/share/cacti/resource"
+st = posix.stat(path)
+if st and st.type == "directory" then
+  status = os.rename(path, path .. ".rpmmoved")
+  if not status then
+    suffix = 0
+    while not status do
+      suffix = suffix + 1
+      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
+    end
+    os.rename(path, path .. ".rpmmoved")
+  end
+end
+
+%post
+# Migrate file ownership to apache user
+chown -R apache:apache %{_localstatedir}/lib/%{name}/cache/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/cli/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/csrf/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/resource/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/rra/
+chown -R apache:apache %{_localstatedir}/lib/%{name}/scripts/
+chown -R apache:apache %{_localstatedir}/log/%{name}/
+chown root:apache %{_sysconfdir}/%{name}/db.php
+
+# SELinux
+semanage fcontext -a -t httpd_sys_content_t '%{_sysconfdir}/%{name}/db.php' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cache(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cli(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/csrf(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/resource(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/scripts(/.*)?' 2>/dev/null || :
+restorecon -R %{_localstatedir}/lib/%{name} || :
+restorecon -R %{_sysconfdir}/%{name} || :
+
+# Migrate cacti polller to apache user
+
+sed -i -e 's/\tcacti\t/\tapache\t/' %{_sysconfdir}/cron.d/%{name}
+
+# Systemd
+%systemd_post cactid.service
+
+%preun
+%systemd_preun cactid.service
+
+%postun
+if [ $1 -eq 0  ] ; then
+semanage fcontext -d -t httpd_sys_content_t '%{_sysconfdir}/%{name}/db.php' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cache(/.*)?' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/cli(/.*)?' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/csrf(/.*)?' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/resource(/.*)?' 2>/dev/null || :
+semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}/scripts(/.*)?' 2>/dev/null || :
+fi
+%systemd_postun_with_restart cactid.service
+
+%files
+%doc docs/ README.md cacti.sql
+%license LICENSE
+%dir %{_sysconfdir}/%{name}
+%dir %{_datadir}/%{name}
+%dir %{_localstatedir}/lib/%{name}
+%dir %{_localstatedir}/lib/%{name}/cli
+%dir %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/csrf
+%dir %attr(-,apache,apache) %{_localstatedir}/lib/%{name}/scripts
+%dir %attr(-,apache,apache) %{_localstatedir}/log/%{name}/
+%config(noreplace) %attr(-,apache,apache) %{_localstatedir}/log/%{name}/%{name}.log
+%config(noreplace) %attr(-,apache,apache) %{_localstatedir}/log/%{name}/%{name}_stderr.log
+%config(noreplace) %{_sysconfdir}/cron.d/cacti
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
+%config(noreplace) %{_sysconfdir}/nginx/default.d/%{name}.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config(noreplace) %{_sysconfdir}/sysconfig/cactid
+%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/%{name}/db.php
+%{_datadir}/%{name}/*.php
+%{_datadir}/%{name}/cache
+%{_datadir}/%{name}/cli
+%{_datadir}/%{name}/formats/
+%{_datadir}/%{name}/images/
+%{_datadir}/%{name}/include/
+%{_datadir}/%{name}/install/
+%{_datadir}/%{name}/lib/
+%{_datadir}/%{name}/locales/*
+%{_datadir}/%{name}/log
+%{_datadir}/%{name}/mibs
+%{_datadir}/%{name}/plugins/
+%{_datadir}/%{name}/resource
+%{_datadir}/%{name}/rra
+%{_datadir}/%{name}/scripts
+%{_localstatedir}/lib/%{name}/scripts/*[^p]
+%{_unitdir}/cactid.service
+%{_pkgdocdir}/cacti.README.fedora
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/scripts/*.php
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/scripts/.htaccess
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/resource/
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/rra/
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cache/
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cli/*php
+%attr(-,apache,apache) %{_localstatedir}/lib/%{name}/cli/.htaccess
+%attr(0770,apache,apache) %{_localstatedir}/lib/%{name}/csrf/csrf-secret.php
+%attr(-,root,root) %{_localstatedir}/lib/%{name}/include
+%attr(-,root,root) %{_localstatedir}/lib/%{name}/lib
+%ghost %{_datadir}/%{name}/resource.rpmmoved
+
+%changelog
+* Tue Jul 11 2023 FeRD (Frank Dana) <ferdnyc@gmail.com> - 1.2.23-3
+- Package systemd system unit file cactid.service
+- Update Fedora README to mention systemd unit as alternative to crontab
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.23-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jan 04 2023 Morten Stevens <mstevens@fedoraproject.org> - 1.2.23-1
