Accepting request 1061649 from server:monitoring:zabbix

added mention of patches added to package

OBS-URL: https://build.opensuse.org/request/show/1061649
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zabbix?expand=0&rev=20

CVE-2022-35230.patch

@@ -1,15 +0,0 @@
-Index: frontends/php/include/views/configuration.graph.edit.php
-===================================================================
---- frontends/php/include/views/configuration.graph.edit.php.orig	2022-06-28 08:59:47.000000000 +0200
-+++ frontends/php/include/views/configuration.graph.edit.php	2022-07-23 01:04:16.970847088 +0200
-@@ -409,6 +409,10 @@ $items_table->addRow(
- );
- 
- foreach ($this->data['items'] as $n => $item) {
-+	if (!$item['itemid']) {
-+		continue;
-+	}
-+
- 	$name = $item['host'].NAME_DELIMITER.$item['name_expanded'];
- 
- 	if (zbx_empty($item['drawtype'])) {

zabbix-4.0.42.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d5fb15e2fd343d9bc620b321b323f8a4193c5f12112f87db4c3dfa646ecf4e3d
-size 17644927

zabbix-6.0.12-curl-fixes.patch

@@ -0,0 +1,127 @@
+Index: include/sysinc.h
+===================================================================
+--- include/sysinc.h.orig	2022-12-05 09:13:13.147213258 +0100
++++ include/sysinc.h	2023-01-20 19:51:49.817570470 +0100
+@@ -401,7 +401,90 @@
+ #	else
+ #		define ZBX_CURLOPT_ACCEPT_ENCODING	CURLOPT_ENCODING
+ #	endif
++#	if 0x073700 <= LIBCURL_VERSION_NUM	/* version 7.55.0 */
++#		define ZBX_CURLINFO_SPEED_DOWNLOAD	CURLINFO_SPEED_DOWNLOAD_T
++#	else
++#		define ZBX_CURLINFO_SPEED_DOWNLOAD	CURLINFO_SPEED_DOWNLOAD
++#	endif
+ #	define ZBX_CURLOPT_MAXREDIRS	10L
++#	if defined(NEED_FUNCTION_CURL_EASY_SETOPT_REDEFINE)
++#	undef curl_easy_setopt
++#	define curl_easy_setopt(handle, option, value)							\
++		__extension__({										\
++			CURLoption _curl_opt = (option);						\
++			if(__builtin_constant_p(_curl_opt)) {						\
++				CURL_IGNORE_DEPRECATION(						\
++					if(curlcheck_long_option(_curl_opt))				\
++						if(!curlcheck_long(value))				\
++							_curl_easy_setopt_err_long();			\
++					if(curlcheck_off_t_option(_curl_opt))				\
++						if(!curlcheck_off_t(value))				\
++							_curl_easy_setopt_err_curl_off_t();		\
++					if(curlcheck_string_option(_curl_opt))				\
++						if(!curlcheck_string(value))				\
++							_curl_easy_setopt_err_string();			\
++					if(curlcheck_write_cb_option(_curl_opt))			\
++						if(!curlcheck_write_cb(value))				\
++							_curl_easy_setopt_err_write_callback();		\
++					if((_curl_opt) == CURLOPT_RESOLVER_START_FUNCTION)		\
++						if(!curlcheck_resolver_start_callback(value))		\
++							_curl_easy_setopt_err_resolver_start_callback();\
++					if((_curl_opt) == CURLOPT_READFUNCTION)				\
++						if(!curlcheck_read_cb(value))				\
++							_curl_easy_setopt_err_read_cb();		\
++					if((_curl_opt) == CURLOPT_IOCTLFUNCTION)			\
++						if(!curlcheck_ioctl_cb(value))				\
++							_curl_easy_setopt_err_ioctl_cb();		\
++					if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)			\
++						if(!curlcheck_sockopt_cb(value))			\
++							_curl_easy_setopt_err_sockopt_cb();		\
++					if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)			\
++						if(!curlcheck_opensocket_cb(value))			\
++							_curl_easy_setopt_err_opensocket_cb();		\
