Accepting request 222522 from home:AndreasStieger:branches:server:database

- disable automatic version check for all tools [bnc#864194] OBS-URL: https://build.opensuse.org/request/show/222522 OBS-URL: https://build.opensuse.org/package/show/server:database/percona-toolkit?expand=0&rev=29
2014-02-17 00:29:19 +00:00 · 2014-02-17 00:29:19 +00:00 · b1e5b64d81
commit b1e5b64d81
parent 39fd2a7751
4 changed files with 325 additions and 5 deletions
--- a/percona-toolkit-2.2.x-disable-default-version-check.patch
+++ b/percona-toolkit-2.2.x-disable-default-version-check.patch
@ -0,0 +1,276 @@
+From: Andreas Stieger <andreas.stieger@gmx.de>
+Date: Mon, 17 Feb 2014 00:15:35 +0000
+Subject: disable automatic version check for all tools
+References: https://bugzilla.novell.com/show_bug.cgi?id=864194 https://bugs.launchpad.net/percona-toolkit/+bug/1279502
+Upstream: no
+
+Prevents transmission of version information to an external host
+in the default configuration.
+Can be used by owner of a Percona Server (or an attacker who can
+control this destination for the client) to collect arbitrary
+MySQL configuration parameters and execute commands (with -v).
+Now the version check needs to be requested via command line or
+global/tool specific/user configuration. (--version-check)
+
+Note that the doc is parsed into a Perl Getopt::Long spec at runtime.
+Setting "default: no" does not work, "default: 0" would work.
+The spec file contains a %check section that tests this.
+Patching the source was chosen over supplying default configuration
+files in /etc/percona-toolkit/percona-toolkit.conf because not all
+tools actually support the version check and would throw warnings.
+
+---
+ bin/pt-archiver              |    2 --
+ bin/pt-config-diff           |    2 --
+ bin/pt-deadlock-logger       |    2 --
+ bin/pt-diskstats             |    2 --
+ bin/pt-duplicate-key-checker |    2 --
+ bin/pt-find                  |    2 --
+ bin/pt-fk-error-logger       |    2 --
+ bin/pt-heartbeat             |    2 --
+ bin/pt-index-usage           |    2 --
+ bin/pt-kill                  |    2 --
+ bin/pt-online-schema-change  |    2 --
+ bin/pt-query-digest          |    2 --
+ bin/pt-slave-delay           |    2 --
+ bin/pt-slave-restart         |    2 --
+ bin/pt-table-checksum        |    2 --
+ bin/pt-table-sync            |    2 --
+ bin/pt-upgrade               |    2 --
+ bin/pt-variable-advisor      |    2 --
+ 18 files changed, 36 deletions(-)
+
+Index: percona-toolkit-2.2.6/bin/pt-archiver
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-archiver	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-archiver	2014-02-16 23:14:22.000000000 +0000
+@@ -7482,8 +7482,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-config-diff
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-config-diff	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-config-diff	2014-02-16 23:14:22.000000000 +0000
+@@ -5580,8 +5580,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-deadlock-logger
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-deadlock-logger	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-deadlock-logger	2014-02-16 23:14:22.000000000 +0000
+@@ -5349,8 +5349,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-diskstats
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-diskstats	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-diskstats	2014-02-16 23:14:22.000000000 +0000
+@@ -5485,8 +5485,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-duplicate-key-checker
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-duplicate-key-checker	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-duplicate-key-checker	2014-02-16 23:14:22.000000000 +0000
+@@ -5450,8 +5450,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-find
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-find	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-find	2014-02-16 23:14:22.000000000 +0000
+@@ -4457,8 +4457,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-fk-error-logger
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-fk-error-logger	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-fk-error-logger	2014-02-16 23:14:22.000000000 +0000
+@@ -4352,8 +4352,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-heartbeat
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-heartbeat	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-heartbeat	2014-02-16 23:14:22.000000000 +0000
+@@ -6036,8 +6036,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-index-usage
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-index-usage	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-index-usage	2014-02-16 23:14:22.000000000 +0000
+@@ -7365,8 +7365,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-kill
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-kill	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-kill	2014-02-16 23:14:22.000000000 +0000
+@@ -7643,8 +7643,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-online-schema-change
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-online-schema-change	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-online-schema-change	2014-02-16 23:14:22.000000000 +0000
+@@ -11315,8 +11315,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-query-digest
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-query-digest	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-query-digest	2014-02-16 23:14:22.000000000 +0000
+@@ -16285,8 +16285,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-slave-delay
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-slave-delay	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-slave-delay	2014-02-16 23:14:22.000000000 +0000
+@@ -4715,8 +4715,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-slave-restart
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-slave-restart	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-slave-restart	2014-02-16 23:14:22.000000000 +0000
+@@ -5655,8 +5655,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-table-checksum
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-table-checksum	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-table-checksum	2014-02-16 23:14:22.000000000 +0000
+@@ -12331,8 +12331,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-table-sync
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-table-sync	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-table-sync	2014-02-16 23:14:22.000000000 +0000
+@@ -12518,8 +12518,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-upgrade
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-upgrade	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-upgrade	2014-02-16 23:14:22.000000000 +0000
+@@ -11020,8 +11020,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
+Index: percona-toolkit-2.2.6/bin/pt-variable-advisor
+===================================================================
+--- percona-toolkit-2.2.6.orig/bin/pt-variable-advisor	2013-12-20 03:10:55.000000000 +0000
+++ percona-toolkit-2.2.6/bin/pt-variable-advisor	2014-02-16 23:14:22.000000000 +0000
+@@ -5985,8 +5985,6 @@ Show version and exit.
+ 
+ =item --[no]version-check
+ 
+-default: yes
+-
+ Check for the latest version of Percona Toolkit, MySQL, and other programs.
+ 
+ This is a standard "check for updates automatically" feature, with two
--- a/percona-toolkit.changes
+++ b/percona-toolkit.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Sun Feb 16 23:57:34 UTC 2014 - andreas.stieger@gmx.de
+
+- disable automatic version check for all tools  [bnc#864194]
+  Prevents transmission of version information to an external host
+  in the default configuration.
+  Can be used by owner of a Percona Server (or an attacker who can
+  control this destination for the client) to collect arbitrary
+  MySQL configuration parameters and execute commands (with -v).
+  Now the version check needs to be requested via command line or
+  global/tool specific/user configuration. (--version-check)
+- added /etc/percona-toolkit/percona-toolkit.conf configuration
+  directory and template configuration file 
+- added patches:
+  * percona-toolkit-2.2.x-disable-default-version-check.patch
+
 -------------------------------------------------------------------
 Fri Dec 27 21:35:21 UTC 2013 - andreas.stieger@gmx.de