+- Update to 1.2.23
+
+* Sat Oct 22 2022 Morten Stevens <mstevens@fedoraproject.org> - 1.2.22-1
+- Update to 1.2.22
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.21-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu May 19 2022 Morten Stevens <mstevens@fedoraproject.org> - 1.2.21-1
+- Update to 1.2.21
+
+* Sun Apr 10 2022 Morten Stevens <mstevens@fedoraproject.org> - 1.2.20-1
+- Update to 1.2.20
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.19-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Nov 02 2021 Morten Stevens <mstevens@fedoraproject.org> - 1.2.19-1
+- Update to 1.2.19
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 10 2021 Morten Stevens <mstevens@fedoraproject.org> - 1.2.17-1
+- Update to 1.2.17
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Dec 14 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.16-1
+- Update to 1.2.16
+
+* Tue Nov 03 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.15-1
+- Update to 1.2.15
+
+* Thu Aug 06 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.14-1
+- Update to 1.2.14
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.13-1
+- Update to 1.2.13
+- CVE-2020-11022, CVE-2020-11023, CVE-2020-13625, CVE-2020-14295
+
+* Wed May 27 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.12-1
+- Update to 1.2.12
+
+* Tue Apr 07 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.11-1
+- Update to 1.2.11
+
+* Mon Mar 02 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.10-1
+- Update to 1.2.10
+- CVE-2020-8813
+
+* Mon Feb 10 2020 Morten Stevens <mstevens@fedoraproject.org> - 1.2.9-1
+- Update to 1.2.9
+- CVE-2020-7106, CVE-2020-7237
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Dec 11 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.8-1
+- Update to 1.2.8
+- CVE-2019-17357, CVE-2019-17358, CVE-2019-16723
+
+* Sat Nov 30 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.7-1
+- Update to 1.2.7
+
+* Tue Sep 03 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.6-1
+- Update to 1.2.6
+
+* Thu Aug 22 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.5-4
+- Don't require php-imap
+
+* Sat Aug 03 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.5-3
+- Require mariadb instead of mysql
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jul 20 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.5-1
+- Update to 1.2.5
+
+* Sat Jun 08 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.4-1
+- Update to 1.2.4
+
+* Sun Mar 31 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.3-1
+- Update to 1.2.3
+
+* Mon Feb 25 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.2-1
+- Update to 1.2.2
+- SELinux improvements
+- Packaging improvements
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.1-1
+- Update to 1.2.1
+
+* Sun Jan 06 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.0-2
+- Spec file improvements
+- Updated PHP libs/extensions
+
+* Thu Jan 03 2019 Morten Stevens <mstevens@fedoraproject.org> - 1.2.0-1
+- Update to 1.2.0
+- Provide nginx support
+
+* Mon Dec 03 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.38-4
+- Spec file improvements
+- Updated logrotation settings
+- Removed cacti user
+- Changed rra file ownership to apache #1454755
+
+* Wed Jul 25 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.38-3
+- Fix for https://github.com/Cacti/cacti/issues/1634
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.38-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 16 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.38-1
+- Update to 1.1.38
+
+* Mon Mar 26 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.37-1
+- Update to 1.1.37
+
+* Mon Feb 26 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.36-1
+- Update to 1.1.36
+
+* Tue Feb 13 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.35-1
+- Update to 1.1.35
+
+* Tue Feb 06 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.34-1
+- Update to 1.1.34
+
+* Wed Jan 24 2018 Morten Stevens <mstevens@fedoraproject.org> - 1.1.33-1
+- Update to 1.1.33
+
+* Sun Nov 19 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.28-1
+- Update to 1.1.28
+- CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785
+
+* Mon Oct 23 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.27-1
+- Update to 1.1.27
+
+* Tue Oct 17 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.26-1
+- Update to 1.1.26
+- CVE-2017-15194
+
+* Mon Sep 18 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.24-1
