Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)
Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.
Security fixes compared to 7.0.12 (most are frontend only):
* CVE-2025-27238: API hostprototype.get lists data to users with
insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
method user.get with param search:
https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
problem.view.refresh action:
https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
resource consumption: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
earlyoom checks the amount of available memory and swap at an adaptive
rate for up to 10 times per second. When both available memory and swap
are below threshold, it'll send SIGTERM or SIGKILL to the process with
the highest oom_score. Details about oom_score can be obtained at
https://man7.org/linux/man-pages/man5/proc_pid_oom_score.5.html
Signed-off-by: Alice H. <alice.hall0451+github@gmail.com>
Replace embedded ivykis with a separate package to improve
dependency management and enable library reuse.
The ivykis library now properly supports io_uring when
CONFIG_KERNEL_IO_URING is enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.0
Makefile changes
----------------
1. Disable experimental feature: stackdump
due to issues, which were reported to upstream
2. Disabled example modules to avoid adding libstdc++.so.6 dependency
Fixes:
Package syslog-ng is missing dependencies for the following libraries:
libstdc++.so.6
Other changes
-------------
In syslog-ng 4.8.0, there was added possibility to use value "current"
as version in the config file, so use it, which confirm to use
the latest version instead of bumping the version in the file
manually.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It adds a runtime test to verify that the compiled binary in
CI/CD runs without segfault and prints the version.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This changes a number of PKG_SOURCE_URLs that were using the http protocol to use https if available.
HTTPS was verified as functioning for the updated hosts.
Signed-off-by: Daniel Cousens <github@dcousens.com>
Files in `/etc/profile.d/` are marked as user configs and won't be
replaced to new version when update the package, so add a migration
script for this.
Fixes: #26709
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Iotop identifies processes that use high amount of input/output requests
on your machine. It is similar to the well known top utility, but
instead of showing you what consumes CPU the most, it lists processes by
their IO usage. Inspired by iotop Python script from Guillaume
Chazarain, rewritten in C by Vyacheslav Trushkin and improved by Boian
Bonev so it runs without Python at all.
Note that only targets that have KERNEL_TASKSTATS enabled will be able
to build this package.
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
This commit allows building the package without downloading enterprise
numbers from the IANA PEN registry. This enables offline builds and
reduces storage usage, especially on devices with limited space.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
Now that we are building FreeIPMI library ipmitool will detect it
and since we are already passing --enable-intf-free it will build
support for FreeIPMI as well.
However, --enable-intf-free was previously no-op since it would just
fail to detect FreeIPMI and disable support for it but now it seems
that buildbots build FreeIPMI first and then ipmitool will fail with
missing dependency on FreeIPMI library.
Since FreeIPMI is quite big and previously ipmitool was built without
support for it anyway lets disable support for FreeIPMI in ipmitool and
if its required it can be made optional or as a package variant later.
This fixes building ipmitool via buildbots again.
Signed-off-by: Robert Marko <robimarko@gmail.com>
FreeIPMI provides in-band and out-of-band IPMI software based on the
IPMI v1.5/2.0 specification. The IPMI specification defines a set of
interfaces for platform management and is implemented by a number of
vendors for system management. The features of IPMI that most users
will be interested in are sensor monitoring, system event monitoring,
power control, and serial-over-LAN (SOL). The FreeIPMI tools and
libraries listed below should provide users with the ability to
access and utilize these and many other features. A number of useful
features for large HPC or cluster environments have also been
implemented into FreeIPMI.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
The entire /etc/munin should be backed up as it includes
user configuration for custom plugins and the muninlite.conf
config file which is useful to override the default NTP server.
Also we install muninlite.conf to /etc/munin/.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
