Hello, No, if you have reviewed it you can add the tag. Just anywhere in an email and Patchwork will parse and add credit. The reason why we are doing the tags is: * To give credit (because it very often is not only one person who has worked on something, but Git only allows one author field) * We know what has been reviewed * And if something is broken, there is a list of people who have been working on this who can be shot… joking… who can be consulted about why something was solved in a certain way, etc. You can also use Tested-by which is very helpful, too. Best, -Michael > On 12 Apr 2021, at 12:23, Adolf Belka wrote: > > Hi Michael, > > On 12/04/2021 12:27, Michael Tremer wrote: >> Hello Adolf, >> You can use the Reviewed-by: tag to mark a patch as reviewed by you: >> https://wiki.ipfire.org/devel/git/tags > I wasn't sure if I was OK for me to use the reviewed tag or if it was limited to specific people. I will use it in future now when I do a review of a patch. > > Regards, > Adolf. >> -Michael >>> On 9 Apr 2021, at 20:25, Adolf Belka wrote: >>> >>> Hi Robin, >>> >>> I am not knowledgeable enough about zabbix to make any comment about the conf file changes other than that I could follow your explanations of why they were being done. >>> >>> The lfs file changes look perfect to me. >>> >>> A general comment I would make is that when you want to do a v2 version then if you enter >>> >>> git patch-format -v2 -o ..... then the patches will be created automatically as [PATCH v2 1/3]. >>> >>> Note it is lower case v >>> >>> Regards, >>> >>> Adolf >>> >>> On 07/04/2021 22:44, Robin Roevens wrote: >>>> - Update from 4.2.6 to latest LTS version 5.0.10 >>>> See release notes: https://www.zabbix.com/rn/rn5.0.10 >>>> >>>> Signed-off-by: Robin Roevens >>>> --- >>>> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++-- >>>> lfs/zabbix_agentd | 11 ++- >>>> 2 files changed, 121 insertions(+), 14 deletions(-) >>>> >>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf >>>> index 21b8e0122..4d6c4c154 100644 >>>> --- a/config/zabbix_agentd/zabbix_agentd.conf >>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf >>>> @@ -63,14 +63,33 @@ LogFileSize=0 >>>> # Default: >>>> # SourceIP= >>>> -### Option: EnableRemoteCommands >>>> -# Whether remote commands from Zabbix server are allowed. >>>> -# 0 - not allowed >>>> -# 1 - allowed >>>> +### Option: AllowKey >>>> +# Allow execution of item keys matching pattern. >>>> +# Multiple keys matching rules may be defined in combination with DenyKey. >>>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. >>>> +# Parameters are processed one by one according their appearance order. >>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >>>> +# >>>> +# Mandatory: no >>>> + >>>> +### Option: DenyKey >>>> +# Deny execution of items keys matching pattern. >>>> +# Multiple keys matching rules may be defined in combination with AllowKey. >>>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. >>>> +# Parameters are processed one by one according their appearance order. >>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >>>> +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> -# EnableRemoteCommands=0 >>>> +# DenyKey=system.run[*] >>>> + >>>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead >>>> +# Internal alias for AllowKey/DenyKey parameters depending on value: >>>> +# 0 - DenyKey=system.run[*] >>>> +# 1 - AllowKey=system.run[*] >>>> +# >>>> +# Mandatory: no >>>> ### Option: LogRemoteCommands >>>> # Enable logging of executed shell commands as warnings. >>>> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1 >>>> # Default: >>>> # HostMetadataItem= >>>> +### Option: HostInterface >>>> +# Optional parameter that defines host interface. >>>> +# Host interface is used at host auto-registration process. >>>> +# An agent will issue an error and not start if the value is over limit of 255 characters. >>>> +# If not defined, value will be acquired from HostInterfaceItem. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-255 characters >>>> +# Default: >>>> +# HostInterface= >>>> + >>>> +### Option: HostInterfaceItem >>>> +# Optional parameter that defines an item used for getting host interface. >>>> +# Host interface is used at host auto-registration process. >>>> +# During an auto-registration request an agent will log a warning message if >>>> +# the value returned by specified item is over limit of 255 characters. >>>> +# This option is only used when HostInterface is not defined. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# HostInterfaceItem= >>>> + >>>> ### Option: RefreshActiveChecks >>>> # How often list of active checks is refreshed, in seconds. >>>> # >>>> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1 >>>> Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf >>>> - >>>> ####### USER-DEFINED MONITORED PARAMETERS ####### >>>> ### Option: UnsafeUserParameters >>>> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf >>>> # >>>> # Mandatory: no >>>> # Default: >>>> -# LoadModulePath=/usr/lib/modules >>>> +# LoadModulePath=${libdir}/modules >>>> LoadModulePath=/usr/lib/zabbix >>>> @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix >>>> # TLSCRLFile= >>>> ### Option: TLSServerCertIssuer >>>> -# Allowed server certificate issuer. >>>> +# Allowed server certificate issuer. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> # TLSServerCertIssuer= >>>> ### Option: TLSServerCertSubject >>>> -# Allowed server certificate subject. >>>> +# Allowed server certificate subject. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix >>>> # Mandatory: no >>>> # Default: >>>> # TLSPSKFile= >>>> + >>>> +####### For advanced users - TLS ciphersuite selection criteria ####### >>>> + >>>> +### Option: TLSCipherCert13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for certificate-based encryption. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherCert13= >>>> + >>>> +### Option: TLSCipherCert >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for certificate-based encryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >>>> +# Example for OpenSSL: >>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherCert= >>>> + >>>> +### Option: TLSCipherPSK13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for PSK-based encryption. >>>> +# Example: >>>> +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherPSK13= >>>> + >>>> +### Option: TLSCipherPSK >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for PSK-based encryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL >>>> +# Example for OpenSSL: >>>> +# kECDHEPSK+AES128:kPSK+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherPSK= >>>> + >>>> +### Option: TLSCipherAll13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. >>>> +# Example: >>>> +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherAll13= >>>> + >>>> +### Option: TLSCipherAll >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >>>> +# Example for OpenSSL: >>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherAll= >>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd >>>> index c69643a54..2d57b0dbe 100644 >>>> --- a/lfs/zabbix_agentd >>>> +++ b/lfs/zabbix_agentd >>>> @@ -1,7 +1,7 @@ >>>> ############################################################################### >>>> # # >>>> # IPFire.org - A linux based firewall # >>>> -# Copyright (C) 2007-2019 IPFire Team # >>>> +# Copyright (C) 2007-2021 IPFire Team # >>>> # # >>>> # This program is free software: you can redistribute it and/or modify # >>>> # it under the terms of the GNU General Public License as published by # >>>> @@ -24,7 +24,7 @@ >>>> include Config >>>> -VER = 4.2.6 >>>> +VER = 5.0.10 >>>> THISAPP = zabbix-$(VER) >>>> DL_FILE = $(THISAPP).tar.gz >>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) >>>> DIR_APP = $(DIR_SRC)/$(THISAPP) >>>> TARGET = $(DIR_INFO)/$(THISAPP) >>>> PROG = zabbix_agentd >>>> -PAK_VER = 4 >>>> +PAK_VER = 5 >>>> DEPS = >>>> ############################################################################### >>>> @@ -43,7 +43,7 @@ objects = $(DL_FILE) >>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>>> -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee >>>> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212 >>>> install : $(TARGET) >>>> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>>> --prefix=/usr \ >>>> --enable-agent \ >>>> --sysconfdir=/etc/zabbix_agentd \ >>>> - --with-openssl >>>> + --with-openssl \ >>>> + --with-libcurl >>>> cd $(DIR_APP) && make >>>> cd $(DIR_APP) && make install