pcp - Debian Package Tracker

general

source: pcp (main)
version: 7.1.2-1
maintainer: PCP Development Team (DMD)
uploaders: Nathan Scott [DMD] – Ken McDonell [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.2.6-1
oldstable: 6.0.3-1.1
stable: 6.3.8-1
testing: 7.1.2-1
unstable: 7.1.2-1

versioned links

5.2.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.0.3-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.3.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpcp-archive1
libpcp-archive1-dev
libpcp-gui2
libpcp-gui2-dev
libpcp-import-perl
libpcp-import1
libpcp-import1-dev
libpcp-logsummary-perl
libpcp-mmv-perl
libpcp-mmv1
libpcp-mmv1-dev
libpcp-pmda-perl
libpcp-pmda3
libpcp-pmda3-dev
libpcp-trace2
libpcp-trace2-dev
libpcp-web1
libpcp-web1-dev
libpcp3
libpcp3-dev
libpcp4
libpcp4-dev
pcp (1 bugs: 0, 1, 0, 0)
pcp-conf
pcp-doc
pcp-export-pcp2elasticsearch
pcp-export-pcp2graphite
pcp-export-pcp2influxdb
pcp-export-pcp2json
pcp-export-pcp2spark
pcp-export-pcp2xlsx
pcp-export-pcp2xml
pcp-export-pcp2zabbix
pcp-export-zabbix-agent
pcp-gui
pcp-import-benchmarks
pcp-import-collectl2pcp
pcp-import-ganglia2pcp
pcp-import-guidellm2pcp
pcp-import-iostat2pcp
pcp-import-mrtg2pcp
pcp-import-sar2pcp
pcp-import-sheet2pcp
pcp-pmda-infiniband
pcp-testsuite
pcp-zeroconf
python3-pcp

action needed

Marked for autoremoval on 28 May: #1133063 high

Version 7.1.2-1 of pcp is marked for autoremoval from testing on Thu 28 May 2026. It is affected by #1133063. The removal of pcp will also cause the removal of (transitive) reverse dependency: bpftune. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-04-10 Last update: 2026-04-29 12:30

lintian reports 2 errors and 6 warnings high

Lintian reports 2 errors and 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-25 Last update: 2026-04-25 04:00

AppStream hints: 1 error and 1 warning for pcp-gui high

AppStream found metadata issues for packages:

pcp-gui: 1 error and 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2018-06-04 Last update: 2026-02-23 04:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-12-05 Last update: 2026-04-29 12:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 7.1.3-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 704b93c3bb5062ff885be8aedbe849053ec7205c
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sun Apr 26 06:40:04 2026 +1000

    debian/rules: use dh_auto_configure instead of ./configure
    
    As Gianfranco Costamagna noted over in Debian bug #1133063 by calling
    ./configure directly we bypass some build setup where additional "dh"
    flags are inserted as command line arguments when configure is called.
    
    For him, "This makes the package built for a wrong arch in armhf.
    The baseline should be armv7l."

commit 7265eb0e82c3fbcc27e550edfbde30486a216c85
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sun Apr 26 06:33:39 2026 +1000

    Makepkgs: Debian builds: previous changes to weld build number onto package version were NQR
    
    More than NQR, the earlier commits change VERSION.pcp safely and
    securely, it is just that Debian builds extract this info from the 1st
    line of the debian/changelog so we need edit that in the build source
    tree as well.

commit 92eacce052f4d0e5ac9543d2175b23a97d3ce226
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sun Apr 26 06:31:31 2026 +1000

    docs: bump changelogs and version for next planned release
    
    The 24 June date is pure speculation ... others need to decide when
    7.1.3 escapes.

commit a120db1accf5ce810712ec9cb17eb86d440f46c7
Merge: f05876ef 9fd1a97c
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sat Apr 25 06:34:51 2026 +1000

    Merge branch 'main' of https://github.com/performancecopilot/pcp

commit f05876ef3ab7c1d85f685d18b910c0b805a2289b
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Thu Apr 23 08:38:30 2026 +1000

    qa/admin/show-me-all: another fixup for Callback: lines in the QA logs

commit 191a62fdbf8e3e3cb3363484478fc0c823f9b314
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Thu Apr 23 08:10:39 2026 +1000

    qa/1339: change TCP/IP port for use with sample PMDA
    
    Was 5670 and 5671 but the latter clashes with AMQP and on AmazonLinux
    (vm40) tripped the AVC below based on the port number.
    