++					if((_curl_opt) == CURLOPT_PROGRESSFUNCTION)			\
++						if(!curlcheck_progress_cb(value))			\
++							_curl_easy_setopt_err_progress_cb();		\
++					if((_curl_opt) == CURLOPT_DEBUGFUNCTION)			\
++						if(!curlcheck_debug_cb(value))				\
++							_curl_easy_setopt_err_debug_cb();		\
++					if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)			\
++						if(!curlcheck_ssl_ctx_cb(value))			\
++							_curl_easy_setopt_err_ssl_ctx_cb();		\
++					if(curlcheck_conv_cb_option(_curl_opt))				\
++						if(!curlcheck_conv_cb(value))				\
++							_curl_easy_setopt_err_conv_cb();		\
++					if((_curl_opt) == CURLOPT_SEEKFUNCTION)				\
++						if(!curlcheck_seek_cb(value))				\
++							_curl_easy_setopt_err_seek_cb();		\
++					if(curlcheck_cb_data_option(_curl_opt))				\
++						if(!curlcheck_cb_data(value))				\
++							_curl_easy_setopt_err_cb_data();		\
++					if((_curl_opt) == CURLOPT_ERRORBUFFER)				\
++						if(!curlcheck_error_buffer(value))			\
++							_curl_easy_setopt_err_error_buffer();		\
++					if((_curl_opt) == CURLOPT_STDERR)				\
++						if(!curlcheck_FILE(value))				\
++							_curl_easy_setopt_err_FILE();			\
++					if(curlcheck_postfields_option(_curl_opt))			\
++						if(!curlcheck_postfields(value))			\
++							_curl_easy_setopt_err_postfields();		\
++					if((_curl_opt) == CURLOPT_HTTPPOST)				\
++						if(!curlcheck_arr((value), struct curl_httppost))	\
++							_curl_easy_setopt_err_curl_httpost();		\
++					if((_curl_opt) == CURLOPT_MIMEPOST)				\
++						if(!curlcheck_ptr((value), curl_mime))			\
++							_curl_easy_setopt_err_curl_mimepost();		\
++					if(curlcheck_slist_option(_curl_opt))				\
++						if(!curlcheck_arr((value), struct curl_slist))		\
++							_curl_easy_setopt_err_curl_slist();		\
++					if((_curl_opt) == CURLOPT_SHARE)				\
++						if(!curlcheck_ptr((value), CURLSH))			\
++							_curl_easy_setopt_err_CURLSH();			\
++				)									\
++			}										\
++			curl_easy_setopt(handle, _curl_opt, value);					\
++		})
++#	endif
+ #endif
+ 
+ /* Required for advanced sigaction */
+Index: m4/libcurl.m4
+===================================================================
+--- m4/libcurl.m4.orig	2022-12-01 08:47:13.072351692 +0100
++++ m4/libcurl.m4	2023-01-20 19:20:18.248255772 +0100
+@@ -294,7 +294,27 @@ x=CURLOPT_VERBOSE;
+ 			LIBS="${LIBS} ${LIBCURL_LIBS}"
+ 			LDFLAGS="${LDFLAGS} ${LIBCURL_LDFLAGS}"
+ 			CFLAGS="${CFLAGS} ${LIBCURL_CFLAGS}"
++			# Does this version of curl ship with a broken curl_easy_setopt() wrapper?
++			# If this fails to compile, then yes and request to redefine it
++			AC_MSG_CHECKING([if curl/curl.h defines a broken curl_easy_setopt() wrapper])
++			AC_COMPILE_IFELSE([
++				AC_LANG_PROGRAM([[#include <curl/curl.h>]], [[
++CURL		*easyhandle;
++CURLoption	opt;
+ 
++(void)curl_easy_setopt(easyhandle, opt = CURLOPT_NOBODY, 1L);]]
++				)
++			], [
++				AC_MSG_RESULT(no)
++			], [
++				AC_MSG_RESULT(yes)
++				AC_DEFINE(NEED_FUNCTION_CURL_EASY_SETOPT_REDEFINE,1,
++					[Define to 1 if 'curl_easy_setopt' is broken and needs redefining.])
++			]
++			)
++
++			# Does curl_free() exist in this version of libcurl?
++			# If not, fake it with free()
+ 			AC_CHECK_FUNC(curl_free,,
+ 				AC_DEFINE(curl_free,free,
+ 					[Define curl_free() as free() if our version of curl lacks curl_free.]))