+- Update to 1.1.24
+
+* Tue Sep 05 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.21-1
+- Update to 1.1.21
+
+* Mon Aug 21 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.19-1
+- Update to 1.1.19
+
+* Sun Aug 13 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.17-1
+- Update to 1.1.17
+
+* Sun Jul 30 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.16-1
+- Update to 1.1.16
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Jul 25 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.15-1
+- Update to 1.1.15
+
+* Mon Jul 24 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.14-1
+- Update to 1.1.14
+
+* Fri Jul 14 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.13-1
+- Update to 1.1.13
+
+* Thu Jul 06 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.12-2
+- Fix Cross-site Scripting (XSS) issue with link.php
+
+* Wed Jul 05 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.12-1
+- Update to 1.1.12
+
+* Tue Jul 04 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.11-1
+- Update to 1.1.11
+
+* Mon Jun 12 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.10-1
+- Update to 1.1.10
+
+* Mon May 22 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.7-1
+- Update to 1.1.7
+
+* Sat May 13 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.6-2
+- Fix PHP requirements
+- Cacti db access not compatible with PHP 7 (#1450578)
+
+* Mon May 08 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.6-1
+- Update to 1.1.6
+
+* Wed Apr 26 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.5-1
+- Update to 1.1.5
+
+* Mon Apr 24 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.4-1
+- Update to 1.1.4
+
+* Sun Apr 16 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.3-1
+- Update to 1.1.3
+
+* Wed Apr 12 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.2-2
+- Work with several MySQL variants (#1440755)
+
+* Mon Apr 03 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.2-1
+- Update to 1.1.2
+
+* Tue Mar 28 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.1-1
+- Update to 1.1.1
+
+* Mon Mar 20 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.0-1
+- Update to 1.1.0
+
+* Wed Mar 15 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.6-1
+- Update to 1.0.6
+
+* Mon Mar 13 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.5-1
+- Update to 1.0.5
+- Logfile improvements
+- Added php-gd and php-process as dependency (#1430893)
+
+* Mon Feb 27 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.4-1
+- Update to 1.0.4
+
+* Sat Feb 18 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.3-2
+- Cacti 1.0.x spec file improvements
+
+* Thu Feb 16 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.3-1
+- Update to 1.0.3
+
+* Sun Feb 12 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.0.2-1
+- Update to 1.0.2
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.8h-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Jan 18 2017 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8h-3
+- Fixes for PHP7 backported from Arch Linux (#1390770)
+
+* Tue Jun 28 2016 Jon Ciesla <limburgher@gmail.com> - 0.8.8h-2
+- php7 Requires fix.
+
+* Mon May 09 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8h-1
+- Update to 0.8.8h
+- CVE-2016-3659
+
+* Fri Apr 15 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8g-1
+- Update to 0.8.8g
+- Improve spec file (#1302904)
+
+* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-2
+- CVE-2015-8369: SQL Injection vulnerability in graph.php
+- CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
+- CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
+
+* Fri Jan 29 2016 Morten Stevens <mstevens@fedoraproject.org> - 0.8.8f-1
+- Update to 0.8.8f
+
+* Fri Jun 27 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-7
+- Patches for CVE-2014-4002 Cross-site scripting vulnerability
+  (RHBZ #1113035)
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8b-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Apr 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-5
+- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
+  (RHBZ #1084258)
+- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
+  (RHBZ #1084258)
+- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
+- Patch for CVE-2014-2328 use of exec-like function calls without safety
+  checks allow arbitrary command execution (RHBZ #1082122)
+
+* Fri Feb 07 2014 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-4
+- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
+  Jóhann B. Guðmundsson.
