From ee4d9a2f4e7db18d212a08a8263d765b64b2540fd2ab8b3d7645d62869a15855 Mon Sep 17 00:00:00 2001
From: Boris Manojlovic <boris@steki.net>
Date: Fri, 22 Jul 2022 22:56:12 +0000
Subject: [PATCH 1/2] Accepting request 990740 from
 home:bmanojlovic:branches:server:monitoring:zabbix

- updated to latest release 4.0.42
- New Features and Improvements
  + ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database
  + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian,
    Romanian, Spanish and Vietnamese languages in frontend
- Bug Fixes
  + ZBX-21123 Fixed crash when VMware VC was not available at the first moment when starting zabbix_server
  + ZBX-21137 Fixed VMware collector crash related to datastore state disconnected from all HVs
  + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name
  + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped

OBS-URL: https://build.opensuse.org/request/show/990740
OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=36
---
 zabbix-4.0.39.tar.gz |  3 ---
 zabbix-4.0.42.tar.gz |  3 +++
 zabbix.changes       | 14 ++++++++++++++
 zabbix.spec          |  2 +-
 4 files changed, 18 insertions(+), 4 deletions(-)
 delete mode 100644 zabbix-4.0.39.tar.gz
 create mode 100644 zabbix-4.0.42.tar.gz

diff --git a/zabbix-4.0.39.tar.gz b/zabbix-4.0.39.tar.gz
deleted file mode 100644
index 75e152a..0000000
--- a/zabbix-4.0.39.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5425693737205ab8822a7ed7289aa65ac19634cd699d759e557e8b81883b69b9
-size 17548415
diff --git a/zabbix-4.0.42.tar.gz b/zabbix-4.0.42.tar.gz
new file mode 100644
index 0000000..c39142d
--- /dev/null
+++ b/zabbix-4.0.42.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d5fb15e2fd343d9bc620b321b323f8a4193c5f12112f87db4c3dfa646ecf4e3d
+size 17644927
diff --git a/zabbix.changes b/zabbix.changes
index 48757dc..bdb3d7c 100644
--- a/zabbix.changes
+++ b/zabbix.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Jul 22 22:44:34 UTC 2022 - Boris Manojlovic <boris@steki.net>
+
+- updated to latest release 4.0.42
+- New Features and Improvements
+  + ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database
+  + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian,
+    Romanian, Spanish and Vietnamese languages in frontend
+- Bug Fixes
+  + ZBX-21123 Fixed crash when VMware VC was not available at the first moment when starting zabbix_server
+  + ZBX-21137 Fixed VMware collector crash related to datastore state disconnected from all HVs
+  + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name
+  + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped
+
 -------------------------------------------------------------------
 Thu Mar 17 09:40:55 UTC 2022 - Boris Manojlovic <boris@steki.net>
 
diff --git a/zabbix.spec b/zabbix.spec
index e2e7b48..9dd6d52 100644
--- a/zabbix.spec
+++ b/zabbix.spec
@@ -23,7 +23,7 @@
 %define agent_group  zabbix
 %define SUSEfirewall_services_dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 Name:           zabbix
-Version:        4.0.39
+Version:        4.0.42
 Release:        0
 Summary:        Distributed monitoring system
 License:        GPL-2.0-or-later

From f4b8e7ae14596dbfb65130dd051611cb372fea10db627c489a067c2a22c3fe80 Mon Sep 17 00:00:00 2001
From: Boris Manojlovic <boris@steki.net>
Date: Fri, 22 Jul 2022 23:17:29 +0000
Subject: [PATCH 2/2] Accepting request 990742 from
 home:bmanojlovic:branches:server:monitoring:zabbix

- add CVE-2022-35230 patch file CVE-2022-35230.patch
- updated to latest release 4.0.42
- New Features and Improvements
  + ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database
  + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian,
    Romanian, Spanish and Vietnamese languages in frontend
- Bug Fixes
  + ZBX-21123 Fixed crash when VMware VC was not available at the first moment when starting zabbix_server
  + ZBX-21137 Fixed VMware collector crash related to datastore state disconnected from all HVs
  + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name
  + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped

OBS-URL: https://build.opensuse.org/request/show/990742
OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=37
---
 CVE-2022-35230.patch | 15 +++++++++++++++
 zabbix.changes       |  5 +++++
 zabbix.spec          |  3 +++
 3 files changed, 23 insertions(+)
 create mode 100644 CVE-2022-35230.patch

diff --git a/CVE-2022-35230.patch b/CVE-2022-35230.patch
new file mode 100644
index 0000000..1c4c789
--- /dev/null
+++ b/CVE-2022-35230.patch
@@ -0,0 +1,15 @@
+Index: frontends/php/include/views/configuration.graph.edit.php
+===================================================================
+--- frontends/php/include/views/configuration.graph.edit.php.orig	2022-06-28 08:59:47.000000000 +0200
++++ frontends/php/include/views/configuration.graph.edit.php	2022-07-23 01:04:16.970847088 +0200
+@@ -409,6 +409,10 @@ $items_table->addRow(
+ );
+ 
+ foreach ($this->data['items'] as $n => $item) {
++	if (!$item['itemid']) {
++		continue;
++	}
++
+ 	$name = $item['host'].NAME_DELIMITER.$item['name_expanded'];
+ 
+ 	if (zbx_empty($item['drawtype'])) {
diff --git a/zabbix.changes b/zabbix.changes
index bdb3d7c..ea2d7ab 100644
--- a/zabbix.changes
+++ b/zabbix.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jul 22 23:14:21 UTC 2022 - Boris Manojlovic <boris@steki.net>
+
+- add CVE-2022-35230 patch file CVE-2022-35230.patch 
+
 -------------------------------------------------------------------
 Fri Jul 22 22:44:34 UTC 2022 - Boris Manojlovic <boris@steki.net>
 
diff --git a/zabbix.spec b/zabbix.spec
index 9dd6d52..1fbf506 100644
--- a/zabbix.spec
+++ b/zabbix.spec
@@ -47,6 +47,8 @@ Source14:       zabbix-java-gateway.service
 Source15:       README-SSL.SUSE
 # PATCH-FIX-UPSTREAM zabbix-3.0.25-new-m4-pgsql.patch fix for opensuse issue caused/solved by bnc#1120035
 Patch0:         zabbix-3.0.25-new-m4-pgsql.patch
+# PATCH-FIX-UPSTREAN  CVE-2022-35230.patch fix for CVE-2022-35230 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae
+Patch1:         CVE-2022-35230.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
 BuildRequires:  autoconf
@@ -242,6 +244,7 @@ remotely.
 %prep
 %setup -q -n zabbix-%{version}
 %patch0
+%patch1
 
 cp %{SOURCE6} .
 # fix source & config files to respect adapted names