In preparation for further changes, deduplicate package definitions,
and reorganize them. At the same time make use of provides to ensure
both existing names are preserved, and that it is possible to be
specific about the variant of the package one wants.
Also, condense the package conffiles, install, postinst, etc handling.
This is more maintainable (less copy and paste and less to modify).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
cspell.json was accidentally include in a previous commit, so remove it.
VARIANT is to be used in package definitions, and BUILD_VARIANT
for checking which VARIANT is currently being built. BUILD_VARIANT was
incorrectly used in a package definition, so we fix that.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
The last PR (https://github.com/openwrt/packages/pull/28370) missed
including two needed changes, and had a minor packaging Makefile
mistake.
The Zabbix Agent needs to drop privileges to the zabbix-agent user.
Similarly, if run as root (not the default), the Zabbix server needs to
drop privileges to the zabbix-server user.
There are also, in the Makefile, three instances of using BUILD_VARIANT
instead of VARIANT in package definitions.
So we fix those issues.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
For items which are only copied from the source code, avoid the
prepare, configure, and compile steps, while preserving the special
behaviour of the mac80211 addon, which has a unique prepare and
compile.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Avoid unnecessary duplication on zabbix-agentd package definitions by
using a common zabbix-agentd/Default and extending it for different
zabbix-agentd flavours.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
For security, per upstream recommendations, use a separate user for the
agent daemon and the server daemon.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Adds an initscript for zabbix_server, and related helper files
+ uses a zabbix_server uci conf to enable/disable startup
+ updates the default zabbix_server.conf to work with initscript
+ add a sysctl.d conf to set max-files more appropriate for zabbix_server
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Addresses the issue pointed out in #28165, which is that zabbix_agentd
always creates a PidFile and has no option to disable PidFile creation.
Therefore update the configuration file to default to create a PidFile
where we want it.
Close#28165
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Only show zabbix-server-frontend if the build dependency 'PACKEGE_php8' is
fulfilled. This means that 'zabbix-server-frotend' can only be selected if
PHP has also been enabled for building.
This change is needed to fix the following recursive dependency warning.
error: recursive dependency detected!
symbol PACKAGE_php8 is selected by PACKAGE_zabbix-server-frontend
symbol PACKAGE_zabbix-server-frontend depends on PHP8_DOM
symbol PHP8_DOM depends on PACKAGE_php8
For a resolution refer to Documentation/kbuild/kconfig-language.rst
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
For zabbix-server-frontend, the absence of php8-mod-filter results in
many of the frontend's pages failing to render. Therefore add this
module as a frontend dependency.
Without php8-mod-openssl the frontend fails with:
[13-Dec-2025 18:47:25 UTC] PHP Fatal error: Uncaught Error: Call to
undefined function openssl_random_pseudo_bytes() in
/www/zabbix/include/classes/helpers/CEncryptHelper.php:89
Stack trace:
CEncryptHelper::generateKey()
thrown in /www/zabbix/include/classes/helpers/CEncryptHelper.php on
line 89
Therefore add php8-mod-openssl as a frontend dependency.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)
Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.
Security fixes compared to 7.0.12 (most are frontend only):
* CVE-2025-27238: API hostprototype.get lists data to users with
insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
method user.get with param search:
https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
problem.view.refresh action:
https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
resource consumption: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
earlyoom checks the amount of available memory and swap at an adaptive
rate for up to 10 times per second. When both available memory and swap
are below threshold, it'll send SIGTERM or SIGKILL to the process with
the highest oom_score. Details about oom_score can be obtained at
https://man7.org/linux/man-pages/man5/proc_pid_oom_score.5.html
Signed-off-by: Alice H. <alice.hall0451+github@gmail.com>
Replace embedded ivykis with a separate package to improve
dependency management and enable library reuse.
The ivykis library now properly supports io_uring when
CONFIG_KERNEL_IO_URING is enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.0
Makefile changes
----------------
1. Disable experimental feature: stackdump
due to issues, which were reported to upstream
2. Disabled example modules to avoid adding libstdc++.so.6 dependency
Fixes:
Package syslog-ng is missing dependencies for the following libraries:
libstdc++.so.6
Other changes
-------------
In syslog-ng 4.8.0, there was added possibility to use value "current"
as version in the config file, so use it, which confirm to use
the latest version instead of bumping the version in the file
manually.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It adds a runtime test to verify that the compiled binary in
CI/CD runs without segfault and prints the version.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This changes a number of PKG_SOURCE_URLs that were using the http protocol to use https if available.
HTTPS was verified as functioning for the updated hosts.
Signed-off-by: Daniel Cousens <github@dcousens.com>
Files in `/etc/profile.d/` are marked as user configs and won't be
replaced to new version when update the package, so add a migration
script for this.
Fixes: #26709
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Iotop identifies processes that use high amount of input/output requests
on your machine. It is similar to the well known top utility, but
instead of showing you what consumes CPU the most, it lists processes by
their IO usage. Inspired by iotop Python script from Guillaume
Chazarain, rewritten in C by Vyacheslav Trushkin and improved by Boian
Bonev so it runs without Python at all.
Note that only targets that have KERNEL_TASKSTATS enabled will be able
to build this package.
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
