On Wed, 8 Jun 2016 14:21:14 +0200 Guillem Jover <gjo...@sipwise.com> wrote: > This package contains many scripts which call back home to check for > a new upstream versions. In addition they also report back things such > as hostname and port and similar. It seems this was previously disabled > or removed due to CVE-2014-2029 (#740846), but the patch got lost > somewhere?
hello Guillem, can you clarify what you see and/or in which scripts you saw the callback happening automatically? i had a quick look and it appears this feature is not enabled by default (as also clarified at https://www.percona.com/version-check); for example in pt-duplicate-key-checker i can see: # ######################################################################## # Do the version-check # ######################################################################## if ( $o->get('version-check') && (!$o->has('quiet') || !$o->get('quiet')) ) { VersionCheck::version_check( force => $o->got('version-check'), instances => [ {dbh => $dbh, dsn => $dsn} ], ); } which only triggers the version check if the `version-check` cli switch/config parameters are set. Dario, side question: if you want a hand co-maintain percona-toolkit id be happy to help as we use them at work so we do care about those tools. thanks, sandro