Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zabbix for openSUSE:Factory checked in at 2022-07-26 19:43:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zabbix (Old) and /work/SRC/openSUSE:Factory/.zabbix.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zabbix" Tue Jul 26 19:43:29 2022 rev:19 rq:990743 version:4.0.42 Changes: -------- --- /work/SRC/openSUSE:Factory/zabbix/zabbix.changes 2022-03-17 17:02:00.465708747 +0100 +++ /work/SRC/openSUSE:Factory/.zabbix.new.1533/zabbix.changes 2022-07-26 19:43:52.492900018 +0200 @@ -1,0 +2,19 @@ +Fri Jul 22 23:14:21 UTC 2022 - Boris Manojlovic <bo...@steki.net> + +- add CVE-2022-35230 patch file CVE-2022-35230.patch + +------------------------------------------------------------------- +Fri Jul 22 22:44:34 UTC 2022 - Boris Manojlovic <bo...@steki.net> + +- updated to latest release 4.0.42 +- New Features and Improvements + + ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database + + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian, + Romanian, Spanish and Vietnamese languages in frontend +- Bug Fixes + + ZBX-21123 Fixed crash when VMware VC was not available at the first moment when starting zabbix_server + + ZBX-21137 Fixed VMware collector crash related to datastore state disconnected from all HVs + + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name + + ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped + +------------------------------------------------------------------- Old: ---- zabbix-4.0.39.tar.gz New: ---- CVE-2022-35230.patch zabbix-4.0.42.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zabbix.spec ++++++ --- /var/tmp/diff_new_pack.WDNEus/_old 2022-07-26 19:43:53.156797429 +0200 +++ /var/tmp/diff_new_pack.WDNEus/_new 2022-07-26 19:43:53.160796811 +0200 @@ -23,7 +23,7 @@ %define agent_group zabbix %define SUSEfirewall_services_dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services Name: zabbix -Version: 4.0.39 +Version: 4.0.42 Release: 0 Summary: Distributed monitoring system License: GPL-2.0-or-later @@ -47,6 +47,8 @@ Source15: README-SSL.SUSE # PATCH-FIX-UPSTREAM zabbix-3.0.25-new-m4-pgsql.patch fix for opensuse issue caused/solved by bnc#1120035 Patch0: zabbix-3.0.25-new-m4-pgsql.patch +# PATCH-FIX-UPSTREAN CVE-2022-35230.patch fix for CVE-2022-35230 https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae +Patch1: CVE-2022-35230.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: autoconf @@ -242,6 +244,7 @@ %prep %setup -q -n zabbix-%{version} %patch0 +%patch1 cp %{SOURCE6} . # fix source & config files to respect adapted names ++++++ CVE-2022-35230.patch ++++++ Index: frontends/php/include/views/configuration.graph.edit.php =================================================================== --- frontends/php/include/views/configuration.graph.edit.php.orig 2022-06-28 08:59:47.000000000 +0200 +++ frontends/php/include/views/configuration.graph.edit.php 2022-07-23 01:04:16.970847088 +0200 @@ -409,6 +409,10 @@ $items_table->addRow( ); foreach ($this->data['items'] as $n => $item) { + if (!$item['itemid']) { + continue; + } + $name = $item['host'].NAME_DELIMITER.$item['name_expanded']; if (zbx_empty($item['drawtype'])) { ++++++ zabbix-4.0.39.tar.gz -> zabbix-4.0.42.tar.gz ++++++ /work/SRC/openSUSE:Factory/zabbix/zabbix-4.0.39.tar.gz /work/SRC/openSUSE:Factory/.zabbix.new.1533/zabbix-4.0.42.tar.gz differ: char 12, line 1