new file mode 100644
@@ -0,0 +1,37 @@
+From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 13:51:03 +0800
+Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header
+ allows to access Frontend in maintenace mode
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e]
+CVE: CVE-2022-43515
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ ui/include/classes/user/CWebUser.php | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php
+index e6e651e..bfacce7 100644
+--- a/ui/include/classes/user/CWebUser.php
++++ b/ui/include/classes/user/CWebUser.php
+@@ -231,13 +231,11 @@ class CWebUser {
+ }
+
+ /**
+- * Get user ip address.
++ * Get user IP address.
+ *
+ * @return string
+ */
+ public static function getIp(): string {
+- return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '')
+- ? $_SERVER['HTTP_X_FORWARDED_FOR']
+- : $_SERVER['REMOTE_ADDR'];
++ return $_SERVER['REMOTE_ADDR'];
+ }
+ }
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,53 @@
+From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 14:23:34 +0800
+Subject: [PATCH] [DEV-2283] added validation of the scheduled report
+ generation URL to zabbix-web-service
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867]
+CVE: CVE-2022-46768
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index 391b58b..8452a3d 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -29,6 +29,7 @@ import (
+ "net/http"
+ "net/url"
+ "strconv"
++ "strings"
+ "time"
+
+ "github.com/chromedp/cdproto/emulation"
+@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ return
+ }
+
++ if u.Scheme != "http" && u.Scheme != "https" {
++ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest)
++ return
++ }
++
++ if !strings.HasSuffix(u.Path, "/zabbix.php") {
++ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest)
++ return
++ }
++
++ queryParams := u.Query()
++
++ if queryParams.Get("action") != "dashboard.print" {
++ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest)
++ return
++ }
++
+ log.Tracef(
+ "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s",
+ u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr)
+--
+2.25.1
+
@@ -26,6 +26,8 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \
file://0001-Fix-configure.ac.patch \
file://zabbix-agent.service \
+ file://CVE-2022-43515.patch \
+ file://CVE-2022-46768.patch \
"
SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"