--- a/percona-toolkit.conf
+++ b/percona-toolkit.conf
@ -0,0 +1,13 @@
+## Default configuration for all Percona Toolkit tools in the
+## openSUSE package
+##
+## For syntax see http://www.percona.com/doc/percona-toolkit/2.2/configuration_files.html
+##
+## The configuration files are read in order: 
+## 1. /etc/percona-toolkit/percona-toolkit.conf
+## 2. /etc/percona-toolkit/NAME.conf, where NAME is the name of the tool
+## 3. ~/.percona-toolkit.conf
+## 4. ~/.NAME.conf, where NAME is the name of the tool
+#
+
+
--- a/percona-toolkit.spec
+++ b/percona-toolkit.spec
@ -1,7 +1,7 @@
 #
 # spec file for package percona-toolkit
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -24,6 +24,8 @@ Version:        2.2.6
 Release:        0
 Url:            https://www.percona.com/software/percona-toolkit/
 Source:         https://www.percona.com/redir/downloads/%{name}/%{version}/%{name}-%{version}.tar.gz
+Source2:        %name.conf
+Patch0:         percona-toolkit-2.2.x-disable-default-version-check.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} < 1140
 Requires:       perl = %{perl_version}
@ -57,6 +59,7 @@ This collection was formerly known as Maatkit.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor < /dev/null
@ -66,17 +69,29 @@ make %{?_smp_mflags}
 %perl_make_install
 %perl_process_packlist
 %if 0%{?suse_version} < 1130
-%__rm -rf $RPM_BUILD_ROOT%perl_vendorarch/auto/%{name}
-%__rm -rf $RPM_BUILD_ROOT/var/adm/perl-modules/%{name}
+%__rm -rf %buildroot/%perl_vendorarch/auto/%{name}
+%__rm -rf %buildroot/var/adm/perl-modules/%{name}
 %endif
+# a blank configuration file
+%__mkdir -p %buildroot/etc/%name
+%__cp %{S:2} %buildroot/etc/%name/

-%clean
-rm -rf $RPM_BUILD_ROOT
+%check
+# check that --version-check is off bnc#864194
+for PTCMD in %buildroot/%{_bindir}/pt-*
+do
+  $PTCMD --help 2>&1 |
+    grep "\--version-check" || continue	# skip tools that don't support version checks
+  $PTCMD --help 2>&1 |
+    grep "\--version-check.*FALSE"	# fail those that don't have it disabled
+done

 %files
 %defattr(-,root,root,-)
 %doc COPYING README Changelog
+%dir /etc/%name
 %{_bindir}/pt*
 %{_mandir}/man1/*.1*
+%config /etc/%name/%name.conf

 %changelog