Hello community,
here is the log from the commit of package percona-toolkit for openSUSE:Factory checked in at 2014-02-19 07:22:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/percona-toolkit (Old)
and /work/SRC/openSUSE:Factory/.percona-toolkit.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "percona-toolkit"
Changes:
--------
--- /work/SRC/openSUSE:Factory/percona-toolkit/percona-toolkit.changes 2013-12-30 10:25:49.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.percona-toolkit.new/percona-toolkit.changes 2014-02-19 07:22:15.000000000 +0100
@@ -1,0 +2,16 @@
+Sun Feb 16 23:57:34 UTC 2014 - andreas.stieger@gmx.de
+
+- disable automatic version check for all tools [bnc#864194]
+ Prevents transmission of version information to an external host
+ in the default configuration.
+ Can be used by owner of a Percona Server (or an attacker who can
+ control this destination for the client) to collect arbitrary
+ MySQL configuration parameters and execute commands (with -v).
+ Now the version check needs to be requested via command line or
+ global/tool specific/user configuration. (--version-check)
+- added /etc/percona-toolkit/percona-toolkit.conf configuration
+ directory and template configuration file
+- added patches:
+ * percona-toolkit-2.2.x-disable-default-version-check.patch
+
+-------------------------------------------------------------------
New:
----
percona-toolkit-2.2.x-disable-default-version-check.patch
percona-toolkit.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ percona-toolkit.spec ++++++
--- /var/tmp/diff_new_pack.c7QWhN/_old 2014-02-19 07:22:16.000000000 +0100
+++ /var/tmp/diff_new_pack.c7QWhN/_new 2014-02-19 07:22:16.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package percona-toolkit
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,6 +24,8 @@
Release: 0
Url: https://www.percona.com/software/percona-toolkit/
Source: https://www.percona.com/redir/downloads/%{name}/%{version}/%{name}-%{version}.tar.gz
+Source2: %name.conf
+Patch0: percona-toolkit-2.2.x-disable-default-version-check.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} < 1140
Requires: perl = %{perl_version}
@@ -57,6 +59,7 @@
%prep
%setup -q
+%patch0 -p1
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor < /dev/null
@@ -66,17 +69,29 @@
%perl_make_install
%perl_process_packlist
%if 0%{?suse_version} < 1130
-%__rm -rf $RPM_BUILD_ROOT%perl_vendorarch/auto/%{name}
-%__rm -rf $RPM_BUILD_ROOT/var/adm/perl-modules/%{name}
+%__rm -rf %buildroot/%perl_vendorarch/auto/%{name}
+%__rm -rf %buildroot/var/adm/perl-modules/%{name}
%endif
-
-%clean
-rm -rf $RPM_BUILD_ROOT
+# a blank configuration file
+%__mkdir -p %buildroot/etc/%name
+%__cp %{S:2} %buildroot/etc/%name/
+
+%check
+# check that --version-check is off bnc#864194
+for PTCMD in %buildroot/%{_bindir}/pt-*
+do
+ $PTCMD --help 2>&1 |
+ grep "\--version-check" || continue # skip tools that don't support version checks
+ $PTCMD --help 2>&1 |
+ grep "\--version-check.*FALSE" # fail those that don't have it disabled
+done
%files
%defattr(-,root,root,-)
%doc COPYING README Changelog
+%dir /etc/%name
%{_bindir}/pt*
%{_mandir}/man1/*.1*
+%config /etc/%name/%name.conf
%changelog
++++++ percona-toolkit-2.2.x-disable-default-version-check.patch ++++++
From: Andreas Stieger
Date: Mon, 17 Feb 2014 00:15:35 +0000
Subject: disable automatic version check for all tools
References: https://bugzilla.novell.com/show_bug.cgi?id=864194 https://bugs.launchpad.net/percona-toolkit/+bug/1279502
Upstream: no
Prevents transmission of version information to an external host
in the default configuration.
Can be used by owner of a Percona Server (or an attacker who can
control this destination for the client) to collect arbitrary
MySQL configuration parameters and execute commands (with -v).
Now the version check needs to be requested via command line or
global/tool specific/user configuration. (--version-check)
Note that the doc is parsed into a Perl Getopt::Long spec at runtime.
Setting "default: no" does not work, "default: 0" would work.
The spec file contains a %check section that tests this.
Patching the source was chosen over supplying default configuration
files in /etc/percona-toolkit/percona-toolkit.conf because not all
tools actually support the version check and would throw warnings.
