Weathermap 0.97b Released (security fixes, etc)

[Howie]

http://www.network-weathermap.com/releases/0.97b

0.97b is out - this patches recently announce security issues, and also includes almost 3 years' worth of bugfixes, including a memory leak and the SQL problems folks have been hitting recently.

My plan is to get back to work on 0.98 and have some new features soon, too.

[_raindrop18]

thanks Howie for update!
I have install the new version and I got this error when I run weathermap with example.conf

6749 Segmentation fault

when the poller run

I have cacti 8.8a and php 5.4.1 on REdHut Linix.

thanks

[lreagor]

I updated from .97a to .97b (copied the weathermap folder over the old one) and am getting errors in the editor.
Fatal error: Call to undefined function wm_module_checks() in /var/www/html/plugins/weathermap/editor.php on line 86
If I edit editor.php to skip the module check, I get the welcome page and then when I click on my existing config file I get the following error when it hits the first wm_debug call:
Fatal error: Call to undefined function wm_debug() in /var/www/html/plugins/weathermap/editor.php on line 113

I looked at editor.php and lib/Weathermap.class.php and lib/WeatherMap.functions.php and all seem to be included properly so editor.php should be getting to the functions in lib/Weathermap.functions.php.

If I call the function wm_modules_check directly after the require_once 'lib/Weathermap.class.php'; line, the error shows up on that line.

If I call wm_parse_string() right after the include of Weathermap.functions.php, I get this:
Fatal error: Call to undefined function wm_parse_string() in /var/www/html/plugins/weathermap/editor.php on line 6

Makes me think something is wrong in the Weathermap.class.php file.

I hope some of this helps.

-Luke


Update: I deleted the weathermap directory and put a fresh copy of 0.97b in there and am now only getting this error:
Deprecated: Function split() is deprecated in /var/www/html/plugins/weathermap/editor.php on line 32
It shows up on the welcome page and the actual page that lets me edit the map.


Update again: Ok I ended up deleting the weathermap folder again and reinstalling 0.97a and it's all good again. How do you recommend upgrading from .97a to .97b?

[Howie]

Hmm, you should be able to overwrite it like that. I have moved a bunch of things from the root to the lib directory, but having them in both places shouldn't do too much harm...

Is it possible it didn't overwrite the editor.php for some reason? Sounds like maybe something like that.

[Howie]

thanks Howie for update!
I have install the new version and I got this error when I run weathermap with example.conf

6749 Segmentation fault

when the poller run

I have cacti 8.8a and php 5.4.1 on REdHut Linix.

thanks

Which redhat? I would have to try myself - there's nothing in Weathermap that should cause a segfault! PHP will do that when it runs out of memory though - what is your memory_limit? Running 'php check.php' should tell you.

[georkings]

Hi Howie:
I'm cuban and rencently I've installed cacti in my network with your plugin. I can tell you that it's amazing!!!
I've installed the version 0.97a, and for now I don't think update it to the new version, but it's good to know that you are alive because your latest release before this was 3 years ago. Maybe when you release the version 0.98 (or will be 1.0!!!!), I'll do the update.

[Howie]

Hi Howie:
I'm cuban and rencently I've installed cacti in my network with your plugin. I can tell you that it's amazing!!!
I've installed the version 0.97a, and for now I don't think update it to the new version, but it's good to know that you are alive because your latest release before this was 3 years ago. Maybe when you release the version 0.98 (or will be 1.0!!!!), I'll do the update.

OK - you should consider the security problem though. XSS potentially allows external users to hijack your Cacti login session.

[lreagor]

Hmm, you should be able to overwrite it like that. I have moved a bunch of things from the root to the lib directory, but having them in both places shouldn't do too much harm...

Is it possible it didn't overwrite the editor.php for some reason? Sounds like maybe something like that.

I redid the weathermap folder with only .97b files in it and it still gives this error on the welcome page and the editing page:
Deprecated: Function split() is deprecated in /var/www/html/plugins/weathermap/editor.php on line 32
Also, on the editing page, it doesn't show the map. In firefox, it just says 'weathermap' while in IE10 it looks like a missing picture where the map should be.

