From 34a14ec77ea6b3c380df9fe407ae04a6e90437ef Mon Sep 17 00:00:00 2001 From: Evgeniy Patlan Date: Tue, 22 Apr 2025 08:00:54 +0300 Subject: [PATCH 1/4] Update crypto version --- go.mod | 10 +++++----- go.sum | 22 ++++++++++------------ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 67c21478..bb918023 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/stretchr/testify v1.10.0 github.com/xlab/treeprint v1.2.0 go.mongodb.org/mongo-driver v1.17.1 - golang.org/x/crypto v0.31.0 + golang.org/x/crypto v0.35.0 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 gopkg.in/yaml.v2 v2.4.0 @@ -61,10 +61,10 @@ require ( github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect - golang.org/x/text v0.21.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/term v0.29.0 // indirect + golang.org/x/text v0.22.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apimachinery v0.32.0 // indirect diff --git a/go.sum b/go.sum index 8c3980ce..f0e386d0 100644 --- a/go.sum +++ b/go.sum @@ -131,8 +131,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= +golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -146,8 +146,6 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -155,8 +153,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -172,18 +170,18 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= From f816053065972590cec041a037840cd9511942c4 Mon Sep 17 00:00:00 2001 From: Sveta Smirnova Date: Sat, 25 Jan 2025 21:40:04 +0300 Subject: [PATCH 2/4] Merge pull request #917 from surbhat1595/PKG374 PKG-374 Make Percona Toolkit rpm spec file architecture independent (cherry picked from commit d82723f2722cfac847bd797a227caedf70679141) --- config/rpm/percona-toolkit.spec | 1 - config/scripts/pt_builder.sh | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/config/rpm/percona-toolkit.spec b/config/rpm/percona-toolkit.spec index cfa9f7ab..433fd19b 100644 --- a/config/rpm/percona-toolkit.spec +++ b/config/rpm/percona-toolkit.spec @@ -11,7 +11,6 @@ Vendor: Percona URL: http://www.percona.com/software/percona-toolkit/ Source: percona-toolkit-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -BuildArch: @@ARCHITECTURE@@ BuildRequires: perl(ExtUtils::MakeMaker) make Requires: perl(DBI) >= 1.13, perl(DBD::mysql) >= 1.0, perl(Time::HiRes), perl(IO::Socket::SSL), perl(Digest::MD5), perl(Term::ReadKey) diff --git a/config/scripts/pt_builder.sh b/config/scripts/pt_builder.sh index 9875d368..519205c8 100644 --- a/config/scripts/pt_builder.sh +++ b/config/scripts/pt_builder.sh @@ -333,11 +333,6 @@ build_srpm(){ cd ${WORKDIR}/rpmbuild/SPECS echo '%undefine _missing_build_ids_terminate_build' | cat - percona-toolkit.spec > pt.spec && mv pt.spec percona-toolkit.spec echo '%define debug_package %{nil}' | cat - percona-toolkit.spec > pt.spec && mv pt.spec percona-toolkit.spec - if [ x"$ARCH" = "xaarch64" ]; then - sed -i "s/@@ARCHITECTURE@@/aarch64/" percona-toolkit.spec - else - sed -i "s/@@ARCHITECTURE@@/x86_64/" percona-toolkit.spec - fi cd ${WORKDIR}/${PRODUCT_FULL} rm -rf bin/govendor @@ -398,7 +393,7 @@ build_rpm(){ ARCH=$(echo $(uname -m) | sed -e 's:i686:i386:g') echo "RHEL=${RHEL}" >> percona-toolkit.properties echo "ARCH=${ARCH}" >> percona-toolkit.properties - rpmbuild --target=${ARCH} --define "version $VERSION" --define "VERSION $VERSION" --define "dist .el${RHEL}" --define "release $RPM_RELEASE.el${RHEL}" --define "_topdir ${WORKDIR}/rpmbuild" --rebuild rpmbuild/SRPMS/${SRC_RPM} + rpmbuild --define "version $VERSION" --define "VERSION $VERSION" --define "dist .el${RHEL}" --define "release $RPM_RELEASE.el${RHEL}" --define "_topdir ${WORKDIR}/rpmbuild" --rebuild rpmbuild/SRPMS/${SRC_RPM} return_code=$? if [ $return_code != 0 ]; then From 3ff98c20bc6bfb03a4885a8869d4f8b13fcefb59 Mon Sep 17 00:00:00 2001 From: Evgeniy Patlan Date: Tue, 22 Apr 2025 11:37:43 +0300 Subject: [PATCH 3/4] Update version --- config/scripts/pt_builder.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/scripts/pt_builder.sh b/config/scripts/pt_builder.sh index 519205c8..5c3b32fc 100644 --- a/config/scripts/pt_builder.sh +++ b/config/scripts/pt_builder.sh @@ -582,8 +582,8 @@ OS_NAME= ARCH= OS= INSTALL=0 -RPM_RELEASE=1 -DEB_RELEASE=1 +RPM_RELEASE=2 +DEB_RELEASE=2 REVISION=0 GIT_BRANCH=${GIT_BRANCH} GIT_REPO=https://github.com/percona/percona-toolkit.git From 7717cfe4f1c513b04b514fca12977577d766f428 Mon Sep 17 00:00:00 2001 From: Alina Derkach Date: Tue, 13 May 2025 16:16:35 +0200 Subject: [PATCH 4/4] PT-2447 Release notes for Percona Toolkit 3.7.0-1 modified: Changelog modified: Makefile.PL modified: config/sphinx-build/conf.py modified: docs/release_notes.rst --- Changelog | 6 ++++++ Makefile.PL | 2 +- config/sphinx-build/conf.py | 2 +- docs/release_notes.rst | 10 ++++++++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 7b1ae83e..4503be0d 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,11 @@ Changelog for Percona Toolkit +v3.7.0-1 released 2025-05-14 + +This release addresses multiple security vulnerabilities reported in Percona Toolkit version 3.7.0, including issues related to the `libxml2` component (CVE-2024-56171, CVE-2025-24928), `openssl` (CVE-2024-12797), and `krb5` (CVE-2022-37967). + +* Fixed bug PT-2442: percona-toolkit:latest Vulnerability [CVE-2024-56171 CVE-2024-12797 CVE-2022-37967 CVE-2025-24928] + v3.7.0 released 2024-12-23 * Feature PT-2340: Support MySQL 8.4 diff --git a/Makefile.PL b/Makefile.PL index fe765b05..10a859c5 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -11,7 +11,7 @@ MAKE_GOTOOLS WriteMakefile( NAME => 'Percona::Toolkit', - VERSION => '3.7.0', + VERSION => '3.7.0-1', EXE_FILES => [ map { (my $name = $_) =~ s/^bin.//; diff --git a/config/sphinx-build/conf.py b/config/sphinx-build/conf.py index fe3c0856..884e6846 100644 --- a/config/sphinx-build/conf.py +++ b/config/sphinx-build/conf.py @@ -50,7 +50,7 @@ copyright = u'2024, Percona LLC and/or its affiliates' # The short X.Y version. version = '3.7' # The full version, including alpha/beta/rc tags. -release = '3.7.0' +release = '3.7.0-1' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/release_notes.rst b/docs/release_notes.rst index 15d37a64..95dc36fd 100644 --- a/docs/release_notes.rst +++ b/docs/release_notes.rst @@ -1,6 +1,16 @@ Release Notes *************** +v3.7.0-1 released 2025-05-14 +============================== + +This release addresses multiple security vulnerabilities reported in Percona Toolkit version 3.7.0, including issues related to the `libxml2` component (CVE-2024-56171, CVE-2025-24928), `openssl` (CVE-2024-12797), and `krb5` (CVE-2022-37967). + +Bug Fixed +------------ + +* :jirabug:`PT-2442`: percona-toolkit:latest Vulnerability [CVE-2024-56171 CVE-2024-12797 CVE-2022-37967 CVE-2025-24928] + v3.7.0 released 2024-12-23 ==============================