This update for pcp fixes the following issues:
pcp was updated from version 3.11.9 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):
-
Security issues fixed:
- CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
- CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
- CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
- CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)
-
Major changes:
- Add version 3 PCP archive support: instance domain change-deltas,
Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used
throughout for larger (beyond 2GB) individual volumes.
- Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
- Version 2 archives remain the default (for next few years).
- Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR);
this impacts on libpcp, PMAPI clients and PMCD use of encryption;
these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already
using OpenSSL.
- New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.
These are all optional, and full backward compatibility is preserved for existing tools.
- For the full list of changes please consult the packaged CHANGELOG file
-
Other packaging changes:
- Reintroduce libuv support for SUSE Linux Enterprise 15 (bsc#1231345)
- Moved pmlogger_daily into main package (bsc#1222815)
- Switched logutil and pmieutil scripts from Type=oneshot to Type=exec (bsc#1186511)
- Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
Required for SUSE Linux Enterprise 12.
- Disabled 'pmda-infiniband' subpackage for SUSE Linux Enterprise 12 to resolve build issues.
- Introduce 'pmda-resctrl' package,...