openSUSE-SU-2022:0145-1

This update for cacti, cacti-spine fixes the following issues:

cacti-spine was updated to 1.2.20:

• Add support for newer versions of MySQL/MariaDB
• When checking for uptime of device, don't assume a non-response is always fatal
• Fix description and command trunctation issues
• Improve spine performance when only one snmp agent port is in use

cacti-spine 1.2.19:

• Fix 1ssues with polling loop may skip some datasources
• Fix ping no longer works due to hostname changes
• Fix RRD steps are not always calculated correctly
• Fix unable to build when DES no longer supported
• Fix IPv6 devices are not properly parsed
• Reduce a number of compiler warnings
• Fix compiler warnings due to lack of return in threadmutextrylock
• Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows
• Improve performance of Cacti poller on heavily loaded systems

cacti-spine 1.2.20:

• Add support for newer versions of MySQL/MariaDB
• When checking for uptime of device, don't assume a non-response is always fatal
• Fix description and command trunctation issues
• Improve spine performance when only one snmp agent port is in use

cacti was updated to 1.2.20:

• Security fix for CVE-2022-0730, boo#1196692 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
• Security fix: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues
• Security fix: Lockout policies are not properly applied to LDAP and Domain Users
• Security fix: When using 'remember me' option, incorrect realm may be selected
• Security fix: User and Group maintenance are vulnerable to SQL attacks
• Security fix: Color Templates are vulnerable to XSS attack
• Features:
  • When creating a Data Source Profile, allow additional choices for Heartbeat
  • Change select all options to use Font Awesome icons
  • Improve spine performance by storing the total number of system snmp_ports in use
  • Prevent Template User Accounts from being Removed
  • When managing by users, allow filtering by Realm
  • Allow plugins to supply template account names
  • When viewing logs, additional message types should be filterable
  • When creating a Graph Template Item, allow filtering by Data Template
  • Allow language handler to be selected via UI
  • Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
  • Add Advanced Ping Graph Template to initial Installable templates
  • Add LDAP Debug Mode option
  • Allow Reports to include devices not on a Tree
  • Allow Basic Authentication to display custom failure message
• Fix: When replicating data during installation/upgrade, system may appear to hang
• Fix: Graph Template Items may have duplicated entries
• Fix: Unable to Save Graph Settings
• Fix: Script Server may crash if an OID is missing or unavailable
• Fix: When system-wide polling is disabled, remote pollers may fail to sync changed settings
• Fix: When updating poller name, duplicate name protection may be over zealous
• Fix: Titles may show 'Missing Datasource' incorectly
• Fix: Checking for MIB Cache can cause crashes
• Fix: Polling cycles may not always complete as expected
• Fix: When viewing graph data, non-numeric values may appear
• Fix: Utilities view has calculation errors when there are no data sources
• Fix: When editing Reports, drag and drop may not function as intended
• Fix: When data drive is full, viewing a Graph can result in errors
• Various other bug fixes

cacti 1.2.19:

• Further fixes for grave character security protection (boo#1192408)
• Fix Over aggressive escaping causing menu visibility issues on Create Device page
• Add SHA256 and AES256 security levels for SNMP polling
• Import graph template(Preview Only) show color_id new value as a blank area
• Fix Editing graphs errors due to missing sequence
• Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
• Fix 2hen RealTime is not active, console errors may appear
• Fix race conditions may occur when multiple RRDtool processes are running
• Fix errors creating graphs from templates
• Fix errors when duplicating reports
• Fix Boost may be blocked by overflowing poller_output table
• Fix Template import may be blocked due to unmet dependency warnings with snmp ports
• Fix Newer MySQL versions may error if committing a transaction when not in one
• Fix SNMP Agent may not find a cache item
• Fix Correct issues running under PHP 8.x
• Fix When polling is disabled, boost may crash and creates many arch tables
• Fix When poller runs, memory tables may not always be present
• Fix Timezones may sometimes be incorrectly calculated
• Fix Allow monitoring IPv6 with interface graphs
• Fix When a data source uses a Data Input Method, those without a mapping should be flagged
• Fix When RRDfile is not yet created, errors may appear when displaying the graph
• Fix Cacti missing key indexes that result in Preset pages slowdowns
• Fix Data Sources page shows no name when Data Source has no name cache
• Fix dbupdatetable function can not alter table from signed to unsigned
• Fix data remains in poller_output table even if it's flushed to rrd files
• Fix Parameter list for lib/database.php:dbconnectreal() is not correct in 3 places
• Fix Offset is a reserved word in MariaDB 10.6 affecting Report
• Fix Rendering large trees slowed due to lack of permission caching
• Fix Error on interpretation of snmpUtime, when to big
• Fix Applying right axis formatting creates an error-image
• Fix Unable to Save Graph Settings from the Graphs pages
• Fix Graph Template Cache is nullified too often when Graph Automation is running
• Fix When Adding a Data Query to a Device, no Progress Spinner is shown
• Fix New Browser Breaks Plugins that depend on non UTC date time data
• Fix errors when testing remote poller connectivity
• Fix errors when renaming poller
• Fix Removing spikes by Variance does not appear to be working beyond the first RRA
• Fix LDAP API lacks timeout options leading to bad login experiences
• Add a normal/wrap class for general use
• Limit File Types available for Template Import operations
• Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
• Support Stronger Encryption Available Starting in Net-SNMP v5.8
• Allow Cacti to use multiple possible LDAP servers
• Add a 15 minute polling/sampling interval
• Provide additional admin email notifications
• Add warnings for undesired changes to plugin hook return values
• When creating a Graph, make testing the Data Sources optional by Template
• Update phpseclib to 2.0.33
• Update jstree.js to 3.3.12
• Improve performance of Cacti poller on heavily loaded systems
• MariaDB recommendations need some tuning for recent updates