MFH: r390274

Update to 0.8.8d (security: fixes multiple XSS/SQL injection
vulnerabilities)

PR:		200963
Submitted by:	maintainer (freebsd-ports@dan.me.uk)
Security:	a3929112-181b-11e5-a1cf-002590263bf5
Approved by:	ports-secteam

3 files changed, 65 insertions, 44 deletions

diff --git a/net-mgmt/cacti/Makefile b/net-mgmt/cacti/Makefile
index 52858f4baf88..90f4ddc3dc82 100644
--- a/net-mgmt/cacti/Makefile
+++ b/net-mgmt/cacti/Makefile
@@ -1,17 +1,12 @@
 # $FreeBSD$
 
 PORTNAME=	cacti
-PORTVERSION=	0.8.8b${PATCHLEVEL}
-PORTREVISION=	3
+PORTVERSION=	0.8.8d${PATCHLEVEL}
 CATEGORIES=	net-mgmt www
-MASTER_SITES=	http://www.cacti.net/downloads/
+MASTER_SITES=	http://www.cacti.net/downloads/ \
+		ftp://ftpmirror.uk/freebsd-ports/cacti/
 
-# Vendor's patches
-PATCH_SITES=	http://www.cacti.net/downloads/patches/${SITEDISTVERSION}/
-PATCHFILES=	security.patch
-PATCH_DIST_STRIP=	-p1
-
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	freebsd-ports@dan.me.uk
 COMMENT=	Web-driven graphing interface for RRDTool
 
 LICENSE=	GPLv2
@@ -19,11 +14,11 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 
 RUN_DEPENDS=	rrdtool:${PORTSDIR}/databases/rrdtool
 
