packages/pcp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-3019

Browse Source 
(cherry picked from commit 1443bbc845b7065c4df4324bb9fb263fa3a74484)
This commit is contained in:
wk333 2024-03-29 15:49:05 +08:00 committed by openeuler-sync-bot
parent 4650371c53
commit 30a64932e8
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2024-3019.patch Normal file
View File

@ -0,0 +1,31 @@
From 3bde240a2acc85e63e2f7813330713dd9b59386e Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@redhat.com>
Date: Wed, 27 Mar 2024 14:51:28 +1100
Subject: [PATCH] pmproxy: disable Redis protocol proxying by default
origin: https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e
If a redis-server has been locked down in terms of connections,
we want to prevent pmproxy from being allowed to send arbitrary
RESP commands to it.
This protocol proxying doesn't affect PCP functionality at all,
its more of a developer/sysadmin convenience when Redis used in
cluster mode (relatively uncommon compared to localhost mode).
---
src/pmproxy/pmproxy.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
index e54891792e..4cbc1c96af 100644
--- a/src/pmproxy/pmproxy.conf
+++ b/src/pmproxy/pmproxy.conf
@@ -29,7 +29,7 @@ pcp.enabled = true
http.enabled = true
# support Redis protocol proxying
-redis.enabled = true
+redis.enabled = false
# support SSL/TLS protocol wrapping
secure.enabled = true

6
pcp.spec
View File

@ -55,12 +55,13 @@
Name: pcp Name: pcp
Version: 5.3.7 Version: 5.3.7
Summary: System-level performance monitoring and performance management Summary: System-level performance monitoring and performance management
Release: 3 Release: 4
License: GPL-2.0-or-later and LGPL-2.0-or-later and CC-BY-SA-3.0 License: GPL-2.0-or-later and LGPL-2.0-or-later and CC-BY-SA-3.0
URL: https://pcp.io URL: https://pcp.io
Source0: https://github.com/performancecopilot/pcp/archive/refs/tags/%{version}.tar.gz Source0: https://github.com/performancecopilot/pcp/archive/refs/tags/%{version}.tar.gz
#Refer: https://github.com/performancecopilot/pcp/pull/822 #Refer: https://github.com/performancecopilot/pcp/pull/822
Patch0: fix-out-of-range-mpstat.patch Patch0: fix-out-of-range-mpstat.patch
Patch1: CVE-2024-3019.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc gcc-c++ BuildRequires: gcc gcc-c++
BuildRequires: procps autoconf bison flex BuildRequires: procps autoconf bison flex
@ -1932,6 +1933,9 @@ systemctl condrestart pmproxy.service >/dev/null 2>&1
%changelog %changelog
* Fri Mar 29 2024 wangkai <13474090681@163.com> - 5.3.7-4
- Fix CVE-2024-3019
* Mon Feb 13 2023 wangkai <wangkai385@h-partners.com> - 5.3.7-3 * Mon Feb 13 2023 wangkai <wangkai385@h-partners.com> - 5.3.7-3
- Fix out of range in pcp-mpstat - Fix out of range in pcp-mpstat