From 47a2ea75899a6395a80918d043a21d61fe712b44 Mon Sep 17 00:00:00 2001
From: Steve Schnepp <steve.schnepp@pwkf.org>
Date: Wed, 12 Feb 2014 19:18:31 +0100
Subject: [PATCH] cgi/graph: replace Date::Manip with Date::Parse

As stated in #1389 by terryburton :

    munin-cgi-graph invokes UnixDate from Date::Manip which invokes the
    system's date command under a shell. This makes it difficult to create a tight
    MAC security profile (such as AppArmor or SELinux) since it becomes necessary
    to permit Munin to exec a shell, which is a gaping hole.

And cbiedl added :

    Also due to the shell execution, Date::Manip is sloooow. On my small
    test box, the entire Date::Manip::ParseDate and ::UnixDate line
    takes 120 ms, after replacing it with Date::Parse::str2time it is
    down to 3ms(sic!). Keep in mind this code is run for every graph a
    browser requests.

    Another issue mit Date::Manip is its API change, and at some point in
    the future the legacy DM5 munin uses might be obsoleted anyway.

    It should be noted Date::Parse::str2time understands all three
    timestamp formats as required by RFC 2616 in "3.3.1 Full Date". So if
    there's really breakage due to weird date strings specified by a
    client, it's rather their fault.

Kudos to terryburton for the initial patch. I only edited it a little and then
rebased it onto 2.0.6, so it can be also merged directly on the stable-2.0
branch. I also added the full commit message. This is to avoid having to look
at the ticket, as the rationale behind the change is solid, but might be subtle.

Closes: #1389
---
 master/_bin/munin-cgi-graph.in |  7 ++-----
 master/_bin/munin-graph.in     | 13 ++-----------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in
index dec4aa287..3d2532044 100755
--- a/master/_bin/munin-cgi-graph.in
+++ b/master/_bin/munin-cgi-graph.in
@@ -27,10 +27,7 @@ $Id$
 use strict;
 use warnings;
 use IO::Handle;
-BEGIN {
-    $Date::Manip::Backend = 'DM5';
-}
-use Date::Manip;
+use Date::Parse;
 use POSIX qw(strftime locale_h);
 use CGI::Fast qw(:cgi);
 use CGI::Carp qw(fatalsToBrowser);
@@ -496,7 +493,7 @@ sub rfctime_newer_than {
     # Format of since_string If-Modified-Since: Wed, 23 Jun 2004 16:11:06 GMT
     my $since_string = shift;
     my $created      = shift;
-    my $ifmodsec = &UnixDate (&ParseDateString ($since_string), "%s");
+    my $ifmodsec = str2time($since_string);
 
     return 1 if ($ifmodsec < $created);
     return 0;
diff --git a/master/_bin/munin-graph.in b/master/_bin/munin-graph.in
index fb47333a1..1c15d9f30 100755
--- a/master/_bin/munin-graph.in
+++ b/master/_bin/munin-graph.in
@@ -28,16 +28,7 @@ use strict;
 use warnings;
 use IO::Handle;
 
-BEGIN {
-    # This is needed because Date::Manip has deprecated the functional
-    # interface in >= 6.x. So, we force the use of the 5.x API.
-    $Date::Manip::Backend = 'DM5';
-
-    # Double line here to avoid spurious warnings about D::M::Backend being
-    # used only once.
-    $Date::Manip::Backend = 'DM5';
-}
-use Date::Manip;
+use Date::Parse;
 use POSIX qw(strftime);
 use Time::HiRes qw(gettimeofday tv_interval);
 use IO::File;
@@ -350,7 +341,7 @@ sub rfctime_newer_than {
     # Format of since_string If-Modified-Since: Wed, 23 Jun 2004 16:11:06 GMT
     my $since_string = shift;
     my $created      = shift;
-    my $ifmodsec = &UnixDate (&ParseDateString ($since_string), "%s");
+    my $ifmodsec = str2time($since_string);
 
     return 1 if ($ifmodsec < $created);
     return 0;