pcp - Debian Package Tracker

general

source: pcp (main)
version: 7.1.4-1
maintainer: PCP Development Team (DMD)
uploaders: Ken McDonell [DMD] – Nathan Scott [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.2.6-1
oldstable: 6.0.3-1.1
stable: 6.3.8-1
testing: 7.1.2-1
unstable: 7.1.4-1

versioned links

5.2.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.0.3-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.3.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.1.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpcp-archive1
libpcp-archive1-dev
libpcp-gui2
libpcp-gui2-dev
libpcp-import-perl
libpcp-import1
libpcp-import1-dev
libpcp-logsummary-perl
libpcp-mmv-perl
libpcp-mmv1
libpcp-mmv1-dev
libpcp-pmda-perl
libpcp-pmda3
libpcp-pmda3-dev
libpcp-trace2
libpcp-trace2-dev
libpcp-web1
libpcp-web1-dev
libpcp3
libpcp3-dev
libpcp4
libpcp4-dev
pcp (1 bugs: 0, 1, 0, 0)
pcp-conf
pcp-doc
pcp-export-pcp2elasticsearch
pcp-export-pcp2graphite
pcp-export-pcp2influxdb
pcp-export-pcp2json
pcp-export-pcp2spark
pcp-export-pcp2xlsx
pcp-export-pcp2xml
pcp-export-pcp2zabbix
pcp-export-zabbix-agent
pcp-gui
pcp-import-benchmarks
pcp-import-collectl2pcp
pcp-import-ganglia2pcp
pcp-import-guidellm2pcp
pcp-import-iostat2pcp
pcp-import-mrtg2pcp
pcp-import-sar2pcp
pcp-import-sheet2pcp
pcp-pmda-infiniband
pcp-testsuite
pcp-zeroconf
python3-pcp

action needed

Marked for autoremoval on 01 June due to mongo-c-driver: #1133063, #1135502 high

Version 7.1.2-1 of pcp is marked for autoremoval from testing on Mon 01 Jun 2026. It is affected by #1133063. The removal of pcp will also cause the removal of (transitive) reverse dependency: bpftune. It depends (transitively) on mongo-c-driver, affected by #1135502. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-04-10 Last update: 2026-05-24 11:30

lintian reports 2 errors and 87 warnings high

Lintian reports 2 errors and 87 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-22 Last update: 2026-05-23 01:01

AppStream hints: 1 error and 1 warning for pcp-gui high

AppStream found metadata issues for packages:

pcp-gui: 1 error and 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2018-06-04 Last update: 2026-02-23 04:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-12-05 Last update: 2026-05-24 08:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 7.1.5-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 9ead848e1ba451bc92adf655d7a8865fcfc868c0
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sun May 24 13:37:57 2026 +1000

    Makepkgs & qa/admin/myconfigure: revert dh_auto_configure change
    
    We cannot run dh_auto_configure safely as a drop-in replacement
    for ./configure outside the Debian build ecosystem ... will need
    to find another way here to make Multilib paths appear for these
    scripts when building for Debian-based systems.

commit 14f40296f14829b754b659762a8656787b282684
Author: Ken McDonell <kenj@kenj.id.au>
Date:   Sun May 24 12:36:13 2026 +1000

    Debian build: fix serious Multilib problem
    
    In commit 704b93c3b I changed from using ./configure to using
    dh_auto_configure to address a botch in the build for armhf.
    
    This had the unfortunate side-effect of activating Debian's Multiarch
    feature (that we had not previously been using in the build),
    which moved *all* of the PCP libraries from /usr/lib to (on bozo)
    /usr/lib/x86_64-linux-gnu and this meant the .install files for *all*
    the library packages missed their intended library and all of the
    libraries "migrated" to the pcp package, as you can see here.
    
    kenj@bozo:~$ dpkg-query -S /usr/lib/x86_64-linux-gnu/libpcp.so
    pcp: /usr/lib/x86_64-linux-gnu/libpcp.so
    
    qa/1648 was supposed to detecting this sort of problem, but it requires
    lintian to be installed (not in the package-list files) and so in
    the QA Farm was _notrun on lots of Debian-based platforms (but I was
    distracted with travel and pmUnits changes and didn't notice the 3
    failures), and this test is marked _not_in_ci (because lintian takes so
    long to run) and was never being run in the github QA action.
    
    First we need to fix the .install files using a * glob for the extra
    directory level.
    
    Then, since pcp-7.1.4 has escaped we need the whole Breaks+Replaces
    circus for *all* the packages that lost their libraries.
    
