Update to 6.2.2 for fix CVE-2023-6917

(cherry picked from commit 9bc7729ec56722c725d5d9978dc0507a68c56113)
2024-05-30 10:39:08 +08:00 · 2024-05-30 10:39:08 +08:00 · aeb16505b2
commit aeb16505b2
parent 1b6708a4f0
4 changed files with 90 additions and 93 deletions
--- a/0001-riscv-config-pmdabpf_arch-value.patch
+++ b/0001-riscv-config-pmdabpf_arch-value.patch
@ -1,44 +0,0 @@
-From 63057ef329a5d5450b60f0ca66cb1dc0ab1853b2 Mon Sep 17 00:00:00 2001
-From: Kai Zhang <zhangkai@iscas.ac.cn>
-Date: Wed, 20 Mar 2024 19:46:30 +0800
-Subject: [PATCH] riscv: config pmdabpf_arch value
-
-Configure scripts use pmdabpf_arch to refer to architecture
-directory of iovisor/bcc/libbpf-tools, which hold kernel
-vmlinux.h. For RISC-V, the unique directory name is 'riscv'.
-We need to sed uname's value riscv64 etc. to adapt this.
-
-Signed-off-by: Kai Zhang <zhangkai@iscas.ac.cn>
---
- configure    | 2 +-
- configure.ac | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure b/configure
-index 14e8c3cf5..b0f7dae89 100755
--- a/configure
-+++ b/configure
-@@ -9105,7 +9105,7 @@
- 
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking BPF CO-RE architecture identifier" >&5
- printf %s "checking BPF CO-RE architecture identifier... " >&6; }
-pmdabpf_arch=`uname -m | sed 's/x86_64/x86/' | sed 's/aarch64/arm64/' | sed 's/ppc64le/powerpc/' | sed 's/mips.*/mips/'`
-+pmdabpf_arch=`uname -m | sed 's/x86_64/x86/' | sed 's/aarch64/arm64/' | sed 's/ppc64le/powerpc/' | sed 's/mips.*/mips/' | sed 's/riscv.*/riscv/'`
- 
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pmdabpf_arch" >&5
- printf "%s\n" "$pmdabpf_arch" >&6; }
-diff --git a/configure.ac b/configure.ac
-index f8e855019..51887d26c 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -1172,7 +1172,7 @@
- 
- dnl Get BPF CO-RE arch identifier
- AC_MSG_CHECKING([BPF CO-RE architecture identifier])
-pmdabpf_arch=`uname -m | sed 's/x86_64/x86/' | sed 's/aarch64/arm64/' | sed 's/ppc64le/powerpc/' | sed 's/mips.*/mips/'`
-+pmdabpf_arch=`uname -m | sed 's/x86_64/x86/' | sed 's/aarch64/arm64/' | sed 's/ppc64le/powerpc/' | sed 's/mips.*/mips/' | sed 's/riscv.*/riscv/'`
- AC_SUBST(pmdabpf_arch)
- AC_MSG_RESULT($pmdabpf_arch)
- 
-- 
-2.43.0
--- a/pcp-6.1.1.src.tar.gz
+++ b/pcp-6.1.1.src.tar.gz
--- a/CVE-2024-3019.patch
+++ b/CVE-2024-3019.patch
@ -1,31 +0,0 @@
-From 3bde240a2acc85e63e2f7813330713dd9b59386e Mon Sep 17 00:00:00 2001
-From: Nathan Scott <nathans@redhat.com>
-Date: Wed, 27 Mar 2024 14:51:28 +1100
-Subject: [PATCH] pmproxy: disable Redis protocol proxying by default
-
-origin: https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e
-
-If a redis-server has been locked down in terms of connections,
-we want to prevent pmproxy from being allowed to send arbitrary
-RESP commands to it.
-
-This protocol proxying doesn't affect PCP functionality at all,
-its more of a developer/sysadmin convenience when Redis used in
-cluster mode (relatively uncommon compared to localhost mode).
---
- src/pmproxy/pmproxy.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
-index e54891792e..4cbc1c96af 100644
--- a/src/pmproxy/pmproxy.conf
-+++ b/src/pmproxy/pmproxy.conf
-@@ -29,7 +29,7 @@ pcp.enabled = true
- http.enabled = true
- 
- # support Redis protocol proxying
-redis.enabled = true
-+redis.enabled = false
- 
- # support SSL/TLS protocol wrapping
- secure.enabled = true
--- a/pcp.spec
+++ b/pcp.spec
@ -1,15 +1,13 @@
 %global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}

