diff --git a/pcp-3.6.4-1.src.tar.gz b/pcp-3.6.4-1.src.tar.gz deleted file mode 100644 index 60169bf..0000000 --- a/pcp-3.6.4-1.src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3619ae0dd8efd2f265e96c32b18bf7c0e6b2d95cea8415ebae9460635400de3f -size 2407734 diff --git a/pcp-3.6.5-1.src.tar.gz b/pcp-3.6.5-1.src.tar.gz new file mode 100644 index 0000000..ec7175f --- /dev/null +++ b/pcp-3.6.5-1.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ebc4395646c9353a7839a18db27cbf37a8882cc7a1faad8537bad4fb9c437f82 +size 2505315 diff --git a/pcp.changes b/pcp.changes index 8cc40d5..9e30d5b 100644 --- a/pcp.changes +++ b/pcp.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Wed Aug 15 23:57:34 UTC 2012 - ddiss@suse.com + +- Update to pcp-3.6.5. + + Fixes for security advisory CVE-2012-3418; (bnc#775009). + o Add field validation to PCP instance PDU (Red Hat #841240) + o Fix __pmDecodeInstanceReq heap buffer overflow (Red Hat #841284) + o Fix __pmDecodeText heap overflow (Red Hat #841249) + o Multiple issues in result PDU decoding (Red Hat #841159) + o Fix __pmDecodeNameReq buffer overflow (Red Hat #841180) + o Add length checks to __pmDecodeLogControl (Red Hat #841290) + o Add size check to __pmDecodeIDList (Red Hat #841112) + o Fix __pmDecodeNameList buffer overflow (Red Hat #840920) + o Add missing __pmDecodeFetch namelen checks (Red Hat #841183) + o Add length checks to __pmDecodeProfile (Red Hat #841126) + o Add length checks to __pmDecodeCreds (Red Hat #840822) + + Workaround for security advisory CVE-2012-3419; (bnc#775010). + o Split the Linux kernel and proc PMDAs to prevent information + leakage in default installs - esp. /proc/pid/maps exposure, + but other proc metrics as well - and no longer export process + metrics by default (Red Hat #841702) + + Fixes for security advisory CVE-2012-3420; (bnc#775011). + o Memory leak in pmcd DoFetch error path (Red Hat #841298) + o Memory leak in __pmGetPDU in-band signalling (Red Hat #841319) + + Fixes for security advisory CVE-2012-3421; (bnc#775013). + o Resolve event-driven programming flaw in pmcd (Red Hat #841706) + + Correct buffer unpinning logic in a PMNS traversal error path + o Red Hat bugzilla bug #847314. + + All of the above issues were identified by Florian Weimer of the + Red Hat Security Team, who also assisted extensively in fixing + and testing; a huge thank you to Florian from all PCP developers + and users! + + Add modern gcc/glibc security protection mechanisms where + available. Thanks to the Frank Eigler. + + Harden all boundary checking in the remaining PDU decoders. + + Resolve an issue with configure script checking for the init(1) + process on Fedora 17 (and other systems using systemd). Thanks + to Lukas Berk. + + pmdaelasticsearch only reports on nodes in the cluster now, + and not other client nodes. Thanks to Nigel Donaldson. + + Added interfaces to PCP::PMDA Perl module to allow PMDAs to + use a hash instance domain (instead of int/string array). + These make use of the pmdaCacheOp(3) interfaces - the hash + keys are the (external) PCP instance names, and the value + associated with each key is an opaque reference. + + Added an interface to allow PMDAs to register event queues + with existing clients (pmdaEventNewActiveQueue). + + Initial version of the (experimental) bash tracing PMDA. + ------------------------------------------------------------------- Mon Jul 30 11:54:34 UTC 2012 - ddiss@suse.com @@ -17,12 +66,12 @@ Thu Jul 19 15:28:03 UTC 2012 - ddiss@suse.com Wed Jun 27 10:36:49 UTC 2012 - ddiss@suse.com - Remove fix_cpan_pmda_manifest.patch, no longer needed with fixed - upstream tarball. + upstream tarball. ------------------------------------------------------------------- Mon Jun 18 11:01:29 UTC 2012 - ddiss@suse.com -- Remove invalid cpan/PMDA manifest entry. +- Remove invalid cpan/PMDA manifest entry. ------------------------------------------------------------------- Fri Jun 15 14:59:26 UTC 2012 - ddiss@suse.com diff --git a/pcp.spec b/pcp.spec index 6d2b135..201e89b 100644 --- a/pcp.spec +++ b/pcp.spec @@ -17,10 +17,12 @@ Summary: System-level performance monitoring and performance management +License: GPL-2.0 +Group: System/Monitoring Name: pcp -Version: 3.6.4 -Release: 1 +Version: 3.6.5 +Release: 0 %define buildversion 1 %if (0%{?suse_version} > 0) @@ -48,14 +50,17 @@ Release: 1 %define license_lgplv2plus LGPLv2+ %endif -License: %{license_gplv2} Url: http://oss.sgi.com/projects/pcp -Group: %{pcp_gr} Source0: ftp://oss.sgi.com/projects/pcp/download/pcp-%{version}-%{buildversion}.src.tar.gz Source1: pcp-rpmlintrc BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: autoconf bison flex ncurses-devel procps readline-devel +BuildRequires: autoconf +BuildRequires: bison +BuildRequires: flex +BuildRequires: ncurses-devel +BuildRequires: procps +BuildRequires: readline-devel BuildRequires: perl(ExtUtils::MakeMaker) Patch6: pcp-xenbuild.patch Patch9: static_lib_perms.diff @@ -66,7 +71,8 @@ Patch13: remove_cpan_rpaths.patch Patch14: rm_init_script_runlevel_4.patch %if (0%{?suse_version} > 0) -Requires: sysconfig cpp +Requires: cpp +Requires: sysconfig %else Requires: initscripts BuildRequires: initscripts @@ -74,8 +80,13 @@ BuildRequires: initscripts AutoReq: no %endif %endif -Requires: bash gawk sed grep fileutils findutils Requires: %{lib_pkg} = %{version} +Requires: bash +Requires: fileutils +Requires: findutils +Requires: gawk +Requires: grep +Requires: sed %define _pmdasdir %{_localstatedir}/lib/pcp/pmdas @@ -92,9 +103,9 @@ applications to easily retrieve and process any subset of that data. # %package -n %{lib_pkg} +Summary: Performance Co-Pilot run-time libraries License: %{license_lgplv2} Group: %{lib_gr} -Summary: Performance Co-Pilot run-time libraries Url: http://oss.sgi.com/projects/pcp/ Conflicts: %{lib_pkg_conflict} AutoReq: no @@ -106,9 +117,9 @@ Performance Co-Pilot (PCP) run-time libraries # pcp-libs-devel # %package -n %{lib_devel_pkg} +Summary: Performance Co-Pilot (PCP) development headers and documentation License: %{license_gplv2} Group: %{lib_devel_gr} -Summary: Performance Co-Pilot (PCP) development headers and documentation Url: http://oss.sgi.com/projects/pcp/ Requires: %{lib_pkg} = %{version} Conflicts: %{lib_devel_pkg_conflict} @@ -123,9 +134,9 @@ Performance Co-Pilot (PCP) headers, documentation and tools for development. # perl-PCP-PMDA. This is the PCP agent perl binding. # %package -n perl-PCP-PMDA +Summary: Performance Co-Pilot (PCP) Perl bindings and documentation License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot (PCP) Perl bindings and documentation Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -143,9 +154,9 @@ an application, etc. # perl-PCP-MMV # %package -n perl-PCP-MMV +Summary: Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -164,9 +175,9 @@ and analysis with pmchart, pmie, pmlogger and other PCP tools. # perl-PCP-LogImport # %package -n perl-PCP-LogImport +Summary: Performance Co-Pilot Perl bindings for importing external archive data License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot Perl bindings for importing external archive data Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -182,9 +193,9 @@ they can be replayed with standard PCP monitoring tools. # perl-PCP-LogSummary # %package -n perl-PCP-LogSummary +Summary: Performance Co-Pilot Perl bindings for processing pmlogsummary output License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot Perl bindings for processing pmlogsummary output Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -203,11 +214,13 @@ exporting this data into third-party tools (e.g. spreadsheets). # pcp-import-sar2pcp # %package import-sar2pcp +Summary: Performance Co-Pilot tools for importing sar data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing sar data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-sar2pcp Performance Co-Pilot (PCP) front-end tools for importing sar data @@ -217,11 +230,13 @@ into standard PCP archive logs for replay with any PCP monitoring tool. # pcp-import-iostat2pcp # %package import-iostat2pcp +Summary: Performance Co-Pilot tools for importing iostat data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing iostat data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-iostat2pcp Performance Co-Pilot (PCP) front-end tools for importing iostat data @@ -231,11 +246,13 @@ into standard PCP archive logs for replay with any PCP monitoring tool. # pcp-import-sheet2pcp # %package import-sheet2pcp +Summary: Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-sheet2pcp Performance Co-Pilot (PCP) front-end tools for importing spreadsheet data @@ -245,11 +262,12 @@ into standard PCP archive logs for replay with any PCP monitoring tool. # pcp-import-mrtg2pcp # %package import-mrtg2pcp +Summary: Performance Co-Pilot tools for importing MTRG data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing MTRG data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} %description import-mrtg2pcp Performance Co-Pilot (PCP) front-end tools for importing MTRG data @@ -389,6 +407,7 @@ fi %{_mandir}/man4/* %config %{_sysconfdir}/bash_completion.d/pcp %config %{_sysconfdir}/pcp.env +%config %{_sysconfdir}/pcp.sh %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.conf %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.options %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/rc.local