Hello community, here is the log from the commit of package percona-toolkit for openSUSE:Factory checked in at 2014-02-19 07:22:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/percona-toolkit (Old) and /work/SRC/openSUSE:Factory/.percona-toolkit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "percona-toolkit" Changes: -------- --- /work/SRC/openSUSE:Factory/percona-toolkit/percona-toolkit.changes 2013-12-30 10:25:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.percona-toolkit.new/percona-toolkit.changes 2014-02-19 07:22:15.000000000 +0100 @@ -1,0 +2,16 @@ +Sun Feb 16 23:57:34 UTC 2014 - andreas.stie...@gmx.de + +- disable automatic version check for all tools [bnc#864194] + Prevents transmission of version information to an external host + in the default configuration. + Can be used by owner of a Percona Server (or an attacker who can + control this destination for the client) to collect arbitrary + MySQL configuration parameters and execute commands (with -v). + Now the version check needs to be requested via command line or + global/tool specific/user configuration. (--version-check) +- added /etc/percona-toolkit/percona-toolkit.conf configuration + directory and template configuration file +- added patches: + * percona-toolkit-2.2.x-disable-default-version-check.patch + +------------------------------------------------------------------- New: ---- percona-toolkit-2.2.x-disable-default-version-check.patch percona-toolkit.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ percona-toolkit.spec ++++++ --- /var/tmp/diff_new_pack.c7QWhN/_old 2014-02-19 07:22:16.000000000 +0100 +++ /var/tmp/diff_new_pack.c7QWhN/_new 2014-02-19 07:22:16.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package percona-toolkit # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,8 @@ Release: 0 Url: https://www.percona.com/software/percona-toolkit/ Source: https://www.percona.com/redir/downloads/%{name}/%{version}/%{name}-%{version}.tar.gz +Source2: %name.conf +Patch0: percona-toolkit-2.2.x-disable-default-version-check.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} < 1140 Requires: perl = %{perl_version} @@ -57,6 +59,7 @@ %prep %setup -q +%patch0 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor < /dev/null @@ -66,17 +69,29 @@ %perl_make_install %perl_process_packlist %if 0%{?suse_version} < 1130 -%__rm -rf $RPM_BUILD_ROOT%perl_vendorarch/auto/%{name} -%__rm -rf $RPM_BUILD_ROOT/var/adm/perl-modules/%{name} +%__rm -rf %buildroot/%perl_vendorarch/auto/%{name} +%__rm -rf %buildroot/var/adm/perl-modules/%{name} %endif - -%clean -rm -rf $RPM_BUILD_ROOT +# a blank configuration file +%__mkdir -p %buildroot/etc/%name +%__cp %{S:2} %buildroot/etc/%name/ + +%check +# check that --version-check is off bnc#864194 +for PTCMD in %buildroot/%{_bindir}/pt-* +do + $PTCMD --help 2>&1 | + grep "\--version-check" || continue # skip tools that don't support version checks + $PTCMD --help 2>&1 | + grep "\--version-check.*FALSE" # fail those that don't have it disabled +done %files %defattr(-,root,root,-) %doc COPYING README Changelog +%dir /etc/%name %{_bindir}/pt* %{_mandir}/man1/*.1* +%config /etc/%name/%name.conf %changelog ++++++ percona-toolkit-2.2.x-disable-default-version-check.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: Mon, 17 Feb 2014 00:15:35 +0000 Subject: disable automatic version check for all tools References: https://bugzilla.novell.com/show_bug.cgi?id=864194 https://bugs.launchpad.net/percona-toolkit/+bug/1279502 Upstream: no Prevents transmission of version information to an external host in the default configuration. Can be used by owner of a Percona Server (or an attacker who can control this destination for the client) to collect arbitrary MySQL configuration parameters and execute commands (with -v). Now the version check needs to be requested via command line or global/tool specific/user configuration. (--version-check) Note that the doc is parsed into a Perl Getopt::Long spec at runtime. Setting "default: no" does not work, "default: 0" would work. The spec file contains a %check section that tests this. Patching the source was chosen over supplying default configuration files in /etc/percona-toolkit/percona-toolkit.conf because not all tools actually support the version check and would throw warnings. --- bin/pt-archiver | 2 -- bin/pt-config-diff | 2 -- bin/pt-deadlock-logger | 2 -- bin/pt-diskstats | 2 -- bin/pt-duplicate-key-checker | 2 -- bin/pt-find | 2 -- bin/pt-fk-error-logger | 2 -- bin/pt-heartbeat | 2 -- bin/pt-index-usage | 2 -- bin/pt-kill | 2 -- bin/pt-online-schema-change | 2 -- bin/pt-query-digest | 2 -- bin/pt-slave-delay | 2 -- bin/pt-slave-restart | 2 -- bin/pt-table-checksum | 2 -- bin/pt-table-sync | 2 -- bin/pt-upgrade | 2 -- bin/pt-variable-advisor | 2 -- 18 files changed, 36 deletions(-) Index: percona-toolkit-2.2.6/bin/pt-archiver =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-archiver 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-archiver 2014-02-16 23:14:22.000000000 +0000 @@ -7482,8 +7482,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-config-diff =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-config-diff 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-config-diff 2014-02-16 23:14:22.000000000 +0000 @@ -5580,8 +5580,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-deadlock-logger =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-deadlock-logger 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-deadlock-logger 2014-02-16 23:14:22.000000000 +0000 @@ -5349,8 +5349,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-diskstats =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-diskstats 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-diskstats 2014-02-16 23:14:22.000000000 +0000 @@ -5485,8 +5485,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-duplicate-key-checker =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-duplicate-key-checker 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-duplicate-key-checker 2014-02-16 23:14:22.000000000 +0000 @@ -5450,8 +5450,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-find =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-find 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-find 2014-02-16 23:14:22.000000000 +0000 @@ -4457,8 +4457,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-fk-error-logger =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-fk-error-logger 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-fk-error-logger 2014-02-16 23:14:22.000000000 +0000 @@ -4352,8 +4352,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-heartbeat =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-heartbeat 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-heartbeat 2014-02-16 23:14:22.000000000 +0000 @@ -6036,8 +6036,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-index-usage =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-index-usage 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-index-usage 2014-02-16 23:14:22.000000000 +0000 @@ -7365,8 +7365,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-kill =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-kill 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-kill 2014-02-16 23:14:22.000000000 +0000 @@ -7643,8 +7643,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-online-schema-change =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-online-schema-change 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-online-schema-change 2014-02-16 23:14:22.000000000 +0000 @@ -11315,8 +11315,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-query-digest =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-query-digest 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-query-digest 2014-02-16 23:14:22.000000000 +0000 @@ -16285,8 +16285,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-slave-delay =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-slave-delay 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-slave-delay 2014-02-16 23:14:22.000000000 +0000 @@ -4715,8 +4715,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-slave-restart =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-slave-restart 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-slave-restart 2014-02-16 23:14:22.000000000 +0000 @@ -5655,8 +5655,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-table-checksum =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-table-checksum 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-table-checksum 2014-02-16 23:14:22.000000000 +0000 @@ -12331,8 +12331,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-table-sync =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-table-sync 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-table-sync 2014-02-16 23:14:22.000000000 +0000 @@ -12518,8 +12518,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-upgrade =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-upgrade 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-upgrade 2014-02-16 23:14:22.000000000 +0000 @@ -11020,8 +11020,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two Index: percona-toolkit-2.2.6/bin/pt-variable-advisor =================================================================== --- percona-toolkit-2.2.6.orig/bin/pt-variable-advisor 2013-12-20 03:10:55.000000000 +0000 +++ percona-toolkit-2.2.6/bin/pt-variable-advisor 2014-02-16 23:14:22.000000000 +0000 @@ -5985,8 +5985,6 @@ Show version and exit. =item --[no]version-check -default: yes - Check for the latest version of Percona Toolkit, MySQL, and other programs. This is a standard "check for updates automatically" feature, with two ++++++ percona-toolkit.conf ++++++ ## Default configuration for all Percona Toolkit tools in the ## openSUSE package ## ## For syntax see http://www.percona.com/doc/percona-toolkit/2.2/configuration_files.html ## ## The configuration files are read in order: ## 1. /etc/percona-toolkit/percona-toolkit.conf ## 2. /etc/percona-toolkit/NAME.conf, where NAME is the name of the tool ## 3. ~/.percona-toolkit.conf ## 4. ~/.NAME.conf, where NAME is the name of the tool # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