 Name:    pcp
-Version: 6.1.1
-Release: 5
+Version: 6.2.2
+Release: 1
 Summary: System-level performance monitoring and performance management
 License: GPL-2.0-or-later AND LGPL-2.1-or-later AND CC-BY-3.0
 URL:     https://pcp.io

-Source0: https://github.com/performancecopilot/pcp/releases/pcp-%{version}.src.tar.gz
-Patch0:  0001-riscv-config-pmdabpf_arch-value.patch
-Patch1:  CVE-2024-3019.patch
+Source0: https://github.com/performancecopilot/pcp/archive/refs/tags/%{version}.tar.gz

 # The additional linker flags break out-of-tree PMDAs.
 # https://bugzilla.redhat.com/show_bug.cgi?id=2043092
@ -85,6 +83,8 @@ Patch1:  CVE-2024-3019.patch
 # rpm producing "noarch" packages
 %global disable_noarch 0

+%global disable_arrow 1
+
 %global disable_xlsx 1

 # prevent conflicting binary and man page install for pcp(1)
@ -393,9 +393,11 @@ Requires: pcp-pmda-bpf
 Requires: pcp-pmda-bpftrace
 %endif
 %if !%{disable_python3}
+Requires: pcp-geolocate pcp-export-pcp2openmetrics pcp-export-pcp2json
+Requires: pcp-export-pcp2spark pcp-export-pcp2xml pcp-export-pcp2zabbix
 Requires: pcp-pmda-gluster pcp-pmda-zswap pcp-pmda-unbound pcp-pmda-mic
 Requires: pcp-pmda-libvirt pcp-pmda-lio pcp-pmda-openmetrics pcp-pmda-haproxy
-Requires: pcp-pmda-lmsensors pcp-pmda-netcheck pcp-pmda-rabbitmq
+Requires: pcp-pmda-lmsensors pcp-pmda-netcheck pcp-pmda-rabbitmq pcp-pmda-uwsgi
 Requires: pcp-pmda-openvswitch
 %endif
 %if !%{disable_mongodb}
@ -666,6 +668,22 @@ Requires: python3-pcp = %{version}-%{release}
 Performance Co-Pilot (PCP) front-end tools for exporting metric values
 in JSON format.

+#
+# pcp-export-pcp2openmetrics
+#
+%package export-pcp2openmetrics
+License: GPL-2.0-or-later
+Summary: Performance Co-Pilot tools for exporting PCP metrics in OpenMetrics format
+URL: https://pcp.io
+Requires: pcp-libs >= %{version}-%{release}
+%if !%{disable_python3}
+Requires: python3-pcp = %{version}-%{release}
+%endif
+
+%description export-pcp2openmetrics
+Performance Co-Pilot (PCP) front-end tools for exporting metric values
+in OpenMetrics (https://openmetrics.io/) format.
+
 #
 # pcp-export-pcp2spark
 #
@ -683,6 +701,26 @@ Performance Co-Pilot (PCP) front-end tools for exporting metric values
 in JSON format to Apache Spark. See https://spark.apache.org/ for
 further details on Apache Spark.