+- Update for systemd (RHBZ #947047). Thanks Jóhann B. Guðmundsson.
+- Fix rpmlint warning about spaces-to-tabs
+
+* Wed Sep 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-3
+- Fix comments in thumbnails (BZ #1004550)
+
+* Mon Aug 26 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-2
+- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)
+
+* Wed Aug 07 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8b-1
+- New upstream release (BZ #993042)
+
+* Mon Jul 29 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-9
+- Use %%{_pkgdocdir}, per
+  https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
+
+* Sun Jul 14 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-8
+- Improve security description in cacti's httpd conf (RHBZ #895823)
+- Use improved treeview replacement patch (RHBZ #888207)
+- rpmlint fixes
+- trim RPM changelog
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Jan 08 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-6
+- Add note to README.fedora about the default MySQL password
+- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122)
+- Add dependency on net-snmp-utils (RHBZ #893150)
+
+* Fri Jan 04 2013 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-5
+- Install our README file as README.fedora
+
+* Fri Jan  4 2013 Tom Callaway <spot@fedoraproject.org> - 0.8.8a-4
+- remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.8a-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jun 28 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-2
+- Add plugins directory (BZ #834355)
+- Drop Fedora 15 (EOL) from logrotate syntax adjustment
+
+* Mon Apr 30 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8a-1
+- New upstream release (BZ #817506)
+- Drop upstreamed $url_path patch
+
+* Wed Apr 11 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-3
+- Patch $url_path to default to "/cacti/" (upstream bug 2217)
+
+* Fri Apr 06 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-2
+- Adjust httpd ACL conditionals to test the presence of mod_authz_core
+  (as discussed on fedora-devel)
+
+* Wed Apr 04 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.8-1
+- New upstream release (BZ #809753).
+
+* Mon Mar 26 2012 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-4
+- Adjust ACLs to support httpd 2.4.
+
+* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7i-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Dec 13 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-2
+- Only set "su" logrotate parameter for F16 and above.
+- Tweak mod_security rules.
+
+* Mon Dec 12 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7i-1
+- New upstream release (BZ #766573).
+
+* Fri Nov 11 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-2
+- block HTTP access to log and rra directories (#609856)
+- overrides for mod_security
+- set logrotate to su to cacti apache when rotating (#753079)
+
+* Thu Oct 27 2011 Ken Dreyer <ktdreyer@ktdreyer.com> - 0.8.7h-1
+- New upstream release.
+- Remove upstream'd mysql patch.
+
+* Mon Aug 08 2011 Jon Ciesla <limb@jcomserv.net> - 0.8.7g-3
+- Patch for MySQL 5.5, BZ 728513.
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7g-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jul 12 2010 Mike McGrath <mmcgrath@redhat.com> 0.8.7g-1
+- Upstream released new version
+
+* Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
+- Upstream released new version
+- Contains security updates #595289
+
+* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
+- Pulling in patches from upstream
+- SQL injection fix
+- BZ #541279
+
+* Tue Dec  1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
+- Pulling in some official patches
+- #541279
+- #541962
+
+* Sun Aug 16 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-1
+- Upstream released new version
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Mar 31 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 0.8.7d-3
+- Fix unowned cli directory (#473631)
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7d-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Feb 21 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7d-1
+- Upstream released new version
+
+* Mon Jul 28 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-4
+- Added cli directory
+
+* Fri Jul 18 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-3
+- fix my own mistake in the license tag
+
+* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.7b-2
+- fix license tag
+
+* Thu Feb 14 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-1
+- Upstream released new version
+
+* Fri Nov 23 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-2
+- db.php is now 640 instead of 660 - #396331
+
+* Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-1
+- Upstream released new version
+- Fixes for bug #391691 - CVE-2007-6035
diff --git a/sources b/sources
new file mode 100644
index 0000000..2dd35cd
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+37a73a1f81cba92420e174aeed2f18b1  cacti-1.2.28.tar.gz