From 0488c96b08a9f96b4a9de613db9ad08e2082a3ab Mon Sep 17 00:00:00 2001 From: "Daniel F. Dickinson" Date: Mon, 15 Dec 2025 02:49:33 -0500 Subject: [PATCH] zabbix: update to 7.0.21 (lts) Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version) Note that for the frontend, clearing browser cache, cookies and other site data for the zabbix frontend server may be necessary. Security fixes compared to 7.0.12 (most are frontend only): * CVE-2025-27238: API hostprototype.get lists data to users with insufficient authorization https://support.zabbix.com/browse/ZBX-26988 * CVE-2025-27236: User information disclosure via api_jsonrpc.php on method user.get with param search: https://support.zabbix.com/browse/ZBX-27060 * CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062 * CVE-2025-49641: Insufficient permission check for the problem.view.refresh action: https://support.zabbix.com/browse/ZBX-27063 * CVE-2025-49643: Frontend DoS vulnerability due to asymmetric resource consumption: https://support.zabbix.com/browse/ZBX-27284 Signed-off-by: Daniel F. Dickinson --- admin/zabbix/Makefile | 4 +-- .../patches/010-change-agentd-config.patch | 25 ++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/admin/zabbix/Makefile b/admin/zabbix/Makefile index 99ded40d5e..1a89460b53 100644 --- a/admin/zabbix/Makefile +++ b/admin/zabbix/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zabbix -PKG_VERSION:=7.0.12 +PKG_VERSION:=7.0.21 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \ https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/ -PKG_HASH:=6069ed604aa5e33fe631ccc68b782654a697071952a1cf365151655a0a122b05 +PKG_HASH:=a7f82c1610bc02e4ac42f5257c0265f92e32b51fb5e04b4ad29f72e97189d3ef PKG_MAINTAINER:=Etienne CHAMPETIER PKG_LICENSE:=AGPL-3.0-only diff --git a/admin/zabbix/patches/010-change-agentd-config.patch b/admin/zabbix/patches/010-change-agentd-config.patch index 7329113577..2dbae8baa5 100644 --- a/admin/zabbix/patches/010-change-agentd-config.patch +++ b/admin/zabbix/patches/010-change-agentd-config.patch @@ -1,3 +1,23 @@ +From da7f1292838f087e2179705f2778f78ddd85cba8 Mon Sep 17 00:00:00 2001 +From: "Daniel F. Dickinson" +Date: Wed, 17 Dec 2025 18:28:37 -0500 +Subject: [PATCH] zabbix_agentd: Tweak config file for OpenWrt + +Note: original patch had no header, header added 2025-12-16, while +bumping package version. + +1. Use syslog not a file for logging +2. Do not use PidFile +3. Only start in passive agent by default +4. Do not do active checks by default +5. Use the system hostname as hostname. +6. Include configurations under /etc/zabbix_agentd.conf.d/ + +Signed-off-by: Daniel F. Dickinson +--- + conf/zabbix_agentd.conf | 19 +++++++------------ + 1 file changed, 7 insertions(+), 12 deletions(-) + --- a/conf/zabbix_agentd.conf +++ b/conf/zabbix_agentd.conf @@ -3,12 +3,11 @@ @@ -53,13 +73,10 @@ ### Option: HostnameItem # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. # Does not support UserParameters or aliases. -@@ -326,8 +320,8 @@ Hostname=Zabbix server +@@ -545,5 +539,5 @@ Hostname=Zabbix server # Include= # Include=/usr/local/etc/zabbix_agentd.userparams.conf -# Include=/usr/local/etc/zabbix_agentd.conf.d/ # Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf +Include=/etc/zabbix_agentd.conf.d/ - - ####### USER-DEFINED MONITORED PARAMETERS ####### -