-PATCH_STRIP=	-p1
-USES=		shebangfix
+USES=		cpe shebangfix
 USE_MYSQL=	yes
 USE_PHP=	mysql pcre session sockets snmp xml
 WANT_PHP_WEB=	yes
+NO_ARCH=	yes
 NO_BUILD=	yes
 PKGMESSAGE=	${WRKDIR}/pkg-message
 SUB_FILES=	pkg-message
diff --git a/net-mgmt/cacti/distinfo b/net-mgmt/cacti/distinfo
index 2e15cac6fac0..1140ed6fb010 100644
--- a/net-mgmt/cacti/distinfo
+++ b/net-mgmt/cacti/distinfo
@@ -1,4 +1,2 @@
-SHA256 (cacti-0.8.8b.tar.gz) = ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c
-SIZE (cacti-0.8.8b.tar.gz) = 2272130
-SHA256 (security.patch) = 73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163
-SIZE (security.patch) = 6909
+SHA256 (cacti-0.8.8d.tar.gz) = 1e3fb4aa137c0a9cb682fa66956c1f59dfc730040a215c45b7f9a5f9b9714bec
+SIZE (cacti-0.8.8d.tar.gz) = 2470512
diff --git a/net-mgmt/cacti/pkg-plist b/net-mgmt/cacti/pkg-plist
index 7813fc19fbf0..66d5968f9fd1 100644
--- a/net-mgmt/cacti/pkg-plist
+++ b/net-mgmt/cacti/pkg-plist
@@ -3,9 +3,10 @@
 %%CACTIDIR%%/about.php
 %%CACTIDIR%%/auth_changepassword.php
 %%CACTIDIR%%/auth_login.php
-%%CACTIDIR%%/cacti.sql
+%%CACTIDIR%%/%%CACTIUSER%%.sql
 %%CACTIDIR%%/cdef.php
 %%CACTIDIR%%/cli/.htaccess
+%%CACTIDIR%%/cli/index.php
 %%CACTIDIR%%/cli/add_data_query.php
 %%CACTIDIR%%/cli/add_device.php
 %%CACTIDIR%%/cli/add_graph_template.php
@@ -23,10 +24,10 @@
 %%CACTIDIR%%/cli/poller_output_empty.php
 %%CACTIDIR%%/cli/poller_reindex_hosts.php
 %%CACTIDIR%%/cli/rebuild_poller_cache.php
-%%CACTIDIR%%/cli/repair_database.php
-%%CACTIDIR%%/cli/structure_rra_paths.php
 %%CACTIDIR%%/cli/reorder_data_query.php
+%%CACTIDIR%%/cli/repair_database.php
 %%CACTIDIR%%/cli/repair_templates.php
+%%CACTIDIR%%/cli/structure_rra_paths.php
 %%CACTIDIR%%/cli/upgrade_database.php
 %%CACTIDIR%%/cmd.php
 %%CACTIDIR%%/color.php
@@ -42,9 +43,9 @@
 %%CACTIDIR%%/docs/html/basics.html
 %%CACTIDIR%%/docs/html/batch_copy_users.html
 %%CACTIDIR%%/docs/html/bsd_ports.html
-%%CACTIDIR%%/docs/html/cacti_help.html
+%%CACTIDIR%%/docs/html/%%CACTIUSER%%_help.html
 %%CACTIDIR%%/docs/html/cdefs.html
-%%CACTIDIR%%/docs/html/check_cacti_poller.html
+%%CACTIDIR%%/docs/html/check_%%CACTIUSER%%_poller.html
 %%CACTIDIR%%/docs/html/check_data_gathering.html
 %%CACTIDIR%%/docs/html/check_mysql_updating.html
 %%CACTIDIR%%/docs/html/check_rrd_graph.html
@@ -110,7 +111,7 @@
 %%CACTIDIR%%/docs/html/install_unix.html
 %%CACTIDIR%%/docs/html/install_windows.html
 %%CACTIDIR%%/docs/html/installation.html
-%%CACTIDIR%%/docs/html/making_scripts_work_with_cacti.html
+%%CACTIDIR%%/docs/html/making_scripts_work_with_%%CACTIUSER%%.html
 %%CACTIDIR%%/docs/html/migration_php_scripts_to_script_server.html
 %%CACTIDIR%%/docs/html/new_graphs.html
 %%CACTIDIR%%/docs/html/operating_principles.html
@@ -126,7 +127,7 @@
 %%CACTIDIR%%/docs/html/templates.html
 %%CACTIDIR%%/docs/html/testing_script_in_script_server.html
 %%CACTIDIR%%/docs/html/unix_apply_patches.html
-%%CACTIDIR%%/docs/html/unix_configure_cacti.html
+%%CACTIDIR%%/docs/html/unix_configure_%%CACTIUSER%%.html
 %%CACTIDIR%%/docs/html/unix_configure_httpd.html
 %%CACTIDIR%%/docs/html/unix_configure_mysql.html
 %%CACTIDIR%%/docs/html/unix_configure_php.html
@@ -175,10 +176,10 @@
 %%CACTIDIR%%/images/button_save.gif
 %%CACTIDIR%%/images/button_view.gif
 %%CACTIDIR%%/images/button_yes.gif
-%%CACTIDIR%%/images/cacti_about_logo.gif
-%%CACTIDIR%%/images/cacti_backdrop.gif
-%%CACTIDIR%%/images/cacti_backdrop2.gif
-%%CACTIDIR%%/images/cacti_logo.gif
+%%CACTIDIR%%/images/%%CACTIUSER%%_about_logo.gif
+%%CACTIDIR%%/images/%%CACTIUSER%%_backdrop.gif
+%%CACTIDIR%%/images/%%CACTIUSER%%_backdrop2.gif
+%%CACTIDIR%%/images/%%CACTIUSER%%_logo.gif
 %%CACTIDIR%%/images/calendar.gif
 %%CACTIDIR%%/images/delete_icon.gif
 %%CACTIDIR%%/images/delete_icon_large.gif
@@ -201,10 +202,14 @@
 %%CACTIDIR%%/images/move_right.gif
 %%CACTIDIR%%/images/move_up.gif
 %%CACTIDIR%%/images/reload_icon_small.gif
+%%CACTIDIR%%/images/server.png
+%%CACTIDIR%%/images/server_chart.png
+%%CACTIDIR%%/images/server_chart_curve.png
+%%CACTIDIR%%/images/server_dataquery.png
 %%CACTIDIR%%/images/shadow.gif
 %%CACTIDIR%%/images/shadow_gray.gif
 %%CACTIDIR%%/images/show.gif
-%%CACTIDIR%%/images/tab_cacti.gif
+%%CACTIDIR%%/images/tab_%%CACTIUSER%%.gif
