From f4b8e7ae14596dbfb65130dd051611cb372fea10db627c489a067c2a22c3fe80 Mon Sep 17 00:00:00 2001 From: Boris Manojlovic Date: Fri, 22 Jul 2022 23:17:29 +0000 Subject: [PATCH] Accepting request 990742 from home:bmanojlovic:branches:server:monitoring:zabbix - add CVE-2022-35230 patch file CVE-2022-35230.patch - updated to latest release 4.0.42 - New Features and Improvements + ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian, Romanian, Spanish and Vietnamese languages in frontend - Bug Fixes + ZBX-21123 Fixed crash when VMware VC was not available at the first moment when starting zabbix_server + ZBX-21137 Fixed VMware collector crash related to datastore state disconnected from all HVs + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped OBS-URL: https://build.opensuse.org/request/show/990742 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=37 --- CVE-2022-35230.patch | 15 +++++++++++++++ zabbix.changes | 5 +++++ zabbix.spec | 3 +++ 3 files changed, 23 insertions(+) create mode 100644 CVE-2022-35230.patch diff --git a/CVE-2022-35230.patch b/CVE-2022-35230.patch new file mode 100644 index 0000000..1c4c789 --- /dev/null +++ b/CVE-2022-35230.patch @@ -0,0 +1,15 @@ +Index: frontends/php/include/views/configuration.graph.edit.php +=================================================================== +--- frontends/php/include/views/configuration.graph.edit.php.orig 2022-06-28 08:59:47.000000000 +0200 ++++ frontends/php/include/views/configuration.graph.edit.php 2022-07-23 01:04:16.970847088 +0200 +@@ -409,6 +409,10 @@ $items_table->addRow( + ); + + foreach ($this->data['items'] as $n => $item) { ++ if (!$item['itemid']) { ++ continue; ++ } ++ + $name = $item['host'].NAME_DELIMITER.$item['name_expanded']; + + if (zbx_empty($item['drawtype'])) { diff --git a/zabbix.changes b/zabbix.changes index bdb3d7c..ea2d7ab 100644 --- a/zabbix.changes +++ b/zabbix.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jul 22 23:14:21 UTC 2022 - Boris Manojlovic + +- add CVE-2022-35230 patch file CVE-2022-35230.patch + ------------------------------------------------------------------- Fri Jul 22 22:44:34 UTC 2022 - Boris Manojlovic diff --git a/zabbix.spec b/zabbix.spec index 9dd6d52..1fbf506 100644 --- a/zabbix.spec +++ b/zabbix.spec @@ -47,6 +47,8 @@ Source14: zabbix-java-gateway.service Source15: README-SSL.SUSE # PATCH-FIX-UPSTREAM zabbix-3.0.25-new-m4-pgsql.patch fix for opensuse issue caused/solved by bnc#1120035 Patch0: zabbix-3.0.25-new-m4-pgsql.patch +# PATCH-FIX-UPSTREAN CVE-2022-35230.patch fix for CVE-2022-35230 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae +Patch1: CVE-2022-35230.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: autoconf @@ -242,6 +244,7 @@ remotely. %prep %setup -q -n zabbix-%{version} %patch0 +%patch1 cp %{SOURCE6} . # fix source & config files to respect adapted names