Hello Adolf,

You can use the Reviewed-by: tag to mark a patch as reviewed by you:

  https://wiki.ipfire.org/devel/git/tags

-Michael

> On 9 Apr 2021, at 20:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Robin,
> 
> I am not knowledgeable enough about zabbix to make any comment about the conf file changes other than that I could follow your explanations of why they were being done.
> 
> The lfs file changes look perfect to me.
> 
> A general comment I would make is that when you want to do a v2 version then if you enter
> 
> git patch-format -v2 -o ..... then the patches will be created automatically as [PATCH v2 1/3].
> 
> Note it is lower case v
> 
> Regards,
> 
> Adolf
> 
> On 07/04/2021 22:44, Robin Roevens wrote:
>> - Update from 4.2.6 to latest LTS version 5.0.10
>>   See release notes: https://www.zabbix.com/rn/rn5.0.10
>> 
>> Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
>> ---
>>  config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++--
>>  lfs/zabbix_agentd                       |  11 ++-
>>  2 files changed, 121 insertions(+), 14 deletions(-)
>> 
>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
>> index 21b8e0122..4d6c4c154 100644
>> --- a/config/zabbix_agentd/zabbix_agentd.conf
>> +++ b/config/zabbix_agentd/zabbix_agentd.conf
>> @@ -63,14 +63,33 @@ LogFileSize=0
>>  # Default:
>>  # SourceIP=
>>  -### Option: EnableRemoteCommands
>> -#	Whether remote commands from Zabbix server are allowed.
>> -#	0 - not allowed
>> -#	1 - allowed
>> +### Option: AllowKey
>> +#	Allow execution of item keys matching pattern.
>> +#	Multiple keys matching rules may be defined in combination with DenyKey.
>> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>> +#	Parameters are processed one by one according their appearance order.
>> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
>> +#
>> +# Mandatory: no
>> +
>> +### Option: DenyKey
>> +#	Deny execution of items keys matching pattern.
>> +#	Multiple keys matching rules may be defined in combination with AllowKey.
>> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>> +#	Parameters are processed one by one according their appearance order.
>> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
>> +#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
>>  #
>>  # Mandatory: no
>>  # Default:
>> -# EnableRemoteCommands=0
>> +# DenyKey=system.run[*]
>> +
>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
>> +#	Internal alias for AllowKey/DenyKey parameters depending on value:
>> +#	0 - DenyKey=system.run[*]
>> +#	1 - AllowKey=system.run[*]
>> +#
>> +# Mandatory: no
>>    ### Option: LogRemoteCommands
>>  #	Enable logging of executed shell commands as warnings.
>> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
>>  # Default:
>>  # HostMetadataItem=
>>  +### Option: HostInterface
>> +#	Optional parameter that defines host interface.
>> +#	Host interface is used at host auto-registration process.
>> +#	An agent will issue an error and not start if the value is over limit of 255 characters.
>> +#	If not defined, value will be acquired from HostInterfaceItem.
>> +#
>> +# Mandatory: no
>> +# Range: 0-255 characters
>> +# Default:
>> +# HostInterface=
>> +
>> +### Option: HostInterfaceItem
>> +#	Optional parameter that defines an item used for getting host interface.
>> +#	Host interface is used at host auto-registration process.
>> +#	During an auto-registration request an agent will log a warning message if
>> +#	the value returned by specified item is over limit of 255 characters.
>> +#	This option is only used when HostInterface is not defined.
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# HostInterfaceItem=
>> +
>>  ### Option: RefreshActiveChecks
>>  #	How often list of active checks is refreshed, in seconds.
>>  #
>> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
>>    Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>  -
>>  ####### USER-DEFINED MONITORED PARAMETERS #######
>>    ### Option: UnsafeUserParameters
>> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>  #
>>  # Mandatory: no
>>  # Default:
>> -# LoadModulePath=/usr/lib/modules
>> +# LoadModulePath=${libdir}/modules
>>    LoadModulePath=/usr/lib/zabbix
>>  @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
>>  # TLSCRLFile=
>>    ### Option: TLSServerCertIssuer
>> -#	Allowed server certificate issuer.
>> +#		Allowed server certificate issuer.
>>  #
>>  # Mandatory: no
>>  # Default:
>>  # TLSServerCertIssuer=
>>    ### Option: TLSServerCertSubject
>> -#	Allowed server certificate subject.
>> +#		Allowed server certificate subject.
>>  #
>>  # Mandatory: no
>>  # Default:
>> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
>>  # Mandatory: no
>>  # Default:
>>  # TLSPSKFile=
>> +
>> +####### For advanced users - TLS ciphersuite selection criteria #######
>> +
>> +### Option: TLSCipherCert13
>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherCert13=
>> +
>> +### Option: TLSCipherCert
>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
>> +#	Example for GnuTLS:
>> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>> +#	Example for OpenSSL:
>> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherCert=
>> +
>> +### Option: TLSCipherPSK13
>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
>> +#	Example:
>> +#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherPSK13=
>> +
>> +### Option: TLSCipherPSK
>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
>> +#	Example for GnuTLS:
>> +#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
>> +#	Example for OpenSSL:
>> +#		kECDHEPSK+AES128:kPSK+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherPSK=
>> +
>> +### Option: TLSCipherAll13
>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>> +#	Example:
>> +#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherAll13=
>> +
>> +### Option: TLSCipherAll
>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>> +#	Example for GnuTLS:
>> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>> +#	Example for OpenSSL:
>> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherAll=
>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
>> index c69643a54..2d57b0dbe 100644
>> --- a/lfs/zabbix_agentd
>> +++ b/lfs/zabbix_agentd
>> @@ -1,7 +1,7 @@
>>  ###############################################################################
>>  #                                                                             #
>>  # IPFire.org - A linux based firewall                                         #
>> -# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>                     #
>> +# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
>>  #                                                                             #
>>  # This program is free software: you can redistribute it and/or modify        #
>>  # it under the terms of the GNU General Public License as published by        #
>> @@ -24,7 +24,7 @@
>>    include Config
>>  -VER        = 4.2.6
>> +VER        = 5.0.10
>>    THISAPP    = zabbix-$(VER)
>>  DL_FILE    = $(THISAPP).tar.gz
>> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
>>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>>  TARGET     = $(DIR_INFO)/$(THISAPP)
>>  PROG       = zabbix_agentd
>> -PAK_VER    = 4
>> +PAK_VER    = 5
>>  DEPS       =
>>    ###############################################################################
>> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
>>    $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>  -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
>> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
>>    install : $(TARGET)
>>  @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>  		--prefix=/usr \
>>  		--enable-agent \
>>  		--sysconfdir=/etc/zabbix_agentd \
>> -		--with-openssl
>> +		--with-openssl \
>> +		--with-libcurl
>>    	cd $(DIR_APP) && make
>>  	cd $(DIR_APP) && make install