    And finally, this explains why
        $ sudo make install
    recently stopped working in the library source directories, so there
    is an additional change in Makepkgs and (more importantly)
    qa/admin/myconfigure to use dh_auto_configure in preference to
    ./configure for Debian-based platforms so a developer's
        $ sudo make install
    updates libraries in the same place where the package installer has
    dumped 'em.

commit fa63a3052c4f28e54a1a3e23c1899da688989702
Author: Nathan Scott <nathans@redhat.com>
Date:   Fri May 22 13:07:46 2026 +1000

    qa: add pmdards filtering in common.filter

commit 0574edacb5941c0142e9b501708c08650b31bbe8
Author: Nathan Scott <nathans@redhat.com>
Date:   Fri May 22 13:07:23 2026 +1000

    docs: bump version for next planned release

Created: 2026-05-23 Last update: 2026-05-24 05:46

Multiarch hinter reports 9 issue(s) low

There are issues with the multiarch metadata for this package.

pcp-doc could be marked Multi-Arch: foreign
libpcp-archive1 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-gui2 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-import1 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-mmv1 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-pmda3 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-trace2 could be converted to Architecture: all and marked Multi-Arch: foreign
libpcp-web1 could be converted to Architecture: all and marked Multi-Arch: foreign
pcp-export-zabbix-agent could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-05-24 09:32

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2023-6917: (needs triaging) A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
CVE-2024-3019: (needs triaging) A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
CVE-2024-45769: (needs triaging) A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
CVE-2024-45770: (needs triaging) A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-02-29 Last update: 2026-05-22 05:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-05-22 04:31

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for pcp (7.1.2-1 to 7.1.4-1): Will attempt migration (Any information below is purely informational)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/p/pcp.html
- ∙ ∙ Not reproduced on amd64 (not a regression): pcp-testsuite
- ∙ ∙ Not reproduced on arm64 (not a regression): pcp, pcp-testsuite
- ∙ ∙ Not reproduced on armhf (not a regression): pcp, pcp-testsuite
- ∙ ∙ Not reproduced on i386 (not a regression): pcp-testsuite
- ∙ ∙ 2 days old (needed 2 days)

news

[rss feed]

[2026-05-22] Accepted pcp 7.1.4-1 (source) into unstable (Nathan Scott)
[2026-05-02] Accepted pcp 7.1.3-2 (source) into unstable (Nathan Scott)
[2026-04-27] pcp 7.1.2-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted pcp 7.1.2-1 (source) into unstable (Nathan Scott)
[2026-04-02] pcp 7.1.1-1 MIGRATED to testing (Debian testing watch)
[2026-03-30] Accepted pcp 7.1.1-1 (source) into unstable (Nathan Scott)
[2026-01-30] pcp 7.1.0-1 MIGRATED to testing (Debian testing watch)
[2026-01-28] Accepted pcp 7.1.0-1 (source) into unstable (Nathan Scott)
[2025-12-05] pcp 7.0.5-1 MIGRATED to testing (Debian testing watch)
[2025-11-21] Accepted pcp 7.0.5-1 (source) into unstable (Nathan Scott)
[2025-11-19] Accepted pcp 7.0.4-1 (source) into unstable (Nathan Scott)
[2025-11-12] Accepted pcp 7.0.3-1 (source arm64 all) into unstable (Nathan Scott)
[2025-11-01] pcp REMOVED from testing (Debian testing watch)
[2025-10-16] Accepted pcp 7.0.2-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-09-23] Accepted pcp 7.0.1-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-09-01] Accepted pcp 7.0.0-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2025-04-21] pcp 6.3.8-1 MIGRATED to testing (Debian testing watch)
[2025-04-11] Accepted pcp 6.3.8-1 (source) into unstable (Nathan Scott)
[2025-04-07] pcp 6.3.7-1 MIGRATED to testing (Debian testing watch)
[2025-03-28] Accepted pcp 6.3.7-1 (source) into unstable (Nathan Scott)
[2025-03-17] Accepted pcp 6.3.6-1 (source) into unstable (Nathan Scott)
[2025-03-15] Accepted pcp 6.3.5-1 (source) into unstable (Nathan Scott)
[2025-03-13] Accepted pcp 6.3.4-1 (source) into unstable (Nathan Scott)
[2025-01-28] Accepted pcp 6.3.3-1 (source) into unstable (Nathan Scott)
[2024-09-17] Accepted pcp 6.3.1-1 (source) into unstable (Nathan Scott)
[2024-07-30] Accepted pcp 6.3.0-1 (source) into unstable (Nathan Scott)
[2024-06-03] pcp REMOVED from testing (Debian testing watch)
[2024-05-15] Accepted pcp 6.2.2-1 (source) into unstable (Nathan Scott)
[2024-05-07] Accepted pcp 6.2.1-1 (source arm64 all) into unstable (Debian FTP Masters) (signed by: Nathan Scott)
[2024-02-29] Accepted pcp 6.2.0-1.1 (source) into unstable (Benjamin Drung)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (2, 87)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.1.4-1
2 bugs