+#
+# pcp-export-pcp2arrow
+#
+%if !%{disable_arrow}
+%package export-pcp2arrow
+License: GPL-2.0-or-later
+Summary: Performance Co-Pilot tools for exporting PCP metrics to Apache Arrow
+URL: https://pcp.io
+Requires: pcp-libs >= %{version}-%{release}
+%if !%{disable_python3}
+Requires: python3-pcp = %{version}-%{release}
+Requires: python3-pyarrow
+BuildRequires: python3-pyarrow
+%endif
+
+%description export-pcp2arrow
+Performance Co-Pilot (PCP) front-end tool for exporting metric values
+to Apache Arrow, which supports the columnar parquet data format.
+%endif
+
 #
 # pcp-export-pcp2xlsx
 #
@ -1492,6 +1530,22 @@ This package contains the PCP Performance Metrics Domain Agent (PMDA) for
 collecting metrics about RabbitMQ message queues.
 #end pcp-pmda-rabbitmq

+#
+# pcp-pmda-uwsgi
+#
+%package pmda-uwsgi
+License: GPL-2.0-or-later
+Summary: Performance Co-Pilot (PCP) metrics from uWSGI servers
+URL: https://pcp.io
+Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release}
+%if !%{disable_python3}
+Requires: python3-pcp
+%endif
+%description pmda-uwsgi
+This package contains the PCP Performance Metrics Domain Agent (PMDA) for
+collecting metrics from uWSGI servers.
+#end pcp-pmda-uwsgi
+
 #
 # pcp-pmda-lio
 #
@ -2148,7 +2202,7 @@ sed -i -e 's/usr\/lib\//usr\/lib64\//' pcp-libs-devel-files

 # some special cases for devel
 awk '{print $NF}' $DIST_MANIFEST |\
-grep -E 'pcp\/(examples|demos)|(etc/pcp|pcp/pmdas)\/(sample|simple|trivial|txmon)|bin/(pmdbg|pmclient|pmerr|genpmda)' | grep -E -v tutorials >>pcp-devel-files
+grep -E 'pcp/(examples|demos)|(etc/pcp|pcp/pmdas)/(sample|simple|trivial|txmon)|bin/(pmdbg|pmclient|pmerr|genpmda)' | grep -E -v tutorials >>pcp-devel-files

 # Patterns for files to be marked %%config(noreplace).
 # Note: /etc/pcp.{conf,env,sh} are %%config but not noreplace
@ -2182,11 +2236,11 @@ basic_manifest() {
 # Likewise, for the pcp-pmda and pcp-testsuite subpackages.
 #
 total_manifest | keep 'tutorials|/html/|pcp-help|man.*\.[1-9].*' | cull 'out' >pcp-help-files
-total_manifest | keep 'testsuite|pcpqa|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files
+total_manifest | keep 'testsuite|pcpqa|etc/systemd/system|libpcp_fault|pcp/fault.h|pmcheck/pmda-sample' >pcp-testsuite-files