zabbix-6.0.12-netsnmp-fixes.patch

@@ -0,0 +1,45 @@
+Index: m4/netsnmp.m4
+===================================================================
+--- m4/netsnmp.m4.orig	2022-12-01 08:47:13.072351692 +0100
++++ m4/netsnmp.m4	2023-01-20 20:29:15.268271638 +0100
+@@ -170,7 +170,22 @@ session.securityAuthProto = usmHMAC384SH
+ 		],[
+ 		AC_MSG_RESULT(no)
+ 		])
+-
++################## monkey patching....
++               dnl Check if MD5 auth is removed
++               AC_MSG_CHECKING(for disabled MD5 auth protocol support)
++               AC_TRY_LINK([
++#include <net-snmp/net-snmp-config.h>
++#include <net-snmp/net-snmp-includes.h>
++               ],[
++struct snmp_session session;
++session.securityAuthProto = usmHMACMD5AuthProtocol;
++               ],[
++               AC_DEFINE(HAVE_NETSNMP_NO_MD5_AUTH, 1, [Define to 1 if MD5 auth protocols is disabled.])
++               AC_MSG_RESULT(yes)
++               ],[
++               AC_MSG_RESULT(no)
++               ])
++################## end monkey patching....
+ 		dnl Check for AES192/256 protocol support for privacy
+ 		AC_MSG_CHECKING(for strong AES privacy protocol support)
+ 		AC_TRY_LINK([
+Index: src/zabbix_server/poller/checks_snmp.c
+===================================================================
+--- src/zabbix_server/poller/checks_snmp.c.orig	2022-12-05 09:13:13.223215969 +0100
++++ src/zabbix_server/poller/checks_snmp.c	2023-01-20 20:27:57.339847563 +0100
+@@ -356,10 +356,12 @@ static int	zbx_snmpv3_set_auth_protocol(
+ 
+ 	switch (item->snmpv3_authprotocol)
+ 	{
++#ifdef usmHMACMD5AuthProtocol
+ 		case ITEM_SNMPV3_AUTHPROTOCOL_MD5:
+ 			session->securityAuthProto = usmHMACMD5AuthProtocol;
+ 			session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
+ 			break;
++#endif
+ 		case ITEM_SNMPV3_AUTHPROTOCOL_SHA1:
+ 			session->securityAuthProto = usmHMACSHA1AuthProtocol;
+ 			session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;

zabbix-6.0.12-new-m4-pgsql.patch

@@ -1,13 +1,13 @@
 Index: configure.ac
 ===================================================================
---- configure.ac.orig	2019-01-28 11:45:10.000000000 +0100
-+++ configure.ac	2019-03-22 13:55:27.258760837 +0100
-@@ -1229,25 +1229,15 @@ if test "x$server" = "xyes" || test "x$p
+--- configure.ac.orig	2022-12-05 09:13:12.947206126 +0100
++++ configure.ac	2023-01-20 20:21:30.286134050 +0100
+@@ -1453,25 +1453,15 @@ if test "x$server" = "xyes" || test "x$p
  	fi
  
  	dnl Checking for PostgreSQL support
--	AX_LIB_POSTGRESQL("8.1")
-+	AX_LIB_POSTGRESQL([8.2])
+-	AX_LIB_POSTGRESQL("9.2")
++	AX_LIB_POSTGRESQL([9.2])
  	if test "x$want_postgresql" = "xyes"; then
  		if test "x$have_db" != "xno"; then
  			AC_MSG_ERROR([You can configure for only one database.])
@@ -29,21 +29,21 @@ Index: configure.ac
 +	        	have_db="PostgreSQL"
 +			have_multirow_insert="yes" # set by default as we are forcing to use min 8.2 postgresql
  		fi
-	fi
-
-@@ -1299,7 +1289,7 @@ if test "x$server" = "xyes" || test "x$p
+ 	fi
+ 
+@@ -1527,7 +1517,7 @@ if test "x$server" = "xyes" || test "x$p
  		AC_MSG_RESULT(no)
  	fi
  
--	DB_CFLAGS="$IBM_DB2_CPPFLAGS $MYSQL_CFLAGS $ORACLE_CPPFLAGS $POSTGRESQL_CFLAGS $SQLITE3_CPPFLAGS"
-+	DB_CFLAGS="$IBM_DB2_CPPFLAGS $MYSQL_CFLAGS $ORACLE_CPPFLAGS $POSTGRESQL_CPPFLAGS $SQLITE3_CPPFLAGS"
- 	DB_LDFLAGS="$IBM_DB2_LDFLAGS $MYSQL_LDFLAGS $ORACLE_LDFLAGS $POSTGRESQL_LDFLAGS $SQLITE3_LDFLAGS"
- 	DB_LIBS="$IBM_DB2_LIBS $MYSQL_LIBS $ORACLE_LIBS $POSTGRESQL_LIBS $SQLITE3_LIBS"
+-	DB_CFLAGS="$MYSQL_CFLAGS $ORACLE_CPPFLAGS $POSTGRESQL_CFLAGS $SQLITE3_CPPFLAGS"
++	DB_CFLAGS="$MYSQL_CFLAGS $ORACLE_CPPFLAGS $POSTGRESQL_CPPFLAGS $SQLITE3_CPPFLAGS"
+ 	DB_LDFLAGS="$MYSQL_LDFLAGS $ORACLE_LDFLAGS $POSTGRESQL_LDFLAGS $SQLITE3_LDFLAGS"
+ 	DB_LIBS="$MYSQL_LIBS $ORACLE_LIBS $POSTGRESQL_LIBS $SQLITE3_LIBS"
  
