Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)
Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.
Security fixes compared to 7.0.12 (most are frontend only):
* CVE-2025-27238: API hostprototype.get lists data to users with
insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
method user.get with param search:
https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
problem.view.refresh action:
https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
resource consumption: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0488c96b08)
- Install shared runtime for both full and fuller.
- Switch big to huge as big is just an alias to normal.
- Fix default config path for tiny variant.
- Use upstream default config for both full and fuller.
- Don't mark default config files for backup.
- Don't mix variant files.
- Mark fuller variant config files for backup.
- Update configure arguments and remove deprecated ones.
- Remove deprecated configuration variables.
- Improve descriptions.
- Fix the following error by installing the missing runtime files for
full and correctly installing the default config for tiny:
E1187: Failed to source defaults.vim
- Fix the following fuller error by installing the missing directory in
runtime:
Error detected while processing /usr/share/vim/vim91/plugin/netrwPlugin.vim:
line 7:
E919: Directory not found in 'packpath': "pack/*/opt/netrw"
Fixes: https://github.com/openwrt/packages/issues/20203
Fixes: https://github.com/openwrt/packages/issues/28104
Signed-off-by: George Sapkin <george@sapk.in>
This reverts commit cbdadd2f9e.
Seems to cause trouble at least in ipq806x/R7800, so let's revert
for cautionary reasons.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Fixes pgsql-server: the setup fails for any folder
Fixes#27228
Sets postgresql-specific configure flags that configure cannot run-test
to determine their value. This fixes improperly linked files that
prevent database initialization (at least) from working on the device.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0bb3db019a)
* fixed f_uci function
* fixed f_switch function, reported in the turris forum
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit afce31650c)
This is a security release.
Security:
* CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
* CVE-2025-62408. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-jq53-42q6-pqr5
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit ebdb9536a9)
658b14b main: Add `stderr` option for cgi-exec to redirect stderr to stdout
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
(cherry picked from commit 90e227e755)
Remove many obsolete files.
Makefile:
* remove netifd-flavour related code
* remove trailing white spaces
Init-script:
* proper deletion of default network rules for IPv{4,6}
* fix netifd function error when IPv6 is enabled
* remove trailing white spaces
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 89e29f7141)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update irqbalance to version 1.9.5
* drop the original local meson patch, as meson is now properly adopted
by upstream. But patch meson.build to keep glib2 library statically
linked in order to avoid a dependency and indirect size increase.
* disable unnecessary functions via meson features settings
(capng, numa, systemd, thermal, ui)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 65d83de7f8)
* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
- Please note: the "rule" in the feed file now only includes parameters for the domain validator,
see readme for details. Please nuke a custom feed file from former versions - they are no longer
compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b085131830)
* split travelmate.s in a new central travelmate function library (usr/lib/travelmate-functions.sh) plus
a smal service script (/usr/bin/travelmate-service.sh)
* the vpn-, mail- and login scripts are now using the central function library
* rework the ntp hotplug script
* harden the config parsing
* support the curl interface option to specify which network pathway is used for outgoing requests
* the travelmate status now includes the backend- and frontend version information
* LuCI: use a special travelmate interface, e.g. trm_wwan or use an existing wwan interface
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 990bf69fd7)
Disable posting formality check status comments and adding related
labels while the security token is being figured out.
Link: https://github.com/openwrt/packages/pull/28011
Fixes: 2c558a8 ("ci: label formality failures")
Fixes: 7658669 ("multi-arch-test-build: post formal summaries to PR")
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 1f2d66502b)
Current odhcpd in master writes MAC addresses with colons in his lease file,
this new odhcpd format leads to a crash loop in unbound (if DHCPv4 to SLAAC is selected).
Just remove the colons, before the processing in slaac_eui64 begins, fixes#28032
Signed-off-by: Dirk Brenken <dev@brenken.org>
As the python3-distutils was dropped while bumping the version
to 3.13.9 via 97a92f2e7a, remove the
python3-distutils from all packages that are currently using it.
OpenWrt already uses recent enough releases of these packages
that have adapted to work without distutils, so the dependency
can be safely removed.
Signed-off-by: Til Kaiser <mail@tk154.de>
This commit removes the non-empty APN requirement for initial EPS
bearer. An empty APN value is valid and means that the modem will use a
network provided APN offered by the operator.
Signed-off-by: Simonas Tamošaitis <simsasss@gmail.com>
Set mmifacename default to "null" instead of an empty string to avoid
argument displacement when the value is not defined. Also remove leftover
debug comments from previous commit.
Signed-off-by: Ivan Diaz <diaz.it@icloud.com>
The backend now correctly supports multiple IP addresses and avoids
argument shifting when mmifacename is empty.
Signed-off-by: Ivan Diaz <diaz.it@icloud.com>
resolveip returns 0 on success. This means that the while loop
will just run until all tries are exhausted. But this was not
the intended behaviour.
Fixes: 20ea72607b ("openconnect: make host dependency more resilient")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
pbr 1.2.1-r35
Makefile:
* split uci-defaults into different purpose files
* add handling of netifd integration
Config:
* update with default values for all options (thanks @betonmischer86)
Init-script:
* add netifd integration handling
* add ip() function to emulate ip rule replace
* add netbird intrfaces support (thanks @egc112)
* reorganize loading/handling of options in load_package_config()
* improve display of interface triggers in service_triggers()
* remove chains cleanup from stop_service() due to exclusive use of fw4 nft files
* improve status_service() output
* drop input and postrouting as valid options for policy chain
Uci-defaults files:
* 91-pbr-nft: cosmetic improvements
Default nft files:
* drop use of input and postrouting chanins
Custom User files:
* dns-prefetch: functional improvements (thanks @betonmischer86)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
depending on the configuration there may be multiple
interfaces creating multiple time series always
reporting 0 value. omiting them from the export saves
resources. most notably cpu. this is limited to
counter types
Signed-off-by: Markus Hube <markus.hube@t-online.de>
As Hannu Nyman pointed out, in some cases the build of the package is
able to fail:
Package snapserver is missing dependencies for the following libraries:
libasound.so.2
He said: on some build runs, alsa is built (as required by other
packages), and if it is built before snapcast, it may be detected,
if the feature is not explicitly disabled in CMakeLists.txt.
Also: "I think that you could drop that AUDIO_SUPPORT conditional.
AUDIO_SUPPORT is selected e.g. if USB_SUPPORT is selected,
so it is not that big restriction."
Suggested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
Sort CMAKE_OPTIONS by alphabet and save a few bytes with tab character,
instead of repeating "CMAKE_OPTIONS +="
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
vim autodetects wayland if it's installed, but there's no dependency on
it which results in:
Package vim-full is missing dependencies for the following libraries:
libwayland-client.so.0
Fixes: 4406b79 ("vim: bump to 9.1.1918")
Signed-off-by: George Sapkin <george@sapk.in>
In this repository, we do have radicale2, so OpenWrt
community should switch to use that version.
This version (= 1.x.x) is really old, no longer developed
and there are newer versions, which can be used e.g.
version 2.x.x, in this repo as radicale2 or there is
also version 3.x.x, which is not packaged for OpenWrt so far.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
