Hello community, here is the log from the commit of package pcp for openSUSE:Factory checked in at 2012-09-17 14:01:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pcp (Old) and /work/SRC/openSUSE:Factory/.pcp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pcp", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/pcp/pcp.changes 2012-07-31 13:59:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pcp.new/pcp.changes 2012-09-17 14:01:40.000000000 +0200 @@ -1,0 +2,49 @@ +Wed Aug 15 23:57:34 UTC 2012 - [email protected] + +- Update to pcp-3.6.5. + + Fixes for security advisory CVE-2012-3418; (bnc#775009). + o Add field validation to PCP instance PDU (Red Hat #841240) + o Fix __pmDecodeInstanceReq heap buffer overflow (Red Hat #841284) + o Fix __pmDecodeText heap overflow (Red Hat #841249) + o Multiple issues in result PDU decoding (Red Hat #841159) + o Fix __pmDecodeNameReq buffer overflow (Red Hat #841180) + o Add length checks to __pmDecodeLogControl (Red Hat #841290) + o Add size check to __pmDecodeIDList (Red Hat #841112) + o Fix __pmDecodeNameList buffer overflow (Red Hat #840920) + o Add missing __pmDecodeFetch namelen checks (Red Hat #841183) + o Add length checks to __pmDecodeProfile (Red Hat #841126) + o Add length checks to __pmDecodeCreds (Red Hat #840822) + + Workaround for security advisory CVE-2012-3419; (bnc#775010). + o Split the Linux kernel and proc PMDAs to prevent information + leakage in default installs - esp. /proc/pid/maps exposure, + but other proc metrics as well - and no longer export process + metrics by default (Red Hat #841702) + + Fixes for security advisory CVE-2012-3420; (bnc#775011). + o Memory leak in pmcd DoFetch error path (Red Hat #841298) + o Memory leak in __pmGetPDU in-band signalling (Red Hat #841319) + + Fixes for security advisory CVE-2012-3421; (bnc#775013). + o Resolve event-driven programming flaw in pmcd (Red Hat #841706) + + Correct buffer unpinning logic in a PMNS traversal error path + o Red Hat bugzilla bug #847314. + + All of the above issues were identified by Florian Weimer of the + Red Hat Security Team, who also assisted extensively in fixing + and testing; a huge thank you to Florian from all PCP developers + and users! + + Add modern gcc/glibc security protection mechanisms where + available. Thanks to the Frank Eigler. + + Harden all boundary checking in the remaining PDU decoders. + + Resolve an issue with configure script checking for the init(1) + process on Fedora 17 (and other systems using systemd). Thanks + to Lukas Berk. + + pmdaelasticsearch only reports on nodes in the cluster now, + and not other client nodes. Thanks to Nigel Donaldson. + + Added interfaces to PCP::PMDA Perl module to allow PMDAs to + use a hash instance domain (instead of int/string array). + These make use of the pmdaCacheOp(3) interfaces - the hash + keys are the (external) PCP instance names, and the value + associated with each key is an opaque reference. + + Added an interface to allow PMDAs to register event queues + with existing clients (pmdaEventNewActiveQueue). + + Initial version of the (experimental) bash tracing PMDA. + +------------------------------------------------------------------- Old: ---- pcp-3.6.4-1.src.tar.gz New: ---- pcp-3.6.5-1.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pcp.spec ++++++ --- /var/tmp/diff_new_pack.Rdr713/_old 2012-09-17 14:01:41.000000000 +0200 +++ /var/tmp/diff_new_pack.Rdr713/_new 2012-09-17 14:01:41.000000000 +0200 @@ -17,10 +17,12 @@ Summary: System-level performance monitoring and performance management +License: GPL-2.0 +Group: System/Monitoring Name: pcp -Version: 3.6.4 -Release: 1 +Version: 3.6.5 +Release: 0 %define buildversion 1 %if (0%{?suse_version} > 0) @@ -48,14 +50,17 @@ %define license_lgplv2plus LGPLv2+ %endif -License: %{license_gplv2} Url: http://oss.sgi.com/projects/pcp -Group: %{pcp_gr} Source0: ftp://oss.sgi.com/projects/pcp/download/pcp-%{version}-%{buildversion}.src.tar.gz Source1: pcp-rpmlintrc BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: autoconf bison flex ncurses-devel procps readline-devel +BuildRequires: autoconf +BuildRequires: bison +BuildRequires: flex +BuildRequires: ncurses-devel +BuildRequires: procps +BuildRequires: readline-devel BuildRequires: perl(ExtUtils::MakeMaker) Patch6: pcp-xenbuild.patch Patch9: static_lib_perms.diff @@ -66,7 +71,8 @@ Patch14: rm_init_script_runlevel_4.patch %if (0%{?suse_version} > 0) -Requires: sysconfig cpp +Requires: cpp +Requires: sysconfig %else Requires: initscripts BuildRequires: initscripts @@ -74,8 +80,13 @@ AutoReq: no %endif %endif -Requires: bash gawk sed grep fileutils findutils Requires: %{lib_pkg} = %{version} +Requires: bash +Requires: fileutils +Requires: findutils +Requires: gawk +Requires: grep +Requires: sed %define _pmdasdir %{_localstatedir}/lib/pcp/pmdas @@ -92,9 +103,9 @@ # %package -n %{lib_pkg} +Summary: Performance Co-Pilot run-time libraries License: %{license_lgplv2} Group: %{lib_gr} -Summary: Performance Co-Pilot run-time libraries Url: http://oss.sgi.com/projects/pcp/ Conflicts: %{lib_pkg_conflict} AutoReq: no @@ -106,9 +117,9 @@ # pcp-libs-devel # %package -n %{lib_devel_pkg} +Summary: Performance Co-Pilot (PCP) development headers and documentation License: %{license_gplv2} Group: %{lib_devel_gr} -Summary: Performance Co-Pilot (PCP) development headers and documentation Url: http://oss.sgi.com/projects/pcp/ Requires: %{lib_pkg} = %{version} Conflicts: %{lib_devel_pkg_conflict} @@ -123,9 +134,9 @@ # perl-PCP-PMDA. This is the PCP agent perl binding. # %package -n perl-PCP-PMDA +Summary: Performance Co-Pilot (PCP) Perl bindings and documentation License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot (PCP) Perl bindings and documentation Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -143,9 +154,9 @@ # perl-PCP-MMV # %package -n perl-PCP-MMV +Summary: Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -164,9 +175,9 @@ # perl-PCP-LogImport # %package -n perl-PCP-LogImport +Summary: Performance Co-Pilot Perl bindings for importing external archive data License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot Perl bindings for importing external archive data Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -182,9 +193,9 @@ # perl-PCP-LogSummary # %package -n perl-PCP-LogSummary +Summary: Performance Co-Pilot Perl bindings for processing pmlogsummary output License: %{license_gplv2} Group: %{pcp_gr} -Summary: Performance Co-Pilot Perl bindings for processing pmlogsummary output Url: http://oss.sgi.com/projects/pcp/ Requires: pcp >= %{version} %if (0%{?suse_version} > 0) @@ -203,11 +214,13 @@ # pcp-import-sar2pcp # %package import-sar2pcp +Summary: Performance Co-Pilot tools for importing sar data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing sar data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-sar2pcp Performance Co-Pilot (PCP) front-end tools for importing sar data @@ -217,11 +230,13 @@ # pcp-import-iostat2pcp # %package import-iostat2pcp +Summary: Performance Co-Pilot tools for importing iostat data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing iostat data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-iostat2pcp Performance Co-Pilot (PCP) front-end tools for importing iostat data @@ -231,11 +246,13 @@ # pcp-import-sheet2pcp # %package import-sheet2pcp +Summary: Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing spreadsheet data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} sysstat +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} +Requires: sysstat %description import-sheet2pcp Performance Co-Pilot (PCP) front-end tools for importing spreadsheet data @@ -245,11 +262,12 @@ # pcp-import-mrtg2pcp # %package import-mrtg2pcp +Summary: Performance Co-Pilot tools for importing MTRG data into PCP archive logs License: %{license_lgplv2plus} Group: %{pcp_gr} -Summary: Performance Co-Pilot tools for importing MTRG data into PCP archive logs Url: http://oss.sgi.com/projects/pcp/ -Requires: %{lib_pkg} >= %{version} perl-PCP-LogImport >= %{version} +Requires: %{lib_pkg} >= %{version} +Requires: perl-PCP-LogImport >= %{version} %description import-mrtg2pcp Performance Co-Pilot (PCP) front-end tools for importing MTRG data @@ -389,6 +407,7 @@ %{_mandir}/man4/* %config %{_sysconfdir}/bash_completion.d/pcp %config %{_sysconfdir}/pcp.env +%config %{_sysconfdir}/pcp.sh %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.conf %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/pmcd.options %config(noreplace) %{_localstatedir}/lib/pcp/config/pmcd/rc.local ++++++ pcp-3.6.4-1.src.tar.gz -> pcp-3.6.5-1.src.tar.gz ++++++ ++++ 28290 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