[lreagor]

I replaced the split() function with explode() and it works normally now.

I changed
$parts = split(":",
to
$parts = explode(":",

[georkings]

Hi Howie:
I'm cuban and rencently I've installed cacti in my network with your plugin. I can tell you that it's amazing!!!
I've installed the version 0.97a, and for now I don't think update it to the new version, but it's good to know that you are alive because your latest release before this was 3 years ago. Maybe when you release the version 0.98 (or will be 1.0!!!!), I'll do the update.

OK - you should consider the security problem though. XSS potentially allows external users to hijack your Cacti login session.

Ok, then I'll do the update. Thanks for you reply.

[_raindrop18]

thanks Howie for update!
I have install the new version and I got this error when I run weathermap with example.conf

6749 Segmentation fault

when the poller run

I have cacti 8.8a and php 5.4.1 on REdHut Linix.

thanks

Which redhat? I would have to try myself - there's nothing in Weathermap that should cause a segfault! PHP will do that when it runs out of memory though - what is your memory_limit? Running 'php check.php' should tell you.

here is check.php out put. there is no problem reported.

This is PHP Version 5.4.1 running on "Linux server-A 2.6.18-308.4.1.el5 #1 SMP Wed Mar 28 01:54:56 EDT 2012 x86_64" with a memory_limit of '128M'.

[kenny2983]

Hi,

I had the same problem as lreagor after the update of Weathermap 97a to 97b.
When I'm trying to edit an existing map, I have all the time the editor welcome page (to create a new map or a copy of one) and I have this error on apache error.log :

[error] [client x.x.x.x] File does not exist: /var/www/cacti/plugins/weathermap/editor-resources/images, referer: http://x.x.x.x/cacti/plugins/weathermap ... editor.css

If I create a link for images directory in editor-resources directory, there is no more error.

Also, if I'm trying to create a new map on editor, nothing happen (no errors and no config file)

Do you have an idea ?

Thanks.

[sukanta]

Also time taken by Weathermap creation almost doubled:

So reverted back to 0.97a.

04/07/2013 10:58:20 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Sun, 07 Apr 13 22:58:20 +0530: 27 maps were run in 34 seconds with 23 warnings.
04/07/2013 10:48:35 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:48:35 +0530: 27 maps were run in 51 seconds with 23 warnings.
04/07/2013 10:43:29 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:43:29 +0530: 27 maps were run in 50 seconds with 23 warnings.
04/07/2013 10:38:40 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:38:40 +0530: 27 maps were run in 54 seconds with 23 warnings.
04/07/2013 10:33:47 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:33:47 +0530: 27 maps were run in 53 seconds with 23 warnings.
04/07/2013 10:28:35 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:28:35 +0530: 27 maps were run in 54 seconds with 23 warnings.
04/07/2013 10:23:44 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97b run complete - Sun, 07 Apr 13 22:23:44 +0530: 27 maps were run in 54 seconds with 10077 warnings.
04/07/2013 10:18:19 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Sun, 07 Apr 13 22:18:19 +0530: 27 maps were run in 31 seconds with 23 warnings.
04/07/2013 10:13:21 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Sun, 07 Apr 13 22:13:21 +0530: 27 maps were run in 32 seconds with 23 warnings.
04/07/2013 10:08:19 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Sun, 07 Apr 13 22:08:19 +0530: 27 maps were run in 33 seconds with 23 warnings.
04/07/2013 10:03:14 PM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Sun, 07 Apr 13 22:03:14 +0530: 27 maps were run in 33 seconds with 23 warnings.

[Howie]

Also time taken by Weathermap creation almost doubled:

So reverted back to 0.97a.

Hmm, any chance you could (privately) share the biggest of your maps? No idea what is happening there...

Also, what are the 27 warnings?

[sukanta]

Also time taken by Weathermap creation almost doubled:

So reverted back to 0.97a.

Hmm, any chance you could (privately) share the biggest of your maps? No idea what is happening there...

Also, what are the 27 warnings?

PM Send...