2 files changed, 242 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
new file mode 100644
index 0000000000..ea790f0a93
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
@@ -0,0 +1,241 @@
+From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001
+From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com>
+Date: Thu, 27 Jul 2023 12:43:02 +0000
+Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access
+ when using cURL
+Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0
+* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53':
+  ...G...PS. [DEV-2429] fixed unautorized file system access when using curl
+  .......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing
+CVE: CVE-2023-29450
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxembed/httprequest.c            |  4 +++
+ src/libs/zbxhistory/history_elastic.c      | 30 ++++++++++++++++++++++
+ src/libs/zbxhttp/http.c                    |  9 +++++++
+ src/libs/zbxmedia/email.c                  |  6 +++++
+ src/libs/zbxsysinfo/common/http.c          |  9 +++++++
+ src/libs/zbxsysinfo/simple/simple.c        | 11 ++++++++
+ src/zabbix_server/httppoller/httptest.c    |  9 +++++++
+ src/zabbix_server/reporter/report_writer.c | 10 ++++++++
+ src/zabbix_server/vmware/vmware.c          |  9 +++++++
+ 9 files changed, 97 insertions(+)
+diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
+index 7f0eed9..871b925 100644
+--- a/src/libs/zbxembed/httprequest.c
+++ b/src/libs/zbxembed/httprequest.c
+@@ -354,6 +354,10 @@ static duk_ret_t   es_httprequest_query(duk_context *ctx, const char *http_request
+        ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err);
+        ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err);
+        ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err);
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS, err);
+#endif
+        request->data_offset = 0;
+        request->headers_in_offset = 0;
+diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c
+index 8b3ea84..fc881da 100644
+--- a/src/libs/zbxhistory/history_elastic.c
+++ b/src/libs/zbxhistory/history_elastic.c
+@@ -406,6 +406,16 @@ static void        elastic_writer_add_iface(zbx_history_iface_t *hist)
+                goto out;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
+                       CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
+               goto out;
+       }
+#endif
+
+        *page_w[hist->value_type].errbuf = '\0';
+        if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type])))
+@@ -722,6 +732,16 @@ static int elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in
+                goto out;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
+                       CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
+               goto out;
+       }
+#endif
+
+        zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer);
+        page_r.offset = 0;
+@@ -1065,6 +1085,16 @@ void     zbx_elastic_version_extract(struct zbx_json *json)
+                goto clean;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS,
+                       CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
+               goto clean;
+       }
+#endif
+
+        *errbuf = '\0';
+        if (CURLE_OK != (err = curl_easy_perform(handle)))
+diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c
+index c10922c..36774cc 100644
+--- a/src/libs/zbxhttp/http.c
+++ b/src/libs/zbxhttp/http.c
+@@ -333,6 +333,15 @@ int        zbx_http_get(const char *url, const char *header, long timeout, char **out,
+                goto clean;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               *error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
+               goto clean;
+       }
+#endif
+
+        if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+        {
+                *error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err));
+diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c
+index 3b987d9..d3af744 100644
+--- a/src/libs/zbxmedia/email.c
+++ b/src/libs/zbxmedia/email.c
+@@ -661,6 +661,12 @@ static int send_email_curl(const char *smtp_server, unsigned short smtp_port, co
+        if ('\0' != *smtp_helo)
+                zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo);
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS | CURLPROTO_SMTP)))
+               goto error;
+#endif
+
+        if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+                goto error;
+diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c
+index acd77e1..8dc4793 100644
+--- a/src/libs/zbxsysinfo/common/http.c
+++ b/src/libs/zbxsysinfo/common/http.c
+@@ -176,6 +176,15 @@ static int curl_page_get(char *url, char **buffer, char **error)
+                goto out;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               *error = zbx_dsprintf(*error, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
+               goto out;
+       }
+#endif
+
+        if (CURLE_OK == (err = curl_easy_perform(easyhandle)))
+        {
+                if (NULL != buffer)
+diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c
+index be1b9f9..80c5eac 100644
+--- a/src/libs/zbxsysinfo/simple/simple.c
+++ b/src/libs/zbxsysinfo/simple/simple.c
+@@ -189,6 +189,17 @@ static int check_https(const char *host, unsigned short port, int timeout, int *
+                goto clean;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS,
+                       CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s",
+                               __func__, (int)opt, curl_easy_strerror(err));
+               goto clean;
+       }
+#endif
+
+        if (NULL != CONFIG_SOURCE_IP)
+        {
+                if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c
+index 0ff70ef..0201442 100644
+--- a/src/zabbix_server/httppoller/httptest.c
+++ b/src/zabbix_server/httppoller/httptest.c
+@@ -696,6 +696,15 @@ static void        process_httptest(DC_HOST *host, zbx_httptest_t *httptest)