 basic_manifest | keep "$PCP_GUI|pcp-gui|applications|pixmaps|hicolor" | cull 'pmtime.h' >pcp-gui-files
 basic_manifest | keep 'selinux' | cull 'tmp|testsuite' >pcp-selinux-files
-basic_manifest | keep 'zeroconf|daily[-_]report|/sa$' >pcp-zeroconf-files
+basic_manifest | keep 'zeroconf|daily[-_]report|/sa$' | cull 'pmcheck' >pcp-zeroconf-files
 basic_manifest | grep -E -e 'pmiostat|pmrep|dstat|htop|pcp2csv' \
   -e 'pcp-atop|pcp-dmcache|pcp-dstat|pcp-free' \
   -e 'pcp-htop|pcp-ipcs|pcp-iostat|pcp-lvmcache|pcp-mpstat' \
@ -2200,11 +2254,13 @@ basic_manifest | keep 'sheet2pcp' >pcp-import-sheet2pcp-files
 basic_manifest | keep 'mrtg2pcp' >pcp-import-mrtg2pcp-files
 basic_manifest | keep 'ganglia2pcp' >pcp-import-ganglia2pcp-files
 basic_manifest | keep 'collectl2pcp' >pcp-import-collectl2pcp-files
+basic_manifest | keep 'pcp2arrow' >pcp-export-pcp2arrow-files
 basic_manifest | keep 'pcp2elasticsearch' >pcp-export-pcp2elasticsearch-files
 basic_manifest | keep 'pcp2influxdb' >pcp-export-pcp2influxdb-files
 basic_manifest | keep 'pcp2xlsx' >pcp-export-pcp2xlsx-files
 basic_manifest | keep 'pcp2graphite' >pcp-export-pcp2graphite-files
 basic_manifest | keep 'pcp2json' >pcp-export-pcp2json-files
+basic_manifest | keep 'pcp2openmetrics' >pcp-export-pcp2openmetrics-files
 basic_manifest | keep 'pcp2spark' >pcp-export-pcp2spark-files
 basic_manifest | keep 'pcp2xml' >pcp-export-pcp2xml-files
 basic_manifest | keep 'pcp2zabbix' >pcp-export-pcp2zabbix-files
@ -2282,6 +2338,7 @@ basic_manifest | keep '(etc/pcp|pmdas)/summary(/|$)' >pcp-pmda-summary-files
 basic_manifest | keep '(etc/pcp|pmdas)/systemd(/|$)' >pcp-pmda-systemd-files
 basic_manifest | keep '(etc/pcp|pmdas)/trace(/|$)' >pcp-pmda-trace-files
 basic_manifest | keep '(etc/pcp|pmdas)/unbound(/|$)' >pcp-pmda-unbound-files
+basic_manifest | keep '(etc/pcp|pmdas)/uwsgi(/|$)' >pcp-pmda-uwsgi-files
 basic_manifest | keep '(etc/pcp|pmdas)/weblog(/|$)' >pcp-pmda-weblog-files
 basic_manifest | keep '(etc/pcp|pmdas)/zimbra(/|$)' >pcp-pmda-zimbra-files
 basic_manifest | keep '(etc/pcp|pmdas)/zswap(/|$)' >pcp-pmda-zswap-files
@ -2307,7 +2364,7 @@ for pmda_package in \
    rabbitmq redis resctrl roomtemp rpm rsyslog \
    samba sendmail shping slurm smart snmp \
    sockets statsd summary systemd \
-    unbound \
+    unbound uwsgi \
    trace \
    weblog \
    zimbra zswap ; \
@ -2322,8 +2379,8 @@ do \
 done

 for export_package in \
-    pcp2elasticsearch pcp2graphite pcp2influxdb pcp2json \
-    pcp2spark pcp2xlsx pcp2xml pcp2zabbix zabbix-agent ; \
+    pcp2arrow pcp2elasticsearch pcp2graphite pcp2influxdb pcp2json \
+    pcp2openmetrics pcp2spark pcp2xlsx pcp2xml pcp2zabbix zabbix-agent ; \
 do \
    export_packages="$export_packages pcp-export-$export_package"; \
 done
@ -2451,8 +2508,8 @@ semodule -r pcpqa >/dev/null 2>&1 || true
 %endif
 chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
 %if !%{disable_systemd}
-    systemctl restart pmcd pmlogger >/dev/null 2>&1
-    systemctl enable pmcd pmlogger >/dev/null 2>&1
+    systemctl restart pcp-reboot-init pmcd pmlogger >/dev/null 2>&1
+    systemctl enable pcp-reboot-init pmcd pmlogger >/dev/null 2>&1
 %else
    /sbin/chkconfig --add pmcd >/dev/null 2>&1
    /sbin/chkconfig --add pmlogger >/dev/null 2>&1
@ -2522,6 +2579,9 @@ exit 0
 %preun pmda-rabbitmq
 %{pmda_remove "$1" "rabbitmq"}