 Index: m4/ax_compare_version.m4
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ m4/ax_compare_version.m4	2019-03-22 13:42:09.744259011 +0100
++++ m4/ax_compare_version.m4	2023-01-20 20:20:44.581933215 +0100
 @@ -0,0 +1,177 @@
 +# ===========================================================================
 +#    https://www.gnu.org/software/autoconf-archive/ax_compare_version.html
@@ -224,8 +224,8 @@ Index: m4/ax_compare_version.m4
 +]) dnl AX_COMPARE_VERSION
 Index: m4/ax_lib_postgresql.m4
 ===================================================================
---- m4/ax_lib_postgresql.m4.orig	2019-01-28 11:45:08.000000000 +0100
-+++ m4/ax_lib_postgresql.m4	2019-03-22 13:44:10.008033108 +0100
+--- m4/ax_lib_postgresql.m4.orig	2022-12-01 08:47:13.068351647 +0100
++++ m4/ax_lib_postgresql.m4	2023-01-20 20:20:44.581933215 +0100
 @@ -1,31 +1,33 @@
 -##### http://autoconf-archive.cryp.to/ax_lib_postgresql.html
 +# ===========================================================================

zabbix-6.0.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e72b067ee823e6906da4908f23e16214828cd7f51695746579eeaf61941a0810
+size 40419443

zabbix.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Jan 27 21:44:50 UTC 2023 - Boris Manojlovic <boris@steki.net>
+
+- mention of patches added required...
+  zabbix-6.0.12-curl-fixes.patch zabbix-6.0.12-netsnmp-fixes.patch 
+  zabbix-6.0.12-new-m4-pgsql.patch  
+
+-------------------------------------------------------------------
+Fri Jan 20 18:42:28 UTC 2023 - Boris Manojlovic <boris@steki.net>
+
+- updated to 6.0.12
+- for changes in this major release please consult 6.0.html in
+  /usr/share/doc/packages/zabbix/
+- removed CVE-2022-35230.patch and zabbix-3.0.25-new-m4-pgsql.patch
+- added fixed zabbix-6.0.12-new-m4-pgsql.patch patch
+
 -------------------------------------------------------------------
 Fri Jul 22 23:14:21 UTC 2022 - Boris Manojlovic <boris@steki.net>
 

zabbix.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package zabbix
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,14 +23,14 @@
 %define agent_group  zabbix
 %define SUSEfirewall_services_dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 Name:           zabbix
-Version:        4.0.42
+Version:        6.0.12
 Release:        0
 Summary:        Distributed monitoring system
 License:        GPL-2.0-or-later
 Group:          System/Monitoring
 URL:            http://www.zabbix.com
-Source0:        https://cdn.zabbix.com/zabbix/sources/stable/4.0/zabbix-%{version}.tar.gz
-Source1:        rn4.0.0.html
+Source0:        https://cdn.zabbix.com/zabbix/sources/stable/6.0/zabbix-%{version}.tar.gz
+Source1:        rn6.0.0.html
 Source2:        zabbix-tmpfiles.conf
 Source3:        zabbix-java-gateway.sh
 Source4:        zabbix-logrotate.in
@@ -45,10 +45,12 @@ Source12:       zabbix-agentd.service
 Source13:       zabbix-server.service
 Source14:       zabbix-java-gateway.service
 Source15:       README-SSL.SUSE
-# PATCH-FIX-UPSTREAM zabbix-3.0.25-new-m4-pgsql.patch fix for opensuse issue caused/solved by bnc#1120035
-Patch0:         zabbix-3.0.25-new-m4-pgsql.patch
-# PATCH-FIX-UPSTREAN  CVE-2022-35230.patch fix for CVE-2022-35230 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae
-Patch1:         CVE-2022-35230.patch
+# PATCH-FIX-UPSTREAM zabbix-6.0.12-new-m4-pgsql.patch fix for opensuse issue caused/solved by bnc#1120035
+Patch0:         zabbix-6.0.12-new-m4-pgsql.patch
+# PATCH-FIX-UPSTREAN  zabbix-6.0.12-curl-fixes.patch fix for curl specific issue https://git.zabbix.com/projects/ZBX/repos/zabbix/pull-requests/4946/commits/f462538f52a1fba52fdd4010e40fe7281044f6b1?since=52c6b9703eacf3252ec66117a8cff094624b9217#include/common/zbxsysinc.h
+Patch2:         zabbix-6.0.12-curl-fixes.patch
+# PATCH-FIX-OPENSUSE  zabbix-6.0.12-netsnmp-fixes.patch fix for removed md5 auth protocol
+Patch3:         zabbix-6.0.12-netsnmp-fixes.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
 BuildRequires:  autoconf
@@ -134,25 +136,26 @@ Conflicts:      zabbix-proxy
 %description proxy
 The Zabbix proxy component.
 
