diff --git a/fix-x86-failed-offline.patch b/fix-x86-failed-offline.patch
deleted file mode 100644
index 7184aad01eb1a5b2c745405eb88ca75fa8b11dac..0000000000000000000000000000000000000000
--- a/fix-x86-failed-offline.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-diff -uNr zabbix-5.2.6/src/go/go.mod zabbix-5.2.6-new/src/go/go.mod
---- zabbix-5.2.6/src/go/go.mod	2021-03-29 17:21:28.000000000 +0800
-+++ zabbix-5.2.6-new/src/go/go.mod	2021-10-29 15:39:27.215189410 +0800
-@@ -20,7 +20,7 @@
- 	github.com/memcachier/mc/v3 v3.0.1
- 	github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce
- 	github.com/omeid/go-yarn v0.0.1
--	github.com/pkg/errors v0.9.1
-+	github.com/pkg/errors v0.9.1 // indirect
- 	golang.org/x/sys v0.0.0-20200428200454-593003d681fa
- 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
- 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
-diff -uNr zabbix-5.2.6/src/go/Makefile zabbix-5.2.6-new/src/go/Makefile
---- zabbix-5.2.6/src/go/Makefile	2021-03-29 17:21:41.000000000 +0800
-+++ zabbix-5.2.6-new/src/go/Makefile	2021-10-29 15:39:27.248189410 +0800
-@@ -536,7 +536,7 @@
- all: build
- 
- build:
--	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -ldflags="${GOLDFLAGS}" -o bin ./...
-+	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -mod=vendor -ldflags="${GOLDFLAGS}" -o bin ./...
- 
- clean:
- 	go clean ./...
-@@ -544,7 +544,7 @@
- 
- install:
- 	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" GOBIN=${GOBIN} \
--		go install -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
-+		go install -mod=vendor -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
- 	test -f "$(DESTDIR)${prefix}/etc/zabbix_agent2.conf" || cp "conf/zabbix_agent2.conf" "$(DESTDIR)${prefix}/etc/zabbix_agent2.conf"
- 
- check:
-diff -uNr zabbix-5.2.6/src/go/Makefile.am zabbix-5.2.6-new/src/go/Makefile.am
---- zabbix-5.2.6/src/go/Makefile.am	2021-03-29 17:02:12.000000000 +0800
-+++ zabbix-5.2.6-new/src/go/Makefile.am	2021-10-29 15:39:27.248189410 +0800
-@@ -19,7 +19,7 @@
- all: build
- 
- build:
--	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -ldflags="${GOLDFLAGS}" -o bin ./...
-+	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -mod=vendor -ldflags="${GOLDFLAGS}" -o bin ./...
- 
- clean:
- 	go clean ./...
-@@ -27,7 +27,7 @@
- 
- install:
- 	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" GOBIN=${GOBIN} \
--		go install -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
-+		go install -mod=vendor -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
- 	test -f "$(DESTDIR)@AGENT2_CONFIG_FILE@" || cp "conf/zabbix_agent2.conf" "$(DESTDIR)@AGENT2_CONFIG_FILE@"
- 
- check:
-diff -uNr zabbix-5.2.6/src/go/Makefile.in zabbix-5.2.6-new/src/go/Makefile.in
---- zabbix-5.2.6/src/go/Makefile.in	2021-03-29 17:21:33.000000000 +0800
-+++ zabbix-5.2.6-new/src/go/Makefile.in	2021-10-29 15:39:27.248189410 +0800
-@@ -536,7 +536,7 @@
- all: build
- 
- build:
--	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -ldflags="${GOLDFLAGS}" -o bin ./...
-+	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" go build -mod=vendor -ldflags="${GOLDFLAGS}" -o bin ./...
- 
- clean:
- 	go clean ./...
-@@ -544,7 +544,7 @@
- 
- install:
- 	CGO_CFLAGS="${CGO_CFLAGS}" CGO_LDFLAGS="${CGO_LDFLAGS}" GOBIN=${GOBIN} \
--		go install -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
-+		go install -mod=vendor -ldflags="${GOLDFLAGS}" zabbix.com/cmd/zabbix_agent2
- 	test -f "$(DESTDIR)@AGENT2_CONFIG_FILE@" || cp "conf/zabbix_agent2.conf" "$(DESTDIR)@AGENT2_CONFIG_FILE@"
- 
- check:
diff --git a/fping3-sourceip-option.patch b/fping3-sourceip-option.patch
deleted file mode 100644
index 542a698471bb8d6055a550a6be943e2eb4a9cb6d..0000000000000000000000000000000000000000
--- a/fping3-sourceip-option.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -Nru zabbix-3.0.2.orig/src/libs/zbxicmpping/icmpping.c zabbix-3.0.2/src/libs/zbxicmpping/icmpping.c
---- zabbix-3.0.2.orig/src/libs/zbxicmpping/icmpping.c	2016-04-20 18:51:21.000000000 +0900
-+++ zabbix-3.0.2/src/libs/zbxicmpping/icmpping.c	2016-04-20 22:28:59.000000000 +0900
-@@ -42,34 +42,7 @@
- 
- static void	get_source_ip_option(const char *fping, const char **option, unsigned char *checked)
- {
--	FILE	*f;
--	char	*p, tmp[MAX_STRING_LEN];
--
--	zbx_snprintf(tmp, sizeof(tmp), "%s -h 2>&1", fping);
--
--	if (NULL == (f = popen(tmp, "r")))
--		return;
--
--	while (NULL != fgets(tmp, sizeof(tmp), f))
--	{
--		for (p = tmp; isspace(*p); p++)
--			;
--
--		if ('-' == p[0] && 'I' == p[1] && (isspace(p[2]) || ',' == p[2]))
--		{
--			*option = "-I";
--			continue;
--		}
--
--		if ('-' == p[0] && 'S' == p[1] && (isspace(p[2]) || ',' == p[2]))
--		{
--			*option = "-S";
--			break;
--		}
--	}
--
--	pclose(f);
--
-+	*option = "-S";
- 	*checked = 1;
- }
- 
diff --git a/gomodules-for-x86.tar.gz b/gomodules-for-x86.tar.gz
deleted file mode 100644
index 7f7f5289558785ca6ce997022f1fd012d809dc80..0000000000000000000000000000000000000000
Binary files a/gomodules-for-x86.tar.gz and /dev/null differ
diff --git a/zabbix-5.2.6.tar.gz b/zabbix-7.0.5.tar.gz
similarity index 40%
rename from zabbix-5.2.6.tar.gz
rename to zabbix-7.0.5.tar.gz
index a91890158579b5ab52968535b4ec034b928b3546..2f2fa4a03b262ca876e05df6545442226a80283f 100644
Binary files a/zabbix-5.2.6.tar.gz and b/zabbix-7.0.5.tar.gz differ
diff --git a/zabbix-agent.init b/zabbix-agent.init
deleted file mode 100644
index 214bba1de556424d30a30163c032f8677a39ec5a..0000000000000000000000000000000000000000
--- a/zabbix-agent.init
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/sh
-#
-# chkconfig: - 86 14
-# description: Zabbix agent daemon
-# processname: zabbix_agentd
-# config: /etc/zabbix/zabbix_agentd.conf
-#
-
-### BEGIN INIT INFO
-# Provides: zabbix-agent
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: zabbix zabbix-proxy
-# Should-Stop: zabbix zabbix-proxy
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: Start and stop Zabbix agent
-# Description: Zabbix agent
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-if [ -x /usr/sbin/zabbix_agentd ]; then
-    exec=/usr/sbin/zabbix_agentd
-else
-    exit 5
-fi
-
-prog=${exec##*/}
-conf=/etc/zabbix/zabbix_agentd.conf
-pidfile=$(grep -e "^PidFile=.*$" $conf | cut -d= -f2 | tr -d '\r')
-timeout=10
-
-if [ -f /etc/sysconfig/zabbix-agent ]; then
-    . /etc/sysconfig/zabbix-agent
-fi
-
-lockfile=/var/lock/subsys/zabbix-agent
-
-start()
-{
-    echo -n $"Starting Zabbix agent: "
-    daemon $exec -c $conf
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && touch $lockfile
-    return $rv
-}
-
-stop()
-{
-    echo -n $"Shutting down Zabbix agent: "
-    killproc -p $pidfile -d $timeout $prog
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && rm -f $lockfile
-    return $rv
-}
-
-restart()
-{
-    stop
-    start
-}
-
-case "$1" in
-    start|stop|restart)
-        $1
-        ;;
-    force-reload)
-        restart
-        ;;
-    status)
-        status -p $pidfile $prog 
-        ;;
-    try-restart|condrestart)
-        if status $prog >/dev/null ; then
-            restart
-        fi
-        ;;
-    reload)
-        action $"Service ${0##*/} does not support the reload action: " /bin/false
-        exit 3
-        ;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
-	exit 2
-	;;
-esac
-
diff --git a/zabbix-agent.service b/zabbix-agent.service
index 64a7dd0c7613cf18aafb60303827f0a1af496133..aeed01b23a8f27f2385df0e53bb9fc80f4bff751 100644
--- a/zabbix-agent.service
+++ b/zabbix-agent.service
@@ -1,20 +1,11 @@
 [Unit]
-Description=Zabbix Agent
-After=syslog.target
-After=network.target
+Description=Zabbix Monitor Agent
+After=syslog.target network.target
 
 [Service]
-Environment="CONFFILE=/etc/zabbix/zabbix_agentd.conf"
-EnvironmentFile=-/etc/sysconfig/zabbix-agent
-Type=forking
-Restart=on-failure
-PIDFile=/run/zabbix/zabbix_agentd.pid
-KillMode=control-group
-ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE
-ExecStop=/bin/kill -SIGTERM $MAINPID
-RestartSec=10s
+Type=simple
+ExecStart=/usr/sbin/zabbix_agentd -f
 User=zabbix
-Group=zabbix
 
 [Install]
 WantedBy=multi-user.target
diff --git a/zabbix-agent.sysconfig b/zabbix-agent.sysconfig
deleted file mode 100644
index 6ebb06b7c6913ee5d4dc489825fb8250424692f2..0000000000000000000000000000000000000000
--- a/zabbix-agent.sysconfig
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration file for /etc/init.d/zabbix-agent service
-
-# User to run zabbix agent as
-ZABBIX_AGENT_USER=zabbix
diff --git a/zabbix-agent2.init b/zabbix-agent2.init
deleted file mode 100644
index e7a0224feb71c9cb89a0c1ec26ad8af768f30fcb..0000000000000000000000000000000000000000
--- a/zabbix-agent2.init
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/bin/sh
-#
-# chkconfig: - 86 14
-# description: Zabbix agent 2 daemon
-# processname: zabbix_agent2
-# config: /etc/zabbix/zabbix_agent2.conf
-#
-
-### BEGIN INIT INFO
-# Provides: zabbix-agent2
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: zabbix zabbix-proxy
-# Should-Stop: zabbix zabbix-proxy
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: Start and stop Zabbix agent 2
-# Description: Zabbix agent 2
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-if [ -x /usr/sbin/zabbix_agent2 ]; then
-    exec=/usr/sbin/zabbix_agent2
-else
-    exit 5
-fi
-
-prog=${exec##*/}
-conf=/etc/zabbix/zabbix_agent2.conf
-pidfile=$(grep -e "^PidFile=.*$" $conf | cut -d= -f2 | tr -d '\r')
-timeout=10
-
-if [ -f /etc/sysconfig/zabbix-agent2 ]; then
-    . /etc/sysconfig/zabbix-agent2
-fi
-
-if [ -n "$ZABBIX_AGENT_USER" ]; then
-    user_conf="--user=$ZABBIX_AGENT_USER"
-else
-    user_conf=''
-fi
-
-lockfile=/var/lock/subsys/zabbix-agent2
-
-start()
-{
-    echo -n $"Starting Zabbix agent 2: "
-    daemon $user_conf $exec -c $conf &
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && touch $lockfile
-    return $rv
-}
-
-stop()
-{
-    echo -n $"Shutting down Zabbix agent 2: "
-    killproc -p $pidfile -d $timeout $prog
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && rm -f $lockfile
-    return $rv
-}
-
-restart()
-{
-    stop
-    start
-}
-
-case "$1" in
-    start|stop|restart)
-        $1
-        ;;
-    force-reload)
-        restart
-        ;;
-    status)
-        status -p $pidfile $prog 
-        ;;
-    try-restart|condrestart)
-        if status $prog >/dev/null ; then
-            restart
-        fi
-        ;;
-    reload)
-        action $"Service ${0##*/} does not support the reload action: " /bin/false
-        exit 3
-        ;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
-	exit 2
-	;;
-esac
-
diff --git a/zabbix-agent2.service b/zabbix-agent2.service
deleted file mode 100644
index c7d02889285a981be6e0aae8d3ae09c05adfaa51..0000000000000000000000000000000000000000
--- a/zabbix-agent2.service
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Zabbix Agent 2
-After=syslog.target
-After=network.target
-
-[Service]
-Environment="CONFFILE=/etc/zabbix/zabbix_agent2.conf"
-EnvironmentFile=-/etc/sysconfig/zabbix-agent2
-Type=simple
-Restart=on-failure
-PIDFile=/run/zabbix/zabbix_agent2.pid
-KillMode=control-group
-ExecStart=/usr/sbin/zabbix_agent2 -c $CONFFILE
-ExecStop=/bin/kill -SIGTERM $MAINPID
-RestartSec=10s
-User=zabbix
-Group=zabbix
-
-[Install]
-WantedBy=multi-user.target
diff --git a/zabbix-agent2.sysconfig b/zabbix-agent2.sysconfig
deleted file mode 100644
index 900743c66c83abf4ad622fd432a1a18a4e390467..0000000000000000000000000000000000000000
--- a/zabbix-agent2.sysconfig
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration file for /etc/init.d/zabbix-agent2 service
-
-# User to run zabbix agent as
-ZABBIX_AGENT_USER=zabbix
diff --git a/config.patch b/zabbix-config.patch
similarity index 41%
rename from config.patch
rename to zabbix-config.patch
index 0f7ccb47b81d8e33b90f5d94caffed020e720113..5d61074e726b0ca1d668dc6a5f6341816a641a37 100644
--- a/config.patch
+++ b/zabbix-config.patch
@@ -1,7 +1,8 @@
-diff -urN 4.0.1.orig/ui/include/classes/core/CConfigFile.php 4.0.1/ui/include/classes/core/CConfigFile.php
---- 4.0.1.orig/ui/include/classes/core/CConfigFile.php	2018-10-29 19:00:25.270221980 +0200
-+++ 4.0.1/ui/include/classes/core/CConfigFile.php	2018-10-29 19:00:54.666586770 +0200
-@@ -25,7 +25,7 @@
+diff --git a/ui/include/classes/core/CConfigFile.php b/ui/include/classes/core/CConfigFile.php
+index d7ad93a..88b7d5f 100644
+--- a/ui/include/classes/core/CConfigFile.php
++++ b/ui/include/classes/core/CConfigFile.php
+@@ -20,7 +20,7 @@ class CConfigFile {
  	const CONFIG_ERROR = 2;
  	const CONFIG_VAULT_ERROR = 3;
  
@@ -10,10 +11,11 @@ diff -urN 4.0.1.orig/ui/include/classes/core/CConfigFile.php 4.0.1/ui/include/cl
  
  	private static $supported_db_types = [
  		ZBX_DB_MYSQL => true,
-diff -urN 4.0.1.orig/ui/include/classes/core/ZBase.php 4.0.1/ui/include/classes/core/ZBase.php
---- 4.0.1.orig/ui/include/classes/core/ZBase.php	2018-10-29 19:00:25.270221980 +0200
-+++ 4.0.1/ui/include/classes/core/ZBase.php	2018-10-29 19:00:36.450360730 +0200
-@@ -320,7 +320,7 @@
+diff --git a/ui/include/classes/core/ZBase.php b/ui/include/classes/core/ZBase.php
+index 51b2165..e57e5a8 100644
+--- a/ui/include/classes/core/ZBase.php
++++ b/ui/include/classes/core/ZBase.php
+@@ -392,7 +392,7 @@ class ZBase {
  	 * @throws Exception
  	 */
  	protected function setMaintenanceMode() {
@@ -22,32 +24,24 @@ diff -urN 4.0.1.orig/ui/include/classes/core/ZBase.php 4.0.1/ui/include/classes/
  
  		if (defined('ZBX_DENY_GUI_ACCESS')) {
  			if (!isset($ZBX_GUI_ACCESS_IP_RANGE) || !in_array(CWebUser::getIp(), $ZBX_GUI_ACCESS_IP_RANGE)) {
-@@ -289,7 +289,7 @@
+@@ -405,7 +405,7 @@ class ZBase {
  	 * Load zabbix config file.
  	 */
- 	protected function loadConfigFile() {
--		$configFile = $this->getRootDir().CConfigFile::CONFIG_FILE_PATH;
+ 	protected function loadConfigFile(): void {
+-		$configFile = $this->root_dir.CConfigFile::CONFIG_FILE_PATH;
 +		$configFile = CConfigFile::CONFIG_FILE_PATH;
+ 
  		$config = new CConfigFile($configFile);
- 		$this->config = $config->load();
- 	}
-diff -urN 4.0.1.orig/ui/include/classes/setup/CSetupWizard.php 4.0.1/ui/include/classes/setup/CSetupWizard.php
---- 4.0.1.orig/ui/include/classes/setup/CSetupWizard.php	2018-10-29 19:00:25.274222030 +0200
-+++ 4.0.1/ui/include/classes/setup/CSetupWizard.php	2018-10-29 19:00:36.450360730 +0200
-@@ -336,7 +336,7 @@
-
- 		$this->setConfig('ZBX_CONFIG_FILE_CORRECT', true);
  
--		$config_file_name = APP::getInstance()->getRootDir().CConfigFile::CONFIG_FILE_PATH;
-+		$config_file_name = CConfigFile::CONFIG_FILE_PATH;
- 		$config = new CConfigFile($config_file_name);
- 		$config->config = [
- 			'DB' => [
-@@ -507,7 +507,7 @@
+diff --git a/ui/include/classes/setup/CSetupWizard.php b/ui/include/classes/setup/CSetupWizard.php
+index 8574868..79d0c72 100644
+--- a/ui/include/classes/setup/CSetupWizard.php
++++ b/ui/include/classes/setup/CSetupWizard.php
+@@ -328,7 +328,7 @@ class CSetupWizard extends CForm {
  				// make zabbix.conf.php downloadable
  				header('Content-Type: application/x-httpd-php');
  				header('Content-Disposition: attachment; filename="'.basename(CConfigFile::CONFIG_FILE_PATH).'"');
--				$config = new CConfigFile(APP::getInstance()->getRootDir().CConfigFile::CONFIG_FILE_PATH);
+-				$config = new CConfigFile(APP::getRootDir().CConfigFile::CONFIG_FILE_PATH);
 +				$config = new CConfigFile(CConfigFile::CONFIG_FILE_PATH);
  				$config->config = [
  					'DB' => [
diff --git a/zabbix-configure-sscanf.patch b/zabbix-configure-sscanf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..811763549236acd8b3f595d982ea242c92efc1b8
--- /dev/null
+++ b/zabbix-configure-sscanf.patch
@@ -0,0 +1,17 @@
+sscanf needs <stdio.h> for the prototype.  Submitted upstream here:
+
+  <https://support.zabbix.com/browse/ZBX-21946>
+
+diff --git a/configure.ac b/configure.ac
+index 0588004f9f89cdd5..bbc60e3a28369f9f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -952,6 +952,7 @@ dnl FreeBSD 4.x does not support %llu
+ AC_MSG_CHECKING(for long long format)
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include <sys/types.h>
++#include <stdio.h>
+ int main()
+ {
+         uint64_t i;
+
diff --git a/zabbix-crypto-policy.patch b/zabbix-crypto-policy.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4f9f49a0c0d52e02f26b27d785c86ed03eb50928
--- /dev/null
+++ b/zabbix-crypto-policy.patch
@@ -0,0 +1,44 @@
+diff --git a/src/go/pkg/tls/tls.go b/src/go/pkg/tls/tls.go
+index b7ddff4..063eb02 100644
+--- a/src/go/pkg/tls/tls.go
++++ b/src/go/pkg/tls/tls.go
+@@ -406,6 +406,8 @@ static void *tls_new_context(const char *ca_file, const char *crl_file, const ch
+ #endif
+ 	if (NULL != cipher)
+ 		ciphers = cipher;
++	else
++		ciphers = "PROFILE=SYSTEM";
+ 
+ 	if (1 != SSL_CTX_set_cipher_list(ctx, ciphers))
+ 		goto out;
+diff --git a/src/libs/zbxcomms/tls_openssl.c b/src/libs/zbxcomms/tls_openssl.c
+index 40394a3..b2eb0f0 100644
+--- a/src/libs/zbxcomms/tls_openssl.c
++++ b/src/libs/zbxcomms/tls_openssl.c
+@@ -1212,7 +1212,7 @@ void	zbx_tls_init_child(const zbx_config_tls_t *config_tls, zbx_get_program_type
+ 				goto out;
+ 			}
+ 		}
+-		else if (1 != SSL_CTX_set_cipher_list(ctx_cert, ciphers))
++		else if (1 != SSL_CTX_set_cipher_list(ctx_cert, "PROFILE=SYSTEM"))
+ 		{
+ 			zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of certificate"
+ 					" ciphersuites:");
+@@ -1302,7 +1302,7 @@ void	zbx_tls_init_child(const zbx_config_tls_t *config_tls, zbx_get_program_type
+ 				goto out;
+ 			}
+ 		}
+-		else if (1 != SSL_CTX_set_cipher_list(ctx_psk, ciphers))
++		else if (1 != SSL_CTX_set_cipher_list(ctx_psk, "PROFILE=SYSTEM"))
+ 		{
+ 			zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of PSK ciphersuites:");
+ 			goto out;
+@@ -1360,7 +1360,7 @@ void	zbx_tls_init_child(const zbx_config_tls_t *config_tls, zbx_get_program_type
+ 				goto out;
+ 			}
+ 		}
+-		else if (1 != SSL_CTX_set_cipher_list(ctx_all, ciphers))
++		else if (1 != SSL_CTX_set_cipher_list(ctx_all, "PROFILE=SYSTEM"))
+ 		{
+ 			zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of all ciphersuites:");
+ 			goto out;
diff --git a/zabbix-java-gateway.init b/zabbix-java-gateway.init
deleted file mode 100644
index 6c1b55e5dea31fe65030e79b73f1e6145b7f1433..0000000000000000000000000000000000000000
--- a/zabbix-java-gateway.init
+++ /dev/null
@@ -1,134 +0,0 @@
-#! /bin/sh
-#
-# chkconfig: - 85 15
-# description: zabbix java gateway
-#
-
-### BEGIN INIT INFO
-# Provides: zabbix
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: start and stop zabbix java gateway
-# Description: Zabbix Java Gateway
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-# Source Zabbix Java Gateway configuration
-. /etc/zabbix/zabbix_java_gateway.conf
-
-if [ -r "/etc/sysconfig/zabbix-java-gateway" ]; then
-    . /etc/sysconfig/zabbix-java-gateway
-fi
-
-# Check that networking is up.
-[ ${NETWORKING} = "no" ] && exit 0
-
-RETVAL=0
-EXECDIR=/usr/sbin/zabbix_java
-
-case "$1" in
-    start)
-        echo -n "Starting zabbix java gateway: "
-        if [ -n "$PID_FILE" -a -e "$PID_FILE" ]; then
-            echo "zabbix java gateway is already running"
-            exit 1
-        fi
-
-        JAVA=${JAVA:-java}
-
-        JAVA_OPTIONS="-server $JAVA_OPTIONS"
-        if [ -z "$PID_FILE" ]; then
-            JAVA_OPTIONS="$JAVA_OPTIONS -Dlogback.configurationFile=logback-console.xml"
-        fi
-
-        cd $EXECDIR
-
-        CLASSPATH="lib"
-        for jar in {lib,bin}/*.jar; do
-            if [[ $jar != *junit* ]]; then
-                CLASSPATH="$CLASSPATH:$jar"
-            fi
-        done
-
-        if [ -n "$PID_FILE" ]; then
-            ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.pidFile=$PID_FILE"
-        fi
-        if [ -n "$LISTEN_IP" ]; then
-            ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.listenIP=$LISTEN_IP"
-        fi
-        if [ -n "$LISTEN_PORT" ]; then
-            ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.listenPort=$LISTEN_PORT"
-        fi
-        if [ -n "$START_POLLERS" ]; then
-            ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.startPollers=$START_POLLERS"
-        fi
-        if [ -n "$TIMEOUT" ]; then
-            ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.timeout=$TIMEOUT"
-        fi
-
-        tcp_timeout=${TIMEOUT:=3}000
-        ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dsun.rmi.transport.tcp.responseTimeout=$tcp_timeout"
-
-        COMMAND_LINE="$JAVA $JAVA_OPTIONS -classpath $CLASSPATH $ZABBIX_OPTIONS com.zabbix.gateway.JavaGateway"
-
-        if [ -n "$PID_FILE" ]; then
-            PID=$(su -s /bin/bash -c "$COMMAND_LINE > /dev/null 2>&1 & echo \$!" zabbix)
-            if ps -p $PID > /dev/null 2>&1; then
-                echo $PID > $PID_FILE
-            else
-                echo "zabbix java gateway did not start"
-                exit 1
-            fi
-        else
-            exec $COMMAND_LINE
-            RETVAL=$?
-        fi
-        ;;
-    stop)
-        echo -n "Shutting down zabbix java gateway: "
-        if [ -n "$PID_FILE" ]; then
-            if [ -e "$PID_FILE" ]; then
-                    kill `cat $PID_FILE` && rm $PID_FILE
-            else
-                echo "zabbix java gateway is not running"
-                exit 1
-            fi
-        else
-            echo "zabbix java gateway is not configured as a daemon: variable \$PID_FILE is not set"
-            exit 1
-        fi
-        ;;
-    restart)
-        $0 stop
-        $0 start
-        RETVAL=$?
-        ;;
-    condrestart)
-        if [ -n "$PID_FILE" -a -e "$PID_FILE" ]; then
-            $0 stop
-            $0 start
-        fi
-        RETVAL=$?
-        ;;
-    status)
-        status -p $PID_FILE $0
-        RETVAL=$?
-        exit $RETVAL
-        ;;
-    *)
-        echo "Usage: $0 {start|stop|restart|condrestart|status}"
-        exit 1
-        ;;
-esac
-
-[ "$RETVAL" -eq 0 ] && success $"$base startup" || failure $"$base startup"
-echo
-exit $RETVAL
-
diff --git a/zabbix-java-gateway.service b/zabbix-java-gateway.service
deleted file mode 100644
index 59a0b03a17154f575be60e0f9dcf05783fb47d18..0000000000000000000000000000000000000000
--- a/zabbix-java-gateway.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=Zabbix Java Gateway
-After=syslog.target
-After=network.target
-
-[Service]
-Type=forking
-KillMode=process
-PIDFile=/run/zabbix/zabbix_java.pid
-ExecStart=/usr/sbin/zabbix_java_gateway
-SuccessExitStatus=143
-User=zabbix
-Group=zabbix
-
-[Install]
-WantedBy=multi-user.target
diff --git a/zabbix-logrotate.in b/zabbix-logrotate.in
index 01cf6e217833a91c5be9d7f46484480572ba1d19..6eeea97d3b579da6be38dfcd38d4d0b43f7e0eb8 100644
--- a/zabbix-logrotate.in
+++ b/zabbix-logrotate.in
@@ -1,9 +1,8 @@
-/var/log/zabbix/zabbix_COMPONENT.log {
-	weekly
-	rotate 12
-	compress
-	delaycompress
+/var/log/USER/zabbix_COMPONENT.log {
 	missingok
+	monthly
 	notifempty
-	create 0664 zabbix zabbix
+	compress
+	copytruncate
+	su USER USER
 }
diff --git a/zabbix-nginx.conf b/zabbix-nginx.conf
deleted file mode 100644
index 2b8022fd564a0bd7b541797184299d87110926d9..0000000000000000000000000000000000000000
--- a/zabbix-nginx.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-server {
-#        listen          80;
-#        server_name     example.com;
-
-        root    /usr/share/zabbix;
-
-        index   index.php;
-
-        location = /favicon.ico {
-                log_not_found   off;
-        }
-
-        location / {
-                try_files       $uri $uri/ =404;
-        }
-
-        location /assets {
-                access_log      off;
-                expires         10d;
-        }
-
-        location ~ /\.ht {
-                deny            all;
-        }
-
-        location ~ /(api\/|conf[^\.]|include|locale) {
-                deny            all;
-                return          404;
-        }
-
-        location ~ [^/]\.php(/|$) {
-                fastcgi_pass    unix:/run/zabbix-php-fpm.sock;
-                fastcgi_split_path_info ^(.+\.php)(/.+)$;
-                fastcgi_index   index.php;
-
-                fastcgi_param   DOCUMENT_ROOT   /usr/share/zabbix;
-                fastcgi_param   SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
-                fastcgi_param   PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
-
-                include fastcgi_params;
-                fastcgi_param   QUERY_STRING    $query_string;
-                fastcgi_param   REQUEST_METHOD  $request_method;
-                fastcgi_param   CONTENT_TYPE    $content_type;
-                fastcgi_param   CONTENT_LENGTH  $content_length;
-
-                fastcgi_intercept_errors        on;
-                fastcgi_ignore_client_abort     off;
-                fastcgi_connect_timeout         60;
-                fastcgi_send_timeout            180;
-                fastcgi_read_timeout            180;
-                fastcgi_buffer_size             128k;
-                fastcgi_buffers                 4 256k;
-                fastcgi_busy_buffers_size       256k;
-                fastcgi_temp_file_write_size    256k;
-        }
-}
diff --git a/zabbix-out-of-tree.patch b/zabbix-out-of-tree.patch
new file mode 100644
index 0000000000000000000000000000000000000000..901d716d14f594ce4c4c52e017c031db55836e16
--- /dev/null
+++ b/zabbix-out-of-tree.patch
@@ -0,0 +1,157 @@
+diff --git a/src/go/Makefile.am b/src/go/Makefile.am
+index 3e24aa0..308e34b 100644
+--- a/src/go/Makefile.am
++++ b/src/go/Makefile.am
+@@ -67,6 +67,7 @@ clean: clean-go-build clean-sbom
+ 
+ clean-go-build:
+ 	-$(GO) clean ./...
++	-$(GO) clean $(srcdir)/...
+ 	-rm -f bin/mock_server
+ 	-rm -f bin/zabbix_agent2
+ 	-rm -f bin/zabbix_web_service
+@@ -89,9 +90,9 @@ install-bin/zabbix_agent2: bin/zabbix_agent2
+ 	$(INSTALL) -d "$(DESTDIR)$(sbindir)"
+ 	$(INSTALL_PROGRAM) bin/zabbix_agent2 "$(DESTDIR)$(sbindir)"
+ 	$(INSTALL) -d "$(DESTDIR)$(AGENT2_PLUGIN_CONFIG_DIR)"
+-	$(INSTALL_DATA) conf/zabbix_agent2.conf "$(DESTDIR)$(sysconfdir)"
++	$(INSTALL_DATA) $(top_srcdir)/src/go/conf/zabbix_agent2.conf "$(DESTDIR)$(sysconfdir)"
+ 	$(INSTALL) -d "$(DESTDIR)$(AGENT2_PLUGIN_CONFIG_DIR)"
+-	(cd conf/zabbix_agent2.d/plugins.d && \
++	(cd $(top_srcdir)/conf/zabbix_agent2.d/plugins.d && \
+ 	for _f in *.conf; do \
+ 		$(INSTALL_DATA) $${_f} "$(DESTDIR)$(AGENT2_PLUGIN_CONFIG_DIR)"; \
+ 	done)
+diff --git a/src/zabbix_agent/Makefile.am b/src/zabbix_agent/Makefile.am
+index b217fb5..945a673 100644
+--- a/src/zabbix_agent/Makefile.am
++++ b/src/zabbix_agent/Makefile.am
+@@ -69,4 +69,4 @@ zabbix_agentd_CFLAGS = \
+ install-data-hook:
+ 	$(MKDIR_P) "$(DESTDIR)$(AGENT_CONFIG_FILE).d"
+ 	$(MKDIR_P) "$(DESTDIR)$(LOAD_MODULE_PATH)"
+-	test -f "$(DESTDIR)$(AGENT_CONFIG_FILE)" || cp "../../conf/zabbix_agentd.conf" "$(DESTDIR)$(AGENT_CONFIG_FILE)"
++	test -f "$(DESTDIR)$(AGENT_CONFIG_FILE)" || cp "$(top_srcdir)/conf/zabbix_agentd.conf" "$(DESTDIR)$(AGENT_CONFIG_FILE)"
+diff --git a/src/zabbix_java/Makefile.am b/src/zabbix_java/Makefile.am
+index 43f8f19..48214c9 100644
+--- a/src/zabbix_java/Makefile.am
++++ b/src/zabbix_java/Makefile.am
+@@ -9,22 +9,22 @@ EXTRA_DIST = \
+ 	startup.sh
+ 
+ ZJG = bin/zabbix-java-gateway-$(VERSION).jar
+-LIB = lib/android-json-4.3_r3.1.jar:lib/logback-core-1.2.9.jar:lib/logback-classic-1.2.9.jar:lib/slf4j-api-1.7.32.jar
+-JUNIT = tests/junit-4.8.2.jar
++LIB = $(srcdir)/lib/android-json-4.3_r3.1.jar:$(srcdir)/lib/logback-core-1.2.3.jar:$(srcdir)/lib/logback-classic-1.2.3.jar:$(srcdir)/lib/slf4j-api-1.7.30.jar
++JUNIT = $(srcdir)/tests/junit-4.8.2.jar
+ 
+ ZJG_DEST = $(DESTDIR)$(sbindir)/zabbix_java
+ 
+ all: $(ZJG)
+ 
+-$(ZJG): class src/com/zabbix/gateway/*.java
+-	$(JAVAC) -d class/src -classpath $(LIB) src/com/zabbix/gateway/*.java
++$(ZJG): class $(srcdir)/src/com/zabbix/gateway/*.java
++	$(JAVAC) -d class/src -classpath $(LIB) $(srcdir)/src/com/zabbix/gateway/*.java
+ 	$(JAR) cf $(ZJG) -C class/src .
+ 
+ test: class
+ 	echo "badger useruser" > tests/com/zabbix/gateway/jmx_test_beans/jmxremote.password
+ 	chmod 600 tests/com/zabbix/gateway/jmx_test_beans/jmxremote.password
+-	$(JAVAC) tests/com/zabbix/gateway/jmx_test_beans/*.java
+-	$(JAVAC) -d class/tests -classpath class/src:$(JUNIT) tests/com/zabbix/gateway/*.java
++	$(JAVAC) tests/com/zabbix/gateway/jmx_$(srcdir)/test_beans/*.java
++	$(JAVAC) -d class/tests -classpath class/src:$(JUNIT) $(srcdir)/tests/com/zabbix/gateway/*.java
+ 	java -classpath class/tests:$(LIB):$(ZJG):$(JUNIT) com.zabbix.gateway.AllTestRunner
+ 
+ class:
+diff --git a/src/zabbix_js/Makefile.am b/src/zabbix_js/Makefile.am
+index 1e4fd93..2110656 100644
+--- a/src/zabbix_js/Makefile.am
++++ b/src/zabbix_js/Makefile.am
+@@ -5,30 +5,30 @@
+ zabbix_js_SOURCES = zabbix_js.c
+ 
+ zabbix_js_LDADD = \
+-	$(top_srcdir)/src/libs/zbxlog/libzbxlog.a \
+-	$(top_srcdir)/src/libs/zbxembed/libzbxembed.a \
+-	$(top_srcdir)/src/libs/zbxjson/libzbxjson.a \
+-	$(top_srcdir)/src/libs/zbxregexp/libzbxregexp.a \
+-	$(top_srcdir)/src/libs/zbxalgo/libzbxalgo.a \
+-	$(top_srcdir)/src/libs/zbxthreads/libzbxthreads.a \
+-	$(top_srcdir)/src/libs/zbxmutexs/libzbxmutexs.a \
+-	$(top_srcdir)/src/libs/zbxprof/libzbxprof.a \
+-	$(top_srcdir)/src/libs/zbxnix/libzbxnix.a \
+-	$(top_srcdir)/src/libs/zbxcomms/libzbxcomms.a \
+-	$(top_srcdir)/src/libs/zbxip/libzbxip.a \
+-	$(top_srcdir)/src/libs/zbxgetopt/libzbxgetopt.a \
+-	$(top_srcdir)/src/libs/zbxhash/libzbxhash.a \
+-	$(top_srcdir)/src/libs/zbxcrypto/libzbxcrypto.a \
+-	$(top_srcdir)/src/libs/zbxcompress/libzbxcompress.a \
+-	$(top_srcdir)/src/libs/zbxhttp/libzbxhttp.a \
+-	$(top_srcdir)/src/libs/zbxvariant/libzbxvariant.a \
+-	$(top_srcdir)/src/libs/zbxxml/libzbxxml.a \
+-	$(top_srcdir)/src/libs/zbxstr/libzbxstr.a \
+-	$(top_srcdir)/src/libs/zbxnum/libzbxnum.a \
+-	$(top_srcdir)/src/libs/zbxtime/libzbxtime.a \
+-	$(top_srcdir)/src/libs/zbxcommon/libzbxcommon.a \
+-	$(top_srcdir)/src/libs/zbxbincommon/libzbxbincommon.a \
+-	$(top_srcdir)/src/libs/zbxcurl/libzbxcurl.a
++	$(top_builddir)/src/libs/zbxlog/libzbxlog.a \
++	$(top_builddir)/src/libs/zbxembed/libzbxembed.a \
++	$(top_builddir)/src/libs/zbxjson/libzbxjson.a \
++	$(top_builddir)/src/libs/zbxregexp/libzbxregexp.a \
++	$(top_builddir)/src/libs/zbxalgo/libzbxalgo.a \
++	$(top_builddir)/src/libs/zbxthreads/libzbxthreads.a \
++	$(top_builddir)/src/libs/zbxmutexs/libzbxmutexs.a \
++	$(top_builddir)/src/libs/zbxprof/libzbxprof.a \
++	$(top_builddir)/src/libs/zbxnix/libzbxnix.a \
++	$(top_builddir)/src/libs/zbxcomms/libzbxcomms.a \
++	$(top_builddir)/src/libs/zbxip/libzbxip.a \
++	$(top_builddir)/src/libs/zbxgetopt/libzbxgetopt.a \
++	$(top_builddir)/src/libs/zbxhash/libzbxhash.a \
++	$(top_builddir)/src/libs/zbxcrypto/libzbxcrypto.a \
++	$(top_builddir)/src/libs/zbxcompress/libzbxcompress.a \
++	$(top_builddir)/src/libs/zbxhttp/libzbxhttp.a \
++	$(top_builddir)/src/libs/zbxvariant/libzbxvariant.a \
++	$(top_builddir)/src/libs/zbxxml/libzbxxml.a \
++	$(top_builddir)/src/libs/zbxstr/libzbxstr.a \
++	$(top_builddir)/src/libs/zbxnum/libzbxnum.a \
++	$(top_builddir)/src/libs/zbxtime/libzbxtime.a \
++	$(top_builddir)/src/libs/zbxcommon/libzbxcommon.a \
++	$(top_builddir)/src/libs/zbxbincommon/libzbxbincommon.a \
++	$(top_builddir)/src/libs/zbxcurl/libzbxcurl.a
+ 
+ zabbix_js_LDADD += @ZBXJS_LIBS@ $(LIBXML2_LIBS)
+ 
+diff --git a/src/zabbix_proxy/Makefile.am b/src/zabbix_proxy/Makefile.am
+index b56f8a8..44800a0 100644
+--- a/src/zabbix_proxy/Makefile.am
++++ b/src/zabbix_proxy/Makefile.am
+@@ -151,4 +151,4 @@ install-data-hook:
+ 	$(MKDIR_P) "$(DESTDIR)$(PROXY_CONFIG_FILE).d"
+ 	$(MKDIR_P) "$(DESTDIR)$(EXTERNAL_SCRIPTS_PATH)"
+ 	$(MKDIR_P) "$(DESTDIR)$(LOAD_MODULE_PATH)"
+-	test -f "$(DESTDIR)$(PROXY_CONFIG_FILE)" || cp "../../conf/zabbix_proxy.conf" "$(DESTDIR)$(PROXY_CONFIG_FILE)"
++	test -f "$(DESTDIR)$(PROXY_CONFIG_FILE)" || cp "$(top_srcdir)/conf/zabbix_proxy.conf" "$(DESTDIR)$(PROXY_CONFIG_FILE)"
+diff --git a/src/zabbix_server/Makefile.am b/src/zabbix_server/Makefile.am
+index 0a55934..a7f6a28 100644
+--- a/src/zabbix_server/Makefile.am
++++ b/src/zabbix_server/Makefile.am
+@@ -186,4 +186,4 @@ install-data-hook:
+ 	$(MKDIR_P) "$(DESTDIR)$(EXTERNAL_SCRIPTS_PATH)"
+ 	$(MKDIR_P) "$(DESTDIR)$(ALERT_SCRIPTS_PATH)"
+ 	$(MKDIR_P) "$(DESTDIR)$(LOAD_MODULE_PATH)"
+-	test -f "$(DESTDIR)$(SERVER_CONFIG_FILE)" || cp "../../conf/zabbix_server.conf" "$(DESTDIR)$(SERVER_CONFIG_FILE)"
++	test -f "$(DESTDIR)$(SERVER_CONFIG_FILE)" || cp "$(top_srcdir)/conf/zabbix_server.conf" "$(DESTDIR)$(SERVER_CONFIG_FILE)"
+--- zabbix-7.0.3/configure.ac.out-of-tree	2024-08-19 14:38:13.426482392 -0600
++++ zabbix-7.0.3/configure.ac	2024-08-19 14:40:30.842129965 -0600
+@@ -24,7 +24,7 @@
+ 
+ AC_CONFIG_HEADERS(include/common/config.h)
+ 
+-AC_SUBST(DEFAULT_INCLUDES, ['-I$(top_srcdir)/include/common -I$(top_srcdir)/include'])
++AC_SUBST(DEFAULT_INCLUDES, ['-I$(top_builddir)/include/common -I$(top_srcdir)/include/common -I$(top_srcdir)/include'])
+ 
+ AC_CANONICAL_HOST
+ 
diff --git a/zabbix-php-fpm.conf b/zabbix-php-fpm.conf
index 80b3c6b766e3ab0af75a7336fec99ac51447c021..fa38188578a37694f760a97651e659fe3e22503d 100644
--- a/zabbix-php-fpm.conf
+++ b/zabbix-php-fpm.conf
@@ -1,9 +1,9 @@
 [zabbix]
-user = wwwrun
-group = www
+user = apache
+group = apache
 
-listen = /run/zabbix-php-fpm.sock
-listen.owner = nginx
+listen = /run/php-fpm/zabbix.sock
+listen.acl_users = apache,nginx
 listen.allowed_clients = 127.0.0.1
 
 pm = dynamic
@@ -13,7 +13,7 @@ pm.min_spare_servers = 5
 pm.max_spare_servers = 35
 
 php_value[session.save_handler] = files
-php_value[session.save_path]    = /var/lib/php7
+php_value[session.save_path]    = /var/lib/php/session
 
 php_value[max_execution_time] = 300
 php_value[memory_limit] = 128M
diff --git a/zabbix-proxy-mysql.service b/zabbix-proxy-mysql.service
new file mode 100644
index 0000000000000000000000000000000000000000..ac9fad065562d8e463b6fe742919469db08e07f7
--- /dev/null
+++ b/zabbix-proxy-mysql.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Zabbix MySQL Proxy
+After=syslog.target network.target mysqld.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/zabbix_proxy -f
+User=zabbixsrv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-proxy-pgsql.service b/zabbix-proxy-pgsql.service
new file mode 100644
index 0000000000000000000000000000000000000000..f31cbac76016a9125bb236e624a2e02f15823a62
--- /dev/null
+++ b/zabbix-proxy-pgsql.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Zabbix PostgreSQL Proxy
+After=syslog.target network.target postgresql.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/zabbix_proxy -f
+User=zabbixsrv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-proxy-sqlite3.service b/zabbix-proxy-sqlite3.service
new file mode 100644
index 0000000000000000000000000000000000000000..703d7cd07ed2eed4fd5bc016688057ce89ae96b8
--- /dev/null
+++ b/zabbix-proxy-sqlite3.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Zabbix SQLite3 Proxy
+After=syslog.target network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/zabbix_proxy -f
+User=zabbixsrv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-proxy.init b/zabbix-proxy.init
deleted file mode 100644
index d5741fa5542e35224a633efc9037af66be217733..0000000000000000000000000000000000000000
--- a/zabbix-proxy.init
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/sh
-#
-# chkconfig: - 85 15
-# description: Zabbix proxy daemon
-# config: /etc/zabbix/zabbix_proxy.conf
-#
-
-### BEGIN INIT INFO
-# Provides: zabbix-proxy
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: Start and stop Zabbix proxy
-# Description: Zabbix proxy
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-if [ -x /usr/sbin/zabbix_proxy ]; then
-    exec=/usr/sbin/zabbix_proxy
-else
-    exit 5
-fi
-
-prog=${exec##*/}
-conf=/etc/zabbix/zabbix_proxy.conf
-pidfile=$(grep -e "^PidFile=.*$" $conf | cut -d= -f2 | tr -d '\r')
-timeout=10
-
-if [ -f /etc/sysconfig/zabbix-proxy ]; then
-    . /etc/sysconfig/zabbix-proxy
-fi
-
-lockfile=/var/lock/subsys/zabbix-proxy
-
-start()
-{
-    echo -n $"Starting Zabbix proxy: "
-    daemon $exec -c $conf
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && touch $lockfile
-    return $rv
-}
-
-stop()
-{
-    echo -n $"Shutting down Zabbix proxy: "
-    killproc -p $pidfile -d $timeout $prog
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && rm -f $lockfile
-    return $rv
-}
-
-restart()
-{
-    stop
-    start
-}
-
-case "$1" in
-    start|stop|restart)
-        $1
-        ;;
-    force-reload)
-        restart
-        ;;
-    status)
-        status -p $pidfile $prog
-        ;;
-    try-restart|condrestart)
-        if status $prog >/dev/null ; then
-            restart
-        fi
-        ;;
-    reload)
-        action $"Service ${0##*/} does not support the reload action: " /bin/false
-        exit 3
-        ;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
-	exit 2
-	;;
-esac
-
diff --git a/zabbix-proxy.service b/zabbix-proxy.service
deleted file mode 100644
index ea40b5a68add487abcb4a303f86684e09b69d8cf..0000000000000000000000000000000000000000
--- a/zabbix-proxy.service
+++ /dev/null
@@ -1,23 +0,0 @@
-[Unit]
-Description=Zabbix Proxy
-After=syslog.target
-After=network.target
-After=mysql.service
-After=mysqld.service
-After=mariadb.service
-After=postgresql.service
-
-[Service]
-Environment="CONFFILE=/etc/zabbix/zabbix_proxy.conf"
-EnvironmentFile=-/etc/sysconfig/zabbix-proxy
-Type=forking
-Restart=on-failure
-PIDFile=/run/zabbix/zabbix_proxy.pid
-KillMode=control-group
-ExecStart=/usr/sbin/zabbix_proxy -c $CONFFILE
-ExecStop=/bin/kill -SIGTERM $MAINPID
-RestartSec=10s
-TimeoutSec=0
-
-[Install]
-WantedBy=multi-user.target
diff --git a/zabbix-server-mysql.service b/zabbix-server-mysql.service
new file mode 100644
index 0000000000000000000000000000000000000000..d8d8a5a4090deb4408c392a99e8bf3d557c1bbf5
--- /dev/null
+++ b/zabbix-server-mysql.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Zabbix Server with MySQL DB
+After=syslog.target network.target mysqld.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/zabbix_server -f
+User=zabbixsrv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-server-pgsql.service b/zabbix-server-pgsql.service
new file mode 100644
index 0000000000000000000000000000000000000000..182b7e1dc5fb0f91c6592c4d1e91403bb6a26fea
--- /dev/null
+++ b/zabbix-server-pgsql.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Zabbix Server with PostgreSQL DB
+After=syslog.target network.target postgresql.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/zabbix_server -f
+User=zabbixsrv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-server.init b/zabbix-server.init
deleted file mode 100644
index b227b2cf9b4a0d1a9bd1027fcf372544f766ebed..0000000000000000000000000000000000000000
--- a/zabbix-server.init
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/sh
-#
-# chkconfig: - 85 15
-# description: Zabbix server daemon
-# config: /etc/zabbix/zabbix_server.conf
-#
-
-### BEGIN INIT INFO
-# Provides: zabbix
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: Start and stop Zabbix server
-# Description: Zabbix server
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-if [ -x /usr/sbin/zabbix_server ]; then
-    exec=/usr/sbin/zabbix_server
-else
-    exit 5
-fi
-
-prog=${exec##*/}
-conf=/etc/zabbix/zabbix_server.conf
-pidfile=$(grep -e "^PidFile=.*$" $conf | cut -d= -f2 | tr -d '\r')
-timeout=10
-
-if [ -f /etc/sysconfig/zabbix-server ]; then
-    . /etc/sysconfig/zabbix-server
-fi
-
-lockfile=/var/lock/subsys/zabbix-server
-
-start()
-{
-    echo -n $"Starting Zabbix server: "
-    daemon $exec -c $conf
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && touch $lockfile
-    return $rv
-}
-
-stop()
-{
-    echo -n $"Shutting down Zabbix server: "
-    killproc -p $pidfile -d $timeout $prog
-    rv=$?
-    echo
-    [ $rv -eq 0 ] && rm -f $lockfile
-    return $rv
-}
-
-restart()
-{
-    stop
-    start
-}
-
-case "$1" in
-    start|stop|restart)
-        $1
-        ;;
-    force-reload)
-        restart
-        ;;
-    status)
-        status -p $pidfile $prog
-        ;;
-    try-restart|condrestart)
-        if status $prog >/dev/null ; then
-            restart
-        fi
-        ;;
-    reload)
-        action $"Service ${0##*/} does not support the reload action: " /bin/false
-        exit 3
-        ;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
-	exit 2
-	;;
-esac
-
diff --git a/zabbix-server.service b/zabbix-server.service
deleted file mode 100644
index 43c41c40f12a57954e1ea938aac707828c1058d8..0000000000000000000000000000000000000000
--- a/zabbix-server.service
+++ /dev/null
@@ -1,23 +0,0 @@
-[Unit]
-Description=Zabbix Server
-After=syslog.target
-After=network.target
-After=mysql.service
-After=mysqld.service
-After=mariadb.service
-After=postgresql.service
-
-[Service]
-Environment="CONFFILE=/etc/zabbix/zabbix_server.conf"
-EnvironmentFile=-/etc/sysconfig/zabbix-server
-Type=forking
-Restart=on-failure
-PIDFile=/run/zabbix/zabbix_server.pid
-KillMode=control-group
-ExecStart=/usr/sbin/zabbix_server -c $CONFFILE
-ExecStop=/bin/kill -SIGTERM $MAINPID
-RestartSec=10s
-TimeoutSec=0
-
-[Install]
-WantedBy=multi-user.target
diff --git a/zabbix-tmpfiles-zabbix.conf b/zabbix-tmpfiles-zabbix.conf
new file mode 100644
index 0000000000000000000000000000000000000000..cce12dd15ce676dbc657cb67b02e2a65a3b6eba8
--- /dev/null
+++ b/zabbix-tmpfiles-zabbix.conf
@@ -0,0 +1 @@
+D /run/zabbix 0755 zabbix zabbix -
diff --git a/zabbix-tmpfiles-zabbixsrv.conf b/zabbix-tmpfiles-zabbixsrv.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f3f4b90d0960ea8e81577e2840e4927cf845b289
--- /dev/null
+++ b/zabbix-tmpfiles-zabbixsrv.conf
@@ -0,0 +1 @@
+D /run/zabbixsrv 0755 zabbixsrv zabbixsrv -
diff --git a/zabbix-tmpfiles.conf b/zabbix-tmpfiles.conf
deleted file mode 100644
index 815ca928bbe88af50daf019b5ba4f9dbeddb9b45..0000000000000000000000000000000000000000
--- a/zabbix-tmpfiles.conf
+++ /dev/null
@@ -1 +0,0 @@
-d /run/zabbix 0755 zabbix zabbix - -
diff --git a/zabbix-web-fcgi.conf b/zabbix-web.conf
similarity index 97%
rename from zabbix-web-fcgi.conf
rename to zabbix-web.conf
index e28a1604d32e8ed5ff7d5b3216d23b3e7f220d77..34c38b4d9a0d7c0d9fff7001a608ae7b1485a009 100644
--- a/zabbix-web-fcgi.conf
+++ b/zabbix-web.conf
@@ -4,8 +4,6 @@
 
 Alias /zabbix /usr/share/zabbix
 
-ProxyTimeout 300
-
 <Directory "/usr/share/zabbix">
     Options FollowSymLinks
     AllowOverride None
diff --git a/zabbix-web22.conf b/zabbix-web22.conf
deleted file mode 100644
index 6388fa6c97e8ebc37fda7d3f390e67e532290fb2..0000000000000000000000000000000000000000
--- a/zabbix-web22.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Zabbix monitoring system php web frontend
-#
-
-Alias /zabbix /usr/share/zabbix
-
-<Directory "/usr/share/zabbix">
-    Options FollowSymLinks
-    AllowOverride None
-    Order allow,deny
-    Allow from all
-
-    <IfModule mod_php5.c>
-        php_value max_execution_time 300
-        php_value memory_limit 128M
-        php_value post_max_size 16M
-        php_value upload_max_filesize 2M
-        php_value max_input_time 300
-        php_value max_input_vars 10000
-        php_value always_populate_raw_post_data -1
-        # php_value date.timezone Europe/Riga
-    </IfModule>
-</Directory>
-
-<Directory "/usr/share/zabbix/conf">
-    Order deny,allow
-    Deny from all
-    <files *.php>
-        Order deny,allow
-        Deny from all
-    </files>
-</Directory>
-
-<Directory "/usr/share/zabbix/app">
-    Order deny,allow
-    Deny from all
-    <files *.php>
-        Order deny,allow
-        Deny from all
-    </files>
-</Directory>
-
-<Directory "/usr/share/zabbix/include">
-    Order deny,allow
-    Deny from all
-    <files *.php>
-        Order deny,allow
-        Deny from all
-    </files>
-</Directory>
-
-<Directory "/usr/share/zabbix/local">
-    Order deny,allow
-    Deny from all
-    <files *.php>
-        Order deny,allow
-        Deny from all
-    </files>
-</Directory>
diff --git a/zabbix-web24.conf b/zabbix-web24.conf
deleted file mode 100644
index 16e78f275c5caa335ee4045a4b1bab39ec131e73..0000000000000000000000000000000000000000
--- a/zabbix-web24.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# Zabbix monitoring system php web frontend
-#
-
-Alias /zabbix /usr/share/zabbix
-
-<Directory "/usr/share/zabbix">
-    Options FollowSymLinks
-    AllowOverride None
-    Require all granted
-
-    <IfModule mod_php7.c>
-        php_value max_execution_time 300
-        php_value memory_limit 128M
-        php_value post_max_size 16M
-        php_value upload_max_filesize 2M
-        php_value max_input_time 300
-        php_value max_input_vars 10000
-        php_value always_populate_raw_post_data -1
-        # php_value date.timezone Europe/Riga
-    </IfModule>
-</Directory>
-
-<Directory "/usr/share/zabbix/conf">
-    Require all denied
-</Directory>
-
-<Directory "/usr/share/zabbix/app">
-    Require all denied
-</Directory>
-
-<Directory "/usr/share/zabbix/include">
-    Require all denied
-</Directory>
-
-<Directory "/usr/share/zabbix/local">
-    Require all denied
-</Directory>
diff --git a/zabbix.fc b/zabbix.fc
new file mode 100644
index 0000000000000000000000000000000000000000..a1e35562b8ac27d552c5c06648e05241bacad6a8
--- /dev/null
+++ b/zabbix.fc
@@ -0,0 +1,25 @@
+/etc/rc\.d/init\.d/(zabbix|zabbix-server)	--	gen_context(system_u:object_r:zabbix_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/zabbix-agentd	--	gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0)
+
+/usr/bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/bin/zabbix_agentd	--	gen_context(system_u:object_r:zabbix_agent_exec_t,s0)
+
+/usr/sbin/zabbix_agentd	--	gen_context(system_u:object_r:zabbix_agent_exec_t,s0)
+/usr/sbin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_server_mysql	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_server_pgsql	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_server_sqlite3	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_proxy	        --	gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_proxy_mysql   --  gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_proxy_pgsql   --  gen_context(system_u:object_r:zabbix_exec_t,s0)
+/usr/sbin/zabbix_proxy_sqlite3 --  gen_context(system_u:object_r:zabbix_exec_t,s0)
+
+/var/lib/zabbix(/.*)?    gen_context(system_u:object_r:zabbix_var_lib_t,s0)
+
+/var/lib/zabbixsrv(/.*)?	gen_context(system_u:object_r:zabbix_var_lib_t,s0)
+/var/lib/zabbixsrv/.*scripts(/.*)?    gen_context(system_u:object_r:zabbix_script_exec_t,s0)
+/var/lib/zabbixsrv/tmp(/.*)?	gen_context(system_u:object_r:zabbix_tmp_t,s0)
+
+/var/log/zabbix.*	gen_context(system_u:object_r:zabbix_log_t,s0)
+
+/var/run/zabbix(/.*)?	gen_context(system_u:object_r:zabbix_var_run_t,s0)
diff --git a/zabbix.if b/zabbix.if
new file mode 100644
index 0000000000000000000000000000000000000000..7cf8202abf0dda5317b76f0fcf48408ab122b015
--- /dev/null
+++ b/zabbix.if
@@ -0,0 +1,199 @@
+## <summary>Distributed infrastructure monitoring</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run zabbix.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`zabbix_domtrans',`
+	gen_require(`
+		type zabbix_t, zabbix_exec_t;
+	')
+
+	domtrans_pattern($1, zabbix_exec_t, zabbix_t)
+')
+
+########################################
+## <summary>
+##	Execute a domain transition to run zabbix_script.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`zabbix_script_domtrans',`
+	gen_require(`
+		type zabbix_script_t, zabbix_script_exec_t;
+	')
+
+	domtrans_pattern($1, zabbix_script_exec_t, zabbix_script_t)
+')
+
+########################################
+## <summary>
+## 	Allow connectivity to the zabbix server
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`zabbix_tcp_connect',`
+	gen_require(`
+		type zabbix_t;
+	')
+
+	corenet_sendrecv_zabbix_agent_client_packets($1)
+	corenet_tcp_connect_zabbix_port($1)
+	corenet_tcp_recvfrom_labeled($1, zabbix_t)
+	corenet_tcp_sendrecv_zabbix_port($1)
+')
+
+########################################
+## <summary>
+##	Allow the specified domain to read zabbix's log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`zabbix_read_log',`
+	gen_require(`
+		type zabbix_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, zabbix_log_t, zabbix_log_t)
+')
+
+########################################
+## <summary>
+##	Allow the specified domain to read zabbix's tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`zabbix_read_tmp',`
+	gen_require(`
+		type zabbix_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, zabbix_tmp_t, zabbix_tmp_t)
+')
+
+########################################
+## <summary>
+##	Allow the specified domain to append
+##	zabbix log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+interface(`zabbix_append_log',`
+	gen_require(`
+		type zabbix_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, zabbix_log_t, zabbix_log_t)
+')
+
+########################################
+## <summary>
+##	Read zabbix PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`zabbix_read_pid_files',`
+	gen_require(`
+		type zabbix_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 zabbix_var_run_t:file read_file_perms;
+')
+
+########################################
+## <summary>
+## 	Allow connectivity to a zabbix agent
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`zabbix_agent_tcp_connect',`
+	gen_require(`
+		type zabbix_t, zabbix_agent_t;
+	')
+
+	corenet_sendrecv_zabbix_agent_client_packets($1)
+	corenet_tcp_connect_zabbix_agent_port($1)
+	corenet_tcp_recvfrom_labeled($1, zabbix_t)
+	corenet_tcp_sendrecv_zabbix_agent_port($1)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an zabbix environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the zabbix domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`zabbix_admin',`
+	gen_require(`
+		type zabbix_t, zabbix_log_t, zabbix_var_run_t;
+		type zabbix_initrc_exec_t;
+	')
+
+	allow $1 zabbix_t:process signal_perms;
+	ps_process_pattern($1, zabbix_t)
+	tunable_policy(`deny_ptrace',`',`
+		allow $1 zabbix_t:process ptrace;
+	')
+
+	init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 zabbix_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	logging_list_logs($1)
+	admin_pattern($1, zabbix_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, zabbix_var_run_t)
+')
diff --git a/zabbix.spec b/zabbix.spec
index ae7dc4a21089c72bd6238ae5cdf92f27bbafa704..bac149b2216241168e9aa99f2f9c5030565581ea 100644
--- a/zabbix.spec
+++ b/zabbix.spec
@@ -1,1120 +1,806 @@
-Name:		zabbix
-Version:	5.2.6
-Release:	5
-Summary:	The Enterprise-class open source monitoring solution
-License:	GPLv2+
-URL:		http://www.zabbix.com/
-Source0:	%{name}-%{version}.tar.gz
-Source1:	zabbix-web22.conf
-Source2:	zabbix-web24.conf
-Source3:	zabbix-logrotate.in
-Source4:	zabbix-java-gateway.init
-Source5:	zabbix-agent.init
-Source6:	zabbix-server.init
-Source7:	zabbix-proxy.init
-Source10:	zabbix-agent.service
-Source11:	zabbix-server.service
-Source12:	zabbix-proxy.service
-Source13:	zabbix-java-gateway.service
-Source14:	zabbix_java_gateway-sysd
-Source15:	zabbix-tmpfiles.conf
-Source16:	zabbix-php-fpm.conf
-Source17:	zabbix-web-fcgi.conf
-Source18:	zabbix-nginx.conf
-Source19:	zabbix-agent2.service
-Source20:	zabbix-agent.sysconfig
-Source21:	zabbix-agent2.init
-Source22:	zabbix-agent2.sysconfig
-Source23:	gomodules-for-x86.tar.gz
-Patch0:		config.patch
-Patch1:		fping3-sourceip-option.patch
-Patch2:		fix-x86-failed-offline.patch
-
-
-Buildroot:	%{_tmppath}/zabbix-%{version}-%{release}-root-%(%{__id_u} -n)
-
-%{!?build_agent: %global build_agent 1}
-
-
-%ifarch x86_64
-%{!?build_agent2: %global build_agent2 1}
-%endif
-
-
+# TODO, maybe sometime:
+# * Allow for nginx?
+# * Consider using systemd's ReadWriteDirectories
+
+#TODO: systemctl reload seems to be necessary after switching with Alternatives
+#TODO: If the DB path for a Sqlite proxy is configured wrong, it requires systemctl restart. Start doesn't work.
+
+%global with_selinux 1
+%global selinuxtype targeted
+# go is needed for agent2, but there are missing deps
+%bcond_with go
+# Missing dependencies for the java connector
+%bcond_with java
+#%%global prerelease rc2
+
+Name:           zabbix
+Version:        7.0.5
+Release:        1
+Summary:        Open-source monitoring solution for your IT infrastructure
+License:        AGPL-3.0-only AND MIT AND GPL-2.0-or-later AND Zlib AND BSD-3-Clause AND BSD-2-Clause AND ISC
+URL:            https://www.zabbix.com
+Source0:        https://cdn.zabbix.com/zabbix/sources/stable/7.0/zabbix-%{version}.tar.gz
+Source1:        %{name}-web.conf
+Source2:        %{name}-php-fpm.conf
+Source5:        %{name}-logrotate.in
+Source9:        %{name}-tmpfiles-zabbix.conf
+# systemd units -- Alternatives switches between them (they state their dependencies)
+# https://support.zabbix.com/browse/ZBXNEXT-1593
+Source10:       %{name}-agent.service
+Source11:       %{name}-proxy-mysql.service
+Source12:       %{name}-proxy-pgsql.service
+Source13:       %{name}-proxy-sqlite3.service
+Source14:       %{name}-server-mysql.service
+Source15:       %{name}-server-pgsql.service
+Source17:       %{name}-tmpfiles-zabbixsrv.conf
+Source18:       %{name}.te
+Source19:       %{name}.if
+Source20:       %{name}.fc
+
+# This is not a symlink, because we don't want the webserver to possibly ever serve it.
+# local rules for config files
+Patch0:         %{name}-config.patch
+# Allow out-of-tree builds
+# https://support.zabbix.com/browse/ZBXNEXT-6077
+Patch1:         %{name}-out-of-tree.patch
+# Enforce Fedora Crypto Policy
+Patch2:         %{name}-crypto-policy.patch
+# Add <stdio> to sscanf check
+# https://support.zabbix.com/browse/ZBX-21946
+Patch3:         %{name}-configure-sscanf.patch
+
+# Patch1 patches automake files so we need to autoreconf
+BuildRequires:   libtool
+BuildRequires:   make
+BuildRequires:   mariadb-connector-c-devel
+BuildRequires:   libpq-devel
+BuildRequires:   sqlite-devel
+BuildRequires:   net-snmp-devel
+BuildRequires:   openldap-devel
+BuildRequires:   openssl-devel
+BuildRequires:   gnutls-devel
+BuildRequires:   unixODBC-devel
+BuildRequires:   curl-devel
+BuildRequires:   OpenIPMI-devel
+BuildRequires:   libssh2-devel
+BuildRequires:   libxml2-devel
+BuildRequires:   libevent-devel
+BuildRequires:   pcre2-devel
+BuildRequires:   gcc
+# For Agent 2 - has missing deps
+%if %{with go}
+BuildRequires:   gcc-go
+#BuildRequires:   golang(github.com/alimy/mc/v2)
+BuildRequires:   golang(github.com/docker/go-connections)
+#BuildRequires:   golang(github.com/dustin/gomemcached)
+BuildRequires:   golang(github.com/fsnotify/fsnotify)
+BuildRequires:   golang(github.com/go-ldap/ldap)
+#BuildRequires:   golang(github.com/go-ole/go-ole)
+BuildRequires:   golang(github.com/go-sql-driver/mysql)
+BuildRequires:   golang(github.com/godbus/dbus)
+#BuildRequires:   golang(github.com/jackc/pgx/v4)
+BuildRequires:   golang(github.com/mattn/go-sqlite3)
+#BuildRequires:   golang(github.com/mediocregopher/radix/v3)
+#BuildRequires:   golang(github.com/natefinch/npipe)
+#BuildRequires:   golang(github.com/testcontainers/testcontainers-go)
+#BuildRequires:   golang(golang.org/x/sys)
+%endif
+BuildRequires:   systemd
+# Needed to determine path to link to
+BuildRequires:   dejavu-sans-fonts
+
+Requires:        logrotate
+
+%if 0%{?with_selinux}
+# This ensures that the *-selinux package and all it’s dependencies are not pulled
+# into containers and other systems that do not use SELinux
+Requires:        (%{name}-selinux if selinux-policy-%{selinuxtype})
+%endif
+
+Provides:        bundled(md5-deutsch)
 
-%{!?build_proxy: %global build_proxy 1}
-%{!?build_java_gateway: %global build_java_gateway 1}
-
-%{!?build_server: %global build_server 1}
-%{!?build_frontend: %global build_frontend 1}
+%description
+Zabbix is software that monitors numerous parameters of a network and the
+health and integrity of servers. Zabbix uses a flexible notification mechanism
+that allows users to configure e-mail based alerts for virtually any event.
+This allows a fast reaction to server problems. Zabbix offers excellent
+reporting and data visualization features based on the stored data.
+This makes Zabbix ideal for capacity planning.
+
+Zabbix supports both polling and trapping. All Zabbix reports and statistics,
+as well as configuration parameters are accessed through a web-based front end.
+A web-based front end ensures that the status of your network and the health of
+your servers can be assessed from any location. Properly configured, Zabbix can
+play an important role in monitoring IT infrastructure. This is equally true
+for small organizations with a few servers and for large companies with a
+multitude of servers.
+
+%package dbfiles-mysql
+Summary:             Zabbix database schemas, images, data and patches
+BuildArch:           noarch
+
+%description dbfiles-mysql
+Zabbix database schemas, images, data and patches necessary for creating
+and/or updating MySQL databases
+
+%package dbfiles-pgsql
+Summary:             Zabbix database schemas, images, data and patches
+BuildArch:           noarch
+
+%description dbfiles-pgsql
+Zabbix database schemas, images, data and patches necessary for creating
+and/or updating PostgreSQL databases
+
+%package dbfiles-sqlite3
+Summary:             Zabbix database schemas and patches
+BuildArch:           noarch
+
+%description dbfiles-sqlite3
+Zabbix database schemas and patches necessary for creating
+and/or updating SQLite databases
+
+%package server
+Summary:             Zabbix server common files
+BuildArch:           noarch
+Requires:            %{name} = %{version}-%{release}
+Requires:            %{name}-server-implementation = %{version}-%{release}
+Requires:            fping
+Requires:            traceroute
+Requires(pre):       shadow-utils
+%{?systemd_requires}
+
+%description server
+Zabbix server common files
 
-%{!?build_with_mysql: %global build_with_mysql 1}
-%{!?build_with_pgsql: %global build_with_pgsql 1}
-%{!?build_with_sqlite: %global build_with_sqlite 1}
+%package server-mysql
+Summary:             Zabbix server compiled to use MySQL
+Requires:            %{name} = %{version}-%{release}
+Requires:            %{name}-dbfiles-mysql
+Requires:            %{name}-server = %{version}-%{release}
+Requires(post):      %{_sbindir}/update-alternatives
+Requires(postun):    %{_sbindir}/update-alternatives
+Provides:            %{name}-server-implementation = %{version}-%{release}
 
-%if 0%{build_with_mysql} == 0 && 0%{build_with_pgsql} == 0
-%global build_server 0
-%if 0%{build_with_sqlite} == 0
-%global build_proxy 0
-%endif
-%endif
+%description server-mysql
+Zabbix server compiled to use MySQL
 
-BuildRequires:	make
-BuildRequires:	mysql5-devel
-BuildRequires:	postgresql-devel
-BuildRequires:	sqlite-devel
-BuildRequires:	net-snmp-devel
-BuildRequires:	openldap-devel
-BuildRequires:	gnutls-devel
-BuildRequires:	unixODBC-devel
-BuildRequires:	curl-devel >= 7.13.1
-BuildRequires:	OpenIPMI-devel >= 2
-BuildRequires:	libssh-devel >= 0.9.0
-BuildRequires:	java-devel >= 1.6.0
-BuildRequires:	libxml2-devel
-BuildRequires:	libevent-devel
-BuildRequires:	pcre-devel
-BuildRequires:	openssl-devel >= 1.0.1
-BuildRequires:	systemd
-BuildRequires:	golang
-BuildRequires:  iputils
+%package server-pgsql
+Summary:             Zabbix server compiled to use PostgreSQL
+Requires:            %{name} = %{version}-%{release}
+Requires:            %{name}-server = %{version}-%{release}
+Requires:            %{name}-dbfiles-pgsql
+Requires(post):      %{_sbindir}/update-alternatives
+Requires(postun):    %{_sbindir}/update-alternatives
+Provides:            %{name}-server-implementation = %{version}-%{release}
 
-%description
-Zabbix is the ultimate enterprise-level software designed for
-real-time monitoring of millions of metrics collected from tens of
-thousands of servers, virtual machines and network devices.
+%description server-pgsql
+Zabbix server compiled to use PostgreSQL
 
 %package agent
-Summary:		Old Zabbix Agent
-Group:			Applications/Internet
-Requires:		logrotate
-Requires(pre):		/usr/sbin/useradd
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(preun):	systemd
-Obsoletes:		zabbix
-
-%if 0%{?build_agent2} != 1
-%description agent
-Zabbix agent to be installed on monitored systems.
+Summary:             Zabbix agent
+Requires:            %{name} = %{version}-%{release}
+Requires(pre):       shadow-utils
+%{?systemd_requires}
 
-%else
 %description agent
-Old implementation of zabbix agent.
-To be installed on monitored systems.
-
-%package agent2
-Summary:		New Zabbix Agent
-Group:			Applications/Internet
-Requires:		logrotate
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(preun):	systemd
-Obsoletes:		zabbix
-
-%description agent2
-New implementation of zabbix agent.
-To be installed on monitored systems.
-%endif
-
-%package get
-Summary:		Zabbix Get
-Group:			Applications/Internet
+Zabbix agent, to be installed on monitored systems
 
-%description get
-Zabbix get command line utility.
+%package proxy
+Summary:             Zabbix proxy common files
+BuildArch:           noarch
+Requires:            %{name} = %{version}-%{release}
+Requires:            %{name}-proxy-implementation = %{version}-%{release}
+Requires(pre):       shadow-utils
+%{?systemd_requires}
+Requires:            fping
 
-%package sender
-Summary:		Zabbix Sender
-Group:			Applications/Internet
-
-%description sender
-Zabbix sender command line utility.
-
-%package js
-Summary:		Zabbix JS
-Group:			Applications/Internet
-
-%description js
-Zabbix js command line utility.
+%description proxy
+Zabbix proxy commmon files
 
 %package proxy-mysql
-Summary:		Zabbix proxy for MySQL or MariaDB database
-Group:			Applications/Internet
-Requires:		fping
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Provides:		zabbix-proxy = %{version}-%{release}
-Provides:		zabbix-proxy-implementation = %{version}-%{release}
-Obsoletes:		zabbix
-Obsoletes:		zabbix-proxy
+Summary:             Zabbix proxy compiled to use MySQL
+Requires:            %{name}-proxy = %{version}-%{release}
+Requires:            %{name}-dbfiles-mysql
+Provides:            %{name}-proxy-implementation = %{version}-%{release}
+Requires(post):      %{_sbindir}/update-alternatives
+Requires(postun):    %{_sbindir}/update-alternatives
 
 %description proxy-mysql
-Zabbix proxy with MySQL or MariaDB database support.
+Zabbix proxy compiled to use MySQL
 
 %package proxy-pgsql
-Summary:		Zabbix proxy for PostgreSQL database
-Group:			Applications/Internet
-Requires:		fping
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Provides:		zabbix-proxy = %{version}-%{release}
-Provides:		zabbix-proxy-implementation = %{version}-%{release}
-Obsoletes:		zabbix
-Obsoletes:		zabbix-proxy
+Summary:             Zabbix proxy compiled to use PostgreSQL
+Requires:            %{name}-proxy = %{version}-%{release}
+Requires:            %{name}-dbfiles-pgsql
+Provides:            %{name}-proxy-implementation = %{version}-%{release}
+Requires(post):      %{_sbindir}/update-alternatives
+Requires(postun):    %{_sbindir}/update-alternatives
 
 %description proxy-pgsql
-Zabbix proxy with PostgreSQL database support.
+Zabbix proxy compiled to use PostgreSQL
 
 %package proxy-sqlite3
-Summary:		Zabbix proxy for SQLite3 database
-Group:			Applications/Internet
-Requires:		fping
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Provides:		zabbix-proxy = %{version}-%{release}
-Provides:		zabbix-proxy-implementation = %{version}-%{release}
-Obsoletes:		zabbix
-Obsoletes:		zabbix-proxy
+Summary:             Zabbix proxy compiled to use SQLite
+Requires:            %{name}-proxy = %{version}-%{release}
+Requires:            %{name}-dbfiles-sqlite3
+Provides:            %{name}-proxy-implementation = %{version}-%{release}
+Requires(post):      %{_sbindir}/update-alternatives
+Requires(postun):    %{_sbindir}/update-alternatives
 
 %description proxy-sqlite3
-Zabbix proxy with SQLite3 database support.
-
-%package server-mysql
-Summary:		Zabbix server for MySQL or MariaDB database
-Group:			Applications/Internet
-Requires:		fping
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Provides:		zabbix-server = %{version}-%{release}
-Provides:		zabbix-server-implementation = %{version}-%{release}
-Obsoletes:		zabbix
-Obsoletes:		zabbix-server
-
-%description server-mysql
-Zabbix server with MySQL or MariaDB database support.
-
-%package server-pgsql
-Summary:		Zabbix server for PostgresSQL database
-Group:			Applications/Internet
-Requires:		fping
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Provides:		zabbix-server = %{version}-%{release}
-Provides:		zabbix-server-implementation = %{version}-%{release}
-Obsoletes:		zabbix
-Obsoletes:		zabbix-server
-%description server-pgsql
-Zabbix server with PostgresSQL database support.
+Zabbix proxy compiled to use SQLite
 
 %package web
-Summary:		Zabbix web frontend common package
-Group:			Application/Internet
-BuildArch:		noarch
-Requires:		dejavu-sans-fonts
-Requires(post):		%{_sbindir}/update-alternatives
-Requires(preun):	%{_sbindir}/update-alternatives
+Summary:         Zabbix Web Frontend
+BuildArch:       noarch
+Requires:        php-bcmath
+Requires:        php-fpm
+Requires:        php-gd
+Requires:        php-gettext
+Requires:        php-json
+Requires:        php-ldap
+Requires:        php-mbstring
+Requires:        php-xml
+# jquery 3.6.0 and jquery-ui 1.13.2 in the sources
+Requires:        js-jquery >= 3.6.0
+Provides:        bundled(js-jquery-ui) = 1.13.2
+# prototype 1.6.1 in the sources, Fedora package is dead
+#Requires:        prototype
+Requires:        dejavu-sans-fonts
+Requires:        %{name} = %{version}-%{release}
+Requires:        %{name}-web-database = %{version}-%{release}
 
 %description web
-Zabbix web frontend common package
-
-%package web-deps
-Summary:		PHP dependencies metapackage for frontend
-Group:			Application/Internet
-BuildArch:		noarch
-Requires:		zabbix-web = %{version}-%{release}
-Requires:		php-gd >= 7.2
-Requires:		php-bcmath >= 7.2
-Requires:		php-mbstring >= 7.2
-Requires:		php-xml >= 7.2
-Requires:		php-ldap >= 7.2
-Requires:		php-json >= 7.2
-Requires:		php-fpm >= 7.2
-Requires:		zabbix-web = %{version}-%{release}
-Requires:		zabbix-web-database = %{version}-%{release}
-
-%description web-deps
-PHP dependencies metapackage for frontend
+The php frontend to display the Zabbix web interface.
 
 %package web-mysql
-Summary:		Zabbix web frontend for MySQL
-Group:			Applications/Internet
-BuildArch:		noarch
-Requires:		zabbix-web = %{version}-%{release}
-Requires:		zabbix-web-deps = %{version}-%{release}
-Requires:		php-mysqlnd
-Provides:		zabbix-web-database = %{version}-%{release}
+Summary:         Zabbix web frontend for MySQL
+BuildArch:       noarch
+Requires:        %{name}-web = %{version}-%{release}
+Requires:        php-mysqli
+Provides:        %{name}-web-database = %{version}-%{release}
 
 %description web-mysql
 Zabbix web frontend for MySQL
 
 %package web-pgsql
-Summary:		Zabbix web frontend for PostgreSQL
-Group:			Applications/Internet
-BuildArch:		noarch
-Requires:		zabbix-web = %{version}-%{release}
-Requires:		zabbix-web-deps = %{version}-%{release}
-Requires:		php-pgsql
-Provides:		zabbix-web-database = %{version}-%{release}
+Summary:         Zabbix web frontend for PostgreSQL
+BuildArch:       noarch
+Requires:        %{name}-web = %{version}-%{release}
+Requires:        php-pgsql
+Provides:        %{name}-web-database = %{version}-%{release}
 
 %description web-pgsql
 Zabbix web frontend for PostgreSQL
 
-%package apache-conf
-Summary:		Automatic zabbix frontend configuration with apache
-Group:			Applications/Internet
-BuildArch:		noarch
-Requires:		zabbix-web-deps = %{version}-%{release}
-Requires:		httpd
-
-%description apache-conf
-Zabbix frontend configuration for apache
-
-%package nginx-conf
-Summary:		Zabbix frontend configuration for nginx and php-fpm
-Group:			Applications/Internet
-BuildArch:		noarch
-Requires:		zabbix-web-deps = %{version}-%{release}
-Requires:		nginx
-
-%description nginx-conf
-Zabbix frontend configuration for nginx and php-fpm
-
-%package web-japanese
-Summary:		Japanese font settings for Zabbix frontend
-Group:			Applications/Internet
-BuildArch:		noarch
-Requires:		google-noto-sans-cjk-ttc-fonts
-Requires:		glibc-langpack-ja
-Requires:		zabbix-web = %{version}-%{release}
-Requires(post):		%{_sbindir}/update-alternatives
-Requires(preun):	%{_sbindir}/update-alternatives
-
-%description web-japanese
-Japanese font configuration for Zabbix web frontend
-
-%package java-gateway
-Summary:		Zabbix java gateway
-Group:			Applications/Internet
-Requires:		java-headless >= 1.6.0
-Requires(post):		systemd
-Requires(preun):	systemd
-Requires(postun):	systemd
-Obsoletes:		zabbix
-
-%description java-gateway
-Zabbix java gateway
-
-#
-# prep
-#
+%if %{with java}
+%package -n java-%{name}
+Summary:         Zabbix Java connector
+BuildArch:       noarch
+BuildRequires:   java-devel
+BuildRequires:   osgi(org.junit)
+BuildRequires:   osgi(slf4j.api)
+BuildRequires:   osgi(logback)
 
-%prep
-%setup0 -q -n %{name}-%{version}%{?alphatag}
-
-if ping -c 3 -w 20 8.8.8.8; then
-    echo "Internet ok"
-else
-%if 0%{?build_agent2}
-%setup -T -D -a 23
-mv vendor src/go/
+%description -n java-%{name}
+Zabbix Java connector.
 %endif
-    echo "Internet error"
-fi
-
-%if 0%{?build_frontend}
-%patch0 -p1
 
+%if 0%{?with_selinux}
+# SELinux subpackage
+%package selinux
+Summary:             Zabbix SELinux policy
+BuildArch:           noarch
+Requires:            selinux-policy-%{selinuxtype}
+Requires(post):      selinux-policy-%{selinuxtype}
+BuildRequires:       selinux-policy-devel
+%{?selinux_requires}
 
-## remove font file
-rm -f ui/assets/fonts/DejaVuSans.ttf
-
-# replace font in defines.inc.php
-sed -i -r "s/(define\(.*_FONT_NAME.*)DejaVuSans/\1graphfont/" \
-	ui/include/defines.inc.php
-
-# remove .htaccess files
-rm -f ui/app/.htaccess
-rm -f ui/conf/.htaccess
-rm -f ui/include/.htaccess
-rm -f ui/local/.htaccess
-
-# remove translation source files and scripts
-find ui/locale -name '*.po' | xargs rm -f
-find ui/locale -name '*.sh' | xargs rm -f
+%description selinux
+Custom SELinux policy module
 %endif
 
-%if 0%{?build_server} || 0%{?build_proxy} || 0%{?build_agent} || 0%{?build_agent2}
-%patch1 -p1
-%endif
 
-if ping -c 3 -w 20 8.8.8.8; then
-    echo "Internet ok"
-else
-%if 0%{?build_agent2}
-%patch2 -p1
-%endif
-    echo "Internet error"
-fi
-
-%if 0%{?build_server} || 0%{?build_proxy}
-# traceroute command path for global script
-sed -i -e 's|/usr/bin/traceroute|/bin/traceroute|' database/mysql/data.sql
-sed -i -e 's|/usr/bin/traceroute|/bin/traceroute|' database/postgresql/data.sql
-sed -i -e 's|/usr/bin/traceroute|/bin/traceroute|' database/sqlite3/data.sql
-%endif
-
-%if 0%{?build_server}
-# sql files for servers
-cat database/mysql/schema.sql > database/mysql/create.sql
-cat database/mysql/images.sql >> database/mysql/create.sql
-cat database/mysql/data.sql >> database/mysql/create.sql
-gzip database/mysql/create.sql
-
-cat database/postgresql/schema.sql > database/postgresql/create.sql
-cat database/postgresql/images.sql >> database/postgresql/create.sql
-cat database/postgresql/data.sql >> database/postgresql/create.sql
-gzip database/postgresql/create.sql
-gzip database/postgresql/timescaledb.sql
-%endif
-
-%if 0%{?build_proxy}
-# sql files for proxies
-gzip database/mysql/schema.sql
-gzip database/postgresql/schema.sql
-gzip database/sqlite3/schema.sql
-%endif
-
-%if 0%{?build_java_gateway}
-# change log directory for Java Gateway
-sed -i -e 's|/tmp/zabbix_java.log|/var/log/zabbix/zabbix_java_gateway.log|g' src/zabbix_java/lib/logback.xml
-%endif
-
-
-# Build consists of 1-3 configure/make passes, one for each database.
-# pass 1: is sqlite proxy, may be omitted.
-# pass 2: is pqsql server/proxy, may be omitted.
-# pass 3: If only one database is enabled, then it must occur with pass 3.
+%prep
+%autosetup -p1
+autoreconf
+
+# Remove bundled java libs
+find -name \*.jar -delete
+
+# Remove prebuilt Windows binaries
+rm -rf bin
+
+# Override creation of statically named directory for alertscripts and externalscripts
+# https://support.zabbix.com/browse/ZBX-6159
+sed -i '/CURL_SSL_.*_LOCATION\|SCRIPTS_PATH/s|\${datadir}/zabbix|/var/lib/zabbixsrv|' \
+    configure
+
+# Kill off .htaccess files, options set in SOURCE1
+find -name .htaccess -delete
+
+# Fix path to traceroute utility (on all Linux targets)
+find database -name 'data.sql' -exec sed -i 's|/usr/bin/traceroute|/bin/traceroute|' {} \;
+
+# Common
+# Settings with hard-coded defaults that are not suitable for Fedora
+# are explicitly set, leaving the comment with the default value in place.
+# Settings without hard-coded defaults are simply replaced -- be they
+# comments or explicit settings!
+
+# Also replace the datadir placeholder that is not expanded, but effective
+sed -i \
+    -e '\|^# LogFileSize=.*|a LogFileSize=0' \
+    -e 's|^DBUser=root|DBUser=zabbix|' \
+    -e 's|^# DBSocket=.*|DBSocket=%{_sharedstatedir}/mysql/mysql.sock|' \
+    -e '\|^# ExternalScripts=|a ExternalScripts=%{_sharedstatedir}/zabbixsrv/externalscripts' \
+    -e '\|^# AlertScriptsPath=|a AlertScriptsPath=%{_sharedstatedir}/zabbixsrv/alertscripts' \
+    -e '\|^# TmpDir=\/tmp|a TmpDir=%{_sharedstatedir}/zabbixsrv/tmp' \
+    -e 's|/usr/local||' \
+    -e 's|\${datadir}|/usr/share|' \
+    conf/zabbix_agentd.conf conf/zabbix_proxy.conf conf/zabbix_server.conf
+
+# Specific
+sed -i \
+    -e '\|^# PidFile=.*|a PidFile=%{_rundir}/zabbix/zabbix_agentd.pid' \
+    -e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbix/zabbix_agentd.log|' \
+    conf/zabbix_agentd.conf
+
+sed -i \
+    -e '\|^# PidFile=.*|a PidFile=%{_rundir}/zabbixsrv/zabbix_proxy.pid' \
+    -e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbixsrv/zabbix_proxy.log|' \
+    conf/zabbix_proxy.conf
+
+sed -i \
+    -e '\|^# PidFile=.*|a PidFile=%{_rundir}/zabbixsrv/zabbix_server.pid' \
+    -e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbixsrv/zabbix_server.log|' \
+    conf/zabbix_server.conf
 
 %build
-export GOPROXY=https://goproxy.cn
-build_conf_common="
-	--enable-dependency-tracking
-	--sysconfdir=/etc/zabbix
-	--libdir=%{_libdir}/zabbix
-	--enable-ipv6
-	--with-net-snmp
-	--with-ldap
-	--with-libcurl
-	--with-openipmi
-	--with-unixodbc
-	--with-ssh
-	--with-libxml2
-	--with-libevent
-	--with-libpcre
-	--with-openssl
-	
-"
 
-# setup pass 3
-%if 0%{?build_with_mysql} && ( 0%{?build_server} || 0%{?build_proxy} )
-build_conf_3="
-%if 0%{?build_server}
-	--enable-server
-%endif
-%if 0%{?build_proxy}
-	--enable-proxy
-%endif
-	--with-mysql
+common_flags="
+    --enable-dependency-tracking
+    --enable-proxy
+    --enable-ipv6
+    --with-net-snmp
+    --with-ldap
+    --with-libcurl
+    --with-openipmi
+    --with-unixodbc
+    --with-ssh2
+    --with-libxml2
+    --with-libevent
+    --with-libpcre2
+    --with-openssl
 "
+# Setup out of tree builds
+%global _configure ../configure
 
-build_db_3=mysql
+%if %{with java}
+export CLASSPATH=$(build-classpath junit slf4j-api logback-core logback-classic android-json)
 %endif
 
+# Frontend doesn't work for SQLite, thus don't build server
+mkdir -p build-frontend
+cd build-frontend
+%configure $common_flags --enable-agent --with-sqlite3 %{?with_go:--enable-agent2} %{?with_java:--enable-java}
+%make_build
+cd -
 
-# setup pass 2
-%if 0%{?build_with_pgsql} && ( 0%{?build_server} || 0%{?build_proxy} )
-build_conf_2="
-%if 0%{?build_server}
-	--enable-server
-%endif
-%if 0%{?build_proxy}
-	--enable-proxy
-%endif
-	--with-postgresql
-"
+mkdir -p build-server-mysql
+cd build-server-mysql
+%configure $common_flags --with-mysql --enable-server
+%make_build
+cd -
 
-if [ -z "$build_conf_3" ]; then
-	build_conf_3="$build_conf_2"
-	build_conf_2=""
-	build_db_3="pgsql"
-fi
-%endif
+mkdir -p build-server-postgresql
+cd build-server-postgresql
+%configure $common_flags --with-postgresql --enable-server
+%make_build
+cd -
 
+%if 0%{?with_selinux}
+# SELinux policy (originally from selinux-policy-contrib)
+# this policy module will override the production module
+mkdir selinux
+cp -p %{S:18} selinux/
+cp -p %{S:19} selinux/
+cp -p %{S:20} selinux/
 
-# setup pass 1
-%if 0%{?build_with_sqlite} && 0%{?build_proxy}
-build_conf_1="--enable-proxy --with-sqlite3"
-
-if [ -z "$build_conf_3" ]; then
-	build_conf_3="$build_conf_1"
-	build_conf_1=""
-	build_db_3=sqlite3
-fi
+make -f %{_datadir}/selinux/devel/Makefile %{name}.pp
+bzip2 -9 %{name}.pp
 %endif
 
 
-# add agents and java-gateway to pass 3
-build_conf_3="
-%if 0%{?build_agent}
-	--enable-agent
-%endif
-%if 0%{?build_agent2}
-	--enable-agent2
-%endif
-%if 0%{?build_java_gateway}
-	--enable-java
-%endif
-	$build_conf_3
-"
-
+%install
+# Install binaries
+%make_install -C build-frontend
+mv %{buildroot}%{_sbindir}/zabbix_proxy{,_sqlite3}
+%make_install -C build-server-mysql
+mv %{buildroot}%{_sbindir}/zabbix_proxy{,_mysql}
+mv %{buildroot}%{_sbindir}/zabbix_server{,_mysql}
+%make_install -C build-server-postgresql
+mv %{buildroot}%{_sbindir}/zabbix_proxy{,_pgsql}
+mv %{buildroot}%{_sbindir}/zabbix_server{,_pgsql}
+
+# Ghosted alternatives
+touch %{buildroot}%{_sbindir}/zabbix_{proxy,server}
+
+# Home directory for the agent;
+# The other home directory is created during installation
+mkdir -p %{buildroot}%{_sharedstatedir}/zabbix
+
+# Log directories
+mkdir -p %{buildroot}%{_localstatedir}/log/zabbix
+mkdir -p %{buildroot}%{_localstatedir}/log/zabbixsrv
+
+# systemd tmpfiles
+mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
+install -m 0644 -p %{S:9} %{buildroot}%{_prefix}/lib/tmpfiles.d/zabbix.conf
+install -m 0644 -p %{S:17} %{buildroot}%{_prefix}/lib/tmpfiles.d/zabbixsrv.conf
+mkdir -p %{buildroot}%{_rundir}
+install -d -m 0755 %{buildroot}%{_rundir}/zabbix/
+install -d -m 0755 %{buildroot}%{_rundir}/zabbixsrv/
+
+# Install the frontend after removing backup files from patching
+find ui -name '*.orig' -delete
+mkdir -p %{buildroot}%{_datadir}/%{name}
+cp -a ui/* %{buildroot}%{_datadir}/%{name}/
+
+# Prepare ghosted config file
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}/web
+touch %{buildroot}%{_sysconfdir}/%{name}/web/zabbix.conf.php
+
+# Replace bundled font
+[ -d %{_fontbasedir}/dejavu ] &&
+  ln -sf ../../../fonts/dejavu/DejaVuSans.ttf %{buildroot}%{_datadir}/%{name}/assets/fonts/
+[ -d %{_fontbasedir}/dejavu-sans-fonts ] &&
+  ln -sf ../../../fonts/dejavu-sans-fonts/DejaVuSans.ttf %{buildroot}%{_datadir}/%{name}/assets/fonts/
+
+# Replace JS libraries
+# There is no jquery-ui package yet
+ln -sf ../../../javascript/jquery/3/jquery.min.js %{buildroot}%{_datadir}/%{name}/js/vendors/jquery.js
+#ln -sf ../../../javascript/jquery-ui/1/jquery-ui.min.js %{buildroot}%{_datadir}/%{name}/js/vendors/jquery-ui.js
+
+# This file is used to switch the frontend to maintenance mode
+mv %{buildroot}%{_datadir}/%{name}/conf/maintenance.inc.php %{buildroot}%{_sysconfdir}/%{name}/web/maintenance.inc.php || :
+
+# Drop Apache config file in place
+mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
+install -m 0644 -p %{S:1} %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf
+
+# Drop php-fpm config file in place
+mkdir -p %{buildroot}%{_sysconfdir}/php-fpm.d
+install -m 0644 -p %{S:2} %{buildroot}%{_sysconfdir}/php-fpm.d/%{name}.conf
+
+# Install log rotation
+mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
+sed -e 's|COMPONENT|agentd|g; s|USER|zabbix|g' %{S:5} > \
+     %{buildroot}%{_sysconfdir}/logrotate.d/zabbix-agent
+sed -e 's|COMPONENT|server|g; s|USER|zabbixsrv|g' %{S:5} > \
+     %{buildroot}%{_sysconfdir}/logrotate.d/zabbix-server
+sed -e 's|COMPONENT|proxy|g; s|USER|zabbixsrv|g' %{S:5} > \
+     %{buildroot}%{_sysconfdir}/logrotate.d/zabbix-proxy
+
+# Install different systemd units because of the requirements for DBMS daemons
+mkdir -p %{buildroot}%{_unitdir}
+install -m 0644 -p %{S:10} %{buildroot}%{_unitdir}/zabbix-agent.service
+install -m 0644 -p %{S:11} %{buildroot}%{_unitdir}/zabbix-proxy-mysql.service
+install -m 0644 -p %{S:12} %{buildroot}%{_unitdir}/zabbix-proxy-pgsql.service
+install -m 0644 -p %{S:13} %{buildroot}%{_unitdir}/zabbix-proxy-sqlite3.service
+install -m 0644 -p %{S:14} %{buildroot}%{_unitdir}/zabbix-server-mysql.service
+install -m 0644 -p %{S:15} %{buildroot}%{_unitdir}/zabbix-server-pgsql.service
+
+# Ghosted alternatives 
+touch %{buildroot}%{_unitdir}/zabbix-server.service
+touch %{buildroot}%{_unitdir}/zabbix-proxy.service
+
+# Directory for fping spooling files 
+mkdir -p %{buildroot}%{_sharedstatedir}/zabbixsrv/tmp
+
+# Install sql files
+for db in postgresql mysql; do
+    mkdir %{buildroot}%{_datadir}/%{name}-$db
+    cp -p database/$db/*.sql %{buildroot}%{_datadir}/%{name}-$db
+done
+
+install -dm 755 %{buildroot}%{_datadir}/%{name}-sqlite3
+cp -p database/sqlite3/schema.sql %{buildroot}%{_datadir}/%{name}-sqlite3
+
+%if 0%{?with_selinux}
+install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
+%endif
+
+
+%post server
+%systemd_post zabbix-server.service
 
-# pass 1
-if [ -n "$build_conf_1" ]; then
-	%configure $build_conf_common $build_conf_1
-	make $make_flags
-	mv src/zabbix_proxy/zabbix_proxy src/zabbix_proxy/zabbix_proxy_sqlite3
+if [ $1 -gt 1 ] ; then
+  # Apply permissions also in *.rpmnew upgrades from old permissive ones
+  chmod 0640 %{_sysconfdir}/zabbix_server.conf
+  chown root:zabbixsrv %{_sysconfdir}/zabbix_server.conf
 fi
+:
 
+%post server-mysql
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_server \
+    %{name}-server %{_sbindir}/%{name}_server_mysql 10 \
+        --slave %{_unitdir}/zabbix-server.service %{name}-server.service \
+            %{_unitdir}/zabbix-server-mysql.service
+# This needs to be run twice to rename from old slave name in zabbix < 6.0.33-2
+# due to a bug in alternatives.
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_server \
+    %{name}-server %{_sbindir}/%{name}_server_mysql 10 \
+        --slave %{_unitdir}/zabbix-server.service %{name}-server.service \
+            %{_unitdir}/zabbix-server-mysql.service
 
-# pass 2
-if [ -n "$build_conf_2" ]; then
-	%configure $build_conf_common $build_conf_2
-	make $make_flags
-%if 0%{?build_server}
-	mv src/zabbix_server/zabbix_server src/zabbix_server/zabbix_server_pgsql
-%endif
-%if 0%{?build_proxy}
-	mv src/zabbix_proxy/zabbix_proxy src/zabbix_proxy/zabbix_proxy_pgsql
-%endif
-fi
-
+%post server-pgsql
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_server \
+    %{name}-server %{_sbindir}/%{name}_server_pgsql 10 \
+        --slave %{_unitdir}/zabbix-server.service %{name}-server.service \
+            %{_unitdir}/zabbix-server-pgsql.service
+# This needs to be run twice to rename from old slave name in zabbix < 6.0.33-2
+# due to a bug in alternatives.
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_server \
+    %{name}-server %{_sbindir}/%{name}_server_pgsql 10 \
+        --slave %{_unitdir}/zabbix-server.service %{name}-server.service \
+            %{_unitdir}/zabbix-server-pgsql.service
+
+%post proxy
+%systemd_post zabbix-proxy.service
 
-# pass 3
-if [ -n "$build_conf_3" ]; then
-	%configure $build_conf_common $build_conf_3
-	make $make_flags
-%if 0%{?build_server}
-	mv src/zabbix_server/zabbix_server "src/zabbix_server/zabbix_server_$build_db_3"
-%endif
-%if 0%{?build_proxy}
-	mv src/zabbix_proxy/zabbix_proxy "src/zabbix_proxy/zabbix_proxy_$build_db_3"
-%endif
+if [ $1 -gt 1 ] ; then
+  # Apply permissions also in *.rpmnew upgrades from old permissive ones
+  chmod 0640 %{_sysconfdir}/zabbix_proxy.conf
+  chown root:zabbixsrv %{_sysconfdir}/zabbix_proxy.conf
 fi
+:
 
+%post proxy-mysql
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_mysql 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-mysql.service
+# This needs to be run twice to rename from old slave name in zabbix < 6.0.33-2
+# due to a bug in alternatives. Remove in F45
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_mysql 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-mysql.service
 
-#
-# install
-#
-
-%install
-export GOPROXY=https://goproxy.cn
-rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/zabbix
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/zabbix
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/zabbix
-mkdir -p $RPM_BUILD_ROOT%{_datadir}
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/man/man8
-
-
-%if 0%{?build_agent2}
-make DESTDIR=$RPM_BUILD_ROOT GOBIN=$RPM_BUILD_ROOT%{_sbindir} install
-%else
-make DESTDIR=$RPM_BUILD_ROOT install
-%endif
-
-
-%if 0%{?build_agent}
-cat conf/zabbix_agentd.conf | sed \
-	-e "/# User=zabbix/a# NOTE: This option is overriden by settings in systemd service file!" \
-	-e '/^# PidFile=/a \\nPidFile=%{_localstatedir}/run/zabbix/zabbix_agentd.pid' \
-	-e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbix/zabbix_agentd.log|g' \
-	-e '/^# LogFileSize=.*/a \\nLogFileSize=0' \
-	-e '/^# Include=$/a \\nInclude=%{_sysconfdir}/zabbix/zabbix_agentd.d/*.conf' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agentd.conf
-mv $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agentd.conf.d $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agentd.d
-install -dm 755 $RPM_BUILD_ROOT%{_docdir}/zabbix-agent-%{version}
-cat %{SOURCE3} | sed \
-	-e 's|COMPONENT|agentd|g' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/zabbix-agent
-install -Dm 0644 -p %{SOURCE10} $RPM_BUILD_ROOT%{_unitdir}/zabbix-agent.service
-install -Dm 0644 -p %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/zabbix-agent.conf
-
-%else
-%if 0%{?build_agent2}
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_agentd
-rm $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agentd.conf
-%endif
-%endif
-
-
-%if 0%{?build_agent2}
-
-cat src/go/conf/zabbix_agent2.conf | sed \
-	-e '/^# PidFile=/a \\nPidFile=%{_localstatedir}/run/zabbix/zabbix_agent2.pid' \
-	-e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbix/zabbix_agent2.log|g' \
-	-e '/^# LogFileSize=.*/a \\nLogFileSize=0' \
-	-e '/^# Include=$/a \\nInclude=%{_sysconfdir}/zabbix/zabbix_agent2.d/*.conf' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agent2.conf
-cat %{SOURCE3} | sed \
-	-e 's|COMPONENT|agent2|g' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/zabbix-agent2
-mkdir $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_agent2.d
-cp man/zabbix_agent2.man $RPM_BUILD_ROOT%{_mandir}/man8/zabbix_agent2.8
-install -Dm 0644 -p %{SOURCE19} $RPM_BUILD_ROOT%{_unitdir}/zabbix-agent2.service
-install -Dm 0644 -p %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/zabbix_agent2.conf
-%endif
-
-
-%if 0%{?build_server} || 0%{?build_proxy}
-mkdir -p $RPM_BUILD_ROOT/usr/lib/zabbix
-mv $RPM_BUILD_ROOT%{_datadir}/zabbix/externalscripts $RPM_BUILD_ROOT/usr/lib/zabbix
-%endif
-
-
-%if 0%{?build_proxy}
-mv $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_proxy.conf.d $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_proxy.d
-install -m 0755 -p src/zabbix_proxy/zabbix_proxy_* $RPM_BUILD_ROOT%{_sbindir}/
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_proxy
-cat conf/zabbix_proxy.conf | sed \
-	-e '/^# PidFile=/a \\nPidFile=%{_localstatedir}/run/zabbix/zabbix_proxy.pid' \
-	-e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbix/zabbix_proxy.log|g' \
-	-e '/^# LogFileSize=/a \\nLogFileSize=0' \
-	-e 's:^# ExternalScripts=${datadir}/zabbix/externalscripts:# ExternalScripts=/usr/lib/zabbix/externalscripts:' \
-	-e 's|^DBUser=root|DBUser=zabbix|g' \
-	-e '/^# SNMPTrapperFile=.*/a \\nSNMPTrapperFile=/var/log/snmptrap/snmptrap.log' \
-	-e '/^# SocketDir=.*/a \\nSocketDir=/var/run/zabbix' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_proxy.conf
-cat %{SOURCE3} | sed \
-	-e 's|COMPONENT|proxy|g' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/zabbix-proxy
-install -Dm 0644 -p %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/zabbix-proxy.service
-install -Dm 0644 -p %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/zabbix-proxy.conf
-%endif
-
-
-%if 0%{?build_server}
-mv $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_server.conf.d $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_server.d
-install -m 0755 -p src/zabbix_server/zabbix_server_* $RPM_BUILD_ROOT%{_sbindir}/
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_server
-mv $RPM_BUILD_ROOT%{_datadir}/zabbix/alertscripts $RPM_BUILD_ROOT/usr/lib/zabbix
-cat conf/zabbix_server.conf | sed \
-	-e '/^# PidFile=/a \\nPidFile=%{_localstatedir}/run/zabbix/zabbix_server.pid' \
-	-e 's|^LogFile=.*|LogFile=%{_localstatedir}/log/zabbix/zabbix_server.log|g' \
-	-e '/^# LogFileSize=/a \\nLogFileSize=0' \
-	-e 's:^# AlertScriptsPath=${datadir}/zabbix/alertscripts:# AlertScriptsPath=/usr/lib/zabbix/alertscripts:' \
-	-e 's:^# ExternalScripts=${datadir}/zabbix/externalscripts:# ExternalScripts=/usr/lib/zabbix/externalscripts:' \
-	-e 's|^DBUser=root|DBUser=zabbix|g' \
-	-e '/^# SNMPTrapperFile=.*/a \\nSNMPTrapperFile=/var/log/snmptrap/snmptrap.log' \
-	-e '/^# SocketDir=.*/a \\nSocketDir=/var/run/zabbix' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_server.conf
-cat %{SOURCE3} | sed \
-	-e 's|COMPONENT|server|g' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/zabbix-server
-install -Dm 0644 -p %{SOURCE11} $RPM_BUILD_ROOT%{_unitdir}/zabbix-server.service
-install -Dm 0644 -p %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/zabbix-server.conf
-%endif
-
-
-%if 0%{?build_frontend}
-find ui -name '*.orig' | xargs rm -f
-cp -a ui/* $RPM_BUILD_ROOT%{_datadir}/zabbix
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/web
-touch $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/web/zabbix.conf.php
-mv $RPM_BUILD_ROOT%{_datadir}/zabbix/conf/maintenance.inc.php $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/web/
-install -Dm 0644 -p %{SOURCE16} $RPM_BUILD_ROOT%{_sysconfdir}/php-fpm.d/zabbix.conf
-install -Dm 0644 -p %{SOURCE17} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/zabbix.conf
-install -Dm 0644 -p %{SOURCE18} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/conf.d/zabbix.conf
-%endif
+%post proxy-pgsql
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_pgsql 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-pgsql.service
+# This needs to be run twice to rename from old slave name in zabbix < 6.0.33-2
+# due to a bug in alternatives. Remove in F45
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_pgsql 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-pgsql.service
 
+%post proxy-sqlite3
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_sqlite3 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-sqlite3.service
+# This needs to be run twice to rename from old slave name in zabbix < 6.0.33-2
+# due to a bug in alternatives. Remove in F45
+%{_sbindir}/update-alternatives --install %{_sbindir}/%{name}_proxy \
+    %{name}-proxy %{_sbindir}/%{name}_proxy_sqlite3 10 \
+        --slave %{_unitdir}/zabbix-proxy.service %{name}-proxy.service \
+            %{_unitdir}/zabbix-proxy-sqlite3.service
+
+%if 0%{?with_selinux}
+# SELinux contexts are saved so that only affected files can be
+# relabeled after the policy module installation
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} %{name}
+fi
 
-%if 0%{?build_java_gateway}
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_java/settings.sh
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_java/startup.sh
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_java/shutdown.sh
-mv $RPM_BUILD_ROOT%{_sbindir}/zabbix_java/lib/logback.xml $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_java_gateway_logback.xml
-rm $RPM_BUILD_ROOT%{_sbindir}/zabbix_java/lib/logback-console.xml
-mv $RPM_BUILD_ROOT%{_sbindir}/zabbix_java $RPM_BUILD_ROOT%{_datadir}/zabbix-java-gateway
-install -m 0755 -p %{SOURCE14} $RPM_BUILD_ROOT%{_sbindir}/zabbix_java_gateway
-cat src/zabbix_java/settings.sh | sed \
-	-e 's|^PID_FILE=.*|PID_FILE="/var/run/zabbix/zabbix_java.pid"|g' \
-	> $RPM_BUILD_ROOT%{_sysconfdir}/zabbix/zabbix_java_gateway.conf
-install -Dm 0644 -p %{SOURCE13} $RPM_BUILD_ROOT%{_unitdir}/zabbix-java-gateway.service
-install -Dm 0644 -p %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/zabbix-java-gateway.conf
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
 %endif
 
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-#
-# files & scriptlets
-#
-
-
-%if 0%{?build_agent}
-
-%files agent
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README conf/zabbix_agentd/userparameter_mysql.conf
-%config(noreplace) %{_sysconfdir}/zabbix/zabbix_agentd.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-agent
-%dir %{_sysconfdir}/zabbix/zabbix_agentd.d
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_sbindir}/zabbix_agentd
-%{_mandir}/man8/zabbix_agentd.8*
-%{_unitdir}/zabbix-agent.service
-%{_prefix}/lib/tmpfiles.d/zabbix-agent.conf
-
-
-%files get
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%{_bindir}/zabbix_get
-%{_mandir}/man1/zabbix_get.1*
-
-%files sender
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%{_bindir}/zabbix_sender
-%{_mandir}/man1/zabbix_sender.1*
-
 %pre agent
 getent group zabbix > /dev/null || groupadd -r zabbix
 getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
+    useradd -r -g zabbix -d %{_sharedstatedir}/zabbix -s /sbin/nologin \
+    -c "Zabbix Monitoring System" zabbix
 :
 
 %post agent
 %systemd_post zabbix-agent.service
-:
-
 
-%preun agent
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-agent.service
+%pre server
+getent group zabbixsrv > /dev/null || groupadd -r zabbixsrv
+# The zabbixsrv group is introduced by 2.2 packaging
+# The zabbixsrv user was a member of the zabbix group in 2.0
+if getent passwd zabbixsrv > /dev/null; then
+    if [[ $(id -gn zabbixsrv) == "zabbix" ]]; then
+        usermod -c "Zabbix Monitoring System -- Proxy or server" -g zabbixsrv zabbixsrv
+    fi
+else
+    useradd -r -g zabbixsrv -d %{_sharedstatedir}/zabbixsrv -s /sbin/nologin \
+    -c "Zabbix Monitoring System -- Proxy or server" zabbixsrv
 fi
 :
 
-%postun agent
-%systemd_postun_with_restart zabbix-agent.service
-:
+%preun server
+  %systemd_preun zabbix-server.service
 
-%posttrans agent
-# preserve old userparameter_mysql.conf file during upgrade
-if [ -f %{_sysconfdir}/zabbix/zabbix_agentd.d/userparameter_mysql.conf.rpmsave ] && [ ! -f %{_sysconfdir}/zabbix/zabbix_agentd.d/userparameter_mysql.conf ]; then
-       cp -vn %{_sysconfdir}/zabbix/zabbix_agentd.d/userparameter_mysql.conf.rpmsave %{_sysconfdir}/zabbix/zabbix_agentd.d/userparameter_mysql.conf
+%pre proxy
+getent group zabbixsrv > /dev/null || groupadd -r zabbixsrv
+# The zabbixsrv group is introduced by 2.2 packaging
+# The zabbixsrv user was a member of the zabbix group in 2.0
+if getent passwd zabbixsrv > /dev/null; then
+    if [[ $(id -gn zabbixsrv) == "zabbix" ]]; then
+        usermod -c "Zabbix Monitoring System -- Proxy or server" -g zabbixsrv zabbixsrv
+    fi
+else
+    useradd -r -g zabbixsrv -d %{_sharedstatedir}/zabbixsrv -s /sbin/nologin \
+    -c "Zabbix Monitoring System -- Proxy or server" zabbixsrv
 fi
 :
-%endif
-
 
+%preun proxy
+%systemd_preun zabbix-proxy.service
 
-%if 0%{?build_agent2}
-%files agent2
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%config(noreplace) %{_sysconfdir}/zabbix/zabbix_agent2.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-agent2
-%dir %{_sysconfdir}/zabbix/zabbix_agent2.d
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_sbindir}/zabbix_agent2
-%{_mandir}/man8/zabbix_agent2.8*
-%{_unitdir}/zabbix-agent2.service
-%{_prefix}/lib/tmpfiles.d/zabbix_agent2.conf
-
+%preun agent
+%systemd_preun zabbix-agent.service
 
-%pre agent2
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
+%postun server
+%systemd_postun_with_restart zabbix-server.service
 
-%post agent2
-%systemd_post zabbix-agent2.service
-# make sure that agent2 log file is create with proper attributes (ZBX-18243)
-if [ $1 == 1 ] && [ ! -f %{_localstatedir}/log/zabbix/zabbix_agent2.log ]; then
-	touch %{_localstatedir}/log/zabbix/zabbix_agent2.log
-	chown zabbix:zabbix %{_localstatedir}/log/zabbix/zabbix_agent2.log
+%postun server-mysql
+if [ $1 -eq 0 ] ; then
+    %{_sbindir}/update-alternatives --remove %{name}-server %{_sbindir}/%{name}_server_mysql
 fi
-:
-
-%preun agent2
-%systemd_preun zabbix-agent2.service
-:
 
-%postun agent2
-%systemd_postun_with_restart zabbix-agent2.service
-%endif
-
-
-%if 0%{?build_server} || 0%{?build_proxy}
-%files js
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%{_bindir}/zabbix_js
-%endif
-
-
-%if 0%{?build_proxy}
-%if 0%{?build_with_mysql}
-%files proxy-mysql
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%doc database/mysql/schema.sql.gz
-%attr(0600,root,zabbix) %config(noreplace) %{_sysconfdir}/zabbix/zabbix_proxy.conf
-%dir /usr/lib/zabbix/externalscripts
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-proxy
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_mandir}/man8/zabbix_proxy.8*
-%{_unitdir}/zabbix-proxy.service
-%{_prefix}/lib/tmpfiles.d/zabbix-proxy.conf
-%{_sbindir}/zabbix_proxy_mysql
-
-%pre proxy-mysql
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
-
-%post proxy-mysql
-%systemd_post zabbix-proxy.service
-/usr/sbin/update-alternatives --install %{_sbindir}/zabbix_proxy \
-	zabbix-proxy %{_sbindir}/zabbix_proxy_mysql 10
-:
-
-%preun proxy-mysql
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-proxy.service
-/usr/sbin/update-alternatives --remove zabbix-proxy \
-%{_sbindir}/zabbix_proxy_mysql
+%postun server-pgsql
+if [ $1 -eq 0 ] ; then
+    %{_sbindir}/update-alternatives --remove %{name}-server %{_sbindir}/%{name}_server_pgsql
 fi
-:
 
-%postun proxy-mysql
+%postun proxy
 %systemd_postun_with_restart zabbix-proxy.service
-:
-%endif
 
-
-%if 0%{?build_with_pgsql}
-%files proxy-pgsql
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%doc database/postgresql/schema.sql.gz
-%attr(0600,root,zabbix) %config(noreplace) %{_sysconfdir}/zabbix/zabbix_proxy.conf
-%dir /usr/lib/zabbix/externalscripts
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-proxy
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_mandir}/man8/zabbix_proxy.8*
-%{_unitdir}/zabbix-proxy.service
-%{_prefix}/lib/tmpfiles.d/zabbix-proxy.conf
-%{_sbindir}/zabbix_proxy_pgsql
-
-%pre proxy-pgsql
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
-
-%post proxy-pgsql
-%systemd_post zabbix-proxy.service
-/usr/sbin/update-alternatives --install %{_sbindir}/zabbix_proxy \
-	zabbix-proxy %{_sbindir}/zabbix_proxy_pgsql 10
-:
-
-%preun proxy-pgsql
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-proxy.service
-/usr/sbin/update-alternatives --remove zabbix-proxy \
-	%{_sbindir}/zabbix_proxy_pgsql
+%postun proxy-mysql
+if [ $1 -eq 0 ] ; then
+    %{_sbindir}/update-alternatives --remove %{name}-proxy %{_sbindir}/%{name}_proxy_mysql
 fi
-:
 
 %postun proxy-pgsql
-%systemd_postun_with_restart zabbix-proxy.service
-:
-%endif
+if [ $1 -eq 0 ] ; then
+    %{_sbindir}/update-alternatives --remove %{name}-proxy %{_sbindir}/%{name}_proxy_pgsql
+fi
 
+%postun proxy-sqlite3
+if [ $1 -eq 0 ] ; then
+    %{_sbindir}/update-alternatives --remove %{name}-proxy %{_sbindir}/%{name}_proxy_sqlite3
+fi
 
-%if 0%{?build_with_sqlite}
-%files proxy-sqlite3
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%doc database/sqlite3/schema.sql.gz
-%attr(0600,root,zabbix) %config(noreplace) %{_sysconfdir}/zabbix/zabbix_proxy.conf
-%dir /usr/lib/zabbix/externalscripts
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-proxy
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_mandir}/man8/zabbix_proxy.8*
-%{_unitdir}/zabbix-proxy.service
-%{_prefix}/lib/tmpfiles.d/zabbix-proxy.conf
-%{_sbindir}/zabbix_proxy_sqlite3
+%postun agent
+%systemd_postun_with_restart zabbix-agent.service
 
-%pre proxy-sqlite3
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
 
-%post proxy-sqlite3
-%systemd_post zabbix-proxy.service
-/usr/sbin/update-alternatives --install %{_sbindir}/zabbix_proxy \
-	zabbix-proxy %{_sbindir}/zabbix_proxy_sqlite3 10
-:
+%files
+%license COPYING
+%doc AUTHORS ChangeLog NEWS README
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/zabbix_agentd.conf
+%{_bindir}/zabbix_get
+%{_bindir}/zabbix_js
+%{_bindir}/zabbix_sender
+%{_mandir}/man1/zabbix_get.1*
+%{_mandir}/man1/zabbix_sender.1*
 
-%preun proxy-sqlite3
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-proxy.service
-/usr/sbin/update-alternatives --remove zabbix-proxy \
-	%{_sbindir}/zabbix_proxy_sqlite3
-fi
-:
+%files dbfiles-mysql
+%license COPYING
+%{_datadir}/%{name}-mysql/
 
-%postun proxy-sqlite3
-%systemd_postun_with_restart zabbix-proxy.service
-:
-%endif
-%endif
+%files dbfiles-pgsql
+%license COPYING
+%{_datadir}/%{name}-postgresql/
 
+%files dbfiles-sqlite3
+%license COPYING
+%{_datadir}/%{name}-sqlite3/
 
-%if 0%{?build_server}
-%if 0%{?build_with_mysql}
-%files server-mysql
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%doc database/mysql/create.sql.gz
-%doc database/mysql/double.sql
-%attr(0600,root,zabbix) %config(noreplace) %{_sysconfdir}/zabbix/zabbix_server.conf
-%dir /usr/lib/zabbix/alertscripts
-%dir /usr/lib/zabbix/externalscripts
+%files server
+%doc misc/snmptrap/zabbix_trap_receiver.pl
+%attr(0755,zabbixsrv,zabbixsrv) %dir %{_rundir}/zabbixsrv/
+%{_prefix}/lib/tmpfiles.d/zabbixsrv.conf
+%attr(0640,root,zabbixsrv) %config(noreplace) %{_sysconfdir}/zabbix_server.conf
+%attr(0775,root,zabbixsrv) %dir %{_localstatedir}/log/zabbixsrv
 %config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-server
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
+%ghost %{_sbindir}/zabbix_server
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/tmp
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/alertscripts
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/externalscripts
+%ghost %{_unitdir}/zabbix-server.service
 %{_mandir}/man8/zabbix_server.8*
-%{_unitdir}/zabbix-server.service
-%{_prefix}/lib/tmpfiles.d/zabbix-server.conf
-%{_sbindir}/zabbix_server_mysql
-
-%pre server-mysql
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
-
-%post server-mysql
-%systemd_post zabbix-server.service
-/usr/sbin/update-alternatives --install %{_sbindir}/zabbix_server \
-	zabbix-server %{_sbindir}/zabbix_server_mysql 10
-:
-
-%preun server-mysql
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-server.service
-/usr/sbin/update-alternatives --remove zabbix-server \
-	%{_sbindir}/zabbix_server_mysql
-fi
-:
-
-%postun server-mysql
-%systemd_postun_with_restart zabbix-server.service
-:
-%endif
 
+%files server-mysql
+%{_sbindir}/zabbix_server_mysql
+%{_unitdir}/zabbix-server-mysql.service
 
 %files server-pgsql
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%doc database/postgresql/create.sql.gz
-%doc database/postgresql/double.sql
-%doc database/postgresql/timescaledb.sql.gz
-%attr(0600,root,zabbix) %config(noreplace) %{_sysconfdir}/zabbix/zabbix_server.conf
-%dir /usr/lib/zabbix/alertscripts
-%dir /usr/lib/zabbix/externalscripts
-%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-server
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_mandir}/man8/zabbix_server.8*
-%{_unitdir}/zabbix-server.service
-%{_prefix}/lib/tmpfiles.d/zabbix-server.conf
 %{_sbindir}/zabbix_server_pgsql
+%{_unitdir}/zabbix-server-pgsql.service
 
-%pre server-pgsql
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
+%if 0%{?with_selinux}
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
+%{_datadir}/selinux/devel/include/distributed/%{name}.if
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
+%endif
 
-%post server-pgsql
-%systemd_post zabbix-server.service
-/usr/sbin/update-alternatives --install %{_sbindir}/zabbix_server \
-	zabbix-server %{_sbindir}/zabbix_server_pgsql 10
-:
+%files agent
+%doc conf/zabbix_agentd/*.conf
+%attr(0755,zabbix,zabbix) %dir %{_rundir}/zabbix/
+%{_prefix}/lib/tmpfiles.d/zabbix.conf
+%attr(0775,root,zabbix) %dir %{_localstatedir}/log/zabbix
+%config(noreplace) %{_sysconfdir}/zabbix_agentd.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-agent
+%attr(750,zabbix,zabbix) %dir %{_sharedstatedir}/zabbix
+%{_unitdir}/zabbix-agent.service
+%{_sbindir}/zabbix_agentd
+%{_mandir}/man8/zabbix_agentd.8*
 
-%preun server-pgsql
-if [ "$1" = 0 ]; then
-%systemd_preun zabbix-server.service
-/usr/sbin/update-alternatives --remove zabbix-server \
-	%{_sbindir}/zabbix_server_pgsql
-fi
-:
+%files proxy
+%doc misc/snmptrap/zabbix_trap_receiver.pl
+%attr(0755,zabbixsrv,zabbixsrv) %dir %{_rundir}/zabbixsrv/
+%{_prefix}/lib/tmpfiles.d/zabbixsrv.conf
+%attr(0640,root,zabbixsrv) %config(noreplace) %{_sysconfdir}/zabbix_proxy.conf
+%attr(0775,root,zabbixsrv) %dir %{_localstatedir}/log/zabbixsrv
+%config(noreplace) %{_sysconfdir}/logrotate.d/zabbix-proxy
+%ghost %{_sbindir}/zabbix_proxy
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/tmp
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/alertscripts
+%attr(0750,zabbixsrv,zabbixsrv) %dir %{_sharedstatedir}/zabbixsrv/externalscripts
+%ghost %{_unitdir}/zabbix-proxy.service
+%{_mandir}/man8/zabbix_proxy.8*
 
-%postun server-pgsql
-%systemd_postun_with_restart zabbix-server.service
-:
-%endif
+%files proxy-mysql
+%{_sbindir}/zabbix_proxy_mysql
+%{_unitdir}/zabbix-proxy-mysql.service
 
+%files proxy-pgsql
+%{_sbindir}/zabbix_proxy_pgsql
+%{_unitdir}/zabbix-proxy-pgsql.service
+
+%files proxy-sqlite3
+%{_sbindir}/zabbix_proxy_sqlite3
+%{_unitdir}/zabbix-proxy-sqlite3.service
 
-%if 0%{?build_frontend}
 %files web
-%defattr(-,root,root,-)
-%dir %{_sysconfdir}/zabbix/web
-%ghost %config(noreplace) %{_sysconfdir}/zabbix/web/zabbix.conf.php
-%doc AUTHORS ChangeLog COPYING NEWS README
-%config(noreplace) %{_sysconfdir}/zabbix/web/maintenance.inc.php
-%{_datadir}/zabbix
-
-%files web-deps
+%dir %attr(0750,apache,apache) %{_sysconfdir}/%{name}/web
+%ghost %attr(0644,apache,apache) %config(noreplace) %{_sysconfdir}/%{name}/web/zabbix.conf.php
+%attr(0644,apache,apache) %config(noreplace) %{_sysconfdir}/%{name}/web/maintenance.inc.php
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/zabbix.conf
 %config(noreplace) %{_sysconfdir}/php-fpm.d/zabbix.conf
-
-%files web-japanese
-%defattr(-,root,root,-)
+%{_datadir}/%{name}/
 
 %files web-mysql
-%defattr(-,root,root,-)
 
 %files web-pgsql
-%defattr(-,root,root,-)
-
-%files apache-conf
-%defattr(-,root,root,-)
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/zabbix.conf
-
-%files nginx-conf
-%defattr(-,root,root,-)
-%config(noreplace) %{_sysconfdir}/nginx/conf.d/zabbix.conf
-
-%post web
-# The fonts directory was moved into assets subdirectory at one point.
-#
-# This broke invocation of update-alternatives command below, because the target link for zabbix-web-font changed
-# from zabbix/fonts/graphfont.ttf to zabbix/assets/fonts/graphfont.ttf
-#
-# We handle this movement by deleting /var/lib/alternatives/zabbix-web-font file if it contains the old target link.
-# We also remove symlink at zabbix/fonts/graphfont.ttf to have the old fonts directory be deleted during update.
-if [ -f /var/lib/alternatives/zabbix-web-font ] && \
-	[ -z "$(grep %{_datadir}/zabbix/assets/fonts/graphfont.ttf /var/lib/alternatives/zabbix-web-font)" ]
-then
-	rm /var/lib/alternatives/zabbix-web-font
-	if [ -h %{_datadir}/zabbix/fonts/graphfont.ttf ]; then
-		rm %{_datadir}/zabbix/fonts/graphfont.ttf
-	fi
-fi
-/usr/sbin/update-alternatives --install %{_datadir}/zabbix/assets/fonts/graphfont.ttf \
-	zabbix-web-font %{_datadir}/fonts/dejavu/DejaVuSans.ttf 10
-:
-
-%post web-japanese
-/usr/sbin/update-alternatives --install %{_datadir}/zabbix/assets/fonts/graphfont.ttf zabbix-web-font \
-	%{_datadir}/fonts/google-noto-cjk/NotoSansCJK-Regular.ttc 20
-:
-
-# The user apache must be available for these to work.
-# It is provided by httpd or php-fpm packages.
-%post apache-conf
-if [ -d /etc/zabbix/web ]; then
-	chown apache:apache /etc/zabbix/web/
-fi
-:
-
-%post nginx-conf
-if [ -d /etc/zabbix/web ]; then
-	chown apache:apache /etc/zabbix/web/
-fi
-:
-
-%preun web
-if [ "$1" = 0 ]; then
-/usr/sbin/update-alternatives --remove zabbix-web-font \
-	%{_datadir}/fonts/dejavu/DejaVuSans.ttf
-fi
-:
-
-%preun web-japanese
-if [ "$1" = 0 ]; then
-/usr/sbin/update-alternatives --remove zabbix-web-font \
-	%{_datadir}/fonts/google-noto-cjk/NotoSansCJK-Regular.ttc
-fi
-:
-%endif
-
-
-%if 0%{?build_java_gateway}
-%files java-gateway
-%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README
-%config(noreplace) %{_sysconfdir}/zabbix/zabbix_java_gateway.conf
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/log/zabbix
-%attr(0755,zabbix,zabbix) %dir %{_localstatedir}/run/zabbix
-%{_datadir}/zabbix-java-gateway
-%{_sbindir}/zabbix_java_gateway
-%{_unitdir}/zabbix-java-gateway.service
-%{_prefix}/lib/tmpfiles.d/zabbix-java-gateway.conf
-%config(noreplace) %{_sysconfdir}/zabbix/zabbix_java_gateway_logback.xml
-
-%pre java-gateway
-getent group zabbix > /dev/null || groupadd -r zabbix
-getent passwd zabbix > /dev/null || \
-	useradd -r -g zabbix -d %{_localstatedir}/lib/zabbix -s /sbin/nologin \
-	-c "Zabbix Monitoring System" zabbix
-:
-
-%post java-gateway
-%systemd_post zabbix-java-gateway.service
-:
-
-%preun java-gateway
-if [ $1 -eq 0 ]; then
-%systemd_preun zabbix-java-gateway.service
-fi
-:
-
-%postun java-gateway
-%systemd_postun_with_restart zabbix-java-gateway.service
-:
-%endif
-
 
 %changelog
+* Thu Oct 24 2024 Funda Wang <fundawang@yeah.net> - 7.0.5-1
+- update to 7.0.5
+
 * Sat Oct 28 2023 beta <beta@yfqm.date> - 5.2.6-5
 - solve installation conflicts between zabbix-proxy-sqlite3 and zabbix-proxy-mysql
 
diff --git a/zabbix.te b/zabbix.te
new file mode 100644
index 0000000000000000000000000000000000000000..4ff1bb74e6c2ad5743615564d1a18a14ed8ea64b
--- /dev/null
+++ b/zabbix.te
@@ -0,0 +1,374 @@
+policy_module(zabbix, 1.7.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##  <p>
+##	Determine whether zabbix can
+##	connect to all TCP ports
+##	</p>
+## </desc>
+gen_tunable(zabbix_can_network, false)
+
+
+## <desc>
+## <p>
+## Allow Zabbix to run su/sudo.
+## </p>
+## </desc>
+gen_tunable(zabbix_run_sudo, false)
+
+gen_require(`
+    class passwd rootok;
+    class passwd passwd;
+')
+
+attribute zabbix_domain;
+
+type zabbix_t, zabbix_domain;
+type zabbix_exec_t;
+init_daemon_domain(zabbix_t, zabbix_exec_t)
+
+type zabbix_initrc_exec_t;
+init_script_file(zabbix_initrc_exec_t)
+
+type zabbix_agent_t, zabbix_domain;
+type zabbix_agent_exec_t;
+init_daemon_domain(zabbix_agent_t, zabbix_agent_exec_t)
+
+type zabbix_agent_initrc_exec_t;
+init_script_file(zabbix_agent_initrc_exec_t)
+
+type zabbixd_var_lib_t;
+files_type(zabbixd_var_lib_t)
+
+type zabbix_log_t;
+logging_log_file(zabbix_log_t)
+
+type zabbix_tmp_t;
+files_tmp_file(zabbix_tmp_t)
+
+type zabbix_tmpfs_t;
+files_tmpfs_file(zabbix_tmpfs_t)
+
+type zabbix_var_lib_t;
+files_type(zabbix_var_lib_t)
+
+type zabbix_var_run_t;
+files_pid_file(zabbix_var_run_t)
+
+type zabbix_script_t;
+type zabbix_script_exec_t;
+domain_type(zabbix_script_t)
+domain_entry_file(zabbix_script_t, zabbix_script_exec_t)
+application_executable_file(zabbix_script_exec_t)
+role system_r types zabbix_script_t;
+
+########################################
+#
+# zabbix domain local policy
+#
+
+allow zabbix_domain self:capability { setgid setuid };
+allow zabbix_domain self:process { getsched setpgid setsched signal_perms };
+allow zabbix_domain self:fifo_file rw_fifo_file_perms;
+allow zabbix_domain self:sem create_sem_perms;
+allow zabbix_domain self:shm create_shm_perms;
+allow zabbix_domain self:tcp_socket { accept listen };
+allow zabbix_domain self:unix_stream_socket create_stream_socket_perms;
+
+kernel_read_all_sysctls(zabbix_domain)
+kernel_read_network_state(zabbix_domain)
+
+corenet_tcp_sendrecv_generic_if(zabbix_domain)
+corenet_tcp_sendrecv_generic_node(zabbix_domain)
+corenet_tcp_bind_generic_node(zabbix_domain)
+
+corecmd_exec_shell(zabbix_domain)
+corecmd_exec_bin(zabbix_domain)
+
+dev_read_sysfs(zabbix_domain)
+dev_read_urand(zabbix_domain)
+
+########################################
+#
+# Local policy
+#
+
+allow zabbix_t self:capability { dac_read_search  };
+allow zabbix_t self:process { setrlimit };
+allow zabbix_t self:unix_stream_socket connectto;
+
+manage_dirs_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
+manage_files_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
+manage_lnk_files_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
+manage_sock_files_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
+files_var_lib_filetrans(zabbix_t, zabbix_var_lib_t, dir, "zabbixsrv")
+
+manage_dirs_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
+manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
+manage_lnk_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
+logging_log_filetrans(zabbix_t, zabbix_log_t, { dir file })
+
+manage_dirs_pattern(zabbix_t, zabbix_tmp_t, zabbix_tmp_t)
+manage_files_pattern(zabbix_t, zabbix_tmp_t, zabbix_tmp_t)
+manage_sock_files_pattern(zabbix_t, zabbix_tmp_t, zabbix_tmp_t)
+files_tmp_filetrans(zabbix_t, zabbix_tmp_t, { dir file sock_file })
+
+rw_files_pattern(zabbix_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
+fs_tmpfs_filetrans(zabbix_t, zabbix_tmpfs_t, file)
+
+manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
+manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
+manage_sock_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
+files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file sock_file })
+
+kernel_read_system_state(zabbix_t)
+
+corenet_all_recvfrom_unlabeled(zabbix_t)
+corenet_all_recvfrom_netlabel(zabbix_t)
+
+corenet_sendrecv_ftp_client_packets(zabbix_t)
+corenet_tcp_connect_ftp_port(zabbix_t)
+corenet_tcp_sendrecv_ftp_port(zabbix_t)
+
+corenet_sendrecv_http_client_packets(zabbix_t)
+corenet_tcp_connect_http_port(zabbix_t)
+corenet_tcp_sendrecv_http_port(zabbix_t)
+corenet_tcp_connect_smtp_port(zabbix_t)
+
+corenet_sendrecv_zabbix_server_packets(zabbix_t)
+corenet_tcp_bind_zabbix_port(zabbix_t)
+corenet_tcp_sendrecv_zabbix_port(zabbix_t)
+
+auth_use_nsswitch(zabbix_t)
+
+zabbix_agent_tcp_connect(zabbix_t)
+
+logging_send_syslog_msg(zabbix_t)
+
+tunable_policy(`zabbix_can_network',`
+	corenet_sendrecv_all_client_packets(zabbix_t)
+	corenet_tcp_connect_all_ports(zabbix_t)
+	corenet_tcp_sendrecv_all_ports(zabbix_t)
+')
+
+tunable_policy(`zabbix_run_sudo',`
+    allow zabbix_t self:capability { setgid setuid sys_resource };
+    allow zabbix_t self:process { setrlimit setsched };
+    allow zabbix_t self:key write;
+    allow zabbix_t self:passwd { passwd rootok };
+
+    auth_rw_lastlog(zabbix_t)
+    auth_rw_faillog(zabbix_t)
+    auth_exec_chkpwd(zabbix_t)
+
+    selinux_compute_access_vector(zabbix_t)
+
+    systemd_write_inherited_logind_sessions_pipes(zabbix_t)
+    systemd_dbus_chat_logind(zabbix_t)
+
+    xserver_exec_xauth(zabbix_t)
+')
+
+optional_policy(`
+    tunable_policy(`zabbix_run_sudo',`
+        sudo_exec(zabbix_t)
+        su_exec(zabbix_t)
+    ')
+')
+
+optional_policy(`
+	mysql_stream_connect(zabbix_t)
+')
+
+optional_policy(`
+	netutils_domtrans_ping(zabbix_t)
+')
+
+optional_policy(`
+	postgresql_stream_connect(zabbix_t)
+	postgresql_tcp_connect(zabbix_t)
+')
+
+optional_policy(`
+	snmp_read_snmp_var_lib_files(zabbix_t)
+	snmp_read_snmp_var_lib_dirs(zabbix_t)
+')
+
+########################################
+#
+# Agent local policy
+#
+
+allow zabbix_agent_t self:process { setrlimit };
+
+manage_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
+
+rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
+fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
+
+manage_files_pattern(zabbix_agent_t, zabbix_var_run_t, zabbix_var_run_t)
+files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file)
+
+kernel_read_system_state(zabbix_agent_t)
+kernel_read_network_state(zabbix_agent_t)
+
+corenet_all_recvfrom_unlabeled(zabbix_agent_t)
+corenet_all_recvfrom_netlabel(zabbix_agent_t)
+
+corecmd_read_all_executables(zabbix_agent_t)
+
+corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
+corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
+corenet_tcp_sendrecv_zabbix_agent_port(zabbix_agent_t)
+
+corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
+corenet_tcp_connect_ssh_port(zabbix_agent_t)
+corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
+
+corenet_sendrecv_ftp_client_packets(zabbix_agent_t)
+corenet_tcp_connect_ftp_port(zabbix_agent_t)
+corenet_tcp_sendrecv_ftp_port(zabbix_agent_t)
+
+corenet_sendrecv_http_client_packets(zabbix_agent_t)
+corenet_tcp_connect_http_port(zabbix_agent_t)
+corenet_tcp_sendrecv_http_port(zabbix_agent_t)
+
+corenet_sendrecv_innd_client_packets(zabbix_agent_t)
+corenet_tcp_connect_innd_port(zabbix_agent_t)
+corenet_tcp_sendrecv_innd_port(zabbix_agent_t)
+
+corenet_sendrecv_pop_client_packets(zabbix_agent_t)
+corenet_tcp_connect_pop_port(zabbix_agent_t)
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
+
+corenet_sendrecv_postgresql_client_packets(zabbix_agent_t)
+corenet_tcp_connect_postgresql_port(zabbix_agent_t)
+corenet_tcp_sendrecv_postgresql_port(zabbix_agent_t)
+
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
+
+corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
+corenet_tcp_connect_zabbix_port(zabbix_agent_t)
+corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
+
+corenet_tcp_connect_redis_port(zabbix_agent_t)
+corenet_tcp_sendrecv_redis_port(zabbix_agent_t)
+
+dev_getattr_all_blk_files(zabbix_agent_t)
+dev_getattr_all_chr_files(zabbix_agent_t)
+
+domain_read_all_domains_state(zabbix_agent_t)
+
+files_getattr_all_dirs(zabbix_agent_t)
+files_getattr_all_files(zabbix_agent_t)
+files_read_all_symlinks(zabbix_agent_t)
+
+fs_getattr_all_fs(zabbix_agent_t)
+
+auth_use_nsswitch(zabbix_agent_t)
+
+init_read_utmp(zabbix_agent_t)
+
+logging_search_logs(zabbix_agent_t)
+
+sysnet_dns_name_resolve(zabbix_agent_t)
+
+zabbix_tcp_connect(zabbix_agent_t)
+
+zabbix_script_domtrans(zabbix_agent_t)
+
+# These are triggered by vfs.dev.discovery enumerating everyting in /dev
+gen_require(`
+    type devlog_t;
+')
+dontaudit zabbix_agent_t devlog_t:sock_file getattr;
+init_dontaudit_getattr_initctl(zabbix_agent_t)
+kernel_dontaudit_getattr_core_if(zabbix_agent_t)
+
+gen_require(`
+    type kernel_t, sudo_log_t;
+')
+tunable_policy(`zabbix_run_sudo',`
+    allow zabbix_agent_t self:capability { chown dac_read_search setgid setuid sys_resource };
+    allow zabbix_agent_t self:process { setrlimit setsched };
+    allow zabbix_agent_t self:key write;
+    allow zabbix_agent_t self:passwd { passwd rootok };
+
+    allow zabbix_agent_t sudo_log_t:dir { add_name create setattr write };
+    allow zabbix_agent_t sudo_log_t:file { create open read setattr write };
+
+    allow zabbix_agent_t devlog_t:sock_file write;
+    allow zabbix_agent_t kernel_t:unix_dgram_socket sendto;
+    allow zabbix_agent_t self:unix_dgram_socket { connect create };
+
+    auth_domtrans_chkpwd(zabbix_agent_t)
+    auth_rw_lastlog(zabbix_agent_t)
+    auth_rw_faillog(zabbix_agent_t)
+
+    logging_send_audit_msgs(zabbix_agent_t)
+
+    selinux_compute_access_vector(zabbix_agent_t)
+
+    sssd_read_config(zabbix_agent_t)
+
+    systemd_write_inherited_logind_sessions_pipes(zabbix_agent_t)
+    systemd_dbus_chat_logind(zabbix_agent_t)
+
+    xserver_exec_xauth(zabbix_agent_t)
+
+    # Conceivably this could be under a separate boolean, but the reason to allow sudo
+    # is to allow check like this
+    lvm_domtrans(zabbix_agent_t)
+')
+
+optional_policy(`
+    rpm_exec(zabbix_agent_t)
+    rpm_read_db(zabbix_agent_t)
+')
+
+optional_policy(`
+    tunable_policy(`zabbix_run_sudo',`
+        sudo_exec(zabbix_agent_t)
+        su_exec(zabbix_agent_t)
+    ')
+')
+
+optional_policy(`
+	dmidecode_domtrans(zabbix_agent_t)
+')
+
+optional_policy(`
+	hostname_exec(zabbix_agent_t)
+')
+
+########################################
+#
+# zabbix_script_t local policy
+#
+
+domtrans_pattern(zabbix_t, zabbix_script_exec_t, zabbix_script_t)
+
+allow zabbix_t zabbix_script_exec_t:dir list_dir_perms;
+allow zabbix_t zabbix_script_exec_t:file ioctl;
+allow zabbix_t zabbix_script_t:process signal;
+
+init_domtrans_script(zabbix_script_t)
+
+optional_policy(`
+	chronyd_domtrans_chronyc(zabbix_script_t)
+')
+
+optional_policy(`
+    mta_send_mail(zabbix_script_t)
+')
+
+optional_policy(`
+    unconfined_domain(zabbix_script_t)
+')
diff --git a/zabbix.yaml b/zabbix.yaml
index b1bc42a77297a3cbc182b1f7001648848bcbf655..c6a843897719f12d3efe15a42ebbe99292e54384 100644
--- a/zabbix.yaml
+++ b/zabbix.yaml
@@ -1,5 +1,4 @@
-version_control: git
-src_repo: https://git.zabbix.com/scm/zbx/zabbix.git
-tag_prefix: 
-separator: "." 
-git_url: https://git.zabbix.com/scm/zbx/zabbix.git
\ No newline at end of file
+version_control: github
+src_repo: zabbix/zabbix
+tag_prefix: ^v
+separator: .
diff --git a/zabbix_java_gateway-sysd b/zabbix_java_gateway-sysd
deleted file mode 100644
index ca1c6956ab45ec388405f7829873f80ab8a49b61..0000000000000000000000000000000000000000
--- a/zabbix_java_gateway-sysd
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/bash
-
-if [ -r /etc/zabbix/zabbix_java_gateway.conf ]; then
-	. /etc/zabbix/zabbix_java_gateway.conf
-fi
-
-if [ -z $GATEWAY_HOME ]; then
-	GATEWAY_HOME="/usr/share/zabbix-java-gateway"
-fi
-
-if [ -r "/etc/sysconfig/zabbix-java-gateway" ]; then
-	. /etc/sysconfig/zabbix-java-gateway
-fi
-
-if [ -n "$PID_FILE" -a -f "$PID_FILE" ]; then
-	PID=`cat "$PID_FILE"`
-	if ps -p "$PID" > /dev/null 2>&1; then
-		echo "Zabbix Java Gateway is already running"
-		exit 1
-	fi
-	rm -f "$PID_FILE"
-fi
-
-JAVA=${JAVA:-java}
-JAVA_OPTIONS="-server $JAVA_OPTIONS"
-JAVA_OPTIONS="$JAVA_OPTIONS -Dlogback.configurationFile=/etc/zabbix/zabbix_java_gateway_logback.xml"
-
-cd $GATEWAY_HOME
-
-CLASSPATH="lib"
-for jar in lib/*.jar bin/*.jar; do
-	CLASSPATH="$CLASSPATH:$jar"
-done
-
-if [ -n "$PID_FILE" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.pidFile=$PID_FILE"
-fi
-if [ -n "$LISTEN_IP" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.listenIP=$LISTEN_IP"
-fi
-if [ -n "$LISTEN_PORT" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.listenPort=$LISTEN_PORT"
-fi
-if [ -n "$START_POLLERS" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.startPollers=$START_POLLERS"
-fi
-if [ -n "$TIMEOUT" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.timeout=$TIMEOUT"
-fi
-if [ -n "$PROPERTIES_FILE" ]; then
-	ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.propertiesFile=$PROPERTIES_FILE"
-fi
-
-tcp_timeout=${TIMEOUT:=3}000
-ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dsun.rmi.transport.tcp.responseTimeout=$tcp_timeout"
-
-COMMAND_LINE="$JAVA $JAVA_OPTIONS -classpath $CLASSPATH $ZABBIX_OPTIONS com.zabbix.gateway.JavaGateway"
-
-if [ -n "$PID_FILE" ]; then
-
-	# check that the PID file can be created
-
-	touch "$PID_FILE"
-	if [ $? -ne 0 ]; then
-		echo "Zabbix Java Gateway did not start: cannot create PID file"
-		exit 1
-	fi
-
-	# start the gateway and output pretty errors to the console
-
-	STDOUT=`$COMMAND_LINE & echo $! > "$PID_FILE"`
-	if [ -n "$STDOUT" ]; then
-		echo "$STDOUT"
-	fi
-
-	# verify that the gateway started successfully
-
-	PID=`cat "$PID_FILE"`
-	ps -p "$PID" > /dev/null 2>&1
-	if [ $? -ne 0 ]; then
-		echo "Zabbix Java Gateway did not start"
-		rm -f "$PID_FILE"
-		exit 1
-	fi
-
-else
-	exec $COMMAND_LINE
-fi