 %%CACTIDIR%%/images/tab_console.gif
 %%CACTIDIR%%/images/tab_console_down.gif
 %%CACTIDIR%%/images/tab_graphs.gif
@@ -222,12 +227,45 @@
 %%CACTIDIR%%/images/view_none.gif
 %%CACTIDIR%%/include/auth.php
 %%CACTIDIR%%/include/bottom_footer.php
-@sample %%CACTIDIR%%/include/config.php.sample
-%%CACTIDIR%%/include/global_form.php
+%%CACTIDIR%%/include/config.php.sample
+%%CACTIDIR%%/include/csrf/csrf-magic.js
+%%CACTIDIR%%/include/csrf/csrf-magic.php
+%%CACTIDIR%%/include/csrf/index.php
 %%CACTIDIR%%/include/global.php
 %%CACTIDIR%%/include/global_arrays.php
-%%CACTIDIR%%/include/global_settings.php
 %%CACTIDIR%%/include/global_constants.php
+%%CACTIDIR%%/include/global_form.php
+%%CACTIDIR%%/include/global_settings.php
+%%CACTIDIR%%/include/js/images/ui-bg_diagonals-thick_18_b81900_40x40.png
+%%CACTIDIR%%/include/js/images/ui-bg_diagonals-thick_20_666666_40x40.png
+%%CACTIDIR%%/include/js/images/ui-bg_flat_10_000000_40x100.png
+%%CACTIDIR%%/include/js/images/ui-bg_glass_100_f6f6f6_1x400.png
+%%CACTIDIR%%/include/js/images/ui-bg_glass_100_fdf5ce_1x400.png
+%%CACTIDIR%%/include/js/images/ui-bg_glass_65_ffffff_1x400.png
+%%CACTIDIR%%/include/js/images/ui-bg_gloss-wave_35_f6a828_500x100.png
+%%CACTIDIR%%/include/js/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
+%%CACTIDIR%%/include/js/images/ui-bg_highlight-soft_75_ffe45c_1x100.png
+%%CACTIDIR%%/include/js/images/ui-icons_222222_256x240.png
+%%CACTIDIR%%/include/js/images/ui-icons_228ef1_256x240.png
+%%CACTIDIR%%/include/js/images/ui-icons_ef8c08_256x240.png
+%%CACTIDIR%%/include/js/images/ui-icons_ffd27a_256x240.png
+%%CACTIDIR%%/include/js/images/ui-icons_ffffff_256x240.png
+%%CACTIDIR%%/include/js/jquery.cookie.js
+%%CACTIDIR%%/include/js/jquery.dropdown.js
+%%CACTIDIR%%/include/js/jquery.js
+%%CACTIDIR%%/include/js/jquery.zoom.css
+%%CACTIDIR%%/include/js/jquery.zoom.js
+%%CACTIDIR%%/include/js/jstree.js
+%%CACTIDIR%%/include/js/themes/default-dark/32px.png
+%%CACTIDIR%%/include/js/themes/default-dark/40px.png
+%%CACTIDIR%%/include/js/themes/default-dark/style.css
+%%CACTIDIR%%/include/js/themes/default-dark/style.min.css
+%%CACTIDIR%%/include/js/themes/default-dark/throbber.gif
+%%CACTIDIR%%/include/js/themes/default/32px.png
+%%CACTIDIR%%/include/js/themes/default/40px.png
+%%CACTIDIR%%/include/js/themes/default/style.css
+%%CACTIDIR%%/include/js/themes/default/style.min.css
+%%CACTIDIR%%/include/js/themes/default/throbber.gif
 %%CACTIDIR%%/include/jscalendar/calendar-setup.js
 %%CACTIDIR%%/include/jscalendar/calendar.js
 %%CACTIDIR%%/include/jscalendar/lang/calendar-af.js
@@ -278,18 +316,6 @@
 %%CACTIDIR%%/include/plugins.php
 %%CACTIDIR%%/include/top_graph_header.php
 %%CACTIDIR%%/include/top_header.php
-%%CACTIDIR%%/include/treeview/ftiens4.js
-%%CACTIDIR%%/include/treeview/ftiens4_export.js
-%%CACTIDIR%%/include/treeview/ftv2blank.gif
-%%CACTIDIR%%/include/treeview/ftv2lastnode.gif
-%%CACTIDIR%%/include/treeview/ftv2mlastnode.gif
-%%CACTIDIR%%/include/treeview/ftv2mnode.gif
-%%CACTIDIR%%/include/treeview/ftv2node.gif
-%%CACTIDIR%%/include/treeview/ftv2plastnode.gif
-%%CACTIDIR%%/include/treeview/ftv2pnode.gif
-%%CACTIDIR%%/include/treeview/ftv2vertline.gif
-%%CACTIDIR%%/include/treeview/ua.js
-%%CACTIDIR%%/include/zoom.js
 %%CACTIDIR%%/index.php
 %%CACTIDIR%%/install/0_8_1_to_0_8_2.php
 %%CACTIDIR%%/install/0_8_2_to_0_8_2a.php
@@ -315,7 +341,9 @@
 %%CACTIDIR%%/install/0_8_7h_to_0_8_7i.php
 %%CACTIDIR%%/install/0_8_7i_to_0_8_8.php
 %%CACTIDIR%%/install/0_8_8_to_0_8_8a.php
-%%CACTIDIR%%/install/0_8_8_to_0_8_8b.php
+%%CACTIDIR%%/install/0_8_8a_to_0_8_8b.php
+%%CACTIDIR%%/install/0_8_8b_to_0_8_8c.php
+%%CACTIDIR%%/install/0_8_8c_to_0_8_8d.php
 %%CACTIDIR%%/install/0_8_to_0_8_1.php
 %%CACTIDIR%%/install/index.php
 %%CACTIDIR%%/install/install_finish.gif
@@ -444,10 +472,10 @@
 %%CACTIDIR%%/lib/xml.php
 %%CACTIDIR%%/logout.php
 %%CACTIDIR%%/plugins.php
+%%CACTIDIR%%/plugins/index.php
 %%CACTIDIR%%/poller.php
 %%CACTIDIR%%/poller_commands.php
 %%CACTIDIR%%/poller_export.php
-%%CACTIDIR%%/plugins/index.php
 %%CACTIDIR%%/resource/script_queries/host_cpu.xml
 %%CACTIDIR%%/resource/script_queries/host_disk.xml
 %%CACTIDIR%%/resource/script_queries/unix_disk.xml