zabbix: update to 7.0.21 (lts)

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version) Note that for the frontend, clearing browser cache, cookies and other site data for the zabbix frontend server may be necessary. Security fixes compared to 7.0.12 (most are frontend only): * CVE-2025-27238: API hostprototype.get lists data to users with insufficient authorization https://support.zabbix.com/browse/ZBX-26988 * CVE-2025-27236: User information disclosure via api_jsonrpc.php on method user.get with param search: https://support.zabbix.com/browse/ZBX-27060 * CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062 * CVE-2025-49641: Insufficient permission check for the problem.view.refresh action: https://support.zabbix.com/browse/ZBX-27063 * CVE-2025-49643: Frontend DoS vulnerability due to asymmetric resource consumption: https://support.zabbix.com/browse/ZBX-27284 Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca> (cherry picked from commit 0488c96b08)
2025-12-21 21:24:31 +04:00 · 2025-12-15 02:49:33 -05:00
parent 24dad746aa
commit fdc246b0c6
2 changed files with 23 additions and 6 deletions
--- a/admin/zabbix/Makefile
+++ b/admin/zabbix/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=zabbix
-PKG_VERSION:=7.0.12
+PKG_VERSION:=7.0.21
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \
 	https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/
-PKG_HASH:=6069ed604aa5e33fe631ccc68b782654a697071952a1cf365151655a0a122b05
+PKG_HASH:=a7f82c1610bc02e4ac42f5257c0265f92e32b51fb5e04b4ad29f72e97189d3ef
 PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
 PKG_LICENSE:=AGPL-3.0-only
--- a/admin/zabbix/patches/010-change-agentd-config.patch
+++ b/admin/zabbix/patches/010-change-agentd-config.patch
@@ -1,3 +1,23 @@
 From da7f1292838f087e2179705f2778f78ddd85cba8 Mon Sep 17 00:00:00 2001
 From: "Daniel F. Dickinson" <dfdpublic@wildtechgarden.ca>
 Date: Wed, 17 Dec 2025 18:28:37 -0500
 Subject: [PATCH] zabbix_agentd: Tweak config file for OpenWrt
 Note: original patch had no header, header added 2025-12-16, while
 bumping package version.
 1. Use syslog not a file for logging
 2. Do not use PidFile
 3. Only start in passive agent by default
 4. Do not do active checks by default
 5. Use the system hostname as hostname.
 6. Include configurations under /etc/zabbix_agentd.conf.d/
 Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
 ---
 conf/zabbix_agentd.conf | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)
 --- a/conf/zabbix_agentd.conf
 +++ b/conf/zabbix_agentd.conf
@@ -3,12 +3,11 @@
@@ -53,13 +73,10 @@
 ### Option: HostnameItem
 #	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
 #	Does not support UserParameters or aliases.
-@@ -326,8 +320,8 @@ Hostname=Zabbix server
+@@ -545,5 +539,5 @@ Hostname=Zabbix server
 # Include=
 # Include=/usr/local/etc/zabbix_agentd.userparams.conf
 -# Include=/usr/local/etc/zabbix_agentd.conf.d/
 # Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
 +Include=/etc/zabbix_agentd.conf.d/
 ####### USER-DEFINED MONITORED PARAMETERS #######