---
bin/pt-archiver | 2 --
bin/pt-config-diff | 2 --
bin/pt-deadlock-logger | 2 --
bin/pt-diskstats | 2 --
bin/pt-duplicate-key-checker | 2 --
bin/pt-find | 2 --
bin/pt-fk-error-logger | 2 --
bin/pt-heartbeat | 2 --
bin/pt-index-usage | 2 --
bin/pt-kill | 2 --
bin/pt-online-schema-change | 2 --
bin/pt-query-digest | 2 --
bin/pt-slave-delay | 2 --
bin/pt-slave-restart | 2 --
bin/pt-table-checksum | 2 --
bin/pt-table-sync | 2 --
bin/pt-upgrade | 2 --
bin/pt-variable-advisor | 2 --
18 files changed, 36 deletions(-)
Index: percona-toolkit-2.2.6/bin/pt-archiver
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-archiver 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-archiver 2014-02-16 23:14:22.000000000 +0000
@@ -7482,8 +7482,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-config-diff
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-config-diff 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-config-diff 2014-02-16 23:14:22.000000000 +0000
@@ -5580,8 +5580,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-deadlock-logger
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-deadlock-logger 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-deadlock-logger 2014-02-16 23:14:22.000000000 +0000
@@ -5349,8 +5349,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-diskstats
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-diskstats 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-diskstats 2014-02-16 23:14:22.000000000 +0000
@@ -5485,8 +5485,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-duplicate-key-checker
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-duplicate-key-checker 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-duplicate-key-checker 2014-02-16 23:14:22.000000000 +0000
@@ -5450,8 +5450,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-find
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-find 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-find 2014-02-16 23:14:22.000000000 +0000
@@ -4457,8 +4457,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-fk-error-logger
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-fk-error-logger 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-fk-error-logger 2014-02-16 23:14:22.000000000 +0000
@@ -4352,8 +4352,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-heartbeat
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-heartbeat 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-heartbeat 2014-02-16 23:14:22.000000000 +0000
@@ -6036,8 +6036,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-index-usage
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-index-usage 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-index-usage 2014-02-16 23:14:22.000000000 +0000
@@ -7365,8 +7365,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-kill
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-kill 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-kill 2014-02-16 23:14:22.000000000 +0000
@@ -7643,8 +7643,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-online-schema-change
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-online-schema-change 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-online-schema-change 2014-02-16 23:14:22.000000000 +0000
@@ -11315,8 +11315,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-query-digest
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-query-digest 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-query-digest 2014-02-16 23:14:22.000000000 +0000
@@ -16285,8 +16285,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-slave-delay
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-slave-delay 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-slave-delay 2014-02-16 23:14:22.000000000 +0000
@@ -4715,8 +4715,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-slave-restart
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-slave-restart 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-slave-restart 2014-02-16 23:14:22.000000000 +0000
@@ -5655,8 +5655,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-table-checksum
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-table-checksum 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-table-checksum 2014-02-16 23:14:22.000000000 +0000
@@ -12331,8 +12331,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-table-sync
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-table-sync 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-table-sync 2014-02-16 23:14:22.000000000 +0000
@@ -12518,8 +12518,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-upgrade
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-upgrade 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-upgrade 2014-02-16 23:14:22.000000000 +0000
@@ -11020,8 +11020,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
Index: percona-toolkit-2.2.6/bin/pt-variable-advisor
===================================================================
--- percona-toolkit-2.2.6.orig/bin/pt-variable-advisor 2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-variable-advisor 2014-02-16 23:14:22.000000000 +0000
@@ -5985,8 +5985,6 @@ Show version and exit.
=item --[no]version-check
-default: yes
-
Check for the latest version of Percona Toolkit, MySQL, and other programs.
This is a standard "check for updates automatically" feature, with two
++++++ percona-toolkit.conf ++++++
## Default configuration for all Percona Toolkit tools in the
## openSUSE package
##
## For syntax see http://www.percona.com/doc/percona-toolkit/2.2/configuration_files.html
##
## The configuration files are read in order:
## 1. /etc/percona-toolkit/percona-toolkit.conf
## 2. /etc/percona-toolkit/NAME.conf, where NAME is the name of the tool
## 3. ~/.percona-toolkit.conf
## 4. ~/.NAME.conf, where NAME is the name of the tool
#
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org