+%preun pmda-uwsgi
+%{pmda_remove "$1" "uwsgi"}
+
 %if !%{disable_snmp}
 %preun pmda-snmp
 %{pmda_remove "$1" "snmp"}
@ -2729,9 +2789,9 @@ if [ "$1" -eq 0 ]
 then
    # stop daemons before erasing the package
    %if !%{disable_systemd}
-       %systemd_preun pmlogger_check.timer pmlogger_daily.timer pmlogger_farm_check.timer pmlogger_farm_check.service pmlogger_farm.service pmlogger.service pmie_check.timer pmie_daily.timer pmie_farm_check.timer pmie_farm_check.service pmie_farm.service pmie.service pmproxy.service pmfind.service pmcd.service
+       %systemd_preun pmlogger_check.timer pmlogger_daily.timer pmlogger_farm_check.timer pmlogger_farm_check.service pmlogger_farm.service pmlogger.service pmie_check.timer pmie_daily.timer pmie_farm_check.timer pmie_farm_check.service pmie_farm.service pmie.service pmproxy.service pmfind.service pmcd.service pcp-reboot-init.service

-       systemctl stop pmlogger.service pmie.service pmproxy.service pmfind.service pmcd.service >/dev/null 2>&1
+       systemctl stop pmlogger.service pmie.service pmproxy.service pmfind.service pmcd.service pcp-reboot-init.service >/dev/null 2>&1
    %else
       /sbin/service pmlogger stop >/dev/null 2>&1
       /sbin/service pmie stop >/dev/null 2>&1
@ -2764,8 +2824,8 @@ done
 # auto-enable these usually optional pmie rules
 %{run_pmieconf "$PCP_PMIECONFIG_DIR" dmthin}
 %if !%{disable_systemd}
-    systemctl restart pmcd pmlogger pmie >/dev/null 2>&1
-    systemctl enable pmcd pmlogger pmie >/dev/null 2>&1
+    systemctl restart pcp-reboot-init pmcd pmlogger pmie >/dev/null 2>&1
+    systemctl enable pcp-reboot-init pmcd pmlogger pmie >/dev/null 2>&1
 %else
    /sbin/chkconfig --add pmcd >/dev/null 2>&1
    /sbin/chkconfig --add pmlogger >/dev/null 2>&1
@ -2988,10 +3048,14 @@ fi

 %files pmda-rabbitmq -f pcp-pmda-rabbitmq-files.rpm

+%files pmda-uwsgi -f pcp-pmda-uwsgi-files.rpm
+
 %files export-pcp2graphite -f pcp-export-pcp2graphite-files.rpm

 %files export-pcp2json -f pcp-export-pcp2json-files.rpm

+%files export-pcp2openmetrics -f pcp-export-pcp2openmetrics-files.rpm
+
 %files export-pcp2spark -f pcp-export-pcp2spark-files.rpm

 %files export-pcp2xml -f pcp-export-pcp2xml-files.rpm
@ -3007,6 +3071,10 @@ fi
 %files export-pcp2influxdb -f pcp-export-pcp2influxdb-files.rpm
 %endif

+%if !%{disable_arrow}
+%files export-pcp2arrow -f pcp-export-pcp2arrow-files.rpm
+%endif
+
 %if !%{disable_xlsx}
 %files export-pcp2xlsx -f pcp-export-pcp2xlsx-files.rpm
 %endif
@ -3106,6 +3174,10 @@ fi


 %changelog
+* Thu May 30 2024 wangkai <13474090681@163.com> - 6.2.2-1
+- Update to 6.2.2 for fix CVE-2023-6917
+- Add subpackages pcp-export-pcp2openmetrics pcp-pmda-uwsgi
+
 * Mon Apr 22 2024 yueyuankun <yueyuankun@kylinos.cn> - 6.1.1-5
 - modify spec, add vendor