3cb6094dd2
- Add fix for bsc#1222121:
* 0011-disable-redis-proxying-by-default.patch
- Upgrade to 6.2.0 (bsc#1217826):
* Changes from pcp-6.2.0:
- Client tools and utilities:
pmlogger: default to creating version 3 PCP archives
pmie, pmlogger, pmcd, pmproxy: init script hardening to
run less as root:root, more as pcp:pcp and more safely
pcp-reboot-init: new systemd service for $PCP_RC_DIR setup
pcp2arrow: new, export metrics to parquet format for pandas
pcp-atop: deterministic process sort when handling NULLs
pcp-atop: update to v2.10.0 upstream code
pcp-htop: update to latest upstream fixes
pcp-geolocate: function with older versions of python
pcp-meminfo: resolve possible 'broken pipe' diagnostics
pcp-ss: fix handling of listening state sockets to match ss
pcp-ss: fix the UDP UNCONN vs LISTEN state handling
- PMDA additions, enhancements and bug fixes:
pmdaproc: improvements for process accounting metrics
pmdalinux: add pgpromote* and pgdemote* memory metrics
pmdalinux: add metric sysfs.module.zswap.max_pool_percent
pmdalinux: add new SNMP metric network.ip.outtransmits
pmdasummary: send state change 0 (no change) back to pmcd
pmdapostgresql: support the psycopg3 python module as well
pmdaopenmetrics: kepler support - live metrics and logging
- Server-side utilities and log management scripts:
pmlogrewrite, pmlogredact: fix for missing data volumes
pmcd: cosmetic change to avoid pipe2 name clash
runaspcp: new helper utility for unprivileged rc scripts
OBS-URL: https://build.opensuse.org/request/show/1164379
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcp?expand=0&rev=133
30 lines
1010 B
Diff
30 lines
1010 B
Diff
From 3bde240a2acc85e63e2f7813330713dd9b59386e Mon Sep 17 00:00:00 2001
|
|
From: Nathan Scott <nathans@redhat.com>
|
|
Date: Wed, 27 Mar 2024 14:51:28 +1100
|
|
Subject: [PATCH] pmproxy: disable Redis protocol proxying by default
|
|
|
|
If a redis-server has been locked down in terms of connections,
|
|
we want to prevent pmproxy from being allowed to send arbitrary
|
|
RESP commands to it.
|
|
|
|
This protocol proxying doesn't affect PCP functionality at all,
|
|
its more of a developer/sysadmin convenience when Redis used in
|
|
cluster mode (relatively uncommon compared to localhost mode).
|
|
---
|
|
src/pmproxy/pmproxy.conf | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
|
|
index e54891792e..4cbc1c96af 100644
|
|
--- a/src/pmproxy/pmproxy.conf
|
|
+++ b/src/pmproxy/pmproxy.conf
|
|
@@ -29,7 +29,7 @@ pcp.enabled = true
|
|
http.enabled = true
|
|
|
|
# support Redis protocol proxying
|
|
-redis.enabled = true
|
|
+redis.enabled = false
|
|
|
|
# support SSL/TLS protocol wrapping
|
|
secure.enabled = true
|