+                goto clean;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               err_str = zbx_strdup(err_str, curl_easy_strerror(err));
+               goto clean;
+       }
+#endif
+
+        if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file,
+                        httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password,
+                        httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str))
+diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c
+index 87d1364..7530ed0 100644
+--- a/src/zabbix_server/reporter/report_writer.c
+++ b/src/zabbix_server/reporter/report_writer.c
+@@ -162,6 +162,16 @@ static int rw_get_report(const char *url, const char *cookie, int width, int hei
+                goto out;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt,
+                               (curl_error = rw_curl_error(err)));
+               goto out;
+       }
+#endif
+
+        if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE)
+        {
+                if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) ||
+diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c
+index b02c8c7..718d519 100644
+--- a/src/zabbix_server/vmware/vmware.c
+++ b/src/zabbix_server/vmware/vmware.c
+@@ -2045,6 +2045,15 @@ static int       vmware_service_authenticate(zbx_vmware_service_t *service, CURL *easy
+                goto out;
+        }
+#if LIBCURL_VERSION_NUM >= 0x071304
+       /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
+       if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
+       {
+               *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err));
+               goto out;
+       }
+#endif
+
+        if (NULL != CONFIG_SOURCE_IP)
+        {
+                if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+--
+2.35.5
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
index c373ed9f0c..9bed74b214 100644
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz
    file://CVE-2022-46768.patch \
    file://CVE-2023-29451.patch \
    file://CVE-2023-29449.patch \
+    file://CVE-2023-29450.patch \
 "
 SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"

diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch new file mode 100644 index 0000000000..ea790f0a93 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
@@ -0,0 +1,241 @@
		1	From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001
		2	From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com>
		3	Date: Thu, 27 Jul 2023 12:43:02 +0000
		4	Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access
		5	when using cURL
		6
		7	Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0
		8
		9	* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53':
		10	...G...PS. [DEV-2429] fixed unautorized file system access when using curl
		11	.......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing
		12
		13	CVE: CVE-2023-29450
		14
		15	Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d]
		16
		17	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		18	---
		19	src/libs/zbxembed/httprequest.c \| 4 +++
		20	src/libs/zbxhistory/history_elastic.c \| 30 ++++++++++++++++++++++
		21	src/libs/zbxhttp/http.c \| 9 +++++++
		22	src/libs/zbxmedia/email.c \| 6 +++++
		23	src/libs/zbxsysinfo/common/http.c \| 9 +++++++
		24	src/libs/zbxsysinfo/simple/simple.c \| 11 ++++++++
		25	src/zabbix_server/httppoller/httptest.c \| 9 +++++++
		26	src/zabbix_server/reporter/report_writer.c \| 10 ++++++++
		27	src/zabbix_server/vmware/vmware.c \| 9 +++++++
		28	9 files changed, 97 insertions(+)
		29
		30	diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
		31	index 7f0eed9..871b925 100644
		32	--- a/src/libs/zbxembed/httprequest.c
		33	+++ b/src/libs/zbxembed/httprequest.c
		34	@@ -354,6 +354,10 @@ static duk_ret_t es_httprequest_query(duk_context ctx, const char http_request
		35	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err);
		36	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err);
		37	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err);
		38	+#if LIBCURL_VERSION_NUM >= 0x071304
		39	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		40	+ ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS, err);
		41	+#endif
		42
		43	request->data_offset = 0;
		44	request->headers_in_offset = 0;
		45	diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c
		46	index 8b3ea84..fc881da 100644
		47	--- a/src/libs/zbxhistory/history_elastic.c
		48	+++ b/src/libs/zbxhistory/history_elastic.c
		49	@@ -406,6 +406,16 @@ static void elastic_writer_add_iface(zbx_history_iface_t *hist)
		50	goto out;
		51	}
		52
		53	+#if LIBCURL_VERSION_NUM >= 0x071304
		54	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		55	+ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
		56	+ CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		57	+ {
		58	+ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
		59	+ goto out;
		60	+ }
		61	+#endif
		62	+
		63	*page_w[hist->value_type].errbuf = '\0';
		64
		65	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type])))
		66	@@ -722,6 +732,16 @@ static int elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in
		67	goto out;
		68	}
		69
		70	+#if LIBCURL_VERSION_NUM >= 0x071304
		71	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		72	+ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
		73	+ CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		74	+ {
		75	+ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
		76	+ goto out;
		77	+ }
		78	+#endif
		79	+
		80	zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer);
		81
		82	page_r.offset = 0;
		83	@@ -1065,6 +1085,16 @@ void zbx_elastic_version_extract(struct zbx_json *json)
		84	goto clean;
		85	}
		86
		87	+#if LIBCURL_VERSION_NUM >= 0x071304
		88	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		89	+ if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS,
		90	+ CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		91	+ {
		92	+ zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
		93	+ goto clean;
		94	+ }