    $ sudo ausearch -m AVC -ts recent
    ----
    time->Thu Apr 23 07:57:56 2026
    type=AVC msg=audit(1776895076.650:6335): avc:  denied  { name_bind } for  pid=260021 comm="pmdasample" src=5671 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket permissive=1
    
    Changing to the default port (whatever that might be) from _find_port()
    made the AVC go away.

Created: 2026-04-26 Last update: 2026-04-28 18:30

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

pcp-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-04-29 13:31

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2023-6917: (needs triaging) A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
CVE-2024-3019: (needs triaging) A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
CVE-2024-45769: (needs triaging) A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
CVE-2024-45770: (needs triaging) A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-02-29 Last update: 2026-04-28 19:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-04-24 21:18

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-04-27] pcp 7.1.2-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted pcp 7.1.2-1 (source) into unstable (Nathan Scott)
[2026-04-02] pcp 7.1.1-1 MIGRATED to testing (Debian testing watch)
[2026-03-30] Accepted pcp 7.1.1-1 (source) into unstable (Nathan Scott)
[2026-01-30] pcp 7.1.0-1 MIGRATED to testing (Debian testing watch)
[2026-01-28] Accepted pcp 7.1.0-1 (source) into unstable (Nathan Scott)
[2025-12-05] pcp 7.0.5-1 MIGRATED to testing (Debian testing watch)
[2025-11-21] Accepted pcp 7.0.5-1 (source) into unstable (Nathan Scott)
[2025-11-19] Accepted pcp 7.0.4-1 (source) into unstable (Nathan Scott)
[2025-11-12] Accepted pcp 7.0.3-1 (source arm64 all) into unstable (Nathan Scott)
[2025-11-01] pcp REMOVED from testing (Debian testing watch)
[2025-10-16] Accepted pcp 7.0.2-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-09-23] Accepted pcp 7.0.1-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-09-01] Accepted pcp 7.0.0-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-04-21] pcp 6.3.8-1 MIGRATED to testing (Debian testing watch)
[2025-04-11] Accepted pcp 6.3.8-1 (source) into unstable (Nathan Scott)
[2025-04-07] pcp 6.3.7-1 MIGRATED to testing (Debian testing watch)
[2025-03-28] Accepted pcp 6.3.7-1 (source) into unstable (Nathan Scott)
[2025-03-17] Accepted pcp 6.3.6-1 (source) into unstable (Nathan Scott)
[2025-03-15] Accepted pcp 6.3.5-1 (source) into unstable (Nathan Scott)
[2025-03-13] Accepted pcp 6.3.4-1 (source) into unstable (Nathan Scott)
[2025-01-28] Accepted pcp 6.3.3-1 (source) into unstable (Nathan Scott)
[2024-09-17] Accepted pcp 6.3.1-1 (source) into unstable (Nathan Scott)
[2024-07-30] Accepted pcp 6.3.0-1 (source) into unstable (Nathan Scott)
[2024-06-03] pcp REMOVED from testing (Debian testing watch)
[2024-05-15] Accepted pcp 6.2.2-1 (source) into unstable (Nathan Scott)
[2024-05-07] Accepted pcp 6.2.1-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2024-02-29] Accepted pcp 6.2.0-1.1 (source) into unstable (Benjamin Drung)
[2024-02-22] pcp 6.2.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-19] Accepted pcp 6.2.0-1.1~exp1 (source) into experimental (Steve Langasek)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (2, 6)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.1.1-1
1 bug