Patch to address a regression on preview mode on 0.8.8b - http://forums.cacti.net/viewtopic.php?f=21&t=50645

Thanks to Reuben Farrelly for the pointer on bug 482424.

(Portage version: 2.2.0_alpha196/cvs/Linux x86_64, signed Manifest commit with key BB0E6E98)

3 files changed, 139 insertions, 1 deletions

diff --git a/net-analyzer/cacti/ChangeLog b/net-analyzer/cacti/ChangeLog
index f111dbe35bed..ba28616d529a 100644
--- a/net-analyzer/cacti/ChangeLog
+++ b/net-analyzer/cacti/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-analyzer/cacti
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.192 2013/08/27 02:21:33 jmbsvicetto Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/ChangeLog,v 1.193 2013/09/11 15:10:24 jmbsvicetto Exp $
+
+*cacti-0.8.8b-r2 (11 Sep 2013)
+
+  11 Sep 2013; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org>
+  +cacti-0.8.8b-r2.ebuild, +files/cacti-0.8.8b_empty_comment.patch:
+  Patch to address a regression on preview mode on 0.8.8b -
+  http://forums.cacti.net/viewtopic.php?f=21&t=50645 Thanks to Reuben Farrelly
+  for the pointer on bug 482424.
 
 *cacti-0.8.8b-r1 (27 Aug 2013)
 
diff --git a/net-analyzer/cacti/cacti-0.8.8b-r2.ebuild b/net-analyzer/cacti/cacti-0.8.8b-r2.ebuild
new file mode 100644
index 000000000000..51fe8ab92590
--- /dev/null
+++ b/net-analyzer/cacti/cacti-0.8.8b-r2.ebuild
@@ -0,0 +1,91 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/cacti/cacti-0.8.8b-r2.ebuild,v 1.1 2013/09/11 15:10:24 jmbsvicetto Exp $
+
+EAPI="4"
+
+inherit depend.php eutils webapp
+
+# Support for _p* in version.
+MY_P=${P/_p*/}
+
+DESCRIPTION="Cacti is a complete frontend to rrdtool"
+HOMEPAGE="http://www.cacti.net/"
+SRC_URI="http://www.cacti.net/downloads/${MY_P}.tar.gz"
+
+# patches
+UPSTREAM_PATCHES=""
+if [[ -n ${UPSTREAM_PATCHES} ]]; then
+	for i in ${UPSTREAM_PATCHES}; do
+		SRC_URI="${SRC_URI} http://www.cacti.net/downloads/patches/${PV/_p*}/${i}.patch"
+	done
+fi
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="snmp doc"
+
+need_httpd
+
+DEPEND=""
+RDEPEND="
+	dev-lang/php[cli,mysql,session,sockets,xml]
+	dev-php/adodb
+	net-analyzer/rrdtool
+	virtual/cron
+	virtual/mysql
+	snmp? ( >=net-analyzer/net-snmp-5.2.0 )
+"
+
+src_unpack() {
+	unpack ${MY_P}.tar.gz
+
+	if [[ -n ${UPSTREAM_PATCHES} ]]; then
+		[ ! ${MY_P} == ${P} ] && mv ${MY_P} ${P}
+	fi
+}
+
+src_prepare() {
+	# Patch to address http://bugs.cacti.net/view.php?id=2383
+	# Fixes bug 482424 (CVE-2013-5588, CVE-2013-5589)
+	epatch "${FILESDIR}/${PN}-r7420.patch"
+
+	# Patch to address a regression on preview mode on 0.8.8b
+	# http://forums.cacti.net/viewtopic.php?f=21&t=50645
+	epatch "${FILESDIR}/${P}_empty_comment.patch"
+
+	if [[ -n ${UPSTREAM_PATCHES} ]]; then
+		for i in ${UPSTREAM_PATCHES} ; do
+			EPATCH_OPTS="-p1 -d ${S} -N" epatch "${DISTDIR}"/${i}.patch
+		done ;
+	fi
+
+	sed -i -e \
+		's:$config\["library_path"\] . "/adodb/adodb.inc.php":"adodb/adodb.inc.php":' \
+		"${S}"/include/global.php || die
+
+	rm -rf lib/adodb || die # don't use bundled adodb
+}
+
+src_compile() { :; }
+
+src_install() {
+	webapp_src_preinst
+
+	rm LICENSE README || die
+	dodoc docs/{CHANGELOG,CONTRIB,README,txt/manual.txt} || die
+	use doc && dohtml -r docs/html/
+	rm -rf docs
+
+	edos2unix `find -type f -name '*.php'`
+
+	dodir ${MY_HTDOCSDIR}
+	cp -r . "${D}"${MY_HTDOCSDIR}
+
+	webapp_serverowned ${MY_HTDOCSDIR}/rra
+	webapp_serverowned ${MY_HTDOCSDIR}/log/cacti.log
+	webapp_configfile ${MY_HTDOCSDIR}/include/config.php
+	webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
+
+	webapp_src_install
+}
diff --git a/net-analyzer/cacti/files/cacti-0.8.8b_empty_comment.patch b/net-analyzer/cacti/files/cacti-0.8.8b_empty_comment.patch
new file mode 100644
index 000000000000..ca1d81ac64bc
--- /dev/null
+++ b/net-analyzer/cacti/files/cacti-0.8.8b_empty_comment.patch
@@ -0,0 +1,39 @@
+### Eclipse Workspace Patch 1.0
+#P cacti088
+Index: lib/rrd.php
+===================================================================
+--- lib/rrd.php	(Revision 7407)
++++ lib/rrd.php	(Arbeitskopie)
+@@ -1343,20 +1343,20 @@
+ 		$need_rrd_nl = TRUE;
+ 
+ 		if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
++			# perform variable substitution first (in case this will yield an empty results or brings command injection problems)
++			$comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
++			# next, compute the argument of the COMMENT statement and perform injection counter measures
++			if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
++				$comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
++			} else {
++				$comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
++			}
++
++			# create rrdtool specific command line
+ 			if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
+-				$comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
+-				if (trim($comment_string) == 'COMMENT:"\n"') {
+-					$txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-				} else if (trim($comment_string) != "COMMENT:\"\"") {
+-					$txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-				}
++				$txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
+ 			}else {
+-				$comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
+-				if (trim($comment_string) == 'COMMENT:"\n"') {
+-					$txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-				} else if (trim($comment_string) != "COMMENT:\"\"") {
+-					$txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-				}
++				$txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
+ 			}
+ 		}elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
+ 			$graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */