- Update to pcp-3.6.5.

+ Fixes for security advisory CVE-2012-3418; (bnc#775009).
  + Workaround for security advisory CVE-2012-3419; (bnc#775010).
  + Fixes for security advisory CVE-2012-3420; (bnc#775011).
  + Fixes for security advisory CVE-2012-3421; (bnc#775013).

OBS-URL: https://build.opensuse.org/package/show/Base:System/pcp?expand=0&rev=22

pcp-3.6.4-1.src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3619ae0dd8efd2f265e96c32b18bf7c0e6b2d95cea8415ebae9460635400de3f
-size 2407734

pcp-3.6.5-1.src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ebc4395646c9353a7839a18db27cbf37a8882cc7a1faad8537bad4fb9c437f82
+size 2505315

pcp.changes

@@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Wed Aug 15 23:57:34 UTC 2012 - ddiss@suse.com
+
+- Update to pcp-3.6.5.
+  + Fixes for security advisory CVE-2012-3418; (bnc#775009).
+    o Add field validation to PCP instance PDU (Red Hat #841240)
+    o Fix __pmDecodeInstanceReq heap buffer overflow (Red Hat #841284)
+    o Fix __pmDecodeText heap overflow (Red Hat #841249)
+    o Multiple issues in result PDU decoding (Red Hat #841159)
+    o Fix __pmDecodeNameReq buffer overflow (Red Hat #841180)
+    o Add length checks to __pmDecodeLogControl (Red Hat #841290)
+    o Add size check to __pmDecodeIDList (Red Hat #841112)
+    o Fix __pmDecodeNameList buffer overflow (Red Hat #840920)
+    o Add missing __pmDecodeFetch namelen checks (Red Hat #841183)
+    o Add length checks to __pmDecodeProfile (Red Hat #841126)
+    o Add length checks to __pmDecodeCreds (Red Hat #840822)
+  + Workaround for security advisory CVE-2012-3419; (bnc#775010).
+    o Split the Linux kernel and proc PMDAs to prevent information
+      leakage in default installs - esp. /proc/pid/maps exposure,
+      but other proc metrics as well - and no longer export process
+      metrics by default (Red Hat #841702)
+  + Fixes for security advisory CVE-2012-3420; (bnc#775011).
+    o Memory leak in pmcd DoFetch error path (Red Hat #841298)
+    o Memory leak in __pmGetPDU in-band signalling (Red Hat #841319)
+  + Fixes for security advisory CVE-2012-3421; (bnc#775013).
+    o Resolve event-driven programming flaw in pmcd (Red Hat #841706)
+  + Correct buffer unpinning logic in a PMNS traversal error path
+    o Red Hat bugzilla bug #847314.
+  + All of the above issues were identified by Florian Weimer of the
+    Red Hat Security Team, who also assisted extensively in fixing
+    and testing; a huge thank you to Florian from all PCP developers
+    and users!
+  + Add modern gcc/glibc security protection mechanisms where
+    available.  Thanks to the Frank Eigler.
+  + Harden all boundary checking in the remaining PDU decoders.
+  + Resolve an issue with configure script checking for the init(1)
+    process on Fedora 17 (and other systems using systemd).  Thanks
+    to Lukas Berk.
+  + pmdaelasticsearch only reports on nodes in the cluster now,
+    and not other client nodes.  Thanks to Nigel Donaldson.
+  + Added interfaces to PCP::PMDA Perl module to allow PMDAs to
+    use a hash instance domain (instead of int/string array).
+    These make use of the pmdaCacheOp(3) interfaces - the hash
+    keys are the (external) PCP instance names, and the value
+    associated with each key is an opaque reference.
+  + Added an interface to allow PMDAs to register event queues
+    with existing clients (pmdaEventNewActiveQueue).
+  + Initial version of the (experimental) bash tracing PMDA.
+
 -------------------------------------------------------------------
 Mon Jul 30 11:54:34 UTC 2012 - ddiss@suse.com
 

pcp.spec

@@ -17,10 +17,12 @@
 
 
 Summary:        System-level performance monitoring and performance management
+License:        GPL-2.0
+Group:          System/Monitoring
 
 Name:           pcp
-Version:        3.6.4
+Version:        3.6.5
-Release:        1
+Release:        0
 %define buildversion 1
 
 %if (0%{?suse_version} > 0)
@@ -48,14 +50,17 @@ Release:        1
 %define license_lgplv2plus	LGPLv2+
 %endif
 
-License:        %{license_gplv2}
 Url:            http://oss.sgi.com/projects/pcp
-Group:          %{pcp_gr}
 Source0:        ftp://oss.sgi.com/projects/pcp/download/pcp-%{version}-%{buildversion}.src.tar.gz
 Source1:        pcp-rpmlintrc
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  autoconf bison flex ncurses-devel procps readline-devel
+BuildRequires:  autoconf
+BuildRequires:  bison
+BuildRequires:  flex
+BuildRequires:  ncurses-devel
+BuildRequires:  procps
+BuildRequires:  readline-devel
 BuildRequires:  perl(ExtUtils::MakeMaker)
 Patch6:         pcp-xenbuild.patch
 Patch9:         static_lib_perms.diff
@@ -66,7 +71,8 @@ Patch13:        remove_cpan_rpaths.patch
 Patch14:        rm_init_script_runlevel_4.patch
 
 %if (0%{?suse_version} > 0)
-Requires:       sysconfig cpp 
+Requires:       cpp
+Requires:       sysconfig
 %else
 Requires:       initscripts
 BuildRequires:  initscripts
@@ -74,8 +80,13 @@ BuildRequires:  initscripts
 AutoReq:        no
 %endif
 %endif
-Requires:       bash gawk sed grep fileutils findutils
 Requires:       %{lib_pkg} = %{version}
+Requires:       bash
+Requires:       fileutils
+Requires:       findutils
+Requires:       gawk
+Requires:       grep
+Requires:       sed
 
 %define _pmdasdir %{_localstatedir}/lib/pcp/pmdas
 
@@ -92,9 +103,9 @@ applications to easily retrieve and process any subset of that data.
 #
 
 %package -n %{lib_pkg}
+Summary:        Performance Co-Pilot run-time libraries
 License:        %{license_lgplv2}
 Group:          %{lib_gr}
-Summary:        Performance Co-Pilot run-time libraries
 Url:            http://oss.sgi.com/projects/pcp/
 Conflicts:      %{lib_pkg_conflict}
 AutoReq:        no
@@ -106,9 +117,9 @@ Performance Co-Pilot (PCP) run-time libraries
 # pcp-libs-devel
 #
 %package -n %{lib_devel_pkg}
+Summary:        Performance Co-Pilot (PCP) development headers and documentation
 License:        %{license_gplv2}
 Group:          %{lib_devel_gr}
-Summary:        Performance Co-Pilot (PCP) development headers and documentation
 Url:            http://oss.sgi.com/projects/pcp/
 Requires:       %{lib_pkg} = %{version}
 Conflicts:      %{lib_devel_pkg_conflict}
@@ -123,9 +134,9 @@ Performance Co-Pilot (PCP) headers, documentation and tools for development.
 # perl-PCP-PMDA. This is the PCP agent perl binding.
 #
 %package -n perl-PCP-PMDA
+Summary:        Performance Co-Pilot (PCP) Perl bindings and documentation
 License:        %{license_gplv2}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot (PCP) Perl bindings and documentation
 Url:            http://oss.sgi.com/projects/pcp/
 Requires:       pcp >= %{version}
 %if (0%{?suse_version} > 0)
@@ -143,9 +154,9 @@ an application, etc.
 # perl-PCP-MMV
 #
 %package -n perl-PCP-MMV
+Summary:        Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values
 License:        %{license_gplv2}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values
 Url:            http://oss.sgi.com/projects/pcp/
 Requires:       pcp >= %{version}
 %if (0%{?suse_version} > 0)
@@ -164,9 +175,9 @@ and analysis with pmchart, pmie, pmlogger and other PCP tools.
 # perl-PCP-LogImport
 #
 %package -n perl-PCP-LogImport
+Summary:        Performance Co-Pilot Perl bindings for importing external archive data
 License:        %{license_gplv2}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot Perl bindings for importing external archive data
 Url:            http://oss.sgi.com/projects/pcp/
 Requires:       pcp >= %{version}
 %if (0%{?suse_version} > 0)
@@ -182,9 +193,9 @@ they can be replayed with standard PCP monitoring tools.
 # perl-PCP-LogSummary
 #
 %package -n perl-PCP-LogSummary
+Summary:        Performance Co-Pilot Perl bindings for processing pmlogsummary output
 License:        %{license_gplv2}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot Perl bindings for processing pmlogsummary output
 Url:            http://oss.sgi.com/projects/pcp/
 Requires:       pcp >= %{version}
 %if (0%{?suse_version} > 0)
@@ -203,11 +214,13 @@ exporting this data into third-party tools (e.g. spreadsheets).
 # pcp-import-sar2pcp
 #
 %package import-sar2pcp
+Summary:        Performance Co-Pilot tools for importing sar data into PCP archive logs
 License:        %{license_lgplv2plus}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot tools for importing sar data into PCP archive logs
 Url:            http://oss.sgi.com/projects/pcp/
-Requires:       %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat
+Requires:       %{lib_pkg} >= %{version}
+Requires:       perl-PCP-LogImport >= %{version}
+Requires:       sysstat
 
 %description import-sar2pcp
 Performance Co-Pilot (PCP) front-end tools for importing sar data
@@ -217,11 +230,13 @@ into standard PCP archive logs for replay with any PCP monitoring tool.
 # pcp-import-iostat2pcp
 #
 %package import-iostat2pcp
+Summary:        Performance Co-Pilot tools for importing iostat data into PCP archive logs
 License:        %{license_lgplv2plus}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot tools for importing iostat data into PCP archive logs
 Url:            http://oss.sgi.com/projects/pcp/
-Requires:       %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat
+Requires:       %{lib_pkg} >= %{version}
+Requires:       perl-PCP-LogImport >= %{version}
+Requires:       sysstat
 
 %description import-iostat2pcp
 Performance Co-Pilot (PCP) front-end tools for importing iostat data
@@ -231,11 +246,13 @@ into standard PCP archive logs for replay with any PCP monitoring tool.
 # pcp-import-sheet2pcp
 #
 %package import-sheet2pcp
+Summary:        Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs
 License:        %{license_lgplv2plus}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs
 Url:            http://oss.sgi.com/projects/pcp/
-Requires:       %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat
+Requires:       %{lib_pkg} >= %{version}
+Requires:       perl-PCP-LogImport >= %{version}
+Requires:       sysstat
 
 %description import-sheet2pcp
 Performance Co-Pilot (PCP) front-end tools for importing spreadsheet data
@@ -245,11 +262,12 @@ into standard PCP archive logs for replay with any PCP monitoring tool.
 # pcp-import-mrtg2pcp
 #
 %package import-mrtg2pcp
+Summary:        Performance Co-Pilot tools for importing MTRG data into PCP archive logs
 License:        %{license_lgplv2plus}
 Group:          %{pcp_gr}
-Summary:        Performance Co-Pilot tools for importing MTRG data into PCP archive logs
 Url:            http://oss.sgi.com/projects/pcp/
-Requires:       %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version}
+Requires:       %{lib_pkg} >= %{version}
+Requires:       perl-PCP-LogImport >= %{version}
 
 %description import-mrtg2pcp
 Performance Co-Pilot (PCP) front-end tools for importing MTRG data
@@ -389,6 +407,7 @@ fi
 %{_mandir}/man4/*
 %config %{_sysconfdir}/bash_completion.d/pcp
 %config %{_sysconfdir}/pcp.env
+%config %{_sysconfdir}/pcp.sh
 %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.conf
 %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.options
 %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/rc.local