		95	+#endif
		96	+
		97	*errbuf = '\0';
		98
		99	if (CURLE_OK != (err = curl_easy_perform(handle)))
		100	diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c
		101	index c10922c..36774cc 100644
		102	--- a/src/libs/zbxhttp/http.c
		103	+++ b/src/libs/zbxhttp/http.c
		104	@@ -333,6 +333,15 @@ int zbx_http_get(const char url, const char header, long timeout, char **out,
		105	goto clean;
		106	}
		107
		108	+#if LIBCURL_VERSION_NUM >= 0x071304
		109	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		110	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		111	+ {
		112	+ *error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
		113	+ goto clean;
		114	+ }
		115	+#endif
		116	+
		117	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
		118	{
		119	*error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err));
		120	diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c
		121	index 3b987d9..d3af744 100644
		122	--- a/src/libs/zbxmedia/email.c
		123	+++ b/src/libs/zbxmedia/email.c
		124	@@ -661,6 +661,12 @@ static int send_email_curl(const char *smtp_server, unsigned short smtp_port, co
		125	if ('\0' != *smtp_helo)
		126	zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo);
		127
		128	+#if LIBCURL_VERSION_NUM >= 0x071304
		129	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		130	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS \| CURLPROTO_SMTP)))
		131	+ goto error;
		132	+#endif
		133	+
		134	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
		135	goto error;
		136
		137	diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c
		138	index acd77e1..8dc4793 100644
		139	--- a/src/libs/zbxsysinfo/common/http.c
		140	+++ b/src/libs/zbxsysinfo/common/http.c
		141	@@ -176,6 +176,15 @@ static int curl_page_get(char url, char buffer, char *error)
		142	goto out;
		143	}
		144
		145	+#if LIBCURL_VERSION_NUM >= 0x071304
		146	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		147	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		148	+ {
		149	+ error = zbx_dsprintf(error, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
		150	+ goto out;
		151	+ }
		152	+#endif
		153	+
		154	if (CURLE_OK == (err = curl_easy_perform(easyhandle)))
		155	{
		156	if (NULL != buffer)
		157	diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c
		158	index be1b9f9..80c5eac 100644
		159	--- a/src/libs/zbxsysinfo/simple/simple.c
		160	+++ b/src/libs/zbxsysinfo/simple/simple.c
		161	@@ -189,6 +189,17 @@ static int check_https(const char host, unsigned short port, int timeout, int
		162	goto clean;
		163	}
		164
		165	+#if LIBCURL_VERSION_NUM >= 0x071304
		166	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		167	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS,
		168	+ CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		169	+ {
		170	+ zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s",
		171	+ __func__, (int)opt, curl_easy_strerror(err));
		172	+ goto clean;
		173	+ }
		174	+#endif
		175	+
		176	if (NULL != CONFIG_SOURCE_IP)
		177	{
		178	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
		179	diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c
		180	index 0ff70ef..0201442 100644
		181	--- a/src/zabbix_server/httppoller/httptest.c
		182	+++ b/src/zabbix_server/httppoller/httptest.c
		183	@@ -696,6 +696,15 @@ static void process_httptest(DC_HOST host, zbx_httptest_t httptest)
		184	goto clean;
		185	}
		186
		187	+#if LIBCURL_VERSION_NUM >= 0x071304
		188	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		189	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		190	+ {
		191	+ err_str = zbx_strdup(err_str, curl_easy_strerror(err));
		192	+ goto clean;
		193	+ }
		194	+#endif
		195	+
		196	if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file,
		197	httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password,
		198	httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str))
		199	diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c
		200	index 87d1364..7530ed0 100644
		201	--- a/src/zabbix_server/reporter/report_writer.c
		202	+++ b/src/zabbix_server/reporter/report_writer.c
		203	@@ -162,6 +162,16 @@ static int rw_get_report(const char url, const char cookie, int width, int hei
		204	goto out;
		205	}
		206
		207	+#if LIBCURL_VERSION_NUM >= 0x071304
		208	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		209	+ if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		210	+ {
		211	+ error = zbx_dsprintf(error, "Cannot set cURL option %d: %s.", (int)opt,
		212	+ (curl_error = rw_curl_error(err)));
		213	+ goto out;
		214	+ }
		215	+#endif
		216	+
		217	if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE)
		218	{
		219	if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) \|\|
		220	diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c
		221	index b02c8c7..718d519 100644
		222	--- a/src/zabbix_server/vmware/vmware.c
		223	+++ b/src/zabbix_server/vmware/vmware.c
		224	@@ -2045,6 +2045,15 @@ static int vmware_service_authenticate(zbx_vmware_service_t service, CURL easy
		225	goto out;
		226	}
		227
		228	+#if LIBCURL_VERSION_NUM >= 0x071304
		229	+ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
		230	+ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP \| CURLPROTO_HTTPS)))
		231	+ {
		232	+ error = zbx_dsprintf(error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err));
		233	+ goto out;
		234	+ }
		235	+#endif
		236	+
		237	if (NULL != CONFIG_SOURCE_IP)
		238	{
		239	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
		240	--
		241	2.35.5


diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index c373ed9f0c..9bed74b214 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz
30	file://CVE-2022-46768.patch \	30	file://CVE-2022-46768.patch \
31	file://CVE-2023-29451.patch \	31	file://CVE-2023-29451.patch \
32	file://CVE-2023-29449.patch \	32	file://CVE-2023-29449.patch \
		33	file://CVE-2023-29450.patch \
33	"	34	"
34		35
35	SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"	36	SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"