-%package phpfrontend
+%package ui
 Summary:        Zabbix web frontend (php)
 Group:          Productivity/Networking/Web/Frontends
 Requires:       apache2
-Requires:       php7
-Requires:       php7-bcmath
-Requires:       php7-ctype
-Requires:       php7-gd
-Requires:       php7-gettext
-Requires:       php7-ldap
-Requires:       php7-mbstring
-Requires:       php7-sockets
-Requires:       php7-xmlreader
-Requires:       php7-xmlwriter
-Suggests:       php7-mysqli
-Suggests:       php7-pgsql
+Requires:       php8
+Requires:       php8-bcmath
+Requires:       php8-ctype
+Requires:       php8-gd
+Requires:       php8-gettext
+Requires:       php8-ldap
+Requires:       php8-mbstring
+Requires:       php8-sockets
+Requires:       php8-xmlreader
+Requires:       php8-xmlwriter
+Suggests:       php8-mysqli
+Suggests:       php8-pgsql
 Conflicts:      zabbix-phpfrontend
+Obsoletes:      zabbix-phpfrontend < 6.0.0
 
-%description phpfrontend
+%description ui
 The Zabbix PHP frontend allows access via standard web browsers.
 
 NOTE: You still have to install the PHP package which contains your db driver!
@@ -244,7 +247,9 @@ remotely.
 %prep
 %setup -q -n zabbix-%{version}
 %patch0
-%patch1
+#%%patch1
+%patch2
+%patch3
 
 cp %{SOURCE6} .
 # fix source & config files to respect adapted names
@@ -349,7 +354,7 @@ rm -r %{buildroot}%{_sbindir}/zabbix_java
 
 # install the php frontend
 mkdir -p %{buildroot}%{_datadir}/zabbix
-cp -r frontends/php/* %{buildroot}%{_datadir}/zabbix
+cp -r ui/* %{buildroot}%{_datadir}/zabbix
 install -Dm 0644 %{SOURCE5} %{buildroot}%{apache_sysconfdir}/conf.d/zabbix.conf
 # remove .htaccess files as access rules are moved to zabbix.conf
 find %{buildroot}%{_datadir}/zabbix -name .htaccess -exec rm -v {} \;
@@ -532,7 +537,7 @@ if [ "$1" = 0 ] ; then
 fi
 
 %files server
-%doc AUTHORS ChangeLog database/ibm_db2 database/mysql database/oracle database/postgresql database/sqlite3 rn4.0.0.html README-SSL.SUSE
+%doc AUTHORS ChangeLog database/mysql database/oracle database/postgresql database/sqlite3 rn6.0.0.html README-SSL.SUSE
 %if 0%{?suse_version} < 1500
 %config %{SUSEfirewall_services_dir}/zabbix_server
 %endif
@@ -540,6 +545,7 @@ fi
 %config(noreplace) %attr(0640, root, %{server_group}) %{_sysconfdir}/zabbix/zabbix_server.conf
 %{_bindir}/zabbix_get
 %{_bindir}/zabbix-get
+%{_bindir}/zabbix_js
 %{_sbindir}/zabbix_server
 %{_sbindir}/zabbix-server
 %{_sbindir}/rczabbix_server
@@ -594,7 +600,7 @@ fi
 %{_tmpfilesdir}/zabbix_agentd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-agent
 
-%files phpfrontend
+%files ui
 %doc README.SUSE
 %dir %{apache_sysconfdir}
 %dir %{apache_sysconfdir}/conf.d